Prologue
My dad has an acquaintance - let's call him Tom. Tom is an gynecologist, one of the best in Poznań, where I live. He's a great guy but absolutely can not into tech of any kind besides his iPhone and basic PC usage. For about a year now I've been doing small jobs for him - build a new PC for his office, fix printer, fix wifi, etc. He has made a big mistake few years ago by trusting a guy, let's call him Shitface, with crating him software for work. It's supposed to be pretty simple piece of code in which you can create and modify patient file, create prescription from drugs database and such things. This program is probably one of the worst pierces of code I've ever seen and Shitface should burn for that. Worse, this guy is pretentious asshole lacking even basic IT knowledge. His code is garbage and it's taking him few months to make small changes like text wrapping. But wait, there's more. Everything is hardcoded so every PC using this software must have installed user controls for which he doesn't have license and static IP address on network card.
Part 1
Tom asked me to build him a new PC that will be acting like a server for Shitface's program. He needs it in Kalisz (around 150 km from my place). I Agred (pun intended) and after Tom brought me his old computer I've bought parts and built a new one. I have also copied everything of value and everything took me around three hours.
Part 2
Everything was ready but Shitface's program. I didn't know much about it's configuration so when I've noticed that it's not working even on the old PC I got a bit worried. Nevertheless I started breaking everything I know about it and after next three hours I've got it somewhat working. Seeing that there's still some problems with database connection (from Windows' Event Viewer) I wrote quick SMS to Shitface asking what can be wrong. He replied that he won't be able to help me any way until Monday (day after deadline). I got pissed and very courteously asked him for source code because some of libraries used in this project has license that requires either purchase of commercial license or making code open source. He replied within few minutes that he'll be able to connect remotely within next 10 minutes. He was trying to make it work for the next hour but he succeeded. It was night before deadline so I wrapped everything up and went to bed thinking that it won't take me more than an hour to get this new PC up and running in the office. Boy was I wrong.
Also, curious about his code, I've checked source and he is using beautiful ponglish (mixed Polish and English) with mistakes he couldn't even bother to fix. For people from Poland, here's an example:
TerminarzeController.DeleteTerminarzShematyDlaLekarza
Part 3
So I drove to Kalisz and started working on making everything work. Almost everything was ready so after half an hour I was done. But I wanted to check twice if it's all good because driving so far second time would be a pain. So I started up Shitface's program, logged in, tried to open ANYTHING and... KABUM. UNHANDLED EXCEPTION. WTF. I checked trace and for fuck sake something was missing. Keep in mind that then I didn't know he's using some third party control for Windows Forms that needs to be installed on client PC. After next fifteen minutes of googling I've found a solution. I just had to install this third party software and everything will work. But... It had to be exactly this version and it was old. Very old. So old that producent already removed all traces of its existence from their web page and I couldn't find it anywhere. I tried installing never version and copying files from old PC but it didn't work. After few hours of searching for a solution I called Mr Shitface asking him for this control installation file. He told me that he has it but will be able to send it my way in the evening. Resigned I asked for this new PC to be left turned on and drove home. When he sent me necessary files I remotely installed them and everything started working correctly.
So, to sum it up. Searching for parts and building new PC, installing OS and all necessary software, updating everything and configuring it for Tom taste took me around what, 1/3 of time I spent on installing Mr Shitface's stupid program which Tom is not even happy with. Gotta say it was one of worst experiences I had in recent months. Hope I won't have to see this shit again.
Epilogue
Fortunately everything seems to work correctly. Tom hasn't called me yet with any problems. Mission accomplished. I wanna kill very specific someone. With. A. Spoon.

Very long story ahead!

Yesterday in the evening a friend of mine (calling him F from now on) became the target of something new to me...
Apparently one can fake his phone number through some fishy ways and call people with that number. Someone (we think we might know who it was, the why is at the end) did this yesterday to F.
Here's the whole story:
We were just talking together on a TeamSpeak Server (a program to talk to others on the internet) when suddenly another friend said: "F, why did you just call me three times in a row?" That was the first thing that was a bit suspicious. After that, F got calls from random numbers (even Afghanistan, we are German), and they said something like "Have fun with the police coming to your house". Then there was silence. 10 minutes later his phone rang and there were a ton of pizza delivery services in his town that apparently got pizza orders from him. Then there was silence, again. Suddenly someone with a hidden number called him, a woman's voice said they were the police and if F doesn't stop calling the police there will be consequences. F then told her what was going on but I think she didn't really care. She then wanted to know where F lives, but I told him not to say that, because if it is the police they can find it out by themself and if it's not, they don't need to know that.
Now, a short break: There is some fake information going around about where F lives. I can't remember when we found out but the attacker thought he would actually live there. No idea what happened at that location...
Now back to the story:
Time went by, nothing really happened. Suddenly F shouted: "There are blue lights outside! The police is here!" He muted his microphone and (the following is what he told us what happened) went down to the door (remember, he is 16) and there were two police men. They were asking about why he called the police. F explained what we knew until then, about number spoofing and stuff... They sent a more technical person to him, he understood what F was trying to explain. The police men drove away and he came back to tell us what happened. (Now we get back to what I heared myself.) The mom came in, screamed something that I couldn't understand, and F went offline. We searched who the attacker could have been. And we are pretty sure we found him. That guy connected to our Minecraft server (that's where I know F from) with his real IP, and his main account, which made it easy to search. He also got a static IP which means it doesn't change. We also got some information that in the recent days this guy was talking about VoIP spoofing and such stuff. Another friend of mine, a bit older, found some proofs and I think he will go to the police.

That's it. Thanks for reading.

The solution for this one isn't nearly as amusing as the journey.

I was working for one of the largest retailers in NA as an architect. Said retailer had over a thousand big box stores, IT maintenance budget of $200M/year. The kind of place that just reeks of waste and mismanagement at every level.

