I used to work with a guy who had 2 PH.Ds, in Computer Science and Electrical Engineering and over 600 patents but I kid you not the guy could not use the coffee machine. Now it's not like this coffee machine was as easy as a Keurig, it was some $20,000 espresso machine that took a while to figure out but I tried teaching him how to use it a few dozen times and still he couldn't get it right. It got to the point where I thought he was faking it so that others would make it for him so I offered him $500 if he could figure it out. Still nope. So for the remaining 2 years we worked together I made him coffee whenever he wanted, 2-4 times a day, and he bought me lunch everyday. Before I left the company I bought him a Keurig so that when I left he'd still have coffee.

FUCK OFF. It's 2 days before a deadline, I'm wearing headphones and clearly focused and you have the fucking audacity to interrupt me because you're fucking bored? Go light yourself on fire you fucking cunt

So that high level prank from yesterday.

Senior Linux engineer, the fucker.

He somehow installed shitloads of cron jobs onto my system.

Every few minutes it would create a new user with a freaking complicated password. Then it would install openssh server in case it wasn't installed yet. After that it'd set all iptables rules to allow incoming AND outgoing connections on port 22.

That was one badass ansible script though!

I'm not sure what more there's to it because sometimes when i removed crons, they'd magically appear again later AND i forgot to check the boot scripts so i might be fucked again when I get to work today!

Plus side, i finally fully understand cron 😅

When I was in high school, the IT had the bright idea to use the same username/password for each machine in our site, and there was this jerk who knowing this, would occasionally SSH into the computers of the other classmates and wget porn mp4s to their home directory to embarrass them, as some sort of weird-ass prank.

So, in order to give him a lesson, I one day had logged in and set a rule on the class' router to forward all port 22 traffic back to his own IP address, and had SSHed into his machine, aliasing wget with a full-screen kiosk mode chrome, followed by a force disable of the USB HID devices.

It might have been less awkward and he might have seen less scared, if it wasn't for the fact that I had also remotely set his machine to maximum volume, and the teacher wasn't in the middle of a lecture. 😏

To this date, his expression is the most precious reaction I have ever seen.

To IT: I can no longer clone GitHub repos from the command line.

From IT… Hello DevOps engineer…. You’re no longer allowed to use port 22. It’s not safe. All traffic must be port 443.

Really!?

I'm so grateful DevOps is now a thing. I remember getting a phone call from a client at 2am on a Friday because their site was down and having to ssh in from a Nokia with the world's tiniest keyboard to reboot the server.

Of course that particular server only exposed port 22 on it's local network, so I had to first ssh into another server which did have its ssh port open to external connections.

Trying to remember two sets of credentials and type them in on a tiny keyboard, while so drunk you were seeing double, standing outside in the rain as it was the only place you got signal. Yeah…I'm so grateful DevOps is now a thing

I was at the airport, 2AM, waiting for the plane I was supposed to board to come from another airport... Got bored, scanned the WiFi networks, found an open network with the ID of the airline I had booked with, joined, and tried port 22 on the gateway... It was a Cisco router with the default password... Needless to say, I thought I needed to teach those guys a lesson... Messed the routing table, changed its IP, disabled DHCP, and restarted the router. Needless to say, we couldn't board because they couldn't check us in...

*tries to SSH into my laptop to see how that third kernel compilation attempt went*
… From my Windows box.

Windows: aah nope.

"Oh God maybe the bloody HP thing overheated again"
*takes laptop from beneath the desk indent*
… Logs in perfectly. What the hell... Maybe it's SSH service went down?

$ systemctl status sshd
> active (running)

Well.. okay. Can I log in from my phone?

*fires up Termux*
*logs in just fine*

What the fuck... Literally just now I added the laptop's ECDSA key into the WSL known_hosts by trying to log into it, so it can't be blocked by that shitty firewall (come to think of it, did I disable that featureful piece of junk yet? A NAT router * takes care of that shit just fine Redmond certified mofos).. so what is it again.. yet another one of those fucking WanBLowS features?!!

condor@desktop $ nc -vz 192.168.10.30 22
Connection to 192.168.10.30 22 port [tcp/ssh] succeeded!

ARE YOU FUCKING FOR REAL?!

Fucking Heisen-feature-infested piece of garbage!!! Good for gaming and that's fucking it!

Edit: (*) this assumes that your internal network doesn't have any untrusted hosts. Public networks or home networks from regular users that don't audit their hosts all the time might very well need a firewall to be present on the host itself as well.

