So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!

It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"

Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.

My parents found it very easy to work with as well so we decided to stick with it.

I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.

Then I started to experiment more and more.

After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!

From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.

Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!

I started to learn stuff like FTP, SSH and so on.

Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?

First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.

Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.

Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!

I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.

Finally made the jump to NginX and CentOS!

Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.

Started with simple, one screen linux setup with ubuntu 10.04.

Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!

It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).

So I've been looking for a Linux sysadmin job for a while now. I get a lot of rejections daily and I don't mind that because they can give me feedback as for what I am doing wrong. But do you know what really FUCKING grinds my FUCKING gears?

BEING REJECTED BASED ON LEVEL OF EDUCATION/NOT HAVING CERTIFICATIONS FOR CERTAIN STUFF. Yes, I get that you can't blindly hire anyone and that you have to filter people out but at least LOOK AT THEIR FUCKING SKILLSET.

I did MBO level (the highest sub level though) as study which is considered to be the lowest education level in my country. lowest education level meaning that it's mostly focused on learning through doing things rather than just learning theory.

Why the actual FUCK is that, for some fucking reason, supposed to be a 'lower level' than HBO or Uni? (low to high in my country: MBO, HBO, Uni). Just because I learn better by doing shit instead of solely focusing on the theory and not doing much else does NOT FUCKING MEAN THAT I AM DUMBER OR LESS EDUCATED ON A SUBJECT.

So in the last couple of months, I've literally had rejections with reasons like
- 'Sorry but we require HBO level as people with this level can analyze stuff better in general which is required for this job.'. - Well then go fuck yourself. Just because I have a lower level of education doesn't FUCKING mean that I can't analyze shit at a 'lower level' than people who've done HBO.

- 'You don't seem to have a certificate for linux server management so it's a no go, sorry!' - Kindly go FUCK yourself. Give me a couple of barebones Debian servers and let me install a whole setup including load balancers, proxies if fucking neccesary, firewalls, web servers, FUCKING Samba servers, YOU FUCKING NAME IT. YES, I CAN DO THAT BUT SOLELY BECAUSE I DON'T HAVE THAT FUCKING CERTIFICATE APPEARANTLY MEANS THAT I AM TOO INCOMPETENT TO DO THAT?! Yes. I get that you have to filter shit but GUESS WHAT. IT'S RIGHT THERE IN MY FUCKING RESUME.

- 'Sorry but due to this role being related to cyber security, we can't hire anyone lower than HBO.' - OH SO YOUR LEVEL OF EDUCATION DEFINES HOW GOOD YOU ARE/CAN BE AT CYBER SECURITY RELATED STUFF? ARE YOU MOTHERFUCKING RETARDED? I HAVE BEEN DOING SHIT RELATED TO CYBER SECURITY SINCE I WAS 14-15 FUCKiNG YEARS OLD. I AM FAMILIAR WITH LOADS OF TOOLS/HACKING TECHNIQUES/PENTESTING/DEFENSIVE/OFFENSIVE SECURITY AND SO ON AND YOU ARE TELLING ME THAT I NEED A HIGHER LEVEL OF FUCKING EDUCATION?!?!? GO FUCKING FUCK YOURSELF.

And I can go on like this for a while. I wish some companies I come across would actually look at skills instead of (only) study levels and certifications. Those other companies can go FUCK THEMSELVES.

Spent most of the day debugging issues with a new release. Logging tool was saying we were getting HTTP 400’s and 500’s from the backend. Couldn’t figure it out.

Eventually found the backend sometimes sends down successful responses but with statusCode 500 for no reason what so ever. Got so annoyed ... but said the 400’s must be us so can’t blame them for everything.

Turns out backend also sometimes does the opposite. Sends down errors with HTTP 200’s. A junior app Dev was apparently so annoyed that backend wouldn’t fix it, that he wrote code to parse the response, if it contained an error, re-wrote the statusCode to 400 and then passed the response up to the next layer. He never documented it before he left.

Saving the best part for last. Backend says their code is fine, it must be one of the other layers (load balancers, proxies etc) managed by one of the other teams in the company ... we didn’t contact any of these teams, no no no, that would require effort. No we’ve just blamed them privately and that’s that.

#successfulRelease

Corporate proxies that block resources web developers can't work without are the worst, preventing npm and composer from working at all. Easier to work from home than at work.