They had installed a system to distribute training and instructional videos to every store, as well as recorded daily broadcasts to all store employees as a way of reducing management time spend with employees in the morning. This system had cost a cool 400M USD, not including labor and upgrades for round 1. Round 2 was another 100M to add a storage buffer to each store because they'd failed to account for the fact that their internet connections at the store and the outbound pipe from the DC wasn't capable of running the public facing e-commerce and streaming all the video data to every store in realtime. Typical massive enterprise clusterfuck.

Then security gets involved. Each device at stores had a different address on a private megawan. The stores didn't generally phone home, home phoned them as an access control measure; stores calling the DC was verboten. This presented an obvious problem for the video system because it needed to pull updates.

The brilliant Infosys resources had a bright idea to solve this problem:

- Treat each device IP as an access key for that device (avg 15 per store per store).
- Verify the request ip, then issue a redirect with ANOTHER ip unique to that device that the firewall would ingress only to the video subnet
- Do it all with the F5

A few months later, the networking team comes back and announces that after months of work and 10s of people years they can't implement the solution because iRules have a size limit and they would need more than 60,000 lines or 15,000 rules to implement it. Sad trombones all around.

Then, a wild DBA appears, steps up to the plate and says he can solve the problem with the power of ORACLE! Few months later he comes back with some absolutely batshit solution that stored the individual octets of an IPV4, multiple nested queries to the same table to emulate subnet masking through some temp table spanning voodoo. Time to complete: 2-4 minutes per request. He too eventually gives up the fight, sort of, in that backhanded way DBAs tend to do everything. I wish I would have paid more attention to that abortion because the rationale and its mechanics were just staggeringly rube goldberg and should have been documented for posterity.

So I catch wind of this sitting in a CAB meeting. I hear them talking about how there's "no way to solve this problem, it's too complex, we're going to need a lot more databases to handle this." I tune in and gather all it really needs to do, since the ingress firewall is handling the origin IP checks, is convert the request IP to video ingress IP, 302 and call it a day.

While they're all grandstanding and pontificating, I fire up visual studio and:

- write a method that encodes the incoming request IP into a single uint32
- write an http module that keeps an in-memory dictionary of uint32,string for the request, response, converts the request ip and 302s the call with blackhole support
- convert all the mappings in the spreadsheet attached to the meetings into a csv, dump to disk
- write a wpf application to allow for easily managing the IP database in the short term
- deploy the solution one of our stage boxes
- add a TODO to eventually move this to a database

All this took about 5 minutes. I interrupt their conversation to ask them to retarget their test to the port I exposed on the stage box. Then watch them stare in stunned silence as the crow grows cold.

According to a friend who still works there, that code is still running in production on a single node to this day. And still running on the same static file database.

#TheValueOfEngineers

Ooof.

In a meeting with my client today, about issues with their staging and production environments.

They pull in the lead dev working on the project. He's a 🤡 who freelanced for my previous company where I was CTO.

I fired him for being plain bad.

Today he doesn't recognize me and proceeds to patronize me in server administration...

The same 🤡 that checks production secrets into git, builds projects directly in the production vm.

Buckle up... Deploys *both* staging and production to the *same* vm...

Doesn't even assign a static IP to the VM and is puzzled when its IP has changed after a relaunch...

Stores long term aws credentials instead of using instance roles.

Claims there are "memory leaks", in a js project. (There may be memory misuse by project or its dependencies, an actual memory leak in v8 that somehow only he finds...? Don't think so.)

Didn't even set up pm2 in systemd so his services didn't even relaunch after a reboot...

You know, I'm keeping my mouth shut and make the clown work all weekend to fix his own hubris.

I’ve started the process of setting up the new network at work. We got a 1Gbit fibre connection.

Plan was simple, move all cables from old switch to new switch. I wish it was that easy.

The imbecile of an IT Guy at work has setup everything so complex and unnecessary stupid that I’m baffled.
We got 5 older MacPros, all running MacOS Server, but they only have one service running on them.

Then we got 2x xserve raid where there’s mounted some external NAS enclosures and another mac. Both xserve raid has to be running and connected to the main macpro who’s combining all this to a few different volumes.

Everything got a static public IP (we got a /24 block), even the workstations. Only thing that doesn’t get one ip pr machine is the guest network.
The firewall is basically set to have all ports open, allowing for easy sniffing of what services we’re running.

The “dmz” is just a /29 of our ip range, no firewall rules so the servers in the dmz can access everything in our network.

Back to the xserve, it’s accessible from the outside so employees can work from home, even though no one does it. I asked our IT guy why he hadn’t setup a VPN, his explanation was first that he didn’t manage to set it up, then he said vpn is something hackers use to hide who they are.

I’m baffled by this imbecile of an IT guy, one problem is he only works there 25% of the time because of some health issues. So when one of the NAS enclosures didn’t mount after a power outage, he wasn’t at work, and took the whole day to reply to my messages about logins to the xserve.

I can’t wait till I get my order from fs.com with new patching equipment and tonnes of cables, and once I can merge all storage devices into one large SAN. It’ll be such a good work experience.

Putting SSH on another port and using fail2ban on the default one to ban everyone else trying to get in is a nice thing until you ban your own static ip by forgetting the new port...

I have a Windows machine sitting behind the TV, hooked to two controllers, set up as basically a console for the big TV. It doesn't get a lot of use, and mostly just churns out folding@home work units lately. It's connected by ethernet via a wired connection, and it has a local static IP for the sake of simplicity.

In January, Windows Update started throwing a nonspecific error and failing. After a couple weeks I decided to look up the error, and all the recommendations I found online said to make sure several critical services were running. I did, but it appeared to make no difference.

Yesterday, I finally engaged MS support. Priyank remoted into my machine and attempted all the steps I had already tried. I just let him go, so he could get through his checklist and get to the resolution steps. Well, his checklist began and ended with those steps, and he started rather insistently telling me that I had to reinstall, and that he had to do it for me. I told him no thank you, "I know how to reinstall windows, and I'll do it when I'm ready."

