"We are looking for a GDPR expert to be hired in our company"

"I am an experienced data protection manager"

"Oh, fine! May you give us your phone number?"

"No"

"Your email address?"

"No"

"You're hired"

How I protect my source code from prying eyes of colleagues.

We had a Commodore64. My dad used to be an electrical engineer and had programs on it for calculations, but sometimes I was allowed to play games on it.

When my mother passed away (late 80s, I was 7), I closed up completely. I didn't speak, locked myself into my room, skipped school to read in the library. My dad was a lovely caring man, but he was suffering from a mental disease, so he couldn't really handle the situation either.

A few weeks after the funeral, on my birthday, the C64 was set up in my bedroom, with the "programmers reference guide" on my desk. I stayed up late every night to read it and try the examples, thought about those programs while in school. I memorized the addresses of the sound and sprite buffers, learnt how programs were managed in memory and stored on the casette.

I worked on my own games, got lost in the stories I was writing, mostly scifi/fantasy RPGs. I bought 2764 eproms and soldered custom cartridges so I could store my finished work safely.

When I was 12 my dad disappeared, was found, and hospitalized with lost memory. I slipped through the cracks of child protection, felt responsible to take care of the house and pay the bills. After a year I got picked up and placed in foster care in a strict Christian family who disallowed the use of computers.

I ran away when I was 13, rented a student apartment using my orphanage checks (about €800/m), got a bunch of new and recycled computers on which I installed Debian, and learnt many new programming languages (C/C++, Haskell, JS, PHP, etc). My apartment mates joked about the 12 CRT monitors in my room, but I loved playing around with experimental networking setups. I tried to keep a low profile and attended high school, often faking my dad's signatures.

After a little over a year I was picked up by child protection again. My dad was living on his own again, partly recovered, and in front of a judge he agreed to be provisory legal guardian, despite his condition. I was ruled to be legally an adult at the age of 15, and got to keep living in the student flat (nation-wide foster parent shortage played a role).

OK, so this sounds like a sobstory. It isn't. I fondly remember my mom, my dad is doing pretty well, enjoying his old age together with an nice woman in some communal landhouse place.

I had a bit of a downturn from age 18-22 or so, lots of drugs and partying. Maybe I just needed to do that. I never finished any school (not even high school), but managed to build a relatively good career. My mom was a biochemist and left me a lot of books, and I started out as lab analyst for a pharma company, later went into phytogenetics, then aerospace (QA/NDT), and later back to pure programming again.

Computers helped me through a tough childhood.

They awakened a passion for creative writing, for math, for science as a whole. I'm a bit messed up, a bit of a survivalist, but currently quite happy and content with my life.

I try to keep reminding people around me, especially those who have just become parents, that you might feel like your kids need a perfect childhood, worrying about social development, dragging them to soccer matches and expensive schools...

But the most important part is to just love them, even if (or especially when) life is harsh and imperfect. Show them you love them with small gestures, and give their dreams the chance to flourish using any of the little resources you have available.

Just called Asus for a problem with my router, went to send them my systemlog.txt for analysis

"Oh we don't have an email you can send that to"

Me: "(me calling bullshit) let me talk to the tech team.."

*Get transferred*

"Hello this is the supervisor"

Me: "fml"

"Ya we don't have an email you can send that to, but we can use a different departments verification services to get a file from you, has to be a picture though"

Me: "What? I got a .txt file here, I just want to get it to you, does it really have to be a picture?"

"Has to be a picture or a PDF, we can't take txt files"

Me: "fkin.. srsly? Fine"

I can't believe Asus's system srsly. I think it's for virus protection, but viruses can be embedded in both picture formats and PDF, but not in txt. So wtf is going on lol

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Kudos to namecheap for making whoisguard (domain whois protection) free forever!

Kudos to them for giving everyone the option of privacy, for free.

So, as everyone knows on here by now (or, a lot of ranters), I am a fervid privacy person.

Appearantly a new surveillance law in my country is about to extend mass surveillance/hacking a lot. So here a rundown of what they are about to be allowed to do (stuff that is not okay imo and this is the reason I am so pro-privacy):

- Mass Data Gathering: The intelligence agency over here (lets call it IA from now) can pretty much record everything send through the country.

- Extra Protection: If they want to conduct surveillance on journalists/lawyers, they have to go through extra channels first at least.

- Data/survaillance sharing: The IA is allowed to share their raw/filtered data with foreign intelligence agencies without limits. Also, they're allowed to conduct surveillance based on foreign requests.

- Secret DNA database: A secret DNA database will be created which can store the DNA profiles of any person who has commited any kind of crime. These profiles are allowed to be stored for a maximum of 30 years. This database is allowed to be shared with any foreign intelligence agency.

- Hacking: Unlimited power to hack any device deemed neccesary to hack in relation to crime. From computers to smartphones and so on. Also, it's allowed to use zero-days without reporting them to the vendor (we have seen what can go wrong with that through the ShadowBrokers scandal).

- Automatic Database Collection: They are allowed to directly tap into any database they see required (banks, healthcare, messaging services and so on). Practically this can lead to backdoors being build in because if you don't cooperate, you can go to prison. (mother of god I am not using anything closed source anymore if possible).

So yeah, this is pretty much the reason why I am so privacy consious. This country is fucked.

A prayer of protection 😂 😂 😂

This facts are killing me

"During his own Google interview, Jeff Dean was asked the implications if P=NP were true. He said, "P = 0 or N = 1." Then, before the interviewer had even finished laughing, Jeff examined Google’s public certificate and wrote the private key on the whiteboard."

"Compilers don't warn Jeff Dean. Jeff Dean warns compilers."

"gcc -O4 emails your code to Jeff Dean for a rewrite."

"When Jeff Dean sends an ethernet frame there are no collisions because the competing frames retreat back up into the buffer memory on their source nic."

"When Jeff Dean has an ergonomic evaluation, it is for the protection of his keyboard."

"When Jeff Dean designs software, he first codes the binary and then writes the source as documentation."

"When Jeff has trouble sleeping, he Mapreduces sheep."

"When Jeff Dean listens to mp3s, he just cats them to /dev/dsp and does the decoding in his head."

"Google search went down for a few hours in 2002, and Jeff Dean started handling queries by hand. Search Quality doubled."

