A scammer called me today. They were saying that harmful files were moved to my computer and they needed to remove them. I don't think they are ever going to call me again.

S = scammer; M = me;

S: this is tech support we need access to your computer because we detected harmful files and need to remove them.
M: oh my! Hold on, let me go to my computer now. How can you access it?
S: we can just use RDP and delete the files. They are in a hidden folder that is encrypted so this Is the only way.
M: oh ok I believe you. Hm... it looks like my son only allows certain IP addresses to access our computers.. I don't know how to disable this so can you just email me your IP address?
S: Sure...

He then sends me his actual IP address... it doesn't even look like a proxy or VPN.

M: oh my I forgot that you need my password to login. It's really long and complicated... can I just email it to you?
S: Sure!!

I then tell him to hold on I have to find it that my "son" stored it somewhere.

At this time I'm taking a photo of my bare ass and attaching it to the email. I then say in the email "Please note what my job title is in my signature.. I just sent the FBI your name, phone number, email, and IP address. Please enjoy my bare ass, you'll see a lot of it in prison."

On Slack
Me: I can't access the VPN
Network team: You have to create a user incident
My browser: 403
Network team: Yeah you need to be on the VPN to access the incident system
Me: 😐

Client: The webpage has been inaccessible all weekend!!

Me: Oh you mean the page you need to have a VPN connection to access?

Client: Yes that one!

Me: Are you connected to the VPN?

Client: Oh...no I'm not. *connects to VPN* Its working now.

Tldr :
Office Building : 1
Population: 5000
Number of PC users: 5000
No of Spare mice: 0

Day 1:
Training period commences.
My mouse laser sensor doesn't work.

Solution: Use this mouse to log in to your system.
Open the company portal.
Connect to vpn.
Enter username password.
Create a ticket for mouse replacement.
Done.

Day 3
I bring my own mouse.
Confiscated at security.
Becomes a security violation.

Day 9
I get a call from helpdesk.
Agent- what is the problem?
Me- my mouse is not working.
Agent- why?
Me- what do you mean? Something is wrong with the sensor.
Agent- clean the sensor.
Disconnects call.
Marks ticket as resolved.
Me- WTF just happened!

Naturally, I escalate the issue.

Day 15
Level 2 Agent- what happened? Why have you escalated the issue?
Me- I need a mouse, waiting since 2 weeks.
Him- No mouse is available
Me- you don't have a single spare mouse available in an office with 5000 PC users?
Him- no they're out of stock.
Me- when will it be back in stock?
Him- we will 'soon' launch a tender for quotations from sellers.
Me- time?
Him- 1 week.

Day 34

I email the head of supplies for the city office. Next day I get a used super small mouse, which doesn't have a left button. Anyways, I've given up hope now.

Day 45
I become a master at keyboard shortcuts.
Finish my training.
Get transferred to another city.
No mouse till date.

Surprisingly, this was one of the top recruiters in my country. Never knew, MNCs can be so so inefficient for such simple tasks.
Start-ups are way better in this regard. Latest tech, small community, minimal bureaucracy and a lot of respect and things to learn.

This rant is a confession I had to make, for all of you out there having a bad time (or year), this story is for you.

Last year, I joined devRant and after a month, I was hired at a local company as an IT god (just joking but not far from what they expected from me), developer, web admin, printer configurator (of course) and all that in my country it's just called "the tech guy", as some of you may know.

I wasn't in immediate need for a full-time job, I had already started to work as a freelancer then and I was doing pretty good. But, you know how it goes, you can always aim for more and that's what I did.

The workspace was the usual, two rooms, one for us employees and one for the bosses (there were two bosses).

Let me tell you right now. I don't hate people, even if I get mad or irritated, I never feel hatred inside me or the need to think bad of someone. But, one of the two bosses made me discover that feeling of hate.

He had a snake-shaped face (I don't think that was random), and he always laughed at his jokes. He was always shouting at me because he was a nervous person, more than normal. He had a tone in his voice like he knew everything. Early on, after being yelled for no reason a dozen of times, I decided that this was not a place for me.

After just two months of doing everything, from tech support to Photoshop and to building websites with WordPress, I gave my one month's notice, or so I thought. I was confronted by the bosses, one of which was a cousin of mine and he was really ok with me leaving and said that I just had to find a person to replace me which was an easy task. Now, the other boss, the evil one, looked me on the eye and said "you're not going anywhere".

I was frozen like, "I can't stay here". He smiled like a snake he was and said "come on, you got this we are counting on you and we are really satisfied with how you are performing till now". I couldn't shake him, I was already sweating. He was rolling his eyes constantly like saying "ok, you are wasting my time now" and left to go to some basketball practice or something.

So, I was stuck there, I could have caused a scene but as I told you, one of the bosses was a cousin of mine, I couldn't do anything crazy. So, I went along with it. Until the next downfall.

I decided to focus on the job and not mind for the bad boss situation but things went really wrong. After a month, I realised that the previous "tech guy" had left me with around 20 ancient Joomla - version 1.0 websites, bursting with security holes and infested with malware like a swamp. I had never seen anything like it. Everyday the websites would become defaced or the server (VPN) would start sending tons of spam cause of the malware, and going offline at the end. I was feeling hopeless.

And then the personal destruction began. I couldn't sleep, I couldn't eat. I was having panick attacks at the office's bathroom. My girlfriend almost broke up with me because I was acting like an asshole due to my anxiety issues (but in the end she was the one to "bring me back"(man, she is a keeper)) and I hadn't put a smile on my face for months. I was on the brink of depression, if not already there. Everyday I would anxiously check if the server is running because I would be the one to blame, even though I was trying to talk to the boss (the bad one was in charge of the IT department) and tell him about the problem.

And then I snapped. I finally realised that I had hit rock bottom. I said "I can't let this happen to me" and I took a deep breath. I still remember that morning, it was a life-changing moment for me. I decided to bite the bullet and stay for one more month, dealing with the stupid old server and the low intelligence business environment. So, I woke up, kissed my girlfriend (now wife), took the bus and went straight to work, and I went into the boss's office. I lied that I had found another job on another city and I had one month in order to be there on time. He was like, "so you are leaving? Is it that good a job the one you found? And when are you going? And are you sure?", and with no hesitation I just said "yup". He didn't expect it and just said "ok then", just find your replacement and you're good to go. I found the guy that would replace me, informing him of every little detail of what's going on (and I recently found out, that he is currently working for some big company nowadays, I'm really glad for him!).

I was surprised that it went so smoothly, one month later I felt the taste of freedom again, away from all the bullshit. Totally one of the best feelings out there.

I don't want to be cliche, but do believe in yourself people! Things are not what the seem.

With all that said, I want to give my special thanks to devRant for making this platform. I was inactive for some time but I was reading rants and jokes. It helped me to get through all that. I'm back now! Bless you devRant!

I'm glad that I shared this story with all of you, have an awesome day!

I started a nee personal project few weeks ago. I named it SelfVPN. Its simply a VPN client that lets you create DigitalOcean droplets and install vpn server without opening DigitalOcean panel. You just need to add your api key in application.

It takes like 5 min to create new server and deploy vpn server. So I am paying hourly usage of vpn! Even if I don't destroy droplet it wont cost more than 5$ a month.

I am thinking to open source it. But code is too messy 😅 Here is the first look of it

Story time!

A little over a year ago I was in the hiring process with a new company and countered their initial offer. I was told by the CTO that it was no problem and they would get back to me soon.

A couple days go by and I'm then informed that they're hiring a new IT director and would like me to interview with him as well. It felt kinda lame since I'd already been offered the job but I rolled with it.

