I absolutely love the email protocols.

IMAP:
x1 LOGIN user@domain password
x2 LIST "" "*"
x3 SELECT Inbox
x4 LOGOUT

Because a state machine is clearly too hard to implement in server software, clients must instead do the state machine thing and therefore it must be in the IMAP protocol.

SMTP:
I should be careful with this one since there's already more than enough spam on the interwebs, and it's a good thing that the "developers" of these email bombers don't know jack shit about the protocol. But suffice it to say that much like on a real letter, you have an envelope and a letter inside. You know these envelopes with a transparent window so you can print the address information on the letter? Or the "regular" envelopes where you write it on the envelope itself?
Yeah not with SMTP. Both your envelope and your letter have them, and they can be different. That's why you can have an email in your inbox that seemingly came from yourself. The mail server only checks for the envelope headers, and as long as everything checks out domain-wise and such, it will be accepted. Then the mail client checks the headers in the letter itself, the data field as far as the mail server is concerned (and it doesn't look at it). Can be something else, can be nothing at all. Emails can even be sent in the future or the past.

Postfix' main.cf:
You have this property "mynetworks" in /etc/postfix/main.cf where you'd imagine you put your own networks in, right? I dunno, to let Postfix discover what your networks are.. like it says on the tin? Haha, nope. This is a property that defines which networks are allowed no authentication at all to the mail server, and that is exactly what makes an open relay an open relay. If any one of the addresses in your networks (such as a gateway, every network has one) is also where your SMTP traffic flows into the mail server from, congrats the whole internet can now send through your mail server without authentication. And all because it was part of "your networks".

Yeah when it comes to naming things, the protocol designers sure have room for improvement... And fuck email.

Oh, bonus one - STARTTLS:
So SMTP has this thing called STARTTLS where you can.. unlike mynetworks, actually starts a TLS connection like it says on the tin. The problem is that almost every mail server uses self-signed certificates so they're basically meaningless. You don't have a chain of trust. Also not everyone supports it *cough* government *cough*, so if you want to send email to those servers, your TLS policy must be opportunistic, not enforced. And as an icing on the cake, if anything is wrong with the TLS connection (such as an MITM attack), the protocol will actively downgrade to plain. I dunno.. isn't that exactly what the MITM attacker wants? Yeah, great design right there. Are the designers of the email protocols fucking retarded?

Two years ago, I developed an security app for Android as a school project. I didn't like teamwork at school (you know, you do all the work and everyone else is getting the same grade you receive, specially if you are the nerd of the class), actually I hated it, so I made it alone.

Its name was "Alex" and was a simple "panic button". You can configure two emergency emails and phone numbers (contacts only, not police) and, if you're in danger, you just have to press the button and the app is gonna send two messages/emails to your contacts: the first one, to tell where are you (GPS, only the name of the place) and that you're in problems. The second one with an audio/photo file of the situation.

Sounds like a great app, and I tested it few times. The reason I didn't continue with this is that I got my first job and I had not time, and that, tree or four months later, the government (of the city) launched a similar app. Less sophisticated, but I think it's still useful: "No estoy sola"(I'm not alone). I haven't tested it cause I don't trust on the authorities, I'd preffer to send my location to a friend through messenger app instead.

I don't know if I should re-work this app (I didn't released it, I just have the beta) or work on something else. I'm afraid that, if I release it, someone could die or get kidnapped because of a bug or something going wrong with the app :c What do you think?

Fucking government shifting day light saving time by two weeks making me rely on my phone time zone auto-update and wake up one fucking hour earlier!

Way to go Monday...

unfortunately, iCloud's "hide my mail" available for as low as $1.19/mo is the best email aliases service. Why? Because those addresses have no discernible pattern, and, most importantly, end with @icloud-dot-com.

a lot of services nowadays think aliases are for scammers, so they reject well-known alias domains like those proton has. but no one rejects icloud ones.

they can't wrap their head around that people like me use aliases, one alias per service, to have control over the spam you send us. unsubscribe buttons in emails often don't work, or unsubscribe you from some super-niche "segment" that one email belonged to, but because you bitches have a lot of those segments, you just carry on spamming.

major dicks that aren't concerned with email deliverability rating, like microsoft — because their emails get delivered no matter what, they're microsoft after all — think they can just not allow people to unsubscribe from their spam. when I needed to create a ms account, thank god I used an alias. I got bombarded with their spam, and lo and behold, not a single email had an unsubscribe button. Instead, the bottom of each email said "this email is a part of mandatory onboarding" or some shit like that, despite just being advertisement. no option to unsubscribe from that bs in their "dashboard" either.

so I just disabled that alias. despite what all of you stupid fucks want, it's my computer, and on it, the computing happens on my terms. when I need a confirmation email, I enable the alias, get the email and then disable it.

I have no mics and no cameras. I pay cash. I don't borrow money from banks. I don't have a credit card. when I receive crypto, I exchange it for cash directly in a physical crypto exchange that doesn't require my passport. I have headphones with built-in mic that I use exclusively for calls, but when I plug them out, no mic for ya. my next phone won't have a sim (and no eSIM either), I will disassemble it and take the front-facing cam, as well as mics, out of the phone, and then cover the back camera with velcro that I'll undo every time I need to take a pic. it will also run graphene os and be held inside a faraday cage when not in use. I have a separate dumb phone for calls that has its removable battery disconnected at all times when I don't use it. no matter if you're corpo or government, no matter all zero-days and backdoors, if there is physically no mic and no cam to be found, trying to access them is futile.

no use trying to profile me or get any kind of info from me unless I want you to — I'll just strangle you and your systems. my info sphere is a fortress surrounded by a bottomless tarpit. you'll drown in it should you try to violate me. if you so much as touch it, it will suck you in. I'll stream your drowning on youtube.

even irl, I try to dress, walk and move as weirdly as possible. during my morning walk, I be straight up walk as if I was rabid. when our eyes meet, I'll smile creepily, just to communicate that don't fucking touch me you fucking degenerate. don't even think about talking to me. just walk away you bitch before I pin you to the ground and bite your ear off. if you're bigger than me, you'll just get tased.

only those I trust deserve open, kind, validating, beautiful, well dressed and good smelling kiki.