Mixing tabs and spaces

inside incubator

port 22 - blocked
steam - blocked
Have to prove you are human, while visiting every other website
Sometimes captca doesnot stop after 3-4 images. Goes on to show you even more

meanwhile,
facebook - unblocked
instagram - unblocked
youporn - unblocked

What's your favorite command line text editor and why is it Vim?

Go home JavaScript, you're drunk

Setup my port honeypot today finally, including port 22, then wrote a custom dashboard for some data tracking, feels great to have it open on my screen seeing the bans just roll in every 2 seconds of refresh, the highest hits are as expected from china, russia and india, also filed ~700 reports and already got 300 banned from their service. (mainly Microsoft Azure for whatever reason)

I wanted to first automate that (or atleast blacklist report to various IP lists via API), but then I was afraid that I'll be one day stupid enough to somehow get banned - don't want myself to get reported lol

My school just tried to hinder my revision for finals now. They've denied me access just today of SSHing into my home computer. Vim & a filesystem is soo much better than pen and paper.

So I went up to the sysadmin about this. His response: "We're not allowing it any more". That's it - no reason. Now let's just hope that the sysadmin was dumb enough to only block port 22, not my IP address, so I can just pick another port to expose at home. To be honest, I was surprised that he even knew what SSH was. I mean, sure, they're hired as sysadmins, so they should probably know that stuff, but the sysadmins in my school are fucking brain dead.

For one, they used to block Google, and every other HTTPS site on their WiFi network because of an invalid certificate. Now it's even more difficult to access google as you need to know the proxy settings.

They switched over to forcing me to remote desktop to access my files at home, instead of the old, faster, better shared web folder (Windows server 2012 please help).

But the worst of it includes apparently having no password on their SQL server, STORING FUCKING PASSWORDS IN PLAIN TEXT allowing someone to hijack my session, and just leaving a file unprotected with a shit load of people's names, parents, and home addresses. That's some super sketchy illegal shit.

So if you sysadmins happen to be reading this on devRant, INSTEAD OF WASTING YOUR FUCKING TIME BLOCKING MORE WEBSITES THAN THEIR ARE LIVING HUMANS, HOW ABOUT TRY UPPING YOUR SECURITY, PASSWORDS LIKE "", "", and "gryph0n" ARE SHIT - MAKE IT BETTER SO US STUDENTS CAN ACTUALLY BROWSE MORE FREELY - I THINK I WANT TO PASS, NOT HAVE EVERY OTHER THING BLOCKED.

Thankfully I'm leaving this school in 3 weeks after my last exam. Sure, I could stay on with this "highly reputable" school, but I don't want to be fucking lied to about computer studies, I don't want to have to workaround your shitty methods of blocking. As far as I can tell, half of the reputation is from cheating. The students and sysadmins shouldn't have to have an arms race between circumventing restrictions and blocking those circumventions. Just make your shit work for once.

**On second thought, actually keep it like that. Most of the people I see in the school are c***s anyway - they deserve to have half of everything they try to do censored. I won't be around to care soon.**

It took forever to get SSH access to our office network computers from outside. Me and other coworkers were often told to "just use teamviewer", but we finally managed to get our way.

But bloody incompetents! There is a machine with SSH listening on port 22, user & root login enabled via password on the personal office computer.

"I CBA to setup a private key. It's useless anyways, who's ever gonna hack this computer? Don't be paranoid, a password is enough!"

A little more than 30 minutes later, I added the following to his .bashrc:

alias cat="eject -T && \cat"
alias cp="eject -T && \cp"
alias find="eject -T && \find"
alias grep="eject -T && \grep"
alias ls="eject -T && \ls"
alias mv="eject -T && \mv"
alias nano="eject -T && \nano"
alias rm="eject -T && \rm"
alias rsync="eject -T && \rsync"
alias ssh="eject -T && \ssh"
alias su="eject -T && \su"
alias sudo="eject -T && \sudo"
alias vboxmanage="eject -T && \vboxmanage"
alias vim="eject -T && \vim"

He's still trying to figure out what is happening.

2 hours waiting for the MacBook Pro refresh announcement and not a word

I think my server got hacked, yesterday I made a new server on scaleway for the sake of testing I made a user called dev, with password dev. Forgot to change password before I went to bed.

