My landlord has a workspace below my room, and he had to install wifi for his workspace yesterday. except he couldn't, so he asked me. which I guess is fine, he made very polite request so I figured: might as well.

so I go down, and it's one of these typical isp boxes. I connect my laptop and start messing around with ifconfig and ip route listing. I wouldn't normally even use ip route, but I've been doing a project involving multiple networks. Anyway, I switch networks a few times (my own network is obviously up and running) so I can google for router passwords. by the time I'm finished with everything my landlord thanks me, and goes on about "how he is always impressed by how people can just type into keyboards and things start working"

in reality, all I did was connect his cable to DSL when he had connected it to PSTDN himself.

Long rant ahead.. so feel free to refill your cup of coffee and have a seat 🙂

It's completely useless. At least in the school I went to, the teachers were worse than useless. It's a bit of an old story that I've told quite a few times already, but I had a dispute with said teachers at some point after which I wasn't able nor willing to fully do the classes anymore.

So, just to set the stage.. le me, die-hard Linux user, and reasonably initiated in networking and security already, to the point that I really only needed half an ear to follow along with the classes, while most of the time I was just working on my own servers to pass the time instead. I noticed that the Moodle website that the school was using to do a big chunk of the course material with, wasn't TLS-secured. So whenever the class begins and everyone logs in to the Moodle website..? Yeah.. it wouldn't be hard for anyone in that class to steal everyone else's credentials, including the teacher's (as they were using the same network).

So I brought it up a few times in the first year, teacher was like "yeah yeah we'll do it at some point". Shortly before summer break I took the security teacher aside after class and mentioned it another time - please please take the opportunity to do it during summer break.

Coming back in September.. nothing happened. Maybe I needed to bring in more evidence that this is a serious issue, so I asked the security teacher: can I make a proper PoC using my machines in my home network to steal the credentials of my own Moodle account and mail a screencast to you as a private disclosure? She said "yeah sure, that's fine".
Pro tip: make the people involved sign a written contract for this!!! It'll cover your ass when they decide to be dicks.. which spoiler alert, these teachers decided they wanted to be.

So I made the PoC, mailed it to them, yada yada yada... Soon after, next class, and I noticed that my VPN server was blocked. Now I used my personal VPN server at the time mostly to access a file server at home to securely fetch documents I needed in class, without having to carry an external hard drive with me all the time. However it was also used for gateway redirection (i.e. the main purpose of commercial VPN's, le new IP for "le onenumity"). I mean for example, if some douche in that class would've decided to ARP poison the network and steal credentials, my VPN connection would've prevented that.. it was a decent workaround. But now it's for some reason causing Moodle to throw some type of 403.

Asked the teacher for routers and switches I had a class from at the time.. why is my VPN server blocked? He replied with the statement that "yeah we blocked it because you can bypass the firewall with that and watch porn in class".
Alright, fair enough. I can indeed bypass the firewall with that. But watch porn.. in class? I mean I'm a bit of an exhibitionist too, but in a fucking class!? And why right after that PoC, while I've been using that VPN connection for over a year?

Not too long after that, I prematurely left that class out of sheer frustration (I remember browsing devRant with the intent to write about it while the teacher was watching 😂), and left while looking that teacher dead in the eyes.. and never have I been that cold to someone while calling them a fucking idiot.

Shortly after I've also received an email from them in which they stated that they wanted compensation for "the disruption of good service". They actually thought that I had hacked into their servers. Security teachers, ostensibly technical people, if I may add. Never seen anyone more incompetent than those 3 motherfuckers that plotted against me to save their own asses for making such a shitty infrastructure. Regarding that mail, I not so friendly replied to them that they could settle it in court if they wanted to.. but that I already knew who would win that case. Haven't heard of them since.

So yeah. That's why I regard those expensive shitty pieces of paper as such. The only thing they prove is that someone somewhere with some unknown degree of competence confirms that you know something. I think there's far too many unknowns in there.

Nowadays I'm putting my bets on a certification from the Linux Professional Institute - a renowned and well-regarded certification body in sysadmin. Last February at FOSDEM I did half of the LPIC-1 certification exam, next year I'll do the other half. With the amount of reputation the LPI has behind it, I believe that's a far better route to go with than some random school somewhere.

@netikras since when does proprietary mean bad?

Lemme tell you 3 stories.

CISCO AnyConnect:
- come in to the office
- use internal resources (company newsletter, jira, etc.)
- connect to client's VPN using Cisco AnyConnect
- lose access to my company resources, because AnyConnect overwrites routing table (rather normal for VPN clients)
- issue a route command updating routing table so you could reach confluence page in the intranet
- route command executes successfully, `route -n` shows nothing has changed
- google this whole WTF case
- Cisco AnyConnect constantly overwrites OS routing table to ENFORCE you to use VPN settings and nothing else.

