- 2022
- Dec
- 29
It’s not a job requisition, it’s just spam.
It’s been a while since I’ve made a post. The year end is always a busy time, both with people dragging colds into work and giving them to everyone to several holidays taking up time for preparation and celebration.
I wanted to step slightly aside and make a post about an experience I’m having with a contract recruiter:
There’s a local outpost of a larger global entity that has had a position open since about April of 2022 (It’s now the end of December, 2022.) This is a very senior level position, the person will be a single point of contact for a product line within the United States. Product manager, technician, repair, service, and support. Everything from A-Z. Granted, it’s not a very active product line, but it’s still a fairly comprehensive position where your name is on the paperwork as having said it works.
The reason it’s still open is the company (understandably) wants a laundry list of skills because of the nature of the position - but they aren’t paying enough to match that needed skill list. The pay rate has risen slightly since the position opened, about $2/hour, but it’s still probably 2/3 of what it really needs to be. I’ve sent a couple people their way, one declined the interview saying it wasn’t enough for the requirements posted, the other took the interview and said “It’s too much grief for not enough pay,” and ended up taking a non-managerial PMEL position that will net him about 25% more than this position pays.
Personally, I took a look at it in April when a recruiter I’d dealt with before asked if I was interested in it. I did some investigation, but immediately rejected it due to the pay rate. It was slightly higher than what I was making at the time (about 3%) but starting over as a contractor for not much more money didn’t appeal to me at the time, and still doesn’t. I turned it down in April.
It needs to be pointed out that they were trying to hire in April because the person in the job was either retiring or moving to a new division - I was never really clear on that. I just knew that they had limited run-time with the person currently in the job, and they wanted to get someone in there while this person was still available to train the incoming person. That didn’t happen, the person moved on, and there’s no one really there to be the “product guy.”
So that’s all well and good, right?
Sometime in May, the Indians started calling (or in this case, e-mailing, because I don’t publish a phone number and do not plan on doing so.) A half-dozen recruiting houses have called, all with the same job description and the same pay rate. They don’t take no for an answer, instead replying “How much do you need?” only to tell you that they are only authorized to offer the original rate in the posting. I would get perhaps 5-6 contacts per company before they moved on.
One in particular, however, has simply not let up. A company called Viva-IT (www.viva-it.com) is a company that claims to be based in a suite in Illinois, but is actually just a front for one of the many Indian recruiting houses. They’re calling you from Chennai, not Illinois, as evidenced by their business profile. Since the beginning of December, they’ve contact me at least 21 times, as evidenced by the “I’m not interested, remove me from your mailing list” replies I sent. I’m pretty sure there are more, but I archived my mail fairly regularly and don’t have messages before December.
21 times since December 1. Some days, it’s the same person sending me multiple contacts a day. What part of no don’t you understand? This doesn’t count the other companies that emailed me about this same job.
The last contact was really good. Backstory: I use a different reply-from address for contacts, as I have individual aliases set up for each job board. If I get an email from “myname-monster@mydomain.com” I know you found my resume on monster.com - telling me you found it on Indeed will result in an immediate discard. This recruiter both indicated that they’d called me and left a voicemail (to what number? None are published.) and used the generic reply address, indicating that he had found this address on a profile “on the job boards” and was emailing me about the requisition. This was someone that had contacted me multiple times in the past, and I’m not sorry to say I called him out on this behavior, calling him a liar and an idiot. I didn’t receive a reply of course, and none was expected. Amusingly enough, yet another Indian contract house has started emailing me about this job.
That was really the last straw. I found the hiring company’s contact email and sent them a message asking if they can do something about this particular recruiter and their constant badgering.
I received a reply - a generic reply from someone indicating that if I was interested in a career with the company to check some web page.
My reply was to indicate that this wasn’t about a career, it was about one of their recruiters being a complete ass, and how it reflects badly on them. This garnered a real response from someone, who cc’d me on a request to the company’s HR group, asking if they could investigate this.
HR simply closed it the next day as spam. My only reply was to indicate that I was disappointed that they are apparently ok with recruiters representing them in this manner. No reply here, and none is expected. A person on the inside indicated that they were not surprised either, and gave me some personal anecdotes about their own experiences with the company’s HR people.
I suppose there’s not really a point here - it’s more of a rant. But I have to wonder, does this recruiter even have a contract to represent the hiring company? (Probably not, if experience is any teacher.) Are they really ok with places like this representing them? And even if I did apply, would I even get my resume in front of the hiring manager (again, probably not from word on the inside.)
Recruiters like this are what give the industry as a whole a bad name. Quite possibly one of the many small reasons as to why companies can’t find people to fill these jobs - we’re burnt out from getting dozens of contacts from junk companies that we miss the one that may be real, or don’t care anymore.