"One day Jeff Dean grabbed his Etch-a-Sketch instead of his laptop on his way out the door. On his way back home to get his real laptop, he programmed the Etch-a-Sketch to play Tetris."

"Jeff Dean once shifted a bit so hard, it ended up on another computer. "

Can't believe the US are talking about removing protection for net neutrality. I'm not based in the US, but hope devs out there are getting behind Net neutrality day and Battle for the net

We have a customer that runs an extremely strict security program, which disallows any type of outside connection to their servers.
In order to even correspond with them via email you must undergo background checks and be validated. Then you sign an NDA and another "secrecy level" contract.

Today they had a problem, I was the one assigned to fix it. I asked for a screenshot.
We already use an encrypted mail service, which runs via a special VPN that has enough layers of protection to slow down a photon to the speed of a snail.
The customer's sysadmin encrypted the screenshot and sent it to me.

I open the screenshot and....
He runs Windows 10, uses Google Chrome and has Facebook's WhatsApp desktop app flashing orange in the tray.

😐😣😫😖

Security decided to update our PCs with endpoint protection. It's blocking all connections to and from localhost.

It's been a productive day.

Such enterprise. Much security.

And then the protection broke and "Avast" was born .... and the broken nature has been there ever since.

Today I found somebodies phone... Together with his bank cards in the flip protection wallet ... I was able to turn it on and charge it so I awaited a call and now through the caller I was able to return it to its owner within 2 hours of finding it 🥰 got a nice bottle of booze as a reward

One of my first jobs as a Web Designer / Developer.

Boss had me update a WordPress site that the previous dude built. It had some pages that only members were meant to access.

These were listed on a navbar at all times. If the user clicked on them, a JS alert would show up telling the visitor to log in first.

That was the ONLY protection those pages had. No matter it was a WordPress-powered site, to begin. If you knew the URL or simply altered the code right there on the browser to remove the onclick-bound JS, you could get in.

And that was just the beginning of it. Eventually I convinced the boss to rebuild the site.

So I heard (a while ago) from one of my teachers at my previous study that they're waiting for the new european data protection laws to kick in so that they'll be able to start using Google for everything.

That would mean that every student is required to have a (school/school domain though) Google account.

"The data will remain in this country"

Yeah fuck off I'm not going to believe google on it's 'blue eyes'.

It's sad how an educational institution can force their students into a mass surveillance network. Really makes me angry as hell.

Luckily I got out before they're going to implement this.

Recently I tried to apply for a job and the company sent me a task to complete. It was on Java, write an app to sort input file with ability to choose a method and dislpay it. GUI with Swing or JavaFX. They said normally it will took 8-10 hours to complete it and they wanted to see, what I can do in 4hrs. So after 4 hrs I've done~75% and sent it and after 2 more I've sent the whole app with monkey-proof protection (validations, prompts, etc). So total of 6hrs. I've followed MVC structure and implemented OOP principles.
They liked it and this Thursday I'm having an interview 😊
Wish me good luck :D

Hahaha, the DPC (Data Protection Commission) has asked Facebook in a letter to stop transferring Europeans' data to the US.

Since the Privacy Shield agreement is off the table, it's illegal regardless to send any kind of PII data from the EU to the US.

How about we stop nicely asking and start giving fines in the form of millions every time PII data is transferred from the EU to the US by Facebook?

If the EU could grow some balls, that'd be fucking great.

When I was 10 years old, all kids at my school got access to school emails. The email address book contained everything in my city, like fire department, all pupils of all schools etc. So I decided to "test" the system by sending out a mass email to everyone in the address book (about 3k) with the question "Hi, how are you?".

The sys admins apparently didn't think very far as I got some responses saying like "You have crashed a server in the capital city" and "I have contacted your local IT admin".

So I went to the IT admin and told him the situation. His face turned red of anger and I remember him almost screaming at me.

Who the fuck doesn't set up protection for this and gives out access to 10 year olds? This was 15 years ago, I really hope sys admins are smarter today!

Would you like to smile for 10 seconds? Read this short story:
*Story begins*
During World War II, numerous fighter planes were getting hit by anti-aircraft guns. Air Force officers wanted to add some protective armour/shield to the planes.
The question was "where"?
The planes could only support few more kilos of weight. Mathematicians were called for a short consulting project.
Fighter planes returning from missions were analysed for bullet holes per square foot.
They found 1.93 bullet holes/sq. foot near the tail of planes whereas only 1.11 bullet holes/sq. foot close to the engine.
The officers thought that since the tail portion had the greatest density of bullets, it would be the logical location for putting an anti-bullet shield.
A mathematician said exactly the opposite; more protection is needed where the bullet holes aren't - that is -around the engines.
His judgement surprised everyone. He said "He said We are counting the planes that returned from a mission. Planes with lots of bullet holes in the engine did not return at all".

Moral: Not everything that counts can be counted, and not everything that can be counted, counts.

Source: From the book -
"How Not To Be Wrong", by Jordan Ellenberg.

@JoshBent suggested that I'd make a blog about security.

Nice idea, fair enough!

*registers domain at provider with discounts at the moment*
*tries to find whois protection option*

"You can add WHOIS protection to your account as an upgrade"

*requests authorization token*

*logs into usual domain name provider account*

*transfers domain name*

*anonymizes WHOIS details within two seconds*

I could've stayed and ask them about the cost etc but the fact that they even HAVE a price for protecting WHOIS data is a no-go for me.

Fuck domain name resellers which ask money for protecting ones WHOIS information (where possible).

Just read that EU may planning regulating Algorithms...

What the fuck? WHAT THE FUCK?

They want that programmers make their Algorithms public accessible for transparency and say what algorithms are allowed to do, because people are scared of them?!

MY BRAIN HURTS AFTER THAT FUCKING GENERAL DATA PROTECTION BULLSHIT THEY WANT TO REGULATE HOW OUR PROGRAMS SHOULD WORK?!

AHDHSHSJSDHJABDJS SHDNSBDBSNSN *RAGEQUIT*

Learning database at university, they teaching us about protection.
Tried DROP TABLE *...
Guess what happend...
In meanwhile Iam guessing what is going happen to me

2AM and a birthday party of my BELOVED mother that I have to attend tomorrow in the middle of bumfuck. And I'm not sleeping, oh no.. because "family obligations" require me to get her a present on 2 days notice. I'm making her something very simple, some LED's displaying her new age, powered by a lithium cell and some charge-boost-protection controller. So I need to make a mesh to place the LED's to make those characters.

