So I was at work and send to another location (distribution centers) and in the lunch break my guider for that day and I started a conversation about servers etc (he appeared to do loads of stuff with that). He recommended me all those programs but I didn't recognize anything so I asked him what kinda servers he ran. He runs a lot of Windows servers. No problem for me but I told him that I am into Linux servers myself.

Guy: "Linux guy, eh? That system is considered to be so secure but in reality it's insecure as fuck!".

Me: (If he would come up with real/good arguments I am not going to argue against that by the way!) Uhm howso/why would you think that?
Guy: "Well all those script kiddies being able to execute code on your system doesn't seem that secure.".

*me thinking: okay hold on, let's ask for an explanation as that doesn't make any fucking sense 😐*

Me: "Uhm how do you mean, could you elaborate on that?"

Guy: "Well since it's open source it allows anyone to run any shit on your system that they'd like. That's why windows rocks, it doesn't let outsiders execute bad code on it.".

Seriously I am wondering where the hell he heard that. My face at that moment (internally, I didn't want to start a heated discussion): 😐 😲.

Yeah that was one weird conversation and look on open source operating systems...

When you ask the IT-Department of a company collab with Microsoft, why you aren't allowed to use Firefox instead of IE.

The answer is: "It's insecure because it's open source"

YOU FUCKING KIDDING ME INSECURE ??? IT IS MORE SECURE AS IE!!! INSECURE BECAUSE OPEN SOURCE? THAN LET'S USE CHROME OR OPERA INSTEAD BUT NOT IE

!rant && rant

I've been doing random HTML/CSS/JS crap since I was 11 (I'm 20 now). And worked with NodeJS/Swift/Java/Typescript for the past 4 years. For some reason, I've always been interested in public transit and the combination between public transit and Development seemed magical to me. I've tried making Departure time apps and trip planners for a few years now. And for that you need open data, for which we have a national data source and a Google Group for support with that.

I quit my study two years ago after a year doing nothing and I was on the edge of getting into depression because I didn't do anything useful for two years. Didn't see myself do anything useful in the next few years apart from some random dev crap (still public transit related).

About half a year ago I ranted on that Google Group about shit being not efficient (weird standards, weird documentation but mostly lack thereof).

For some reason a business saw that rant and sent me an email about two months ago and told me they 'potentially' had 'some' work for me. So I had some really informal conversations with that business but I still was very insecure about myself (had some shitty experience with tons of unfinished projects) and I was worried that they had higher expectations for me than what I could give them.

A week later I received an e-mail with a proposal for an actual, full-time job as a back-end developer and obviously took the opportunity.

I started a month ago with a month-long probation period and after three weeks told me I had passed the probation period.

I'm a super happy boy right now. I got a job, being super insecure, without any certifications, without finishing school (Everyone in the Netherlands tells you you NEED a diploma to get a job), more than double minimum wage (minimum wage is quite high in the Netherlands), and most important, at a business that does a lot of public transit stuff.

Apparently ranting about stuff, not finishing your school and being depressed gives you a well-paid job. :)

Hmm...recently I've seen an increase in the idea of raising security awareness at a user level...but really now , it gets me thinking , why not raise security awareness at a coding level ? Just having one guy do encryption and encoding most certainly isn't enough for an app to be considered secure . In this day an age where most apps are web based and even open source some of them , I think that first of all it should be our duty to protect the customer/consumer rather than make him protect himself . Most of everyone knows how to get user input from the UI but how many out here actually think that the normal dummy user might actually type unintentional malicious code which would break the app or give him access to something he shouldn't be allowed into ? I've seen very few developers/software architects/engineers actually take the blame for insecure code . I've seen people build apps starting on an unacceptable idea security wise and then in the end thinking of patching in filters , encryptions , encodings , tokens and days before release realise that their app is half broken because they didn't start the whole project in a more secure way for the user .

Just my two cents...we as devs should be more aware of coding in a way that makes apps more secure from and for the user rather than saying that we had some epic mythical hackers pull all the user tables that also contained unhashed unencrypted passwords by using magix . It certainly isn't magic , it's just our bad coding that lets outside code interact with our own code .

While trying to fall asleep, I came to the conclusion that a solution to privacy would be an encrypted p2p messenger. You'd need a dns-like system that can tell the peers how to contact their communication partners. Then I searched for one, and there was a good looking one, but it wasn't open source. looks secure otherwise, but perfection looks different.

Can anyone recommend something similar to kripter/tell me why it would be secure/insecure to use their service instead of, say, signal? Not that I truly NEED this, but I at least want to try it :)