A story about how a busy programmer became responsible for training interns.

So I was put in charge of a team of interns and had to teach them to work with Linux, coding (Bash, Python and JS) and networking overall.
None of the interns had any technical experience, skills, knowledge or talent.
Furthermore the task came to me as a surprise and I didn't have any training plan nor the time.

Case 0:
Intern is asked to connect to a VM, see which interfaces there are and bring up the one that's down (eth1). He shuts eth0 down and is immediately disconnected from the machine, being unable to connect remotely.

Case 1:
Intern researches Bash scripting via a weird android app and after a hour or so creates and runs this function: test(){test|test&}
He fork-bombed the VM all other interns used.

Case 2:
All interns used the same VM despite the fact that I created one for each.
They saved the same ssh address in Putty while giving it different names.

Case 3:
After explicitly explaining and demonstrating to the interns how to connect to their own VMs they all connect to the same machine and attempt to create file systems, map them and etc. One intern keeps running "shutdown -r" in order to test the delay flag, which he never even included.

Case 4:
All of the interns still somehow connect to the same VM despite me manually configuring their Putty "favorites". Apparently they copy-paste a dns that one of them sent to the entire team via mail. He also learned about the wall command and keeps scaring his team members with fake warnings. A female intern actually asked me "how does the screen knows what I look like?!". This after she got a wall message telling her to eat less because she gained weight.

Case 5:
The most motivated intern ran "rm -rf" from his /etc directory.
P.S. All other interns got disconnected because they still keep using his VM.

Case 6:
While giving them a presentation about cryptography and explaining how SSH (that they've been using for the past two weeks) works an intern asked "So is this like Gmail?".
I gave him the benefit of the doubt and asked if he meant the authorization process. He replied with a stupid smile "No! I mean that it can send things!".

FML. I have a huge project to finish and have to babysit these art majors who decided to earn "ezy cash many" in hightech.

Adventures will be continued.

*Dev in his 40's from our counter-part office.

Me: Here's my SSH keys.

Dev: What's this?

Me: SSH keys. Give me access to the repository.

Dev: We don't use any version control here. Let's just use FTP or Remote Desktop and just download the codes.

So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!

It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"

Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.

My parents found it very easy to work with as well so we decided to stick with it.

I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.

Then I started to experiment more and more.

After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!

From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.

Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!

I started to learn stuff like FTP, SSH and so on.

Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?

First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.

Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.

Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!

I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.

Finally made the jump to NginX and CentOS!

Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.

Started with simple, one screen linux setup with ubuntu 10.04.

Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!

It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).

A tcp packet walks in to a bar and says “I want a beer”, barman says “you want a beer?” and tcp packet says “yes, a beer” .

In high society, TCP is more welcome than UDP. At least it knows a proper handshake.

A bunch of TCP packets go into a bar, until it’s overcrowded. The next day, half as many go in.

A bunch of TCP packets walk into a bar. The bartender says, “Hang on just a second, I need to close the window.”

When I try to send SYNs to chicks, I don’t get any ACKs. Just FINs and RSTs.

IP packet with TTL=1 arrives at bar. Bartender: “Sorry, can’t let you leave…and you don’t get any beer either…” 

The worst part about token ring jokes is that if someone starts telling one while you are telling yours, all joking stops.

The great thing about TCP jokes is that you always get them.

The problem with TCP jokes is that people keep retelling them slower until you get them.

I would tell some UDP jokes too but I never know if anyone gets them

The best thing about UDP jokes is that I don’t care if you get them or not.

I had a funny UDP joke to tell, but I lost it somewhere...

The sad thing about IPv6 jokes is that almost no one understands them and no one is using them yet.

I tried to come up with an IPv4 joke, but the good ones were all already exhausted.

A DHCP packet walks into a bar and asks for a beer. Bartender says: “here, but I’ll need that back in an hour!

DHCP jokes only work when there is only one person telling them

The worst part of SSH jokes is that, even when they're not funny, you suck it up and just pretend they were anyway.

The problem with token ring jokes is you need to wait your turn to laugh

I’d make a joke about UDP, but I don’t know if anyone’s actually listening…

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Working 600 km from home on my first big web project, with a raspberry pi as server (located at home). Decided to reboot it today in order to see if it would resolve a problem.

It probably booted up with a different local ip, cant access it anymore with ssh or ftp.

Fuck.

We're using a ticket system at work that a local company wrote specifically for IT-support companies. It's missing so many (to us) essential features that they flat out ignored the feature requests for. I started dissecting their front-end code to find ways to get the site to do what we want and find a lot of ugly code.
Stuff like if(!confirm("blablabla") == false) and whole JavaScript libraries just to perform one task in one page that are loaded on every page you visit, complaining in the js console that they are loaded in the wrong order. It also uses a websocket on a completely arbitrary port making it impossible to work with it if you are on a restricted wifi. They flat out lie about their customers not wanting an offline app even though their communications platform on which they got asked this question once again got swarmed with big customers disagreeing as the mobile perofrmance and design of the mobile webpage is just atrocious.

So i dig farther and farthee adding all the features we want into a userscript with a beat little 'custom namespace' i make pretty good progress until i find a site that does asynchronous loading of its subpages all of a sudden. They never do that anywhere else. Injecting code into the overcomolicated jQuery mess that they call code is impossible to me, so i track changes via a mutationObserver (awesome stuff for userscripts, never heard of it before) and get that running too.

The userscript got such a volume of functions in such a short time that my boss even used it to demonstrate to them what we want and asked them why they couldn't do it in a reasonable timeframe.

All in all I'm pretty proud if the script, but i hate that software companies that write such a mess of code in different coding styles all over the place even get a foot into the door.

And that's just the code part: They very veeeery often just break stuff in updates that then require multiple hotfixes throughout the day after we complain about it. These errors even go so far to break functionality completely or just throw 500s in our face. It really gives you the impression that they are not testing that thing at all.

And the worst: They actively encourage their trainees to write as much code as possible to get paid more than their contract says, so of course they just break stuff all the time to write as much as possible.
Where did i get that information you ask? They state it on ther fucking career page!

We also have reverse proxy in front of that page that manages the HTTPS encryption and Let's Encrypt renewal. Guess what: They internally check if the certificate on the machine is valid and the system refuses to work if it isn't. How do you upload a certificate to the system you asked? You don't! You have to mail it to them for them to SSH into the system and install it manually. When will that be possible you ask? SOON™.
At least after a while i got them to just disable the 'feature'.

While we are at 'features' (sorry for the bad structure): They have this genius 'smart redirect' feature that is supposed to throw you right back where you were once you're done editing something. Brilliant idea, how do they do it? Using a callback libk like everyone else? Noooo. A serverside database entry that only gets correctly updated half of the time. So while multitasking in multiple tabs because the performance of that thing almost forces you to makes it a whole lot worse you are not protected from it if you don't. Example: you did work on ticket A and save that. You get redirected to ticket B you worked on this morning even though its fucking 5 o' clock in the evening. So of course you get confused over wherever you selected the right ticket to begin with. So you have to check that almost everytime.

Alright, rant over.
Let's see if i beed to make another one after their big 'all feature requests on hold, UI redesign, everything will be fixed and much better'-update.

To people who don't know how to use Linux: Just because I use nano instead of gedit or any other GUI text editor does not mean I'm showing off. Why can't you understand that ssh-ing into a server and opening a file in the terminal itself to edit three lines of configuration is much easier than opening FileZilla, connecting, downloading the file, making the changes and uploading it again. It's fine if you want to do it that way. But please don't judge me for doing it my way.

To people who are good with Linux: Can you please stop suggesting me to use vim instead, EVERY FUCKING TIME? I know it's more powerful, but I haven't been using Linux enough to have surpassed it's learning curve. Plus I google up how to use it and do use it when I have the need. Please let me be?

To people who tell me to use Windows for everything: Go suck a fat dick, you uncultured morons.

When you login to a server through ssh for the first time with a specific domain or up address, you get a prompt asking to verify a signature with yes or no (on Linux at least).

That often goes well but sometimes when I already did that....:

ssh user@server
*types yes automatically and presses enter...........*
Neeeeeeeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaammmmmmmmmmmm:
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes^C
user@server: ~$
user@server: ~$ ^C
user@server: ~$ ^C
user@server: ~$ ^C
user@server: ~$ ^C
user@server: ~$ ^C

Nooooo not again 😅

Working with a client...the resident """sysadmin""" hasn't actually been a sysadmin since the early 90s, the last OS he _actually_ managed was SunOS 5 or something. I can't remember what he said. He hasn't kept up AT ALL with modern technologies/terminologies. He's convinced SELinux is a security hardened kernel. We've explained to him several times that it's not but he sees Linux and thinks Linux 1.0 from the 90s. It's downright embarrassing.

Now this would all be well if I didn't have to interface with him often, but the client WILL NOT give me access to their systems. So I have to go through him to get anything done. Which is over webex. So I get to watch this guy type (and mess up) basic commands over and over (he isn't aware of tab completion of any of the bash features that are super useful). So I'm telling him what to type and the delay is always just enough for him to get too far in the command to back out, so its like SSH-over-incompetence with a 500ms ping. It's truly infuriating.

Every once in a while he'll get frustrated enough to hand me control of his webex session, which isn't as painful but once again the delay is bad enough it's still a pain.

Best part is that he looks EXACTLY like Milton from Office Space. So thats one plus to this whole situation!

The last year my school installed MagicBoards (whiteboard with beamer that responses to touch) in every class room and called itself "ready for the future of media". What they also got is A FUCKING LOW SPEC SERVER RUNNING DEBIAN 6 W/O ANY UPDATES SINCE 2010 WHICH IS DYING CONSTANTLY.

As I'm a nice person I asked the 65 y/o technician (who is also my physics teacher) whether I could help updating this piece of shit.

Teacher: "Naahh, we don't have root access to the server and also we'll get a new company maintaining our servers in two years. And even if we would have the root access, we can't give that to a student."

My head: "Two. Years. TWO YEARS?! ARE YOU FUCKING KIDDING ME YOU RETARDED PIECE OF SHIT?! YOU'RE TELLING ME YOU DON'T HAVE TO INSTALL UPDATES EVEN THOUGH YOU CREATE AN SSH USER FOR EVERY FUCKING STUDENT SO THEY CAN LOGIN USING THEIR BIRTH DATE?! DID YOU EVER HEAR ABOUT SECURITY VULNERABILITIES IN YOUR LITTLE MISERABLE LIFE OR SOUNDS 'CVE-2016-5195' LIKE RANDOM LETTERS AND NUMBERS TO YOU?! BECAUSE - FUNFACT - THERE ARE TEN STUDENTS WHO ARE IN THE SUDO GROUP IF YOU EVEN KNOW WHAT THAT IS!"

Me (because I want to keep my good grades): "Yes, that sounds alright."

Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".

You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.

Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.

So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.

Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.

There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.

TFW your client's git policies are so draconian that the dev teams use "develop" as trunk, and completely ignore the release process.

I wrote up 50 pages of git standards, documentation and procedure for a client. Bad indian director 9000 decides the admin (also Indian) who specializes in Clearcase and has no git or development experience is more qualified to decide and let's him set the policy.

FF to today:

- documentation, mostly contradictory, is copy pasted from the atlassian wiki
- source tree is the standard
- no force pushing of any branches, including work branches
- no ff-merge
- no rebasing allowed
- no ssh, because he couldn't figure it out...errr it's "insecure"
- all repos have random abbreviated names that are unintelligible
- gitflow, but with pull requests and no trust
- only project managers can delete a branch
- long lived feature branches
- only projects managers can conduct code reviews
- hotfixes must be based off develop
- hotfixes must go in the normal release cycle
- releases involve creating a ticket to have an admin create a release branch from your branch, creating a second ticket to stage the PR, a third ticket to review the PR (because only admins can approve release PRs), and a fourth ticket to merge it in
- rollbacks require director signoff
- at the end of each project the repo must be handed to the admin on a burned CD for "archiving"

And so no one actually uses the official release process, and just does releases out of dev. If you're wondering if IBM sucks, the answer is more than you can possibly imagine.

*tries to SSH into my laptop to see how that third kernel compilation attempt went*
… From my Windows box.

Windows: aah nope.

"Oh God maybe the bloody HP thing overheated again"
*takes laptop from beneath the desk indent*
… Logs in perfectly. What the hell... Maybe it's SSH service went down?

$ systemctl status sshd
> active (running)

Well.. okay. Can I log in from my phone?

*fires up Termux*
*logs in just fine*

What the fuck... Literally just now I added the laptop's ECDSA key into the WSL known_hosts by trying to log into it, so it can't be blocked by that shitty firewall (come to think of it, did I disable that featureful piece of junk yet? A NAT router * takes care of that shit just fine Redmond certified mofos).. so what is it again.. yet another one of those fucking WanBLowS features?!!

condor@desktop $ nc -vz 192.168.10.30 22
Connection to 192.168.10.30 22 port [tcp/ssh] succeeded!

ARE YOU FUCKING FOR REAL?!

Fucking Heisen-feature-infested piece of garbage!!! Good for gaming and that's fucking it!

Edit: (*) this assumes that your internal network doesn't have any untrusted hosts. Public networks or home networks from regular users that don't audit their hosts all the time might very well need a firewall to be present on the host itself as well.

Win10 shell has ssh? Oh boi, let's try that out.
> help ssh
This command is not supported by the help utility. Try "ssh/?".
> ssh /?
ssh: Could not resolve hostname /?: Name or service not known.

😲🔫

One of our newly-joined junior sysadmin left a pre-production server SSH session open. Being the responsible senior (pun intended) to teach them the value of security of production (or near production, for that matter) systems, I typed in sudo rm --recursive --no-preserve-root --force / on the terminal session (I didn't hit the Enter / Return key) and left it there. The person took longer to return and the screen went to sleep. I went back to my desk and took a backup image of the machine just in case the unexpected happened.

On returning from wherever they had gone, the person hits enter / return to wake the system (they didn't even have a password-on-wake policy set up on the machine). The SSH session was stil there, the machine accepted the command and started working. This person didn't even look at the session and just navigated away elsewhere (probably to get back to work on the script they were working on).

Five minutes passes by, I get the first monitoring alert saying the server is not responding. I hoped that this person would be responsible enough to check the monitoring alerts since they had a SSH session on the machine.
Seven minutes : other dependent services on the machine start complaining that the instance is unreachable.

I assign the monitoring alert to the person of the day. They come running to me saying that they can't reach the instance but the instance is listed on the inventory list. I ask them to show me the specific terminal that ran the rm -rf command. They get the beautiful realization of the day. They freak the hell out to the point that they ask me, "Am I fired?". I reply, "You should probably ask your manager".

Lesson learnt the hard-way. I gave them a good understanding on what happened and explained the implications on what would have happened had this exact same scenario happened outside the office giving access to an outsider. I explained about why people in _our_ domain should care about security above all else.

There was a good 30+ minute downtime of the instance before I admitted that I had a backup and restored it (after the whole lecture). It wasn't critical since the environment was not user-facing and didn't have any critical data.

Since then we've been at this together - warning engineers when they leave their machines open and taking security lecture / sessions / workshops for new recruits (anyone who joins engineering).

I was engaged as a contractor to help a major bank convert its servers from physical to virtual. It was 2010, when virtual was starting to eclipse physical. The consulting firm the bank hired to oversee the project had already decided that the conversions would be performed by a piece of software made by another company with whom the consulting firm was in bed.

I was brought in as a Linux expert, and told to, "make it work." The selected software, I found out without a lot of effort or exposure, eats shit. With whip cream. Part of the plan was to, "right-size" filesystems down to new desired sizes, and we found out that was one of the many things it could not do. Also, it required root SSH access to the server being converted. Just garbage.