This tiny project is awesome. Thanks to @JoshBent (who partly got it from another repo as well) for providing a basic DNS server with hardcoded blacklisting functionality and thanks to @PerfectAsshole for correcting my mysql syntax I was stuck on for way too long.

I've now got this fucker to read blacklisted words from a redis list into an array which checks every requested domain to see if it matches. If yes, it proxies it through to another DNS server and if not, it'll log the requested domain to a mysql database and prints is as blocked onto the terminal.

If the domain matches any host from a service known to be integrated within a mass surveillance network, it also prints this out to thy terminal.

It's working yay! Gonna keep working on it today.

Me : "Hey the proxies aren't working anymore"

Them : "The what ?"

Me : "The what-you-call 'webs references'"

Them : Ooooh right

Yeah let's just call a cat a dog

Me: Hey boss, if you ever need someone to get into doing DevOps related tasks for the team, I'd be more than happy to take that on.

Boss: We don't really need any dedicated person to work on that, but if we do in the future, I'll let you know.

Fast forward a few days: I am now unable to deploy bug fixes to our testing environment, now in the cloud, because all access has been blocked for everyone except the two numbskulls who thought it'd be a great idea to move EVERYTHING over (apps, configuration manager, proxies, etc) first.

Oh, and this bug is affecting production.

!rant

I promoted duckduckgo to friends on Facebook and got them in a discussion about it. People generally are fairly receptive (with one annoying uncle pointing out the irony of posting it on Facebook xD).

One mentioned it was difficult to switch because Google was "just there", so I pointed to instructions on how to make it default.

Also enticing them with theme changes.

Feels good. Next to teach them how to use proxies :p

meta rant: I categorised this as a rant/story, mainly because it is related to tech, should I have just done "random"?

- "Hi A, we had a bug in production due to a changed category ID which we were not informed of."
- "Oh but my API just proxies the content from team B."
_____
- "Hi B, we had a bug in production due to a changed category ID."
- "Ah, I have nothing to do with category IDs, you should talk to my colleague C."
_____
- "Hi C, we had a bug in production due to a changed category ID."
- "I wish I knew anything about that, you should contact person D!"
_____
- "Hi D, we had a bug in production due to a changed category ID."
- *changes status to "Absent" on IM*

ERROR_TOO_MANY_REDIRECTS

This will be 4chan-r/greentext-ish in format. Also "me" is not me, PTH, it's referring to a game studio.

>Be me
>Be game studio
>Create event for weapon design
>Player base submit in a craptonna designs
>Holyfuck.jpg
>Create an internal service for voting
>Service doesn't check for vote except for a login
>MFW one submission has 6-digit votes
>MFW a lotta submission also start gain a lot of votes
>WTF.gif
>The vote count spiked
>Votebotting is here
>Ohshit.gif
>MFW I don't how to filter votes
>MFW I can't block rerouted traffics (VPNs, proxies, etc.)
>MFW the Discord server of the game gets vocal then Reddit.
>OhshitIfuckedup.mp4

A few days ago Aruba Cloud terminated my VPS's without notice (shortly after my previous rant about email spam). The reason behind it is rather mundane - while slightly tipsy I wanted to send some traffic back to those Chinese smtp-shop assholes.

Around half an hour later I found that e1.nixmagic.com had lost its network link. I logged into the admin panel at Aruba and connected to the recovery console. In the kernel log there was a mention of the main network link being unresponsive. Apparently Aruba Cloud's automated systems had cut it off.

Shortly afterwards I got an email about the suspension, requested that I get back to them within 72 hours.. despite the email being from a noreply address. Big brain right there.

Now one server wasn't yet a reason to consider this a major outage. I did have 3 edge nodes, all of which had equal duties and importance in the network. However an hour later I found that Aruba had also shut down the other 2 instances, despite those doing nothing wrong. Another hour later I found my account limited, unable to login to the admin panel. Oh and did I mention that for anything in that admin panel, you have to login to the customer area first? And that the account ID used to login there is more secure than the password? Yeah their password security is that good. Normally my passwords would be 64 random characters.. not there.

So with all my servers now gone, I immediately considered it an emergency. Aruba's employees had already left the office, and wouldn't get back to me until the next day (on-call be damned I guess?). So I had to immediately pull an all-nighter and deploy new servers elsewhere and move my DNS records to those ASAP. For that I chose Hetzner.