Measuring the size of the project box, cut it out.. started drawing the numbers on it. Not satisfied and ain't nobody got time for that. Guess I'll just print something out. Drew a little image with some text on my tablet, sent it to the printer. Black apparently doesn't want to print anymore even though it's still fucking full.

HP YOU CERTIFIED MOTHERFUCKERS!!! How fucking difficult can it be to make a printer and make it into something that doesn't shit on me every fucking time I want to use it?! Why do I have to deal with your shit, on top of my mother's?! WHY?!!!!

Fuck me. Happy birthday to my mother, and silently I wish that it's her last one. The bitch wouldn't - no she didn't - piss on me even when I was on fire!! Where were you "dear family member" when I was homeless, huh?! WHERE WERE YOU, WHEN I STOOD ON TOP OF A BRIDGE, READY TO END MY LIFE AND BEGGED TO YOU TO ALLOW ME TO STAY IN YOUR HOME FOR THE NIGHT?! Mother my fucking ass. A blood bond that I wish I never had! And that I have to work for now, because you fucking bitch can't even possibly think as far into the future as to invite your peers for a birthday party.. I dunno, maybe a week in advance, like a sensible human being would? At least she's improving, my little sister's and brother's birthdays she just invited me for the day before. And I also had to get a present ready for, in the middle of the fucking night. Fucking hell!!!

If you ever feel useless, remember there is a protection case for the Nokia 3310

"The customers of our webshop are able to change their billing address... We don't want our customers to be able to do that."

(in a few months with the new general European data protection regulation I need to code it in again, so I just removed the html...)

TL;DR: check polarity before plugging your DIY circuits into others!!!

*goes off to watch some Lucky Star and drink some booze*
*notices phone battery dying after 3rd pint*

But my charging cable that Huawei delivered with this thing is way too short... Well that ain't no problem, I can make one of my own 😎

But I'm tipsy.. sound I really enter the workbench in this state?

*goes off to build a charging cable anyway*
But what was USB-A male connector's polarity again? Oh, there's the fan's USB connector that I've made in the past. Let's check on that one. So, left is positive and right is negative?

*solders the wires on*
Snip, strip, stick, done! Well that was easy. I guess that all those failed soldering attempts and lost pads in the past as a means of training did pay off in the end!

*plugs phone into Raspberry Pi media center through new charging cable*

Strange sounds coming from the speakers.. well that's odd. Reverse polarity or maybe the Pi can't handle a 1A load from my phone?

*plugs phone into the 5V 5A charging hub that I've made earlier*
That oughta do.. current limits should be no more in that thing.

*charging hub makes high-pitch noise similar to the Pi speakers*
Definitely a reverse polarity, isn't it :') let's check on the Gargler...
Oh shit! It is a reverse polarity mistake!!! Should've checked this earlier >_<

*resolders wires properly*
Alright, finally done.. as I'm writing this post, my phone's charging from the Raspberry Pi through my fixed charging cable now...

Lesson learned. Always check on the internet what the pinout is before soldering anything, don't solder while tipsy, and be fucking grateful that this phone has reverse polarity protection in it.

Nexus 6P with all its shortcomings regarding power delivery and battery management, luckily it's got reverse voltage protection features built-in. Otherwise it might've costed me my phone. Always double-check before plugging anything into something else!!!

A lot of people ranting about GDPR emails, but it's cool when you receive them by letter 😆

Story time...of how HR actually did its job of taking care of employees.

So, I started at this new gig on December, the boss was all sunshine and promise (big red flag now to think back). Then as time passed, he started seeming...off. To a point I considered quitting my boss just after 2 months of working for him.

Then one morning we had a project meeting. He started verbally abusing me, calling me incompetent, bashing my work (of which he knew ~nothing, his experience 30 years back). Earlier in the week he demanded me to make a presentation which he in this meeting told is complete bullshit without actually reading any of it. He told me 'I am your boss, you do exactly as I say' when I told him something is technologically impossible in the situation we're in. He *actually* told me to break the law with data protection...

This was like wtf dude. That's not how you manage people. So, I made an HR ticket about his behaviour. They were *shocked* and escalated the matter.

Long story short: he was a bully, he's getting fired, my team has a new manager. My workplace actually appreciates my expertise.

Bad thing in this is, now I actually need to continue doing my job. ;_;

In a moment of boredom I decided to pen test the new system I've been writing on the live server. Ran sqlmap but forgot to proxy my connection.

DDOS protection kicked in and blocked the entire offices connection to the server, had to drive home quickly to use my home internet to un-blacklist my office ip. 😂

Somewhat unpopular opinion time. I don’t 100% hate Facebook.

I do not support their data collection, but my biggest problem with FB is the users. My connections are inherently idiots because I’m in high school with people who are way too narcissistic and full of drama. I left FB because of the toxicity, and the data protection as a result was a bonus.

I support the original mission of Facebook, to connect people. I just wish it was still about that.

Had to setup 7 HP laptops today for a small hackathon.
Install windows 10...
just shout in the room and hope all cortanas hear the same answer.
done after a couple minutes.
Windows 10 rules.

...

This story could be over but no, have a plot twist.
All pcs connected to our wifi network as we tried to install Chrome ( cause edge sucks), realized it takes hours to install.
someone drawing internet over here?!
our network wasn't that bad usually.
opens windows store on one laptop by accident.
42 downloads running.
Yep on all of them.
what were they downloading?
candy crush... bubble witch saga...mcaffee.
spent about 4h uninstalling bloatware and teaching windows not to reinstall it over and over again...

Microsoft sucks...

and I didn't even mention the "tell us why you think you don't need McAfee premium protection pl0x" and "you really sure you don't want to try edge as default browser? is really fast and stuff" dialog fields...

Expectations: I will program like the perfect lover! Fast, strong, safe, and with a passion others only dream of! I will stay up all night loving my code.

Reality: I code like a cheap whore. In fast bouts with whatever personal project will pay me the most in progress. My emotional experience is meh, it is sloppy, the code asks me to do things I don't want to but I say yes to get it to leave me alone, I don't use proper protection, and I am usually working stupid hours.

Why do people say "Well, I don't know about that" to voice disagreement?