I was very frustrated by the imposition of this terrible software, and started to butt heads with the consulting firm's project manager assigned to our team. Finally, during project planning meetings, I put together a P2V solution made with a customized Linux Rescue CD, perl, rsync, and LVM.

The selected software took about 45 minutes to do an initial conversion to the VM, and about 25 minutes to do a subsequent sync, which was part of the plan, for the final sync before cutover.

The tool I built took about 5 minutes to do the initial conversion, and about 30-45 seconds to do the final sync, and was able to satisfy every business requirement the selected software was unable to meet, and about which the consultants just shrugged.

The project manager got wind of this, and tried to get them to release my contract. He told management what I had built, against his instructions. They did not release my contract. They hired more people and assigned them to me to help build this tool.

They traveled to me and we refined it down to a simple portable ISO that remained in use as the default method for Linux for years after I left.

Fast forward to 2015. I'm interviewing for the position I have now, and one of the guys on the tech screen call says he worked for the same bank later and used that tool I wrote, and loved it. I think it was his endorsement that pushed me over and got me an offer for $15K more than I asked for.

I was working for a startup that needed to update 300 machines that had just come from the factory. We had to open all 300 boxes and update them one at a time. I made a simple script that would run a folder full of shell scripts then keep track of what it ran so it would not run the same script twice. It made it so we could just plug the machines into the internet, they would query some server, download my program, and run it. It saved me from having to ssh into every machine and run commands. Well the head programmer guy saw what I did and implemented it as the main program that would update the entire machine. I didn't program anything into it to verify updates, the shell scripts did not return any indication of success or failure, and I made it in less than 3 hours. It was supposed to be a temporary program to be used for those 300 machines only, but ended up sticking around for 2 years.

thought I'd type:netstat -atn on my server and the result was a bit scary, found a Russian IP address with state of: FIN_WAIT1
Either Fail2ban was closing his connection or that dude was able to access my server :/

Checked /var/log/auth.log
and found this for his IP: Failed password for root from ----- port 37635 ssh2

I hope I'm still safe :)

Instantly disable password login and make it only SSH
but now I need to carry my SSH keys or else I'm blocked out lol

cw: I need a server to put my node backend

me: sure, I'll run a docker container for you

cw: nice, I've never worked with docker but I learn quickly, I'm already reading the Docker file docs

me: no wait, you don't need to learn anything, you'll be inside the container, so you only need an ssh connection and that's it

cw: this Dockerfile stuff is really complicated, it'll take me a while, but it's ok you don't have to worry, I like learning new things

me: you won't need that, just imagine it's a cloud server with Ubuntu installed, you only have to use it, I'll put node, git and ssh there for you

cw: ok got it, I'll have to learn the commands to run the docker, I'm on windows but I can use PowerShell and stuff I'll figure it out

me: ...

cw: ssh is a linux command right? does it have a push or publish option? how do you upload files there

me: ...you can use a ftp client but you'll need ssh to run the node server

cw: ok, I'm almost done with the Dockerfile, I only need to add git and nodejs, I'm starting to understand this thing...

me thinking: yeah keep doing that, you're such a crack, such a quick learner...

This son of a bitch is either a retard or is doing it on purpose and laughing at me the whole time, making my life so miserable, but I'm about to go insane with this dude, I'm proud of how I've been able to control myself, BUT ONE OF THESE DAYS I'LL LOSE MY COOL AND FORCE THIS MOTHERFUCKER TO DRINK A BIG POT OF BOILING, SALTY AND STINKING VOMIT WITH A SIDE OF STEAMING DIARRHEAL GREEN DOG SHIT WITH WHITE CHOCOLATE CHIPS WHILE I PUT MY OLD CRT MONITOR TO GOOD USE BY BEATING HIS FUCKING HEAD WITH IT!!!

God damn fucking Windows bullshit.

Why is the fuck does Microsoft HATE its users?

Latest updates, and no fuck Windows 11, completely BREAKS all of my WSL environments.

Home directories are gone, or the environments are corrupt and won't even run.

99% of the issues these dense shit-fucks cause are because they RaNdOmLy reboot for their dumbass updates instead of scheduling them with the end user. During these rebots, do you thing they wait for everything to shut down?

HELL NO!

They just shut that shit down like they fucking own it. Editors? Gone. Browsers? Gone. WSL Consoles? Gone. Docker containers? Gone. IEdge? Hey, we have great news, we made IE your default browser again! BTW, your upgrade to Windows 11 is free until we force you to upgrade!

I'm so fed up with it.....so fucking tired of it...

The only reason why I even use WSL these days is to ssh into my Linux devices or run some quick dev tests in containers. Why not use PuTTY for SSH? Because it fucking SUCKS that's why.

I'm feeling so many emotions right now over bullshit that shouldn't even be happening. I'm literally at the point that I'm just going to install Linux on this device and just create a Windows VM on one of my hosts so I can still do "work" things that involve leadership.

Something strange just happened, activated Fail2ban on another server and instantly blocked me when I already had ssh session open >_>

Does macOS terminal keep on sending ssh authentication requests? Or is my OpenVPN that keeps on sending requests.

Why does this keep on happening to me T_T

My university has impeccable data management. I needed to ssh into their Linux server for an assignment but it refused to accept my login. Which was weird because I could login to the same account on one of our websites just fine. I typed my password into a text file and then copy and pasted it into both logins. The Linux one failed but the website succeeded. After some experimentation it turns out that the Linux server only recognized my username if I typed it in all lowercase, even though when I created the account it had uppercase characters as well.

So let me walk you through the sloppiness that had to have occurred for this to happen. When I first created the account it must have ignored what I entered and just saved the username in all lowercase without communicating that to me. Then the websites that use this account must either ignore case for usernames or lowercase the user input before querying the database. Finally, the Linux server, despite knowing that all the usernames are lowercase, is case sensitive and won't recognize the username as I originally typed it in.

Can you guess what department manages the account, website and Linux server? The Department of Computer and Information Science. Incredible.

Well fuck me sideways with a rusty lamppost.
Got assigned to a project at work, kind of a biggie, my first actual large project. Been working there since last year, done a lot of research in my spare time and felt like I deserved it or something.

But then...

A few weeks ago I posted a rant about a fuckwit that can't even type 'ssh' in a terminal and doesn't know how a basic database system works.

Guess what.

Yeah.

Exactly that happened.

Because of his overconfidence and big mouth he got assigned to the project as well.
He planned a pitch. Stole my words.

He hasn't proven himself in any way and always needs help. Always. And I don't have a problem with people asking for help, I actually tell people not to be afraid to ask if they don't know something.

But I do have a problem with people laying back at work and asking 7 different people how to open a terminal.

Why does this happen? Just why?

Okay.. I just did it. I had to reinitialize a server because I lost the single SSH keypair (probably the one from my BELOVED Windoze desktop that I recently had to reinstall) that was authorized to access the server, and I didn't add any of the other clients' keys to the server's authorized_keys.

Note to self: replicate all your fucking keys or (or rather, and) back them the fuck up into your keychain already!! Why else does that keychain USB stick exist, Condor, you bloody fucking moron?!!

Well, at least now the admin panel on Aruba Cloud doesn't say "Ubuntu 14.04" that's been upgraded to Ubuntu 18.04 anymore, but 18.04 as it should.. but that's about the only good thing.

Attempting to access my colleague's NFS directory on his VM, don't know the VM's IP address, hostname or password:

- 2 minutes with nmap to narrow the possible IPs down to ~30

- Ping each and look for the one with a Dell MAC prefix as the rest of us have been upgraded to Lenovo. Find 2 of these, one for the host and one for the virtual machine.

- Try to SSH to each, the one accepting a connection is the Linux VM

- Attempt login as root with the default password, no dice. Decide it's a lost cause.

- Go to get a cup of tea, walk past his desk.

- PostIt note with his root password 😶

FYI this was all allowed by my manager as he had unpushed critical changes that we needed for the release that day.

So... We have a "network admin" who manages our network and the servers (windows) and I manage the Linux servers... He is having a real hard time to understand that the servers have no password but use ssh-keys to login and keep asking me for the credential to have them somewhere in case "something happens" like I quit or die...

Question for networking persons or persons who might know more about this than me in general.

I'm looking at setting up a server as vpn server (that part I know) which tunnels everything through multiple other vpn connections.

So let's say I've got a vps which I connect to through vpn. I then want that vps to have one or multiple connections to other vpn servers.

That way i can connect my devices to this server which routes everything to/through other services like mullvad :).

Tried it before but ended up losing ssh access until reboot 😬

Anyone ideas?

Wanting to push the code to remote at 3am and just hit the bed.. Appereantly bitbucket has other plans for me 🤷‍♂️

Also chuckles to them for still running python 2.7 on their systems 😏

My first times today:
First time a droplet on Digital Ocean.
First time Nginx.
First time trying to separate mail and website servers.
First time using UFW firewall.
First time Ubuntu webserver.
First try all alone configuration of my webserver.
First time installing all the stuff I need on my own, like MySQL, PHP and so on.
First time only SSH access from the beginning.
First time deployment from bitbucket.

Do you have any advise what I should think about. Or what software I will need. Or what I should think about.

Back when I migrated my file server to a VM, I used robocopy to copy everything over (and caused quite a few fuckups before it'd behave halfway decent.. or so I thought). Now I tried to add my desktop's SSH key to the authorized_keys on said server but it wouldn't accept my key after that. After a bit of digging I've found that my entire home directory (where the file server hosts its mirror of my D: drive) had everything set to 777, and that's why the key isn't accepted. Great permission mode, isn't it? Much secure, very wow! Thank you so much robocopy!!!

Everyone was a noob once. I am the first to tell that to everyone. But there are limits.

Where I work we got new colleagues, fresh from college, claims to have extensive knowledge about Ansible and knows his way around a Linux system.... Or so he claims.

I desperately need some automation reinforcements since the project requires a lot of work to be done.

I have given a half day training on how to develop, starting from ssh keys setup and local machine, the project directory layout, the components the designs, the scripts, everything...
I ask "Do you understand this?"
"Yes, I understand. " Was the reply.

I give a very simple task really. Just adapt get_url tasks in such a way that it accepts headers, of any kind.
It's literally a one line job.

A week passes by, today is "deadline".

Nothing works, guy confuses roles with playbooks, sets secrets in roles hardcodes, does not create inventory files for specifications, no playbooks, does everything on the testing machine itself, abuses SSH Keys from the Controller node.... It's a fucking ga-mess.

Clearly he does not understand at all what he is doing.

Today he comes "sorry but I cannot finish it"
"Why not?" I ask.
"I get this error" sends a fucking screenshot. I see the fucking disaster setup in one shot ...

"You totally have not done the things like I taught you. Where are your commits and what are.your branch names?"
"Euuuh I don't have any"
Saywhatnow.jpeg

I get frustrated, but nonetheless I re-explain everything from too to bottom! I actually give him a working example of what he should do!

Me: "Do you understand now?"
Colleague: "Yes, I do understand now?"
Me: "Are you sure you understand now?"
C: "yes I do"

Proceeds to do fucking shit all...

WHY FUCKING LIE ABOUT THE THINGS YOU DONT UNDERSTAND??? WHAT KIND OF COGNITIVE MALFUNCTION IA HAPPENING IN YOUR HEAD THAT EVEN GIVEN A WORKING EXAMPLE YOU CANT REPLICATE???
WHY APPLY FOR A FUCKING JOB AND LIE ABOUT YOUR COMPETENCES WHEN YOU DO T EVEN GET THE FUCKING BASICS!?!?

WHY WASTE MY FUCKING TIME?!?!?!

Told my "dear team leader" (see previous rants) that it's not okay to lie about that, we desperately need capable people and he does not seem to be one of them.

"Sorry about that NeatNerdPrime but be patient, he is still a junior"

YOU FUCKING HIRED THAT PERSON WITH FULL KNOWLEDGE ABOUT HAI RESUME AND ACCEPTED HIS WORDS AT FACE VALUE WITHOUT EVEN A PROPER TECHNICAL TEST. YOU PROMISED HE WAS CAPABLE AND HE IS FUCKING NOT, FUCK YOU AND YOUR PEOPLE MANAGEMENT SKILLS, YOU ALREADY FAIL AT THE START.

FUCK THIS. I WILL SLACK OFF TODAY BECAUSE WITHOUT ME THIS TEAM AND THIS PROJECT JUST CRUMBLES DOWN DUE TO SHEER INCOMPETENCE.

Some years ago our company site was hosted by a prick who knew nothing and started to pretend the server got a virus or whatever.

I tested their server and figured out they did not have any firewall policies going on like mitigation of ssh brute force.

It was at this time I learned about SYN flood, and boy I flooded that port 80 of them.

The company site went down for as long as I wanted.

It was great because now we manage it in house and never had a problem anymore.

Why is it that an issue is only critical-priority until the person who's raising the biggest fuss has to do something about it?

I was notified that a website hosted in AWS went down overnight and never came back up. I was then bombarded with email after email after email while I logged into our AWS account and poked around. I'm responsible for cloud infrastructure stuff, like VMs or virtual networking or security or whatever, not the actual applications running on said infrastructure. Once I confirmed their EC2 instance was reachable and I could login with SSH, I told them they'd have to fix their application.

They told me that they had no backend developer on their development team. I'm still getting a deluge of emails from multiple people on this team and their managers and managers' managers and so on.

"Perfectly understandable," I told them, though it was anything but. "You should probably look into obtaining one."

The emails stopped immediately. I assumed they were handling it and closed my ticket and moved on. But apparently I was wrong.

Six weeks later, the site is still down, they still have no backend dev, and I'm convinced that they were lying to me when they stressed the importance of this web app because now that it's no longer my problem, not a single person seems to care that it's still broken.

TL; DR: Bringing up quantum computing is going to be the next catchall for everything and I'm already fucking sick of it.

Actual convo i had:

"You should really secure your AWS instance."

"Isnt my SSH key alone a good enough barrier?"

"There are hundreds of thousands of incidents where people either get hacked or commit it to github."

"Well i wont"

"Just start using IP/CIDR based filtering, or i will take your instance down."

"But SSH keys are going to be useless in a couple years due to QUANTUM FUCKING COMPUTING, so why wouldnt IP spoofing get even better?"

"Listen motherfucker, i may actually kill you, because today i dont have time for this. The whole point of IP-based security is that you cant look on Shodan for machines with open SSH ports. You want to talk about quantum computing??!! Lets fucking roll motherfucker. I dont think it will be in the next thousand years that we will even come close to fault-tolerant quantum computing.

And even if it did, there have been vulnerabilities in SSH before. How often do you update your instance? I can see the uptime is 395 days, so probably not fucking often! I bet you "dont have anything important anyways" on there! No stored passwords, no stored keys, no nothing, right (she absolutely did)? If you actually think I'm going to back down on this when i sit in the same room as the dude with the root keys to our account, you can kindly take your keyboard and shove it up your ass.

Christ, I bet that the reason you like quantum computing so much is because then you'll be able to get your deepfakes of miley cyrus easier you perv."

Hey there!

So during my internship I learned a lot about Linux, Docker and servers and I recently switched from a shared hosting to my own VPS. On this VPS I currently have one nginx server running that serves a static ReactJs application. This is temponarily, I SFTP-ed the build files to the server and added a config file for ssl, ciphers and dhparams. I plan to change it later to a nextjs application with a ci/di pipeline etc. I also added a 'runuser' that owns the /srv/web directory in which the webserver files are located. Ssh has passwords disabled and my private keys have passphrases.

Now that I it's been running for a few days I noticed a lot of requests from botnets that tried to access phpmyadmin and adminpanels on my server which gave me quite a scare. Luckily my website does not have a backend and I would never expose phpmyadmin like that if I did have it.

