I know it wasn't ethical, but I had to do it.

Semester 4 started this week, we all got to vote which day we wanted the lecture to be held on. There were quite a few options. My preference was Monday at 7:30pm.

So I entered the poll, as I have every other semester. But I noticed something, this particular poll didn't require any form of identification. Not even a Student ID.

I dug deeper, found that it used local cookies to store weather you'd voted or not, this is obviously a security problem, so I opened up Python and wrote a simple Selenium program to automate this process.

I called it the "Vote Smasher". First it would open the webpage, then it would choose Monday 7:30pm and vote. Then it would clear it's cookies, refresh and do it over again.

I ran it fifty times.

Can you guess what the revealed vote was for UCD SP4 IT was?

I heard my lecturer mutter:
"The votes aren't usually this slanted..."

I could hardly contain my giggles.
My vote won by about fifty over the others 😂

Let me just say, it was his fault for choosing such a naive poll system in the first place 😉

Alright, I just wanna start off by saying that I'm a huge privacy guy. I hate all kinds of data collection companies like Google/Facebook/Amazon and all that. Yet I'm forced to have a Google account for certain reasons.

But the thing that I want to say is that I often talk to people to express my concerns about privacy. And most people agree and say that "yeah sure that's some scary shit" but don't actually do much about it.

And the thing is. If you just browse through all of the options in your Google account. You can turn off and remove almost all data collection/ad serving and identification options entirely.

And yet purple complain about that Google sees what you buy and shit. Turn everything off. Get and adblocker and get noscript. The single best browser add-on out there. It's almost that easy to get at least acceptable amounts of Internet privacy.

Please, don't ever ignore the significance of in Internet privacy. And the potential issue of net neutrality. Don't be ignorant. Don't be the client.

Contenders for arseholes this week

- Elasticsearch as their implemented product identification and integration in client libraries like Python to exclude OpenSearch made a lot of things very painful. Yay....

- Microsoft decided to integrate kill switches in Exchange. Yeah.... Great stuff.

- Atlassian has another week of dumbness - after they botch release after release, they killed Slack with DNS

- Adoptium still hasn't managed to provide repositories after fucking up it's transition from AdoptOpenJDK

- No, a project with JDK 8 makes no sense anymore, take that shit and burn it. JDK 11 the same, would be great if we had a Repository working for JDK 17 Adoptium....

- unwanking a TLS setup by integrating an intermediary load balancer to deal with several outdated TLS implementation is a kind of thing that's really scary...
(TLS 1.3 in, TLS 1.1 - TLS 1.3 out... Theoretically all solutions have TLS 1.2… most of them non working. Solutions is a wild bunch from different vendors)

- If you buy a fucking new Apple with an Arm Chipset, ram it up so far up your arse it gets dissolved in stomach acid.
It's an arm. There's tons of compatibility problems of course. No you shouldn't listen to what the marketing says. No I cannot shit rainbows and make it work.

- German election. No politics I know, but still.

- New neighbors decided to move in. Friendly person's. Except I wanted to murder them since they choose 22 o clock for moving time.

- I forgot putting the heater on. Ever woken up frozen like fuck and having a hard week... It's a good combo to break any form of motivation.

The company next to me is renovating. Waking up to the feeling of an earth quake because they demolish their old building is another thing that makes me unhappy.

It's Friday. I survived.

That moment when you work the whole day to write a discord bot from scratch. No discord.py and other wrappers. Pure websockets, oauth2, https, json loads here and there. Understanding how the discord API works was a real challenge, but I did it :).
Most of my time was spent on discord's gateway connection and identification system.

The bot can renew its token, get all the guilds it is part of, all the channels and users of these guilds, send message and communicate with the gateway.

Tomorrow I will start connecting it to a voice channel and let it "speak". Thinking of combining text-to-speech with it, but I am not sure how well they are going to harmonize together.

I had a few girlfriends in the past and now am married for 4 years and can't remember any gfs before the married life. Ever had a pre-identity crisis?

My mind: "WHO THE F&*! WAS I? WHAT DID I DO? ITS LIKE TOTAL RECON AND AMNESIA ALTOGETHER!!"

DEI QA: “For step 2 should the checkbox be checked? Or uncheck ?”

… Step 2 of my testing steps reads: “Check it [the checkbox], save it, reload it. The box should still be checked. Repeat to uncheck it, just to be pedantic, then leave it off so we can test the existing behavior.”

🤦🏻‍♀️

DEI QA: “The payment_method_identifier will be in api callback logs if `Return payment method identifier in auth/confirmation callbacks` is checked?”

🤦🏻‍♀️

Me: it does what it says on the tin.

DEI QA: “BTW its a `tin`.”
DEI QA: “In Canada its `Taxpayer Identification Number`”

🤦🏻‍♀️

SO MAD. Hands are shaking after dealing with this awful API for too long. I just sent this to a contact at JP Morgan Chase.

-------------------
Hello [X],
1. I'm having absolutely no luck logging in to this account to check the Order Abstraction service settings. I was able to log in once earlier this morning, but ever since I've received this frustratingly vague "We are currently unable to complete your request" error message (attached). I even switched IP's via a VPN, and was able to get as far as entering the below Identification Code until I got the same message. Has this account been blocked? Password incorrect? What's the issue?