In his investigation though, I did notice that he opened MS Edge and tried to load Bing to search for something. But Edge had no connection. No pages would load. I didn't take any special notice of it at the time though, because of the argument I was having with him about reinstalling. And it was no great loss to me that Edge wasn't working, because that was literally the first time it'd ever been launched on that computer.

We got off the phone and I gave him top marks in the CS survey that was sent, as it appeared there was nothing he could do. It wasn't until a couple hours later that I remembered the connectivity problem. I went back and checked again. Edge couldn't load anything. Firefox, the ping command, Steam, Vivaldi, parsec and RDP all worked fine. The Windows Store couldn't connect either. That was when it occurred to me that its was likely that Windows Update was just unable to reach the internet.

As I have no problem whatsoever with MS services being unable to call home, I began trying to set up an on-demand proxy for use when I want to update, and I noticed that when I fill out the proxy details in Internet Options, or in Windows 10's more windows10-ish UI for a system proxy, the "save" button didn't respond to clicks. So I looked that problem up, and saw that it depends on a service called WinHttpAutoProxySvc, which I found itself depends on something called IP Helper, which led me to the root cause of all my issues: IP Helper now depends on the DHCP Client service, which I have explicitly disabled on non-wifi Windows installs since the '90s.

Just to see, I re-enabled DHCP Client, and boom! Everything came back on. Edge, the MS Store, and Windows Update all worked. So I updated, went through a couple reboots-- because that's the name of the game with windows update --and had a fully updated machine.

It occurred to me then that this is probably how MS sends all its spy data too, and since the things I actually use work just fine, I disabled DHCP Client again. I figure that's easier than navigating an intentionally annoying menu tree of privacy options that changes and resets with every major update.

But holy shit, microsoft! How can you hinge the entire system's OS connectivity on something that not everybody uses?

Me : Can I have your Server Access to deploy project.

Client : I don't have server. I will run it on my laptop.

Me : Okay, Are you sure? And do you have static IP?

Client : what's that?
😂

Getting a static IP has become a kind of a status symbol, my friends are paying extra bucks to ISPs so during parties they can be like `Hey Yo, Ping me at 27.49.36.16 , it's static!` :/

This morning I was looking in our database in order to solve a problem with a user registration and I accidentally noticed some users registered with unusual email addresses (temporary mail services, Russian providers and so on...).
I immediately thought about malicious users so I dug into the logs and I found that the registration requests started from an IP address belonging to our company (we have static IP addresses). My first reaction was: «OMG! Russian hackers infiltrated into our systems and started registering new users!»
So, I found the coworker owning the laptop from which the requests were sent and I went to him in order to warn him that someone violated his computer.
And he said: «Ah! Those 7 users? Yeah, I was doing some tests, I registered them. My email address was already registered so I created some new ones».
Really, man? Really? WTF

Our new IT support college (I've been the support for like almost 2 years into the company and then I moved onto another project) asked me about how to configure a printer over LAN. I explained him the whole procedure and after he asked me what does the gateway IP means, I explained him that it's a router, switch or another device that know how to forward packets on to other networks and gave him an example like 192.168.100.1 and told him that usually is the router's/switch IP address and is the same IP address as the static IP of the printer but with .1 at the end instead of the last number set. After that he asked me: "Like this? 192.168.100.25.1?"

It began when I was tasked with creating a better and more engaging experience for our new Facebook page. This was in Facebook's early days, so there were not really any "best practices". We were making it up as we went along. I decided one way would be to game-ify things, since gaming, at the time, was a Big Deal on Facebook and people were starting to use it to build customer funnels.

Grasping for low-hanging fruit, I decided a Tetris variant around our topic would be fun. I had to hire a dev because at the time I was a static HTML web developer just getting into social media management. I knew nothing about game development or how to use Facebook's API for such things.

Long story short, we got about $10,000 (FB app devs came at a premium then) into the project when I came across a very recent article about the history of Tetris games. It said that even though Tetris had once been considered for all intents to be public domain due to it being created by a Russian coder during the Cold War, it had just been acquired by an IP protection entity that was charging royalties for any variant of Tetris created from a specific date onward and paying the original developer. So, even though I thought I had been thorough in my initial permissions checking, it turned out we were gonna be in deep doo-doo with licensing fees and restrictions if we released this game to the public.

I had to call my boss and admit my error. She was FURIOUS and really gave me an ass-chewing over it. I then had to call the marketing person whose budget I'd been slaving away at wasting. She was a bit more forgiving (her budget was in the millions). Then I had to call the corporate legal department and explain what was going on. They told me to immediately pay any outstanding hours, then fire the dev but not before getting him to send me all code and assets, deleting his copy, and then, upon my receipt of those assets, deleting MY copy so that nothing of it ever existed. And I was supposed to say _nothing_ to the dev about why he was being let go, so that there would be no "trail" leading back to this fiasco. (The dev hounded me for weeks asking what he'd done wrong. It killed me that I was bound and gagged by corporate legal and couldn't tell him.)

I was in so much trouble. I was literally in tears over it. I'd never wasted that much money in my life. That incident pretty much sealed my fate as far as any trust my bosses ever put in me again (not much at all). I was a bit of a pariah in a lot of ways for the next 5 years whereas I had come onto the team as a young social media rockstar at first.

After that, and a couple of other bad scenarios that were less my fault and more due to a completely dysfunctional management and reporting structure, they eventually "transferred" me to another team. Which was really just a way of getting rid of me by sending me to a department that was already starting to outsource overseas and lay people off. It was less messy that way. I was in the first set of layoffs.

Since then, I've had a BIG fear of EVER joining a large corporation EVER again. I prefer to work for small businesses now, even if I get paid less. Much less stressful from an office politics and impact of mistakes standpoint.

I have a server. I want to filter connections to that server so only people on my work network can access the server. A quick search yielded my public IP address.

"Is this static?" I asked IT. "Do we have static IP address?"

"What do you mean? What do you need that for? You better know EXACTLY what you are doing before we release that information to you!!!! This needs to go to my manager. My manager is demanding to know why you want that information - we are having Network Engineering look into this request, someone will be in touch to find out more."