Now my question is:
Do you guys know any good articles or have tips and tricks for securing my server and future projects? Are there any good practices that I should absolutely read and follow? (Like not exposing server details etc., php version, rate limiting). I really want to move forward with my quest for knowledge and feel like I should have a good basis when it comes to managing a server, especially with the current privacy laws in place.

Thanks in advance for enduring my rant and infodump 😅

Init and Hello. My name is git and this is my story.

I just arrived in this system recently by the apt highway. It's not the only way though. Some for example used the npm hype-train, others arrived from the ssh shore. No matter where we came from the next step on our agenda was time to introduce our self at the event destined for all new-comers to the system.
"As many of you I reside in the usr-bin district. I'm really into history and commitment! I like it when people work together, so I'm always eager to bring all branches together."
"But what is it actually good for?", asked Curl, which I already met at the bus station. Many nodded in agreement. It was odd. Somehow I felt not quite at home. All the others seemed so different based on their field of work.
"We have worked here in a really agile environment for ages. There is no need for any kind of strange bureaucracy.", said another voice.
All attempts to convince them from the beauty of history or a little bit of management were unsuccessful. It was just the beginning of a not so interesting stage in my life - to say the least.

Today was another of 'those' days. I live in this community for quiet a while now and unfortunately nothing really changed - at least for the good. I sat on my branch of the tree with all the others around and there was nothing really to do for me. Again. I mean, actually it's true. I have to admit it. There is just no work on this world for someone like me. All the others seem to be so busy, while I just have to sit around and question my own existence. Since I grew tired asking these questions to myself, I stopped it. I can't do a thing actually. That's not how this world works.
"Hey fagit, anything meaningful to add to our delightful conversation?", nginx shouted over to me from another branch of the tree. Before I was able to give an indifferent answer the voice just continued.
"Oh, sorry. I forgot that you have no purpose after all. Well, never mind!"
Everyone started laughing at me. It was not too bad by the way. Actually, this was quite ordinary. These fucktards completely ran out of creativity. If it wasn't for that mere emptiness gaping right above my guts, I'd actually be disappointed. I even got accustomed to the alias 'fagit'. Quiet sad given the fact that i really like my real name. If only someone would mind using it... First too quiet to notice but growing in intensity a rumbling emerged from somewhere deep within the tree. Out of a sudden everyone stopped laughing. The voices slowly faded while the growling from afar grew louder. It had come. Not more than a shadow reached out from the tree and faster than anyone could comprehend nginx was simply gone. Killed in an instance.

Disclaimer: This story is fictional. No systems were harmed in its creation.

I finally fucking made it!

Or well, I had a thorough kick in my behind and things kinda fell into place in the end :-D

I dropped out of my non-tech education way too late and almost a decade ago. While I was busy nagging myself about shit, a friend of mine got me an interview for a tech support position and I nailed it, I've been messing with computers since '95 so it comes easy.

For a while I just went with it, started feeling better about myself, moved up from part time to semi to full time, started getting responsibilities. During my time I have had responsibility for every piece of hardware or software we had to deal with. I brushed up documentation, streamlined processes, handled big projects and then passed it on to 'juniors' - people pass through support departments fast I guess.

Anyway, I picked up rexx, PowerShell and brushed up on bash and windows shell scripting so when it felt like there wasn't much left I wanted to optimize that I could easily do with scripting I asked my boss for a programming course and free hands to use it to optimize workflows.

So after talking to programmer friends, you guys and doing some research I settled on C# for it's broad application spectrum and ease of entry.

Some years have passed since. A colleague and I built an application to act as portal for optimizations and went on to automate AD management, varius ssh/ftp jobs and backend jobs with high manual failure rate, hell, towards the end I turned in a hobby project that earned myself in 10 times in saved hours across the organization. I felt pretty good about my skills and decided I'd start looking for something with some more challenge.

A year passed with not much action, in part because I got comfy and didn't send out many applications. Then budget cuts happened half a year ago and our Branch's IT got cut bad - myself included.

I got an outplacement thing with some consultant firm as part of the goodbye package and that was just hold - got control of my CV, hit LinkedIn and got absolutely swarmed by recruiters and companies looking for developers!

So here I am today, working on an AspX webapp with C# backend, living the hell of a codebase left behind by someone with no wish to document or follow any kind of coding standards and you know what? I absolutely fucking love it!

So if you're out there and in doubt, do some competence mapping, find a nice CV template, update your LinkedIn - lots of sources for that available and go search, the truth is out there!

Should’ve posted this after it happened, but it requires a bit of background anyway.

There’s this guy that oversees our OpenStack environment. My team often make jokes and groan about him in private because he’s so overbearing. A few months back, he had to take us to our data center to show us our new racks, and he kept saying stupid stuff like “you break this and it costs me $30,000” as if he owns everything. He’s just... one of THOSE people. Always speaks in such a condescending way. We make jokes that he is our “best friend”.

Our company is shifting most of our products to the cloud in response to the coronavirus (trying to make it an opportunity for “innovation”). This has involved some structural and responsibility changes in our department, and long story short, I’m now heading the OpenStack environment alongside other projects.

This means going through grueling 1-on-1 meetings with our “best friend”. It’s not too bad, I can be pretty patient with people, so I didn’t mind too much at first. Then a few things happened.

1. He sent a shared folder that he owned containing info related to the environments. Several documents were outdated and incomplete, so I downloaded them, corrected them, and then uploaded the documents to my teams file share, as I was supposed to since we now own the projects.

2. Several files were missing, and when I asked about them, he said “Oh, did you refresh the browser?”. I told him no, that I downloaded them locally and republished them to my teams server, because he was supposed to hand everything off to us at once. He says “Well, silly, how are you going to get updates if you’re looking at them locally?” and kind of chuckles at me like I’m stupid.

3. He insists on training me how to remote into one of the servers to check on cluster space, which in itself is fine. I understand others wanting to make sure things will be done right by the people who come after them. But he tells me to download SuperPutty. I tell him, “oh no, that’s alright. I don’t need putty”. He says “oh cool, what tool do you use for ssh?”. I answer him “Just Git. If I want to I can use a CentOs bash terminal too, because we have WSL installed”. He responds “You can’t ssh through Git”.
I was actually a little shocked. I didn’t know if he was serious or not so I was silent for a few seconds before hesitantly saying “yes you can”. He says “this is news to me” and I so I tell him “every single one of our build jobs fetches code from Git with ssh” and he seemed genuinely shocked and surprised by that.... so then it occurs to me to show him that you can ssh in Powershell and that REALLY blew his mind. He would not shut up about it for several minutes. I was amused until it just got annoying.

Needless to say, my team had been previously teasing me about having to work with him, so they found it hilarious when I told them afterwards.

Aren't the system admin supposed to figure out how to install something on their server when a developer has requested something from them?

They seem to have no idea when I request them to install php gd extension. They also cannot give me a ssh access to their server. So I have to troubleshoot/help by sending one command and ask for the output from them and give another command to run through mail.

I don't even know what to rant or whom to rant at anymore.

// I'm blue.

What a lazy fuck.

This so called full-stack developer doesn't know how to use mysql from command line. The only way he can do anything in the database is using phpMyAdmin or MySQL gui.

What? How do you even call yourself a developer when you don't know how to use basic command line tools?

The fucker wants me to find out why a particular feature is not working?

Why the fuck are you being paid for? You stupid idiot.

"Can you please grep ... in the server?"

What? Why would I do that for you? How about you ssh the server yourself?

What a waste of time.

I previously worked as a Linux/unix sysadmin. There was one app team owning like 4 servers accessible in a very speciffic way.
* logon to main jumpbox
* ssh to elevated-privileges jumpbox
* logon to regional jumpbox using custom-made ssh alternative [call it fkup]
* try to fkup to the app server to confirm that fkup daemon is dead
* logon to server's mgmt node [aix frame]
* ssh to server directly to find confirm sshd is dead too
* access server's console
* place root pswd request in passwords vault, chase 2 mangers via phone for approvals [to login to the vault, find my request and aprove it]
* use root pw to login to server's console, bounce sshd and fkupd
* logout from the console
* fkup into the server to get shell.

That's not the worst part... Aix'es are stable enough to run for years w/o needing any maintenance, do all this complexity could be bearable.

However, the app team used to log a change request asking to copy a new pdf file into that server every week and drop it to app directory, chown it to app user. Why can't they do that themselves you ask? Bcuz they 'only need this pdf to get there, that's all, and we're not wasting our time to raise access requests and chase for approvals just for a pdf...'

oh, and all these steps must be repeated each time a sysadmin tties to implement the change request as all the movements and decisions must be logged and justified.

Each server access takes roughly half an hour. 4 servers -> 2hrs.

So yeah.. Surely getting your accesses sorted out once is so much more time consuming and less efficient than logging a change request for sysadmins every week and wasting 2 frickin hours of my time to just copy a simple pdf for you.. Not to mention that threr's only a small team of sysadmins maintaining tens of thousands of servers and every minute we have we spend working. Lunch time takes 10-15 minutes or so.. Almost no time for coffee or restroom. And these guys are saying sparing a few hours to get their own accesses is 'a waste of their time'...

That was the time I discovered skrillex.

Macbook Pro - No ESC key?

Its not like its used much in vi or emacs anyway is it?

No esc key on a unix box? Seriously?

I know its got a 'soft' escape key - hows it going to know to switch to that if i run vi or emacs -nw in an ssh session?

Mac keyboards go from bad to worse - used to be a nightmare to find a | symbol.

Finally finished the screwdriver followup ticket. I think.

I spent almost two full days (14 hours) on a seemingly simple bug on Friday, and then another four hours yesterday. Worse yet: I can’t test this locally due to how Apple notifications work, so I can only debug this on one particular server that lives outside of our VPN — which is ofc in high demand. And the servers are unreliable, often have incorrect configuration, missing data, random 504s, and ssh likes to disconnect. Especially while running setup scripts, hence the above. So it’s difficult to know if things are failing because there’s a bug or the server is just a piece of shit, or just doesn’t like you that day.

But the worst fucking part of all? The bug appeared different on Monday than it did on Friday. Like, significantly different.

On Friday, a particular event killed all notifications for all subsequent events thereafter, even unrelated ones, and nothing would cause them to work again. This had me diving through the bowels of several systems, scouring the application logs, replicating the issue across multiple devices, etc. I verified the exact same behavior several times over, and it made absolutely no sense. I wrote specs to verify the screwdriver code worked as expected, and it always did. But an integration test that used consumer-facing controller actions exhibited the behavior, so it wasn’t in my code.

On Monday while someone else was watching: That particular event killed all notifications but ONLY FOR RELATED EVENTS, AND THEY RESUMED AFTER ANOTHER EVENT. All other events and their notifications worked perfectly.

AKL;SJF;LSF

I think I fixed it — waiting on verification — and if it is indeed fixed, it was because two fucking push event records were treated as unique and silently failing to save, run callbacks, etc.

BUT THIS DOESN’T MATCH WHAT I VERIFIED MULTIPLE TIMES! ASDFJ;AKLSDF

I’m so fucking done with this bs.

Internship Company employee: Hey, we need 600 images uploaded to a wordpress site, you'll have to do that for me.
Me: Alrightyy, can you give me some FTP or SSH access or something?
Employee: Nope, not allowed to.
Me: Uhm, I could write a shell script and run it?
Employee: The server is windows....
Me: Mother of god, I'll have to do it manually then?
Employee: You could ask John (my technical guider, not his real name) if you can borrow some fellow interns!
Me: *walks to John* Hey man, can I borrow some interns?
John: What for?
Me: Manually uploading 600 images to posts :).
Interns: *looking at me with a deadly view*
John: Sure!
Interns:

Someone is trying to launch a brute force attack on one of my servers that I set up for an old project. According to the logs, they've tried Jorgee, they've tried directly accessing the MySQL database (with the laziest passwords), and they're now on day 4 of their brute force attack against my SSH server. I'm fairly certain that they won't be getting in (not that there's anything worth getting in the first place), but what's the standard protocol for this? Do I just wait this out, or is there something I can do to break their bot? I have fail2ban enabled, and it is doing its job, but the attacker is changing their IP address with every attack.

This is a story of me trying out maintaining a game server and eventually making a mistake, although I do not regret experiencing it.

A month ago I set up a small modded minecraft server because I wanted to experience a fun modpack together with some people from reddit. Besides this, I also wanted to see if I was capable of setting up a server with systemd and screen running in the background. This went great and I learned a lot.

The very next day I was playing with $annoyingKid on the server and everything was well. However the second day, $annoyingKid started pushing the idea to start up a normal minecraft server to build a playerbase.

I asked $annoyingKid 'What about financing, staff management and marketing?'

$annoyingKid: "I don't know much about that, but you can do that while I build a spawn!"

He also didn't want to reveal his age, which alerted me that he's young and inexperienced. He also considered Discord 'scary' because there were haxors and they would get his location and kidnap him, or something. So if he was supposed to become owner (which he desired), he had no way of communicating with a community outside of the game.

He also considered himself owner, while I was the one who paid for the server. 'Owners should be people who own the server', no matter how many times I told him that.

$annoyingKid also asked if he could install plugins on his own, I asked him if he knew anything about ssh, wget or bash because I used ssh to set up the server (I know rcon exists, but didn't want to deal with that at the time), he had no idea what any of those terms meant and he couldn't give proper arguments as to why he should get console access.

In the end, he did jack shit, he had no chance of becoming co-owner or even head-admin because he had no sense of responsibility or hard work. I kept him around as an admin because he was the one who came up with the idea. I banned him on day one after he started abusing his power when someone tipped him of. Even after me ordering him to ignore an annoying player he kept going, of course I could have prevented all this by kicking him earlier since all the red flags around him had already formed a beacon of light. He tried coming back, complaining that he should at least have his moderator rank back, but he never got in again.

A week later I got bored, I had had enough fun with ssh and the server processes to know that I didn't want to continue the small project, so I shut it down and went on to do stuff on GitHub.

Lesson learned: Don't let annoying kids with no sense of responsibility talk you into doing things you aren't sure you want to be doing. And only give people power after they've proved to you that they are capable of handling it.

That moment when your mobile internet is so slow and you decide to ssh into your server and use elinks to browse the web and everybody around you is like "he's hacking" and I'm like IM JUST TRYING TO READ FUCKING NEWS BECAUSE GUESS WHO DOESNT PAY SO MUCH FUCKING MONEY FOR 1GB PER MONTH WHERE 500MB ARE USED AFTER VISITING ONE FUCKING SITE BECAUSE THERE ARE SO MANY DAMN ADS ON IT. I JUST WANT TO READ NEWS OR LEARN SOME C++++++++++ BUT INTERNET IS TOO SLOW TO OPEN FUCKING DDG.

Browsing the web in terminal is super nice btw. Really recommend that

So someone posted their btc wallet details (system automated message through a custom tool) to a paste in alternative.

Was the login for an ssh. Wont confirm or deny ssh-ing into it, but another guy who saw the same thing messaged me, sent a screenshot. Account had 127k usd worth of btc in it.

Called the radio station it belonged to and gave them a heads up. Probably should reported it as well but people already seen it so it'll get taken down soon enough.

Here I am broke, busting my ass and reality throws this in my lap. But I ain't never been no god damn thief. Hope the radio station it belongs to doesnt get robbed by someone less honest though.

Honesty is probably half the reason I've spent half my life broke trying to find or make opportunities.

And frankly I've heard real horror stories of good faith reports (whitehat style pentesting, etc) and the people that report it get fucked hard by authorities. What can you do though.

Enough navel gazing though.
What the fuck is wrong with the people who build these sort of account reset tools anyway?