2. I've been researching the Order Abstraction API for hours as well, attempting to defuddle this gem of an API call response:

error=1&message=Authentication+failure....processing+stopped

NOWHERE in the documentation (last updated 14 months ago) is there any reference to this^^ error or any sort of standardized error-handling description whatsoever - unless you count the detailed error codes outlined for the Hosted Payment responses, which this Order Abstraction service completely ignores. Finally, the HTTP response status code from the Abstraction API is "200 OK", signaling that everything is fine and dandy, which is incorrect. The error message indicates there should be a 400-level status code response, such as 401 Unauthorized, 403 Forbidden or at least 400 Bad Request.

Frankly, I am extremely frustrated and tired of working with poorly documented, poorly designed and poorly maintained developer services which fail to follow basic methodology standardized decades ago. Error messages should be clear and descriptive, including HTTP status codes and a parseable response - preferably JSON or XML.
-----

This whole piece of garbage is junk. If you're big enough to own a bank, you're big enough to provide useful error messages to the developers kind enough to attempt to work with you.

Brave Browser.

There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.

Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:

Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”

If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.

But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:

“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”

Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.

In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.

Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.

I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.

There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.

In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.

Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.

A customer specialising in identification and security solutions called today, claiming "they" found malware on their website. Then they provided a weird link to some shady malware scanner, and the "malware" turned to be a <noscript> tag which adds ?noscript to the page url, so we can serve no-JS optimised content. As a bonus, the scanner only detected it on two URLs, even though every single page on the site contains that same line of code.

Joke's on them, have fun paying for priority support outside of the business hours for nothing.

So first rant, here goes weirdness, and also lengthy rant

So in my company we have the hr and accounting managed by the same person which also deals with all things employee related and she had a need for a way to extract a birthday from, what is in our country the personal identification number, things go great i get a formula that performs parts of the magic up to the point where the first digit of the number dictates the gender and century to be used when forming the full year, mind you only the last two digits of the year are in plain within the id number so i thy a number of ideas. After bashing around google sheets for a while ( i've got open office installed and formulas don't export well to the excel that person uses but google sheets does so i built it there).

First idea : make a few conditionals to check for the value so we have 1 and 2 for 19th century, 3 and 4 for 18th century , 5 and 6 for 20th so i go ahead and write my conditions and they fail, all evaluates to false, it cascades through the else variants up to the last one so i'm wondering if the "if" itself doesn't support the or operator, seems it does, next i think it's the bloody condition written wrong so i reevaluate my logic in php in a test script, it works as intended, then i think ok not the right function called, let's see the docs, docs confirm i'm doing it right but what was wrong was the way i was getting that first number, using left seems to produce a string although the base thing is a number, now i start searching how i can cast it, like you would normaly do when the data type is fried, value function appears to be the solution but it isn't working....now i'm thinking "ok so i have a value and different things to print out so let's look for a switch, maybe it can understand that" switch function found under the form of choice, i get it sorted but am stuck wondering why the heck was the if and value combination not working.

Simple answer to that : value doesn't work well with function results, a known bug listed by someone in a comment, a comment i have failed to read for about 45 minutes of trying to understand.

All in all it worked well for the person asking for it so it's nice.

Every time I want to check my balance at my bank, instead of placing my account identifier (in my case, my national identification number, equivalent to the SSN), I end up typing '192.168 ...' until I realize what idiot that I am! LOL. Please, tell me I'm not the only one ><.

Eureka! I have done it! I have written a program that will replace 80% of programmers with an AI!

The approach is to use grammar identification with language heuristics to recognize solution patterns using multilayered neural networks. The code source uses trusted pattern samples that are scored by human programmers. The code is programmed using text duplication and placement from the trusted sources.

TLDR: Uses pattern matching to copy and paste from Stack Overflow.

I am new to c and cpp.
I used to exploit my college's competitive programming platform cus it had a bad architecture and almost no auth checks.
For every ajax request, they weren't sending auth tokens or any form of identification and ran all the programs without any logs and on the main thread and as root.. wtf, right?
But recently they've changed something to the site and I cannot run bash commands using system() call.
Is there any other way to execute bash commands using c and cpp.
I already configured a miner in their server but then they re-deployed it cos someone forked bomb the shit out of it.
I'm a noob in c and cpp btw!

im living in a place where it's restricted to use fingerprint scanner, my semester project was to create an identification software using fingerprints... ahhhh what a disappointment we ended up using facial recognition and it was a hell of a semester

ways to mess with Datacenter staff:

make every server flash blue light for identification, turn on amber light, and display "Printer Error: 1D10T"

Chinese remainder theorem

So the idea is that a partial or zero knowledge proof is used for not just encryption but also for a sort of distributed ledger or proof-of-membership, in addition to being used to add new members where additional layers of distributive proofs are at it, so that rollbacks can be performed on a network to remove members or revoke content.

