Feuerfest

Just the private blog of a Linux sysadmin

"It's always DNS."

Photo by Visual Tag Mx: https://www.pexels.com/photo/white-and-black-scrabble-tiles-on-a-white-surface-5652026/

"It's always DNS."
   - Common saying among system administrators, developers and network admins alike.

Recently my blogpost about Puppet's move to go semi-open-source gained some attention and I grew curious where it was mentioned and what people thought about it. Therefore I did a quick search for "puppet goes enshittyfication" and was presented with a few results. Mostly Mastodon posts but also one website from Austria (the one without Kangaroos 😁). Strangely they also copied the site title, not just the texts' title, as it showed up as "Feuerfest | Puppet goes enshittyfication".

Strange.

I clicked on it and received a certificate warning that the domain in the certificate doesn't match the domain I'm trying to visit.

I ignored the warning and was presented with a 1:1 copy of my blog. Just the images were missing. Huh? What? Is somebody copying my blog?

A short whois on the domain name revealed nothing shady. It belonged to an Austrian organization whose goal it is to inform about becoming a priest of the catholic church and help seminarians. Ok, so definitely nothing shady.

I looked at the certificate and.. What? It was issued for "admin.brennt.net" by Let's Encrypt. That shouldn't be possible from all I know, as that domain is validated to my Let's Encrypt account. I checked the certificates fingerprints and.. They were identical, huh?

That would mean that either someone managed to get the private key for my certificate (not good!) or created a fake private key which somehow a webserver accepted. And wouldn't Firefox complain about that or would the TLS handshake fail? (If somebody knows the answer to this, please comment. Thank you!)

I was confused.

Maybe the IP/hoster of the server will shed some light on this?

Aaaaand it was the current IP of this blog/host. Nothing shady. Nothing strange. Just orphaned DNS-records from a long-gone web-project.

As I know that Google - and probably any other search engine too - doesn't like duplicate content I helped myself with a RewriteRule inside this vHost.

# Rewrite for old, orphaned DNS records from other people..
RewriteEngine On
<If "%{HTTP_HOST} == 'berufungimzentrum.at'">
    RewriteRule "^(.*)$" "https://admin.brennt.net/please-delete.txt"
</If>

Now everyone visiting my site via "that other domain" will receive a nice txt-file asking to please remove/change the DNS entries.

It certainly IS always DNS.

EDIT: As I regularly read the logfiles of my webserver I noticed that there are additional domains who point to this host.. So I added additional If-Statements to my vHost-config and added the domains to the txt-file. 😇

Comments

Why is it so cumbersome to order simple replacement parts?

Photo by Dan Cristian Pădureț: https://www.pexels.com/photo/blue-and-yellow-phone-modules-1476321/

What I expect from a manufacturer is that I can order spare parts for a certain period of time. Especially those that need to be replaced after a certain amount of time - think of nose-hair trimmer blades.

Yet I am constantly shocked how bad the situation is.

"Yes, we offer replacement blades. A blade costs 15€". While a completely new trimmer including a blade costs 17€. Not cool. I'm not going to get into the whole electronic waste and price gouging thing. But prices like this, for small parts like this? It smells of both.

Or take my mechanical computer keyboard. I own a "Das Keyboard" Professional S with ISO/DE layout for over 15 years. It works flawlessly. Since I own it, no matter how long I type, my knuckles no longer hurt. Thanks to the Cherry MX Brown switches, there is also no clicking noise when the keys are pressed.

Now after over 15 years of use, the Enter keycap has broken. What do I mean by a keycap? Most mechanical keyboards use some sort of switch - Cherry MX Brown or Cherry MX Blue, for example - that determines how much kinetic force you have to apply to the key before it is recognised as being pressed and whether or not it makes sound. But this is just the switch. The electrical part. The part that our fingers touch is called the keycap. And this keycap just sits on top of each individual switch. The sort of switch you use define which keycap you can use, although it seems most settled for the convex plus-shaped connector to stay compatible.

Now this keycap broke. And I thought: Well, those keycaps are replaceable. There are literally hundreds of shops that sell whole custom keyboard keycaps. In all sorts of materials, colours, etc. So it shouldn't be that hard to get a single keycap for my enter key, right?

Yeah, no. It took me 6 hours spent over 2 days to find a shop that:

  1. Sells either individual keys or small replacement collections
  2. Has the enter keycap in ISO design (2 rows high instead of just 1)
  3. Is located in the EU, preferably Germany (shipping time/cost)

If I had placed my order in one of the many Taiwanese shops I would have to pay US-$ 2,50 for the key, an additional US-$ 30 for shipping and have to wait 3-6 weeks. Too expensive. Too long.