I have now been waiting for 3 hours. I think I will just go ahead and assume my IP is not going to change...

A guy rants a client of mine "anonymously" via his website contact form. How stupid is that. Even worst. He used his static IP connection. Busted! IP forwarded to my client. Turns out he is one of my client's client and has unpaid bills to him :>

## Building my own router

IT HAS ALREADY PAID OFF!!!!!

So I (with my fam) have evacuated from the capital of Lithuania into a distant place - much smaller, where average age is prolly >30 or even >40 years. I live in a village now. In a house with very good neighbours. In fact these neighbours own that house :D

Back to the point.

So these neighbours used to share their wifi (w/ internet) between the two houses. They have the line, the mian router has quite a strong antenna and that other house has 2 repeaters: 1 on the outside wall and another one -- indoors. Sepeaters are connected sequentially, i.e. the indoors one is repeating the outdoors one. ikr....?

The first day was alright. We settled in, got everything set up wifi-wise. Peachy.

The second day repeaters refused to issue a DHCP IP. That's something, right? Alright, nvm - I don't mind setting up static IPs. In fact I prefer them over the DHCP magic!

And by the noon both repeaters were connectable but neither of them could provide internet connection... We that sucks! I restarted both of them a few times, neighbours restarted their main router -- still no luck.

Here comes my router [God am I happy with this purchase and the whole idea of a customized router!!! Thanks @hakx20!].

I brought it outside, plugged it in. Connected to it through it's hotspot, used nmcli to connect to neighbours' main router with an internal wifi card (that shitty mPCIe operating in USB mode. yes, the same one, manufactured in 2003. Yes, in g mode.). A couple of iptables rules for traffic forwarding et voila! I have built my own repeater! And tomorrow I can WFH w/o any issues.

Yes, hardware routers are faster and easier to maintain. Yes, hardware routers are cheaper and usually have nicer bells and whistles. But when hardware fails you and the last thing you want is going to the public (shop), soldering rod won't help you. A software solution becomes the easiest to set up, considering you know how to.

Boi am I so happy about my purchase! CentOS router FTW!

P.S. even though we've fled the city we are responsible citizens and we've self-quarantined ourselves for the 14 days period. No local person any closer than 10 meters for the whole period until we're cleared. Being away from the city gives us sooo much freedom! Especialy now, when cities are shitting bricks in fear.

NewLifeNewHope update No.2 / Day 5

My Server Is finally opened and i installed 2x8 TB WDC Harddrives and SATA 128 SSD. I know this server is freaking garbage, but i got this PC for free, and have somewhat good-ish upgrade path, so heres the spec :
-Gigabyte H110m-S2 LGA1151
-Intel i3-6300
-8GB DDR4 single channel RAM
-128 GB SSD
-2x8TB Harddrives
-TP-Link 1000mbps NIC

so the plan is to make this server as the Main Repository -- yes no offsite backup plan for now -- and also i want to make this server as an Email Server and for hosting my company's website. I've already asked for static IP from my ISP and will take effect tommorow.

I need help for choosing the Operating System (i like centOS) for my server. and to setting this Server to work like what i planned but i don't know where to start, Any help and/or References will be great !

Samsung Smart TV becomes Samsung Dumb TV.

Welcome back dear readers, to the next installment of my Raspberry Pi / Pi Hole / MitM box adventure!

For those of you who are new to this story, I'm a long experience programmer who knows very little about his home network or networking in general and has constantly been going over his 250GB data plan because 'rona, and thus, wants answers to "where is the data going".

So, I got the Pi, codenamed Mini-Beowolf, positioned between the modem and router... worked some fuckin systemd.networkd magic (which was sort of easy... but was hard cause I'm new to it) and viola, this son of a bitch passes through the ethernet and doesn't even show up on the router. Fu-King Beastly, I love it.

Now to static IP all my devices so I fire up my trusty TP-Link admin portal. I should add here... I've visited this admin about a total of 10 minutes prior to this when I set this wifi router up and just let it do DHCP.

So I'm getting to know my admin portal... I've got most of my devices connected to reserved IPs... and I find this one fuckin device reporting as "localhost".

Now, I've got a MAMP install... but it hasn't been running. But still I thought for sure it was just MAMP run a bit amok.

But no... it was my fucking Samsung "Smart" TV. That piece of shit is, and apparently has been reporting its device name as, sure as shit, fucking "localhost"... PROBABLY FOR YEARS.

Now, IDK how that didn't cause me any major problems over the years, and I read quite a few forums about people who it did mess up their network. So I resolved to rename the Samsung TV device.

I found the spot in the network settings of the TV... I changed the name from the pick list of rooms in a house like "Living Room" and "Bed Room", then I tried entering my own device name. But no matter what I picked, or no matter how many times I restarted/reset that TV the network name is ALWAYS "localhost".

Even though somehow my network survived this long... I'm not standing for that shit.

My Samsung TV is now blocked COMPLETELY at the router level. (After I ran one last factory reset and update)

The kicker? That Pi I built has a Samsung SSD... so I'm blocking Samsung WITH FUCKING SAMSUNG.

Needless to say, these are likely among my last Samsung purchases.

Join me next time when I FINALLY try to turn Pi Hole on and then get a tcpdump (or some other lesser output from the tcp stream) going.

I have found some subdomains of a specific domain.
I know the subdomains are up but when i try to load them , firefox says "unable to connect".

What might have caused this?
A static ip or mac address?

It all started with an undelivereable e-mail.

New manager (soon-to-be boss) walks into admin guy's office and complains about an e-mail he sent to a customer being rejected by the recipient's mail server. I can hear parts of the conversation from my office across the floor.

Recipient uses the spamcop.net blacklist and our mail was rejected since it came from an IP address known to be sending mails to their spamtrap.

Admin guy wants to verify the claim by trying to find out our static public IPv4 address, to compare it to the blacklisted one from the notification.
For half an hour boss and him are trying to find the correct login credentials for the telco's customer-self-care web interface.
Eventually they call telco's support to get new credentials, it turned out during the VoIP migration about six months ago we got new credentials that were apparently not noted anywhere.