I once agreed to maintain and develop an application used in a different section of the school to keep inventory and make sure everything is where it is supposed to be.

At first there was enthusiasm, together with 2 of my classmates we agreed and git clone-d the .NET application that now graduated students built and maintained for the past few years. What could go wrong right?!

It became clear that the original students that worked on it followed an older curriculum, meaning they still got taught .NET instead of the core variant that we get now, not only that but it also seemed that they either did not fully grasp the Clean/Onion architecture or didn't get it in class since there were infrastructure components in the 'Domain' project of the solution. Think of 2 DBContexts in the domain model, yep.

One of us bailed in the first week, the other one and I felt bad for the people using the app so we went on and tried to work on the first bugs that were described in a document. One of these bugs was 'whenever I filter on something in the list, everybody gets to see that filter on their screen instead of only me'. Woah that's weird! Let's see how they put that together!

Oh god, they are using a _static_ variable to store filters, no wonder that it doesn't work properly. Ever heard of sessions?!

Second bug: Sometimes people can't create an account when we sign them up from the admin panel. Alright that is weird, let's figure that one out! Wait a second it seems to work in development? What's this about.

Oh wait I can't create an account on production either? Oh that's weird, wait a second... Why do I have to put my e-mail in a form that was sent to me through e-mail? Why is my address not filled in already? OOH, if someone types in the wrong e-mail address (which is easy since our school has 4 variants of the same f*cking e-mail address) it won't work since it can't recognize the user! Brilliant! Remove e-mail input box and make a token/queryparam determine the user account.

Ah that seems good, it's a mess but it seems a tiny bit better now, great! We're making progress and some sweet buck.

Next bug, trillions of 50x errors on random pages, that's a weird one.

Hm everything works in development, that's odd. Is the production data corrupted?

DID I MENTION that in order to get into the system in development we have to load in a f*cking production database backup ON OUR DEVELOPMENT MACHINE and then ask one of the users' password to login to it and create an account for ourselves? Seeding? What's that, right?!

Anyway, back to bug fixing. I e-mail the the people responsible for the app and get a production admin account, oh I also can't ssh into it because of policies so I have to do everything over e-mail and figure out what's causing the errors. I somehow also wonder if they have any kind of virtualization in place, giving students a VM to do that stuff in doesn't seem so weird does it ? Even with school policies?

Oh btw, 'deploying' means sending a .zip file to a guy in another building and telling him how to configure it, apparently this resulted in a missing folder that the application needed to work and couldn't make on its own. This after 2 weeks of e-mailing back and forth.

After 3 months i quit out of despair and sadness, and due to the fact that I just couldn't do it anymore. I separated everything into logical subprojects and let the last guy handle it, he was OK with that and understood why I left.

Luckily, around that time I already had an actual job at a software development company :)

Do you git clone with ssh or https and why?

I am thinking about using ssh just based on my own research, though you guys may have a your own reasons.

The problem I have with atom, vscode, sublime, and notepad++ is that none are available on the command line over SSH, inside tmux. And that's where I do the vast majority of my text editing.

The first text editor I used on the command line was pico, the technological successor of which is nano. I used it because when I was in college in the late '90s, we used pine for our email, and pico was the default editor for pine.

When I got my first job out of college in 2000, I found out about vi, and very quickly fell in love with it, and its technological successor: vim.

The only reason I've never gotten into emacs is because I've never wanted for more than vi/vim. And also because as a system administrator, I'm logging into dozens, of not hundreds of servers a day. While vi or vim is guaranteed to be on all of them, emacs is not.

So, for me, the use of a desktop text editor like the ones I mentioned at the beginning of this post, just doesn't make sense to me. I almost never edit files that live on the computer where I'm sitting, and I'm not interested in doing a commit/push every single time I want to rerun a script.

I've been thinking about how to answer this for a while, but I'll approach it from a different angle. The time I (nearly) lost faith in my dev future wasn't because of a technology, bad programming language or an external influence. It was *me*.

The first job I had after the PhD, I was (in the first couple of weeks) tasked with updating various packages on a live Redhat server. "No problem", I thought, "I've done this before many a time on Debian, easy as pie!"

Long story short, I ended up practically bricking the server because I mistyped and uninstalled something I shouldn't have, didn't understand a piece of configuration, then tried to bodge it back and cocked things up further. Couldn't even log in via SSH, the hosting company had to be called, a serial connection set up, etc.

To say I was mortified, embarrassed and had my pride dented would be a massive understatement. I seriously thought I'd get fired on the spot, and that I should perhaps change careers to something where I couldn't cock things up as much.

...but you can't think like that, otherwise the world leaves you behind. So I picked myself up, apologised profusely, took some relevant training, double checked everything I was doing on that server in future and got back to work. After a few months of "proving myself", it was then seen as nothing more than a rather amusing story, and I became a senior dev there a couple of years later.

That feeling when you accidentally press the close button of multi tabbed application... be it chrome or multiple ssh client and you get asked if you really want to do it? - Sign of relief.

i accidentally pressed space while clicking that picture and actually lost it all.😥

rant & question

Last year I had to collaborate to a project written by an old man; let's call him Bob. Bob started working in the punch cards era, he worked as a sysadmin for ages and now he is being "recycled" as a web developer. He will retire in 2 years.

The boss (that is not a programmer) loves Bob and trusts him on everything he says.

Here my problems with Bob and his code:
- he refuses learning git (or any other kind of version control system);
- he knows only procedural PHP (not OO);
- he mixes the presentation layer with business logic;
- he writes layout using tables;
- he uses deprecated HTML tags;
- he uses a random indentation;
- most of the code is vulnerable to SQL injection;
- and, of course, there are no tests.
- Ah, yes, he develops directly on the server, through a SSH connection, using vi without syntax highlighting.

In the beginning I tried to be nice, pointing out just the vulnerabilities and insisting on using git, but he ignored all my suggestions.

So, since I would have managed the production server, I decided to cheat: I completely rewrote the whole application, keeping the same UI, and I said the boss that I created a little fork in order to adapt the code to our infrastructure. He doesn't imagine that the 95% of the code is completely different from the original.

Now it's time to do some changes and another colleague is helping. She noticed what I did and said that I've been disrespectful in throwing away the old man clusterfuck, because in any case the code was working. Moreover he will retire in 2 years and I shouldn't force him to learn new things [tbh, he missed at least last 15 years of web development].

What would you have done in my place?

I’m fairly new to maintaining my own webservers. For the past week the servers (two of them) kept crashing constantly.

After some investigation I figured it was due to someone running a script trying to get ssh access.

I learned about fail2ban, DOS and DDOS attacks and had quite a fight configuring it all since I had 20 seconds on average between the server shutdowns and had to use those 20 second windows to configure fail2ban bit by bit.

Finally after a few hours it was up and running on both servers and recognized 380 individual IPs spamming random e-mail / password combos.

I fet relieved seeing that it all stopped right after fail2ban installation and thought I was safe now and went to sleep.

I wake up this morning to another e-mail stating that pinging my server failed once again.

I go back to the logs, worried that the attack became more sophisticated or whatever only to see that the 06:25 cronjob is causing another fucking crash. I can’t figure out why.

Fuck this shit. I’m setting another cronjob to restart this son of a bitch at 06:30.

I’m done.

Lesson learned the hard way: Remember your SSH Ports or write them down...

On the bright side of things, i had backups this time! Tyy DigitalOcean :)

Making an ssh connection:

No....

No this one.

Not that one.

Not that one, either.

*starts typing*

*Typo 1*

*Typo 2*

Yay. Connected to server.

... Okay. Wrong environment.

*Exiting*

*trying again*

*Typo 1*

*Typo 2*

*finally connected*

Okay. I'm here...

Why did I connect to this machine again?!

------

Migrations are fun. Your bash history is an obsessive lier, your brain completely fried and when you finally managed to achieve something... You either forget what it was - or even worse - you get reminded of all the stuff you still have to do.

I'm literally amazed that I currently manage to go to the toilet, don't forget to make coffee and eat stuff at least once a day.

Before anyone thinks... Haha joke.

Nope I'm dead serious.

I am amazed that I didn't forget to go to the toilet, aka sitting in my own piss and wonder why it's so warm and wet down there.

I'm glad that the migration is going to end soon, otherwise I might opt in out of paranoia for adult diapers.

*My brain is really fried*

I think I made someone angry, then sad, then depressed.

I usually shrink a VM before archiving them, to have a backup snapshot as a template. So Workflow: prepare, test, shrink, backup -> template, document.

Shrinking means... Resetting root user to /etc/skel, deleting history, deleting caches, deleting logs, zeroing out free HD space, shutdown.

Coworker wanted to do prep a VM for docker (stuff he's experienced with, not me) so we can mass rollout the template for migration after I converted his steps into ansible or the template.

I gave him SSH access, explained the usual stuff and explained in detail the shrinking part (which is a script that must be explicitly called and has a confirmation dialog).

Weeeeellll. Then I had a lil meeting, then the postman came, then someone called.

I had... Around 30 private messages afterwards...

- it took him ~ 15 minutes to figure out that the APT cache was removed, so searching won't work
- setting up APT lists by copy pasta is hard as root when sudo is missing....
- seems like he only uses aliases, as root is a default skel, there were no aliases he has in his "private home"
- Well... VIM was missing, as I hate VIM (personal preferences xD)... Which made him cry.
- He somehow achieved to get docker working as "it should" (read: working like he expects it, but that's not my beer).

While reading all this -sometimes very whiney- crap, I went to the fridge and got a beer.

The last part was golden.

He explicitly called the shrink script.
And guess what, after a reboot... History was gone.

And the last message said:

Why did the script delete the history? How should I write the documentation? I dunno what I did!

*sigh* I expected the worse, got the worse and a good laugh in the end.

Guess I'll be babysitting tomorrow someone who's clearly unable to think for himself and / or listen....

Yay... 4h plus phone calls. *cries internally*

List of shit my superior said and wrote in the project:

1. Prefer to write "pure" SQL statement rather than ORM to handle basic CRUD ops.

2. Mixing frontend and backend data transformation.

3. Dump validation, data transformation, DB update in one fucking single function.

4. Calculate the datetime manually instead of using library like momentjs or Carbon.

5. No version control until I requested it. Even with vcs, I still have to fucking FTP into the staging and upload file one by one because they don't use SSH (wtf you tell me you don't know basic unix command?)

6. Don't care about efficiency, just loop through thousands of record for every columns in the table. An O(n) ops becomes O(n * m)

7. 6MB for loading a fucking webpage are you kidding me?

Now you telling me you want to make it into AJAX so it'll response faster? #kthxbye

TL;DR Dear boss, firstly, you always get someone to review anything important done by a fucking intern.
Secondly, you do not give access to your fucking client's production server to an intern.
Thirdly, you don't ask your fucking intern to test the intern's work that has not been reviewed by anyone directly on your client's fucking production server.

Last week, the boss and one of the lead devs (the only guy with some serious knowledge about systems and networking) decided to give me (an intern who barely has any work experience) the task of fixing or finding an alternate solution to allowing their support team access to their client machines. Currently they used a reverse SSH tunnel and an intermediary VH but for some reason, that was very unreliable in terms of availability. I suggested using OpenVPN and explained how it would work. Seemed to be a far better idea and they accepted. After several days of working through documentations and guides and everything, I figured out how OpenVPN works and managed to deploy a TEST server and successfully test remote access using two VMs. On seeing my tests, the boss told me that he wanted to test it on the client network. I agreed. Today he comes to me and he tells me to prepare testing for tomorrow and that the client technician is going to give me access to one of their boxes. And then he adds, "It's a working prod server. We'll see if we can make it work on that" and left. I gaped at him for a while and asked another dev guy in the room if what I heard was right. He confirmed. Turns out, the lead dev and the boss's son (who also works here) had had a huge argument since morning on the same issue and finally the dev guy had washed it off his hands and declared that if anything goes wrong from testing it on production, it's entirely the boss's own fault. That's when the boss stepped in and approached me. I ran back to his office and began to explain why prod servers don't top the list of things you can fuck around with. But he simply silenced me saying, "What can go wrong?" and added, "You shouldn't stay still. You should keep moving". Okay, like firstly what the fuck and secondly, what the fuck?.
Even though OpenVPN client is not the scariest thing to install, tomorrow's going to be fun.

I am so mad, I have no words for how fucking much I hate ever having to work or pass work to other incompetent developers or teams, what a fucking waste of time and resources.

After handing off the frontend - for the client to find some team, that would do it in the short time and budget he needs (multiple developers, more fast, much good), he found a team that seemed to be alright for the job and seemed alright to me too, now maybe a month or two later, the client contacts me, that they fucked something up and if I could talk to them.

The email I then received from them seriously made me speechles, mad and sad, all at same time, I spent multiple upon multiple hours, getting a very good readable documentation up (markdown with TOC, properly rendered headers, bulletpoints, all that shit), with all files, all services used, all credentials, even converted all ssh keys into putty ppk format, in case the developers are using windows and are too dumb to do it themselves, nginx configs, it had seriously everything, even too much to list.

They somehow managed to fuck up the entire server, while attempting to "add ssh keys themselves", EVEN FUCKING THOUGH I have included all the keys they need, all the hosting credentials, everything, yet they decided to fuck with shit themselves and completely annihilate the server in the process (HOW?!), so not even the webserver works anymore.

I am fucking speechless, I made it so fucking easy to gather all info and files they need, all properly put into well named folders, along the documentation in an archive and they somehow managed to nuke the fucking server, while attempting to add ssh keys?!

If you don't know how to config a server, then don't fucking touch it and just use everything, that got served to you on a fucking silver platter.

---

I'll just instantly answer the most annoying comment, that somebody could come up with: "why didn't you do it yourself?"

Because in a perfect world, a fully managed team, can do much more than a single developer can, especially in the same timeframe and from what I heard of said client, atleast they did something in terms of developing the system. (which surprises me, considering it's the same people that nuked a server, while trying to add ssh keys)

Just discover that I can send "echo bomb" to one of my fellow students trough SSH with the write command.

Then I discover the wall command to send messages to every connected user. Not sure if I am brave enough or if I am going to be banned from our network if I do that 😅

Whaaaat theeeee actual fuuuuuuuuck. So basically I've got a server running and everything is fine. All services are working and I can access the webserver running on it over every browser. But randomly my ssh access stopped working (can connect but doesn't return shit after last login message) and when loading the web config thingie from my provider it gives me an empty response (all other pages from the provider are working). So basically I've got a working server I cannot access. But I'd like to access it and cannot even restart that shitty thing.

Anybody else had a problem like that or has any idea wtf is going on?

Internet access at the new Uni is crap. I'm getting so pissed at this shit...
Packet loss spikes to over 50% every 30s or so. Can't keep a single SSH pipe open for longer than a minute. Firewall is so tight infrared light wouldn't get through that shit (understandable. And I use a VPN anyway).
And every. Single. AP. Uses. The. Same. Channel. All of them on 6. At least it's on a tight band... But 1 and 11 are free. 100% clean. You know, you could spread them a bit. That helps. But naaah let's keep everything bundled up. Co-channel interference is OK, right?

Bit of an odd question maybe, but when sending out your CV to a company over email, what would you expect to be written / write in the email itself?

I've got a sysadmin position that I'd really like to apply to, and it seems like I'm ticking all the boxes, however some of the things like SSH authentication (I mean it's fairly basic, isn't it) I haven't mentioned on the CV at all because I feel it's to be assumed. But I'd like to mention it in the email itself along with motivation. Apparently there's this thing called a "motivation letter"? How does that work?

Point is, I could go on all day about these services they ask about and how they already exist in my home lab, but I'm not entirely sure whether I should just keep it brief and just say "here's my CV and there's my number", or go a bit in-depth about it in the mail. Perhaps something in between?

