Internship number two.

*walks downstairs to get a coffee*
*CTO (my guider) walks in*
CTO: (dead serious face) "linuxxx (not using my first name :P), come with me please"
*walks along to his office, starting to get reallly fucking nervous*
*CTO and me walk into his office, he sits down and looks at me very serious*
*I'm slightly shaking, nervous, sweating*
CTO: "So."
*oh yes here it is its gonna come I did something wrong fuck fml 😫😥😨😩*
CTO: "So you know quite some stiff around security/privacy. Could you tell me some stuff about why I'd want to use VPN and recommend me some good providers? 😀"
😅
*nearly falls onto the ground from relief*

I explained him some stuff and sent him a list of good providers 😀

Hello guys. So after I posted the rant about me blocking Google and Facebook through my hosts file, some people commented with the idea of creating a gitlab page with more privacy tips etc.

Well, that is turning into a project (actual website) that I initially started alone but @ewpratten joined the 'team' as frontender!

He'll be doing the front end and I'll be doing the backend :).

I think this will be my first ever (active) collab so I'm pretty excited =D.

!dev
!!personal
!!abuse

I'm a victim of rather severe child abuse, both physical and mental. I've cut my mother out of my life on several occasions, and disowned her husband on father's day a few years ago. Whenever they're in my life they make things slowly but significantly worse.

They'd been using my previous hard times to push their way into my life again, and are now trying to buy their way in -- this time not into my life, but into my 2yo son's life.

I've done everything I could to keep his existence from them. I hid pregnancy from them, dropped any mew mannerisms and cute vocabulary when speaking to them, never let them see toys or hear sounds if I needed to call them, hid the carseat, etc. I did a perfect job. Out of necessity I've been hiding my life from them since I was 13, and I've never done better than this.

But they knew his name, sex, and age. This means they went digging, and a bloody lot. There is literally no public info relating him to me, and nobody that knows us would tell them, either -- they all know and understand.

For years I've refused to tell these people where I lived, too. We've been here for over five years, and three years ago they just randomly showed up at our door. I never gave them an address, and the house isn't in my name. I never had any privacy when I lived with them, either -- literally not even in the bathroom -- but now we have our own house and they still randomly intrude? asldhflakshdf

But. This Christmas Eve, we got two large boxes (fruit flats) stacked full of presents from them. A third for me, a third for my girlfriend, and a third for my 2yo. Name tags and all.

Why can't they just leave us alone? On Christmas of all holidays? Why do they have to ruin everything? Why can't they just go away?

I've made things abundantly clear, and they just. won't. stop. I feel so angry and exasperated and helpless and trapped. I went from listening to "die in a fire" to crying helplessly on the stairs. All I want is to be left alone and not harassed and blackmailed and manipulated and guilted and given expired food as "gifts."

and before you ever even think to defend them, please re-read my first three sentences.

Just.
Merry fucking Christmas.

Was over at a friend's place for the first time in months again to just have a few drinks and some good time with two of my best friends when I wanted to show them a website.

Had my own phone turned off (NO phone use while socializing for me!) so asked one of them (the one who's still finding his way around the concept of online privacy) for their phone so I could show it.

He uses loads of Google things so I started to look for the chrome icon. Swiping all ways but couldn't find it... then suddenly:

DuckDuckGo search/browser icon!

😵😯

Me: dude the what?! YOU using a more privacy conscious browser?!?!?!
Friend: well, Google doesn't need to know EVERYTHING I search for online so I looked if ddg had an app and voila!
Me: de damn! And, how do you like it?
Friend: the results are good so nothing to complain about!

I'm proud of you, mate!

So, as everyone knows on here by now (or, a lot of ranters), I am a fervid privacy person.

Appearantly a new surveillance law in my country is about to extend mass surveillance/hacking a lot. So here a rundown of what they are about to be allowed to do (stuff that is not okay imo and this is the reason I am so pro-privacy):

- Mass Data Gathering: The intelligence agency over here (lets call it IA from now) can pretty much record everything send through the country.

- Extra Protection: If they want to conduct surveillance on journalists/lawyers, they have to go through extra channels first at least.

- Data/survaillance sharing: The IA is allowed to share their raw/filtered data with foreign intelligence agencies without limits. Also, they're allowed to conduct surveillance based on foreign requests.

- Secret DNA database: A secret DNA database will be created which can store the DNA profiles of any person who has commited any kind of crime. These profiles are allowed to be stored for a maximum of 30 years. This database is allowed to be shared with any foreign intelligence agency.

- Hacking: Unlimited power to hack any device deemed neccesary to hack in relation to crime. From computers to smartphones and so on. Also, it's allowed to use zero-days without reporting them to the vendor (we have seen what can go wrong with that through the ShadowBrokers scandal).

- Automatic Database Collection: They are allowed to directly tap into any database they see required (banks, healthcare, messaging services and so on). Practically this can lead to backdoors being build in because if you don't cooperate, you can go to prison. (mother of god I am not using anything closed source anymore if possible).

So yeah, this is pretty much the reason why I am so privacy consious. This country is fucked.

Well, here's the OS rant I promised. Also apologies for no blog posts the past few weeks, working on one but I want to have all the information correct and time isn't my best friend right now :/

Anyways, let's talk about operating systems. They serve a purpose which is the goal which the user has.
So, as everyone says (or, loads of people), every system is good for a purpose and you can't call the mainstream systems shit because they all have their use.

Last part is true (that they all have their use) but defining a good system is up to an individual. So, a system which I'd be able to call good, had at least the following 'features':
- it gives the user freedom. If someone just wants to use it for emailing and webbrowsing, fair enough. If someone wants to produce music on it, fair enough. If someone wants to rebuild the entire system to suit their needs, fair enough. If someone wants to check the source code to see what's actually running on their hardware, fair enough. It should be up to the user to decide what they want to/can do and not up to the maker of that system.
- it tries it's best to keep the security/privacy of its users protected. Meaning, by default, no calling home, no integrating users within mass surveillance programs and no unnecessary data collection.
- Open. Especially in an age of mass surveillance, it's very important that one has the option to check the underlying code for vulnerabilities/backdoors. Can everyone do that, nope. But that doesn't mean that the option shouldn't be there because it's also about transparency so you don't HAVE to trust a software vendor on their blue eyes.
- stability. A system should be stable enough for home users to use. For people who like to tweak around? Also, but tweaking *can* lead to instability and crashes, that's not the systems' responsibility.

Especially the security and privacy AND open parts are why I wouldn't ever voluntarily (if my job would depend on it, sure, I kinda need money to stay alive so I'll take that) use windows or macos. Sure, apple seems to care about user privacy way more than other vendors but as long as nobody can verify that through source code, no offense, I won't believe a thing they say about that because no one can technically verify it anyways.

Some people have told me that Linux is hard to use for new/(highly) a-technical people but looking at my own family and friends who adapted fast as hell and don't want to go back to windows now (and mac, for that matter), I highly doubt that. Sure, they'll have to learn something new. But that was also the case when they started to use any other system for the first time. Possibly try a different distro if one doesn't fit?

Problems - sometimes hard to solve on Linux, no doubt about that. But, at least its open. Meaning that someone can dive in as deep as possible/necessary to solve the problem. That's something which is very difficult with closed systems.

The best example in this case for me (don't remember how I did it by the way) was when I mounted a network drive at boot on windows and Linux (two systems using the same webDav drive). I changed the authentication and both systems weren't in for booting anymore. Hours of searching how to unfuck this on windows - I ended up reinstalling it because I just couldn't find a solution.
On linux, i found some article quite quickly telling to remove the entry for the webdav thingy from fstab. Booted into a root recovery shell, chrooted to the harddrive, removed the entry in fstab and rebooted. BAM. Everything worked again.

So yeah, that's my view on this, I guess ;P

So WhatsApp introduced number linking (with facebook) to its users a while ago.

I know a lot of people who opted out (this option was introduced by facebook because of european laws) because they didn't want their number linked. They said that it infringed their privacy (or however the fuck you spell that).

A few months later we found out that that checkbox thingy didn't do anything and facebook would link everything anyways. They got a 10 million euro fine I thought.

