Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

A wild Darwin Award nominee appears.

Background: Admins report that a legacy nightly update process isn't working. Ticket actually states problem is obviously in "the codes."

Scene: Meeting with about 20 people to triage the issue (blamestorming)

"Senior" Admin: "update process not working, the file is not present"
Moi: "which file?"
SAdmin: "file that is in ticket, EPN-1003"
Moi: "..." *grumbles, plans murder, opens ticket*
...
Moi: "The config dotfile is missing?"
SAdmin: "Yes, file no there. Can you fix?"
Moi: "Engineers don't have access to the production system. Please share your screen"
SAdmin: "ok"
*time passes, screen appears*
Moi: "ls the configuration dir"
SAdmin: *fails in bash* > ls

*computer prints*
> ls
_.legacyjobrc

Moi: *sees issues, blood pressure rises* "Please run list all long"
SAdmin: *fails in bash, again* > ls ?
Moi: *shakes* "ls -la"
SAdmin: *shonorable mention* > ls -la

*computer prints*
> ls -la
total 1300
drwxrwxrwx- 18 SAdmin {Today} -- _.legacyjobrc

Moi: "Why did you rename the config file?"
SAdmin: "Nothing changed"
Moi: "... are you sure?"
SAdmin: "No, changed nothing."
Moi: "Is the job running as your account for some reason?"
SAdmin: "No, job is root"
Moi: *shares screenshot of previous ls* This suggests your account was likely used to rename the dotfile, did you share your account with anyone?
SAdmin: "No, I rename file because could not see"
Moi: *heavy seething* so, just to make sure I understand, you renamed a dotfile because you couldn't see it in the terminal with ls?
SAdmin: "No, I rename file because it was not visible, now is visible"
Moi: "and then you filed a ticket because the application stopped working after you renamed the configuration file? You didn't think there might be a correlation between those two things?"
SAdmin: "yes, it no work"
Interjecting Director: "How did no one catch this? Why were there no checks, and why is there no user interface to configure this application? When I was writing applications I cared about quality"
Moi: *heavy seething*
IDjit: "Well? Anyone? How are we going to fix this"
Moi: "The administrative team will need to rename the file back to its original name"
IDjit: "can't the engineering team do this?!"
Moi: "We could, but it's corporate policy that we have no access to those environments"
IDjit: "Ok, what caused this issue in the first place? How did it get this way?!"

TFW you think you've hit the bottom of idiocy barrel, and the director says, "hold my mango lassi."

Root interviews for a job

So I've been interviewing for fun lately (and for practice), and it's been going mostly well. This one company in particular looks interesting, and they seem to really like me. This morning was interview #4 with them; tomorrow morning is #5.

The previous interviews were pretty enjoyable, especially the last one where I interviewed with one of the senior devs who gave me his "grumpy old man rails quiz." He actually asked some questions I wasn't able to answer! (Mostly dealing with Rails' internals.) Also when showing me the codebase, there were a few things I hadn't seen before, so it's exciting that I'll actually be able to learn something if I sign on. We ended up talking for almost an hour past our allotted time, and we got along famously. He said he was very surprised I did so well on his quiz because most people don't. Everyone else I interviewed with so far has liked me and gave positive reviews, too.

I don't know if I want the job, but that's beyond the scope of this rant anyway. The real reason for this comes next.

My interview today was with the VP of engineering. It was more of a monologue, as he wanted to give me perspective to see if I actually wanted to work there, but it was still very much a monologue. He's an old white guy who seems to loves to drone, and he never seemed very happy when I responded, so I let him drone and drone. Good information though.

But he's very set in his ways in some regards, and two of them were pretty insulting. We never really talked about technicals, and he just assumed that since I wasn't old and graying that I was a junior dev. He said, and I'll quote: "We run a lean but senior team, so we typically only hire senior devs here. But the dev team is all old white men. There's no diversity in talent, age, sex, race, religion, etc, and I'm looking to change that." He made several more allusions to my more junior level, too. He made a lot of assumptions (like how I'm not comfortable with structure because I've been the only dev so often) and got annoyed when I countered them.

I realize he has no idea of my skill level -- even though he should if he was listening to his team -- but to just assume that I'm not talented because I'm young, and bloody hire me just because I'm female? I don't want to be your diversity hire, old man. 🤬

So I'm feeling angry.
I might still take the job because the it offers considerable benefits over where I'm working (despite being quite happy here), but it will absolutely be despite him.

Productive day!

Rewrote an intern's feature and briefly explained how/why
Gave intern a choice of projects, and explained them
Removed two unused models, one unused route
Dried up two views into a partial
Redesigned said partial
Tested validation edge cases (ex: Jan 10nd, 101bc)
Fixed an api
Simplified three models
Added scheduling and platform restriction to a feature
Le wild bug appears: a user with negative xp!?
Wrote a migration to expand players' max xp to 2^64-1 because a certain legacy game gives it away like my ex-boss makes promises. Chewed at devs, but they're all long gone so :/
Won two games of pool
Browsed devRant

Busy day, and all of this while falling asleep! 😊
I'm quite proud of myself today.