Day 0: thank you for being an Amazon Customer, your database is about to be upgrade in the near future with or without your consent! Tough titties motherfucker!

Day 16: ok, every upgraded by hand in the test environment, everything seems stable, let's go make preparations for production!

Day 16.5: ssh user@<prod_bastion_ip> --yada --yada
Unable to connect

Oooook, let's try again,
Unable to connect

Day 16.5.1: WHY THE FUCK NOT, the IP is fucking right, the cert is right, the user is right, the..... fucking.... EC2 instance has been......... terminated.....

FML!
---

Why! why can't people leave things alone.

Excuse me while I hit the bourbon 🥃

!rant

I've seen some rants about people complaining about websites using the 'www' subdomain, so I'd like to take this opportunity to try to explain my opinion about why sites might use it.

I use to feel the same way about not having the www subdomain. It felt like an outdated standard that serves no purpose. But I have changed my option...

Sometimes certain servers have other services running other than just the website, such as ssh, ftp, sql, etc., running on different ports. What if you want to use a web proxy and caching service similar to cloudflare or a cdn? We'll you can't, because they won't allow traffic to flow through to your other ports.

That's where the www subdomain comes in. Enable your caching and cdn on your www subdomain, and slap a 301 redirect from your primary domain on port 80 or 443 to the www subdomain. This still allows you to access your other services via the domain name while still gaining the benefits of using a cdn.

Now I know you could use an 'ftp' subdomain or the like, but to each their own in that regard.

Today, in the course of my job, I said...

FFS. I HATE WINDOWS.

It has begun.

Took me five minutes to ssh into the Linux EC2 and get the Jenkins agent installed, configured, and running. Half a fucking hour for Windows Server 2012.

1) Can't ssh to it, so I connect via AWS console... Which means I have to install MS Remote Desktop. WHATEVER. FINE. It's not like ssh is quick and easy or anything.

2) Can't just use the command line, run the .jar &, cntl-z, and bg then log off. Noooo. I have to install the unpacked binaries as a fucking SERVICE. FINE. WHATEVER.

I'm so glad we have a Windows guy that does most of this shit. I can't stand it.

I ran rm -rf * in an ssh session. Took down a website for 30mins or so.

Ok, first rant, about my struggles getting reliable internet over the past 6 years. It's not too interesting of a topic, but here we go:

I'm living in a more rural part of Germany and internet here is shit. I pay more than 50 bucks a month for 700kb/s downstream (let's just not talk about upstream...), which is meh by itself but it gets worse. Before this I had roughly 230kb/s downstream using DSL. My provider came out with a new oh-so-fucking-fancy solution for giving people faster internet without upgrading their lame ass fucking backbone and POS infrastructure from 70 years ago: they sell you hybrid internet which combines your shit DSL and an LTE connection using TCP Multicast. Not only do I get only 6 of my promised (and payed for) 50 Mbit, no, It's also a fucking piece of nonworking shit!!!

Let me illustrate:
You constantly have problems with web content (or any remote content) not loading because the host server does not support TCP Multicast. It either refuses connection altogether or it takes about 30-50 seconds to establish a connection. Think about your live when it takes two or three fucking minutes to load 5 YouTube thumbnails or load new tweets at the bottom of the Twitter page! Also, you never know if you a) have an error in your implementation of a new API or if b) the remote host doesn't support TCPMC (there's never an error for that! Fuck you!), your SSH sessions ALWAYS drop in the most inopportune fucking moments because the LTE thing lost connection, you always have to turn on a VPN if you want to visit specific websites (for example your school's website) and so on....

Oh and also, my provider started throttling specific services again these days with Netflix and YouTube struggling to display 240p, fucking 240p video without buffering when I get 600kbit down on steam (ofc the steam download is paused when watching videos). When using a VPN, YouTube 720p and Netflix HD work like a charm again. Fucking Telekom bastards

Then there is the problem with VPNs. The good thing about them is that they solve all the TCP Multicast problems. Yay. Now for the bad things:
First of all, as soon as I use a VPN, access times to remote go up by like fucking 500%. A fucking DNS lookup takes 8-15 seconds!!! The bandwidth is there but it takes forever.. because reasons I guess. Then the speed drops to DSL speeds after a while because the router turns off my LTE connection when it is unused and it does not detect VPN traffic as traffic (again because... Reasons?) And also, the VPN just dies after an hour and you have to manually reconnect (with every VPN provider so far)

And as if that wasn't enough, now the lan is dying on me, too, with the router (the fucking expensive hybrid piece of shit, 230 bucks..) not providing DHCP service anymore or completely refusing all wifi connections or randomly dropping 5Ghz devices, or.....

You get the point.

The worst thing is, they recently layed down 400mbit fiber in my neighborhood. Guess where the FUCKING PIECE OF SHIT CABLE ENDS??? YEAH, RIGHT IN FRONT OF MY NEIGHBORS HOUSE. STREET NUMBER 19 IS SERVED WITH 400MBIT AND MY HOME, THE 20, IS NOT IN THEIR FUCKING SERVICE REGION. Even though there is a fucking cable with the cable companies name on it on my property, even leading up to my house! They still refuse to acknowledge it! FUCK YOU!!!!

Well anyways thanks for reading. Any of you got the same problems? :/

Vim:

1. It doesn't matter on which server I ssh, I'll have vim, if not I can install it. So I get the same work efficiency I would get on my pc

2. It has a predictible behavior - u don't have to think which keybind is where, or how to do something.

3. Sky is the limited if you want to customize

Canoncal.. buddy.. pal..

We need to talk about the content on the server image's login screen.

Now, I get that lots of developers will use the server image out of a desire to keep their environments minimal.. but at the same time, is the same server image that will be deployed on thousands of VMs all over the world really the place to be talking about "great IDEs available on Ubuntu" complete with smiley faces?

I'm dead serious I log in and there are fifty seven lines of crap on the screen. I don't need links to your docs or support pages, I definitely don't need cutesy links to "hey look at this cool stuff you can do on Ubuntu!", and I absolutely don't need advertisements for your paid services.

This is some of the tackiest stuff I've seen outside of Gitlab shilling for GKE in the paid enterprise version.

Stuff like this turns actual users off. Sysadmins, the ones who are going to be seeing this stuff since it's visible on SSH shells only do not care about your cutesy IDE advertising.

Grow up.

I used to be in an infrastructure maintenance team, and I worked with an old guy. We had a jump box we all used. This guy would work weekend maintenance windows and still be trying to get changes done at 7am, three hours after the end of the window. He was glacially slow. I remember watching him login to a prod weblogic server. He would open the Windows start menu, move his fucking mouse through two or three submenus, and finally click putty. Then, he would type out the FQDN of the jump server, and move his mouse to the connect/ok button. Then it would prompt him for his username and password, both of which took him about 90 seconds to single-finger type. Then, once loved into the jump box, he would then type ssh user@server.fqdn, rather than copying and pasting the server name.

It took him fully five minutes to get logged into the weblogic server. I could not take it. It would have taken me about ten seconds.

!coding

I used to be a sysadmin, which meant I was in charge of quarterly server patching. My team managed about 2500 servers, running various flavors of linux and legacy unix. The vast majority(95% or more) ran Linux(SLES). Our maintenance window was always in the overnight-- 10pm to 6am --so the stroke of 10pm would be a massive cascade of patching commands sent to hundreds of servers.

Before I was brought into the process, it made use of the automation product we were tasked by mgmt to use: Bigfix. It's a real piece of shit. Though we had 2500 or so servers, this environment was dominated by windows. All our vcenter servers ran it, and more importantly, our bigfix nodes were all windows machines. That meant that while we're trying to patch, the bigfix servers would get patched by the windows team. This would cause lots of failed and timed out patching, because the windows admins never quite understood that taking down the automation infrastructure would cause problems.

As such, I got tired of depending on a bunch of button-pushing checkbox-clickers who didn't know shit about shit, so I started writing an ssh-wrapped patching system. By the time I left for my current job, patching had been reduced to a single command to initiate each group's patching and reboots, and an easy check to see when servers come back up. So usually, the way it worked out was that I would send patching orders to 750 machines or so, and within about 5 minutes, they would all be done patching, and within another 20 minutes all the ones that required rebooting but about 5 would be done rebooting.

The "all-nighter" which happened every time was waiting for oracle servers to run timed fscks against a dozen or so large filesystems per server, because they were all on ext3/4, which eats complete shit. Then, several hours later, as they finished, I would have to call the DBAs to tell them to validate their shitty servers.

F**king hate Windows for its insanely confusing proxy setup required for software development...

> Setup proxy in Windows network settings
> Then, setup HTTP_PROXY & HTTPS_PROXY environment variable at the system/user level.
> Followed by separate proxy settings for java, maven, docker, git, npm, bower, jspm, eclipse, VS Code, every damn IDE/Editor which downloads plugins...
> On top of everything, find out the domains which does not need to go through proxy and add them to NO_PROXY.. at each level..
> It does not end here. Sometimes, I need to setup proxy for SSH connections... like, if I have to use git with SSH and not HTTP/S... Uhhh....

More than half of the problems me and my dev team face is related to setting the right proxy. Why can't it be like, set in one place and everything picks up from there, like in any linux machine or for God's sake, a Mac ?

Worst of all is, my org uses a configuration script, which resolves into a list of proxy servers, from which one of them will be used. So, I need to download that script, find out which is the right proxy server and then, use it in all the aforesaid places... WTH ?????

Is this a common workplace problem for all developers ??? Will this be solved by Windows Subsystem for Linux ???

Every time I see a client open ssh or rdp to the world when the servers sit behind a vpn, I die a little inside.

A peeve of mine is when someone in the software industry denigrates a technology/tool/framework outside of his role eg webdevs on sysadmin stuff or viceversa.

I'm not trying to shame anyone for having subjective experiences, I just think that if you're gonna talk about tools that are not on your domain, then you need to be twice as humble as usual.

I'm a webdev and I don't post around how I KNOW how to make ssh secure, while other people devote their entire careers to that and all related matters.

What prompted me is seeing some not webdevs do this here that seem to be sysadmins/devops (can't tell for sure since I don't know them), but in real life, I've seen people from any role do this, webdevs too, even testers!

Imagine you had cancer, and you had a tumor extraction, and the oncologist said to the surgeon "step aside son, let me show you how to deal with cancer".

What's a good password manager for Linux?

A few (optional) conditions (in order of preference):
1. It's free
2. It supports ssh, gpg, etc.
3. It has a GUI (a nice one with gtk/qt support)
4. It's (properly) secure
5. It has FIDO U2FA support (i.e. supports physical security keys like Yubikey or Solo)
6. It has a browser extension
7. It's compatible/non-conflicting with gnome-keyring

So I asked this question yesterday to linuxxx and he had some great tips. But I thought there might be some Linux fanatics here who also have some experience working with vps's that you might have somethings to add something 😁

Recently I got asked if I want to help maintain our webservers (they all run Ubuntu 18.04 with standard webserver stuff, nginx, MySQL, php, ssh)

Does anyone know of some tips or share some helpful knowledge regarding maintaining a VPS? / Keeping it healty?

Tl;Dr Im the one of the few in my area that sees sftping as the prod service account shouldn't be a deployment process. And the ONLY ONE THAT CARES THAT THIS IS GONNA BREAK A BUNCH OF SHIT AT SOME POINT.

The non tl;dr:

For a whole year I've been trying to convince my area that sshing as the production service account is not the proper way to deploy and/or develop batch code. My area (my team and 3 sister teams) have no concept of using version control for our various Unix components (shell scripts and configuration files) that our CRITICAL for our teams ongoing success. Most develop in a "prodqa like" system and the remainder straight in production. Those that develop straight in prodqa have no "test" deployment so when they ssh files straight to actual production. Our area has no concept of continuous integration and automated build checking. There is no "test cases", no "systems testing" or "regression testing". No gate checks for changing production are enforced. There is a standing "approved" deployment process by the enterprise (my company is Whyyyyyyyyyy bigger than my area ) but no one uses it. In fact idk anyone in my area who knows HOW to deploy using the official deployment method. Yes, there is privileged access management on the service account. Yes the managers gets notified everytime someone accesses the privileged production account. The managers don't see fixing this as a priority. In fact I think I've only talk to ONE other person in my area who truly understands how terrible it is that we have full production change access on a daily basis. Ive brought this up so many times and so many times nothing has been done and I've tried to get it changed yet nothing has happened and I'm just SO FUCKING SICK that no one sees how big of a deal this. I mean, overall I live the area I work in, I love the people, yet this one glaring deficiency causes me so much fucking stress cause it's so fucking simple to fix.
We even have an newer enterprise deployment. Method leveraging a product called "urban code deploy" (ucd) to deploy a git repository. JUST FUCKING GIT WITH THE PROGRAM!!!!..... IT WAS RELEASED FUCKING 12 YEARS AGO......

Please..... Please..... I just want my otherwise normally awesome team to understand the importance and benefits of version control and approved/revertable deployments

I'm currently planning to set myselv up with some vps/dedicated server's for a project. What i plan to do to secure these servers is.
*Use centos 7
* Setup Wireguard and join all of the servers +1 client (my pc) to that network
*Disable SSH Access from outside that VPN
*Only allow RSA Key login to the Servers
*Install Cockpit for monitoring
*Intall docker/kubernetes for the applications i plan to run

What do you guys think of that as a baseline? Im not sure if my lower powered VPS (VPS M SSD from Contabo) will work as Kubernetes Nodes, does anyone have experience with that?

In general these Servers will be used for my projects and other fooling around.

If you guys have other suggestions for Securing/monitoring or other software i could put on to have more control without eating up to much of the Servers power, let me know :D

FUCK YOU NODE JS AND FUCL YOU SYNOLOGY

Decided to give an old Synology DiskStation that sits at home slme new life besides just sharing files. Since Synology has SSH but not a full Linux OS, installed DebianChroot (so far so good). At one point I needed Node JS, so installed NVM and tried to install Node. Well guess what didn't work. Tried a few more things including directly downlosding node from the official node website. Trying different versions, the whole drill.

After about 5 hours of installing and errors, well really usfull errors like "There where 2 errors during installation" WELL HOW ABOUT YOU FUCKING TELL ME WHAT THE ERROR IS YOU FUCKING FUCK!

I found a formum wkith a guy haveing similar problems. Able to install legacy 0.10.x versions but not 4.x.x. Or 6.x.x oder whatever. He found that you have to have at least an ARMv6 compatible processor, otherwise it won't run. Checked it and well, that old fuck of mine only has ARMv5. FUCK! But honestly. You detect it's an ARM architecture. You detect it's not one of the v6 or v7, you try to install the general arm version, BUT YOU DON'T GET THE FUCKING IDEA TO MENTION TO CHECK WAHAT VERSION YOU HAVE AND IF THAT IS SUPORTED BY FUCKING NODE!

One afternoon wasted, at least I got a little more wisdom. Fuck do I hate Node now. On the bright side, I've ordered a Raspberry Pi and two cases for Harddisks, I'll create my own diskstation with blackjack and hookers (I realy hope you get that reference)! Fuck you Synology and Node JS (yeah yeah, it's not Synologies fault, but I'm mad anyways!)

One of the constants in my live is that I cannot type in dreams, no touchpad or keyboard will ever output more than three coherent logically keys before it turns into gibberish. Other interaction works, but no input for computers or phones.

Today I dreamed of assisting a guy to shutdown the Linux Server I set up, via remote. The dream totally derailed and was a bit boring. My dream characters realized that something is up and used a different keyboard. No dice. Visually it looked like Thai or so without the appropriate fonts.