Sooo basically if you want to check your company's email, you have to disconnect from client's VPN, check email and reconnect again. Neat!

Can be easily resolved by using opensource VPN client -- openconnect

CISCO AnyConnect:
- get a server in your company
- connect it to client's VPN and keep the VPN running for data sync. VPN has to be UP at all times
- network glitch [uh-oh]
- VPN is no longer working, AnyConnect still believes everything is peachy. No reconnect attempts.
- service is unable to sync data w/ client's systems. Data gets outdated and eventually corrupted

OpenConnect (OSS alternative to AnyConnect) detects all network glitches, reports them to the log and attempts reconnect immediatelly. Subsequent reconnect attempts getting triggered with longer delays to not to spam network.

SYMANTEC VIP (alleged 2FA?):
- client's portal requires Sym VIP otp code to log in
- open up a browser in your laptop
- navigate to the portal
- enter your credentials
- click on a Sym VIP icon in the systray
- write down the shown otp number
- log in

umm... in what fucking way is that a secure 2FA? Everything is IN the same fucking device, a single click away.

Can be easily solved by opensource alternatives to Sym VIP app: they make HTTP calls to Symantec to register a new token and return you the whole totp url. You can convert that url to a qr code and scan it w/ your phone (e.g. Google's Authenticator). Now you have a true 2FA.

Proprietary is not always bad. There are good propr sw too. But the ones that are core to your BAU and are doing shit -- well these ARE bad. and w/o an oppurtunity to workaround/fix it yourself.

>Installed a new graphics card (thanks santa <3)
>Boots into Ubuntu
>Try to SSH. No route to device.
>Log in locally. "Failed to start raise network interfaces"
>ok.
>find out that installing graphics card renamed enp2s0 to enp3s0.
>ok.

What is it with networking guys refusing to do any kind of fault finding? Pretty much everywhere I've worked they seem to be overpaid address hogs who occasionally want everyone to be proud of them for installing a new switch.

Currently seeing a production issue that's clearly due to spikes in packet loss on a certain part of the network - but oh no, it's always "our tests are fine", "we can establish a route no problem", "this is an application level issue", etc.

No you morons, when a dozen unrelated applications hosted on different cloud services fail because none of them can contact anything in your particular subnet in your data center at the same time, it's a damn networking issue. Sort it out.

It is the year 2451 ad and mankind rules the galaxy with a lazy iron fist. There are roughly 14,000 civilizations, comprised of just over
17,000 intelligent species on a quarter of a million earth-like
worlds. And all of them call themselves 'the galactic empire'.
No one told them that twenty planets doesn't qualify them for the title "galactic."

Well, we could rule, if we wanted to. Most of its just backwaters that no one wants anyway. It turned out that the reason no one invaded earth before was because they were too busy fighting themselves. Stupidity it appears, is not a unique human quality.That and the sex robots. Theres more of them in the galaxy than actual meatbags. Many species had taken to artificial wombs and 'vatbabies', which is exactly what they are called. Those poor bastards will carry that label for life.

We never did break light speed, but most of the rich exist in hypersleep anyway. Most of them only wake up once a year or so. There are some that only creek out of bed to check their stock portfolio. I hear there is even one trillionaire thats up and about once a century to ask if we have broken light speed yet.

Despite all the progress over the last 400 years, historians all agree about the most significant event in modern history.
The lobster went extinct two hundred years ago on earth.
Theres been riots ever since.

* * *

In other news I'm still working on the game I guess. It's like totally the most okay indie game you'll ever play--if I ever finish it.

I put about a year of work into the NPC system, and then chatGPT came out.

After everything thats happened, at this point I may just make a game about an indie dev making a survival game, being stuck in the actual apocalypse or some weird political dysopia.

Put it on rewind, it was originally a zombie game. But at the time the market got flooded and steam sales for zombie games cratered. So I pivoted to something more along the lines of fallout. Then the flash market crashed, bunch of publishers folded, and adobe stopped support for flash (probably for the best). Then newgrounds, which I was gonna launch on for promotion (because actual marketing is expensive), ended support for flash.
Was going the route of kickstarter, and that year the KS market got flooded and the bar rose almost over night so you needed super high production quality out the gate, and a network of support you already built for months.