It’s not a job requisition at this point - it’s just spam.
- 2022
- Nov
- 17
Fort Wayne Hamfest this weekend.
The 50th annual Fort Wayne Hamfest is happening this weekend. This is an excellent show, and is indoors - no parking lot to get rained (snowed?) out. See you there!
Where:
Fort Wayne Hamfest
Allen County War Memorial Coliseum
4000 Parnell Ave
Fort Wayne, IN 46805
When:
November 19 and 20, 2022
9AM-4PM
***
Unfortunately, one of my co-workers generously gave me a cold, which was amplified by working in a dirty, mold-filled building. I’m sorry I didn’t get to attend this one, but it’s on my list for next year.
- 2022
- Nov
- 2
The comments are locked.
I had left the comments open just in case, but spammers found it - as spammers do. Comments on this blog are now locked. If do you need to contact me for some reason, I suggest you head back to the homepage and investigate some of the other links. There is an address you can use. I will check this email address as time allows, do not expect a fast reply.
Use the LinkedIn link, or the Mastodon link if you’d like to contact me - I know that’s inconvenient for some, but with email and comment sections being nothing more than spammer playgrounds, it’s the best way.
The comment link at the bottom of each entry will no longer open the comment dialog if clicked. It will either open the entry on it’s own page, or will take you to the top of an open entry page.
- 2022
- Oct
- 17
Deleting bad files in Windows
Windows can be quite the turd at times. For example, while it enforces a 255 character limit on a file (both path and name,) it will still happily allow programs like Chrome to save filenames that can be overly long, or even full of invalid characters. You’re left with a file that you can’t delete - or even rename - because it’s invalid to Windows.
The easiest way around this, assuming you have admin access to the computer in question, is to install 7zip.
7zip is a cross-platform archiver that supports it’s own native format, supports archive/unarchive of a number of other formats, and can unarchive just about anything under the sun. (Sorry CP/M’ers, I think SQ is too old for even this program to handle!)
Download 7zip from it’s homepage, 7-zip.org
Once you install 7zip, open the file manager interface that comes with the program and navigate to your bad file. You can delete it right from the interface, as it ignores standard windows conventions and does what it’s instructed - which is what it should do!
I use 7zip for pretty much all archiving purposes, even letting it overwrite the native zipper in Windows. It’s just that useful.
- 2022
- Oct
- 11
StatusNet: Sending email instead of SMS with a new post?
What are you talking about?
If you’ve been around for a while, you’ll remember the birth of Twitter and the open-source clones that came out shortly after. While those clones are still useful, the Internet has become weaponized and services that worked because we had more trust now no longer work as intended.
This article is about StatusNet and it’s ability to send a SMS whenever someone posts a status to a timeline you follow. It uses the email gateway provided by most carriers to deliver a message to you - that is, it simply sends an email to “yourphonenumber@yourphonecompany.com.” In theory, anyway. These gateways now have a very suspicious eye when receiving messages containing links or other words that hurt the carrier’s feelings. They’re all but useless these days, and part of that is due to the ease at which spam can be delivered to your phone.
StatusNet in itself still does the same thing it did back when the last releases were made. We’re still using it for this reason, and because it’s visually more appealing than the lotsawhitespace Gnu Social that followed. It’s probably not something that you should expose to the outside world unless it’s on a low value server, however, as it is over 10 years old.
Yeah, so?
As mentioned, StatusNet can send an SMS any time your timeline is poked. However, this is just an email. Why not modify that so instead of sending an SMS instantly after a status is posted, it sends you an email instead?
That’s perfectly doable, and it’s all but transparent to the StatusNet instance.
This involves poking around in and editing your StatusNet database. In particular, we’re interested in the sms_carrier table. I’m using phpmyadmin because it’s easy to make these changes, but you’re free to use what tool you like. I assume you installed the instance yourself - if not, this may not make sense to you. I’m not going to talk about how and where databases and other files are in this post - if you’re not sure where those are then this isn’t going to be of any use to you.
Open your database by selecting whatever you called it, then navigate to the sms_carrier table. We’re going to make two changes for each of the entries we want to add to our instance. Pick the row you want to edit, and click “Edit.” You’ll be on the screen with all of the things you can change about this entry. (You can also do inline edit, but I like to bring up the full edit screen.)
There are two ways you can do this. Either put a complete email address in as an entry, or use the built-in variable and patterns to allow multiple users with the same domain to enter addresses.
If you want to simply add a complete email address:
The first thing we want to do is give it a useful name: In the “name” field, under the “Value” column (last one) delete what’s there and type something that is meaningful to you. Next, in “email_pattern,” delete what’s in the “Value” column and type your complete email address. Do not modify any other value or function. When you’re happy with the changes, hit “Go” to save it. The StatusNet code will happily ignore the “number” you gave it and send to the email address provided. If something was messed up, hit the “Reset” button.