To those that think they can't make it.
To those that are put down by those that don't understand you.
And to those that have never had a dream come true.

Not a rant, but the story of how I got into programming

I've always been into tech/electronics. I remember being told once that when I was 3, I used to take plug sockets to pieces. When I was 7, I built a computer with my dad.
There isn't a thing in my room that hasn't been dismantled and put back together again. Except for the things that weren't put back together again ;)

When I was 15, I got a phone for Christmas. It was a pretty crappy phone, the LG P350 (optimus ME). But I loved it all the same.
However I knew it could do a lot more. It ran a bloated, slow version of Android 2.2.
So I went searching, how can I make it faster, how to make it do more. And I found a huge community around Android ROMs. Obviously the first thing I did was flashed this ROM. Sure, there were bugs, but I was instantly in love with it. My phone was freed.

From there I went on to exploring what else can be done.
I wanted to learn how to script, so over the weekend I wrote a 1000 line batch (Windows cmd) script that would root the phone and flash a recovery environment onto it. Pretty basic. Lots of switch statements, but I was proud of it. I'd achieved something. It wasn't new to the world, but it was my first experience at programming.

But it wasn't enough, I needed more.
So I set out to actually building the roms. I installed Linux. I wanted to learn how to utilise Linux better, so I rewrote my script in bash.
By this time, I'd joined a team for developing on similar spec'd phones. Without the funds to by new devices, we began working on more radical projects.
Between us, we ported newer kernels to our devices. We rebased much of the chipset drivers onto newer equivalents to add new features.

And then..

Well, it was exam season. I was suffering from personal issues (which I will not detail), and that, with the work on Android, I ended up failing the exams.
I still passed, but not to the level I expected.

So I gave up on school, and went head first into a new kind of development. "continue doing what you love. You'll make it" is what I told myself.

I found python by contributing to an IRC bot. I learnt it by reading the codebase. Anything I didn't understand, I researched. Anything I wanted to do, google was there to help me through it.

Then it was exam season again. Even though I'd given up on school, I was still going. It was easier to stay in than do anything about it.
A few weeks before the exams, I had a panic attack. I was behind on coursework, and I knew I would do poorly on exams.
So I dropped out.
I was disappointed, my family was disappointed.
So I did the only thing I felt I could do. I set out to get a job as a developer.

At this stage, I'd not done anything special. So I started aiming bigger. Contributing to projects maintained by Sony and Google, learning from them. Building my own projects to assist with my old Android friends.
I managed to land a contract, however due to the stresses at home, I had to drop it after a month.
Everything was going well, I felt ready to get a full time job as a developer, after 2 years of experience in the community.

Then I had to wake up.
Unfortunately, my advisors (I was a job seeker at the time) didn't understand the potential of learning to be a developer. With them, it's "university for a skilled job".
They see the word "computer" on a CV, they instantly say "tech support".
I played ball, I did what I could for them. But they'd always put me down, saying I wasn't good enough, that I'd never get a job.
I hated them. I'd row with them every other day.

By God, I would prove them wrong.

And then I found them. Or, to be more precise, they found me. A startup in London got in contact with me. They seemed like decent people. I spoke with their developers, and they knew their stuff, these were people that I can learn from.
I travelled 4 hours to go for an interview, then 4 hours back.
When I got the email saying they'd move me to London, I was over the moon.
I did exactly what everyone was telling me I couldn't do.

1.5 years later, I'm still working with them. We all respect each other, and we all learn from each other.

I'm ever grateful to them for taking a shot with me. I had no professional experience, and I was by no means the most skilled individual they interviewed.

Many people have a dream. I won't lie, I once dreamed of working at Google. But after the journey I've been through, I wouldn't have where I am now any other way. Though, in time, I wish to share this dream with another.
I hope that all of you reach your dreams too.

Sorry for the long post. The details are brief, but there are only 5k characters ;)

I've got a confession to make.

A while ago I refurbished this old laptop for someone, and ended up installing Bodhi on it. While I was installing it however, I did have some wicked thoughts..

What if I could ensure that the system remains up-to-date by running an updater script in a daily cron job? That may cause the system to go unstable, but at least it'd be up-to-date. Windows Update for Linux.

What if I could ensure that the system remains protected from malware by periodically logging into it and checking up, and siphoning out potential malware code? The network proximity that's required for direct communication could be achieved by offering them free access to one of my VPN servers, in the name of security or something like that. Permanent remote access, in the name of security. I'm not sure if Windows has this.

What if I could ensure that the system remains in good integrity by disabling the user from accessing root privileges, and having them ask me when they want to install a piece of software? That'd make the system quite secure, with the only penetration surface now being kernel exploits. But it'd significantly limit what my target user could do with their own machine.

At the end I ended up discarding all of these thoughts, because it'd be too much work to implement and maintain, and it'd be really non-ethical. I felt filthy from even thinking about these things. But the advantages of something like this - especially automated updates, which are a real issue on my servers where I tend to forget to apply them within a couple of weeks - can't just be disregarded. Perhaps Microsoft is on to something?