When I showed up to the office for an interview I tried to call and let them know I was there and couldn't get a hold of anyone. 30 minutes later I get a call from the CTO saying they couldn't find the new IT director and when they got him to answer the phone he said he had left early and would call me to do a phone interview.

Obviously the whole experience so far has been pretty lame but I stuck with it because I knew the CTO personally. I did the phone interview and quickly realized this dude was a prick, and would be a terrible boss, but I spoke with the CTO again who told me to stick with it and eventually I did get the job.

Fast forward about a month and it's clear the new director is trash. He literally bragged about firing a dude over an accidental outage (wtf!?).

He had the technical experience you'd expect of a junior help desk and his management skills were pretty clearly sub-par.

He was also, for whatever reason, completely unable to communicate with the only woman on our team. When assigning work he would always feel the need to ask if she could 'handle it' rather than just assigning it to her like it's done for everyone else. He was pretty clearly sexist.

The whole team hates this dude by this point but he's somehow managed to woo the executives into thinking he shits gold.

I was helping him set up a Python venv on his machine when I noticed another VPN client installed which certainly piqued my interest. After a bit of digging it was clear he was using company time and company equipment to continue working for his previous employer.

We turned over logs and he was fired the next day. He tried to add me on LinkedIn afterwards and I have never declined something quicker.

Moral of the story is don't be a dickhead.

Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".

You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.

Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.

So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.

Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.

There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.

We need to use VPN to ssh into the university's server when on a university WiFi, but not at home.

#ohTheSecurity

I didn't scream.. just told him to jump off of terrace..
What ticked me?! He was a support guy..slowest mofo ever..
I was in the middle of fixing major fuckup on prod, when our VPN to client disconnected. I rushed over to support to ask if it is 'just' an expired session (which he was in charge of renewing but constantly fucked up) or if there is some other problem, so I know how to proceed..do I need to contact our sysadmins, client's support guys etc..
He
started
to
slooooooooowly
explain
I
am
not
the
only
one
with
VPN
problems
...
Was that what I asked you?! // he had an annoying habit of slooooowly talking and explaining unrelated things & personal stuff that bothered him & most of the times he chose the most time sensitive period to drone off..
So I cut him of saying, that others were probably not 'tinkering' with production and that I need this back ASAP, so if he could tell me when the session will be renewed or if there is something else problematic..
He said he will check..I didn't move.. he looked at me insurprise, you want me to check *NOW*?! Yeah, it's urgent.. He proceeded very very veeeery slooooowly, taking the support phone../* he was even eating sandwich during that, so only one hand free, typing one letter at a min */
I was finaly notified that the session expired and that he will fix it soon (meaning in 15-20mins o.O which should not take him more than 5).. and was like 'can I do sth else for you'?! Yeah, do the backflip.. you know the rest..

Great finaly get away on vacation 2weeks of just realaxing, 30min before leaving to the airport i get a sms from my server one of my main hard drives fail. No problem just need to swap the drive and start the recover at the airport.
At the airport i connect to my home vpn and start the recovery everything works fine just need to restart the server when done ~12h. next day im in the hotell and my vpn does not accept my connection, okey might be the hotell that block vpn connections i try my external vpn and it works and i try to connect home when i get a lovley text from my server "login attempt has failed from ip:x" then it hits me i have forgotten to add to whitelist. Outsmarted myself to just let i be.
So i finally get 2 weeks off and nothing i can do about it.

Red flags in your first week of your software engineering job 🚩

You do the first few days not speaking to anyone.
You can't get into the building and no one turns up until mid day.
The receptionist thinks you're too well dressed to work in this building, thinks you're a spy and calls security on you.
You are eating alone during lunch time in the cafeteria
You have bring your own material for making coffee for yourself

When you try to read the onboarding docs and there aren't any.
You have to write the onboarding docs.

You don't have team mates.
When you ask another team how things are going and they just laugh and cry.😂😭

There's no computer for you, and not even an "it's delayed" excuse. They weren't expecting you.
Your are given a TI PC, because "that's all we have", even though there's no software for it, and it's not quite IBM compatible.
You don't have local admin rights on your computer.💀
You have to buy a laptop yourself to be able to do your job.

It's the end of the week and you still don't have your environment set up and running.
You look at the codebase and there are no automated tests.
You have to request access every time you need to install something through a company tool that looks like it was made in 2001.

Various tasks can only be performed by one single person and they are either out sick or on vacation.
You have to keep track of your time in 6 minute increments, assigned to projects you don't know, by project numbers everyone has memorised (and therefore aren't written down).
You have to fill in timesheets and it takes you 30 minutes each day to fill them in because the system is so clunky.🤮

Your first email is a phishing test from the IT department in another country and timezone, but it has useful information in it, like how to login to the VPN.
Your second email is not a phishing test, but has similar information as the first one. (You ignore it.)
Your name is spelled wrong in every system, in a different way. 2 departments decide that it's too much trouble, and they never fix the spelling as long as you work there. One of them fixes it after you leave, and annoys you for a month because you haven't filled out the customer survey.

NO FUCKING GOOD NIGHT FOR FLOYD.

THIS MULTI FACTOR AUTHENTICATION IS A FUCKING NIGHTMARE.

So my organisation uses some MFA app as an SSO to access any and everything. Fantastic. Absolutely wonderful. No VPN shit and one password to rule them all.

But, for some reason I accidentally deleted the app from my phone and as any normal human being would do, I also reinstalled the app.

Well, post reinstalling, the app does not detect the linked Org account.

I was cool, when I'll login, the system will throw a prompt to map the phone.

So I login to org URL from my machine and lo and behold, the URL says that MFA is already linked to the phone and I have to enter the Citrix type code to login.

But phone does not show the code because account is no longer linked and web does not have option to change/re-register the phone.

What the actual unholy fuck?????? Bloody retards. How am I suppose to get in now?

So after a Googling for a bit, a thread mentioned that this is most common issue faced by users with this MFA app. The only way to get this resolved is to contact your IT team.

Cool. Let's do that.

I opened the link to my IT portal and it asks me to login via SSO which is what I need help with in first place.

I can't login to Slack because fuckers ask SSO every time the app is exited. So no contact there.

Thankfully bastards allow Outlook so was able to drop a note to one of my team member, whom I connected recently and is very nice, asking her to help me sort this IT team.

If this is the most common use case then why the fuck not add a feature to help people overcome this shit?

And my IT team is absolute nuts. No other way allowed to reset the linking or connect them or any help links provided on login page.

Whoever was behind this design should be dipped in donkey shit and deep fried in pig urine.

Working in a bank, using MIcrosoft platform:

To open my email, I need to enter my password and sms OTP.

To open my email using phone, I need to enter my password and sms OTP.

To open Teams, I need to enter my password and sms OTP.

To open Teams using phone, I need to enter my password and sms OTP.

To access Microsoft Azure, I need to enter my password and sms OTP.

To git pull/push, I need to enter my sms OTP.

To check UAT logs, I need to enter my sms OTP.

To get access to UAT DB, I need to connect to VPN, which then asks for OTP.

Did I also mention that I need to do these OTPs every single fucking day?

#OTPDrivenDevelopment

Today was a manic-depressive kind of day. Spent the morning helping some developers with getting their code to run a stored procedure to drop old partitions, but it wasn't working on their end. It was a fairly simple proc. But working with partitions is a little like working with an array. I figured out that they were passing the wrong timestamp, and needed to add +1 to delete the right partition. Got that sorted out, and things were good. Lunch time.

After lunch I did some busy work, and then the PO comes up at about 2PM and says he's assigned some requests to me. The first was just attaching some scripts. Easy. The second, the user wants a couple of schemas exported ... at 6PM. I've been in the office since 6:45AM.