Sometimes I am really wondering what my dream director is thinking.

Warning long rambling story cause sleep deprivation

I never really bothered with ssh outside of using putty to remote into my servers and rpi's from my desktop to run updates, install something, or whatever else.

But today I was on a call with my cousin bored cause she was just rambling, so I opened vscode to clean my install of unnecessary extensions I installed and haven't used more than once or twice.

I saw Remote - SSH and as I was bored listening to a teenager complain about high school just like I used to (lol) and responding when she asked me something. I scrolled through the page, then the documentation just casually skimming the text

I setup an ssh key on an rpi I threw manjaro arm following the instructions on their tips and tricks page
I then moved the key to my desktop using winscp (cause lazy)
leading to having a minor hicup of rsa not being an accepted keytype (thanks 'your favorite search engine' for the help)
Finally, I was able to connect using the private key

at this point my cousin went to bed cause she has school tomorrow. But I was still doing stuff with ssh, I created a new ssh connection in VSCode, but had to go to the documentation to figure out how to make it use my fancy new key file, not hard took 30 seconds of looking to get it working.

Now that I was in, I moved to my development folder, created a folder for PiHole, created a compose yml, created a pihole-data folder.
I opened the yml and pasted in a compose from dockerhub.

at this point I thought 'i can't just run this from terminal can I'. and Obviously it worked cause there's literally no reason it wouldn't I'm just stupid to think it might not.

So I created folders and files on a remote system, launched a docker container, checked for package updates after on a linux machine. All from VS-Code on a windows machine.

I know this is simple for some people, i know some people are like 'where's the interesting part'. but ehhh I thought it was cool to get it setup, I now really regret not getting into ssh sooner, and I'm definitely going to uninstall vscode on all my smaller graphical VM's in favor of doing this. and this will definitely help with my headless vm's.

I also will have to thank my cousin, might not have done this if I wasn't stuck at my computer on messenger call with her lol

I'm gonna go to bed now, But I feel accomplished for the first time in a while even if it's for something so simple as setting up anssh key for the first time

This story is related to Docker containers.

Three years back when I heard about docker my first impression of docker was mini Virtual Machine. Then when you start your first container it’s no way to get out apart from pressing ctrl+d or leaving it like a screen. One of the most embarrassing thing with it was I tried really really hard to setup SSH on one of the container to log in there somehow. Then I understood how to use Dockerfiles and the command called `docker exec`

I thought Dockerfiles are the most amazing thing I have ever used for docker. But then I got introduced to docker-compose, and now it’s same with kubernetes

Now a days I read most of the document before doing hands-on on any new technology.

Aaaand I did it again T_T
Installed knockd for some reason it wasn't working well, couldn't unlock the port and guess what, internet disconnected for five minutes ==> My SSH session closed and I am locked out of my VPS :')

What is even worse Scaleway doesn't have a root user password when creating the server it uses a pre-entered ssh key that I put in my account, so I was pretty much locked out.

But I was able to remove it, they have custom scripts for booting so I was able to fireup a shell session during boot and removed knockd

Either I fail at using Linux or I really need to work on my self lol

I decided to format party my desktop since I'm working at home every day (got a 1TB ssd to replace 150gb OS drive).

First fresh Windows install in 4 years. I had forgotten how much fuckery windows puts you through to do some basic things. I can imagine being a newbie hobbiest programmer and having to go through this stuff?

So I just embarrassingly spent 15 minutes reading and troubleshooting why you can't run a python script inside of powershell. PS just blips for a moment leaving you wondering if the script executed. So I created a test script to use a logging file handler to see if it actually ran. No.

Turns out you have to register the .py extension by appending it to your PATHEXT environment variable. Before that I was going to add it to the PS profile, but realized it takes more than a quick moment to find out which scope of PS profile is appropriate to create, and on top of that, you have to enable script execution in PS (which I recall is easy, but didn't do yet).

Tangentially, I solved an ssh issue days ago. I would tell you what it was, but I seem to have mentally blocked it due to trauma.

For real Microsoft. Yes powershell has some great advancements--my friends say so.

But this needlessly nuanced bullshit needs a little attention from you guys to save the world a shitload of time. I can only imagine what it's like for non-tech savvy people trying to learn to program and having to face this stuff.

I still haven't solved the color scheme stupidity of powershell. This is 2020 ffs. Yet seems there's no clean or intuitive way to do it.

Other issues omitted for 'brevity'

I remember someday from a few years ago, because i just got off the phone with a customer calling me way too early! (meaning i still was in my pyjamas)

C:"Hey NNP, why si that software not available (He refers to fail2ban on his server)
Me: "It's there" (shows him terminal output)
C: " But i cannot invoke it, there is no fail2ban command! you're lieing"
Me: "well, try that sudoers command i gave you (basically it just tails all the possible log files in /var/log ) , do you see that last part with fail2ban on it?
C: "Yeah, but there is only a file descriptor! nothing is showing! It doesnt do anything.
Me: "That's actually good, it means that fail2ban does not detect any anomalies so it does not need to log it"
C:" How can you be sure!?"
Me: "Shut up and trust me, i am ROOT"

(Fail2ban is a software service that checks log files like your webserver or SSH to detect floods or brute force attempts, you set it up by defining some "jails" that monitor the things you wish to watch out for. A sane SSH jail is to listen to incoming connection attempts and after 5 or 10 attempts you block that user's IP address on firewall level. It uses IPtables. Can be used for several other web services like webservers to detect and act upon flooding attempts. It uses the logfiles of those services to analyze them and to take the appropriate action. One those jails are defined and the service is up, you should see as little log as possible for fail2ban.)

I'm a bit tired. Flushed an ISO to sda. My laptop now asks if I want to use try or uninstall xubuntu on boot. Before slowly seeing my complete gui disappearing and had by luck still a terminal open - I could save ssh keys. Dammit. Was switching laptop anyway.

Dammit! I can't believe I did that.

How do you define a seniority in a corporate is beyond me.
This guy is supposed to be Tier3, literally "advanced technical support". Taking care of network boxes, which are more or less linux servers. The most knowledgable person on the topic, when Tier1 screws something and it's not BAU/Tier2 can't fix it.
In the past hour he:
- attempted to 'cd' to a file and wondered why he got an error
- has no idea how to spell 'md5sum'
- syntax for 'cp' command had to be spelled out to him letter by letter
- has only vague idea how SSH key setup works (can do it only if sombody prepares him the commands)
- was confused how to 'grep' a string from a logfile

This is not something new and fancy he had no time to learn yet. These things are the same past 20-30 years. I used to feel sorry for US guys getting fired due to their work being outsourced to us but that is no longer the case. Our average IT college drop-out could handle maintenance better than some of these people.

Biggest hurdle overcame in development career - is to work with morons and not fighting with them.

Before you judge me, let me explain a bit. I had the pleasure of working with a lot of really nice and intelligent people in this industry. But along with them, unfortunately, I also have experience in working with really slow and stupid people. For instance I had people in my past who has asked me to create document on how to ssh from a Linux machine or create a bucket in AWS or gcp.

In my early days, I used to get irritated a lot but now I am moron resistant and does not react very quickly on their stupidity.

Friend of mine messaged me about sites being down, of course Im at a family dinner with no laptop or ssh keys with me so no way to fix it!!!

Grrrrrrrrrrrrr

Is it good or bad that I forgot to push an critical buggfix to production just before I went home?

Hopefully I can update from home (think one of our servers has an backup of the ssh keys)

## Learning k8s

Okay, that's kind of obvious, I just have no idea why I didn't think of it..

I've made a cluster out of a rpi, a i7 PC and a dell xps lappy. Lappy is a master and the other two are worker nodes.

I've noticed that the rpi tends to hardly ever run any of my pods. It's only got 3 of them assigned and neither of them work. They all say: "Back-off restarting failed container" as a sole message in pod's description and the log only says 'standard_init_linux.go:211: exec user process caused "exec format error"' - also the only entry.

Tried running the same image locally on the XPS, via docker run -- works flawlessly (apart from being detached from the cluster of other instances).

Tried to redeploy k8s.yaml -- still raspberry keeps failing.

wtf...

And then it came to me. Wait.. You idiot.. Now ssh to that rpi and run that container manually. Et voila! "docker: no matching manifest for linux/arm/v7 in the manifest list entries."

IDK whether it's lack of sleep or what, but I have missed the obvious -- while docker IS cross-platform, it's not a VM and it does not change the instructions' set supported by the node's cpu. Effectively meaning that the dockerized app is not guaranteed to work on any platform there is!

Shit. I'll have to assemble my own image I guess. It sucks, since I'll have to use CentOS, which is oh-so-heavy compared to Alpine :( Since one of the dependencies does not run well there..

Shit.

Learning k8s is sometimes so frustrating :)

Today was a rather funny day in school. School starts for me at 13:40 because our timetable planners are so qualified for this job.

First 2hrs: Physics, fine its good

Second 2hrs: Discrete Maths (however you want to call it)
Goal is to write a text (30 pages, 10, etc all those standard settings). Teacher prefers Latex over word, but we can do it in word if we want. We could choose a topic, I took primes because it looked the best. I decided to use latex because I'm a fetishist and it simply looks better in the end. A classmate was arguing with our teacher about ides: texmaker vs kile. And I'm like "I use vim". So my teacher is like kk

Later that class, when we actually started doing stuff I started the ssh session to my server because I don't know any good c++ compilers for win and I'm too lazy to get a portable version of cygwin (or whatever its called). So in my server I open vim and start coding my tool for Fermat Primes (Fermatsche Primzahlen, too lazy to actually translate). And this teacher seriously is the best teacher I ever met in my life. Usually teachers are like " dude r u hakin' the school server?" and I'm like bruh its just vim and I'm doing it this way because I cannot code on your PC coz I can't install a compiler. And this teacher is like "oh hey you actually use vi, all cool kids used it in 2000. I first though u were kidding and stuff..." And we continued talking about more of stuff like that and I have to say that this is the first teacher that actually understands me. Phew

Now I'm going to continue writing my 30 pages piece of trash latex doc and hope it'll end good

Just received this really weird email. Probably spam, but why even bother when there is no link or attachment? Maybe it is encrypted... 🤔 What do you think? Anyways, the server has SSH enabled anyone care to bruteforce? :^)

!rant

Pretty excited today! A buddy of mine wants to try getting into linux, he's mostly done Windows IT Helpdesk and some light Windows SysAdmin work but the company he works for is garbage and he wants/needs a change of pace. He's grabbing himself a raspberry pi 4 model B to use as his learning test bed. I'm grabbing one today or tomorrow so I can help him however I can to try and help get him comfortable with Linux so he can try to escape the hellhole that is his workplace. (I used to work there too, so you can trust me when I say it's fucking shite!)

Gonna start slow and easy and have him get comfortable with the terminal and ssh-ing in using keypairs.

Fuck yeah!!! I'm so excited for him.

He's wanted to get into linux for the last year or so but something at work would always happen to make him comfortable with his job again, like fuckface mcgee would finally get fired. And my dude would be like, "Okay, it's not all bad here, I'll stick it out a bit longer." Then they would just teplace fuckface mcgee with dipshit cockmouth and he'd fall back into a depression about working there. They finally put the final nail in the coffin recently and I think he's really motivated to do whatever he can to GTFO of there this time.

Because of a ridiculous strict server environment (where even PHP was not allowed) he proposed that I could connect over Skype to do my stuff in typo3, which than could be exported to plain html to run on their server.
SSH or even remote desktop would be to insecure.

To me this is one of the most interesting topics. I always dream about creating the perfect programming class (not aimed at absolute beginners though, in the end there should be some usable software artifact), because I had to teach myself at least half of the skills I need everyday.

The goal of the class, which has at least to be a semester long, is to be able to create industry-ready software projects with a distributed architecture (i.e. client-server).

The important thing is to have a central theme over the whole class. Which means you should go through the software lifecycle at least once.

Let's say the class consists of 10 Units à ~3 hours (with breaks ofc) and takes place once a week, because that is the absolute minimum time to enable the students to do their homework.

1. Project setup, explanation of the whole toolchain. Init repositories, create SSH keys for github/bitbucket, git crash course (provide a cheat sheet).
Create a hello world web app with $framework. Run the web server, let the students poke around with it. Let them push their projects to their repositories.
The remainder of the lesson is for Q&A, technical problems and so on.

Homework: Read the docs of $framework. Do some commits, just alter the HTML & CSS a bit, give them your personal touch.
For the homework, provide a $chat channel/forum/mailing list or whatever for questions where not only the the teacher should help, but also the students help each other.

2. Setup of CI/Build automation. This is one of the hardest parts for the teacher/uni because the university must provide the necessary hardware for it, which costs money. But the students faces when they see that a push to master automatically triggers a build and deploys it to the right place where they can reach it from the web is priceless.
This is one recurring point over the whole course, as there will be more software artifacts beside the web app, which need to be added to the build process. I do not want to go deeper here, whether you use Jenkins, or Travis or whatev and Ansible or Puppet or whatev for automation. You probably have some docker container set up for this, because this is a very tedious task for initial setup, probably way out of proportion. But in the end there needs to be a running web service for every student which they can reach over a personal URL. Depending on the students interest on the topic it may be also better to setup this already before the first class starts and only introduce them to all the concepts in a theory block and do some more coding in the second half.

Homework: Use $framework to extend your web app. Make it a bit more user interactive with buttons, forms or the like. As we still have no backend here, you can output to alert or something.

3. Create a minimal backend with $backendFramework. Only to have something which speaks with the frontend so you can create API calls going back and forth. Also create a DB, relational or not. Discuss DB schema/model and answer student questions.

Homework: Create a form which gets transformed into JSON and sent to the backend, backend stores the user information in the DB and should also provide a query to view the entry.

4. Introduce mobile apps. As it would probably too much to introduce them both to iOS and Android, something like React Native (or whatever the most popular platform-agnostic framework is then) may come in handy. Do the same as with the minimal web app and add the build artifacts to CI. Also talk about getting software to the app/play store (a common question) and signing apps.

Homework: Use the view API call from the backend to show the data on the mobile. Play around with the mobile project to display it in a nice way.

5. Introduction to refactoring (yes, really), if we are really talking about JS here, mention things like typescript, flow, elm, reason and everything with types which compiles to JS. Types make it so much easier to refactor growing codebases and imho everybody should use it.
Flowtype would make it probably easier to get gradually introduced in the already existing codebase (and it plays nice with react native) but I want to be abstract here, so that is just a suggestion (and 100% typed languages such as ELM or Reason have so much nicer errors).
Also discuss other helpful tools like linters, formatters.

Homework: Introduce types to all your API calls and some important functions.

6. Introduction to (unit) tests. Similar as above.
Homework: Write a unit test for your form.

(TBC)

fuck.. FUCK FUCK FUCK!!!
I'mma fakin EXPLODE!

It was supposed to be a week, maybe two weeks long gig MAX. Now I'm on my 3rd (or 4th) week and still got plenty on my plate. I'm freaking STRESSED. Yelling at people for no reason, just because they interrupt my train of thought, raise a hand, walk by, breathe, stay quiet or simply are.

FUCK!

Pressure from all the fronts, and no time to rest. Sleeping 3-5 hours, falling asleep with this nonsense and breaking the day with it too.

And now I'm fucking FINALLY CLOSE, I can see the light at the end of the tunne<<<<<TTTOOOOOOOOOOOOOTTTTT>>>>>>>

All that was left was to finish up configuring a firewall and set up alerting. I got storage sorted out, customized a CSI provider to make it work across the cluster, raised, idk, a gazillion issues in GH in various repositories I depend on, practically debugged their issues and reported them.