I found one thingy very disturbing though. Told some friends about the ability to opt out (when the scandal hadn't happened yet) and they did right away.

Then later on the scandal became public.

Told them about that.

'Oh but I don't have anything to hide, it's alright!'.

Jesus fucking christ how deep can people sink?! First you say that you opt out because you don't want your fucking data linked and when the fucking scandal gets public you act like everything is fine because 'you have nothing to hide anyways'.

Fucking hell.

Privacy & security violations piss me off. Not to the point that I'll write on devRant about it, but to the point that coworkers get afraid from the bloodthirsty look in my eyes.

I know all startups proclaim this, but the one I work at is kind of industry-disrupting. Think Uber vs taxi drivers... so we have real, malicious enemies.

Yet there's still this mindset of "it won't happen to us" when it comes to data leaks or corporate spying.

Me: "I noticed we are tracking our end users without their consent, and store not just the color of their balls, but also their favorite soup flavor and how often they've cheated on their partner, as plain text in the system for every employee to read"

Various C-randomletter-Os: "Oh wow indubitably most serious indeed! Let's put 2 scrumbag masters on the issue, we will tackle this in a most agile manner! We shall use AI blockchains in the elastic cloud to encrypt those ball-colors!"

NO WHAT I MEANT WAS WHY THE FUCK DO WE EVEN STORE THAT INFORMATION. IT DOES IN NO WAY RELATE TO OUR BUSINESS!

"No reason, just future requirements for our data scientists"

I'M GRABBING A HARDDRIVE SHREDDER, THE DB SERVER GOES FIRST AND YOUR PENIS RIGHT AFTER THAT!

(if it's unclear, ball color was an optimistic euphemism for what boiled down to an analytics value which might as well have been "nigger: yes/no")

I realize I've ranted about this before, but...

Fuck APIs.

First the fact that external services can throw back 500 errors or timeouts when their maintainer did a drunk deploy (but you properly handled that using caching, workers, retry handlers, etc, right? RIGHT?)...

Then the fact that they all speak a variety of languages and dialects (Oh fuck why does that endpoint return a JSON object with int keys instead of a simple array... wait the params are separated with pipe characters? And the other endpoint uses SOAP? Fuck I need to write another wrapper class around the client...)

But the worst thing: It makes developers live in this happy imaginary universe where "malicious" is not a word.

"I found this cloud service which checks our code style" — hmm ok, they seem trustworthy. Hope they don't sell our code, but whatever.

"And look at this thing, it automatically makes database backups, just have to connect to it to DigitalOcean" — uhhh wait...

"And I just built this API client which sends these forms to be OCR processed" — Fuck... stop it... there are bank accounts numbers on those forms... Where's that API even located? What company?

* read their privacy policy *

"We can not guarantee the safety of your personal data, use at your own risk [...] we are located in Russia".

I fucking hate these millennial devs who literally fail to get their head out of the cloud.

Somehow they think it's easier to write all these NodeJS handlers and layers around some API, which probably just calls ImageMagick + Tesseract on the other side.

If I wasn't so fucking exhausted, I'd chop of their heads... but they're like hydra, you seal one privacy breach and another is waiting to be merged, these kids just keep spewing their crap into easy packages, they keep deploying shitty heroku apps... ugh.

😖

In 2008 I took my first web development job for an agency that's no longer around. There was a Vice President there by appointment from our coke headed owner who really liked to micromanage and invade privacy with key loggers and screencap spyware to "manage" us. I found out because my machine would snag when moving the mouse cursor and sometimes I'd accidentally paste the screenshot into photoshop just before the software cleared the clipboard. Anyway, I wasn't supposed to know I was being monitored so I just unplugged my network cable and killed the service running the jank ass spyware. I'd delete it when no one was looking and wipe out the cache of screencaps it would compile every day. It was basically a troll vs troll stalemate for weeks. Finally they gave in and told everyone what was going on so we collectively decided to seek revenge. We bought a piezo buzzer about the size of a quarter that chirped like crickets at random intervals. We stuck it on the underside of his desk inside of the middle drawer area and let it go. They spent so much time and money trying to get rid of the cricket infestation. We let it go on for weeks. I ended up quitting before the gag was up, but damn was it funny to see him squirm in that office because of those crickets!

I'll hopefully be releasing the security/privacy blog (going to bundle both into one blog) tonight.

I'm actually nervous about this 😅

(first post will solely be an introduction/hello post)

So now I'm working on my first collab with a fellow devRanter on a privacy website thingy! Excited and want to start working on it right away.

BUT OH NO I'VE GOTTA GO TO WORK IN 15 MINUTES TO STAND BEHIND A TABLE PACKING MOTHERFUCKING BOXES ALL DAY, YEAH NO THAT SOUNDS FUCKING COCKSUCKING EXCITING. (okay I can pay rant but still).

I need a hug 😞

So, I was participating in a competition, but little did I know that you could only participate in pairs. Seeing that a lot of famous indie devs were participating I was extremely hyped. But since it seemed like I was the only idiot who didn't have a partner I felt like kicking myself. Then a guy about whom I had never heard of before, probably a newbie, comes out of the blue and asks me to be his partner. Since I had no choice, I reluctantly agreed to pair up with him. The rules of the competition were to create a game based on a particular theme in a period of 1 week. To get started, I asked him about his skills as it would be better to know what our strengths and weaknesses were. He said that he was good at art and proceeded to show me some of his "previous works". I was genuinely impressed. Honestly speaking his drawing seemed a bit off but was but for a newbie, it was good. So we decided that he would take care of the art and I would code, create some basic music (nothing too fancy because of the lack of time) and if time permits, refine his art(correcting ratios, colour combinations, shading, etc.). On the first day, he would like to work in privacy and would show only the finished products to me. It seemed a bit fishy, but hey, I am all up for respecting the wishes of fellow team members.
So all was going well, or so I thought, till on the fifth day the guy confesses that he didn't get shit done. Apparently, his "previous works" were random stuff taken from the great land of internet and that he had to leave town the next day. He just wanted to "experience the life of a game developer" and "meant no harm". I flipped out, half lectured half screamed at him then asked him to get the fuck out which happened to be the only fucking thing that he was able to do correctly. I thought for an hour or so, then contacted the staff and informed them about my situation. They said that if I was okay with the handicap, I may continue. I then pulled three all nighters with about 3 hours of sleep (that too in parts of about 1 hour) everyday and was barely able to submit my game on time.
I secured the fifth place, which was pretty good if I may say so myself, but it an important lesson in my life that taught me to never trust anyone blindly.

- devRant TOR rant! -

There is a recent post that just basically says 'fuck TOR' and it catches unfortunate amount of attention in the wrong way and many people seem to aggree with that, so it's about time I rant about a rant!

First of all, TOR never promised encryption. It's just used as an anonymizer tool which will get your request through its nodes and to the original destination it's supposed to arrive at.

Let's assume you're logging in over an unencrypted connection over TOR and your login information was stolen because of a bad exit node. Is your privacy now under threat? Even then, no! Unless of course you had decided to use your personal information for that login data!

And what does that even have to do with the US government having funded this project even if it's 100%? Are we all conspiracy theorists now?

Let's please stop the spread of bs and fear mongering so that we can talk about actual threats and attack vectors on the TOR network. Because we really don't have any other reliable means to stop a widely implemented censorship.

It's funny how every one says Google respects your privacy.

I remember a few months ago, one of my manuscripts was removed by Google because it "violated the terms and services."

First of all, it's just a psychological crime thriller about murder. I read the terms and services and it said nothing about murder, so I didn't violate anything.

Second of all, assuming they removed it for the reason it was all bloody and about murder, how would they know that? Did they start snooping and read my manuscript?

Fortunately, it was recovered the next day, but if Google cares so much about your privacy, why would they read my document?

I am trying to understand something for a while. devRant is full of privacy advocates and to be honest, part of it is almost taken by a group of people that call other people random swear words people because they are using a particular product of a company.

I will raise some points and will try to discuss them with other people in comments.