FLOYD IS HERE 😎

Gather around kids, it's story time.

So my first breakup left me so damaged and I was in darkest phase of my life. I was alone. Physically, mentally, and emotionally. I went for therapy and spearheaded into success and grew in life soooo fucking much.

31st December 2016, I first joined dR and since the first day this place felt home. Met some of brightest mind and most amazing souls here (sadly many left the place).

I used to shit post and rant a lot. But I loved everyone here. But then I don't quite remember, but I decided to quit this place as community started to grow. Many others left as well.

I came back here in 2019 IIRC and started all over again. Got along well with new members and started having fun.

I used to crib and cry about being underpaid. Lost a kickass Europe job due to pandemic.

I will skip what all happened between me and @Scout but she is a sweetheart, though very rough and brutal with me at times (actually very often), but she is so selfish for me and cares for me that I couldn't resist but listen to her always. A lifelong friend for sure :)

I used to rant about my dumb office colleagues. Definitely not the sharpest minds but good people at heart (which I did not realise).

So in October 2020, I earned a new job and my company retained me with a 100% raise and a promotion making me lead of product innovation and UX.

November end I met a girl in professional context on LinkedIn who was conducting a workshop. Being hungry for learning, meeting new people and kill my lockdown boredom, I singed up.

Now I went for December break and my colleagues sent me a gift hamper when they came to know I got a promotion. I felt bad that I ranted about them so I deleted my account and also wanted a social detox.

Post the workshop, I started conversing casually with the girl I met. She was married. But things hit off. Eventually in February end I confessed that I had feelings for her and in next few days she reciprocated. I told her I was aware of her marital status and it's okay if nothing happens between us. Then she started to open up of how she was with one guy for 17 years and was abused in everyway and wanted to separate but never had the courage and all.

She decided to file for paperwork and then be with me. Things got messy when her family got involved thinking I was causing all of it.

She went back to her partner and I realised I had some emotional and mental issues of a person's past that bothered me. But we were overcoming it. Soon the honeymoon period started phasing out.

Her family started giving me death threats. We went underground even further. More arguments and fights between us.

@Scout kept telling me I was stupid and I disregarded her. I feel like an idiot for not listening to her.

That girl kept gaslighting me, hurting me intentionally, scratching the surface made me realise how broken and damaged she was. She lied to me and created fake persona of herself to make me fall for her. Everything was lie. Literally.

I felt horrible for trusting her. My trauma relapsed and I started having crazy panic attacks leading to self harm and being suicidal. That girl was drugged all the time with psychological medicines and very poor character & personality in general (I don't want to judge anyone but just stating the facts).

Eventually she just disappeared and I was like fuck this. Earlier, after every fight, she used to show fake affection and I used to melt but not this time.

I was like fuck this shit. I have some super amazing friends like @kiki who helped me overcome this. I started going for therapy and realised what all areas I need to improve. My therapist is soooo brilliant, she understands the root cause instantly and also knows how to fix it. And the same day I and both my parents were COVID-19 positive. Last few weeks were dark and haunting.

Further more, the girl comes back after a week and then acts as a 'nice girl'.
Initially fake affection, then drama, followed by making me guilt trip, then threats, and now blaming me.

I kept ignoring her calls (50 to 70 calls in a day), emails, left her unread on Telegram, and everything I could do to ignore her without blocking her. I started gaining my happiness back.

During this mess, I lost 5+ KG of weight. She has no friends in her mid 30s. Knows no life or survival skills. Her family hates her, no career, no emotional or mental maturity, literally nothing. Insanely dumb and toxic manipulative person who is not even worth being called an ex. As per her everyone around her is an asshole except her. Every time something happened, she used to blame and bad mouth the other person. Now she is doing with me. In all her life situations, either she was a hero or a victim. One upped me all the time. Now that I see it, I hate myself for allowing it all of it and now having enough self worth to walk out of it earlier.

Continued in comments...

Yesterday (or the day before that depending on your timezone and day-night schedule - this Friday) my OnePlus 6T arrived. After only 2 days of time between placing the order and actually getting the phone, quite impressive!

The DHL guy asked me upon receipt - is it the OnePlus 6T? - Yes it is!! - "An amazing device it is!", he said. And honestly.. he couldn't be more right.

I might be a bit biased on this because after all I did just spend €630 on this phone. But it feels so snappy, high quality, the 8GB of RAM is just.. it blows my mind. But I'm sure that the other reviews did this sort of jazz already.

The things that set this phone apart for me though were the following.

When I get a new phone or tablet, usually the first thing I do is rooting it. This one was no different, about an hour after receipt it was successfully rooted and loaded with Magisk. Currently I'm still in the phase of "getting to know the phone", wherein fuckups are usual. This time again being no different - I removed some apps and apparently did something to it that the search engines - both Google and DuckDuckGo - didn't quite like, as both of them would crash upon application launch. Me in full panic mode of course, desperately trying to find the stock ROM (which doesn't seem to be present in its usual form) or a new set of GApps (which didn't resolve the issue). OnePlus does seem to offer its OTA updates in zip archives though. So I downloaded its latest update (same as what was on the device) and applied it.

