Logic, IPv6, Outlook, Trap, INI, Tax Fraud, PYC, Zoom


  1. It's lovely when same basic design failure, is approached and investigated from different angles, over and over again. Wasting everyone's resources. Yawn. Afaik, systems should not be designed so that those inherently contain confusing inconsistent traps, which re-trigger investigation after investigation. Because system is operating in seemingly confusing way.

  2. Helped a friend to configure IPv6 for their network and services + checked all configuration so things are actually correctly configured and working.

  3. Constant problems with Microsoft Outlook eating / black holed inbound emails. As well as losing even bounces, this really really sucks. I just can't stop loving some businesses like OVH they delivered utter ... for extended period, same applies to Microsoft and Outlook, etc, they just can't get it to work properly. Pretty hopeless job you guys. Pretty hard to come up anything positive to say, when you feel like repeating insults from some really bad comedy. - Even if email / SMTP is the "universal integration" with so many systems, it's inherently deeply failed due to constant reliability and deliverability problems. Interesting fact is that the problems we're suffering all the time, aren't actually technical. So in the original sense, there's nothing wrong with the SMTP. But the services filtering, rejecting, delaying, quarantining and blackholing messages are the source of the problem. -> Making email unusable, unreliable and generally a really bad solution after all. - And this repeated a few days / weeks later again.

  4. In one project they're confident it's good idea to create data sets which contain totally hidden rules. I'm sure, this is something which is going to waste incredible amount of energy and work during coming years. Logic is very simple 1 + 2 ( + X) = 5... Yet the + X part isn't visible anywhere, except in the source code obscure way. Anyone taking a quick look and even deeper look will find out the logic to be totally broken. As long as they don't read and understand the source code & strange logic completely. I added comment there, that this is what you're probably looking for, now you've found it. Enjoy, but don't touch! There's a reason why such trap code exists.

  5. Updated several personal projects to use the latest version of the bottle.py library Python Web Framework.

  6. Setting up DMARC was after all a great thing to do. I've found so many "abusers". No I don't mean intentional abuse, but widespread and systemic misconfiguration where our domain is used without authorization.

  7. When I've been saying that I'm using INI-files, some people claim it's not a good solution. Well, to be honest, even INI files are often way too complex to manage for today's administrators. Nowadays sysadmins do not understand highly complex file formats like INI files, and constantly break the files by making non-standard conforming changes. If you use SQL database for JSON / XML / YAML, then it becomes totally impossible for them to configure the systems. All you need is GUI, but it feels like waste of resources for settings which are set once, and probably won't be changed more often than every 5 years or so. But it's still better to use configuration file than hard coding those options.

  8. World is so full of shi7 processes and software. I just made online order from one store, I paid 13 € and the receipt I got, says I paid 20 € (no change of course!). Great work, I think this is a tax fraud. International criminal enterprises. Greets go to Foodora & Subway with totally incompetent and ignorant IT / accounting departments.

  9. Had long discussion with one dude, who claim that Python is so dangerous because pyc files can contain secrets. Well, yeah? Any compiled binary file can contain secrets too. I've been extracting those over and over again, when needed. It seems that many developers think that compiling a program "hides everything in it". Which of course isn't true. Even if you use some kind of logic to combine something, like randomly generated static bytes XORed with some other blob, it's not hidden. It can be recovered from process memory, same applies to all other "encrypted secrets", which kind of makes the encryption part pointless to begin with. You can dump process or whole server, or monitor process memory in real time. Nothing new there. Newbies don't always seem to know that.

  10. Zoom announced it won't end-to-end encrypt (E2EE) traffic for non-paying users. Well, who cares? There's no point to use Zoom in the very first place.

  11. Something not so different? LOVEINT, SEXINT (both @ Wikipedia).

2021-06-27