The shop where I bought my Das Keyboard in 2012 still exists: GetDigital.de. And judging from what I see they are still the official vendor in Germany. But replacement parts? Nope. Only whole keyboards. Yes, some fancy keycaps for the escape, control or alt keys. Or replacement keycaps with the Linux or MacOS logo for the Windows key. But no keycap for my return key. Narf!

EDIT: I had sent an email to GetDigital asking for a replacement key, due to a mail migration at the mail-provider I used and a new anti-spam software this ended up in the spam folder. I additonally learned that the spam-folder isn't automatically checked for new mail on my phone and yeah..
TL;DR: GetDigital asked for my address and offered to send a replacement key free of charge. They only said that while the color will be the same, the material will be different as this has changed meanwhile. Which is perfectly fine for me.

Heading over to the r/MechanicalKeyboards/ subreddit I was delighted to find a list of vendors in their subreddit's wiki: https://www.reddit.com/r/MechanicalKeyboards/wiki/keycapsellers

Still nothing with matches my criteria...

Only through sheer luck I found a comment linking to the keyboard vendor list from Alex Otos who seems to specialise in keyboard builds. There I finally found 2 shops from Germany. GeekBoards.de from Berlin and Keygem.com from Aachen. GeekBoards sells at least a 4-keycap collection with the enter keycap in the ISO form I need: https://geekboards.de/shop/c0039-enjoypbt-iso-compatibility-keycap-set-light-grey-370?variant=1115 Yai!

Ok, it is in light grey and not black, but I can live with that.

Finally..  I mean 6€ + 7,90€ for shipping (in Germany, the same country!) is also somewhat pricey, but alas at least I have a replacement key. And to be fair: The whole handling and logistics stuff for single keys is the same as when I bought a whole keyboard.

I later found out that r/MechanicalKeyboards/ has a separate list for Germany and GeekBoard is listed there too.. https://www.reddit.com/r/MechanicalKeyboards/wiki/germany_shopping_guide Ah well.. Hopefully this information helps someone else too. 😅

Comments

Choose your passphrases carefully!

Photo by Keira Burton: https://www.pexels.com/photo/unrecognizable-friends-gossiping-together-on-street-6147138/

I am walking down a street behind a building and notice a person leaving said building. Suddenly an alarm sounds.

Person: "Ah man! Damn it!"
Person picks up their phone and makes a call
Person: "Yes hi, this is first name last name from company X. I'm calling because I triggered a false alarm."
*Short pause*
Person: "Gross income."
*Short pause*
Person (visibly relieved): "Alright, thank you! Bye"

Your task: Identify the passphrase that will allow you to flag the security alarms as false-positive.

Please! Take the place, time and situation in which a passphrase is used into account! Especially when you must account for passers-by!

Thanks and make sure to visit my TED-Talk. 😉

Comments

How an ITIL mindset saved 2 of my wisdom teeth

Photo by Piet Bakker: https://www.pexels.com/photo/white-long-coat-lion-68421/

No productive change on Friday!

This expression was my first encounter with ITIL at all. Having just started fresh as Junior Linux sysadmin at a major German telecommunications provider. Strictly speaking, the rule was the following: "No standard changes to a production system if the next day isn't a normal workday." This was put in place to ensure that problems in production can be fixed in a timely manner, that all required resources and people are available. A plain, simple logical rule—and a very effective one.

But how do my wisdom teeth come into play? Well, as I am currently learning for my ITIL4 certification, I remembered a story from that time. I was visiting my dentist, and the whole appointment just felt strange. I knew I had some minor pain in one or two teeth a few weeks ago. Which was when I first visited them. But the dentist—a big clinic with several doctors—did not have enough time at that point and gave me a new appointment.

Naive as I was, I didn't note down what would be done at that appointment. Trusting that the doctor will document everything, right? Well.. He didn't. This time I got another doctor, and he did the one thing I remembered and then just left the room. I wasn't told the appointment was over. It didn't feel like it was over. So I just kept sitting in the chair, waiting.

Some 10 minutes later, a doctor's assistant comes into the room to prepare it and is surprised I am still there. I am told that I am free to go, and, well, I do. I had just put my jacket on when another assistant approached me. "Oh, good that I managed to catch you. You need to make an appointment for the removal of two of your wisdom teeth. The doctor spotted caries in them."

I was surprised. He didn't say anything about that. But, ah, well. Doctors can have a bad day too. So off to the reception I went to make an appointment for the removal. Only to learn that these removals are done by an external doctor who solely does wisdom teeth removal. Additionally, all of his appointments for the next 3 months are fully booked. The reason? He is only present on Fridays.