Eventually admin guy can log in, and wonders why he can't see any static IP address listed there, calls support again. Turns out we were not even using a static IP address anymore since the VoIP change. Now it's not like we would be hosting any services that need to be publicly accessible, nor would all users send their e-mail via a local server (at least my machine is already configured to talk directly to the telco's smtp, but this was supposedly different in the good ol' days, so I'm not sure whether it still applies to some users).

In any case, the e-mail issue seems completely forgotten by now: Admin guy wants his static ip address back, negotiates with telco support.
The change will require new PPPoE credentials for the VDSL line, he apparently received them over the phone(?) and should update them in the CPE after they had disabled the login for the dynamic address. Obviously something went wrong, admin guy meanwhile having to use his private phone to call support, claims the credentials would be reverted immediately when he changed them in the CPE Web UI.

Now I'm not exactly sure why, there's two scenarios I could imagine:
- Maybe telco would use TR-069/CWMP to remotely provision the credentials which are not updated in their system, thus overwriting CPE to the old ones and don't allow for manual changes, or
- Maybe just a browser issue. The CPE's login page is not even rendered correctly in my browser, but then again I'm the only one at the company using Firefox Private Mode with Ghostery, so it can't be reproduced on another machine. At least viewing the login/status page works with IE11 though, no idea how badly-written the config stuff itself might be.

Many hours pass, I enjoy not being annoyed by incoming phone calls for the rest of the day. Boss is slightly less happy, no internet and no incoming calls.

Next morning, windows would ask me to classify this new network as public/work/private - apparently someone tried factory-resetting the CPE. Or did they even get a replacement!? Still no internet though.
Hours later, everything finally back to normal, no idea what exactly happened - but we have our old static IPv4 address back, still wondering what we need it for.

Oh, and the blacklisted IP address was just the telco's mail server, of course. They end up on the spamcop list every once in a while.

tl;dr: if you're running a business in Germany that needs e-mail, just don't send it via the big magenta monopoly - you would end up sharing the same mail servers with tons of small businesses that might not employ the most qualified people for securing their stuff, so they will naturally be pwned and abused for spam every once in a while, having your mailservers blacklisted.

I'm waiting for the day when the next e-mail will be blocked and manager / boss eventually wonder how the 24-hours-outage did not even fix aynything in the end...

When I was young I'd play games and around age 11 received an Xbox for my bday. Hated the case, so I painted the case. Since I had it open looked into getting a replacement fan.Thats when everything changed. I discovered the modding scene and without having any computer background/literacy got to studying.

The program that caught my eye ran on Linux. *shrugs thinking how hard can it be? * Read about Linux and discover dual booting. To do that I needed to resize windows partition. Learn more about partitions and get to it. Finally prepped... Backup in case of the worst, resized windows partition, working Ubuntu bootable USB, and printed install tutorial. Check, check, and check. Install was good. Sort of.

While Ubuntu worked, the broadcam wireless chipset driver did not. Fast forward a week and I feel that i had mastered the terminal basics. And WiFi worked! Go download the aforementioned program and FTP into the Xbox and BOOM... It doesn't work. More days and hours spent researching. In the end it all chalked up to not setting a static IP address on Xbox.

After all was said and done I had a bitchin Xbox. I think the only thing I didn't put on it was some gold spinning rims.

Sad part about that Xbox is that I never used it after. Instead I just kept messing around with Linux and learning more about computers. Taught myself HTML/CSS. Learned more about shell scripting. Then Windows cmd basics. Tried programming languages but felt a little overwhelmed. Only messed with <10 lines of code to tweak existing programs.

Now I'm learning C# and loving it. Planning on C++ or Java next!

Currently working on a web platform for a building management company for the last 6 months.

Setup web server, database and developed the whole using laravel and vue.

They are in the testing phase now, so I implemented IPSec so that they can only access it from their office.

Thing is, they don’t have a static IP, so when they had to switch over to a backup connection yesterday, I had to add their new IP in my whitelist.

Today I get and email from their manager, saying that after a discussion he had with his assistant, the web app is not in the “cloud”!!! He got that because I had to “do something” to restore access to it yesterday and because “there isn’t an icon you can double-click” on each employees’ desktop!!!

Don’t even know how to respond to that!!!

Well, being the only one in the house who can really solve computer problems:
We have a home nas in our network for filestorage and since a few weeks, we couldn't acces the device through windows explorer, so today I went on a exploration... First I tried the nas in a seperate different network, and it worked immediatly! oke great, try it in our main network again. And 'ofcours' it's not visible. So I go to the router webpage, and the page of our router just really sucks! So it was quite hard to find out if the NAS was attached or not, ad if so, under which IP. Finally found that, tried to connect to the webpage of the NAS, but got a timeout, ping would timeout too! I thought that that might have someting to do with that the NAS would connect via static IP. So I changed that to a dynamic IP, and I could atleast get to the website. After that I could try all the services and all of them worked perfectly, except for samba... And samba is the only service we actually use, so after that I thought that the device not showing up in network view in explorer had something to do with that the nas wouldn't show me a hostname in the router. So I tried to fix that, after an hour of trying to get the hostname to showup in the router, I just thought that I might try to connect to the nas via the IP. So I found via SO that I could just use //192.168.0.104 and I got into the samba server. So I guess that it was actually working all along 😒. After that I didn't want to bother to work with the hostnames, so I just gave the NAS a fixed IP, made a few shortcuts for my housemates and now it all works again.. For now at least...

Gotta love the IoT.

They set up a new surveillance camera in the company, that can stream live footage over the network and that little shit picked the IP adress of a coworker one day AFTER being set up.
Hurray for static routing. Hurray to the person who didn't disable DHCP on the router (Should probably configure my PC to use a static IP as well lel)

Anyways, this happened outta nowhere when I, the only guy who knows shit about IT and is usually present at yhe office, wasn't there and could not connect remotely.