Now at Hetzner I was actually very pleasantly surprised at just how clean the interface was, how it puts the project front and center in everything, and just tells you "this is what this is and what it does", nothing else. Despite being a sysadmin myself, I find the hosting part of it insignificant. The project - the application that is to be hosted - that's what's important. Administration of a datacenter on the other hand is background stuff. Aruba's interface is very cluttered, on Hetzner it's super clean. Night and day difference.

Oh and the specs are better for the same price, the password security is actually decent, and the servers are already up despite me not having paid for anything yet. That's incredible if you ask me.. they actually trust a new customer to pay the bills afterwards. How about you Aruba Cloud? Oh yeah.. too much to ask for right. Even the network isn't something you can trust a long-time customer of yours with.

So everything has been set up again now, and there are some things I would like to stress about hosting providers.

You don't own the hardware. While you do have root access, you don't have hardware access at all. Remember that therefore you can't store anything on it that you can't afford to lose, have stolen, or otherwise compromised. This is something I kept in mind when I made my servers. The edge nodes do nothing but reverse proxying the services from my LXC containers at home. Therefore the edge nodes could go down, while the worker nodes still kept running. All that was necessary was a new set of reverse proxies. On the other hand, if e.g. my Gitea server were to be hosted directly on those VPS's, losing that would've been devastating. All my configs, projects, mirrors and shit are hosted there.

Also remember that your hosting provider can terminate you at any time, for any reason. Server redundancy is not enough. If you can afford multiple redundant servers, get them at different hosting providers. I've looked at Aruba Cloud's Terms of Use and this is indeed something they were legally allowed to do. Any reason, any time, no notice. They covered all their bases. Make sure you do too, and hope that you'll never need it.

Oh, right - this is a rant - Aruba Cloud you are a bunch of assholes. Kindly take a 1Gbps DDoS attack up your ass in exchange for that termination without notice, will you?

Despite common sense, I think technology is not making our lives easier. It's just build chaos on top of chaos.

Take server-side programming for instance.

First you have to find someone to host your thing, or a PaaS provider. Then you have to figure out how much RAM and storage you need, which OS you're going to use. And then there's Docker (which will run on top of a VM on AWS or GCP anyway, making even less sense). And then there's the server technology: nginx, Apache (and many many more; if, that is, you're using a server at all). And then there are firewalls, proxies, SSL. And then you go back to the start, because you have to check if your hosting provider will support the OS or Docker or your server. (I smell infinite recursion here.)

Each of these moving parts come with their own can of worms in terms of configuration and security. A whole bible to read if you want to have the slightest clue about what you're doing.

And then there's the programming language to use and its accompanying frameworks. Can they replace the server technology? Should you? Will they conflict with each other and open yet another backdoor into your system? Is it supported by your hosting provider? (Did I mention an infinite recursion somewhere?)

And then there's the database. Does it have a port to the language/framework of your choosing? Why does it expose an web interface? Is it supposed to replace your server? And why are its security features optional again? (Just so I have to test both the insecure and the secure environments?)

And you haven't written a single line of code yet, mind you.

"Our central servers firewall has been breached" - Doesn't even work on a server or anything, just his laptop

"How many proxies do we have left?"

"Around 10.200"

I don't take responsibility for any brain damage

So last night a friend randomly found a raw not-yet-installed WordPress instance on a public domain that he found on a Facebook site (it was already linked for I don't know how long, but just not installed).

He told me about it and, being the guy I am, I signed up an account on some free MySQL hosting website, set up a database and used it for that WordPress site.

I then left a kind little note on the front page for the admin telling him that I just saved his ass since others could've done the same but posted racist shit or something and, also, told him not to use WordPress.

Even though I had no bad intentions, I used proxies and VPN connectsions because you never know how these people might react.

Hopefully they'll learn from it 😇

My professor said "I will use AI and Blockchain technologies to not let proxies happen ever".
😑

I am building a website inspired by devrant but have never built a server network before, and as im still a student I have no industry experience to base a design on, so was hoping for any advice on what is important/ what I have fucked up in my plan.

The attached image is my currently planned design. Blue is for the main site, and is a cluster of app servers to handle any incoming requests.

Green is a subdomain to handle images, as I figured it would help with performance to have image uploads/downloads separated from the main webpage content. It also means I can keep cache servers and app servers separated.

Pink is internal stuff for logging and backups and probably some monitoring stuff too.

Purple is databases. One is dedicated for images, that way I can easily back them up or load them to a cache server, and the other is for normal user data and posts etc.