While I'm setting up some commands to run for the data export, a BA walks up and asks if I'm filling in for another DBA who is out for a few weeks. Yep. There's a change request that hasn't been assigned, and he normally does the work. I ask when it's due. Well, the pre-implementation was supposed to be done in the morning, but it wasn't, and we're in the implementation window ... half way through. I bring up the change task, and look at. Create new schema and users. That's all it says. The BA laughs. I tell I need more to go on. 10 minutes later he sends an email with the information. There's only two hours left in the window, and I can only use half of it, because the production guys have to their stuff, and we're in their window. Now I'm irritated, because I'm new to Oracle, and it's an unforgiving mistress. Fortunately, another DBA says he'll do it, so that we can get it done in time. But can't work it either, because Dev DBAs don't have access to QA, and the process required access for this task. Gets shelved until the access issue is resolved. It's now after 4:15PM. I'm going to in traffic with that 6PM deadline.

I manage to get home and to the computer by 5:45PM. Log in. Start VPN. Box pops on screen. Java needs to update. I chose skip update. Box pops up again. It won't let me log in until Java is current. Passed.

I finally get logged in, and it's 6:10PM. I'm late getting the job started. I pull up Putty and log into the first box, and paste my pre-prepared command in the command line and hit error. Command not found. I'm tired, so it's a moment to sink in. I don't have time for this.

I log into DBArtisan and pull up the first data base, use the wizard to set the job, and off it goes. Yay. Bring up the second database, and have enter the connect info. Host not found. Wut? Examine host name. Yep, it's correct. Try a different method. Host not found. Go back to Putty. Log in. Past string. Launch. Command not found. Now my brain is quitting on me. Why now? It's after 6:30PM. Fiddle with some settings, reset $Oracle home. Try again. Yay. It works. I'm done. It's after 7PM.

There is nothing like technology to snatch the euphoria of a success away from you. It's a love-hate thing, but I wouldn't trade it for anything else. I'm done. Good night.

Am I the only one who's getting more and more aggrevated about how the large youtube channels misinform and make out VPN providers (I am looking at you, Nord VPN, mostly) as the messiahs of the internet? How they protect our data that would otherwise be in incredible "danger" otherwise?

I understand they need clients, and I know most of the YT channels probably do not know better, but... This is misinformation at best, and downright false advertising at the worst...

"But HTTP-only websites still exist!" - yes, but unlike the era before Lets Encrypt, they are a minority. Most of the important webpages are encrypted.

"Someone could MITM their connection and present a fake certificate!" - And have a huge, red warning about the connection being dangerous. If at that point, the user ignores it, I say its their fault.

Seriously... I don't know if Nord gives their partners a script or not... But... I am getting super sick of them. And is the main reason why I made my own VPN at home...

Oh boy, finally something to rant about.

I got hired in a "small" company (not even 2000 people in it), then got "shipped" to a way bigger company. Basically, I work for this company (the french biggest internet / phone service provider) but in the name of my own. And this since last wednesday.

First off, I'm fucking stupid. After leaving the big company that I was in before, I swore to myself that from now on, I would work for smaller companies, mainly because I couldn't stand the inertia that big company have. You ask for something, you get it a month and a half after. The old company has about 6000 employees... This company has 98k people in it. Fuck. My. Life.

Now, to the rant: Orange (the company) decided that they had to move their office somewhere else. They set up a lot of things so that all we needed to do was to put things in boxes, to work somewhere else until next monday, then we could go to the new office on tuesday morning.

Keep in mind that I have been there for 8 days: I keep learning how they do their stuff. For example, if I need a specific docker image, I can't get it from the Docker Hub, the download will fail. However, if I hit an Orange subdomain's registry, I will get this image from a mirror. Because fuck logic.

When we join the company, they give us a Windows laptop ("yeaah we have useless but required Orange softwares that don't run on Linux" "Yeeaaah fuck you") that have a specific VPN allowing us to use the Orange network and, in theory, you can download docker images or clone orange repositories from that network.

In practice, you can simply just go fuck yourself. Why? Because whenever you want to curl, wget or pull anything (or even pip install), your connection keeps being shut down while it waits for the response's header.

The worst part? According to my (new) boss's evasive answers, the way to fix that works with glue, sticks and the power of the Force.

WHY THE FUCK DO YOU ENFORCE US A SHITTY OS FOR DEVELOPMENT, WHEN THE TOOLS YOU SHOVE IN IT WITH A FAKE SMILE DON'T EVEN WORK, AND WE HAVE TO HACK OUR WAY TO FUCKING WORK?

Every time the VPN is not working I state loudly what a piece of crap it is. The devOps team sits right behind me and they don't seem bothered. I don't think they know they're the ones who need to fix it.

I can't get any work done at work... The potatoe they gave me for a laptop is 5 years old, Every day I was approx 2 hours (no joke) for it to power up, open up my visual studio solutions, connect to the VPN, and open my browsers.

Then my fucking shit computer loses connectivity with one of my 2 monitors every 15 min so I need close the lid, reopen it again so it "picks up the monitor" then wait another 5 min for my windows to respond.

Agh!!!!!

It's frustrating too cuz my boss ordered me a new computer 2 months ago. But cuz I work for corporate bozos it took them 2 months just to process/place the order for a new computer. So now I have to wait even longer just to have a functioning computer.

In my work we have this big client who is really concerned about security.
We can't even access the DB from our machine, so they gave us some shitty, heavy as hell, laptops. It's ok, i don't like the ideia but ok.
But in this laptop have a super fucked up windows 7 that have almost everything blocked, we can't even install the fucking sdk(java) to work without asking the company's "IT guy".
On top of that, to access the DB from outside this client we need a VPN, it's ok, I understand, but the fucking VPN drop connection every 5 fucking minutes.
Yesterday I spent fucking 6 hours to run 2 ten minutes queries that we needed to make a report for this fuckers.

I sit in front of a big window, I really felt the will to throw their laptop right through it.

!story

As is the case with many of you, I am also the de facto technology fixer for my family, and usually the first one they call when something goes wrong.

Usually it's a 'something wants to update, should I do it?' simple issue. Other times I have to remote connect to see why Word isn't uploading templates correctly or whatever.

Yesterday was different though.

Me: So whatcha need?
Mom: Well, my office has recently wanted me to be remote-capable in case they need me for something and they don't have the right people to fix it (she's been working at the same office for 20+ years and knows basically everything)
Me: Okay. So I guess they're setting up a VPN for this?
Mom: Yes. And I was calling because they might try and install it on my personal laptop and I wanted to know whether or not I should be concerned about our IT guys being able to look at or steal all my personal data.

I then proceeded to explain how a VPN works and that convincing her company to provide her with a separate computer would be the safest option and whatnot. But I was honestly really surprised that she was concerned to begin with.

For a while now, it seems there's been one story after another of companies being irresponsible with their customer's data, with little to no reprocussion or action that could really make a difference.

But as a direct result, we're now getting to the point where even the tech illiterate are becoming more aware of how this is effecting them.

It gave me hope for the future in an industry where many times there is very little. And I hope it does for you as well.

Thanks, mom. I'm proud of you.

More of a rave than a rant.

My Dad was having some trouble with a game disconnecting on the PS4 and he read somewhere that it might be a problem with our home router. I didn't think it would be, as every other game works fine. But there was no talking him out of it. And to be fair the current router WAS kind of old.

So I have a look at the one he's decided to buy and it's some massive triple-antenna beast for well over a hundred pounds. I felt like such a weapon might be overkill for 2 people in a house, but did say that it would definitely help with connection issues in some rooms and I kind of wanted to play with it.