That's when the nerdgasm happened.

The "update" was simply a matter of going into the settings, tapping this and that and applying the update. No recovery, no unrooting, no nothing. The update just went like that despite the phone being rooted and just having had TWRP flashed to it. I always wanted this sort of thing, which even the Nexus couldn't offer - having the cake and eating it too. Being able to root the device and muck around with it while still being able to update the device timely without too many hurdles. This fucking thing does it!!!

That is to say, after my initial nerdgasm I did find that it bulldozed over my su binary (effectively unrooting the thing), custom emoji I've set (iOS 12 because fuck Google's most recent emoji set) and some other things. But those are easy to install back, much more so than it would've been to download a whole Android release and dirty flash it, as it was on the Nexus.

Other than that, battery life, dash charging (edit: on that topic, it does remain cool like a cucumber despite getting 15-20W of power jammed into it, quite impressive!), snappiness, the usual jazz.. eh, as I said earlier that's the usual reviewer stuff. But this feature of being able to upgrade the phone while it's modified, that's something which seems to be severely underrated by those.

Oh and during kernel builds, I couldn't quite get the source to work - probably due to my lack of experience with builds of Android kernels - but I did find that this phone actually exposes its kernel config through /proc/config.gz as it should. None of my MediaTek devices do this, so that's something that I found really appealing. Always nice to see when a manufacturer exposes this information to give you a stock sort of config that you can be rest assured will work configuration-wise. And it allows you to see what the stock kernel is actually built with, which again is really nice. I quite like this! It really encourages further development.

THE WORST PRANK ATTEMPT

If i remember true, it was 2012. april fool day..

me and my co-worker (we were the founders) decided to fool our members (we had a script's unofficial support forum). so, we did the plan. we register another account on march and wrote a few useful messages with it. help guys with that fake account (named as Root).

on fool day, we move the site to hidden folder (but didnt backup it) and added an index file as "hi, i am Root. you know me who am i. i hacked this site and deleted all dbs. cya later" (in turkish of course)

and we sit our chairs, began the watch our messages from facebook,skype,whatsapp etc..

we act like we are in trouble and we cant solve the problem.
at the same time, one of the our crew, decided to help us :D
so, he contact with our server's management crew. they dont know the fool too :)

server management looked up the situation without try to contact with me or my co. and we got an email from server like that
"hello tilkibey and impack, we just realized your site is hacked. so we delete your all ftp and db for safety. please contact with us asap"

we shocked and contact with them, explain the truths and request the recover our site (because we though they backup site before deleting all things). but they didnt backup it :(

so, we recover our last backup which is got nearly 10 days ago :(

I think I want to quit my first applicantion developer job 6 months in because of just how bad the code and deployment and.. Just everything, is.

I'm a C#/.net developer. Currently I'm working on some asp.net and sql stuff for this company.

We have no code standards. Our project manager is somewhere between useless and determinental. Our clients are unreasonable (its the government, so im a bit stifled on what I can say.) and expect absurd things from us. We have 0 automated tests and before I arrived all our infrastructure wasn't correct to our documentation... And we barely had any documentation to begin with.

The code is another horror story. It's out sourced C# asp.net, js and SQL code.. And to very bad programmers in India, no offense to the good ones, I know you exist. Its all spagheti. And half of it isn't spelled correctly.

We have a single, massive constant class that probably has over 2000 constants, I don't care to count. Our SQL projects are a mess with tons of quick fix scripts to run pre and post publishing. Our folder structure makes no sense (We have root/js and root/js1 to make you cringe.) our javascript is majoritly on the asp.net pages themselves inline, so we don't even have minification most of the time.

It's... God awful. The result of a billion and one quick fixes that nobody documented. The configuration alone has to have the same value put multiple times. And now our senior developer is getting the outsourced department to work on moving every SINGLE NORMAL STRING INTO THE DATABASE. That's right. Rather then putting them into some local resource file or anything sane, our website will now be drawing every single standard string from the database. Our SENIOR DEVELOPER thinks this is a good idea. I don't need to go into detail about how slow this is. Want to do it on boot? Fine. But they do it every time the page loads. It's absurd.

Our sql database design is an absolute atrocity. You have to join several tables together just to get anything done. Half of our SP's are failing all the time because nobody really understands the design. Its gloriously awful its like.. The epitome of failed database designs.

But rather then taking a step back and dealing with all the issues, we keep adding new features and other ones get left in the dust. Hell, we don't even have complete browser support yet. There were things on the website that were still running SILVERLIGHT. In 2019. I don't even know how to feel about it.

I brought up our insane technical debt to our PM who told me that we don't have time to worry about things like technical debt. They also wouldn't spend the time to teach me anything, saying they would rather outsource everything then take the time to teach me. So i did. I learned a huge chunk of it myself.