The other, remote programmer, who set up the network, could guide the coworker to get a new IP but, he was worried that we got ourselves an intruder.

Since nobody told me yet that we (should) have static routing, I thought there was a mastermind at work who could get into a network without a wifi-access point and spoof the coworker in order to access the some documents.

The adrenaline rush was real 😨

Scanning the network with nmap solved the mystery rather quickly but thought me that I need to set up a secure way to get remote access on the network.

I would appreciate some input on the set up I thought of:
A raspberry Pi connected to a vpn that runs ssh with pw auth disabled and the ssh port moved.
Would set up the vpn in a similar fashion.

Fuck isps where you have to pay like $50 for a static ip. Im tryna set up a wemos for automating stuff, and the only way to ping from my phone is pinging a vps that has an open socket towards the wemos :/

Finally set up my home server and port forwarded it so I can use linux everywhere even as a window pleb.

Now just to make a solution for not having a static IP address...

I just hate Comcast. All I want is a static IP to host a server on BUT NOOOO COMCAST BE LIKE BITCH YOU GOTTA BUY OUR ENTERPRISE PLAN FOR SOME RIDICULOUS AMOUNT FOR A STATIC IP

I did something potentially extremely stupid today

In 2020 when I was a teenager I suggested my uncle who ran a family business with my father to start a e commerce website. I did lot of stupid stuff doing this too. Planned to use AWS free tier to host the website and used Godaddy for domains IIRC. Setup godaddy email forwarding to his gmail account too IIRC

I registered a AWS account with my email(bad idea since my uncle's debit card was the payment method). I then setup a EC2 instance but instead of using the free instance I used some other instance because I didn't read what instance was free and setup his debit card as the payment method.

Setup woocommerce on it and pointed the domain to instance's static IP. We didn't do a lot of stuff on the website but next month on AWS we got a bill but it was a small amount. Uncle paid the bill and I terminated the EC2 instance IIRC. Next month there was a very small bill I don't remember what I did after it.

Today I remembered about it logged in to AWS and paid the bill. The problem is I used the default billing address which is in my uncle's name and the address of the family business. IIRC we didn't give them tax details of the business so we can't claim tax credit on it.

But still since there is a bill with the address of the business which Amazon probably reported to the government there could be tax discrepancies. Bill was due 4 years ago so maybe it will affect his 2020 returns which could be painful. The bill was also paid by me not from my Uncle's account so that might complicate things.

Thankfully the surprise AWS bill had basically zero affect on my relationship with my uncle.

Took a whack at installing arch...

I failed. 😔
My rj-45 port is broken and i I couldn't figure out how to manually set a static ip, default gateway and dns for the wifi interface thru the terminal when installing.

Oh well. Maybe next time

I'm absolutely exhausted...
Just spent the past 2 days restructuring our SAAS products entire server network on AWS just so we can have a static IP address for all our server instances passing through an NAT....because we need to integrate with another service that only allows you to access their API if they whitelist your IP.

Ok... so I have a unique question/opportunity. I can't give all the details but here's the jist:

3yrs ago I was hired to consult a now prominent(still decently well known then) web-based company with many thousands of users, dealing with a lot of money and leveraging a social environment. They had several issues but initially they really needed me to find/train chat mods.

I did not take the offer for monetary reasons, like all consulting I've done, I had additional reason and/or fondness to fix the issues. In this case it was an interesting challenge and I knew several customers and some support staff so it'd be worthwhile.

They (without request) reduced their typical 2mo probationary period to 2wk for me. With less than a day left of that period, I was 'hacked' via a pushed telegram update, on the account they made me create for work purposes (they had control of the phone number not me).

During this 'hack' one of the 2, currently active, culprits sent a message to his tg account from the 'hacked' one and quickly deleted the entire convo. The other pretended (poorly) to be me in the chat with the mods in training (at least a few directly witnessed this and provided commentary).

Suddenly, I was fired without any rationale or even a direct, non-culprit, saying anything to me.

The 'hack' also included some very legit, and very ignorantly used, Ukrainian malware.

This 'hack' was only to a 2nd gen lenovo yoga I got due to being a certified refurbisher... just used for small bs like this chat mod/etc job. I even opened up my network, made honey pots, etc., waiting for something more interesting... nope not even an attempt at the static ip.

I started a screen recording program shortly after this crap started (unfortunately after the message sent be 'me' to the dude who actually sent it happened... so i still dont know the contents).

I figured I'd wait it out until i was bored enough or the lead culprit was at a pinnacle to fall from...

The evidence is overwhelming. This moron had no clue what he was doing (rich af by birth type)... as this malware literally created an unhidden log file, including his info down to the MAC id of his MacBook... on my desktop in real time (no, not joking... that stupid)

Here's my quandary... Due to the somewhat adjacent nature of part of our soon to be public start-up... as i dont want it to turn into some coat tail for our tech to ride on for popularity... it's now or never.

Currently im thinking, aside from any revenge-esq scheme, it'd be somewhat socially irresponsible to not out him to his fellow investors and/or the organisation that is growing with him as one of few at the forefront... ironically all about trust/safety/verification of admins in the industry.

I tried to reach out to him and request a call... he's still just as immature. Spent hours essentially spamming me while claiming it wasnt him but hed help me find whoever it was... and several other failed attempts to know what i had. When i confirmed he wasnt going to attempt a call, i informed him id likey mute him because i don't have time for back and forth bs. True to form he deleted the chat (i recorded it but its of no value).

So... any thoughts?

Trying to create a dedicated server but stupid comcast won't give me a static IP 😰

So I reinstalled Ubuntu server and set the ip to 204, but I forgot that I assigned a static ip to it in my dhcp. I guess it has two IPv4 addresses now? How? Only one NIC 🤔

Me (sysop) : in order to access our servers, you have to give us your WAN static IP...
Developer : yes I have a static IP... 192.... 168...
Me (don't know wether to laugh or cry...) : O.K. !