Data is NOT automatically distributed throughout a network, rather sharing is the equivalent of replicating and syncing data to your instance.
Therefore if you don't like something on a network or think it's a liability (hate speech for the left, violent content for the right for example), the degree to which it is not shared is the degree to which it is censored.

By automatically not showing images posted by people you're subscribed to or following, infiltrators or state level actors who post things like calls to terrorism or csam to open platforms in order to justify shutting down platforms they don't control, are cut off at the knees. Their may also be a case for tools built on AI that automatically determine if something like a thumbnail should be censored or give the user an NSFW warning before clicking a link that may appear innocuous but is actually malicious.

Server nodes may be virtual in that they are merely a graph of people connected in a group by each person in the group having a piece of a shared key.
Because Chinese remainder theorem only requires a subset of all the info in the original key it also Acts as a voting mechanism to decide whether a piece of content is allowed to be synced to an entire group or remain permanently.

Data that hasn't been verified yet may go into a case for a given cluster of users who are mutually subscribed or following in a small world graph, but at the same time it doesn't get shared out of that subgraph in may expire if enough users don't hit a like button or a retain button or a share or "verify" button.

The algorithm here then is no algorithm at all but merely the natural association process between people and their likes and dislikes directly affecting the outcome of what they see via that process of association to begin with.

We can even go so far as to dog food content that's already been synced to a graph into evolutions of the existing key such that the retention of new generations of key, dependent on the previous key, also act as a store of the data that's been synced to the members of the node.

Therefore remember that continually post content that doesn't get verified slowly falls out of the node such that eventually their content becomes merely temporary in the cases or index of the node members, driving index and node subgraph membership in an organic and natural process based purely on affiliation and identification.

Here I've sort of butchered the idea of the Chinese remainder theorem in shoehorned it into the idea of zero knowledge proofs but you can see where I'm going with this if you squint at the idea mentally and look at it at just the right angle.

The big idea was to remove the influence of centralized algorithms to begin with, and implement mechanisms such that third-party organizations that exist to discredit or shut down small platforms are hindered by the design of the platform itself.

I think if you look over the ideas here you'll see that's what the general design thrust achieves or could achieve if implemented into a platform.

The addition of indexes in a node or "server" or "room" (being a set of users mutually subscribed to a particular tag or topic or each other), where the index is an index of text audio videos and other media including user posts that are available on the given node, in the index being titled but blind links (no pictures/media, or media verified as safe through an automatic tool) would also be useful.

Started freelancing via agency as android dev for this client. The product is a kyc mobile sdk with a flow of around 20 steps for identification. My job is to maintain the sdk/fix bugs/add features and so on.

Communication seems to be so fucking terrible.

For example the product owner is not technical and sucks at defining issues.
QA sucks at testing and providing feedback. Backend sucks at documentation and seems to live in a parallel universe, swagger docs are outdated. Previous android dev whom I replaced gave me 2 hours of his time during his last month in the company, answered some questions and then left today (which was release day) with around 6 bugs hanging. Now because we are behind schedule the PO is grilling my ass so I would provide hourly estimates, while I dont even know the codebase yet since I spent maybe 30 hours on it in the last month.

What a clusterfuck. I feel like Im in a kindergaden where people are either lazy or incompetent. It seems that sweet gig of 40 hours a month will become much more hours or my output will be low :)

Not really a programming rant, but still very annoying. It is almost 2017 and so I will need to get my health insurance sort out. You would think that it isn't that big of a deal, but almost everything can only be done by calling the insurance company. Even when you can log in with digID (a dutch digital identification system), you still can't change the insurance on the internet.
Come on guys we live in 2016! Something simple like insurances should you be able to fix online!

Top Benefits of Using Data Loss Prevention in Microsoft 365

Data Loss Prevention (DLP) in Microsoft 365 offers numerous benefits to organizations aiming to protect sensitive information and ensure compliance. One of the top advantages is enhanced data protection, where DLP policies help identify, monitor, and restrict the sharing of sensitive information like credit card details or personal identification numbers across Microsoft 365 apps (Outlook, SharePoint, OneDrive, and Teams). This proactive security measure prevents unauthorized access or accidental sharing of confidential data.

Another key benefit is regulatory compliance. DLP helps organizations comply with data protection regulations such as GDPR, HIPAA, and CCPA by enforcing policies that limit data exposure and unauthorized sharing, reducing the risk of costly fines.

Microsoft 365 DLP also offers visibility and control. IT administrators can monitor user actions and identify potential risks in real time, making it easier to enforce security measures. Additionally, user education is integrated through policy tips, which educate users about data protection during daily tasks.

Finally, DLP offers seamless integration across all Microsoft 365 platforms, making it easy to manage and enforce consistent security policies across emails, documents, and collaborative tools, ensuring comprehensive protection for the entire organization.

You gotta love the actual useful stuff from XKCD.
Sometimes they apply extreme seriousness to some really unimportant stuff, like the tik-tak-toe cheat sheet.
At other opportunities, they hide some jokes completely serious looking stuff, like in 1688 the map identification chart.

Any suggestions for tutorials / tips on doing facial identification? I want to identify a face with a label. Most of the shit I can find is face detection which is not what I’m looking for