This is just fucking awesome.
Bought a domain name from a local registrar today and now my personal details like full name, phone number and exact address are nicely on whois.

The cunts didn't even thing to ask me during registration if I want to make it private and there's no option to do that on their piss poor website.

Oh well, tomorrow will be the day that I transfer my new domain away from them. Last time I ever do business with these shitcakes

Hello guys and girls!

My company tasked me to do something insane.
Little background info: I'm a trainee, in my first year (of three, even though I will shorten my apprenticeship to two years). I told my trainer that I like encryption in a somewhat private talk.

Now to the insane part. I got tasked to develop a whole security concept ~2 weeks ago to protect our products against industrial espionage. I feel in no way competent enough to achieve this especially because my concepts so far have been dismissed with a 'naaaah. Can't we just do X for now and add the other stuff later?' or 'we can't do that.'
I seriously don't want my name under a concept we would use world wide on our customers pcs which I know has serious flaws.
What should I do? What would you do?

Should’ve posted this after it happened, but it requires a bit of background anyway.

There’s this guy that oversees our OpenStack environment. My team often make jokes and groan about him in private because he’s so overbearing. A few months back, he had to take us to our data center to show us our new racks, and he kept saying stupid stuff like “you break this and it costs me $30,000” as if he owns everything. He’s just... one of THOSE people. Always speaks in such a condescending way. We make jokes that he is our “best friend”.

Our company is shifting most of our products to the cloud in response to the coronavirus (trying to make it an opportunity for “innovation”). This has involved some structural and responsibility changes in our department, and long story short, I’m now heading the OpenStack environment alongside other projects.

This means going through grueling 1-on-1 meetings with our “best friend”. It’s not too bad, I can be pretty patient with people, so I didn’t mind too much at first. Then a few things happened.

1. He sent a shared folder that he owned containing info related to the environments. Several documents were outdated and incomplete, so I downloaded them, corrected them, and then uploaded the documents to my teams file share, as I was supposed to since we now own the projects.

2. Several files were missing, and when I asked about them, he said “Oh, did you refresh the browser?”. I told him no, that I downloaded them locally and republished them to my teams server, because he was supposed to hand everything off to us at once. He says “Well, silly, how are you going to get updates if you’re looking at them locally?” and kind of chuckles at me like I’m stupid.

3. He insists on training me how to remote into one of the servers to check on cluster space, which in itself is fine. I understand others wanting to make sure things will be done right by the people who come after them. But he tells me to download SuperPutty. I tell him, “oh no, that’s alright. I don’t need putty”. He says “oh cool, what tool do you use for ssh?”. I answer him “Just Git. If I want to I can use a CentOs bash terminal too, because we have WSL installed”. He responds “You can’t ssh through Git”.
I was actually a little shocked. I didn’t know if he was serious or not so I was silent for a few seconds before hesitantly saying “yes you can”. He says “this is news to me” and I so I tell him “every single one of our build jobs fetches code from Git with ssh” and he seemed genuinely shocked and surprised by that.... so then it occurs to me to show him that you can ssh in Powershell and that REALLY blew his mind. He would not shut up about it for several minutes. I was amused until it just got annoying.

Needless to say, my team had been previously teasing me about having to work with him, so they found it hilarious when I told them afterwards.

A dev posts a link to his website on a dev group I admin, first thing said site does is ask for my location. I look, no map not logically apparent reason for it, so I close the site.

Ask they guy why he is asking for such private info and he responds to tell me that he does not think a person's exact location is that private, and if he really wanted it he would just use the IP address.

Like how many fucking levels of dense is that.

So at the old job, i needed support for an issue relating to Amazon S3. We used a third party Python plugin for sending files to our buckets, but had some pretty severe performance issues when trying a 2-way sync.
Naturally, I sought help on StackOverflow, and was asked to share my config. Without much thought, I pasted the config file.
Next comment made me aware that our API id and key was listed in this config (pretty rediculous to keep such private info in the same file as configuration, but oh well).
I edited my question and removed the keys, and did not think about the fact that revisions are stored.