So he got it and oh am I glad he did. It has so many fun toys, including a built in VPN. Right now I live abroad so there's a few services I used at home that I can't access, I was literally just considering buying a vpn the other day. I found this while setting up port-fortwarding for my Raspberry Pi to run a discord bot I'm building. I had condisered putting a VPN server on the Pi but this works too!

It also has built in DDNS from ASUS, which IS cool, but our IP hasn't changed in years so I'm not sure we'll need it. I set it up anyway just in case though!

FUCK!!

Is it normal that IT support of a multinational bigass corporate drops the "we may need to change your PC because maybe your network card is defective" after explaining over and over that you have problems with HTTPS only when using the corporate network (whether onsite or via VPN) and not in external connections?

Look, I worked in companies that didnt givr a single f about security, and it wasn't right, but others go are just mad.

Me to itsec: can I deploy Django behind the company firewall on a machine physically 2 meters from you, users will still need the VPN to access it... ?

Itsec: no!

Me: flask?

Itsec: no!

Me: shiny?

Itsec: no!

Me: CAN I EVEN HOST ONE HTML FILE WITH INLINE CSS?

itsec: can I see your badge?!

Because I am very interested in cyber security and plan on doing my masters in it security I always try to stay up to date with the latest news and tools. However sometimes its a good idea to ask similar-minded people on how they approach these things, - and maybe I can learn a couple of things. So maybe people like @linuxxx have some advice :D Let's discuss :D

1) What's your goto OS? I currently use Antergos x64 and a Win10 Dualboot. Most likely you guys will recommend Linux, but if so what ditro, and why? I know that people like Snowden use QubesOS. What makes it much better then other distro? Would you use it for everyday tasks or is it overkill? What about Kali or Parrot-OS?

2) Your go-to privacy/security tools? Personally, I am always conencted to a VPN with openvpn (Killswitch on). In my browser (Firefox) I use UBlock and HttpsEverywhere. Used NoScript for a while but had more trouble then actual use with it (blocked too much). Search engine is DDG. All of my data is stored in VeraCrypt containers, so even if the system is compromised nobody is able to access any private data. Passwords are stored in KeePass. What other tools would you recommend?

3) What websites are you browsing for competent news reports in the it security scene? What websites can you recommend to find academic writeups/white papers about certain topics?

4) Google. Yeah a hate-love relationship, but its hard to completely avoid it. I do actually have a Google-Home device (dont kill me), which I use for calender entries, timers, alarms, reminders, and weather updates as well as IOT stuff such as turning my LED lights on and off. I wouldn"t mind switching to an open source solution which is equally good, however so far I couldnt find anything that would a good option. Suggestions?

5) What actions do you take to secure your phone and prevent things such as being tracked/spyed? Personally so far I havent really done much except for installing AdAway on my rooted device aswell as the same Firefox plugins I use on my desktop PC.

6) Are there ways to create mirror images of my entire linux system? Every now and then stuff breaks, that is tedious to fix and reinstalling the system takes a couple of hours. I remember from Windows that software such as Acronis or Paragon can create a full image of your system that you can backup and restore at any point to get a stable, healthy system back (without the need to install everything by hand).

7) Would you encrypt the boot partition of your system, even tho all data is already stored in encrypted containers?

8) Any other advice you can give :P ?

Soooooo, why is it that so often 'security' just means bloody mindedly getting in your way for no reason?

Coz I fail to see how whitelisting a subnet of private IPs that are already only accessible through company VPN presents any kind of security risk, especially since the blocking software is literally only on our company laptops and can be easily bypassed by being on the VPN on *any other device*. But nooooooo, we have to go to the this other company our umbrella company owns (who by the way are making every dev at our company redundant in six months) and beg them to change each individual IP address every time we create a service.

Really does feel like security often means either 'our parent company doesn't understand security so we just need to go through the motions and *look* like we are doing things properly' or 'we just want to get in your way enough that we win in the who gets made redundant fight because you can't actually get any work done and we can'.

Bonus points: on the website for the blocking software they use, it literally recommends using Internet Explorer for everything. I'm surprised they haven't tried to enforce that on us as well.

fuck people who need to be hacked to care about security.

i hope everyone who used that early ap scores gets their credit cards stolen because they don't know how to use a vpn.

New twist on an old favorite.

Background:
- TeamA provides a service internal to the company.
- That service is made accessible to a cloud environment, also has a requirement to be made available to machines on the local network so you can develop against it.
- Company is too cheap/stupid to get a s2s vpn to their cloud provider.
- Company also only hosts production in the cloud, so all other dev is done locally, or on production non-similar infra, local dev is podman.
- They accomplish service connectivity by use of an inordinately complicated edge gateway/router/firewall/message translator/ouija board/julienne fry maker, also controlled by said service team.

Scenario:
Me: "Hey, we're cool with signing requests using an x509 cert. That said, doing so requires different code than connecting to an unsecured endpoint. Please make this service accessible to developer machines and lower environments on the internal network so we can, you know, develop."
TeamA: "The service should be accessible to [cloud ip range]"
Me: "Yes, that's a production range. We need to be able to test the signing code without testing in production"
TeamA: "Can you mock the data?"
Me: "The code we are testing is relating to auth, not business logic"
TeamA: "What are you trying to do?"
Me: "We are trying to test the code that uses the x509 you provide to connect to the service"
TeamA: "Can you deploy to the cloud"
Me: "Again, no, the cloud is only production per policy, all lower environments are in the local data center"
TeamA: "can you try connecting to the gateway?"
Me: "Yes, we have, it's not accessible, it only has public DNS, and only allows [cloud ip range]"
TeamA: "it work when we try it"
Me: "Can you please supply repro steps so we can adjust our process"
TeamA: "Yes, log into the gateway and try issuing the call from there"
Me: (╯°□°)╯︵ ┻━┻

tl;dr: Works on my server

I need to setup a Windows Server with an AD (and therefore an own domain) that can be reached from a Linux host for a test environment... Holy crap I totally forgot what a huge pain in the ass that crap is!

Pro Tip: If youre connected to a Server via VPN and RDP and you create a domain and subsequently get logged out from the server, you're fucked.

!Rant
The new bill passed the house for ISP to be able to sell data. This get me ticked off. I already ausme that ISP did it under the table. Doesn't make it right. Now it legal for them to breach our privacy. At what leave do i need to run my own internet just to feel safe. VPN can sell the data, ISP can sell data about you. I spend my life teaching how to protect people online and now I can't even say they are safe at home from someone with wrong intention. A quote​ comes to mind.
"Dear lord I need to see some change, because the man in the mirror is wearing a mask"
I shouldn't have to feel every time. I boot my PC, that I need to remind my self that what I'm doing now is being sold so someone can lable me. When will the common man learn to protect their privacy online; And where is the line in the sand?

It not all bad, this event has given me the itch to code. Just to spin some heads I'm going to make a script to make random Google query across the widest array of topics, so my profile is full of contradiction.

The few who read this have a nice day!

Gotta love the IoT.

They set up a new surveillance camera in the company, that can stream live footage over the network and that little shit picked the IP adress of a coworker one day AFTER being set up.
Hurray for static routing. Hurray to the person who didn't disable DHCP on the router (Should probably configure my PC to use a static IP as well lel)

Anyways, this happened outta nowhere when I, the only guy who knows shit about IT and is usually present at yhe office, wasn't there and could not connect remotely.

The other, remote programmer, who set up the network, could guide the coworker to get a new IP but, he was worried that we got ourselves an intruder.

Since nobody told me yet that we (should) have static routing, I thought there was a mastermind at work who could get into a network without a wifi-access point and spoof the coworker in order to access the some documents.

The adrenaline rush was real 😨

Scanning the network with nmap solved the mystery rather quickly but thought me that I need to set up a secure way to get remote access on the network.