I will stick with Google. Since it looks like it's the most hated one. A company that has built one of the most intelligent infrastructure, the most popular mobile operating system and of course, the best search engine currently available.

The problem everyone sees is the privacy. Google tracks the search history to give users a better experience and show relevant ads. You might not need this "better experience". In case you don't know, you can turn off personalized search any time to make sure Google doesn't track. Same goes with Google Chrome, you can turn off all the data it is sending to servers in settings. You can simply not sign in if you don't anything to be synchronised.

An argument is Google should be opt-in rather than opt-out. But the general users are not tech-savvy. And yes, going to settings and turning on personalised search is a lot of work for a huge amount of people. Trust me, I worked in IT before. If they find other search engine giving them a good experience without changing anything in the settings, they will just simply move to that engine.

What interests me most if how people back DuckDuckGo. First of all, not all parts of DDG is not open source (it's fucking not, you can argue all day). Parts of it is closed because of licensing issues.

That is perfectly fine to privacy community. But it's not when Chrome is closed source for almost the same reason. I mean when you're using DDG, you are supporting a US-based company that has privacy all over its face and using closed source application on their server. Have you not learned anything from history?

You might be wondering about my obsession with Google. It hurts me when I see a giant company whose popular software is open source is bashed like this. Google has made huge contributions to open source communities. Chromium, Android, Kubernetes, Angular, GoLang, TensorFlow etc.

And PRISM, how do you know that DDG is not part of it? it's US-based after all.

I just saw an article that used a video with a title "TNW - Aral Balkan - Free Is A Lie | The Next Web" while asking us to switch to DDG. Ummm....DDG is also free right?

Maybe we should raise concerns with the US gov first rather than Google.

Hello again devRanters! This is linuxxx again. A quick update regarding the privacy site!

Right now we're up to the following:

Ewpratten
- Converting what we have right now on frontend to Bootstrap.
- Working on a page with a description as to what this is going to be exactly.

linuxxx (me)
- Converted the static stuff we used before to a simple MVC based PHP web application.
- Created a DB scheme for the custom CMS I am going to write for this.
- Starting to work on the custom CMS right now!

We'll update as soon as we've got a well working description/introduction page :)

We won't be creating rants every day/new tiny feature/change or anything but as this is our first productive night, it seemed like a nice idea to update what we already got done/started on :).

Stay tuned!

Ah yes, Brave, the browser that "respects your privacy" has started putting ads directly *in* the browser.

When they introduced Brave Rewards and people were confused why I was upset, it's because I knew it was a slippery slope to toward this sort of thing.

EDIT: Turns out, the ad is targeted towards LGBT people. As an LGBT person who just wants to live life in peace, this shit aggravates me even more. First, corporations are not your friends. They do not care about you. It's virtue signalling. Second, it's a bit ironic seeing as how Brenden Eich made Brave. If you don't already know, Brenden Eich (also creator of javascript) is pretty anti-gay.

So many things wrong with this. Can't wait to stop leasing away my devices' resources to advertisers.

For the first time in weeks I have energy enough to work on rewriting the security/privacy blog again! Post sort order will be fixed :)

Font ideas, anyone? And other feature ideas are welcome as well ;)

I have seen it. They say it doesn't exist; just a story we tell our children so that their innocence does not lead them down into a nightmarish adulthood from which there is no salvation. But the evil lives. So vile that were you to look inside its soul, all you would find is a terrible desperation for suffering. To cause it. To revel in it. To bathe in the tears of those it considers less than human and feed off the emotional detritus.

It was 2009. The financial crisis. I was one of the lucky, having found refuge in a large company right before the jobs dried up. General IT: system administration, documentation, project management, telephony, software training, second level help desk. No software development, but with a two-year-old at home and Ph.D.s lining up outside the local Olive Garden whenever a help wanted sign was posted, I grabbed the health insurance and entered into darkness.

The Thing did not need to hunt it's prey. A manager title with 21 reports brought it new opportunities for fresh meat by the hour. But I was special. I resisted. I needed to know my place.

My first mistake was incomprehension. I did not understand the Thing's lust to be right at all costs. I was reviewing some documentation it had brought forth from its bowels. I mentioned that two spaces were being used between sentences. That proportional type made that unnecessary. It insisted, I was wrong. It insisted that Microsoft itself, the purveyor of all good technical writing, required two spaces. I opened the Microsoft Manual of Style for Technical Publications that it demanded its staff use and showed it that the spec was one space. It was livid. I was a problem.

From that point on my work life became exponentially more wretched. I was given three Outlook calendars to maintain: one with my schedule, one with the team's schedule and one with the Thing's schedule. Every time I had an appointment, I was to triple schedule it. If I was going to be away from my desk for more than 15 minutes triple schedule. Triple schedule my lunch, vacations, phone conferences.

Whenever it held a meeting, I and a colleague would be taken off mission critical IT projects to set tables with name tents and to serve as greeters as attendees arrived.

I was called into its crypt to be told never to say anything in a meeting unless I told the Thing beforehand what I was going to say. Naive, I mentioned that I often don't know what I will say as it is often in reply to someone else. Of course the response was that I should not say anything.

I would get emails 10-20 times a day asking about a single project. I would regularly complete work that was needed to be completed ASAP, only to have the Thing rake me over the coals for not completing it a week later. And upon resending the emails proving I notified it of the work being competed, disparaged at length a second time for not sending repeated notifications of the competed work.

I would have to sit in two-hour meetings to watch it type. Literally watch it try to create cogent thoughts. In silence.

I received horrendous annual reviews. At one, it created a development plan that stated a colleague would begin giving me lessons on the proper ways to socially interact with personnel. I pointed out to HR that this violated privacy concerns and would make the business liable in many areas, not least of which would be placing a help desk person in the role of defining proper business practice. HR made the Thing remove this from my review. She started planning to remove me.

I had given a short technical training to a group of personnel months earlier. Called into its tomb I was informed that feedback surveys on my talk were disturbing. One person stated that they did not think I was funny. Another wrote that I made an offensive statement. That person did not say what the offensive statement was. Just that I had said something he or she didn't like.

The Thing interviewed the training attendees. Gathered facts. Held three inquest-like meetings where multiple directors peppered me with questions trying to get me to confess to my offensiveness. In the end the request to fire me was brought to the man who ran the business at the time. The statement on high: "Humor is a subjective thing. Please tell This to be sensitive to that."

The Thing had failed, but would no doubt redouble its efforts. I had to find a new job. I sent hundreds of resumes. Talked to dozens of recruiters. But there were no jobs. And I had a family. And the wolf was at the door.

So I didn't say a word to the creature. For six months. Silence. At one group meeting it shrieked at me "what are you smirking at? If you've got something to say then say it!" I just shrugged. For my salvation was revealed. The Thing could not stand to be ignored. And at the end of my penance I was transferred to another group: Software Development.

I am one with the Force. The Force is with me. I am one with the Force. The Force is with me.

"We are a privacy focused company that places the user first"

Alrightm, let's check:
dig domain.com MX

Well, another company talking shit, MX record points to google.
Fuck off

A big FUCK YOU to chrome, and a big FUCK YOU to google in generally. First the hell that is code.org, then the chrome. I genuinely want to open a dictionary in google to see if the word "privacy" is in there. Sure, first it was tracking users with by making them agree to a long ass TOS no one wants to read except lawyers, then barely even giving any info and asking for consent with YOUR data, but this is too far. For all you that dont know, LanSchool is an application that allows teachers to see students screens, internet history and more. Its the reason kids can't play games in English class. But most importantly, its a chrome extension. We have to do assignments from home right? So when we logon to the school account from home, LANSCHOOL GETS DOWNLOADED ANYRACKS EVERYTHING I DO. It pains me how teachers can view so much information unfairly because of some unknowing students, my friends privacy was unfairly in the hands of google and the school system. Right when I found out about tit (~2 mins after i first logged on) i made an Ubuntu VM just for goddamn google docs. Back to my friend, he went on some websites not to be considered appropriate, and got in huge trouble. He was completely unaware of the fact that they could see his screen, and I resent google for allowing a third party to manipulate my PERSONAL COMPUTER without my consent. Die google, you ruined android, which had so much potential, and now the web and virtual privacy. You should be <strike>ashamed</strike> dead, and I hope in the future you realize that one day people will have common sense.