Just moved flats with a last minute confirmation, sadly the flat in question is not eligible for fibre broadband (high-rise) so had to settle for good old ASDL.

Find a good deal (as all providers are offering the same speeds/technology, all ASDL broadband is provided in the UK through BT landlines) to discover there is a mandatory 2 week waiting period to switch over ownership...

Fine, will wait 10 days for internet (torture except from dev rant on mobile internet, thanks for being text only), box arrives 3 days ago stating not to plug it in until activation date...

Fine I shall wait, today I get impatient and setup the router without connecting it to the landline so I can use the WiFi to connect to my Nas etc, login to WiFi navigate to Nas IP .... Automatic reroute to "login" page "We have detected your router is not connected to the landline, ensure your router is properly connected". Try logging into management site, works, change admin password etc. No setting to disable "self heal" functionality. No setting to setup static routes for my lab router, No setting to switch to modem only mode for when I inevitably buy a new wireless router for when this piece of crap can't handle the internal network traffic...

All this for a pitiful 10/? Mbps average, I want my fibre connection back :'(

So I've spent all day chasing around this issue for a coworker who was trying to help a client with a new report they were deploying to their system.

Now I learned a couple of things today because of this. Due to moving buildings, our new network completely broke our report server because the DNS can't resolve it's name. Since we're rewriting this system from the ground up, I haven't been majorly concerned about getting this fixed, but with this coming up, being persistent, I'm glad I figured it out. IT did give us a static IP for this VM, but they never bothered to add a DNS entry for it, so for the past couple of months, this hasn't worked for some reason, and now that's why.

So the root cause of my issue can been seen from 2 directions, the dev of the report, and the dev of the UI that reads it. The dev who wrote this code originally is checking very specifically for 'asc' and 'desc', meanwhile my mans who wrote the report has his order by with 'ASC' where he needs it.
(MAN, THE PREVIOUS DEV WAS GREAT)

I'm glad I was able to help him, but god damn, that took all day, AND TO FIND IT WAS A CAPTIALIZATION ISSUE, AAAAAAAAA FUCK ME

Today i chartered new realms for me.

I created a new hyper-v vm on the company windows servers and added a 5th instance to it, but instead of running another windows server i installed an ubuntu 18.04 (cause i am a bit familiar with debian from my raspberry pi)

we have two servers, one which runs the 4 vms and a replica. I first had the new vm on the main server but it occured me to move it instead to the unusued replica machine. That kinda worked..i did a planned failover but the main server isnt configured to be the replica..and even when activating that it didnt work. This is weird.

For the moment i ignored that and proceeded to install nginx, mariadb and php 7.2..basically the lemp stack. I managed to setup nginx and a static ip adress for the machine (which was different from how i remembered it to do (in 18.04 its not done with the network conf but a yaml file).

in the end i added two different virtual servers, one for actual use and one for dev stuff (with phpmyadmin running for instance), listening on port 80 and some random other port.

as a test i brought a mediawiki onto the Port 80 server and it worked.

on monday i have to figure out how to implement the wildcard certificate i have for our company domain (internal dns simply routes intranet.company.com to the local server vm)

i am mighty proud cause all my experience with linux was with a raspberry pi so far and i am fairly certain i did it right and without shortcuts this time. (unlike my raspberry experience)

just wanted to share

(i also sweated a lot of blood when editing the hyper v settings as i did not set up the server in the first place)

((i also installed xrdp and a mate desktop, but i am less proud of that, but sometimes seeing folders graphically helps me))

How fucking sucking difficult is it too setup a static ip in AWS on a loadbalancer??? I spend the whole day figuring out how to use the nat gateway or other means and it still doesn't work. Debugging is almost impossible because they give you zero logs.

And all of this because a client wants to work with a whitelist for their shitty system on location.

The jolly of unriddling multiple DNS zone overrides to a static, single IP of a HAProxy loadbalancer which acts as a router and has domain based backend association rules, but frontend based CORS overrides.

My eyes are bleeding, my brain is defeated and I think I need more gaffa type to put together the pieces of what some puny humans call a soul.

I uploaded my static site on AWS. Doesn't load when I typed the public IP in the URL. Googled, found StackOverflow answer to traffic and ports as a security group to AWS. Tried it and it still doesn't work.

Hey Bluehost, sorry I left but I'm back now

Okay so anyone experienced working with networking or VOIP applications are welcome to try to help me figure out a few questions I have.

1.) How do VOIP applications like Discord and Skype not have to require you to port forward before use?

2.) If I wanted to do stuff with sockets over the internet the user of the application would have to configure a static IP Address. but when Im using Discord, or a multiplayer game, or literally anything that requires connecting to people I dont have to configure a static IP for those applications but I do for mine?!?

3.) Is there any additional information I should learn about whilst trying to make my networking application (File Transferring application) work? or any links/PDF's I should check out?

These are kinda just things I haven't found answers to, and I didn't know where to ask.

Don't you guys love it when your ISP suddenly decides to change your public IP? The one you were using for months?

I know we're technically not getting a static address guarantee (that is for some reason something only companies can buy), but a heads up would be nice...

I spent like an hour debugging why my VPN suddenly couldn't connect...

i need an adult. I know noone who would understand my worries, so you guys need to be it.

i have a nextcloud running on my raspberry pi. performance is horrible, dont ask, but it works.

i mostly use it to backup the photos of my phone sd card every night when my phone charges. Internally this works good. If i am elseplace it wont for obvious reasons.

In my youthful joy of doom i opened port 443 and forward it to my raspi. I get internet via cable and my ip is pretty much static (it was the same for 10 months). So external access is provided.

Now i thought, its stupid that i cannot sign an ssl certificate cause i dont have a domain. Lets buy domain. But before i do that i did some try runs with duckdns to test the principle.

Some back and forth, it works now. Pretty god, i could even make a cron job on the raspbi to renew (that should work right?). Only problem. randoname.duckdns.org doesnt work internally. Or should not at least.

So i googled a bit and it turns out that my router (a cable fritz!box i bought myself) can be a local network dns. Or cannot. Regardless what i try, it doesnt accept the changed config file.