Immediately, the beloved ITIL phrase comes to mind. Realizing full well that if I should have any pain or bigger problems, I will be in minor trouble. Having to go to the emergency on-call dentist in my town for that weekend—or directly to the hospital. I wasn't really keen on that. So the receptionist and I agreed that I would call some days later to schedule an appointment when I had sufficient time to organize my calendars.

Only that.. Well, I never called back. I grew more and more suspicious over the days and said to myself, "Let's wait until I start to feel something in my teeth." The doctor's strange behavior didn't contribute to my inner well-being either.

I waited. And waited. And waited. And when it was time for my next regular dentist visit, I decided to get a second opinion. I asked some colleagues, checked a few "Rate your doctor" websites, and went to another dentist.

There, they did an X-ray of my whole jaw to get a complete overview. The doctor was nice. Explained what he was looking for. What he can and can't see, and I asked fairly simply if there is any caries in some of my wisdom teeth. He looked a bit stunned for a second and said, "No, not from what I see. If there is caries, usually black spots are visible. But there are none, as far as I can see. Do you feel any pain? Especially when they come into contact with something hot or cold?"

So, I explained the whole situation to him, and then he told me a few details (which I won't write down here for legal reasons), which made it obvious to me that changing my dentist was indeed a good decision.

And all of that, just because I followed ITIL procedures from my employer. Ha!

Comments

Understanding the structure of Email addresses

Photo by Miguel Á. Padriñán: https://www.pexels.com/photo/email-blocks-on-gray-surface-1591062/

Some rather fun stories revolve around my usage of mail addresses. Like many IT people, I like to use identifiable email addresses. In my case, it means I always use companyname-DDMMYYYY@my-domain.tld or website-domain-DDMMYYYY@my-domain.tld when I need to specify a mail address.

This has the advantage that I can verify if the sender matches the recipient address. Obviously, Paypal won't send mail to some-webshop05072024@my-domain.tld. And it is a good pointer when some customer database was leaked or if sites are selling customer data. I experienced it like 10 times already: the mail associated with a certain website or shop got spam right after I deleted my account there. Truly unsuspicious...

And in the few cases where a company's customer database was leaked several times, I can easily change the mail address and still track if the new address is being spammed or not.

The unexpected benefit of unique mail addresses

The first real surprise came to me some years ago when I bought new furniture for my new flat. When the furniture was being delivered and built up one of the people setting them up said to me: "Ah, I see we work at the same company."

I was confused and replied: "Uh, no. I'm not working for (that furniture company's name). Why do you think I do?"
"Well, according to the receipt you got the employee discount.", the man replied. I was dumbfounded. I definitely didn't lie, and when I was in the store and purchased the furniture the employee also said nothing regarding this topic.

Then it dawned on me: My mailaddress! It was companyname@my-domain.tld! But.. I thought in disbelief, "It's only in the local-part!" Well.. Looks like the employee doesn't understand the structure of mail addresses and that everyone is free to choose the part before the @-sign (the so-called local-part or username). And thought I do work for the company, and gave me the discount without saying a single word. Wow.

Basic IT-Security in the banking industry?

And today? The same happened. With my bank. I needed an appointment and called them. As I didn't provide a mail address to them in all these years they asked for one to set up the online calendar entry. I told the customer rep to use bankname2024@my-domain.tld. The representative immediately asked in surprise: "Oh! You work for one of our branches?"

Well.. I was a bit shocked as, until that point, I thought that bank employees were at least minimally trained to properly read mail. In order to detect at least the most obvious phishing attempts. It seems I was wrong.

I gave the rep a quick run-down on the structure of mail addresses and said that basically everything in front of the @ is irrelevant (or at least should be treated as such). And that was it. On to the next adventure with mail addresses!

Comments

I'm not owing you my hyperfocus!

Photo by Tara Winstead https://www.pexels.com/photo/motivational-phrases-for-mental-health-8378735/

Recently, I had a conversation with a recruiter on LinkedIn. It started pretty normal, but for some reason I mentioned I have ADD (Attention Deficit Disorder (Wikipedia)). The recruiter replied that this could be used as an advantage. "How so?" I asked.
And immediately after stating my question, the recruiter said something that made me angry in a rather rapid way.

The recruiter elaborated that I can be presented as way more productive due to my hyperfocus (Wikipedia), and that this has the potential to give my future employer a huge benefit.