But calling this a developer job was a sick, twisted joke. All our lives revolve around bugnet. Our work is our BN's. So every issue the client emails about becomes BN's. I haven't developed anything. All I've done is clean up others mess.

Except for the one time they did have me develop something. And I did it right and took my time. And then they told me it took too long, forced me to release before it was ready, even though I had never worked on what I was doing before. And it worked. I did it.

They then told me it likely wouldn't even be used anyway. I wasn't very happy at all.

I then discovered quickly the horrors of wanting to make changes on production. In order to make changes to it, we have to... Get this

Write a huge document explaining why. Not to our management. To the customer. The customer wants us to 'request' to fix our application.

I feel like I am literally against a wall. A huge massive wall. I can't get constent from my PM to fix the shitty code they have as a result of outsourcing. I can't make changes without the customer asking why I would work on something that doesn't add something new for them. And I can't ask for any sort of help, and half of the people I have to ask help from don't even speak english very well so it makes it double hard to understand anything.

But what can I do? If I leave my job it leaves a lasting stain on my record that I am unsure if I can shake off.

... Well, thats my tl;dr rant. Im a junior, so maybe idk what the hell im talking about.

I have a Windows machine sitting behind the TV, hooked to two controllers, set up as basically a console for the big TV. It doesn't get a lot of use, and mostly just churns out folding@home work units lately. It's connected by ethernet via a wired connection, and it has a local static IP for the sake of simplicity.

In January, Windows Update started throwing a nonspecific error and failing. After a couple weeks I decided to look up the error, and all the recommendations I found online said to make sure several critical services were running. I did, but it appeared to make no difference.

Yesterday, I finally engaged MS support. Priyank remoted into my machine and attempted all the steps I had already tried. I just let him go, so he could get through his checklist and get to the resolution steps. Well, his checklist began and ended with those steps, and he started rather insistently telling me that I had to reinstall, and that he had to do it for me. I told him no thank you, "I know how to reinstall windows, and I'll do it when I'm ready."

In his investigation though, I did notice that he opened MS Edge and tried to load Bing to search for something. But Edge had no connection. No pages would load. I didn't take any special notice of it at the time though, because of the argument I was having with him about reinstalling. And it was no great loss to me that Edge wasn't working, because that was literally the first time it'd ever been launched on that computer.

We got off the phone and I gave him top marks in the CS survey that was sent, as it appeared there was nothing he could do. It wasn't until a couple hours later that I remembered the connectivity problem. I went back and checked again. Edge couldn't load anything. Firefox, the ping command, Steam, Vivaldi, parsec and RDP all worked fine. The Windows Store couldn't connect either. That was when it occurred to me that its was likely that Windows Update was just unable to reach the internet.

As I have no problem whatsoever with MS services being unable to call home, I began trying to set up an on-demand proxy for use when I want to update, and I noticed that when I fill out the proxy details in Internet Options, or in Windows 10's more windows10-ish UI for a system proxy, the "save" button didn't respond to clicks. So I looked that problem up, and saw that it depends on a service called WinHttpAutoProxySvc, which I found itself depends on something called IP Helper, which led me to the root cause of all my issues: IP Helper now depends on the DHCP Client service, which I have explicitly disabled on non-wifi Windows installs since the '90s.

Just to see, I re-enabled DHCP Client, and boom! Everything came back on. Edge, the MS Store, and Windows Update all worked. So I updated, went through a couple reboots-- because that's the name of the game with windows update --and had a fully updated machine.

It occurred to me then that this is probably how MS sends all its spy data too, and since the things I actually use work just fine, I disabled DHCP Client again. I figure that's easier than navigating an intentionally annoying menu tree of privacy options that changes and resets with every major update.

But holy shit, microsoft! How can you hinge the entire system's OS connectivity on something that not everybody uses?

A few days ago Aruba Cloud terminated my VPS's without notice (shortly after my previous rant about email spam). The reason behind it is rather mundane - while slightly tipsy I wanted to send some traffic back to those Chinese smtp-shop assholes.

Around half an hour later I found that e1.nixmagic.com had lost its network link. I logged into the admin panel at Aruba and connected to the recovery console. In the kernel log there was a mention of the main network link being unresponsive. Apparently Aruba Cloud's automated systems had cut it off.

Shortly afterwards I got an email about the suspension, requested that I get back to them within 72 hours.. despite the email being from a noreply address. Big brain right there.

Now one server wasn't yet a reason to consider this a major outage. I did have 3 edge nodes, all of which had equal duties and importance in the network. However an hour later I found that Aruba had also shut down the other 2 instances, despite those doing nothing wrong. Another hour later I found my account limited, unable to login to the admin panel. Oh and did I mention that for anything in that admin panel, you have to login to the customer area first? And that the account ID used to login there is more secure than the password? Yeah their password security is that good. Normally my passwords would be 64 random characters.. not there.