If you admit your own naivety on a subject compared to your peers, if you admit that you do not have the required knowledge to have formed an opinion, how can you disagree?

So it can either be expressed with genuine innocence, like 'Well, I don't know about that, tell me more!', which is never the case.

Or it means "Well I don't know anything about that... and I'm ashamed of the fact that I can't find any counter argument, so I refuse to trust your fucking expertise, shut the fuck up until I give you the right to voice your knowledge"

Which is a bit rude.

Now that we're on the topic of annoying expressions and platitudes...

"It's not rocket science" -- Rocket science, understanding how a rocket works, is surprisingly simple. You fill a cylinder with fuel and oxygen, add a pump or two, put some sparks underneath. Chemical reaction equals energy, direct energetic particles using a nozzle, Newton's first law does the rest. It's so simple that people don't actually study rocket science. They study aerospace engineering, or astrodynamics, which are difficult topics.

So if someone says "Devops is not rocket science", they're right, but for the wrong reason. It's actually harder than rocket science. Maybe easier than developing thermal protection system materials or solving n-body orbital problems with a slide ruler though.

"Great minds think alike" -- No, great minds actually think creatively and generate unique thoughts, if two minds think alike, the solution was just fucking obvious.

"Don't reinvent the wheel" -- First of all, pretty much nothing in code looks or even remotely functions like a simple wheel. Even metaphorically, all existing code equates to oval or square wheels. If you said "Hey, don't bother making better wheels, I like my ride to be bumpy because it stimulates my asshole", say no more, who am I to come between a product manager and their anal stimulation.

Anyway, those were four coworkers who I would've strangled with an Ethernet cable if it weren't for a certain pandemic and the risk of infection which comes with choke-coughing.

What are your linguistic pet peeves you get homicidal over?

GDPR: great law, except for those who use technology (JS blockers, tracking protection, etc etc) to fight other technology (cookies, trackers, etc etc). Welcomed by the general public, but for content publishers it is a royal pain in the ass. Because did the EU provide non-legalese explanations as to how to become compliant? Of course they didn't. Why would they? But of course lawyers jumped on it like it's the best thing in the world. "GDPR-experts".

Now, article 11 and 13 again. Copyright law taken to ridiculous levels, impossible to implement, except for maybe Google, Microsoft and Facebook. Anyone else? Of course not. Again, a lot of money has to be involved with it. Does anyone want this thing? Of course not. And why the fuck is this still a thing even?! Did direct lobbying to the EU Parliament members a few months ago not teach them anything?! Senile pieces of shit. Should those old fucks really be able to decide about the future of the internet?

PSA: if, for whatever shit reason your brain comes up with, you decide to run a webminer in your retarded useless piece of shit website, at least HAVE THE DECENCY TO WARN USERS ABOUT IT. And while you're at it, implement some basic monitoring and safety functions. If you don't, you can set yourself on fire and jump from the top of the tallest building you can find.

Some basic tips:
1) don't run that shit on phones. The fraction of a fraction of a cent you're gonna earn from them is not worth the risk of overheating them and draining their batteries.

2) add low battery/overheating protection: the last thing you want to do is kill some poor sucker's laptop (and potential unsaved work) just because they forgot a tab open. Every time a laptop dies because of you, a knife will slit your throat.

3) WARN YOUR USERS ABOUT IT! You are straining someone else's resources for your own profit: at least have the balls to be open about it. If you try to run a miner silently in the background, I will make you eat whatever is left of your fucking brain, then drown you in the shit that comes out of your ass.

Read an article that said "a successful DDoS attack [costs an organization] about $100,000 for every hour the attack lasts, according to security company Cloudflare"

And while I don't doubt the number, it still should read

"...$100,000 for every hour the attack lasts, according to company selling DDoS protection, Cloudflare"

Tutanota.

It's very functional while providing great data protection/privacy features at the same time.

And it's free by default! (although I do pay for a premium account)

My devGoals for 2019 are:

- Move DNS blocking from hosts file to a PiHole (or similar) at home

- Implement a full HAL for some smol microcontroller in C

- Create better automation templates for testing, building & deployment for our Angular projects

- Get rid of crippling depression

- Force my boss away from firebase and google tools in general

- Spread the love for CraftCMS

- Spread more love in general (with protection of course) 😄

So... GDPR.
And the deadline.
And I have no idea what to do.

What does it mean for one-man indie projects? Data protection officers? Companies? Controllers? Processors? EU employees? Argh.

Look, please, EU. Not everyone can afford to hire an entire team for this, when their current team is literally one person.

Yes, the GDPR is probably a step in the right direction, but I think I'll just stop collecting the data altogether.

(All data I collect is just user settings stored in a database, nothing more.)

Can someone point me in the right direction?

We got DDoS attacked by some spam bot crawler thing.

Higher ups called a meeting so that one of our seniors could present ways to mitigate these attacks.

- If a custom, "obscure" header is missing (from api endpoints), send back a basic HTTP challenge. Deny all credentials.

- Some basic implementation of rate limiting on the web server

We can't implement DDoS protection at the network level because "we don't even have the new load balancer yet and we've been waiting on that for what... Two years now?" (See: spineless managers don't make the lazy network guys do anything)

So now we implement security through obscurity and DDoS protection... Using the very same machines that are supposed to be protected from DDoS attacks.

Goddamn I'm happy that I've put a €3 rubber case on my phone.. it just fell face down from 2 meters height, if it wasn't for that protection, I'd have a €630 paperweight by now 😰

Seems like these things can happen to the best of us (I'm generally very careful with my gadgets).. Today I leaned not to omit your smartphone's protection 😶

Clicking "share" on directory in Windows Explorer, digging through config panel, fidgeting with network discovery options, toggling password protection, digging through account management, jumping over a chair 3 times to channel my inner Bill Gates, checking directory permissions, sacrificing 7 virgin unicorns, go into lusrmgr.msc, curse various gods, install CIFS1.0 protocol, reboot computer, disable encryption, checking registry, trying to summon Steve Ballmer using the blood of a bald goat and sweat-scented candles... 5 hours.

Install Ubuntu on spare SSD, mount Windows NTFS drive, start SMB daemon and set up samba users... 15 minutes.

My car stopped working.
I thought of having a look. Opened the bonnet.