Today I'm on firewall. Liason with the client is pressured by the client bcz I'm already overdue. He propagates that pressure on to me. I have work. I have family, I have this side gig. I have people nagging me to rest. I have other commitments (you know.. eating (I practically finish my meal in under 3 minutes; incl. the 2min in the µ-wave), shitting (I plan it ahead so I could google issues on my phone while there), etc.)

A fucking firewall was left... I configured it as it should be, and... the cluster stopped...clustering. inter-node comms stopped. `lsof` shows that for some reason nodes are accessing LAN IPs through their WAN NIC (go figure!!!) -- that's why they don't work!!

Sooo.. my colleagues suggest me to make it faster/quicker and more secure -- disable public IPs and use a private LB. I spent this whole day trying to implement it. I set up bastion hosts, managed to hack private SSH key into them upon setup, FINALLY managed to make ssh work and the user_data script to trigger, only to find out that...

~]# ping 1.1.1.1
ping: connect: Network is unreachable
~]#

... there's no nat.
THERE"S NO FUCKING NAT!!!

HOW CAN THERE BE NO NAT!?!?!????? MY HOME LAPTOP HAS A NAT, MY PHONE HAS A NAT, EVEN MY CAT HAS A MOTHER HUGGING NAT, AND THIS FUCKING INFRA HAS NO FUCKING NAT???????????????????????

ALready under loads of pressure, and the whole day is wasted. And now I'll be spending time to fucking UNDO everything I did today. Not try something new. But UNDO. And hour or more for just that...

I don't usually drink, but recently that bottom shelf bottle of Captain Morgan that smells and tastes like a bottle of medical spirit starts to feel very tempting.

Soo.. how's your day

Very excited, got my raspberry pi zero working over usb finally, gotta admit it took me a while to figure it out that the ifconfig IP assigned to the interface established isn't actually the raspberry pi's (seriously you don't want to see how far the visited google links go for all variations of "how to setup the otg ssh connection"), that only came to me once I was able to find the mini-hdmi to hdmi cable, before that it was a pure shitfest:

First I just tried all sort of configs, but the raspberry pi kept denying the ssh connection, slammed the microsd into my bigger Pi, even multiple times ran raspi-config, forced ssh to start in all possible ways, nothing.

Then I tried to use the TV-output on it together with my old small portable tv to maybe see some error-logs or the ssh not starting on the zero for whatever reason, even flashed a 2016 image thinking it is stretchs fault for not working, but then my fucking soldering iron cable disappeared, tried to quickly create my own, but that failed cause the 3.5mm connector it uses is different from the ones I had available, so I macgyvered a sketchy ass lose connection with male headers sticking through from the bottom and being sticked against the board with a female end on top, but the TV output wouldn't work, even with proper config options, so I gave up.

Some days later I've found the cable, connected it and realized the fucking IP it gets assigned is totally different from the interface, well fuck my life.

Atleast now I can make a clean image of that microSD and setup the portable laravel development raspi as I wanted, can't wait to try it once I get more time to fully set it up - btw even the internet bridge worked right out of the box, so I can easily use my laptops internet connection on the zero.

My phone got stuck in funky restart boot loop yesterday. The first 2 restarts was odd but after 3 cycles, I started panicking. Went on my PC, googled for all kinds of button combinations of power button, volume button, back button, and home button to get into fastboot, recovery and safe mode to see if I can clear stuff or at least get backup of my stuff. I also tried taking the battery out. Nothing works, except when I factory reset.

Everything was new again and as it booted up, I have to remember to change my authentication keys in LastPass, my private ssh key in Krypt. But fortunately, Google remembered all my apps and suggested if I wanted to install them again since it recognized my phone was an old phone. Thanks for tracking me Google. And now since its a reset, everything is clean, no cache, cookie, and some of my music files are all gone. Well at least its fast like before.

I have a simple task to do but I want some of you guys' input.
So I need to set up a button that when pressed will cause a video to play on a nearby TV.
- This must happen instantly (or at most with a second or two of delay)
- Video will be "self-hosted" (not on Youtube or something) and will mainly stay the same
- No idea what kind of TV I'll get to work with (might be smart, probably not)

I'm thinking a Raspberry Pi with a button connected to it's GPIO and a static image displayed on the TV when idle. That way I can also manage/maintain it remotely via SSH and it should be reliable enough but on the other hand this could be an overkill...

Post your 2 cents please and thank you :)

Ok..now its up to you guys. I couldnt find any answer on google that could help me..
SSH : is that only like a dos or batch command line (simply script language) , to go with?
I see often the "$" sign , for what does it stand for?

Okay. So finally I moved into a new pc. Because I never worked in a company, I have absolutely no idea what is the proper standard workflow of developing a website. My work flow was the same in past 12 years, how I have learned in the school: Used xampp, developed everything, used git only locally, when stuff was ready I fired up Filezilla and uploaded everything, and used ssh to make the final adjustments. When I have made some changes, I just uploaded the files I have touched, in the same way, optimized if it was necessary, done. I wonder if someone can clarify me how a proper workflow looks like for php/laravel, mysql, nothing fancy. Is using xampp still okay? Or what is the industry standard procedure?

Its a confession...
So yesterday we had a practical in our uni... It was on Assembly Language (NASM and TASM)... Its a horrible language to work on... Trust me... I hate it, infact... We all hate it at the uni... But the thing is... We need to pass the practical in order to sit for the theory, and it is really hard language.... So most of my friends brought pen drives... And some brought chits... And sadly... All of them got caught... And were marked as fail right away... But the thing is I also cheated... And I copied successfully... I didnt use any pendrive or removable media... But I used ssh to my cloud server... And since I code on vi, it was pretty easy for me to cheat in the practical... I feel bad that I cheated.... But then I feel proud as well because I used the tech of this generation to copy, and not some grandpa shit like pendrives...
Yeah... That was it... The codes did rain in the exam..
I know I am a horrible person.. But common guys.. Who am I kidding... I am proud that I didnt use any clichè methods... And was talented enough to do so without getting caught...

So Docker is pretty amazing, but I'm finding myself immensely frustrated at all the stupid shit devs do with their Dockfiles and stacks. Like the surprise of finding out Jenkins clients aren't setup for SSH or stacks opening up 5 public ports when all they really need are a bunch of private ports. Or how Jenkins deployments expect crazy tags so I have to add some really stupid tags to my own nodes.

How is it so hard to comprehend Docker for devs? It's so easy that I'm in utter bliss when I stop trying to use 3rd party stacks.

While i do have a homelab, I decided to use my raspi for PiHole and Ubiquiti Cloudkey. Last week I started not being able to access either WebUI, or ssh into it. So today I figured i'd look into it.

Plugged in the hdmi cable, and lo and behold... kernel panic.... Well, guess it time to spin up docker containers on my homelab instead

So, i'm trying to get linkr (a pretty cool short link service) to work in a docker container since 4 hours now to host it on my server. There is no official container because it needs a working database connection and stuff during installation which can only be done via console and (for whatever reason I couldn't find out yet) need to be done while building the container. The problem is, I can't connect it to the database while building the container so there is no database during installation to create tables and stuff and the build will fail. ARGH.
Why the hell would you do this????? Theyre actually saying in their readme there is no dockerfile because the config options are specific to your configuration...?!?!
The thing is entirely written in python, so reading and parsing configfiles on the fly should not really be a problem.

Of course I could ssh into the container and run the installation script but that's not the point.

Docker is not about being lazy.
It's about portability.
Maybe I don't want to bloat my server with your 39579372639 npm dependencies? Or I don't want to install a freakin apache, because I have every other site on nginx and therefore wouldn't work with apache.

AAAAAAAARRRRRRGGHHGGGGG

in the end, I'm probably going to modify the thing to install tables when running the container and giving the first user admin rights instead of prompting to enter credentials for a new admin user.
And yet I didn't even speak python.

Remember kids, passwd is a readable file! You can have a very bad day trying to figure out a user's shell from side-channel attacks and getting nowhere, or you could remember that it LITERALLY SAYS WHAT IT IS PUBLICLY IF YOU DON'T FORGET THAT IT'S THERE.

On the plus side, I learned a ton about what you can do with ssh arguments and debugging logs. Shit's pretty cool.

How do you do bootstrapping of blanko machines?
Imagine you get a linux/BSD/osx machine and you want it set it up to a defined state to be prepared for further setup.
Like users
ssh config
Sudoers file
Config management client or credentials
Software like vim, htop and tmux

A simple shell script sounds a bit archaic to me and i was wondering, if there is a better way...

Makefiles also came to my mind but still... Unsatisfactual

!dev

Hello there..

I always wanted to have my first post here be something that pisses the sh!t out of me.

tl;dr: Memes are for braindeads and kids are fucktards

Backstory:
So basicaly I am now having a summerjob before my next semester starts so I can make some cash to buy some overpriced stuff I dont probably need. I work at a factory, 3 shift work and today we had Night shift, so there was me and a bunch of Arab guys, kicking our asses by pure boredom and desperacy.

Act One:
I was bored, opened my phone and decided entertain myself by some funny sh!t I can find on Mark Sugarhills webpage. I was just passing by some random a bit funny stuff and then I found some random ass meme, which doesnt give a single, even distant sence to me.. So since my german is as good as my coding skills (read: complete shit) I couldnt ask for opinion of my fellow coworkers and since its fuck1ng 4am theres noone to ask on messenger or whatever. So I did it... I asked in a goddamn comments, what the fck is that supposed to mean and Aw dear Lawd... I did a mistake.

Act 2:
Like 4 seconds after my question I had a response and I was like 0.o It has to be some Alice of Facebook so I guess someone cool. Oh boy I was never so wrong. The answer... the... FUCKING answer was.... "normie."

What the actual fuck?
Like man statisticaly speaking, there is 200,000 people on this wannabe funny site and since everyone is apparently laughing their asses off, I am the motherfucking original snowflake.

But I wanted to play it cool... was like Uhm sorry, I really tried but cant figure it out.

His fuck-me-sideways-with-rusty-crowbar answer was:
a) The joke is hidden in some random thing we created yesterday and decided to call it a culture
b) "u dumb"

Act 3:
I hope that most of you finally guessed it! Its the second fucking answer and oh sweet mother of pain, please find him, BUT thats where I flipped and fucking lost it.

The fucking nerve to speak to me like that u dissrespectful piece of shit. Go watch some Twitch, while I SSH into ur ass and hit u harder than ur mom her forehead everynight when she realises that she could have swallow you dickhead.

Afterthoughts:
I was always worries that my child would like to be a Rapper, or Youtuber...
But today Im adding being some dumb ass meme creator.

You know what is THE stupidest and most fucking anoying thing ever? (And partially my fault) I recently reinstalled Ubuntu on my device, meaning I lost my SSH keys. Today I wanted to make a quick change to a website hosted on digitalocean. Now as per good practice I had disabled the root account and the only way to log in is via SSH or using their web terminal. Obviously I couldn't use SSH so I had no choice but their awful web terminal. Not only is it laggy as balls but it would keep hanging up meaning I had to close it and start again. As if that wasnt fucking frustrating enough all I wanted to do was add my new SSH so I could just use my terminal. But NO you can't fucking paste anything into their terminal! Like what the fuck? How can you not have this basic functionality in 2017???

I have this little problem,

there is no constant electricity In the country where I live, in fact for the past 4 days there was not a single blink.

I enable auto save on my vs code to save me from tears,

now I have a file server with backup batteries and since it's a laptop mobo that was converted to a server, hooking up the battery was a no brainer.

I just saved copies of my files on it and if I edited any of them I'll just overwrite the file. this was only possible if I did this before the power goes out or else I am stuck again.

I decided to try vs code extensions that will save me from all that copy and paste work.

tried ssh, unsupported architecture error, didn't care I just needed ftp or sftp

I tried the simple ftp/sftp extension. worked pretty well. allowed me to connect to the server and add the remote directory to my workspace and with autosave the changes are uploaded immediately which means once power is out I can continue on my mobile phone(I have some android text editors that support ftp).

little problem. I discovered some things just don't work. even if I opened the whole directory, the contents will not be loaded unless I open them up like stylesheets and images and whatnot.

imagine having to open every single damn file before it appears on the browser, very annoying.

I need a solution, I have really tried.

I use qemu/KVM on Linux. I love being able to do basically all VM operations with commands. So when I need to use my Windows VM(ie: connect to a WebEx), I pop it on with an integration I wrote for my keyboard launcher(mutate), or just execute an alias over SSH, and connect via VNC. When I'm done, I just shit it down. At this point, Windows has been reduced to just a windowed program that I run.

Dumb mistake from when I was still working:

My work laptop’s SSD went haywire, and I/O would spike every 10 minutes or so for ~50 ms. The hardware guy said he could replace the SSD right away, or I could endure it for a few weeks and get a new laptop instead. Obviously, I agreed to wait. The stutter noticeably affected screen rendering, but I didn’t notice any other issues. Little did I know that every time it happened, all input was ignored (as in: not queued). Normally it wouldn’t matter, because hitting a random ~50 ms window is hard. How-the-f×ck-ever…

A few days later — without getting into “why” — I was forced to apply a patch in production. So I opened an SSH session to prod in one terminal, spun up a dev environment in another, copied the database schema from prod to dev, and made sure to test everything. No issues, so I jumped to prod, applied the patch, restarted services, jumped back to dev, and cleaned up the now-unnecessary database. Only to discover that my “jumped back to dev” keystroke didn’t register.

I've created instructions for myself the next time I encounter cpanel.

rallen@rallen ~ $ cheat cpanel
#SSH'ing into the fucking cpanel
#Figure out combination of 5 usernames and passwords given by client to log in.
#Pray that WHM isn't involved.
#Ignore several ssl warnings and cancel several .htaccess password prompts.
#Call in to enable that shit.
#Wait no less than 15 minutes on hold.
#SSH enabled.
#Create public private key pair.
#Notice the ppk conversion for windows 'devs'. Sigh.
#Copy key pair to ~/.ssh/
#chmod that shit to 600.
#Note for the user name it's not anything the clients given you or what you've named the key. Look in the cpanel for the /home/<user> directory.
ssh -i ~/.ssh/key <user>@<dedicatedip>

Sometime last year I had an internship at a small company.

Test servers weren't a thing, and after local testing, it would go to production with a backup of the files that we would put back as soon as we notice something was broken or off.

We used symfony and sonata admin was part of the bundle.

One day, boss asks me to show all the items in a table on the admin page instead of 30 rows.

Me being good guy intern say "sure no problem" so after finding the magic number, I set it to 0 instead of 30.

I gave my work reviewed by my supervisor (senior dev there) and he approved it.

I try to upload the file over FTP. No permissions.

Ask the other dev what it's about, his response: "no idea"

So he tries, fails and decides to try SSH.

Somehow, after fiddling for 20 minutes with ssh, we managed to upload the file.
As soon as we did we hear a scream from the boss's office, we refresh the site, and no matter what page we went to, all we saw was white and the logo of the company in the top left corner.

So this time, we fiddled around with ssh to restore the file for 20 minutes.

Finally succeed all goed back to normal.

A little while later, we call a meeting with the bosses and ask to rewrite the website, BAM, we get approval.

We said "two weeks tops", well that lasted 3 months.

In the end bosses are Uber happy with the work and everything ended well.
Also, development speed has multiplied.

client: "can you build out a staging server for us? here's all the code, everything you need"
me: "awesome, looking good, i have almost everything i need, just give me the credentials for the server, and I'll get started installing all the infrastructure"
client: "ok, try these!"
me: "doesn't work"
client: "this one?"
me: "doesn't work..."
client: "how about this one?"
me: "STILL NOT WORKING!!!"

imagine you want someone to do stuff on your server and you don't even know the root SSH password.... smh

why is this always a problem, use fucking 1password or something its 40 bucks a year, secure, and you can organize alllll your passwords. don't be a fucking boomer and write them on a piece of paper, or worse, apparently like my client, never know it or have it in the first place.