We had a brief nuclear war scare, and I watched the articles come out about market saturation for post-apocalypse games, so I pivoted back to zombies. Then covid happened and the entire topic was really fucked. So I went back to fallout meets rimworld. Then we had a flood of games doing that exact premise pretty much out of the fucking blue, so I went for a more single-survivor type game. Then ukraine happened and the threat of nuclear war has been slowly sapping the genre of its steam, on well, steam.
Then I was told to get a cancer screening which I can't afford. Then I broke a tooth and spent a month in agony.

Then a family member died. Then I made no money from the sale of a business I did everything to help get off the ground, then I helped renovate an entire house on short notice and sell it, then I lost two months living in a hotel
while looking for a new place to live. Then I spent two and a half years suffering low-level alcoholism, insomnia, and drifting between jobs.
Then I wrote amazing poetry. And then I rediscovered my love of math. And then I made out for the first time in over a year. And then I rediscovered my love of piano and guitar. And then I fell into severe depression for the last year. Then I made actual discoveries in math. And I learned to love my hobbies again, and jog, and not drink so much, and sing, and go on long drives, and occasional hikes, and talk to people again, and even start designing games and UIs again. And then I learned that doing amazing things without a lot of money is still possible, and then I discovered the sunk cost fallacy, and run on sentences, and how inside me there was a part of me that refused to quit because of circumstances I couldn't control, and then I learned that life goes on even when others lives have ended, even when everything and everyone never had an once of faith in you, and you've become the avatar of the bad luck brian meme..still, life goes on.

And we try to pick up the pieces, try, one more time, because the climb, and the fall, and the getting back up, is all there is.

What I would recommend, if you're thinking of making a game, or becoming an independent game developer, is, unless you have a *lot* of money upfront (think 50-100k saved, minimum, like one years income *bare* minimum), and unless you already have a full decade in the industry--don't make a game.

Just don't.

We are researching enhancing our current alerting system (we use Splunk) to be 'smarter' about who is emailed/texted/whatever when there are problems in our applications.

Currently, if there are over 50 errors logged within a 15 minute period, a email/phone/text blast to nearly 100 individuals ranging from developers, network admins, DBAs, and vice presidents.

Our plan is to group errors by team and let each team manage their own applications. Alert on 1 error, 5, 500...we don't care, let the team work out the particulars.

The trick was interfacing with Splunk's API (that's a long rant by itself)

In about a day or so I was able to use Splunk's WebHook feature to notify a WebAPI service I threw together to send myself an email with details about the underlying data (simulating the kind of alert we would send to the team)

I thought ...cool... it worked. Show it off to the team, most thought it was a good start, except one:

Dev: "The errors are not grouped by team."
Me: "No, I threw the webapi service together to demonstrate how we can extract the splunk bits to get access to the teams"
Dev: "Well...this won't work at all."
Me: "Um..what?"
Dev: "The specification c l e a r l y states the email will be team based. This email was only sent to you and has all the teams and their applications"
Me: "Um...uh...the service can, if we want to go using a service route. Grouping by team name is easy using a LINQ query. I just through this service together yesterday."
Dev: "I don't know. Sounds like I need to schedule a meeting to discuss what you are proposing. I don't think emailing all that to everyone is a good idea."

WTF! Did you not listen to what I said?!!!

Oh well..the dev's proposal is to use splunk's email notification and custom Exchange rules with callbacks into splunk that resend...oh good lord ...a fracking rube goldberg of a config nightmare ...

I suspect we'll go the service route once I finish the service before the meeting.

Kubernetes question:
So far I've created two pods, mongo & Go
Exposed those pods using services

Their IP is 10.x.x.x and accessible from my machine only (virtual lan I'm guessing only known to host), but my machine's network ip is 192.x.x.x therefore, not accessible from outside world and to do so I need to put nginx in front to receive requests and route them internally.

Is there a way in kubernetes to make it work like nginx in terms of:

Kubernetes listen to port 80 (for example) route based on received url. As you know in enginx we define a server block with server domain_name.tld

Anything similar in kubernetes? I've cheked ingress-nginx controller, and also saw LoadBalancer but that requires a cloud provider.

If anyone can also give an example it would be great, so far examples I checked ended up screwing my setup and had to reset kubectl to get things back working

At this point of my side project I wanted to check out openresty for dynamic proxy creation in nginx.

Happy to check it out I installed centos 7 as guest using new command I just learned virt-builder that would automate vm creation.

Spend 10 hours debugging why I can ping and ssh but cannot get to application port from any network.

Checked iptables, restarted network, reinstalled vm again 3 times with different methods.
Scrolled trough whole internet and it’s mostly outdated problems.
Learned bunch of new commands without new results.

Results were always the same:
No route to host.

Turned out firewalld is fucking thing now.

systemctl firewalld stop helped

Now I know that systemd would kill me at some point for sure.

What I can add at this point ?