I was speechless. I didn't reply for 2 minutes. Only thinking: "WHAT!?"
It certainly didn't help that the way in which my hyperfocus was portrayed reminded me of how slaves were marketed in human history. Pointing out the benefits of their bodily features for the profit of their future masters. Nope. Definitely not helping.
But the main reason for my anger stirred from the fact that my hyperfocus is not some kind of fancy addon. Not some kind of trait I voluntarily learned.
My brain works differently. The chemicals that my brain produces are produced in different amounts than in people without ADD. Science has proved this again and again. This is directly tied to different behavioral patterns. Which can cause problems with people who are not on the neurodiversity spectrum of brains.
Many of us ADD'ers only learn of this in our late 30s or even later. After decades of struggling. Trying to find out, "What is wrong with me? Why am I so different than anybody else?" After all, diagnosis was bad in the previous decades. Going even so far as: "ADD is only present in children. It will go away with time." That those children simply learned to hide their ADD and suffered silently as adults? That many adults with undiagnosed ADD develop a depression because of this? Yeah.. This is only understood since a mere decade or two.
I would happily trade my hyperfocus for a normal brain. Don't get me wrong. I don't hate myself for having ADD. It's just the way that I am. And since I got my diagnosis, I have learned more and more about myself and how to deal with all that accompanies ADD.
Fortunately, diagnosis, help, and treatment get better and better, especially for children. Well, at least here in Europe.
But if you are already an adult? It kind of sucks.

(TL;DR: Money. Here in Germany, doctors can send bills to healthcare providers if the ADD patient is a child. But NOT if the patient is already an adult. Yes, a flaw in the law. But an annoying one. This effectively means: Trainings, Coaches, behavioral therapy, medicaments.. All paid for if you are a child. As an adult? Here, take your pills with Methylphenidate (Wikipedia) (like: Elvanse, Medikinet, Ritalin, Concerta, etc.) and that's it. If you want more, search and pay for it yourself.)

But utilizing my hyperfocus in a way to improve my chances of getting hired?
That's NOT the way it's going to work. That's not the way it should be E-V-E-R. That's just a twisted and perverted way of exploiting oneself.
Personally, I have the following approach: If it kicks, it kicks. Sometimes I enjoy it. Using it to deep-dive fast into the topic and learn so much in so little time. Sometimes it's annoying as hell, as I know I can't give in to the hyperfocus as there are other pressing matters more relevant to me or the lives of others.
Most importantly: My hyperfocus is not something I can control.
Yes, there are situations/techniques, etc. that can help. And I've read my fair share of ADD'ers saying they are able to control it.
I always immediately question myself: "Can they, though? And, if they can, should they?"
While being hyperfocused, I feel great. Time feels stopped, yet I can see how rapidly I advance. Which is an awesome feeling for someone with ADD who, more often than not, feels things are too slow to be enjoyable.
But right after the rush of hyperfocus ends? Yeah, better spend some quality leisure time to recharge those internal batteries of yours. If not. Or you simply can't? Things tend to get messy. Missed appointments, forgotten tasks, household chores being left undone, and so on.
And now I imagine ADD'ers who constantly push themselves into that rush just to "prove their worth to their employer." After all, they were sold with that advantage, right?
Why not just hand out free cocaine to non-ADD employees then? Sounds stupid? Dangerous? Yep, now you understand my point.

Back to the recruiter. I told the person all this. That my hyperfocus is a part of me. And it's not a reliable one. Or rather: One on which I wouldn't rely on to get the job done. That I just want to be treated normally. And not be "our newest hyperfocus hire.".
The answer I got was: Well, sadly, not much at all. The recruiter got that I wasn't interested in a job. Well, I said so before. It's just that our conversation switched to this topic then. And therefore, the recruiter seemed to not bother answering any of the ethical questions I imposed.
I mean, I get it. What the recruiter said was, most likely, only meant to uplift me. To make me feel good. To give me the impression that I have good chances of being hired.

But still: I'm not owing you my hyperfocus!

Addendum

Some days have passed since I published this post and there is something which I want to add. It's about the whole topic: "Due to your hyperfocus you are more productive!"

Personally I think this is not true. All imponderabilities aside: You need to recover after a hyperfocus. You cannot be constantly in hyperfocus. Like you can't constantly be in a state of flow, something which everyone of us has experienced at one time or another. But hyperfocus, in my personal experience, is way more intense. And I can't say how long it will last.

Likewise I can't tell how long I need to properly recover, but here the logic comes in. Do I need longer to recover (and are maybe less productive during this period) and therefore eliminate the benefits of the time spent in hyperfocus? Or not?

Do hyperfocus and recovery-time always cancel themselves out? Or not? Or like in 70% of all cases? What is the right number here? Is there any at all?

I don't really want answers to these questions. They are simply not needed.

And is there a guarantee that someone in hyperfocus won't make mistakes? Of course not! My advise to employeers would be: "Be happy and thankful when an employee does way more work in a considerable short amount of time. But don't make it the new standard or take it for granted. That won't neither last nor help."

Comments