Logged in today to find that load is 5x.x and this (image) in my crontab

Note to self: You are a disgrace, who the hell uses 'dev' as password for ssh on port 22 -_-

I'm a founder of a small startup. We had a board meeting on a Friday, and Thursday night I sent a strongly worded email to the chairman and point investor, both of whom are worth well over $100 million, expressing my concern that we were undercapitalized and they were taking advantage of our youth and inexperience in order to make a quick return on their investment. The board meeting the next day was 2 hours of me getting railed.

Last Monday I bought an iPhone as a little music player, and just to see how iOS works or doesn't work.. which arguments against Apple are valid, which aren't etc. And at a price point of €60 for a secondhand SE I figured, why not. And needless to say I've jailbroken it shortly after.

Initially setting up the iPhone when coming from fairly unrestricted Android ended up being quite a chore. I just wanted to use this thing as a music player, so how would you do it..?

Well you first have to set up the phone, iCloud account and whatnot, yada yada... Asks for an email address and flat out rejects your email address if it's got "apple" in it, catch-all email servers be damned I guess. So I chose ishit at my domain instead, much better. Address information for billing.. just bullshit that, give it some nulls. Phone number.. well I guess I could just give it a secondary SIM card's number.

So now the phone has been set up, more or less. To get music on it was quite a maze solving experience in its own right. There's some stuff about it on the Debian and Arch Wikis but it's fairly outdated. From the iPhone itself you can install VLC and use its app directory, which I'll get back to later. Then from e.g. Safari, download any music file.. which it downloads to iCloud.. Think Different I guess. Go to your iCloud and pull it into the iPhone for real this time. Now you can share the file to your VLC app, at which point it initializes a database for that particular app.

The databases / app storage can be considered equivalent to the /data directories for applications in Android, minus /sdcard. There is little to no shared storage between apps, most stuff works through sharing from one app to another.

Now you can connect the iPhone to your computer and see a mount point for your pictures, and one for your documents. In that documents mount point, there are directories for each app, which you can just drag files into. For some reason the AFC protocol just hangs up when you try to delete files from your computer however... Think Different?

Anyway, the music has been put on it. Such features, what a nugget! It's less bad than I thought, but still pretty fucked up.

At that point I was fairly dejected and that didn't get better with an update from iOS 14.1 to iOS 14.3. Turns out that Apple in its nannying galore now turns down the volume to 50% every half an hour or so, "for hearing safety" and "EU regulations" that don't exist. Saying that I was fuming and wanting to smack this piece of shit into the wall would be an understatement. And even among the iSheep, I found very few people that thought this is fine. Though despite all that, there were still some. I have no idea what it would take to make those people finally reconsider.. maybe Tim Cook himself shoving an iPhone up their ass, or maybe they'd be honored that Tim Cook noticed them even then... But I digress.

And then, then it really started to take off because I finally ended up jailbreaking the thing. Many people think that it's only third-party apps, but that is far from true. It is equivalent to rooting, and you do get access to a Unix root account by doing it. The way you do it is usually a bootkit, which in a desktop's ring model would be a negative ring. The access level is extremely high.

So you can root it, great. What use is that in a locked down system where there's nothing available..? Aha, that's where the next thing comes in, 2 actually. Cydia has an OpenSSH server in it, and it just binds to port 22 and supports all of OpenSSH's known goodness. All of it, I'm using ed25519 keys and a CA to log into my phone! Fuck yea boi, what a nugget! This is better than Android even! And it doesn't end there.. there's a second thing it has up its sleeve. This thing has an apt package manager in it, which is easily equivalent to what Termux offers, at the system level! You can install not just common CLI applications, but even graphical apps from Cydia over the network!

Without a jailbreak, I would say that iOS is pretty fucking terrible and if you care about modding, you shouldn't use it. But jailbroken, fufu.. this thing trades many blows with Android in the modding scene. I've said it before, but what a nugget!

I am at a hotel and these fuckers are blocking outbound connections to port 22. They are also blocking access to any websites mentioning proxy or vpn, seriously fuck them. I managed to get a VNC connection open to one of my servers and I am now trying to set up a VPN tunnel to my servers so I can fucking do my work. >:-(

TL;DR my first vps got hacked, the attacker flooded my server log when I successfully discovered and removed him so I couldn't use my server anymore because the log was taking up all the space on the server.

The first Linux VPN I ever had (when I was a noob and had just started with vServers and Linux in general, obviously) got hacked within 2 moths since I got it.
As I didn't knew much about securing a Linux server, I made all these "rookie" mistakes: having ssh on port 22, allowing root access via ssh, no key auth...