Please add more distros, differences, standards and programming languages so world definitely would be better place.
I need a short break now to actually start making shit that I wanted to start at 4-5pm on Saturday.
It’s Sunday 3:30am and time for breakfast.
At least I am happy it started working.

So I have a semi big project ongoing:

Because my modem+router combo sucks dick and gets buttfucked to much I want to make my own Router with PPPoE.

So I ordered an 8 euro used switch, 24ports for management, but our IP TV provider is sucking cock too! He uses multicasting to send the fucking IP TV signal. So the switch is not VLan ready and so the network will be flodded.

But that's not the worst...

I don't know how to route VOIP over QoS correctly... So I just hope that part work's!

I also ordered another network switch Wich is manageable + an God damn networking closet. 80 bucks gone again! Wish me luck this works better...

BUT THATS NOT THE WORST BECAUSE NOW COMES THE HEAVY PART!

I wanted to use my old AMD Athlon X2 64bit and 4 gigs of RAM PC to be my powerhouse of the router. I plugged it into the wall, booted, screen error... Thought it might be the integrated graphics card... Unplugged my old one, inserted it.... AND IT WOR... NOPE NOPE IT DIDN'T NOW MY DAMN MOTHERBOARD IS FUCKING FRIED TO DUST BECAUSE OF THE GOD DAMN ... I DONT EVEN KNOW! AAAAA

So I thought I could temporarily use my raspberry pi one model b, a good fellow with multiple years of usage! I plugged in the sd card into my girls laptop, wasn't at home, and her God damn internet downloaded that shitty raspbian (sorry raspi but your servers sometimes are very slow) and after the download I realized her GOD DAMN SD READER DIDNT FUCKING WORK!!!

SO I GUESS I WILL WAIT!

More network/hardware than dev but anyway: I use OPNsense as a firewall at home on an embedded system. Had everything set up nicely and appearing to be working fine, quite a lot of things set up (static leases, VLANs with various firewall rules etc. - a fair bit of stuff involved). I noticed my remote system was failing to back up to my local one. Turned out port forwarding wasn't fully working (initial packet got through but nothing else). I noticed this at midnight.

Ran an update to see if that helped - nope. Reboot time then! It made its shutdown noises and I waited 15 minutes before giving up (no noises, no ping response). Took SD card out. Copied a fresh install onto it, thus wiping all settings. Booted up fine, set up my internet connection, all good. Proceeded to configure it. Noticed I couldn't access the internet from my PC, but could from the firewall itself. Rebooted the firewall. It didn't come back up. Argh!

Reinstalled AGAIN. Attached a serial cable and it was complaining about something which sounded like it couldn't read the SD card. Tried another. Nope. Looked online (using phone): known issue to do with boot delays.

Gave up and went to bed at this point (4am).

Next day: Installed it in a VM instead. Still no internet from my PC! Another known issue to do with default gateway not being the PPPoE interface. Got into shell, manually changed the default route. Was then able to update to the latest version which fixes the gateway issue. Rebooted the VM. All good.

Put all my settings back in, this time taking a backup afterward.

Only to discover....

....port forwarding wasn't working properly. Back to square 1.

Poked around with some NAT settings (outbound ones), made no difference, undid those changes and suddenly it started working.

WTF? /waves arms in the air

OPNsense folk were very helpful, producing a new build for me to try within a couple of hours of me asking about the problem.

But days like that, I start to question whether I really enjoy technology as much as I thought I did...

Can you tell that fucken Barracuda VPN Client to only route specific domains to the connected vpn?

It makes no sense to route my whole fucken traffic through my workplace's network.

It’s me or Vim on Windows Terminal is barely usable?
I resorted to doubling my laptop’s ram (luckily Dell still produces laptop which can be upgraded and repaired with a set of common screwdrivers) in order to be able to install a FreeBSD VM in which I can finally get a decent terminal based development environment. Sadly since for my work I need a VPN which can run only on Windows and MacOS I cannot just remove Windows and switch to FreeBSD or Linux but I have to make a VM and route its network traffic through work VPN.

So, I was working on my code base and wanted to update my remote with the local changes. I issued the git push command but it just remained unresponsive, no error-nothing. (I use bitbucket as remote host). This was strange, even enabling verbose option didn't tell me anything useful apart from usual 'pushing this to that' sort of response. I checked internet connectivity on my system. It's fine. I restarted my network-mananger just in case, tried if ping, telnet and other tools were working. Everything seemed fine.

Well, it turns out for a major portion of the day bitbucket was having issue with ssh connection. Finally I added https remote and was able to push my changes using 'username', 'password' route.

It wasted a good portion of my time today!!