Currently working on the privacy site CMS REST API.

For the curious ones, building a custom thingy on top of the Slim framework.

As for the ones wondering about security, I'm thinking out a content filtering (as in, security/database compatibility) right now.

Once data enters the API, it will first go through the filtering system which will check filter based on data type, string length and so on and so on.

If that all checks out, it will be send into the data handling library which basically performs all database interactions.

If everything goes like I want it to go (very highly unlikely), I'll have some of the api actions done by tonight.

But I've got the whole weekend reserved for the privacy site!

I have a Windows machine sitting behind the TV, hooked to two controllers, set up as basically a console for the big TV. It doesn't get a lot of use, and mostly just churns out folding@home work units lately. It's connected by ethernet via a wired connection, and it has a local static IP for the sake of simplicity.

In January, Windows Update started throwing a nonspecific error and failing. After a couple weeks I decided to look up the error, and all the recommendations I found online said to make sure several critical services were running. I did, but it appeared to make no difference.

Yesterday, I finally engaged MS support. Priyank remoted into my machine and attempted all the steps I had already tried. I just let him go, so he could get through his checklist and get to the resolution steps. Well, his checklist began and ended with those steps, and he started rather insistently telling me that I had to reinstall, and that he had to do it for me. I told him no thank you, "I know how to reinstall windows, and I'll do it when I'm ready."

In his investigation though, I did notice that he opened MS Edge and tried to load Bing to search for something. But Edge had no connection. No pages would load. I didn't take any special notice of it at the time though, because of the argument I was having with him about reinstalling. And it was no great loss to me that Edge wasn't working, because that was literally the first time it'd ever been launched on that computer.

We got off the phone and I gave him top marks in the CS survey that was sent, as it appeared there was nothing he could do. It wasn't until a couple hours later that I remembered the connectivity problem. I went back and checked again. Edge couldn't load anything. Firefox, the ping command, Steam, Vivaldi, parsec and RDP all worked fine. The Windows Store couldn't connect either. That was when it occurred to me that its was likely that Windows Update was just unable to reach the internet.

As I have no problem whatsoever with MS services being unable to call home, I began trying to set up an on-demand proxy for use when I want to update, and I noticed that when I fill out the proxy details in Internet Options, or in Windows 10's more windows10-ish UI for a system proxy, the "save" button didn't respond to clicks. So I looked that problem up, and saw that it depends on a service called WinHttpAutoProxySvc, which I found itself depends on something called IP Helper, which led me to the root cause of all my issues: IP Helper now depends on the DHCP Client service, which I have explicitly disabled on non-wifi Windows installs since the '90s.

Just to see, I re-enabled DHCP Client, and boom! Everything came back on. Edge, the MS Store, and Windows Update all worked. So I updated, went through a couple reboots-- because that's the name of the game with windows update --and had a fully updated machine.

It occurred to me then that this is probably how MS sends all its spy data too, and since the things I actually use work just fine, I disabled DHCP Client again. I figure that's easier than navigating an intentionally annoying menu tree of privacy options that changes and resets with every major update.

But holy shit, microsoft! How can you hinge the entire system's OS connectivity on something that not everybody uses?

First time having 2 monitors and actual full size desk inside my own apartment. Very liberating and I should take advantage... nothing beats the privacy of your home where you can think uninterrupted!

Last year at the the Xmas party CEO slips in that he wants the app done by end of February, I freak because I thought he meant both iOS and Android (only dev working on both :/), anyways he wanted specifics for locking out specific people that haven't paid for some in-house training (like in app persons just not in the app lol) it required web development which I'm horrible at, I spend a whole week and managed to scrape together the right functions to do a user lock out, pretty all things considering.

A couple weeks before deadline I'm done :D, I've done a lot of testing, some in-house user testing, changes made all bugs visually possible are fixed.

Now I've been sitting here waiting, it's an iOS app that is currently completed aside from some legal work, which I kept going to boss "hey, we need that disclaimer and privacy policy", he becomes busy for the next few weeks, pester him more, pester another co-worker, only a week ago did they contact a lawyer...

I'm here stuck waiting at a roadblock, developing the Android app sure but for their iOS app that they want released first, I'm stuck on hold, so annoyed, it's not like I can just put on a lawyer hat and just right some shit that says don't use x unless you agree and such.

So annoying, for about 2 weeks I just played games on my phone, I was not expecting to waste that much time lol, I was really expecting the legal stuff to be ready.

Just a side note co-worker and boss that needed to get this legal stuff knew I needed to get this done, since I mentioned it leading up to my completion.

I don't think it'd take too long with Apple when it comes to the review, it's just an update but I wouldn't put my faith in that as an answer. Just hate that I'm on hold, was wanting to finish this app and apply for a new job (nothing against the company more so because I want to go a company where I could get a but of mentoring). But I sit here waiting, working on the Android app, it'd be sad if finish the Android app before their lawyers get back to me with the legal stuff, though Android is a lot easier for me (I did iOS after completing majority of the features they wanted on Android because I was more comfortable working on it).

:/ What a drag

26 or so hours up now. And I've got a few stories to tell :) feel free to refresh your cup of coffee and take a seat.

Last few days I've been going into this odd place called intown.irl to get in touch with its inhabitants. An odd place I have to say. But in some cases quite rewarding, even got a MILF home with me and into bed at some point. Anyway...

3 days ago I think it is now? Thursday evening I took my laptop to this local bar where I had this issue about dihydrogen monoxide with one of the bartenders earlier (you'll find that rant on those keywords). Still wanted to visit it regardless though, as I met that first woman there earlier that approached me. Unfortunately I didn't see her there that day.

Some bald guy who was clearly drunk approached me. Many people were already giving curious looks at this laptop I brought to the bar. I finally tuned it up with the stickers from FOSDEM.. I'll put a picture of it in the comments. My theme was one of privacy (central), distributions and Google's open source initiative (which aligns with the keychain token I got from them as well). But of course.. that guy.. he thought that a pimped/riced laptop obviously meant that I was a hacker.

Guy went to the toilet.. went back.. and suddenly grabbed my laptop and turned it towards him. Boy was I never more smugly satisfied that those rubber pads on the bottom are quite resilient. Could've almost damaged my screen by trying to grab it like that. But it's a CCFL display.. so high voltage. If it were to become broken.. worth it. 😈

On it at the time was a terminal, pinging Google (had network issues at that bar, to the point where one of the - I think - staff members got up to me and offered the WiFi password and got to talk with me.. more on that later), and my usual Linux desktop along with the Arch anime wallpaper with the quote of Da Vinci.. simplicity is the ultimate sophistication. Of course the guy saw the terminal.. and probably reaffirmed.. yep, that's a hacker. At least he wasn't too wrong about the general term.. but the hat.. most likely he was wrong on that one.

Guy left with this question.. "you are a hacker, aren't you."
I replied to him: "No sir. I'm not a hacker. I've got no idea what you're talking about."
Guy kept looking at me weirdly for the whole night to come.

Back to that companion guy though. Mac user, yada yada.. but he told me about his backup solution. Apparently - I shit you not - he has not only the photos on his local device, he's also frequently backing them up in Time Machine (which I was really curious about whether it uses mirroring or snapshots.. he couldn't tell, lmk if you do) but not only that.. he was storing another offsite backup in that very bar, in case his house went on fire.

Now that is a proper backup scheme!!! If only more people were like that.

Seriously though.. that bald guy who took my laptop just like that... I just let it slide for that one time, but I tend to treat my machines as an extension of my very self. I think that was a very uncalled for move. Asshole...

How would you have reacted to such a thing? And.. maybe that's why we technologists don't get outside too often? Fucking everything is hacking these days if it's not Knopkes and Blinkenlights… Not every shell is a h4xx0ring console for h3kk1ng de fasbuk…

On my personal journey to better privacy!