So with all my servers now gone, I immediately considered it an emergency. Aruba's employees had already left the office, and wouldn't get back to me until the next day (on-call be damned I guess?). So I had to immediately pull an all-nighter and deploy new servers elsewhere and move my DNS records to those ASAP. For that I chose Hetzner.

Now at Hetzner I was actually very pleasantly surprised at just how clean the interface was, how it puts the project front and center in everything, and just tells you "this is what this is and what it does", nothing else. Despite being a sysadmin myself, I find the hosting part of it insignificant. The project - the application that is to be hosted - that's what's important. Administration of a datacenter on the other hand is background stuff. Aruba's interface is very cluttered, on Hetzner it's super clean. Night and day difference.

Oh and the specs are better for the same price, the password security is actually decent, and the servers are already up despite me not having paid for anything yet. That's incredible if you ask me.. they actually trust a new customer to pay the bills afterwards. How about you Aruba Cloud? Oh yeah.. too much to ask for right. Even the network isn't something you can trust a long-time customer of yours with.

So everything has been set up again now, and there are some things I would like to stress about hosting providers.

You don't own the hardware. While you do have root access, you don't have hardware access at all. Remember that therefore you can't store anything on it that you can't afford to lose, have stolen, or otherwise compromised. This is something I kept in mind when I made my servers. The edge nodes do nothing but reverse proxying the services from my LXC containers at home. Therefore the edge nodes could go down, while the worker nodes still kept running. All that was necessary was a new set of reverse proxies. On the other hand, if e.g. my Gitea server were to be hosted directly on those VPS's, losing that would've been devastating. All my configs, projects, mirrors and shit are hosted there.

Also remember that your hosting provider can terminate you at any time, for any reason. Server redundancy is not enough. If you can afford multiple redundant servers, get them at different hosting providers. I've looked at Aruba Cloud's Terms of Use and this is indeed something they were legally allowed to do. Any reason, any time, no notice. They covered all their bases. Make sure you do too, and hope that you'll never need it.

Oh, right - this is a rant - Aruba Cloud you are a bunch of assholes. Kindly take a 1Gbps DDoS attack up your ass in exchange for that termination without notice, will you?

TLDR; Default admin login on WEP encrypted WLAN router for getting free stuff at my hair stylist studio.

Free WLAN in my hair stylist studio: They had their WEP key laying around in the waiting area. Well, I am not very happy with WEP, thought that they never heard of security. Found the default GW address, typed it into my browser and pressed Enter, logged in with admin/1234 and voila, I was root on their ADSL router 😌 Even more annoyed now from such stupidity I decided to tell the manager. All I told him was: You use a default login on your router, you give the WiFi password for free, WEP is very very insecure and can be hacked in seconds, and do you know what criminals will do with your internet access? He really was shocked about that last question, blank horror, got very pale in just one sec. I felt a little bit sorry for my harsh statement, but I think he got the point 😉 Next problem was: he had no clue how to do a proper configuration (he even didn't knew the used ISP username or such things). Telled me that 'his brother' has installed it, and that he will call him as soon as possible. Told him about everything he should reconfigure now, and saw him writing down the stuff on a little post-it.

Well, he then asked me what he can pay me? Told him that I don't want anything, because I would be happy when he changes the security settings and that is pay enough. He still insisted for giving me something, so I agreed on one of a very good and expensive hairwax. Didn't used it once 😁

Some weeks later when I was coming back for another hair cut: Free WLAN, logged in with admin/1234, got access and repeated all I did the last time once more 😎

HOW CAN YOU NOT LEARN FROM FAILS??

So here I work with this colleague that , at first , had a reasonable résumé. Whatever.

Time goed by and he is just doing tickets, clicking left and right, the usual grind of a shitty monitoring system which I am working intensely on deprecating that shit. Anyhoo

The last few days it became apparent that his resume was basically a hot air cake and he knows basically nothing intrinsically.
As I have stated before in previous rants, "everyone was a noob once"... But this guy...

He wants to do "something with Ansible"... "Ok what do you want to do?" , I asked (and I regret to have asked).
He basically wants to write new files on targets. Easy enough, I show him how he could do it with playbooks, inventory and role just for demonstrating the entire chain.

This guy chanes everything up, thereby breaking host group assignment, he launchea it on ALL machines...

Luckily it's a harmless file, so dodged a bullet there.

But the real wtf ia that he did it with the root account for our systems, without understanding the difference between "authentication" and "authorization"...

I am now explaining him what the difference is and how he can be able to check it. I give him the commands literally! ( sudo -l -U <user>)

Manages to fucking open up each sudoer file in vim , mistype or whatever he did in an attempt to leave vim... Breaks sudo...

Now he tries to spin it in such a way that I have steered him to break things.

"Dude you just fucking failed a copy/paste and you did absolutely fuckall without understanding what you are doing, then splurge out accusations because you did it wrong!"