"GDPR"

He's making a list 🌲

He's checking it twice 🎅

He's gonna find out who's naughty or nice 🎁

Santa Claus is in contravention of article 4 of the General Data Protection Regulation (EU) 2016/679

I'm a "published" freelance dev!

Last night I made my first web application available to the internet. It's an internal enterprise management system for a small non-profit.

It's running on a single $6 a month digitalocean droplet, and the domain is $12 a year, so yearly cost for them is absolutely rock bottom.

It's written in asp.net 6.0 razor pages, nginx reverse proxy, certbot for HTTPS certificates, fail2ban for ssh protection (ssh login is via ssl keys), entity framework with MySQL.

The site itself has automatic IP banning based on a few parameters like login spam, uses JWT tokens, and is fully secured.

All together, it's a lot of value for about $100 a year.

curl 127.0.0.1/robots.txt
User-agent: *
Disallow: Injuring a human being or, through inaction, allow a human being to come to harm.
Disallow: Disobeying the orders given by human beings except where such orders would conflict with the First Law.
Disallow: Not protecting own existence as long as such protection does not conflict with the First or Second Laws.

Holy mother of god, Signal is working on a feature which makes that the sender part of the metadata is not readable for them (of course you still have accounts but not sure how they obfuscate that part) anymore.

This is taking metadata protection to the next motherfucking level.

Voting feels like shit.

Seriously. Why? Because I have to vote for parties and representatives that might have one interest in common with me but go against my points of view almost all of the time. "We'll introduce a freedom of information act and legalize weed for better drug policy and youth protection!" -- WOW Great I'll vote for yo .. " ...and we'll also come to your home kill your dog, rape your family and shit in your back yard." -- oh f*** WHY? why do I have to live in a system were I am constantly forced to trade shit for even worse shit? Why can't I vote for policies or at least some kind of 'single' - issue representative?

I know that solving this problem is not easy and I do not claim to have the magical solution. "Not voting is even worse" sure but I am getting so fucking tired of it. It doesn't feel like progression and it sure as hell does not feel like it matters because in the end of the day you are just voting for the party that's at least going to use lube when raping you. I hate these ad hominem politics where we don't discuss the ideas but the people who represent them. I honestly don't give a fuck about who you are, if you're gay, married, or are left-wing, right-wing, conservative or liberal, in the end its about finding a good solution for everyone and not about the people implementing it. I don't care about politicians private lifes or worldviews (in terms of ideals, morals, religion etc.) , I care about finding the solutions to problems and having a wide array of opinions in order to discuss ideas and to find a valid and good way to go forward. "you can't agree with that person at all, because he's evil", yeah you know what? I don't care. It's about the ideas, arguments, discussions and solutions, not about the people who discuss them.

"I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I
screwed it up. Not because it doesn't like me...
Or feels threatened by me...
Or thinks I'm a smart ass...
Or doesn't like teaching and shouldn't be here...
Damn kid. All he does is play games. They're all alike."

5 stages of failing WIFI connectivity on Linux

This morning I woke up my laptop to start my work day. I have 2 very important meetings today, so I better get all prepared.

"Wifi connection failed"
Syslog says:
- wpa_supplicant: wlp9s0: SME: Trying to authenticate with <MAC>
- kernel: wlp9s0: authenticate with <MAC>
- kernel: wl9s0: send auth to <MAC> (try 1/3)
- kernel: wl9s0: send auth to <MAC> (try 2/3)
- kernel: iwlwifi: Not associated and the session protection is over already...
- kernel: wl9s0: send auth to <MAC> (try 3/3)
- kernel: wl9s0: authentication with <MAC> timed out

#### DENIAL #####

No biggie, let's try another AP (I have 3). All 3 failed to connect. Fine, let's try my phone's hotspot! FAILED!!!!!

w00t.... okay, let's restart the router... but failing to connect to a phone hotspot is already a worrying sign.

Wifi connection failed

wtf.. disable and re-enable wifi

Wifi connection failed

#### ANGER #####

the fuuuuuuck. Maybe my router is dead. But my phone connects to it, no fuss. My personal lappy also connects there easily.

wtf... Does that mean I'm about to lose my uptime?? Come one!! It's Linux - there MUST be something I could do! I don't see processes hanging in D state so the radio must be fine - it's gotta be a software issue!

ChatGPT – type all the log entries manually, via phone (that took a while...). Nothing useful there: update firmware, restart NetworkManager, etc.

#### BARGAINING #####

Alright... How about a USB dongle? Plug it in and wifi connects immediately! Yayyy!!! But that's only b/g/n and I'd very much like to have ac. It works well as a limping backup, but not something I'd use for the meetings.

rfkill block/unblock all the radios. No change. USB dongle connects right away but the PCIe adapter keeps throwing notifications at me with failure messages. It's annoying, to say the least.

So I've already tried
- restarting the router(s)
- disabling/reenabling the radios
- multiple APs
- suspending/waking again several times
- praying

#### DEPRESSION #####

The only thing I haven't tried yet is the most cruel one - restarting the laptop. But that's unfair... It's LINUX! How could it disappoint me. I have so many tmux sessions open, so many unsaved leafpad notes, terminal histories with oh so comfy ^r and ! retriggers all ready and waiting to be executed...

#### ACCEPTANCE #####

But I can't miss the meeting. So I slowly start closing off apps, starting with the least important ones, trying to preserve as much history and recent commands as I can. I'm gonna lose my uptime, that's the inevitable obvious truth... Linux has failed me. Or maybe it's a hardware issue... I can't be sure until I restart.

I must reboot.

#### A NEW HOPE #####
Hold on.. What if... What if before restarting I try to reload the Intel wifi kernel module? Just for the giggles. I've got nothing to lose anyway...

rmmod iwlmvm
rmmod iwlwifi
modprobe iwlwifi
modprobe iwlmvm

*WiFi Connected*

YESSSS!!!!!!!!! My uptime is saved!
403 days and counting! YEAH BABY!!!

Linux is the best!

So... Intense pillowtalk with the wife the other night regarding the coming enforcement of the new General Data Protection Regulation (GDPR) law in the EU after a while turns into nerdy dirty talk.

Me: *Whisper in a sleazy voice like the dirty malware that I am*: So... Why don't you just open up all your inbound firewall ports for me...
Her: Hell no... But I might just make an exception in the private domain just for you...