Two weeks later, my boss asks me if I know why the Amazon bill is for 25.000$ when it used to be <100$ 😳

I've never been so scared in my life. Luckily, Amazon was nice enough to waive the entire fee, and I leaned a little about protecting vital information

i was having a really hard time because there was no record of changes in code, the boys would communicate changes in private and I'd spend hours trying to figure out why i couldn't compile. when i asked my boss that they put that info somewhere, he said it was unnecessary and that it always worked that way before i came. ofc it worked, it was 2 guys coding. i couldn't work properly and everything took forever to sort, no one tried to help. i went to hr and they just told me i was right and that i had to be patient. i quit soon after

Fuck LinkedIn
Fuck their closed API
Microsoft always steals your PRIVATE info, but is scared of us using their PUBLIC info
Fucking morons
I can just use selenium and still have all the info I need
Then why the fuck would you close API to approved only
Can't you just track the traffic????

Companies really need to re-evaluate what they ask as security questions.

If I know your name and your approximate date of birth (to the month) then, here in the UK at least, I have a very good chance of being able to find out your parents names, your mother's maiden name, your address, your parents address (i.e. probably where you grew up and what school you went to), your parents ages, when they got married, etc. - and all from publicly available info, not illegal crap you find on Tor or social media stalking.

This isn't hard to find if you know where to look - the problem is that people think that it's all private, and behave as such - and companies encourage it. The typical "internet safety courses" don't even touch on it, and even more tech savvy people I know often don't have a clue this is possible.

Social media that's doesn't misuse your private info like facebook. :p

This is not about devRant… but it might as well be.

Imagine public forum. Everyone can read and post, everyone can comment. And there's no way to send a private message.

You use said forum for years. Whether you like it or not, you form alliances, friendships, frenemieships and engage all kinds of social contracts. There's no ro(ot)ster either, so you keep all that in your head, until one day you need a social contract formalized — exchange contact info. With Steven.

You can't just “@Steven text me, here's my phone”, that's borderline suicidal. You yearn a safe haven. A proxy that'd allow privacy. So you quickly spin up a service, let's say Discord (it wasn't Discord, but close enough), post a link, and within seconds Steven joins… He and seven other Stevens.

So you send each a unique sentence, a 2fa token so to speak, and ask them to post it on said devRant-like forum — they can delete it later after all. And a few minutes later there's eleven Stevens posting garbage faster than mods can delete, because whitespace power. But you bravely sift through that shit until the correct Steven rants “I'm blue, da-ba-dee da-ba-da”, and finally you know which Discord Steven is blue, so you can privately chat about colours.

And then Steven's 75 years old, well-reputed account gets banned on devRant for posting along other spamming Stevens. And you can't even PM administration, because devRant is a public forum without PM-ing indeed.

aagh fuck college subjects. over my last 4 years and 7 sems in college, i must have said this many times : fuck college subjects. But Later i realize that if not anything, they are useful in government/private exams and interviews.

But Human computer Interaction? WHAT THE FUCK IS WRONG WITH THIS SUBJECT???
This has a human in it, a comp in it, and interaction in it: sounds like a cool subject to gain some robotics/ai designing info. But its syllabus, and the info available on the net , is worse than that weird alienoid hentai porn you watched one night( I know you did).

Like, here is a para from the research paper am reading, try to figure out even if its english is correct or not:
============================
Looking back over the history of HCI publications, we can see how our community has broadened intellectually from its original roots in engineering research and, later, cognitive science. The official title of
the central conference in HCI is “Conference on Human Factors in Computing Systems” even though we usually call it “CHI”. Human factors for interaction originated in the desire to evaluate whether pilots
could make error-free use of the increasingly complex control systems of their planes under normal conditions and under conditions of stress. It was, in origin, a-theoretic and entirely pragmatic. The conference and field still reflects these roots not only in its name but also in the occasional use of simple performance metrics.