Now the problem.

It works anyway. randoname.duckdns.org points to my external "static" ip and resolves to that from my internal network..so it works on my phone or laptop. if i traceroute the thing it goes via two hops out and finishes in less than 1ms.

Now to the problem:
I have no fokkin clue why. The expected behaviour would be that it shouldnt work. If i do what i intended todo on pc in the hosts file tracert works correctly, directly pointing to the internal ip.

What i cannot figure out, is it the fritz!box being smart? Is it my ISP being smart?

Reason to rant: i have absolutly NOONE to ask, i know not a single person who would even understand what troubles me. I want to learn, i want to know WHY not just some mindless russian patchwork of "if it works its good enough".

thats depressing.

Goddammit have tried for several days to get a vpn up and running so we can have a mac as build server.

I have opened the ports on the router, tried l2tp and openvpn, everything works on the local network.

However accessing my static ip from my ISP, it just gives me weird errors from the devices no information. Goddammit what to do....

Learning Pulumi with Python. Not a fan of Py, but I know my way around.

There's a dev cluster. My colleague asked me to modify Pulumi scripts for cost optimization, as the project transitioned to maintenance mode and is no longer needed on daily basis. Since I'm learning, he asked me laughing not to delete/change the static IP and not to delete the cluster.

I'm currently recreating the cluster anew for the third time :)

Gotta say, destroying a cluster is only scary the first time.

Is there a cloud service that does nothing but redirect incoming HTTP requests to your home server without the need to have a static IP or an open TCP port ? Sort of like proxy

How can anybody use virtualization on Windows? Seriously! My second experience with Hyper-V. Not only it can't do basic stuff like forward devices into VM. And CPU and network configuration is simply a joke with almost no settings. But even those few stop working after a while! Aaarrrgh! Spend hour clicking like crazy trying to get network working. I wanted just a simple network between host and guest. Willing to setup static IP. Can't be simpler. But no, can't do. Somehow started working after ten times trying the same. And stoped after few seconds. Are you kidding me? And there are people using this peice of crap seriously and even call this production? Screw it. My brother will have to learn to have VMs in Linux.

So as a personal project for work I decided to start data logging facility variables, it's something that we might need to pickup at some point in the future so decided to take the initiative since I'm the new guy.
I setup some basic current loop sensors are things like gas line pressures for bulk nitrogen and compressed air but decided to go with a more advanced system for logging the temperature and humidity in the labs. These sensors come with 'software' it's a web site you host internally. Cool so I just need to build a simple web server to run these PoE sensors. No big deal right, it's just an IIS service. Months after ordering Server 2019 though SSC I get 4 activation codes 2 MAK and 2 KMS. I won the lottery now i just have to download the server 2019 retail ISO and... Won't take the keys. Back to purchasing, "oh I can download that for you, what key is yours". Um... I dunno you sent me 4 Can I just get the link, "well you have to have a login". Ok what building are you in I'll drive over with a USB key (hoping there on the same campus), "the download keeps stopping, I'll contact the IT service in your building". a week later I get an install ISO and still no one knows that key is mine. Local IT service suggests it's probably a MAK key since I originally got a quote for a retail copy and we don't run a KMS server on the network I'm using for testing. We'll doesn't windows reject all 4 keys then proceed to register with a non-existent KMS server on the network I'm using for testing. Great so now this server that is supposed to connected to a private network for the sensors and use the second NIC for an internet connection has to be connected to the old network that I'm using for testing because that's where the KMS server seems to be. Ok no big deal the old network has internet except the powers that be want to migrate everything to the new more secure network but I still need to be connected to the KMS server because they sent me the wrong key. So I'm up to three network cards and some of my basic sensors are running on yet another network and I want to migrate the management software to this hardware to have all my data logging in one system. I had to label the Ethernet ports so I could hand over the hardware for certification and security scans.

So at this point I have my system running with a couple sensors setup with static IP's because I haven't had time to setup the DNS for the private network the sensors run on. Local IT goes to install McAfee and can't because it isn't compatible with anything after 1809 or later, I get a message back that " we only support up to 1709" I point out that it's server 2019, "Oh yeah, let me ask about that" a bunch of back and forth ensues and finally Local IT get's a version of McAfee that will install, runs security scan again i get a message back. " There are two high risk issues on your server", my blood pressure is getting high as well. The risks there looking at McAfee versions are out of date and windows Defender is disabled (because of McAfee).

There's a low risk issue as well, something relating to the DNS service I didn't fully setup. I tell local IT just disable it for now, then think we'll heck I'll remote in and do it. Nope can't remote into my server, oh they renamed it well that's lot going to stay that way but whatever oh here's the IP they assigned it, nope cant remote in no privileges. Ok so I run up three flights of stairs to local IT before they leave for the day log into my server yup RDP is enabled, odd but whatever let's delete the DNS role for now, nope you don't have admin privileges. Now I'm really getting displeased, I can;t have admin privileges on the network you want me to use to support the service on a system you can't support and I'm supposed to believe you can migrate the life safety systems you want us to move. I'm using my system to prove that the 2FA system works, at this rate I'm going to have 2FA access to a completely worthless broken system in a few years. good thing I rebuilt the whole server in a VM I'm planning to deploy before I get the official one back. I'm skipping a lot of the ridiculous back and forth conversations because the more I think about it the more irritated I get.

>Be me
>Have the COMPAL modem with the DOCSIS OS
>Change my bedroom router's IP to static after doing factory reset on the modem
>As expected, I get booted from the modem settings page
>Cannot log in now, because "another user is already signed into the modem settings page"

Stupid piece of silicon waste, whyyyy. I hate that thing, ugh!

I'm wondering if I should buy a ~1800usd/year bare-metal server to put ALL my random websites/projects/app-backends, instead of buying VPSes here and there

But the thought "all eggs in 1 basket" is kinda scary -.-

And no, buying a static IP and hooking it to a home-server ain't happening (unfortunately), coz I move around a lot