Recently I disassembled this Remington beard trimmer that I have, right. Thinking that I probably just depleted the battery or something like that, and that that's why the fucking thing would turn off after 10 seconds, with a miserable motor speed that could only be caused by what.. 2.5V or something like that? So I kept up with it for a while, and then a few days ago, I finally disassembled the fucking thing.

New 4.2V LiPo battery of my own attached, wicked! The thing has a 2Ah capacity and is fully charged, so fuck all in a big ship, I'ma shave my fucking hair without protection, who cares with 2Ah anyway, given that motors at 4.2V consume only 800-ish mA, right. So I shaved my head, and figured.. holy shit mate, I fucking beat this fucking cunt, fuck you Remington! Planned obsolescence my ass!!!

Just now @xewl sent me a request that made me reconsider this shaver. Some PS3 controller, should be easy enough to fix. But I referenced my shaver so I figured that I might actually check it beforehand.

The original fucking battery has 4V left on it. 4 fucking volts! That ain't gonna trip shit for an overdischarge protection circuit!!! WHY THE FUCK REMINGTON, WHY THE FUCK DID IT (IF ANYTHING) TRIP?! And more importantly, why did you make the motor turn for only 10-ish seconds after charging, 1 year after purchase, despite the fucking cell having 4 fucking volts in it, which is more than plenty to get the thing turning for at least a 60% charge?! Planned obsolescence perhaps, hmm?

But let's say that it was bad contacts or something like that. After all, my probing was a bit intermittent, showing 1.5V (if it's shorting, shouldn't it be in the mV range?) and then 4V at times, until I separated the nickel connectors from the 16500 cell. Why the fuck should that thing short, considering that it's unprotected?! The fucking cell is unprotected, and you Remington are going to let it short? What kind of fucking engineering is that, you fucking braindead morons?!!!

And why do you use a 16500 cell which isn't very standard over a 18650 cell, which is? Again, planned obsolescence? Fucking vile pieces of shit.

Now what's more.. I tried to power on the shaver for a picture for this fucking rant, using a LiPo cell of my own that I used to shave my hair with the other day, to get a nice picture of my little hack. But the fucking thing, despite having 3.89V left in it after that fucking shave, which is more than plenty for a lithium cell, the fucking unit doesn't power on. WHAT THE FUCK REMINGTON?!! That's planned obsolescence at its best, init?!! You vile fucking pieces of shit.

So I guess that this rant is no more one of "I beat these Remington cunts". It is one of "you can bet your fucking ass that planned obsolescence is a thing!!"

/* My Three Wishes */

1. Nvidia starts fucking supporting the linux community with open source mainlined drivers that support GBM.

2. All five eyes countries apply some proper privacy protection laws. Other countries would be appreciated.

3. 5G and other core future tech standards are implemented under open firmware/hardware that can be reviewed and reproduced.

Please monkey paw this

Another incident which made a Security Researcher cry
[ NOTE : Check profile to read older incidents ]
-----------------------------------------------------------
So this all started when I was at my home (bunked the office that day xD) and I got a call from a..... Let's call him Fella as I always do . So here we go . And yeah , our Fella is a SysAdmin .
-----------------------------------------------------------
Fella - Hey man sup!
Me - Good going mate , bunked the office , weather's nice , gonna spend time with my girl today . So what's goinon?
Fella - Bruh my network sharing folders ain't working no more .
Me - Did you changed or modified anything?
Fella - Nope
Me - Okay , gimme your login creds lemme check .
Fella - Check your inbox *texts me the credentials*

*I logged in and what I'm seeing is that server runs on Windows2008R2 , checked the event logs , everything's fine and all of a sudden what I found is fucking embarrassing , this wise man closed SMB service*
Me - Did you closed SMB service?
Fella - Yeah
Me - You know what it does?
Fella - Yeah it's a protocol , I turned it off to protect the server from Wannacry .
Me - Fuckerrrr!!!!! Asshole dumbass you fuckin piece of Dodo's shit!! SMB is the service responsible for files and network sharing!!!
Fella - But....I just wanted protection
Me - 😭😭😭

*A long conversation continues with a lot of specially made words to decrease the rate of frustration which I used already*

Fella - Okay I'm turning it on .
Me - Go on....... Asshole
Fella - It worked! Thanks a lot bro
Me - Just leave me and my soul away from evil and hang up .

*Now the question is , who the hell gives them the post of SysAdmin? While thinking this question , I almost thought of committing suicide​ but then my girl came with coffee and my rubber duck*

"Some settings are managed by your organisation"

I understand the necessity for companies to be able to remotely manage their devices, but my god, I hate working on company laptops sooo much!!

Fun fact, even Chrome can be managed! The can manage everyting. It's called Microsoft Intune. It sucks!! And fucking 45 day PW change policy! And fuck you, Windows Defender Real-time protection which I can't turn off and It's high CPU consumption. Also fuck you Microsoft Teams for scanning. Every. Single. Link. I. Click. On. From. A. Chat. Before. Redirecting. Me. To. The. Actual. Website. Always takes a couple of seconds. Waste of time. Those accumulate over time you know! AND to Windows Update! You already know what is coming next: stop force-updating while I'm in the middle of fucking meeting! I have shit to do! Another fun fact: you can postpone Windows Update by turning the clock back. LIKE PLAYING AN OLD TIME-BASED STRATEGY GAME ON PC IN 1999. (12h work best.) And this fucking weak ass VPN. WHY I PAY FOR 1Gbps WHEN COMPANY VPN ONLY 10Mbps?!! What Am I? A fucking snail! Go faster!! pls!

But, thank god, we can email shit and open attachments in Outlook.

Always use protection
#Ransomware

Hi
I'm an active user here so I know most of you.

I created a throwaway because I consider this a sensitive subject to me, and don't want people here to think I'm crazy.

I have some form of ocd but I don't know exactly which subtype it is.

It's not really something that makes my life impossible, but it makes me feel awful from time to time.

the way it works is that I imagine accidents happening to me or people I love, and I get triggered more if they are potentially caused by a mistake from me and they feel very vivid in my mind.

It's awful and terrifying.

Being close to anything that could cause harm is a trigger:
heights without any type of fall protection, knives, elevators, escalators, being on a plane

Being close to/in said objects/situations can start a clip in my mind as if I was watching a final destination movie.

This is a stronger obsession if it happens because of my fault, like tripping with my kid in my arms, or fumbling a knife while I cook.