However, as Grudin (2005) documents, CHI is more dominated by a second wave brought by the cognitive revolution. HCI adopted its own amalgam of cognitive science ideas centrally captured in Card, Moran & Newell (1983), oriented around the idea that human information processing is deeply analogous to computational signal processing, and that the primary computer-human interaction task is enabling communication between the machine and the person. This cognitive-revolution-influenced approach to humans and technology is what we usually think of when we refer to the HCI field, and particularly that represented at the CHI conference. As we will argue below, this central idea has deeply informed the ways our field conceives of design and evaluation.

The value of the space opened up by these two paradigms is undeniable. Yet one consequence of the dominance of these two paradigms is the difficulty of addressing the phenomena that these paradigms mark as marginal.

=============================

TL;DR Does Telegram really secure?

Some people say Telegram is the most secure and safe messenger, some say it's not. If you're familiar with it you may know from news that Telegram did not gave its clients' info to government, you may have heard that Telegram's encryption is not the best one, BUT my question is does it store peoples' private chats' keys? Actually it does with normal chats because if you reinstall Telegram you can easily get normal chats' messages. Also my friend said that any application in mobile stores like App Store sign a agreement with stores owner company that if some points met, the application owner have to share info of its clients. So dear friend what do you think, should I continue using Telegram)?

P.S. sorry for my not the best English

Why do all my scammers on telegram say on telegram that they're currently chatting on business account and if you can add them on private? Is it so that they can see more info about you since you have them in your contact list and see how willing / naive you are? I always play the game along and did once added it to my WhatsApp. Maybe that's the reason why I had two human phone calls by scammers now. They labeled you as "easy" and now send the heavy weight scammers to you I guess. Recently, I got a call from PayPal, automated, and they said some suspicious thing was going on at my account and that they want to verify a big purchase. I do have my card attached - so, who knows. Sounded realistic but already was sus ofc. I had to press one to talk to someone. I did, why not. So then I got some Indian or do on the line saying bought iPhone blablabla and I was like. Yeah sure.. I wanted to play the game along to find out what the scam was - but his English had such huge accent that I've just hung up the phone.

It's impossible to find out how scam works, they always notice at a certain point I'm scamming them.

But because of going far into these games, I think I'm on some easy list and that's the reason I've encounter so many. So just playing the game along isn't without consequences.

I've teached my scammer using a translator I had just now how to properly scam dutch people. Don't be that formal, that word is outdated and also, dutch people can't speak Dutch at all. So if quality of dutch has a certain level you know they want smth from you. If AI did beat us in one thing it's languages I guess. It can even speak Gen z and formal and informal

Docker deployment
Wondering how you guys are doing docker deployment (angular, php, whatever) on self hosted servers from a private gitlab instance ?
Also most recent gitlab release seems Very promisssing on this.
There's a lot info on deploying to aws or google but not on this case (at least clear)
Would like to hear from you about your setups

For someone not deep-into-security, can someone tell me why "encrypted"/"non-compromised" communication is hard?

Wouldn't a private server that holds conversation in-memory (imagine Dictionary holding U2U GUID-GUID list of 'msg' objs) suffice?
Incoming IP info is disregarded and nothing gets written on-disk ever

Need to erase everything? just reboot the server, it's all in memory anyway

To avoid man-in-the-middle, pre-handshake check cert integrity by exposing the certificate-fingerprint by another endpoint, if the fingerprints match, proceed to switch to websocket
Wouldn't this be wayyyy more secure for actual anti-establishment talks than all the fancy probably-backdoored software that exists today? .-.

Hell it's easy enough that someone could make it go live in a few days, keep it up accessible if you know the IP and port to communicate and close-and-delete when done

The new owner info for my laptop:
"Don't dare to touch it's a private property if found will be shot dead and survivors would be shot again"

!dev

Personal rant, but as one shouldn't bottle up emotions, probably not so bad idea....