I would appreciate some input on the set up I thought of:
A raspberry Pi connected to a vpn that runs ssh with pw auth disabled and the ssh port moved.
Would set up the vpn in a similar fashion.

I love to develop for the web, i find JavaScript a nice language and I love the unmatched flexibility of the web platform but i hate when I have to work with the unstable or badly documented APIs which seems to be the norm in the enterprise world: wasting hours in forced breaks because suddenly the API returns nothing but 503 or the VPN suddenly dies, wasting lot of time to find the documentation you need in the slow and cumbersome enterprise API manager, making lots of tests with cURL/Paw/Postman/wethever trying to find out why a request which should work just doesn't... in these moments I envy desktop and mobile devs. The worst part of it is which microservices made everything worse since nowadays there are way more "moving parts" which can break making the API you need unavailable and unlike with monoliths often it's hard to just clone a back-end, populate a database and then work fully locals since now everything depends on a lots of things which are hard/almost impossible to replicate on your laptop.

So, the Network I was on was blocking every single VPN site that I could find so I could not download proton onto my computer without using some sketchy third-party site, so, being left with no options and a tiny phone data plan, I used the one possible remaining option, an online Android emulator. In the emulator running at like 180p I once again navigated to proton VPN, downloaded the windows version, and uploaded it to Firefox send. Opened send on my computer, downloaded the file, installed it, and realized my error, I need access to the VPN site to log in.

In a panic, I went to my phone ready to use what little was left of data plan for security, and was met with no signal indoors. Fuck. New plan. I found a Xfinity wifi thing, and although connecting to a public network freaked me out, I desided to go for it because fuck it. I selected the one hour free pass, logged in, and it said I already used it, what? When?, So I created a new account, logged in, logged into proton, and disconnected, and finally, I was safe.

Fuck the wifi provider for discouraging a right to a private internet and fuck the owner for allowing it. I realize how bad it was to enter my proton account over Xfinity wifi, but I was desperate and desperate times call for desperate means. I have now changed my password and have 2fa enabled.

*Dev is non-native english speaker

Dev: we need the VPN ip.
Me: the server ip or the connected device ip.
Dev: the server.
Me: gets the ip.
Dev: this doesn't work, is this the VPN ip ?
Me: Gives the device ip. Works.
Dev: OK. Works now.

Could have just asked for the client IP in the first place but s/he didn't know how to.

I have been trying to freelance for people who don't speak english as a first language and getting the Requirements is the hardest part of the job. 😫 .

P.S. Suggestions needed from remote freelancers. What's your workflow like.

whenever I suspend my laptop my openvpn would get stuck on reconnecting and I'd have to ctrl c and wait for like minutes so it would correctly close. so I only used VPN when I really needed it.

but then I found out: mullvad (my VPN host supports wireguard! and so wireguard is a more passive protocol, and doesn't need to keep open the connection. so now I can just set my VPN to "always on" and not worry about it anymore, yay!

ps: you should have seen my face when I found out mullvad gives away free stickers! :D

Not bad for a test over WiFi 😮
Still, how I long for fiber... Then I won't need to use a VPN to boost my speed lol... Not that I'll stop using one...

Hi all,
I want to get advice about a VPN Service,

Currently NordVPN giving away 75% discount for 3 years subscription which costs $107.55,

Any of you have experience with their service?

Need reviews or opinions

So I have a job at a client to fix their system because the last systemadmin fucked everything up. One of the things I need to do is let the boss work from home.

No problem. I set up a vpn connection to work and everything just works. Except that the home network had the same dhcp range so that had to change.

I login on the router and literally everything is fucking locked. I call them and they send me a new router same fucking problem. So we bought an asus router so I finally can fix it.

QUESS WHAT THE FUCKING GARBAGE DOESNT EVEN HAVE BRIDGE MODE. FUCK KPN AND THEIR MODEMS.

Former android fan, I’ve been using iPhone SE for a while, and now I’m ready to give feedback. We are talking about brand new, iOS 11.2.2 device, never jailbraked (jailbroken?) or made anything fucked up to.

The main problem is battery life. It’s poor. I mean, my cheap ass Meizu m3s stands for about three times longer. Now I always need to carry power bank or charger around, keeping it up from one outlet to another.

iOS 11 is unstable and flawed. Music widget on lock screen freezes randomly, ui falls apart sometimes, apps sometimes start in landscape mode. I never found android ui falling apart, just like webpage marked up by interns.

Transferring files to Linux PC is huge pain in the ass. Nuff said.

Aaaand... that’s all. There is literally only three problems present.

On the other hand, there is huge advantages over android:

Speed. It’s unbeatable. It’s absolutely stunning. Need camera? Here it is, quarter second away. Android camera needed straight 15 seconds to start up. Taking picture? Here it is, flawless as always. Zero motion blur, gamma is ideal, focus is so sharp so you may hurt your eyes. Need 100 pictures? Here you go, just press the button and hold it. Maybe s9 or another shiny ass android takes pictures as fast as iPhone, but I bet my iPhone will be taking pictures same flawlessly after 5 years, while your android will probably become sluggish ass piece of crap.

Not. A. Single. Fucking. Lag.

Asphalt 8? 60 FPS all the way down. 2GIS? Fraction of a second away. That’s it, that’s how it have to be.

Sound quality. Just as neat as my Sansa Clip. EarPods are crap, so I’m using my SE215. Not going to ever come back to Sansa. Xperia TX had much less quality audio btw.

Apps. As long as the whole enterprise world sucking Apple’s dick, apps are running silky smooth and the things are not going to change. Come on. Apple is the king nowadays, admit it or not.

Keyboard is amazing. Screen is amazing. It’s just that pleasing. The sounds iPhone makes are great, while android sounds piss me off and making me hold myself from throwing the phone straight to the wall.

iPhone makes me feel cared about. Everything is on it’s place, everything fits perfectly. You are watching YouTube, you need to adjust volume and volume bar appears as tiny strip on the very top, just to not distract you. Make screenshot, draw something on it, share and hit delete. Every action you need is one tap away. Look up word? One tap away. Position the cursor between words? Polished as fuck, here you go, have your handy magnifying glass. Adblock in safari? Install it from the App Store and it will be literally two taps away, right at the settings. No VPN needed. Safari doesn’t become slow with Adblock, it’s just the same amazingly fast browser, but without ads. And Apple Music is just one dollar a month for students, filled with high quality songs.

Even google apps working better on iOS.

The advantages are clear for me, while downsides aren’t significant. @irene, you wanted to know what I’ll tell after a while, so I’m saying it proudly:

I’m never ever coming back to android.

My Windows 10 VM gloriously just shat itself so badly, it's now stuck in a BSOD bootloop (first time ever I managed to get a BSOD in a fucking virtual machine btw) and I need to reinstall it. So I need to download the newest Win10.iso.

But I'm also currently working on a university assignment that requires me to be connected to the university-network via a VPN that's slower than my 90s ADSL connection (~1Mbps) (see my previous rant). So to download the 4.7GB iso it'd take.... I'm bad at maths, so let's just say fucking AGES.

So I spin up another VM with a bridged network to download my Win10.iso with Gigabit speed to set up another VM.... wonders of modern technology

IT admins of devRant, explain my dumbass the following:

Why would an IT department put servers in a VPN without TLS.

They presume they don't need because muh-VPN.

And then they don't want to hand out VPN connections to anyone and force me to use Citrix RDP 🤡

I know there are security reasons, but is there not a better way? Like goteleport.com ?

Asking for a friend (or several)

Sooner or later, you'll need a VPN access to get an accurate information within the US. The population is fat from garbage food, and now they will be fat in retardness from their media.