Wanted to change to Qubes, but since I wind down with games, that won't happen sadly and it seems windows still doesn't support proper gpu passthrough either, so might eventually change to linux host and windows guest or create a VM I use for everything else that isn't gaming, since I still really love the idea of having a snapshot backup system.

So since that isn't quite in my timeframe right now though: first move was to move to firefox, already done the change on mobile (love having dark reader and ublock on mobile!), now setting it all up on desktop, pleasant surprise was for sure that firefox finally seems to have chromes devtools pretty much mirrored, even the mobile suite of tools.

Loading of pages is also finally fast and much snappier than chrome from the first testing I could do (on desktop, on mobile it still kind of sucks in comparison, but I can deal with that).

Please suggest me all sort of privacy tools you got, especially with firefox in mind, but also host tools, be it windows or linux (e.g. some sort of traffic obfuscator that visits random pages that are SFW but make automatic traffic filtering hard, could probably make my own, but if there's something like that already, why not), I'll save all I can use.

Ok this is fucking freaky!!

I was talking to my girl that she mentioned a song on a phone call today and I was listening to YouTube and all of a sudden the same song she mentioned came up which is an old out of my regular genres.
I freaked out and told her that's why I have fucking privacy issues!
And then I suggested making myself a private chatting app...
Her next sentence was:
"Yes you can baby... Basically the world is your app store!" <- her first coders quote (we are contagious)

Going to sleep with a newly gained 4k milestone! I'm gonna have good dreams :)

I never thought anyone would actually like me on this platform when I joined last month, but I guess I was wrong. I got along with a few awesome people, which I'm gonna list right below. Other than that, I'm glad to be a part of the community :)

The people I got along with the most:
- Linuxxx, the privacy superstar
- ewpratten, the young programming genius
- devTea, the compulsive upvoter
- Condor, the account deleter
- Alice, the pink freak
- Stuxnet, which I kinda forgot the first time I wrote this (sorry!)
- Almost everyone on here!

To be clear, those are people I enjoy talking with, they might not feel the same way. I just wanted to thank those who made me smile the most here.

Hired a new BI developer. She tested reasonably ok in SQL, and certainly showed good strengths in visualising data, plus had a good attitude in the interview. We hired her. She broke her laptop the first day. We got her another then she complained the camera didn't work but didn't realise the lever in front of the camera was to move the privacy shutter off and on.

Assigned her some work of taking queries that are used in a BI tool that targets the transactional database directly, and re-jigging them for Snowflake which we're using as a data warehouse now, aggregating all our data into one place. Yet, she's struggling to understand why the SQL query she's pasted in doesn't work as-is.

I go over it again; the source schemas and tables are this, but in Snowflake we've named them this. She then bemoans how much work that is to change them all - I say use find and replace. She then struggles with Snowflake syntax errors and asks for a guide on T-SQL to Snowflake. I show her Google and say "this is what I did when I hit these problems - search for 'Snowflake equivalent to T-SQL getdate()' or 'how to get current date in Snowflake' but she still doesn't understand. I ask if she's every had to work between T-SQL and MySQL or MySQL and PostgreSQL or Oracle and so on and she says yes. I say the syntax isn't the same, is it? And she goes oh, now I understand.

She scored reasonably in her SQL test but I'm now concerned there's something fundamental missing in her grasp of SQL. I gave her a detailed demo of the tools, I explained in the interview and on her start about our move to a data warehouse for all our apps, and put her through some training plus gave her time to work through our Confluence pages - not expecting she'll remember everything, but more to ensure she recalls they exist and what the general contents are.

Anyhow, that's my rant.

I wrote a node + vue web app that consumes bing api and lets you block specific hosts with a click, and I have some thoughts I need to post somewhere.

My main motivation for this it is that the search results I've been getting with the big search engines are lacking a lot of quality. The SEO situation right now is very complex but the bottom line is that there is a lot of white hat SEO abuse.

Commercial companies are fucking up the internet very hard. Search results have become way too profit oriented thus unneutral. Personal blogs are becoming very rare. Information is losing quality and sites are losing identity. The internet is consollidating.

So, I decided to write something to help me give this situation the middle finger.

I wrote this because I consider the ability to block specific sites a basic universal right. If you were ripped off by a website or you just don't like it, then you should be able to block said site from your search results. It's not rocket science.

Google used to have this feature integrated but they removed it in 2013. They also had an extension that did this client side, but they removed it in 2018 too. We're years past the time where Google forgot their "Don't be evil" motto.

AFAIK, the only search engine on earth that lets you block sites is millionshort.com, but if you block too many sites, the performance degrades. And the company that runs it is a for profit too.

There is a third party extension that blocks sites called uBlacklist. The problem is that it only works on google. I wrote my app so as to escape google's tracking clutches, ads and their annoying products showing up in between my results.

But aside uBlacklist does the same thing as my app, including the limitation that this isn't an actual search engine, it's just filtering search results after they are generated.

This is far from ideal because filter results before the results are generated would be much more preferred.

But developing a search engine is prohibitively expensive to both index and rank pages for a single person. Which is sad, but can't do much about it.

I'm also thinking of implementing the ability promote certain sites, the opposite to blocking, so these promoted sites would get more priority within the results.

I guess I would have to move the promoted sites between all pages I fetched to the first page/s, but client side.

But this is suboptimal compared to having actual access to the rank algorithm, where you could promote sites in a smarter way, but again, I can't build a search engine by myself.

I'm using mongo to cache the results, so with a click of a button I can retrieve the results of a previous query without hitting bing. So far a couple of queries don't seem to bring much performance or space issues.

On using bing: bing is basically the only realiable API option I could find that was hobby cost worthy. Most microsoft products are usually my last choice.

Bing is giving me a 7 day free trial of their search API until I register a CC. They offer a free tier, but I'm not sure if that's only for these 7 days. Otherwise, I'm gonna need to pay like 5$.

Paying or not, having to use a CC to use this software I wrote sucks balls.

So far the usage of this app has resulted in me becoming more critical of sites and finding sites of better quality. I think overall it helps me to become a better programmer, all the while having better protection of my privacy.

One not upside is that I'm the only one curating myself, whereas I could benefit from other people that I trust own block/promote lists.

I will git push it somewhere at some point, but it does require some more work:
I would want to add a docker-compose script to make it easy to start, and I didn't write any tests unfortunately (I did use eslint for both apps, though).
The performance is not excellent (the app has not experienced blocks so far, but it does make the coolers spin after a bit) because the algorithms I wrote were very POC.
But it took me some time to write it, and I need to catch some breath.

There are other more open efforts that seem to be more ethical, but they are usually hard to use or just incomplete.

commoncrawl.org is a free index of the web. one problem I found is that it doesn't seem to index everything (for example, it doesn't seem to index the blog of a friend I know that has been writing for years and is indexed by google).

it also requires knowledge on reading warc files, which will surely require some time investment to learn.

it also seems kinda slow for responses,

it is also generated only once a month, and I would still have little idea on how to implement a pagerank algorithm, let alone code it.

TIP:

1.1.1.1: the fastest, privacy-first consumer DNS service

I switched to faster DNS,
And believe it or not, it improved my internet speed.

Just add this DNS and you're gonna experience faster browsing

DNS1: 1.1.1.1
DNS2: 1.0.0.1

comment below if you experience it.

!rant

tl;dr at the bottom

This might not be a popular opinion, so please, if you throw things at me, limit yourselves only to tomatoes and other soft projectiles. Thank you!

So this being said, i must say ut: i actually like how facebook use this data overall. While i am completly against privacy violation, that data is given up by ourselves with a choice to do it, so we can't hand them for it. However, i think the fact that we got ads for what our interests are is quite awesome! For example because of this i found webcomics and artists i curently hold really high in my praises and this might not have been the case if FB had another business model.

This being said, i just think people should focus on problems more important than how social media manages to earn some bucks, and while is our choise to be part of that we can't simply call ourselves "products". History holds many stories about civilization that gaved no choice if you wanted or not to be a product so we could be at least glad it is not the case anymore.

Anyway, if you read all the way down here, tnaks for your time!

TL;DR: Facebook is no holy church but it actually not so bad, we can find things we get to love or actually needed in the first place in their targeted adds system. At least we have a choice to be part of this or not!