Fun story:

I once was in some kind of SSH-ception, my machine and two remote machines where the same, as in the username and hostname (local name) where equal. All with and Hitachi 500 GB disk.

I was going to nuke the remote machine 1, so later that day I would rebuild the system and all that good stuff, so it would be equal to remote machine 2.

I check the disks and see that it is what I expected, and proceed with the so called "sudo rm -rf /".

Turns out, in my madness, I was doing this on the remote machine 2, not on remote machine 1 (too many terminals), and after I pressed the button and 5 minutes are passed, I realize my mistake...I had just killed a big part of some research I was doing for college (100 or so simulation files, 2GB each).

LESSON: Always triple check your drives and sessions.

P.S.: Something similar happened with me once doing dd to make a ubuntu bootable flash, I ended up erasing 800GB of backup files.

Fuck ssh. It does 4 things at once and i couldn't get it to do one. I have some pi's and want a shared directory on each of them. On a server i created a user for that and mounted its home directory on a pi, it worked. I did some lockdowns (no shell, only sftp allowed, login only via keyfile), but i was still able to mount it on boot.

Now i had to migrate this setup to another server. It took me a while copying all the configuration etc. All i got for that was a error-message. I figured out the users home-directory had to be owned be root, fixed that, got another error message. Somehow scp didn't use sftp but the login shell which is /usr/sbin/nologin. That made scp (and sshfs) fail, even though it perfectly works with the other server.

I gave up and removed all the setup. I'll find another distributed filesystem for that (but not samba or nfs, those are way to complicated). Those are the setbacks that depress me.

So today we renamed a repo on bitbucket. We changed the remote url on local PCs and kept working. When deploying, our deploying platform threw an error saying invalid repo name, which was expected. Thing is, said platform doesn't have a "change repo remote url" option, so we did it manually over SSH. It didn't work as it now says the bitbucket token is invalid. There is no option to change or set the token. Redeploying will take almost an entire day due to configurations. FML.

Holy shit.

This was an effort to combine Gitlab, Github and Bitbucket with VSCode and git SSH authentication. SSH agent doesn't work, configured, added some code in .bashrc, seems fine. Then there was still ssh-askpass missing.

"ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory"

WTF VSCode? Why do I need this crap?

However, installed it. Nevertheless, I'm still asked for my password every time when I synchronize using the GUI. Thank God everything was in docker containers/images. So at least there is no garbage left after every failed attempt.

I don't know how, but I finally made it that at least synchronization using the terminal works without a password.
Took me five hours to do this shit.

Now I just report the bug to Microsoft and then straight to McDonalds. I'm starving.

So i'm trying to upload a file to an SSH server using node. First I try the obvious putFile method provided by the obvious node-ssh package. On any other server this would work fine but this server doesn't have sftp installed so that doesn't work.

OK, so next I learn how scp works (it runs the command "scp -t" on the remote server, and sends to stdin a command like "C0666 1234 file.txt" and then sends the contents of the file) and I write some javascript code to do this. It's pretty finicky, the first few tries I forget to close the stream right or detect the program finishing. I add some logging and that helps me figure out what the problem is, and finally I get it to not output any errors.

So I log into the server and check and the file isn't there. I try again several times, file still isn't there. I try running scp -t manually on the server, typing in exactly what my program is sending, and it works. This goes on for a while until I realize that I've been sending a file to one server and logging into a different server to check if the file was sent. grrr

I spend the day trying to setup a shared git repository. Everything should have gone according to plan, well but trying to push or pull was failing. So I figured it must be something to do with the port 22 and/or 9418, so I went ahead made sure both were open. Port 22 was already open since I could ssh into the box. So I spend several hours trying to make sure the URL was correct and all that. Here's the kicker, I somehow didn't "git init --bare ." In my defense I ran a pre-prepared script by copying and pasting. The last line didn't execute it seems. I figured this out by "cd repo.git && ls -as". Does "ls" qualify as a function, cause this baby is my hero.

I've been programming for 15 years now or more if I count my years I programmed as a hobby. I'm mostly self learned. I'm working in an environment of a few developers and at least the same amount of other people (managers, sales, etc). We are creating Magento stores for middle sized businesses. The dev team is pretty good, I think.

But I'm struggling with management a lot. They are deciding on issues without asking us or even if I was asked about something and the answer was not what they expect, they ask the next developer below me. They do this all the way to Junior. A small example would be "lets create a testing site outside of deployment process on the server". Now if I do this, that site will never be updated and pose a security risk on the server for eternity because they would forget about it in a week. Adding it to our deployment process would take the same time and the testing site would benefit from security patches, quick deployment without logging in to the server, etc. Then the manager just disappears after hearing this from me. On slack, I get a question in 30 minutes from a remote developer about how to create an SSH user for a new site outside of deployment. I tell him the same. Then the junior gets called upstairs and ending up doing the job: no deployment, just plain SSH (SFTP) and manually creating the database. I end up doing it but He is "learning" how to do it.

An other example would be a day I was asked what is my opinion about Wordpress. We don't have any experience with Wordpress, I worked with Drupal before and when I look at a Wordpress codebase, I'm getting brain damage. They said Ok. The next day, comes the announcement that the boss decided to use Wordpress for our new agency website. For his own health and safety, I took the day off. At the end, the manager ended up hiring an indian developer who did a moderately fair job. No HiDPI sprites, no fancy SASS, just plain old CSS and a simple template. Lightyears worse than the site it was about to replace. But it did replace the old site, so now I have to look at it and identify myself part of the team. Best thing? We are now offering Wordpress development.

An other example is "lets do a quick order grid". This meant to be a table where the customer can enter SKU and quantity and they can theoretically order faster if they know the SKU already. It's a B2B solution. No one uses it. We have it for 2 sites now and in analytics, we have 5 page hits within 3 years on a site that's receiving 1000 users daily... Mostly our testing and the client looked at it. And no orders. I mean none, 0. I presented a well formatted study with screenshots from Analytics when I saw a proposal to a client to do this again. Guess what happened? Someone else from the team got the job to implement it. Happy client? No. They are questioning why no one is using it.

What would you do as a senior developer?

- Just serve notice and quit
- Try to talk to the boss (I don't see how it would work)
- Just don't give a shit

Worst project I worked on was fixing up and optimizing a clients legacy Magento app. this thing had leftover code from a few different development teams, and then my company had to make it run better. We outsourced much of it, and it wasn't using a proper git setup. in order to do absorb at all, we had to SSH to a dev server, work directly, and pray another person on the team want working on the same file or breaking something else.

Ctrl+X followed by Ctrl+C to quit. Let that sink in. Think about :wq. Think about Ctrl+X. Think. Ask yourself how you think about it and then think again.

And if you say "well it's AWESOME" then start using your clipboard more when using a gui around the terminal or ssh and come back 1 month later.

People say vi is counter intuitive.. what the fuck is emacs then?

Is there any package to install with apt to detect if the Server has no Internet connection and output maybe a netstat to a file if so?
My problem is: I have a Server and since today it randomly has no Internet for hours. I don't know if it's a DDoS or something different and I want to find out. I also can only SSH into it so it needs Internet to let me do anything.
(It's just a fun project so there is really only me who could do something)

I've been wondering about renting a new VPS to get all my websites sorted out again. I am tired of shared hosting and I am able to manage it as I've been in the past.

With so many great people here, I was trying to put together some of the best practices and resources on how to handle the setup and configuration of a new machine, and I hope this post may help someone while trying to gather the best know-how in the comments. Don't be scared by the lengthy post, please.

The following tips are mainly from @Condor, @Noob, @Linuxxx and some other were gathered in the webz. Thanks for @Linux for recommending me Vultr VPS. I would appreciate further feedback from the community on how to improve this and/or change anything that may seem incorrect or should be done in better way.

1. Clean install CentOS 7 or Ubuntu (I am used to both, do you recommend more? Why?)
2. Install existing updates
3. Disable root login
4. Disable password for ssh
5. RSA key login with strong passwords/passphrases
6. Set correct locale and correct timezone (if different from default)
7. Close all ports
8. Disable and delete unneeded services
9. Install CSF
10. Install knockd (is it worth it at all? Isn't it security through obscurity?)
11. Install Fail2Ban (worth to install side by side with CSF? If not, why?)
12. Install ufw firewall (or keep with CSF/Fail2Ban? Why?)
13. Install rkhunter
14. Install anti-rootkit software (side by side with rkhunter?) (SELinux or AppArmor? Why?)
15. Enable Nginx/CSF rate limiting against SYN attacks
16. For a server to be public, is an IDS / IPS recommended? If so, which and why?
17. Log Injection Attacks in Application Layer - I should keep an eye on them. Is there any tool to help scanning?

If I want to have a server that serves multiple websites, would you add/change anything to the following?
18. Install Docker and manage separate instances with a Dockerfile powered base image with the following? Or should I keep all the servers in one main installation?
19. Install Nginx
20. Install PHP-FPM
21. Install PHP7
22. Install Memcached
23. Install MariaDB
24. Install phpMyAdmin (On specific port? Any recommendations here?)

I am sorry if this is somewhat lengthy, but I hope it may get better and be a good starting guide for a new server setup (eventually become a repo). Feel free to contribute in the comments.

So just a normal rant here. .. it was one of those moments you find in yourself in sometimes. You get so caught up in thinking you know everything that you can't implement occams razor into your everyday work routine anymore. You've worked with so many complex workarounds that when you are faced with a simple problem with a simple answer you can't see the blinking neon light shouting at you anymore , and you can't here the bells sound anymore. ..
My rant is about Me vs the infamous mikrotik router. Something I had to set up. Something I had to login to setup. Something I've done so many times before but this time , my inflated ego and overbearing sense of grandeur just could not figure out.
Class how do we login into a router? Well find your gateway and type that sucker into a browser and you will be on your way ... well that's the answer right there. But since I thought that my router was connected to three dummy switches that it would affect anything or the paranoia I had that my isp somehow disabled any connections to the router at all or that I and to open a new port to connect to it or use winbox to connect to it using only the mac address or ssh into it ..would work ...I didn't try using the tried and tested way of doing it.
I wanted it to be an adventure. I wanted it to be a problem to solve so I shoved the ordinary answer out of the way and used other methods to try and connect to it...
All I had to do was used Nmap to scan the gateway for open ports and realise to view it in the Browser on port 8080 instead and finish my journey ...
I was looking for a dragon to slay , a maze to conquer, glory at the end of my mission ... when all I felt was a sheer sense of idiocy.
--Rant Completed--

for on the go developinh I have completely replaced my laptop with my phone and a folding Bluetooth keyboard.

It can really do anything my laptop did, and if needed I can just remote desktop into my pc or ssh into a server.

Tl;Dr:
The new windows subsystem for Linux might severely slow compilation time for me.

Microsoft is releasing a preview of WSL 2 which works fundamentally different to WSL 1, which I currently use.

For those who don't know, WSL (or Windows Subsystem for Linux) used to be a compatibility layer, which "translated" Linux syscalls to Windows syscalls. This enables the execution of Linux applications on Windows. The new WSL (WSL 2) doesn't do any of that, instead, it is a highly optimised Virtual Machine.

So don't get me wrong from a performance point of view there is no Issue, RAM and CPU usage is truly astonishingly small and performance of Linux applications is much improved over WSL 1.

BUT, apparently, accessing files stored on Windows through Linux is now piss slow.

Great, truly outstanding.

Why is this a problem? Well, I use WSL to develop c++ Linux applications using CLion, the way this works is that you set up an ssh server in WSL, which CLion uses to do compilations.

One _needs_ to have the project files stored on Windows as otherwise CLion on Windows can't access them.

If I wanted a Linux VM I would have installed one.

Urgh.

Okay, what's the stupidest idea for a project?
I'm talking projects that you'll do only to show off that you can! With disregarding the "why" part.

I'm talking the 'connecting to the coffee machine and making coffee through the ssh connection' project, or creating a vim plugin that orders pizza.

Just how crazy can we get?

I had the funniest thing today... So our company has some servers off somewhere in a VPN, as well as one server in our own office.

So, for simplicity, S1 is my own laptop, S2 is our office server, S3 is one VPN server, and S4 another.

I want to get a file from S2 to S4. S1 can SSH into S2 and S3, S2 can't ssh into any server, S3 can ssh into S2 and S3, and S4 can't ssh into any server.

So to get a file from S2 to S4, I took the path

S1 pull from S2 -> S1 push to S3 -> S3 push to S4

Part of it was preexisting keys meaning it was easier to send S1 to S4 via S3 than get my pubkey from S1 onto S4, but also S2 not being on the VPN meant I couldn't go straight from S2 to S3 or S4, so I had to route through S1, which I could add to the VPN (I'd sshed into S2 from home and thus couldn't put it on the VPN not to mention permissions, whereas I could put S1 easily onto it)

Twas certainly a fun time :P

Plus, port forwarding from a Docker container on S2 to S2's port to S1's port via ssh was fun to get set up.

Time to document this process :)

VSCode doesn't request permission to edit github workflow files by default. Because it's an OAuth app and not a token, I can't grant it scopes that it did not request. I am forced to use SSH or a personal token instead of VSCode's built-in Github authentication, but because there's no convenient way to have VSCode forget that it authenticated a repo, I am also forced to checkout my own repo again and push the changes across.

If you want your product to Just Work, then Just Use Open Processes that are easy to hook into, interrupt or partially replace. Nobody can think of everything. Not even Apple's or Microsoft's mighty designers. What everyone can do is to provide graceful failure modes and offer partial strategies.

okay so i was upgrading all of my packages on my Kali Linux (persistence) with apt-get upgrade but it got interrupted by me trying to copy something and me impulsively doing ctrl c. Now, it seems that no apps want to open and i can't open the terminal to do anything. i was gonna ssh but i turned off WiFi afterwards. how do i finish updating apt without a shell and how do i get my apps working?

- sidenote, Firefox seems to work so maybe it's only system or gnome applications like settings and terminal?

-Recently started a new job so I’m new to the infrastructure-

Spent the vast majority of the day trying to SSH into one of my company servers to sort some random bug out on the website & the connection kept being rejected despite the day before it working when passing the .pem key into the SSH along with the ip & my username, nothing new there.

Anyway, everyone’s mad busy so I don’t wanna bother anyone to ask why, so I check confluence, no documentation for SSHING into our scheduler or the code the server I need to access. Never-mind.
Spend another couple hours trying debug it on my own, no luck. Never-mind.

Finally seize my opportunity and ask for help; ‘Oh the server IP changes daily so you need to run a task through our scheduler that you need to SSH into to return the list of IPS and that dynamically changes so that’s how you get the IP’

Oh ok. Why is there no documentation for that again? I mean. Thats generally some pretty important information you’d pass onto your starters.
At least I can say I won’t be making that same mistake again.

let rant: (Bool, Bool, String) -> Void = { (isRant, isDev, contents) in
print(contents)
}

rant(false, true, "

So, a year ago more or less, I set out to teach myself some server-side programming on the side.

Many (MANY) tutorials, Digital Ocean droplets created and destroyed, coffee mugs and FMLs later, I can say 'Hello World' from Node.js - built from source and not running as a sudoer - using express and forever on Ubuntu, behind another Ubuntu server running nginx - also built from source so to add headers-more and naxsi - using all sorts of goodies to enhance security and talking to each other via SSH. Oh, and taking to the world over HTTPS with a grade A on SSL Labs (I know this doesn't mean much to you. Yeah you, rolling your eyes over there. So why don't you just bugger off before even commenting? Haha)

Feels good man.

")