The conversations that come across my DevOps desk on a monthly basis.... These have come into my care via Slack, Email, Jira Tickets, PagerDuty alerts, text messages, GitHub PR Reviews, and phone calls. I spend most of my day just trying to log the work I'm being asked to do.

From Random People:
* Employee <A> and Contractor <B> are starting today. Please provision all 19 of their required accounts.
* Oh, they actually started yesterday, please hurry on this request.

From Engineers:
* The database is failing. Why?
* The read-only replica isn't accepting writes. Can you fix this?
* We have this new project we're starting and we need you to set up continuous integration, deployment, write our unit tests, define an integration test strategy, tell us how to mock every call to everything. We'll need several thousand dollars in AWS resources that we've barely defined. Can you define what AWS resources we need?
* We didn't like your definition of AWS resources, so we came up with our own. We're also going to need you to rearchitect the networking to support our single typescript API.
* The VPN is down and nobody can do any work because you locked us all out of connecting directly over SSH from home. Please unblock my home IP.
* Oh, looks like my VPN password expired. How do I reset my VPN password?
* My GitHub account doesn't have access to this repo. Please make my PR for me.
* Can you tell me how to run this app's test suite?
* CI system failed a build. Why?
* App doesn't send logs to the logging platform. Please tell me why.
* How do I add logging statements to my app?
* Why would I need a logging library, can't you just understand why my app doesn't need to waste my time with logs?

From Various 3rd party vendors:
* <X> application changed their license terms. How much do you really want to pay us now?

From Management:
* <X> left the company, and he was working on these tasks that seem closely related to your work. Here are the 3 GitHub Repos you now own.
* Why is our AWS bill so high? I need you to lower our bill by tomorrow. Preferably by 10k-20k monthly. Thanks.
* Please send this month's plan for DevOps work.
* Please don't do anything on your plan.
* Here's your actual new plan for the month.
* Please also do these 10 interruptions-which-became-epic-projects

From AWS:
* Dear AWS Admin, 17 instances need to be rebooted. Please do so by tomorrow.
* Dear AWS Admin, 3 user accounts saw suspicious activity. Please confirm these were actually you.
* Dear AWS Admin, you need to relaunch every one of your instances into a new VPC within the next year.
* Dear AWS Admin, Your app was suspiciously accessing XYZ, which is a violation of our terms of service. You have 24 hours to address this before we delete your AWS account.

Finally, From Management:
* Please provide management with updates, nobody knows what you do.

From me:
Please pay me more. Please give me a team to assist so I'm not a team of one. Also, my wife is asking me to look for a new job, and she's not wrong. Just saying.

There is no joy in life

So I finally managed to set up networking on my 3D printer's raspberry pi: now it can connect to my phone's hotspot or to my uni's wifi network, depending on which is available.

Then I set up OpenVPN, using a remote server as a middleman so I can connect to the printer remotely and start/stop/monitor prints from anywhere.

Everything works great, except for one thing: whenever the Pi connects to the uni's network first, OpenVPN fails to start and connect to my server, rendering the printer unavailable (unless I use an ethernet cable, but that's not a viable operation since I need to lift the printer, and it's heavy).
The only for it to work as intended is to either:
a) keep my hotspot active (which kinda defeats the point), or
b) let it connect to my hotspot first (so that OpenVPN can start properly) and then turn off the hotspot, allowing the printer to reconnect to the uni's wifi and reconnect to my vpn.

Why won't things just work the way they're supposed to? 😭

Being victim of an arbitrary worplace's culture on dev experience and documentation makes me a very frustrated dev.

Often I do want to document, and by that, I don't mean laying an inline comment that is exactly the function's name, I mean going full technical writer on steroids. I can and WILL get very verbose, yes, explaining every single way you can use a service - no matter how self explanatory the code might look.
I know developers (and me included) can, and sometimes will, write the best variable and function names at the time, wondering if they reached the peak of clean, DRY code that would make Robert Martin have a seizure and piss himself, only to find weeks later after working on something else that their work is unreadable. Of course.
I know the doc's public, it's me, and I've done this.

But then again explain for the people in the back how the FUUUUCK are we meant to suggest improvements, when we are not the ones who are prioritising features and shit WITH the business?

Just email me when the fucking team recycles, and no new team member knows how to even setup the IDEs because this huge piece of monumental shit called CompanyTM is also run by VPN. Fuck, no one wants to access that garbage, you have no docs.

I once tried setting up a culture for documentation. I did an herculean amount of work studying what solutions were internally homologated, how steep the learning curve would be from what we had at the moment (NOTHING, WE HAD FUCKING NOTHING, jesus christ, I even interviewed SEVENTEEN other squads to PROVE they FUCKING NEED
DOCS
TO WORK

You know what happened to that effort?
It had a few "clap" reactions on a Teams meeting and it never reached the kanban.
It didn't even made it to backlog.

I honestly hope that, someday, an alien fenomenon affects the whole company, making their memories completely reset, only to have the first one - after the whole public ordeal on why our brains became milkshake -, to say: "oh, boy, I wish we had documented this".
Then I will bring them to the back and shoot them.

When I thought things couldn't get crazier that my vmware to win chrome mess.....

Doing an upgrade today when I have to VPN in from my mac to access a Web based secret server to get onto another VPN so I can RDP onto a Windows bastion host to then RDP to client windows servers within the RDP and from those hosts need to use putty to ssh into Linux servers to do the admin activities......

Now I'm obviously all for security but seriously VPN to RDP to RDP to ssh is just a bit mental......

But all of the SSL certs between each env is self signed anyhow......

What the fuck is up with all these vpn articles. It seems like they are everywhere. It's like get this vpn, no buy this one, wait no buy this one. Like I don't need a fucking vpn and it's not a must have.

Oh the joys of working with an Enterprise customer.

Background:
Discussion about service architecture with me, development architect (ArchDev) and integration architect (ArchInt). The topic arises of needing to access int. segment systems for a public facing cloud application.

Me: so we'll just need a s2s vpn and then we can just create a route and call the services normally.
ArchDev: sounds good to me, it will take a few months to get that set up
ArchInt: we done need that, we can just use the gateway and then route all the requests through the ESB.
Me: 😕 do you mean the service gateway?
ArchInt: (drops bomb) no, we decide that all API should be implement in ESB, so ESB will handle traffic
Me: *pauses, steps up to the whiteboard, does latency math* setting aside the fact that isn't how ESB's work, that will add at least 700ms latency to each request.
ArchInt: well that is fine for enterprise, things not usually as fast in enterprise you must expect slowdown to be safe
ArchDev: *starts updating resume on the ladders
Me: 💀🔫

I have too many geeky non-dev activities. I don't know which is the geekiest...

Built a server rack out of bits of spare wood (going to rebuild and improve it in future). Wired up the entire house with network cabling. Didn't need to, just prefer not to use WiFi for things where possible. Also ceiling mounted a PoE WiFi AP for things that have to use WiFi (e.g. smartphones).
DIY built a rack mountable Pi shelf with faceplate.
Configured a dedicated TV tuner/PVR PC used by Kodi running on Raspberry Pi for a couple of TVs (all diskless/network boot).
Got a colocated server running in a data centre for running various VMs on for different things. Run my own email, webserver, DNS, VPN, voice chat server, various other stuff.
Gradually getting into electronics, which overlaps with dev a bit.
Sometimes I play games. I built a dedicated VR PC which occupies the smallest room of the house.

Unsure which is the geekiest thing!

Anyone know private/encrypted p2p network drive app (best would be opensource) between devices in the internet, with multiple user support, invite only ?

It should work behind nat so need use some 3rd party hole punching server for handshakes.