I made a New Year's Resolution to take more of an interest in my Internet privacy. Feel like it's something I should have done a long time ago. I've stopped using Google search (DuckDuckGo instead), moved away from my Gmail account (Tutanota instead) and stopped using Chrome (Firefox/Firefox Focus instead). I've had my Gmail account since they first announced it and you could only sign up if someone invited you. It felt good to delete 7000 emails and what I estimate must have been 13-14 years of Google/YouTube searches. Currently experimenting with VPNs, considering paying for ProtonVPN soon.

Anything I (am able to) build myself.
Also, things that are reasonably standardized. So you probably won't see me using a commercial NAS (needing a web browser to navigate and up-/download my files, say what?) nor would I use something like Mega, despite being encrypted. I don't like lock-in into certain clients to speak some proprietary "secure protocol". Same reason why I don't use ProtonMail or that other one.. Tutanota. As a service, use the standards that already exist, implement those well and then come offer it to me.

But yeah. Self-hosted DNS, email (modified iRedMail), Samba file server, a blog where I have unlimited editing capabilities (God I miss that feature here on devRant), ... Don't trust the machines nor the services you don't truly own, or at least make an informed decision about them. That is not to say that any compute task should be kept local such as search engines or AI or whatever that's best suited for centralized use.. but ideally, I do most of my computing locally, in a standardized way, and in a way that I completely control. Most commercial cloud services unfortunately do not offer that.

Edit: Except mail servers. Fuck mail servers. Nastiest things I've ever built, to the point where I'd argue that it was wrong to ever make email in the first place. Such a broken clusterfuck of protocols, add-ons (SPF, DKIM, DMARC etc), reputation to maintain... Fuck mail servers. Bloody soulsuckers those are. If you don't do system administration for a living, by all means do use the likes of ProtonMail and Tutanota, their security features are nonstandard but at least they (claim to) actually respect your privacy.

I just woke up this morning to an email saying that someone from chile logged into my instagram account and I'm not actually what set me of the most.

The fact that my password was leaked, the fact I literally never got notified that I had a Instagram account I never wanted or the you have to disable most privacy settings, just to reset your password.

Like holy fuck, I disabled all options I could find on firefox concerning privacy/tracking and it still tells me I should disable some privacy settings.
So I enabled chrome again (fucking system app) and it worked on first try. Just as expected...

Anyway, fuck instagram and thank you dear hacker for telling me that I had a worthless to delete.

My own cloud service. Mainly because of privacy reasons, but also playing around with servers can be fun. Before you know it you've got your own Spotify, Netflix, Google Drive, Last Pass etc... Without sacrificing all of you data :)

Sure, at first it may be a bit expensive because you have to get a server, but you don't need a crazy server to run these things, if you've got an old pc or laptop laying around you can use that too (in that case setting up your own cloud services is practically free).

Goodbye Duckduckgo, DuckDuckGo’s CEO Gabriel Weinberg announced on Twitter that his privacy first search engine will be manipulating its search results to only show users what the company deems not to be “disinformation” about the Russia-Ukraine conflict.

Holy shit firefox, 3 retarded problems in the last 24h and I haven't fixed any of them.
My project: an infinite scrolling website that loads data from an external API (CORS hehe). All Chromium browsers of course work perfectly fine. But firefox wants to be special...
(tested on 2 different devices)
(Terminology: CORS: a request to a resource that isn't on the current websites domain, like any external API)

1.
For the infinite scrolling to work new html elements have to be silently appended to the end of the page and removed from the beginning. Which works great in all browsers. BUT IF YOU HAPPEN TO BE SCROLLING DURING THE APPENDING & REMOVING FIREFOX TELEPORTS YOU RANDOMLY TO THE END OR START OF PAGE!
Guess I'll just debug it and see what's happening step by step. Oh how wrong I was. First, the problem can't be reproduced when debugging FUCK! But I notice something else very disturbing...

2.
The Inspector view (hierarchical display of all html elements on the page) ISN'T SHOWING THE TRUE STATE OF THE DOM! ELEMENTS THAT HAVE JUST BEEN ADDED AREN'T SHOWING UP AND ELEMENT THAT WERE JUST REMOVED ARE STILL VISIBLE! WTF????? You have to do some black magic fuckery just to get firefox to update the list of DOM elements. HOW AM I SUPPOSED TO DEBUG MY WEBSITE ON FIREFOX IF IT'S SHOWING ME PLAIN WRONG DATA???!!!!

3.
During all of this I just randomly decided to open my website in private (incognito) mode in firefox. Huh what's that? Why isn't anything loading and error are thrown left and right? Let's just look at the console. AND IT'S A FUCKING CORS ERROR! FUCK ME! Also a small warning says some URLs have been "blocked because content blocking is enabled." Content Blocking? What is that? Well it appears to be a supper special supper privacy mode by firefox (turned on automatically in private mode), THAT BLOCKS ALL CORS REQUESTS, THAT MAY OR MAY NOT DO SOME TRACKING. AN API THAT 100% CORS COMPLIANT CAN'T BE USED IN FIREFOXs PRIVATE MODE! HOW IS THE END USER SUPPOSED TO KNOW THAT??? AND OF COURSE THE THROWN EXCEPTION JUST SAYS "NETWORK ERROR". HOW AM I SUPPOSED TO TELL THE USER THAT FIREFOX HAS A FEAUTRE THAT BREAKS THE VERY BASIS OF MY WEBSITE???

WHY CAN'T YOU JUST BE NORMAL FIREFOX??????????????????

I actually managed to come up with fix for 1. that works like < 50% of the time -_-

I am a junior web developer, currently working in my first job for a small company, I was hired because I have an interest in meteor and modern web dev.

When I say small I mean I am the only full time js dev.

So the project we are working (my first ever professional project from start to finish) is a travel booking web app (being a little vague, for the sake of privacy). I am the lead developer, as a new programmer of a project that is far from trivial. There are no other javascript devs in office, no sort of code review. We have an outsourced dev but as I got in a flow with one dev my boss supposedly told him to do it part time (without discussing with me), but haven't heard anything from him, so assuming he's just disappeared (probably annoyed at being treated like a commodity).

Boss has set up the stages, and forces me to move on to the next stage before that stage has been finished. I will have to go back over the whole thing to finish things off.

He will only hire cheap juniors, one front end guy with barely any experience is styling the site.

He is used to churning out WordPress and Magento sites.

Wish I had a senior I could learn off.

I want to stick at this project and see it through, but i can only see it ending in a train wreck.

At the same time I want out, I want to work under a better team with senior programmers and better code review.

I just have to do my best and see how it goes I guess

devrant rant

Every rant is SEO friendly.

Put few of your GitHub names in ddg - got few pages of devrant post. Not sure if that's beneficial for the personal digital footprint.

Option to exclude post from robots?

A colleague came to me ranting about some feature marketing wants.
"Save whether the user accepted, rejected or ignored the TOS." They have to accept the privacy agreement first, so this feature is most likely about annoying users who rejected the TOS. Totally justified. Fuck that marketing team.

I just used booking.com and good fucking god is the whole website a shit infested hell hole. They use scammiest and pushiest techniques to make you book a place asap without giving you space to breathe and read details.

They try to obfuscate what's actually necessary with what they want to take from you. For example just before reserving a room there's a checkbox that's close enough to words "terms and conditions" and "privacy policy" for unsuspecting user to habitually check it to proceed. However, you clicking "reserve" is considered your consent and that checkbox simply adds your email to their spamming list.

There are countless examples of absolute asshole design within every inch of that place and I don't even want to imagine what they do with my data.

Suffice to say this was the first and last time I will use their services and if I were to give any advice, is "don't be the dick responsible for website/app/service similar to booking.com"

I'm thinking about making an linkidin account. I'm mostly a privacy centered person so I don't have any social media. Should I do it because it can maybe help me in my career? I'm currently at my first junior dev job.

Love to hear your opinions.

Imagine a web way ahead of our time where its size goes beyond our imagination...