The brown proxy in the middle is sorta an internal proxy which the servers need to authenticate with to connect to, that way I can just open the database to the internal proxy, and deny all other requests, and then I can have as many app servers as I want and as long as they authenticate with the proxy, they can access the database without me changing any firewall rules. The other 2 proxies just distribute requests between the available servers in the pool.

Any advice would be greatly appreciated! Thanks in advanced :D

Fuck corporate proxies. Fuck having to debug them, fuck figuring out how to use them with every piece of software you need, fuck failed builds due to some repository surprisingly being blocked for unknown reason and, most of all, fuck IT staff who deny there was a problem once it mysteriously disappears.

Thinking about making a bot that uses selenium , and automatically finds proxies/ uses vpn's to access a particular companies homepage and then moves the mouse in a penis shape. They use hotjar and I want to do this as a fun side project and as a subtle fuck you to them.

Complete disaster. As a C++ dev I was assigned to maintain some Python applications (some of them acting as proxies, wtf) just because the original authors left the team. It's slow as hell and it's not even a product - it's a helper tool. Cannot rewrite because nobody will give a green light for that. Why? Why?!

In my opinion, russian nation's chronic inability to fight oppressive regimes is partly attributed to one interesting quirk the russian language has.
When talking about injustice committed against someone, or making threats to commit said injustice, the actor is completely omitted.
Here's an example:
“Надо будет — найдут”, roughly translated to “they could find you if they wanted to”, is a common phrase to use when talking about proxies, VPNs and other online privacy measures. But the word “they” in English translation is nowhere to be found in the original text! Let's examine the literal translation:
- “надо будет” — “the need will arise”
- “найдут” — “will find you”
The English phrase “they could find you if they wanted to” can be easily challenged with a simple question: “Who's they?” The government? The corporates? The regime? The CIA? Who exactly?

English language can mimic that with passive voice: “you are being watched”, “you are an easy target”, etc. But in active voice, you can't avoid using “they” or some other actor.
In russian, you can. And you will. Indeed, this is how russian people converse. It's a very specific, very common pattern that never really changed.

It's a very powerful thought-terminating cliché built straight into the language. You can't fight an enemy that has no name and no word to describe it, not even a euphemism. The very language you THINK in prevents you from analyzing the entities that oppress you.

In a Tom Scott Plus video where he tried tightrope walking, he learned that they don't say the “F-word” — “fall”. You can't say “I'm afraid I'll fall”. You have to find more specific alternatives like “I'm afraid I'll lose balance”. The word “fall” in this context is a thought-terminating cliché. There is no going back after you “fall”. But if you “lose balance”, you can “regain balance” — the lack of a thought-terminating cliché promotes problem-solving.

Russian language is the same, but in soviet russia, language terminates you, I guess.

So been working with Linux for almost 10 years now, so am not new with this. But yesterday, a friend had difficulties accessing Wikipedia and their sister sites so I tried to help him out, you know, the usual way. Ping, Direct IP, DNS, and proxies/VPN, checking his /etc/hosts, but to no avail. Decided to download TeamViewer and install it so that I can help him out remotely. Went afk for 30min for dinner and when I came back, TeamViewer installation .Deb installer literally uninstalled every single software from my Kubuntu machine, from Spotify and slowly even my file manager and terminal was uninstalled. When it was over, even my grub was uninstalled.

Had anyone faced the same issue before?

Am I the only one who cringes hard whenever I see people talking about VPNs, when they only really use them as glorified web proxies?

One can't have any personal repo and git protocol is disabled by the proxies and we are calling ourselves devops welcoming.
This is simply fuckops.

Since, I am already using Mullvad's vpn service, I also stumbled on https proxies.
Is it still safe to enter my devRant login data, when I would use a https proxy in FF's settings?
The Proxy is a free elite https proxy.
And devRant also uses SSL.
The traceroute would seem like this I guess.:
VPN(*le me sendin my password -> SSL Proxy -> SSL DevRant)
--------------------
Following that path, I would assume that it would be like this in detail:
HTTPS Request
-PW gets encrypted by VPN service
-" " " again " HTTPS Proxy
-" " " again " devRant itself

The perks of working for a .NET shop:
1. 130€ of credit to burn on Azure every month, so I can run some long builds there, to have VPN/proxies for free that are not easily blacklisted and whatever else I can think of. Today I set up a VM for my wife to RDP into, so she doesn't have to do her job search on her company laptop (which is the only computer she has right now).