Let’s say I got a movie I want to share with my friend but instead of him downloading it, I would stream it directly from my device and my friend would open it using ex vlc.

Same with other files, on computer can be mounted as network drive.
Or small app with drag drop or cli to add / remove shared directories.

Can be raspberry pi device.

Thinking more, it should work like vpn network but with tunnels between computers.

Can it be done using ipfs ?

Why the fuck is everyone behind this whole privacy thing . I mean what did you expect , servers do cost... you know . No one wants to provide you a service to chat with your shit collecting butler in the adjacent room unless it's going to benefit them .

Stick your face on the internet and want people to date you ?

Understand that your virtual social needs need to be supported by a ridiculous amount of electricity and man power which wouldn't be required if you could just throw out your rotting willie nilles in the open .

All this isn't fucking free .. wait were you shocked ? Oh so you just thought there were a few thousand servers powering buckets of pictures of horse poop that you for some reason thought your girlfriend was interested in . NO!

IT'S PRIVACY you are paying with your gaddamn privacy !! Information pays just like the time you paid a 100 bucks to the boyfriend of your girlfriend to find out more details .

Ridiculous . You people don't like ads . You don't like paying . You don't like providing information . THEN DON'T USE THE DAMN INTERNET .

IF YOU'RE REALLY THAT CONCERNED ABOUT YOUR PRIVACY THEN SPEND SOME VALUABLE TIME TO ACQUIRE ENOUGH OF A SKILLSET TO SETUP A VPN AND STOP POSTING YOUR PHONE NUMBER ON YOUR EX'S WALL ASKING HER TO CALL YOU.

One more honest thing to rant about is ads . As much as you hate them they're an easy way out . I'm not sure why a 20 second ad would bother you on mobile and not on television and I'm not sure why you wouldn't buy the ad company and shut it down if 20 seconds were so costly to you .

I want to rant even more on uninstalling services like Windows and Google for stupid reasons but I'll take a break here . My frustration has touched low levels.

How to find dark web?

I guess I need tools like tor and VPN and stuff.

But where do I go as a starting point?

Ugh. Homeoffice tomorrow. Would be awesome if the servers that I need to connect to work on a project wouldn't be limited to our companies IPs only and the VPN connection would be a bit more stable.

AHHHHHHHHHHGGGH

I HATE VPN SETUP

- Trying OpenSwan
Installing open swan on a Debian machine.. setting up the config.
Restarting openswan. Syntax error. No syntax error to be found.
Different tutorial.. it starts! Try to connect.. I can’t connect. Look at the logs. No errors.
Tcpdump. My traffic is coming through.. all fine.. try to connect again.. it works! (Nothing changed!)
Try to ping somewhere else.. no connectivity.
Try to ping an IP in the same network.. works fine. So I have connectivity, just no internet.
Spend an hour finding out about traffic directions of which no one seems to know what they really mean.
Boss tells me to stop using openswan because it’s deprecated and replaced by strong swan..

- Strongswan
Reinstall Debian machine, install strongswan. Copy openswan config. Oh, they’re incompatible? Look up strong swan config, and the service starts.
Connect to the VPN.. it works! Again, no internet, just connectivity in the same network. Spend 2h debugging the config, disable firewalls everywhere, find an ancient bug in the Debian package related to my issues.. ok, let’s try compiling from source.. you know what, let’s not. I’ll throw this Debian machine away and try something completely different.

- pfSense
Ok, this looks easy enough! Let’s just click through the initial setup, change some firewall rules, create an L2TP VPN with a simple wizard.
Try to connect to VPN. First, it times out. Maybe a firewall issue? Turn off firewall.. ah, something happens now. I get an error message right after trying to connect to the VPN. Hmm, the port doesn’t even get opened when I enable the firewall.. this implementation seems a bit buggy.. let’s try their OpenVPN module.

Configure OpenVPN. Documentation isn’t that clear.. apparently a client isn’t actually a client but a user is a client.. ok, there’s a hidden checkbox somewhere.
Now where do I download my certificate? Oh, I need a plug-in for that.. ok, interesting. Able to download the certificate, import it, connect and.. YES!!! I can ping! But, I have no DNS..
Apparently, ICMP isn’t getting filtered but all outbound ports are.. yet the firewall is completely disabled. Maybe I need outbound NAT? Oh. There’s no clear documentation on where to configure it. Find some ancient doc, set it up, still no outbound connectivity.

AHAHAHAHHHHHHHHHHG

Then I tried VyOS. I had a great L2TP VPN working in less than 15 mins. Thank you VyOS for actually providing proper docs and proper software.

So it's a bank holiday today. Would be a shame if I crashed and you'd need to come in anyway...
- VPN Server

!long rant
Trying to work from home is always a pain, since we need to use company laptops (no ifs, ands or buts about it).
Yesterday I took the laptop in to check for updates that just wouldn't run while at home (my first mistake), and I couldn't get past the "Press Ctrl+Alt+Delete to login" screen, laptop keyboard didn't seem to be registering clicks, and an external keyboard wasn't either (and I forgot about the on-screen keyboard). A couple of restarts later with no further changes to the situation, the laptop then didn't get past the BIOS screen.
So I called support (my second mistake) and logged an incident.
Couple of hours later someone comes to my desk and asks about the issue, so I describe it, show them (by now the laptop was once again getting past BIOS screen), and leave them to it. Since these laptops are just used as preconfigured VPN and RDP gateways, I said it would be okay if he just wanted to reinstall the OS (my third mistake).
Several hours later, after staying late last night waiting for it to finish, I loaded my profile, installed updates, shut down, grabbed my stuff and left, without checking VPN or RDP over WiFi (my fourth mistake).
Turns out that some of the buttons on the keyboard just no longer work, but now USB keyboards do work, and I can just use OSK to login while out. I figured this would be my only issue with things, and that it was acceptable.
This morning I attempt to use the laptop, and forgot about OSK and the faulty delete button, so spent a few minutes on that. Try to connect to WiFi and find it can't connect, because of course, it doesn't remember the WiFi password, so I root around for the code in some drawer, enter it, and it works. VPN tries to connect and... get told to insert my smart card, which is already inserted, because the driver is wrong!
So I'm sitting here writing a post, not quite believing that I'm considering cancelling my plans for the day to go into the office because of a bloody driver issue now...

It’s me or Vim on Windows Terminal is barely usable?
I resorted to doubling my laptop’s ram (luckily Dell still produces laptop which can be upgraded and repaired with a set of common screwdrivers) in order to be able to install a FreeBSD VM in which I can finally get a decent terminal based development environment. Sadly since for my work I need a VPN which can run only on Windows and MacOS I cannot just remove Windows and switch to FreeBSD or Linux but I have to make a VM and route its network traffic through work VPN.

So, today, I wanted to try setting up a wireguard VPN server on my little raspberry pi at home. I... expected /some/ issues, but what I found dumbfounded me.

1 - I already had the wireguard package from the unstable branch of the main raspbian repo installed... Huh, okay.
2 - Setting up config was extremely easy... Wow, so the rumors were true. Wireguard really is almost dumb-simple.
3 - Failed to create a network interface? Oh, trouble, here it is! So lets see... modprobe wireguard... Nope. Don't have the module? What?
4 - Reconfigure package to rebuild the module - missing kernel headers? Huh... weird

This was the simple stuff... Then I went down the rabbit hole of the Raspberry Pi ecosystem:

1 - There is the Raspberry Pi Bootloader, that is apparently separate from the Kernel itself. And I didn't seem to have any of the standard linux-image-* installed... What? Weird, yet there I was, running a 4.19.42-v7+ kernel...
2 - No kernel and no headers... What... The... Fuck
3 - Okay, so... Lets just... try to install the latest kernel image then? One apt-get install... It downloaded the image, but during package configuration, it failed because... I didn't have... its headers? What? What for? And if it needs them (for whatever reason), why isn't the headers package as a dependency? Ugh, whatever...
4 - Another apt-get install and... Okay, building the initrd image aaaaand...
FAIL
WHAT. What is it this time!?