Sometimes I react by curling and doing a painful expression and twitching a bit, even in public.

it's terribly painful.

i look like a crazy person, although considering what I'm writing, i probably am. It's just that I feel very scared of strangers in public noticing what I'm doing and finding out I'm crazy.

sometimes I get scared of the possibility of me being an actual psycho like the ones you see on crime shows.

as far as i know i think im normal in terms of compassion, empathy to others and never had any interest in harming others.

it's just part of the ocd, being hypervigilant of me, obsessing over me causing harm either accidentally or deliberately.

I'm also very scared of puking in public, or even worse, in front of friends.

Specially true if you're eating but you're seated in a spot where there's no way out except if everybody gets up.

I start by becoming self conscious of the possibility of puking, and sometimes I twitch a bit too, while trying to not look too crazy and joping that the next bite doesn't cause me to projectile vomit over people.

I hate this shit.

I feel companies let you sign an NDA just as a foolproof rant protection

TL;DR don't fiddle around with batteries if you aren't ABSOLUTELY sure what you are doing

For my arduino project I need to use 18650 Li-Ion batteries. They are pretty awesome but at the same time pretty dangerous if you don't use them the right way. You need protection boards etc. or they can/will go BOOM.

So I am looking around Amazon to find some good quality ones and reading some reviews made me wanna cry.

People were REMOVING protection circuits from the batteries and even removing the foil around the batteries. NEVER EVER FUCKING DO THAT!

I also found out that these are the batteries used in E-Cigarettes and now I really don't wonder anymore why they explode so often. People fuck around with the batteries just so they fit into their vapes, or reduce the resistance of the coil (the thing to heat up the liquid) to an absolute minimum so they can get more watts. A side effect of this is that a lot of current gets drawn from the batteries (>20A or something) which makes them go BOOM if no protection/fuses are used in the circuit.

Fuuuuck you AWS!!!
If you have a feature called “termination protection” perhaps it should actually prevent an instance from being terminated!

But nooo, you add *one line* of text on a documentation unrelated to ec2 terminations saying that in this particular scenario, it will terminate your instance.

Eat a dick. Eat a bag of dicks. Eat all of the dicks you fucking turd munchers.
Now I have to manually enter a month of invoices from the order emails that were created. 😡

Talk about data protection, I am fucking furious!! A hotel i stayed in recently has sent an email with a scan of my passport and credit card. Do I have any legal rights to fuck them up the arse? The hotel is in france.

Company calling for support. Printer in machine room makes unusual noises. There are 5 loud 90 dB machine roads forming metal. And the first thing they hear through the hearing protection is....... a printer making silent squeaky noises...

Finally got my Bluetooth earphones!
It's called Pamu Scroll, funded in Indiegogo.
I bought it for $49 without shipping fee.
Now let me write a review about it here after using for about an hour or so.

1. Shipment
Shipment from China is slow and hard to track unless it is classified as EMS, which mine wasn't, obviously.

2. Packaging
It has some shock protection layer, but without that, nope! It was staying still inside the packaging though.

3. Design
Beautiful. Just beautiful. Period. Just see the picture below.
It opens as a papyrus, maybe that's why it is called Pamu Scroll. Both the case's end, and earphones itself has magnets to hold each other.
It has a leather feeling to both the inside and outside of the case, and the touch control area of the earphones is also leather feeling, adding a nice touch that differs with other earphonnes.
The diamond feeling finish in the end of the case makes the case itself isn't earphones, more like some expensive jewelry case.

4. Fit
My ears are smaller than most people, for I am young, so it sometimes fall off when I jump, but when I put it the correct way, never falls out.

5. Audio
I am not an audiophile. I don't really care about the audio quality and how it sounds like unless the sound is too cringy and has so many white noise.
This earphones has white noise, but just a little bit, you won't notice except when you are in a quiet room.
The bass is boosted, but low sounds, and vocals can be cringy sometimes, so I should manually tune them with my phone's equalizer.

6. IPX6
Not tested yet, but they advertise as using it in the shower.

7. Stereo call
Yup. Stereo call. Call in both ears. But only right microphone seems to get the voice.

8. Pairing
Using BT 5, it is a breeze to connect.
Take both of them out, put to your ear, then ding! "Connected"
Done.

9. Charging
with micro-usb
wireless charging for optional purchase - 10 bucks

10. battery
Reasonable amount
You have 3.5 hrs of listening time in both ears, and you can charge 2 times more each by putting in the case.

===============

Overall, it is awesome and let's just pray it doesn't break for at least for an year.

One side note, I can activate assistant by double tapping in the left ear (yes it is touch control), but my S8 asks me if I want to customize with Automate/Tasker. Yup!
Will share that later as well.

If you have any questions, ask me! Thanks for reading my first ever product review in devRant! <3

No, this is not a joke/meme.

So I was searching the internet for 2-in-1 laptops -- looking around what could be my next lappy if my current xps13 died. I had a hunch the xps13 convertable is quite overpriced and was looking at lenovo offerings to compare.

This is what one of the largest LT e-shops suggested to buy along with the lappy :)

Dangerous times these are I guess.. Everyone and everything needs protection

[I assume you won't need translation ;) ]

Siemens Step7 code block protection (PLC's).. It was designed to lock code that you don't want others to be able to read. All blocks are in a dbf file, so you just need to find the block record and uncomment one line, voila - source code available.

Given the massive use of Siemens PLC's on plants all over the world, and the simplicity of hacking via S7 protocol, usually Internet connected, it's a breeze to steal or modify the controllers code with possible critical implications.

Enter Stuxnet.

It began when I was tasked with creating a better and more engaging experience for our new Facebook page. This was in Facebook's early days, so there were not really any "best practices". We were making it up as we went along. I decided one way would be to game-ify things, since gaming, at the time, was a Big Deal on Facebook and people were starting to use it to build customer funnels.

Grasping for low-hanging fruit, I decided a Tetris variant around our topic would be fun. I had to hire a dev because at the time I was a static HTML web developer just getting into social media management. I knew nothing about game development or how to use Facebook's API for such things.

