So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!

It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"

Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.

My parents found it very easy to work with as well so we decided to stick with it.

I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.

Then I started to experiment more and more.

After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!

From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.

Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!

I started to learn stuff like FTP, SSH and so on.

Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?

First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.

Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.

Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!

I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.

Finally made the jump to NginX and CentOS!

Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.

Started with simple, one screen linux setup with ubuntu 10.04.

Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!

It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).

Where do I even start?

Personal projects?
So many. Shouldn't count.

Unpaid game dev intern?
Unpaid game dev volunteer?
Both worthwhile, if stressful. Shouldn't count either.

Freelancing where clients refused to pay?
That's happened a few times. One of them paid me in product instead of cash (WonderSoil, a company that [apparently still] makes and sells some expanding super potting soil thing). The product turned out to be defective and killed all of the plants I used it on. I'd have preferred getting stiffed instead. Their "factory" (small, almost tiny) was quite cool. The owner was a bitch. Probably still is.

Companies that have screwed me out of pay?
So many. I still curse their names at least once a month. I've been screwed out of about $13k now, maybe more. I've lost track.

I have two stories in particular that really piss me off.

The first: I was working at a large robotics company, and mostly enjoyed my job, though the drive was awful. The pay wasn't high either, but I still enjoyed the work. Schedule was nice, too: 28 hours (four 7-hour days) per week. Regardless, I got a job offer for double my salary, same schedule, and the drive was 11 minutes instead of 40. I took it. My new boss ended up tricking me into being a contractor -- refused to give me a W2, no contracts, etc. Later, he also increased my hours to 40 with no pay increase. He also took forever to pay (weeks to months), and eventually refused to pay me to my face, in front of my cowokers. Asshole still owes me about $5k. Should owe me the the difference in taxes, too (w2 vs 1099) since he lied about it and forced me into it when it was too late to back out.

I talked to the BBB, the labor board, legal council, the IRS (because he was actively evading taxes), the fire inspector (because he installed doors taht locked if the power went out, installed the exit buttons on the fucking ceiling, and later disconnected all of said exit buttons). Nobody gave a single shit. Asshole completely got away with everything. Including several shady as hell things I can't list here because they're too easy to find.

The second one:
The economy was shit, and I was out of a job. I had been looking for quite awhile, and an ex-coworker (who had worked at google, interestingly) suggested I work for this new startup. It was a "reverse search engine," meaning it aggregated news and articles and whatnot, and used machine learning to figure out what its users are interested in, and provided them with exactly that. It would also help with scheduling, reminders of birthdays, mesh peoples' friends' travel plans and life events, etc. (You and a friend are going on vacation to the same place, and your mutual friend there is having a birthday! You should go to ___ special event that's going on while you're all there! Here's a coupon.) It was pretty cool. The owner was not. He delayed my payments a few times, and screwed me over on pay a few more times, despite promising me many times that he was "not one of those people." He ended up paying me less than fucking minimum wage. Fake, smiling, backstabbing asshole.

The first one still pisses me off more, though, because of all the shit I went through trying to get my missing back pay, and how he conned me every chance he got. And how he yelled at me and told me, to my face, that he wasn't ever going to pay me. Fucking goddamn hell I hate that guy.

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

It has been bugging the shit out of me lately... the sheer number of shit-tier "programmers" that have been climbing out of the woodwork the last few years.

I'm not trying to come across as elitist or "holier than thou", but it's getting ridiculous and annoying. Even on here, you have people who "only do frontend development" or some other lame ass shit-stain of an excuse.

When I first started learning programming (PHP was my first language), it wasn't because I wanted to be a programmer. I used to be a member (my account is still there, in fact) of "HackThisSite", back when I was about 12 years old. After hanging out long enough, I got the hint that the best hackers are, in essence, programmers.

Want to learn how to do SQL injection? Learn SQL - write a program that uses an SQL database, and ask yourself how you would exploit your own software.

Want to reverse engineer the network protocol of some proprietary software? Learn TCP/IP - write a TCP/IP packet filter.

Back then, a programmer and a hacker were very much one in the same. Nowadays, some kid can download Python, write a "hello, world" program and they're halfway to freelancing or whatever.

It's rare to find a programmer - a REAL programmer, one who knows how the systems he develops for better than the back of his hand.

These days, I find people want the instant gratification that these simpler languages provide. You don't need to understand how virtual memory works, hell many people don't even really understand C/C++ pointers - and that's BASIC SHIT right there.

Put another way, would you want to take your car to a brake mechanic that doesn't understand how brakes work? I sure as hell wouldn't.

Watching these "programmers" out there who don't have a fucking clue how the code they write does what it does, is like watching a grown man walk around with a kid's toolbox full or plastic toys calling himself a mechanic. (I like cars, ok?!)

*sigh*

Python, AngularJS, Bootstrap, etc. They're all tools and they have their merits. But god fucking dammit, they're not the ONLY damn tools that matter. Stop making excuses *not* to learn something, Mr."IOnlyDoFrontEnd".

Coding ain't Lego's, fuckers.