If you’re running a multi-user instance, I don’t suggest doing this. Any person using the instance can select your email. They can’t verify it because they don’t have access to it, but they can still select it and try to attach it to their account. A better method is to use the patterns provided by the original programming.
If you want to use the patterns:
You still want to give it a useful name, and for this example we’ll use “gmail.” Delete what’s in the “name” field under the “Value” column and type “gmail.” In the “email_pattern” field, we need to make sure we give it the proper information. You’ll see something like “%s@phonecompany.com” - replace the “phonecompany.com” with “gmail.com” - you should have “%s@gmail.com.” This will allow StatusNet to fill in the “number” you give it later. Hit “Go” and save your changes, or “Reset” to clear and start over.
With both of these methods, make sure all of your changes are fully saved, and exit the tool you are using. Now we’ll go to the StatusNet instance in question and log in.
How do I get that email?
When you are logged in, click Connect at the top. You’ll get a screen showing your connected applications, of which you probably don’t have any. There will be two options to the side, SMS and Connections. Click SMS.
You have two options here, depending on how you set up your database changes:
You added a complete address.
pick the name you gave the address in the “Mobile Carrier” dropdown menu, type anything you want in the “SMS phone number” box (it doesn’t care because we deleted that variable) and hit “Add.” It will process for a bit, then you’ll end up at the screen asking for your confirmation code.
You added a domain only.
In this case, chose the domain you want in the “Mobile Carrier” dropdown menu and type the username portion of your address in the “SMS phone number” box. For example, if your address is “mygmailaddress@gmail.com,” pick “gmail” (assuming you called it that,) and type “mygmailaddress” in the phone number box. Hit add, and you’ll end up at the screen asking for your confirmation code.
If you did everything correctly, you’ll have an email waiting for you with a confirmation code in it. Paste that in the box, hit “Confirm,” and you’re done. Now you can go back to Connect > SMS and select the “Send me notices” checkbox under “SMS Preferences” to receive a notification every time someone posts to you or on your timeline.
If you don’t receive an email, check that your spam filter hasn’t trapped it due to the name or sender. It’s kind of unusual to get an email for an SMS confirmation, so mail systems may say “No.”
Both of these steps assume you have an email sender set up on your machine, it’s configured properly, the relay or service you’re using is configured properly, and your receiving email isn’t overly aggressive about looking for spam. If not, this isn’t going to work (obviously!)
It works?
So now, whenever someone posts a message that is on a timeline you’re following, you should get an email notification.
It works! There’s still a chance that your email provider can trap the message as spam, especially if there are links that look spammy. Whitelist the email these are being sent from, and you shouldn’t have any problems.
StatusNet itself is getting pretty old, and there aren’t many instances left out there. If you’re like me, and have a couple of internal systems under your control, this can restore some of the functionality lost over the past 10 years.
This is part 1 of a 2 part series about bringing StatusNet a little bit into the modern era. The next and final article will be about removing some of the identifying information to provide a little less of an attack surface should someone happen to run across your instance.
Now tell the little blue bird to get lost. We have some statuses to post!
- 2022
- Oct
- 9
The SwitchBOARd, a general purpose I/O device using the ESP-03.
When I was spinning up a number of ESP-01 devices, and before I found out how much RF noise they put out, I started exploring some of the other devices that were available in the ESP family. Specifically, the ESP-02 (A SMT version of the ESP-01, hard to get) and the ESP-03.
This board was designed to be a general purpose I/O board where you could read or write three individual bits and monitor those bits for control or notification purposes. Specifically, this was designed as a door open/closed device for garages. The ESP-03 was chosen because it was small, had a built-in ceramic antenna, and had the required number of I/O pins. It also looks kind of cool.
The board featured an onboard programming port and switch, a regulated power supply with a temperature monitor for the regulator, and indicators for all of the I/O. If desired, a passthru for the power supply could be placed, as to provide power for another board of this series without needing a regulator and extra supply.
Ultimately, I never could get the ESP-03 to take a program properly, and had just started to investigate why when I found out how bad these devices were at 320MHz. This board is one of two prototypes I built, the other having been sacrificed to the prototype gods during troubleshooting. Some other WiFi devices have shown up on the market, so this board may live again someday.
The boar outline found it’s way on to other projects, including this blog - and this is where the main page gets it’s name: Red Boar Design.
- 2022
- Oct
- 5
Re-opened my github account.
Some time ago, I had a github account with a few projects on it. That was closed due to various reasons, but I’ve decided to open it again and replace some of the material that was there originally.
The repository is here, if you’d like to check it out.