So there I am sitting in front of my laptop, and trying to npm i and I am getting all sorts of sha mismatch errors.

After lot of debug I conclude it is coming from the proxy as it refuses to download and supplies the error page.

It says it's because I'm using the old proxy so they give me the new URL which I set up and it works.

All good until my password expires. I use our bash script to change it. NPM is buggered again throwing the same errors.

Go to IT, tell them the saga begins.

After a countless hours of looking at the log files we notice that the npm registry is set to http instead of the standard https (thanks bash script). so our firewall blocks the download.

Sorted, finally.

Almost. NPM now works fine, but when I go and I play around with node and axios, I get my requests time out. My instinct says its the bloody proxy again.

So I hit up my trusted WIN Support guy and he confirms that the url is not blocked. So he starts monitoring whats going on and turns out, every time I run the node app, node casually ignores the system-wide proxy settings and tries to send the request as the PC rather then my username.

Since the pc's don't have rights on the proxy it is being refused...

Thank fuck for the corporate proxies, without them, I could just develop things not ever learning these quirks of node...

Well. I'm simply SO UNFUCKINGBELIEVABLE PISSED RIGHT NOW!! {>,,,<}

I'm implementing a monolithic frontend that embeds different projects which I don't want to alter if not really necessary. So I put them all into iframes, already handled all the security and auth stuff with proxies and so on and now I just want to access the body.scrollHeight property. Which is not even the probelm at all.

The fucking Problem is, that I just can't find a way to hook into any event which fires when all content is loaded and the final scrollHeight is set. Instead it just returns some default value that is set when the iframe element is loaded, but not something that is actually based on it's damn ass-fucking contents!!

Iframes are fucking pricks and I know I'll gonna go to hell for abusing them like this :S

Trying to implement a dynamic data masking solution for our databases, to filter out sensitive data.

This seems like a problem which should've been solved decades ago. But it isn't. All DDMs, proxies, seeders, maskers... they all suck balls.

Which makes me wonder, how many devs walk around with MacBooks with half a million credit card numbers on them...

Thank god there are (web) proxies.
The Turkish government is blocking access to many porn sites (which I find kind of ok - to make a barrier for the kids), but then again also German Streaming websites.
They are not blocking most German websites tho. Just the websites in the "illegal to non ethical" category (which I also find kind of OK), but it annoys me.

While setting up a node app while sitting behind draconian proxies:
- first, set $http_proxy & $https_proxy
- set git proxy
- then, npm proxy, jspm proxy and bower proxy
- followed by strictSSL to false.....
After moving to home network/VPN, change all of these proxies again. It is a never ending vicious circle :(

Fuck HttpClient

Once upon a time there was WebClient and WebRequest, everything was simple and life back then was just 3 lines of code. But Microsoft came and decided to ruin everything with HttpClient. WHY IS HTTPCLIENT AN ASS TO DISPOSE? why cant you just close the connection and not fucking leave us with a TIME_WAIT. oh yes it doesn't support ftp and you'll recommend us to use a third party lib? fuck it if you want us to move to something better don't leave us with a half-assed HttpClient. but what about if you have 1000 proxies? oh boy I do love to initialize 1000 HttpClients with different HttpClientHandlers, want only to use HttpClient each request? goodluck filling your ports with TIME_WAIT seriously microsoft

Dev companies, please, stop trying to force proxies to your devs... you just make us waste more time figuring out how to avoid it rather than working as we really want.

Fuckin damn it Google! I setup a transparent proxy and for some fucking reason Google home doesn't like that at all. I think I have a fix but it's a real fucking pain in the ass. I call your support people who I specifically tell that I'm running a fucking proxy and they tell me that I need to talk to their Google WiFi team. It has nothing Todo with my fucking wifi bitch. Its your price of shit price of crap hardware that doesn't like fucking proxies.

I'll update everyone what the fix is when I find it.

Btw, this is a HTTPS transparent proxy and HTTP transparent proxy running on my pFSense firewall box.

Just wanted to do some scripted image resizing for school in school because the teacher asked me to help her with that.
So I thought: Let's just write a tiny script. Written the script in almost no time (just iterates over all jpg's and resizes them)

30sec.

Now I tried to run it. Didn't have my laptop so I had to somehow run it on their windows PCs. At least it's windows 10, unlike other schools that still run XP and stuff so I thought it might be doable. Well guess what, nope it wasn't.