FML

Tomorrow i have school starting.
Which inspires me to rant about how school fails. Ill omit the "arguments" - feel free to append arguments for my words in the comments. Lol

Dont get be wrong. I LOVE acquiring knowledge. And this is where my first point starts : PACE. My class is basically an assortiment of dumbfucks who dont understand anything without "learning by heart over the course of several weeks"

Ill give you a concrete example.
Our maths teacher wanted to make us think scientifically. So he invented a new type of numbers "root 6 numbers" that are formed like so:
a + b * sqrt(6)
Now he wants us to find out wether the sum of two root 6 numbers is also a root six number. this is all dandy, BUT CLASSMATES STILL DIDNT GET WHAT ROOT 6 NUMBERS ARE, EVEN AFTER SEVERAL EXPRANATIONS. Worse: they went to the main teacher to blacken the math teacher.
Another example would be the time our class needed to understand functions(x) : 4 weeks. Ik, as a programmer i have some ease, but four weeks is a bit too much.

Because of this slow pace, i am irreversibly bored of and in school.
And this leads to another problem: homework. Since i know most of the stuff (the few things i dont get at school, i research at home) the homework are useless to me and since the others dont get much, the homeworks are often more than abundant {in a negative way}.
So i dont do them - but that makes teachers disregard me. Which im sickened of.
Worse: often i dont get overly good grades (i honestly have no clue why. I know everything and go over most of the stuff with my menthor),which empowers teacher of the argument of "you are not good enuff, so you cant read in class".

It would be JUST FINE if the only problem were teachers - but my peers are horrible too.

I know our brains are growing, but thats no reason for being stupid.

I literally get told that i need to stop wearing shorts because they look horrible.

Yep. Also, most people think they are empowered of teaching me and talking about my defaillance - because they do their homework. Even though they know i know stuff better than them.

Now to one of the worst issues: a group work where we had to de a Radio report. The guy (the one who thinks he is intelligent BECAUSE he has good grades) invited himself and his gf to me, he wanted me to translate 22 pages from german to english (because he was too lazy to write in german), wanted me to do audiorecording, audioediting and writing of a report. When i left the group because i was called "weakest link" he spread the word that i he had done everythinh and that because i left his group had failed (noticed the flow in logic?)

NOW everybody thinks of me as stupid weirdo. And honestly - i think i will stop listening to them. Ive always hated people, i dont need a significant other.

Even though this will come with the secondary effect of me being gossiped at.

But honestly its fine.

You might have noticed my elojquent way of expressing myseld. I did that in order to show that i am, despite my grades, overly proficient in english

Ok. So now comes the conclusion. What should i do? Do you Think that i am like that because im pubescent myself? How can i stop having nightmares of every possible social situotion that could occur?
Does this have to do with me being a dev?

Well. ありがとう for reading.

Why the hell did someone remove the wacom kernel module in android since 4.x? It wasn't hurting any body and instead gave people the ability to connect their wacom tablets to USB OTG compatible devices. As a result we have few apps that have wacom support in play store and shitty reputation that the rotten apple is better for all things media.

And for me it means I have to:
* Figure out a way to root my device
* locate correct version and configuration of currently running kernel.
* set up cross compilation toolchain
* build the kernel module
* transfer it to the device
* insmod it manually
* say a few prayers

.... All I wanted to do was paint 😢

EVERY FUCKING TIME I HAVE TO ASK FOR SOME DNS CONFIGURATION OTHER THAN A SINGLE "A" RECORD THE TI HEAD MANAGES TO FUCK UP...

WHAT THE FUCK IS SO HARD DUDE???

CNAME? OK!

FUCKINGSUBDOMAIN > FUCKING.ALIAS.COM

THIS TIME OUR FUCKING PROVIDER CANT MANAGE ROOT DOMAIN CNAMES SO WHAT DID HE DO?
SIMPLE SAID "ALL DONE" AND ONE WEEK LATTER PEOPLE ARE COMPLAINING BECAUSE THE FUCKING ROOT DOMAIN ISN'T WORKING...

COME ON DUDE, JUST KILL YOURSELF.

AND FOR THE FUCKING MILLIONTH TIME: DOMAIN REGISTAR AND DOMAIN MANAGER ARE TWO SEPARATE FUCKING THINGS! YOU CAN REGISTER YOUR FUCKING DOMAIN ON GODADDY AND MANAGE IT ON FUCKING CLOUDFLARE BY CONFIGURING THE FUCKING DNS SERVERS

Fuck ssh. It does 4 things at once and i couldn't get it to do one. I have some pi's and want a shared directory on each of them. On a server i created a user for that and mounted its home directory on a pi, it worked. I did some lockdowns (no shell, only sftp allowed, login only via keyfile), but i was still able to mount it on boot.

Now i had to migrate this setup to another server. It took me a while copying all the configuration etc. All i got for that was a error-message. I figured out the users home-directory had to be owned be root, fixed that, got another error message. Somehow scp didn't use sftp but the login shell which is /usr/sbin/nologin. That made scp (and sshfs) fail, even though it perfectly works with the other server.

I gave up and removed all the setup. I'll find another distributed filesystem for that (but not samba or nfs, those are way to complicated). Those are the setbacks that depress me.