This is my first rant, and I'll cut to the chase! I don't like how web currently stands. Here's what makes me angry the most altough I know there's a myriad of solutions or workarounds:

- A gazillion credentials/accounts/services in your lifetime.

- Everyone tries to reinvent the wheel.

- There's no single source of truth.

- Why the fuck there's so much design in a vision that started as a network of documents? Why is it that we need to spend time and energy to absorb the page design before we can read what we are after?

- What's up with the JS front end frameworks?! MB's of code I need to download on every page I visit and the worse is the evaluation/parsing of it. Talk about acessibility and the energy bills. I don't freaking need a SPA just give a 20-50ms page load and I'm good to go!

- I understand that there's a whole market based on it but do we really need all that developer tools and services?

- Where's our privacy by the way? Why the fuck do I need ads? Can't I have a clue about what I wan't to buy?

Sticking with this points for now... Got plenty more to discuss though.

What I would like to see:

A unique account where i can subscribe services/forums/whatever. No credentials. Credentials should be on your hardware or OS. Desktop Browser and mobile versions sync everything seemlesly. Something like OpenID.

Each person has his account and a profile associated where I share only what I want with whom I want when I want to.

Sharing stuff individually with someone is easy and secure.

There's no more email system like we know. Email should be just email like it started to be. Why the hell are we allowing companies to send us so much freaking "look at me now, we are awesome", "hey hey buy from me".. Here's an idea, only humans should send emails. Any new email address that sends you an email automatically requests your "permission" to communicate with you. Like a friend request.

Oh by the way did I tell you that static mail is too old for us? What we need is dynamic email. Editing documents on the fly, together, realtime, on the freaking email. Better than mail, slack and google docs combined.

In order for that to work reasonably well, the individual "letter" communication would have to be revamped in a new modern approach.

What about the single source of truth I talked about? Well heres what we should do. Wikipedia (community) and Larry Page (concept) gave us tremendous help. We just need to do better now.

Take the spirit of wikipedia and the discoverability that a good search engine provides us and amp that to a bigger scale. A global encyclopedia about everything known to mankind. Content could be curated from us all just like a true a network.

In this new web, new browser or whatever needed to make this happen I could save whatever I want, notes, files, pictures... and have it as I left it from device to device.

Oh please make web simple again, not easy just simple and bigger.

I'm not old by the way and I don't see a problem with being older btw.

Those are just my stupid rants and ideas. They are worth nothing. What I know for sure is that I'll do something about or fail trying to.

Fuck the EU.

Their privacy laws fucking suck and don't even get me started on their braindead cookie law.

I think we should be able to make laws for them and not just them making laws for us.

First order of business is that by law all EU bureaucrats must have "I'm a fucking moron, punch me in the face to accept." tattooed to their foreheads in large bold letters with the rest of their face in intricate detail tattooed explaining what a fucking moron is so to educate their subjects.

First Privacy policy, now this..

WHAT THE FUCK IS GOING ON??

tldr; Finally my NordVPN subscription comes to an end so I was looking at other VPN providers and I chose Mullvad. So far, it is an amazing experience.

It has been 2 years since I was using NordVPN. It was great at first but soon first problems started to appear. Speeds were not exactly breathtaking and I barely sqeezed more than 40Mb out of it. Another problem was connecting from PC to PC on local network with both of them connected to VPN. I never found a working solution.
Then Tefincom started pushing it literally everywhere. Ads on YouTube (+ partnerships), fake websites redirecting to NordVPN, etc. That was when I decided to just fucking wait until my subscription ends so I can finally delete my account there...
Today is the day. I decided to go Mullvad because it seemed to be really privacy focused (don't kill me - I know I can't have *real* privacy with VPN, but you also can't have that with your own VPN) - they don't know anything about me, no email, no name, no payment data (Bitcoin Cash). Speeds are absolutely f*cking amazing and also local network works!

So I was looking into phone app development again (as you do) and I'm working on a simple QoL app for me and my SO that will help us automate some home management and finances stuff. Naturally I delved down the rabbit hole deep and wanted to have push notifications so we don't have to check the app periodically to know when certain things happen... Oh boy... Why is mobile development so convoluted, especially if you don't want to rely on Google Services...

It seems that the most accepted way of doing this is Firebase (FCM). Well me being me, I refuse to use google services for this and I prefer self hosted solutions (for data privacy reasons) which eliminates most products out there.

It also didn't help that my framework of choice is Flutter/Dart, because fuck Android Studio and the insane buggy XML stuff and fuck Android and it's constantly changing APIs...

Well In the end I decided on a rather simple solution and self hosted an AMQP service (RabbitMQ in my case, as I have some experience with it already) and implemented a foreground service in android platform specific code on top of my flutter project to kickstart it and made my phone a queue listener... This now means I can push notifications from my server to the Messaging Queue and it will be pushed into my App automatically!

One thing I found out on this journey was that Android now kills most background services and enforces foreground services to have a visible notification in the status drawer... which I actually approve of. It's a bit annoying that you can start a reliable background service, but I'm absolutely on-board with long running processes started by my apps are constantly visible...

Long story short, I love reinventing all the wheels, especially if it's for free and private... And I also went to sleep at 2AM again because this took longer that I'd like to tune... but it works, and it's google free...

I'm thinking of trying to package this up as a flutter module later, but first I want to do testing on battery life and the general life cycle of the service. RabbitMQ says they have the client library optimized for long-lasting connections and it should be just using a tcp socket, which should pretty much be what all the push notification services are doing anyway. I'm also not completely satisfied with how the permanent notification looks.. it isn't collapsible like some of the other ones from other apps and it's about 2 lines high instead of single line... which is something quite annoying and I'm struggling to find any relevant docs on how this is done other than possible making a custom Notification Style... but I just can't believe that everyone is doing that.. there must be a built-in somewhere -_-... Ugh Android is hell...

Anyway, if any android devs here have some hints, tips and tricks on how to handle this type of background/foreground process stuff and I'm doing something wrong let me know, cause googling this shit is a nightmare too!

hey guys if any of you guys are good with legal stuff some help would be appreciated.

so there’s this brand tld, which i won’t state for privacy sake. it is, coincidentally, my last name. naturally, i thought it would be pretty cool if i could change my personal domain to <my first name>.<my last name> but after contacting them i did not get a response.

do you guys think i have any legal standing to get my domain? could anyone help?

Problably Reposting (like 10M times)

Fking Playstore
Uploading my first app
took me almost a hour to make the App
Its taking FOREVER to create everything required to post an App
Privacy Policy only to use the cam to read a qrcode...
Damn

This is not a rant. Not really. It's more expressing my own insecurity with a certain topic, which somehow upsets me sometimes (the insecurity, not the topic though).

I have nearly no knowledge about security/privacy stuff. I mean, yeah, I know how to choose secure passwords and don't make stupid DAU mistakes. The very basics you would expect someone to have after a CS bachelor's degree.
But other than that... Nothing. And I would like to get a bit into that stuff, but I have no clue where to start. First getting my head wrapped around low-level stuff like network layers? Or something completely else.
This topic is so intimidating to me as it seems huge, I have no idea where to start, and I feel that if you don't have "full" knowledge, you are going to make mistakes which you might not even notice.

I sometimes get really scared about having an account hijacked or similar. Also in our job it seems to become more and more of a topic we should know about.

Anybody got any advice?
I am looking for a way to improve my knowledge in security in general for professional reasons and my knowledge about privacy for private reasons.
It's just, every time I start reading something related it seems that I am lacking some other knowledge etc...

Hey guys, this is my first rant/question so be gentle (please).

I've heard from my friends that there are some people who are really into privacy etc. So can you recommend best VPN(s) out there?

i want to make a paid subscription service for products that can replace google's and are privacy-respecting. primarily email and messaging apps. all with optional e2e. cross platform, open source, all that good stuff.

after that, maybe add alternatives to google docs, or release a first party phone that runs a mobile os that runs lineage or something.

All designers and developers are secretly in love with cookie banners and other kinds of popups, as long as they distract users, obscure content and contain a lot of text that is hard to understand.

We must love to deceive our users and make them click a primary call to action button to make sure that they are fine with bypassing anything that privacy laws have been made for in the first place.