So, the server got hacked without me even noticing. Some time later, I received a mail from my hoster who said "hello, someone (probably you) is running portscans from your server" of which I had no idea... So I looked in the logs, and BAM, "successful root login" from an IP address which wasn't me.

After I found out the server got hacked, I reinstalled the whole server, changed the port and activated key auth and installed fail2ban.
Some days later, when I finally configured everything the way I wanted, I observed I couldn't do anything with that server anymore. Found out there was absolutely no space on the server. Made a scan to find files to delete and found a logfile. The ssh logfile. I took up a freaking 95 GB of space (of a total of 100gb on the server). Turned out the guy who broke into my server got upset I discovered him and bruteforced the shit out of my server flooding the logs with failed login attempts...

I guess I learnt how to properly secure a server from this attack 💪

Anything by Atlassian, their software feels slow and bloated

How bad is it for a fortune 500 company to open port 22 over the internet for all its linux servers?? Today, I reported this to my boss and he said "it won't be a problem, no one can login without a password".

Working with the Intel Edison. My god that thing sucked. So the thing ships with this tiny custom yocto Linux with almost no common packages the default repositories. Getting basic tools like Git and Vim were a task on its own, let alone getting the latest version of Node running. Another company Emutex made a Debian distro for it called Ubilinux but they never planned support or updates and officially took it down a few months ago. Both the Yocto build and the Debian build shipped with the 3.10 Linux kernel and upgrading it without breaking it was nearly impossible because they monkey patched device support into it rather than making a patcher. The team at Linux responsible for the Edison released 3 broken versions of the MRAA library in a row, crippling my code for weeks before I realized what they had done. The hardware hasn't received a refresh since it came out and only 1.4 GB of the 4 GB on the device is actually available.

It may be fine for hobby projects but please don't ever try to prototype a commercial product on it. Fuck the Edison and fuck Intel

me: block all in&put connection
firewall: ok
me: open port 22 for local network
firewall: ok
me: enable firewall
firewall: ok
me: restart pi
firewall: allow me connect
me: open port 80 for local network
firewall: ok
me: open port 443
firewall: Oh! i have to block icoming connections on port 22

console(config)#ip ssh port 22

InCorrect Port-Number : Port-Number Should be in the Range <1025 - 65535>

console(config)#

My setup, seeing that people are posting theirs.
+ BenQ 22" monitor
+ Custom-built PC
+ Fried i7 motherboard :(
+ Working i3 motherboard
+ 2 Green fans (top, back)
+ 2 Red fans (front)
+ (not-working-well) CD/DVD disk
+ 2G WD hard drive (not SSD :( )
+ 4-port USB 3.0 hub
+ SD card reader (with 3 more storage devices it can read)
+ Webcam
+ HP DeskJet Ink Advantage
+ Horrible mechanical keyboard
+ Special keys (music player, play/pause, next/prev, etc.)
+ Mouse that doesn't stop glowing
+ Awesome speakers
+ 4 lights
+ Water jumps through the lights whenever audio rises
+ Xbox 360 S (2G internal storage: Ugh)
+ Speakers connected to Xbox 360
+ Desk Lamp

Software:
+ rEFInd
+ Arch Linux
+ Plymouth
+ Systemd
+ i3-gaps (Me)
+ GNOME (full) (for rest of family)
+ NeoVim
+ XTerm
+ Cmus

After doubting Deepin OS for 4 days and slangs to Windows, it turns out, ISP is blocking the port 22, which is why I was not able to communicate to my instance through SSH.

One of the major Cellular company and Fastest 4G in the whole country, 'Idea', is blocking the vital port 22. The same company promoted it's Internet service through chain of adv. calling it's Cellular Internet network, "Idea Internet Network (IIN)". Only to make it sound like IIT, IIMs ( elite indian colleges). Check on YouTube, IIN, if available

Fuck fuck fuck I can't even read this source code let alone abstract the core algorithm from it. Fuck C++ and fuck this extremely non verbose code and plethora of syntactic sugar that makes it impossible for anyone who doesn't know the nuances of the language to read it. You could literally put me in the middle of a country where nobody speaks English and i would still have an easier time than I am now.

I was under fire right now.
One cellular company, Idea, whose Internet service works really good, was blocking port 22.
And other, BSNL, which works terrible at my home, and is not working recently, since last few days( Maybe be data pack was over ), atleast support port 22.