Started with diet and exercise in the vacation, as finally a certain thing starting with C calmed down...

Its maddening how fucked up the world is. Now as a lil private info (that might not be so unknown, shared multiple times here) - my body is a train wreck.

Lungs are fucked, muscle distrophy, some other things are fucked.

I'm the kind of thing every gym trainer dreads - the client that needs not only a lot of ass whooping, but also has a lot of problems that need to be taken care of.

Which is why I rather do exercise at home, cause... My experiences with humans in gyms are bad. Most trainers behave like fucking chimpanzees screaming commands while not listening what one tells them...

First challenge: Find a low impact cardio training.

What one mostly finds is a female chick (which is sad cause I like men more for obvious reasons), that should gain some weight, screaming at ya how great sport is while jumping around like a bunny on ecstasy.
Low impact isn't really low impact when you jump around, lil bunny... And it isn't low impact when you just let yourself fall to the floor and start doing push ups.

If an obese person like me did that, it would end in pain, frustration and an empty fridge TM.

So one has to painfully look and skip through 20 min vids of "Non low impact low impact YouTube / ... vids" to find one that is doable without wrecking the body even further... Yaaaay. That makes one totally not feel depressed :-)

The other thing that I always hate is dieting. Note that I don't have to change much - I'm basically on a diet since years, holding weight the whole time.

The jolly fun is that I can't take off with just an diet. If you never heard that such thing is possible, a lil advice: It is possible. Nothing hurts more than being told that eating less solves all problems magically - cause it doesn't.

What I usually need is added protein, as I suffer from muscle dystrophy in my left side. (hence the low impact vids).

If you go to a grocery store, you most likely find *tons* of protein stuff.

The fun thing is that roughly 80 % of that are - like all things in a supermarket - completely bullshit.

I know one could avoid using protein powder / ... - but that makes dieting a very very very hard task, as one has to not only do a lot of planning, but cooking and eating becomes a depression palooza... It just doesn't make fun when you have to scale components for every meal or force yourself to eat e.g. 250 g of low fat curd cheese to gain the necessary proteins.

Why is supermarket stuff so shitty....

Added sugar / saccharides . When one has been dieting for long for health reasons, one finds out pretty quick that most products (especially those labeled as healthy / fat reduced / "weight loss") are perfectly made to lead to a sugar crisis and binge eating.

I've found protein drinks containing up to 25 g of sugar per drink (330 ml).

A coke has 27 g of sugar per 250 ml...

:) Now isn't that jolly...

I've found my stuff of joy not so long ago (not advertising here, but depending on flavor it has only up to 3 g (!)) of sugar per drink)...

It just annoys me and pisses me off how much money is made - in my opinion deliberately - on the suffering of other people...

Most laws by the way end up being blocked by lobbyists - most nutrient scores etc are just "wrong" or better to unspecific... Making exploitation pretty easy.

It's funny how everyone has an opinion on obese people, everybody is pointing fingers and explaining how stupidly easy it is to take off... And at the same time no one gives a damn about shit like that.

That's all folks. Feeling better now.

By the way, I'm doing fine. I lost 7 kg already, though the train wreck of body was pretty pissed the last two weeks as everything hurts.

Another reason why motivational speeches are dumb in videos: Pain isn't fun. :)

Noob here. I'm an Android guy, looking to create a web app. Looking for pointers on where to get started learning. It's going to be enterprise level. Basically a hub of operations for small companies ~10-30 employees. Handle a lot of private info, see need to be secure.

our parents taught us to be careful with oil, plastic and fraudulent calls asking for private info. what dangers do you think future children would be made aware about?

so.. i'm in a call right now and one participant just dropped the info, that it seems to be the case, that someone just switched the elastic/elasticsearch-php repository on github to private - or worse, deleted it.

does anyone has any information about this?