OK, end of massive fucking 1 year long Dunning-Kruger wave. Time to learn C and algorithms. Looks like I'm Learning the curriculum in reverse order but nothing too bad.

If you saw my last rant, you'll know how much I hate Calculus. I decided instead of trying to learn this foreign topic, I'd instead translate it into a language I DO understand: C. The irony is that we use Calculus so we can learn to code easier, but I'm using code to learn Calculus easier. Funny if you ask me.

Learning C and just wrote a function to reverse chars in a char array (ex. "Hello" -> "olleH") but the array did not change.

It took me way to long to realize: I forgot to divide the length variable by two. So it reversed the array back everytime...

I really hate PHP frameworks.

I also often write my own frameworks but propriety. I have two decades experience doing without frameworks, writing frameworks and using frameworks.

Virtually every PHP framework I've ever used has causes more headaches than if I had simply written the code.

Let me give you an example. I want a tinyint in my database.

> Unknown column type "tinyint" requested.

Oh, doctrine doesn't support it and wont fix. Doctrine is a library that takes a perfectly good feature rich powerful enough database system and nerfs it to the capabilities of mysql 1.0.0 for portability and because the devs don't actually have the time to create a full ORM library. Sadly it's also the defacto for certain filthy disgusting frameworks whose name I shan't speak.

So I add my own type class. Annoying but what can you do.

I have to try to use it and to do so I have to register it in two places like this (pseudo)...

Types::add(Tinyint::class);
Doctrine::add(Tinyint::class);

Seems simply enough so I run it and see...

> Type tinyint already exists.

So I assume it's doing some magic loading it based on the directory and commend out the Type::add line to see.

> Type to be overwritten tinyint does not exist.

Are you fucking kidding me?

At this point I figure out it must be running twice. It's booting twice. Do I get a stack trace by default from a CLI command? Of course not because who would ever need that?

I take a quick look at parent::boot(). HttpKernel is the standard for Cli Commands?

I notice it has state, uses a protected booted property but I'm curious why it tries to boot so many times. I assume it's user error.

After some fiddling around I get a stack trace but only one boot. How is it possible?

It's not user error, the program flow of the framework is just sub par and it just calls boot all over the place.

I use the state variable and I have to do it in a weird way...

> $booted = $this->booted;parent::boot();if (!$booted) {doStuffOnceThatDependsOnParentBootage();}

A bit awkward but not life and death. I could probably just return but believe or not the parent is doing some crap if already booted. A common ugly practice but one that works is to usually call doSomething and have something only work around the state.

The thing is, doctrine does use TINYINT for bool and it gets all super confused now running commands like updates. It keeps trying to push changes when nothing changed. I'm building my own schema differential system for another project and it doesn't have these problems out of the box. It's not clever enough to handle ambiguous reverse mappings when single types are defined and it should be possible to match the right one or heck both are fine in this case. I'd expect ambiguity to be a problem with reverse engineer, not compare schema to an exact schema.

This is numpty country. Changing TINYINT UNSIGNED to TINYINT UNSIGNED. IT can't even compare two before and after strings.

There's a few other boots I could use but who cares. The internet seems to want to use that boot function. There's also init stages missing. Believe it or not there's a shutdown and reboot for the kernel. It might not be obvious but the Type::add line wants to go not in the boot method but in the top level scope along with the class definition. The top level scope is run only once.

I think people using OOP frameworks forget that there's a scope outside of the object in PHP. It's not ideal but does the trick given the functionality is confined to static only. The register command appears to have it's own check and noop or simply overwrite if the command is issued twice making things more confusing as it was working with register type before to merely alias a type to an existing type so that it could detect it from SQL when reverse engineering.

I start to wonder if I should just use columnDefinition.

It's this. Constantly on a daily basis using these pretentious stuck up frameworks and libraries.

It's not just the palava which in this case is relatively mild compared to some of the headaches that arise. It's that if you use a framework you expect basic things out of the box like oh I don't know support for the byte/char/tinyint/int8 type and a differential command that's able to compare two strings to see if they're different.

Some people might say you're using it wrong. There is such a thing as a learning curve and this one goes down, learning all the things it can't do. It's cripplesauce.

I was introduced to disassembly/reverse engineering today. It's amazing how many production applications use isLicenseValid() or other helpful function signatures to assist in my practical learning :p I'm looking at you sublime text

Why you should use sketchware and not use it at the same time regarding: encryption
sketchware the app is known to build apps by dragging elements to the screen then coding them with blocks or even write your code with the built in ide but there is one thing every developer fears. ah yes. the reverse engineers (or modders)
random guy [rates: X]: sketchware encryption is trash! are you serious?! string fog?! class rename?! i decrypted this whole app with the software i made >:D

sketchware dev wrote back to random guy: string fog isn't working because you decrypted sir! there is nothing we can do sir but email to our email and we will get back to you in a few and fix the problem

i have to say this is why i stick to android studio too many skids decrypt the C++ files or the mod menu just to edit stuff :) i also build some games im learning android studio game development but at the time lets have fun and mod other peoples games