Or where are the best practice examples, code snippets and plugins do find a better way by default? Any commercial website will sooner or later require some kind of cookie banner and that's the whole point of contemporary web design.

Ok, I'm fed up with this, just read something about android constantly monitoring your phone's location, now it's time to shut this up.

Would you please be so kind and share information on which alternative "privacy-first" OS I could use and how to flash my device? For all I know, it runs a custom HTC modified OS. I'm quite unfamiliar with all those things gravitating Android. Heard about Cyanogen mod but that's about it.

What about compatibility with apps downloaded through the play store? (thinking about Threema) I would also need compatibility with WhatsApp (yeah, sucks, I know, but hard to convince regular people)

Thank you all :)

This is a continuation of my previous rant about admob being not very informative when it comes to invalid traffic and the resulting restriction in ad delivery.

I then wanted to use admob mediation to hang in facebook ads. My app is written with Xamarin.Forms.

So first I needed to make some facebook configuration - create an account, let my app review, create some ad placements and other shit. I came to the point where I had to put in a link to my privacy policy and the link could not be accepted due to some SSL fuckup -.-'

I then found out that there is an issue with my SSL Chain. With the help of whatsmychaincert.com I solved that issue. Little side note here: I have limited knowledge of that stuff and my cousin helped me set up my homepage so I had no idea what I was doing. Did a snapshot and luckily I did not needed that as everything worked :)
This took me around half an hour just so I can paste the fucking link to activate my app in facebook developer portal.

After that I made the whole mediation configuration shit - not an issue as google documented this quite well but it took some time.

Now comes the shitty part. To use admob mediation you need adapters to the other ad network. I found a nuget package with exactly what I needed just to find out that it is outdated. So I pulled the repo and saw that this thing is an aar binding library. Never did that stuff so I read some docs again. Updated the package and consumed it in my app.

The google docs then said "Use this mediation test shit to check if you did everything correct before going prod" - aar binding nr. 2 (but I am now familiar with that :P). This thing then told me that facebook ads could not be loaded because the SDK version is outdated -.-' SDK version comes from another nuget package which is referenced by the first aar thingie. I tracked that thing back to a repo where I found out that they are indeed totally behind. So I downloaded the aar, made a binding lib and bound that to my first aar binding lib as that depends on this.

Put that all back in my app - tested mediation and fucking finally after 6 hours everything comes together! all lights are green and things work.

Sorry if this is not quite a rant but it was quite a journey and I just had to share it.

I've started to get more into the TOR idea over the last couple of weeks.

I know I'm way to "non protective" of my privacy but changing would mean I'd have to break many habits and stop using things I'm used to.

A couple years back (I guess it was in like 8th grade or so) I had a presentation in German (my first language) for an extra mark. It was about tor. In the process of researching all of it I learned quite a lot about it. All of this knowledge has stuck to me the whole time, unused.

Fast forward to today, I've finally decided to use the couple of bitcoins I have (like 15€ or so) from my home mining experiment to rent a vps for a tor relay. First, I was lucky enough to find a service provider that accepts bitcoin for a 3€. They advertised "Fair use Traffic", later found out, after committing for three months since I was like "yeah... will be fine", in the customer panel there is a graph that shows me that I have used x% of 1.5 TB... I guess the customer support will get an email from me asking what "Fair use" exactly means... But that's fine... Oh... And ipv6 wasn't a thing to be found...

To wrap it up... I've now got a 2 weeks old little tor relay <3

(I didn't wanted to put it on my main vps where I have 200mbit guaranteed at unlimited for 5€ a month since that's where I have my mail server running and a hidden service for my next cloud)

Well fuck Amazon. I am trying to get into my account because for some fucking reason they say my payment method is faulty while they actually write off the subscription of prime of it. But to get into my account I need to login again with 2FA as I have that turned it on. So far so good. But since it's an old phone number I can't login. Well just change the phone number wouldn't you think? Well yes but to change the phone number I need to login in with the old phone number to which I have no longer access 🤦‍♂️. Eventually found a phone number I could call. I get a lovely lady on the phone which guides me to resetting my password but for that, you guessed it, I need to do the 2FA again. I get send through to the next person as she can't change it for me because of privacy reasons (oh well). That guy first askes the last 4 numbers of my creditcard like 5 times because he can't remember it (write it the fuck down then asshole) then he starts mistaking the 6 for 9 (like how the fuck do you do that) and then the text messages don't come in while I am on the phone with him which he tries to blame to my service provider because they would block Amazon (like why would they do that?). But since I got a text message of them 15 min before I shot that down quickly. Then he finally admitted that they might have a disruption going on. So I think we'll fine I'll just ask my question to him how it's possible that Prime stops working as I am watching it because my payment method is faulty according to them (but manage to write off the subscription) and he starts talking just shit. Just admit that you don't know and connect me to someone who does know how that can happen. In the the end I just hung up because I knew I wasn't getting anywhere with this guy and don't you know it, as I start writing this the text messages come in. Problem solved you would say just out that number in the website and you can change your phone number. Well no because I have to tell the number to the guy who I hung up with because the texts weren't coming in 😒. Now I should call them back but I think I'll wait till tomorrow hopefully the day shift will be a bit more knowledgeable on how shit works and can actually remember 4 digits.

I can't wait for the release of Snips Air sometime in 2019 so that I can stop using my Google home. It's not even the privacy concern that bugs me, it's the stupid shit like alarm management. To preface, I've had a Google home since late last year and since I got it the alarms have been nothing but trouble. More than half the time when I ask it when my next alarm is, it will respond with "You have an alarm for Friday at 7pm that is going off right now" (At the time of this response it was Tuesday). Then snoozing sometimes just doesn't work, I told it to snooze for 10 minutes, it worked just fine. Then today I made the mistake of asking it to snooze a second time which responded with "Sure, snoozing for 5 minutes", I wake up 45 minutes later, and ask "Hey Google, when's my next alarm?", it responds "You have an alarm today for 7:00 snoozed until 7:15". I have an exam today so luckily I didn't sleep in too late but againg this isn't the first occurence. To prevent this I normally just have a backup alarm on my phone and the one on my phone will wake me up in case something happens. On top of that though I've had rarer cases where it will delete all my alarms and I'll have to go command by command reminding of each alarm. That's just alarms though, I also have it control several IoT devices, and me having to use IFTTT requires the utmost precision in my phrasing otherwise it won't understand ( although this issue is mainly due to how the assistant service trigger on IFTTT is configured ). It still does much better than Siri ( at least my home can set alarms unlike my mac ), I have yet to try Alexa though. Of course my last problem is the hotword, saying "Hey Google" is much better than "Ok Google" but it's still excessive when I have to repeat it for each individual command. This is why I'm so excited for snips air, a set of devices that look pretty great, hackable, and as a bonus much more private that the current options. I realize that I could get a dev kit or set up snips on a pi but the dev kit isn't exactly visually appealing and I doubt I could get something that looks or functions half decent on the pi.

We need to create simple form for colection few particular people data for some bounty programme.

We have ready-made website that does similar stuff, but it was outsourced and we have compiled javascript (sidenote - im only person in this place who understands f**ng javascript but hates it deeply)

Anyway, they come to me, and say that creating this google doc will take them few minutes and it seems that editing few divs in the site and creating second one with another subdomain will do the trick.

I tell them that it will take a lot of time to reverse engeneer that compiled react.js website to change few divs. But they insist.

So we start out, I pop up the terminal, copy over site, add nginx config for it, apply SSL to it, we are already good 5-10 minutes in, first roadblock - CORS. At this point I tell them that with google form they would be already done.

What I hear?
But we will need to make again privacy policy

Me:
Can you just link privacy policy from this site?

They:
Oh... it makes it easy now.

My internal voice:
next time try to use brain....

Which is a good platform for dedicated servers, privacy-wise, and if possible (but it's not my primary goal) not too heavy on my wallet? I'm finding it hard to find something reliable that won't hand out my ass data to the first cop it sees. Which are the best companies? Also, since it would be my first time, how I recognise a bad service?