So I've spent all day chasing around this issue for a coworker who was trying to help a client with a new report they were deploying to their system.

Now I learned a couple of things today because of this. Due to moving buildings, our new network completely broke our report server because the DNS can't resolve it's name. Since we're rewriting this system from the ground up, I haven't been majorly concerned about getting this fixed, but with this coming up, being persistent, I'm glad I figured it out. IT did give us a static IP for this VM, but they never bothered to add a DNS entry for it, so for the past couple of months, this hasn't worked for some reason, and now that's why.

So the root cause of my issue can been seen from 2 directions, the dev of the report, and the dev of the UI that reads it. The dev who wrote this code originally is checking very specifically for 'asc' and 'desc', meanwhile my mans who wrote the report has his order by with 'ASC' where he needs it.
(MAN, THE PREVIOUS DEV WAS GREAT)

I'm glad I was able to help him, but god damn, that took all day, AND TO FIND IT WAS A CAPTIALIZATION ISSUE, AAAAAAAAA FUCK ME

Rubber ducking your ass in a way, I figure things out as I rant and have to explain my reasoning or lack thereof every other sentence.

So lettuce harvest some more: I did not finish the linker as I initially planned, because I found a dumber way to solve the problem. I'm storing programs as bytecode chunks broken up into segment trees, and this is how we get namespaces, as each segment and value is labeled -- you can very well think of it as a file structure.

Each file proper, that is, every path you pass to the compiler, has it's own segment tree that results from breaking down the code within. We call this a clan, because it's a family of data, structures and procedures. It's a bit stupid not to call it "class", but that would imply each file can have only one class, which is generally good style but still technically not the case, hence the deliberate use of another word.

Anyway, because every clan is already represented as a tree, we can easily have two or more coexist by just parenting them as-is to a common root, enabling the fetching of symbols from one clan to another. We then perform a cannonical walk of the unified tree, push instructions to an assembly queue, and flatten the segmented memory into a single pool onto which we write the assembler's output.

I didn't think this would work, but it does. So how?

The assembly queue uses a highly sophisticated crackhead abstraction of the CVYC clan, or said plainly, clairvoyant code of the "fucked if I thought this would be simple" family. Fundamentally, every element in the queue is -- recursively -- either a fixed value or a function pointer plus arguments. So every instruction takes the form (ins (arg[0],arg[N])) where the instruction and the arguments may themselves be either fixed or indirect fetches that must be solved but in the ~ F U T U R E ~

Thusly, the assembler must be made aware of the fact that it's wearing sunglasses indoors and high on cocaine, so that these pointers -- and the accompanying arguments -- can be solved. However, your hemorroids are great, and sitting may be painful for long, hard times to come, because to even try and do this kind of John Connor solving pinky promises that loop on themselves is slowly reducing my sanity.

But minor time travel paradoxes aside, this allows for all existing symbols to be fetched at the time of assembly no matter where exactly in memory they reside; even if the namespace is mutated, and so the symbol duplicated, we can still modify the original symbol at the time of duplication to re-route fetchers to it's new location. And so the madness begins.

Effectively, our code can see the future, and it is not pleased with your test results. But enough about you being a disappointment to an equally misconstructed institution -- we are vermin of science, now stand still while I smack you with this Bible.

But seriously now, what I'm trying to say is that linking is not required as a separate step as a result of all this unintelligible fuckery; all the information required to access a file is the segment tree itself, so linking is appending trees to a new root, and a tree written to disk is essentially a linkable object file.

Mission accomplished... ? Perhaps.

This very much closes the chapter on *virtual* programs, that is, anything running on the VM. We're still lacking translation to native code, and that's an entirely different topic. Luckily, the language is pretty fucking close to assembler, so the translation may actually not be all that complicated.

But that is a story for another day, kids.
And now, a word from our sponsor:

<ad> Whoa, hold on there, crystal ball. It's clear to any tzaddiq that only prophets can prophecise, but if you are but a lowly goblinoid emperor of rectal pleasure, the simple truths can become very hard to grasp. How can one manage non-intertwining affairs in their professional and private lives while ALSO compulsively juggling nuts?

Enter: Testament, the gapp that will take your gonad-swallowing virtue to the next level. Ever felt like sucking on a hairy ballsack during office hours? We got you covered. With our state of the art cognitive implants, tracking devices and macumbeiras, you will be able to RIP your way into ultimate scrotolingual pleasure in no time!

Utilizing a highly elaborated process that combines illegal substances with the most forbidden schools of blood magic, we are able to [EXTREMELY CENSORED HERETICAL CONTENT] inside of your MATER with pinpoint accuracy! You shall be reformed in a parallel plane of existence, void of all that was your very being, just to suck on nads!

Just insert the ritual blade into your own testicles and let the spectral dance begin. Try Testament TODAY and use my promo code FIRSTBORNSFIRSTNUT for 20% OFF in your purchase of eternal damnation. Big ups to Testament for sponsoring DEEZ rant.