First tried to install imagemagick, that didn't work as only teacher accounts have admin and the teacher was already pretty scarred once he saw me doing stuff in powershell so I thought I'd better not ask to do this via a teacher account and mess with stuff as admin.

Next method: Installing msys2. That worked at least (after taking forever to install and having to mess with the av software to get it to run).
And there comes the next problem: pacman doesn't connect via the proxy so I can't download any packages. There is free wifi but only for teachers, and students aren't going to get access until the school finally has a faster connection because they'd (understandably) cause this connection to be constantly overloaded. I just happen to have access to this wifi network, too, because at least the guys from the IT dept know how bad using proxies under linux is. So I connect via wifi and it works. At least I thought: After running the script it yields weird errors about unsupported arguments even though the command is exactly the same I have been using for years (already checked typos twice)

Then got the idea of simply installing imagemagick on termux on android and transferring the files onto my phone.
Too bad we aren't allowed to attach our own USBs to the pcs. Luckily I got a rooted phone so I simply activate adb over network and connect to it.
After downloading the platform-tools I can't run them because of AV software. Luckily there is an option to add an exception per executable so I do that. After doing that it works.... nope it doesn't. The wifi only allows 443/tcp and 80/tcp, even for internal network devices.

So that's it. I'm simply going to upload that stuff to my nextcloud and convert it at home.

Windows, I hate you!!!

I decided to use Docker Compose on a tiny project that essentially consists of an API and a Caddy server that serves static files and proxies to the API, all of this running on an EC2 t1-nano. I made this admittedly odd choice because I wanted to learn Compose and simultaneously forego figuring out why the node-gyp bindings for sqlite3 refuse to build on EC2 even though it builds just fine on my machine.

I am storing secrets in .env which is committed into the private GH repo. Just now I came across a rant that described the same security practice and it sounded pretty bad from an outside perspective so I decided to research alternatives.

Apparently professional methods for storing secrets generally have higher system requirements than a t1-nano. I'm not looking for a complex service orchestration system, I'm not trying to run an enterprise on this poor little cloud-based raspberry pi. I just want to move my secrets out of the Git repo,

Any tips?

Hi
any of you guys had problems with electron/puppeteer, especially trying to load pages using proxies
I'm using arch linux

Are there any real trusted and with an anonymity level of Elite, proxies out there or do I have to make my own?

I hate ansible and proxy's, that's all.

Chinese? Someone thinks this is funny...

Fokers... gtfo!

Hello everyone,

I've got a somewhat special issue with my setup.

I am running an instance of `lucaslorentz/ caddy-docker-proxy` as proxy that handles certificates and request and proxies them to docker containers that run `abiosoft/caddy:php` to host Laravel based applications. The problem is, that the `abiosoft/caddy` containers do not know it's assigned hostname and thus Laravel's `asset`, `secure_asset` and `url` respectively `secure_url` don't work as they use the internal hostname which would be an IP address and thus requests go to 192.168.240.x instead of example.com.

I am not yet entirely sure where I should tackle this problem and am grateful for every hint.

I am currently also evaluating traefik instead of Caddy-docker-Proxy and Caddys v2 official container instead of abiosoft's Caddy v1 container but I guess, that this wouldn't solve the issue as the container still wouldn't know that it's given Domainname is example.com

Fuck these IT corporate proxies
Nothing just *works* and you have to fiddle with shit all the time and waste hours and days
The worst thing is the team I work on and their code isn't on the corporate server so if I'm on their damn proxy I can't access my work, if I'm not I can't access company stuff that I need

So I work with another team that develop services I use for my website.

The thing is, when they do big changes, I am not warned. So when I update my proxies, surprise, don't compile anymore, have things to change.

Worse is, I have their code right now. And the code that is deployed right now. They're not the same. So I know that I'm gonna have to change again things some days, but that's because I searched through the code.

Has anyone maybe a link to HTTP security topics in general?

I find often breadcrumbs, like in several different attack possibilities, but nothing comprehensive.

Mostly regarding HTTP 1.1 / HTTP 2 (h2c) and proxying.

I'm currently unclogging an whole ecosystem of proxies, endpoints, edge nodes and so on...

My knowledge is limited and it's frustrating to Google cause seemingly I get always just pieces of the puzzles but not a collection -.-

(Looking for specific information, e.g. regarding attacks like H2C Smuggling, HPACK attacks, stuff regarding Cookies / Headers / Encoding... But please not spread over several dozen pages where it becomes frustrating to read the same shit over and over again without learning something new :( )