- 2022
- Oct
- 4
The Fort Wayne (Indiana) Hamfest
The last one in the area that I usually attend, the Ft. Wayne show is indoors and doesn’t get rained out. It’s usually a good portion of the day show, and I’ve never regretted the drive.
http://www.acarts.com/hfmain.htm
The 50th Annual Fort Wayne Hamfest
November 19th and 20th, 2022
9A-4P Saturday, 9A-2P Sunday
Admission $8, Parking $8
Allen County War Memorial Coliseum
4000 Parnell Ave
Fort Wayne, IN 46805.
This one can’t get rained out! See you there.
- 2022
- Sep
- 25
Didn’t make it to the Findlay radio show…
The day wasn’t looking promising. While it didn’t rain up there, the overall mood of the show was somewhat depressed as the threat of weather kept people away. I was told by a person that did attend that the show was still decent. So perhaps next year.
I did manage to make it to an antique engine show the day before, and will post those pictures soon. The next, and probably last radio show that I’ll try and attend this year is in Fort Wayne. Stay tuned for that information!
- 2022
- Sep
- 22
Allow access to a webpage only if inside the LAN?
Recently, I found that I’d like to set up some kind of internal dashboard for systems running inside the LAN. I wanted it to have easy access, and not require you to remember a new address or have to use a special port - it should just automatically resolve with the main website address while inside the LAN and deny you access outside the LAN. Sounds easy, and it is - sort of.
I’m using the Apache webserver, and it has the ability to deny service to you based on the calling IP address. It’s as simple as telling the server what directory you’d like to use, and requiring an IP. I came up with this:
<Virtualhost *:443> (the external website materials) Alias /inside "/var/www/inside" <Directory /var/www/inside ErrorDocument 403 /var/www/errordocs/denied.html Require ip 192.168.1 </Directory> ... </Virtualhost>
Note that you only need to provide the portion of the IP address that you wish to match exactly. In my case, providing 192.168.1 indicates that I’d like to match the entire /24 subnet. (192.168.1.1 - 192.168.1.254)
That worked - sort of. I was able to hit the website from inside the LAN with no issue. Outside the LAN, it denied me access but threw this error:
Forbidden
You don’t have permission to access this resource.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
That’s not what I wanted.The error document was (in the interests of obfusticating the issue) the same as the 404 page (with a slight modification that hopefully wouldn’t be noticed unless you looked for it) to hide the issue from outside parties that may be hitting the website looking for entry points. I know that’s bad practice, but this is a limited access site whose users know what to look for. The error message I received tells the world what the problem is, and even though I turn identification of the server off, probably tells you what I’m running. That won’t work.
The problem here is the Require ip 192.168.1 acts like a “Deny All” when the condition is not met - it even denies the error document regardless of it’s location. I wasn’t really sure how to get over this issue, but doing research revealed that .htaccess files are parsed as soon as the directory is hit, regardless of what else is set in the main configuration file. This isn’t necessarily bad practice, but it’s not best practices. You should strive to keep everything in the main config.
So what is an .htaccess file? Simply put, it’s requirements for the local directory. If you have a directory on your webserver that has a particular access requirement that the rest of the server doesn’t need, you put it here. My case, I was simply going to use it for error documents.
What’s the first thing you do? Find a guide. Someone already answered this question: https://stackoverflo … -use-an-errordocumen. So, following this guide, I did this:
Create .htaccess files in both my webserver root directory and the errordocs directory. In the root directory file goes the error handlers for the webserver:
ErrorDocument 404 /errordocs/nopage.html ErrorDocument 403 /errordocs/denied.html
Nothing else. In the errordocs file goes a simple directive:
allow from all
This does exactly what it says, and allows from all without restriction. This can be dangerous, so don’t put anything in this directory that you don’t want the world to see!
Some permissions need to be set now:
/var/www/errordocs => 755 /var/www/errordocs/.htaccess => 640 /var/www/errordocs/nopage.html => 644 /var/www/errordocs/denied.html => 644
These permissions are pretty loose, so again: be careful. Put only the things necessary for the error handlers into these directories and files. One last step is to tell the server that you want to use these .htaccess files, otherwise it ignores them. This is part of the rewrite module https://httpd.apache … mod/mod_rewrite.html built in to Apache, so enable that and restart the server.
sudo a2enmod rewrite sudo systemctl restart apache2
With the server restarted, you should be able to hit your webpage in /var/www/inside with a local IP address, and get an error message when you’re outside the LAN. Alternately, you could redirect, but that’s an entirely different game since you’ve already denied access.
I suspect this is probably obvious to those reading this, but I’ll point it out anyway. This only works if you’re serving pages from inside your own personal LAN. It’s not going to work if you’re using a remote hosting service or if the server is somewhere that can’t see your local IP. Of course, you can always set a particular address as a requirement, but in this case it’s best to make sure you’re not going to get locked out of your own services by a dynamic address change…