Just got the call from client who has to send sms to all its clients, immediately. So BSNL was not working. And Idea was not supporting port 22.
Still, I gave IDEA Cellular, a try, and luckily it worked today. They started supporting port 22, at the right time.
My ASS is Saved

I spend the day trying to setup a shared git repository. Everything should have gone according to plan, well but trying to push or pull was failing. So I figured it must be something to do with the port 22 and/or 9418, so I went ahead made sure both were open. Port 22 was already open since I could ssh into the box. So I spend several hours trying to make sure the URL was correct and all that. Here's the kicker, I somehow didn't "git init --bare ." In my defense I ran a pre-prepared script by copying and pasting. The last line didn't execute it seems. I figured this out by "cd repo.git && ls -as". Does "ls" qualify as a function, cause this baby is my hero.

git push # via a slow network

> ssh: connect to host github.com port 22:
> Connection timed out
> fatal: Could not read from remote repository.
>
> Please make sure you have the correct access rights
> and the repository exists.

yes, if I have to wait for your server to time out, I can waste more time checking my permissions and that the repo still exists - as if ...

Javascript fatigue. Because the node scene is so new it doesn't have the established isms and methods of best practices so every few months the next best framework or library comes out promising to fix the problems we all face

I've been wondering about renting a new VPS to get all my websites sorted out again. I am tired of shared hosting and I am able to manage it as I've been in the past.

With so many great people here, I was trying to put together some of the best practices and resources on how to handle the setup and configuration of a new machine, and I hope this post may help someone while trying to gather the best know-how in the comments. Don't be scared by the lengthy post, please.

The following tips are mainly from @Condor, @Noob, @Linuxxx and some other were gathered in the webz. Thanks for @Linux for recommending me Vultr VPS. I would appreciate further feedback from the community on how to improve this and/or change anything that may seem incorrect or should be done in better way.

1. Clean install CentOS 7 or Ubuntu (I am used to both, do you recommend more? Why?)
2. Install existing updates
3. Disable root login
4. Disable password for ssh
5. RSA key login with strong passwords/passphrases
6. Set correct locale and correct timezone (if different from default)
7. Close all ports
8. Disable and delete unneeded services
9. Install CSF
10. Install knockd (is it worth it at all? Isn't it security through obscurity?)
11. Install Fail2Ban (worth to install side by side with CSF? If not, why?)
12. Install ufw firewall (or keep with CSF/Fail2Ban? Why?)
13. Install rkhunter
14. Install anti-rootkit software (side by side with rkhunter?) (SELinux or AppArmor? Why?)
15. Enable Nginx/CSF rate limiting against SYN attacks
16. For a server to be public, is an IDS / IPS recommended? If so, which and why?
17. Log Injection Attacks in Application Layer - I should keep an eye on them. Is there any tool to help scanning?

If I want to have a server that serves multiple websites, would you add/change anything to the following?
18. Install Docker and manage separate instances with a Dockerfile powered base image with the following? Or should I keep all the servers in one main installation?
19. Install Nginx
20. Install PHP-FPM
21. Install PHP7
22. Install Memcached
23. Install MariaDB
24. Install phpMyAdmin (On specific port? Any recommendations here?)

I am sorry if this is somewhat lengthy, but I hope it may get better and be a good starting guide for a new server setup (eventually become a repo). Feel free to contribute in the comments.

If you want a function social life, turn back now

How are redhat docs SO EXTENSIVE yet SO USELESS if you need to use it as actual user documentation? I thought they had their shit together, but after two days struggling to find any useful information I found a golden stackoverflow answer (sorry, but it's true) which - in my opinion - should have been the official "getting started" documentation entry for firewalld...
Everybody expects that you have your basic set of ports open (ssh for example), but nobody ever covers the configuration for that very important port 22 before you are locked out of your device. Thanks harperville if you're on here <3

!rant

I started a company with a few other guys 2 years ago and we're finally about to have the money to hire more people. However, I'm the only software engineer and I have no idea how to find the right candidates or how to give interviews. Has anyone here hired before, where do I start?

Not best practice whatsoever because the box was most likely owned, but...

SSH kept defaulting back to port 22 when it wasn't supposed to. So, wrote a cronjob that checked diff between SSH config and backed up SSH config. If different, reload backup. Didn't get locked out again.

Box has of course been replaced.