gagah.me

  • Life Update.

    It has been a while since I posted here. But in the spirit of wanting to write more and improve, I think I’ll post more, starting with this one. I used to write a lot, both online and offline, but at some point, I stopped. So here we go.

    Looking Back

    I joined HostPapa in 2017. It was a great opportunity, and I really enjoyed my time there. I met a lot of great people and learned not only about the hosting industry and how to deliver a great customer experience but also about myself. How I work as part of a team rather than for myself. What I like. What I don’t like. And my tendencies.

    One thing I learned is that I tend to say yes to everything. I overextend myself. As a result, I progressed quickly. I became a team leader within two years and joined the support operations team a year later.

    But the side effect of this? I took my job way too seriously. I was too hard on myself, constantly analyzing my performance, whether I was doing well or falling short. My days started to feel like a swing between good and bad, entirely dictated by my own perception. Life outside of work felt like a distraction.

    At that point, there wasn’t even a work-life juggle anymore. I was just throwing the same two balls labeled work against a wall. I answered emails on weekends. I stopped going out. It was bad.

    Then came COVID. The chaos of the pandemic, combined with growing burnout, made me realize that my work obsession was actually affecting my work itself. And when a family member got sick, it put everything into perspective. Maybe it was time to take a break.

    So I resigned. That was 2020.

    Finding My Way Back

    It took a few years of reflection to realize I missed being part of a team. I missed striving for something bigger than myself. But if I was going to return to work, I wanted to do it on my terms. One thing I knew for sure was that I didn’t want to commute. That was one of the best things about HostPapa. It was fully remote.

    In mid-2024, my sister got married, and something clicked. Maybe it was seeing her start a new chapter, but I suddenly felt ready to start mine. I was planning to get married this year, and if I could also secure a bit of job stability (though, at this point, maybe job security is an illusion), that would be nice.

    So I started looking. In September, I decided to apply to the one place I had always wanted to be. Automattic, the company behind the very platform this post is being written on.

    The application process was long, with several stages including an application, an interview, and a paid trial, but somehow, I made it through.

    In November 2024, I officially joined Automattic as a Happiness Engineer.

    A New Beginning

    One of the first things I noticed after joining was that a few people from HostPapa were already here. In fact, one of them had even been on my team. That made me happy. I had missed these people.

    Since November, adapting to a new job has been busy and, at times, chaotic. New processes, new expectations, a new team. But this time, I want to do things differently. Hopefully, I’ve learned from my time at HostPapa.

    No burning out this time.

    More than anything, I want to contribute to something bigger than myself without losing myself in the process.

    Let’s see how it goes.

  • ICANN’s Public Whois vs The EU

    ICANN will have a month to stop exposing private registrant data in their public whois, thanks to GDPR.

    The Register:

    The Whois public database of domain name registration details is dead.

    In a letter [PDF] sent this week to DNS overseer ICANN, Europe’s data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force.

    It’s one of those “big if true” moment but i guess the fact that approximately 700 million people live in EU, should make ICANN pretty much have to follow this or, i don’t know, retroactively drop EU citizens access to their .com domain names, like what EU plans to do to UK citizens after Brexit?

    Yeah, don’t think so. If this comes to fruition and ICANN really fully shutdown the current whois service and turns it into an opt-in, consent-based system, it’s a pretty fundamental change that will require a huge amount of work from all the sides involved, and a month deadline is rather tight. With how the current model of ICANN verification works, the weather forecast is cloudy with a side of PANIC felt by end users who suddenly see their domain suspended after not properly responding to the consent request.

    I wouldn’t say that it’s not a welcome change though. Seeing how increasingly bad the abuse that a domain owner can receive after having their private data exposed through whois, this would add some level of hassle to the automation in spammers data collecting process, as well as killing the privacy as a service model of domain privacy, which in my opinion should be a shady remnants of the past.

    Still, probably a good idea to read the opinions of people who are against this, such as this write up by Brian Krebs.

  • Cloudflare DNS

    From Cloudflare blog:

    Cloudflare’s mission is to help build a better Internet. We’re excited today to take another step toward that mission with the launch of 1.1.1.1 — the Internet’s fastest, privacy-first consumer DNS service

    Nice to see another alternative for reputable public DNS resolvers other than OpenDNS (owned by Cisco) and Google, both of which have been known to track you, which Cloudflare promised not to do.