Oh... Ran... No more space on device? What? Is /boot independent? Of course it is, it has to be, its a bloody different filesystem

Okay, so, lets che-OH MY GOD WTF.

Its just bloody 45 MBs big! The entire /boot is just 45 MBs large. WHY. THE. FUCK.

This was a default raspbian install from I have no idea when. But... Why. Oh WHY would ANYONE pre-configure /boot to be this incredibly tiny!?

No wonder the new init ramdisk couldn't fit in there! Its already used up from 64%!

Thanks, Raspbian Devs, now I gotta reinstall the whole system because, yes, the /boot is, of course, sector 8192. Just far enough from 2048 that there are *some* sectors free - About 3 MBs.

So what did I try? Remove the partition and recreate it from the very beginning. Only... I never tried in in the past, and okay, kernel doesn't like having the partition where its image resides deleted on the fly, it will not give up FDs pointing there or something.

So now, I have a system I cannot reboot, or it will never boot back up :|

Thanks, Raspbian!

I need to get a cheap 1U somewhere or something T.T

Disclaimer: Technically it's not "our" stack, but we have to use it so....

A webapp we built runs inside the company's network we built it for. Their IT are windows lovers, so everything has to run on Windows servers, even the tablets which are used to access said web app need to have windows.
Their company network isn't accessable from the outside world, so we have access via VPN to get into their network. But this isn't enough to access that shitty windows server our software runs on. After that VPN, you have to connect to a different VPN to which you can only connect to while you're inside the company's network. Then you have access to two servers, one the application is running on and one, well to see if you're changes were deployed correctly because the production server doesn't have a browser on it other than shitty internet explorer 8.

The only way to connect to the server is using RDP. Not even samba or so. To deploy the changes we made to our app, you need to copy paste the files from your local machine to the server. And don't get me started on running mssql migration with the shitty mssql console 😤😤

Why would anyone who isn't a complete idiot use Windows for servers or mssql in the first place????

I'm currently using team viewer to access a computer of a colleague because only they have access to a vpn I need. So once I'm on the VPN I can then ssh into a ec2 instance. There are several ec2s I need to access but I've only been given direct access to one. Once inside that ec2 I can use it to ssh into the other ec2s....

Dawg..... why

Life isn't supposed to be this hard

Messed up with my virtualServers in my router.

Now I need a VPN, to connect with internet in my own home.😞😞

Another part of messy network gone.

Caching fucked me hard....

Isn't it just lovely that nowadays you need to nearly wipe a machine to get it from claiming stale data....

And thanks to DNS, HAProxy -/ service names / ... I think I know now why the curse of babel is so powerful.

When you have to think for 2 mins to make sure you've set the zone's right, cause otherwise you need to ProxyJump with SSH through more tunnels than imaginable (VPN/HO) to fix possible caching on several DNS servers.... You'll realize that it's russian roulette with too much bullets. :(

And If a monitoring service asks another monitoring service for status information which asks the first monitoring service which then asks the second monitoring cause you were too late...

You'll get very funky monitoring statistics.

Too slow, had to nuke it (mismatched a DNS name, the second monitoring service should have been a service node).

I think I've had more near death scenarios in the last 2 weeks than I like.

Hopefully I'll never have to do that again.

(Splitting and reordering a few dozen VLANs, assigning proper DNS names, loadbalancer migration....)

I really need to get on a VPN... looking for recommendations. bonus points for affordable family plan so my girlfriend can use it too.
NordVPN? Private Internet Access? others?

Like many of you, I'm currently working from home. This is great, and I hope I can stay remote when this is all said and done. That said, there are a few things I don't like. First and foremost, I need to connect to the VPN in order to do a large number of my tasks. This sucks for multiple reasons, the current worst being that I can't use Fiddler while connected to the VPN. This really handcuffs me in certain situations. Anyone currently using a proxy that works while on VPN? I tried a couple of others, including Burp Suite. But they didn't install on my MacBook. Apple didn't like not being able to peer into the depths of their soul, or some such nonsense

What I need to do today:
* terraform init
* terraform plan
* terraform apply

What I'm doing today:
* Rebuilding a docker container, because our outdated version of Terraform doesn't run on M1 Macs natively.
* Fighting with corporate IT man-in-the-middle SSL certs, because those aren't trusted inside the Docker container. These are now applied to all internet traffic, not just traffic destined to the VPN. Terraform doesn't like it, so it won't download any modules.
* Waiting for a blazing fast 1.5 Mbps connection rate when connected to the VPN.
* Learning I can no longer turn off the VPN, as it's a forced policy on my laptop.

Not sure if I'd be more productive today fighting these issues, or just waiting around for days (weeks?) for IT to mail me an Intel mac.

I'm stuck in a really difficult spot in my office and I'm not sure if I should start looking elsewhere. Tldr; there's no defined hierarchy or career path in the web department leaving no position to be promoted to.

We've got 2 offices with now 150+ employees and for the last 2 years I've basically inherited the responsibilities of an IT manager. Planning and deploying our networks, firewall config, VPN setup, keeping users' systems functional, track equipment, order/setup systems for new employees. All of this in addition to my original job description of web developer, which has basically turned into maintaining client WordPress sites while the other developer builds sites.

I've spoken to our CTO (my supervisor) about how much time the IT stuff actually takes and some of my suggestions for the future to make sure we protect ourselves and future proof our systems the best we can and one of my suggestions was that we needed to create the IT manager position because he is usually in meetings or building out API integrations. He's behind the idea, or at least says so to me, but leadership doesn't believe it's needed because we "manage just fine as it is" (this does require 60 hours a week of work along with much automation that I wrote/built). But we're trying to open a 3rd office which means another 50+ employees and systems to manage as well as more websites as we sign more clients.

My pay has never been satisfactory where I am and based on the maximum raise each year it would take me another 10 years to make what I would like (that's calculating without cost of living increase) but they claim this is because I lack a formal degree (self taught). I love most of the people I work with, don't really have an issue with any of them (outside that they're stupid but that I can let that slide if they're trying), and they work with me and my health issues which cause me to miss significantly more office time than I would like. I've been here for 4 years and I've learned a lot but I don't feel like there's any upward mobility here. The only position I see in my department above me is the CTO (or possibly the new PM but that's not a position I want) and he's not going anywhere, and I firmly believe we need someone who can full-time stay on top of our infrastructure before we expand further.

I fantasize occasionally about leaving and finding something else, and there are plenty of opportunities online that I appear qualified for which pay more, but I worry that I'd be trading in something that really isn't all that bad for something that sucks and the only real perk is more money. I'd hate to go somewhere else and start back at the bottom again and have to prove myself yet again.

Hey, I'm looking for a tool to emulate multiple, maybe around 100 browser clients at the same time, having open the same page at the same time. Every single instance would need a separate IP (VPN/proxy). It should also be sort of ressource friendly(not 100chrome windows/tabs)
Anyone got suggestions on a tool I could use? thanks

Can you disable a VPN VNet gateway service on Azure when you don't need it?

Getting conflicting info from our cloud provider (who I no longer trust to assist because they don't know what they're doing) and forum posts about the same question on Microsoft and I don't know what to believe.

I can't experiment, because it'll probably cost the company money and I can't do shit without getting permission and submitting some kind of business case for things that will potentially cost money.