    I myself am a proponent of running your own DNS resolver, one that supports DNScrypt if possible, but this is definitely still a welcome news.

  • Email Application Hell

    Working in a hosting industry as a customer service rep, you’ll find that 8 out of 10 issues reported has to do with emails.

    Take a look at a person with zero computing experience, and ask yourself, if they want a website, where they should go to.

    You might think a drag and drop site builder is a good idea. Something where they can just add or remove website components like Lego, where even if things can go wrong, dealing with the aftermath is as easy as re-adding the block.

    But look at the typical guide of setting up IMAP/POP3/SMTP client, and there are simply too many pitfalls where the drop is quite deep.

    On the face of it, it’s easy enough. You just need to know the incoming/outgoing mail server, their ports, your username and password. In theory, this looks really easy, especially to someone with years of computer experience.

    But no. Your client want to set up an email on iPhone, and your server requires outgoing mail authentication? Don’t worry, Apple made sure you’ll always have a job as Tech Support by putting ‘(optional)’ on both fields for outgoing mail server.

    The server uses full email address as the username? Wait, is it username or email address then? Email applications don’t use similar term, so get ready for the users entering just the username part of the email address, making sure that their IP keeps getting blocked on the server for wrong login details.

    What the hell is “Secure Password Authentication”, and should the client have it enabled? Don’t worry, your opinion and your server capability to support it is not relevant, client will enable it anyway, because it’s “secure”, right?

    The password is wrong/mistyped/not even filled, and your server is set up to block an IP after a certain amount of login attempt failed. Client is screaming and trying to ask them to retype the password is hard, as they’re sure they got it right. At this point, you ask them to just reset the password.

    Congratulations, you have created an even bigger problem. You managed to get the client to update one email application password on one device, but not the other 3, which is sharing the IP and will now forever create an IP block loop unless you whitelist their IP or get them to somehow go through each and update every single device.

    These are just small details that made up most of the errors when dealing with email application setup.

    Even with Webmail, For cPanel Mail specifically, i lost count of the amount of client that’s confused about their default webmail setup.

    Doesn’t believe me? Here’s what happened when you login to your cPanel webmail for the first time:

    What is this grey screen and what should i do?

    Okay, i clicked the got it button. Now what should i do? Which of these three foreign name and logo should i choose, and what made them difference? Can’t you just pick for me?

    (At this stage, lots of clients actually just scroll down, possibly due to decision fatigue, and just assume that they must do something, other than actually clicking the icon, or “set as default”, “whatever that means”)

    Okay i clicked Horde/Roundcube/Squirrel mail. Why is this so hard?

    As a bonus, let’s say you forgot your password for cPanel based webmail, and you wanted to reset your password. Well what do you know, there is a reset password link in the login form:

    What the user doesn’t know is that reset password will never actually reset his email password as it will reset a completely different password entirely.

    Of course, i’m exaggerating. It really isn’t that bad, just require a bit of patience.

    But looking at the state of everything that has to do with email reminded me quite a bit that this is truly the dinosaur of the internet. The UI might have been handcrafted by a 23 year old hipster from Portland who exclusively eats Soylent, but the back end and its ecosystem still feels very 1993.

  • PureVPN Helping The FBI

    Interesting. From The Register:

    And that’s where the surprise came in – at least for those that believed a VPN is a complete protection: “Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses” (those IP addresses were at Lin’s work and home addresses).

  • Techcrunch Being Techcrunch

    Techcrunch writer Josh Constine, on the post about the shutdown of AIM:

    So, farewell to AIM and my embarrassing screen name KDog313. Being a teenager will always sound like one of your incoming messages.

    Techcrunch writer Taylor Hatmaker, 10 hours later (awesome name btw):

    Sharing old credentials online is a bad idea. From a security perspective, old AOL logins are a potential goldmine of personal details for anyone trying to hack your accounts.

  • Cloudflare Came to The Rescue

    DSLReports:

    Cloudfare has begun banning websites that coverly embed cryptocurrency miners into their website code to boost website revenues.

    After the dailystormer brouhaha, i guess we’re starting to see cloudflare becoming the police of the internet. Makes sense, since their product use cases really does cater to shady website (and legit ones too of course, but shadier ones needs cloudflare the most). Anyway, good move by cloudflare. I just worry that with the scale of their operation, they might become too powerful too not become evil in the not too distant future. Facebook and Google’s history came to mind.