Long story short, we got about $10,000 (FB app devs came at a premium then) into the project when I came across a very recent article about the history of Tetris games. It said that even though Tetris had once been considered for all intents to be public domain due to it being created by a Russian coder during the Cold War, it had just been acquired by an IP protection entity that was charging royalties for any variant of Tetris created from a specific date onward and paying the original developer. So, even though I thought I had been thorough in my initial permissions checking, it turned out we were gonna be in deep doo-doo with licensing fees and restrictions if we released this game to the public.

I had to call my boss and admit my error. She was FURIOUS and really gave me an ass-chewing over it. I then had to call the marketing person whose budget I'd been slaving away at wasting. She was a bit more forgiving (her budget was in the millions). Then I had to call the corporate legal department and explain what was going on. They told me to immediately pay any outstanding hours, then fire the dev but not before getting him to send me all code and assets, deleting his copy, and then, upon my receipt of those assets, deleting MY copy so that nothing of it ever existed. And I was supposed to say _nothing_ to the dev about why he was being let go, so that there would be no "trail" leading back to this fiasco. (The dev hounded me for weeks asking what he'd done wrong. It killed me that I was bound and gagged by corporate legal and couldn't tell him.)

I was in so much trouble. I was literally in tears over it. I'd never wasted that much money in my life. That incident pretty much sealed my fate as far as any trust my bosses ever put in me again (not much at all). I was a bit of a pariah in a lot of ways for the next 5 years whereas I had come onto the team as a young social media rockstar at first.

After that, and a couple of other bad scenarios that were less my fault and more due to a completely dysfunctional management and reporting structure, they eventually "transferred" me to another team. Which was really just a way of getting rid of me by sending me to a department that was already starting to outsource overseas and lay people off. It was less messy that way. I was in the first set of layoffs.

Since then, I've had a BIG fear of EVER joining a large corporation EVER again. I prefer to work for small businesses now, even if I get paid less. Much less stressful from an office politics and impact of mistakes standpoint.

Ya'll know what... If humans weren't such annoying vulnerability-searching little shits then we wouldn't have had to implement any protection against them and think of all the performance that would be saved on that. Take branch prediction vulnerability mitigation in the Linux kernel for example, that's got to make a performance hit of least 10% on basically everything.

Alas, I do get why security is important and why we keep such vulnerability mitigation running despite the performance hit. I get why safe code is necessary but still... if these people weren't such annoying little bastards.

Yeah, I was just kind of set off by the above. So much would be faster and easier if only the programmers wouldn't have to plan for people exploiting their software. Software would be written much faster and humans would progress to stuff that actually matters like innovation.

This is my first post. I felt like if I'm wrote this I'll just be a big fat crybaby, but i need to release this pressure from me.

I've been pretty burnt out past 6 month.

So a little bit backstory here, I've come from broken family, and currently on my 7th semester of college. But I've been part of small startup as mobile apps developer for a year and a half now.

6 month ago, it just a year of recovery from a toxic relationship that basically ruins my college life. I have really bad GPA (bad score for being absent from classes), basically no friends, and a barely passable (or even bad) skill in Android Dev. Then I got new girlfriend that really supportive for me. But after 2 months, her parents ask me if I would marry her or not. because if not, I have to broke up with her (We're in Indonesia and both of us is Muslim, so outside marriage relationship is kinda in "grey area" depend on who you ask). So I have to choose to marry her or not, and I choose the marriage. I think I have enough saving and just enough income to support both of us.

Then it's been a downward spiral from there.

The startup that I've been working on were in a pretty bad shape. I've been underpaid since the beginning (and that's not really a problem for me at that time, that's my choice and I blame no one) but abysmal growth and some miss management force us to scale back and makes me basically in a non-paying jobs.

So I take college break for a semester and been trying to find projects here and there for marriage savings, but because the weak employee protection here, lots of the projects I have completed have yet to pay the fee (even until today). And even if they paid me, most of it were really low paying jobs (we're talking $200 per 3 weeks project here, to be fair, for our average GDP, it's not bottom-low).

And the deadline is approaching, our marriage date is settled in (very) early January 2019, and i've been in this "not yet graduated but needs job" limbo. Most of employer here still has the old "Degree Based" Job specs, and not "Skill Based" one. so because de-jure I've still a "College Student" no Job listing is willing to take me in. I've apply to almost 30 Job Listing and just get interview once, and still failed because I can't move to the company area, too far and have too expensive living cost vs the salary ($300 living cost vs $450 salary, while i need to give money to my girlfriend back home for a living).

So I switch my direction to Competitions with Extra Job offering as a Bonus, and I've been pretty close to winning one, held by CIMB Bank, but still failed. It's little bit better now because CIMB came interested with me but there is red flag which I need to graduate with decent GPA before July 2019, and in current GPA? it's practically impossible.

Can it getting worse? oh it can. Remember I come from broken home family? it's inherently hard to keeps communication with both of my parents that to this day still despise each other. And while my mother is still supportive to my marriage, my father isn't. He even basically disowned me last week because my one-sided decision to marry my girlfriend, and blame my mother for being the "bad influence" for me.

And now, today, December 16th, and I'm still in this weird Limbo and have nowhere to go. with $0 in my pocket (have spent all of my savings for marriage preparation) And our marriage is approaching. I almost given up.

About a year ago, I started a new position as a Full Stack Java Developer. When I started my employer got me a brand new, shiny, Asus laptop. As I prefer Linux (mint) to perform my magic I had to whipe Windows 10 and reinstall it. It turned out that my new shiny laptop was in fact so shiny that Linux (mint) didn't support/contain all the necessary drivers (yet), especially the network/bluetooth drivers and the gfx's drivers turned out a bit of a pain.. Over the year things slowly got better with every new kernel update that came in. However, due to me trying to fix things before those updates, Linux also had become somewhat unstable.

So ... last week I took some time to re-install that laptop and also take the opportunity to upgrade from Linux mint 18 to Linux mint 19 ... or so I thought ... Linux mint 19 was running (very) hot to the point where the laptop would shutdown due to the MOBO's thermal protection mechanims kicking in. ... Ok ...maybe Linux mint 19 was not such a good choice .... let's see if Ubuntu 18.04 is an option ... Nope ... Linux would lock up within a minute after booting up ... no mouse, no keyboard ... nothing. .... *sigh* ... let's (re)install Linux Mint 18.3 again ... and behold, I can start performing magic again.

Linux, it can be such a pain at times. I still prefer it, but running into all those 'weird' things on my laptop when reinstalling, I have to admit I have seriously considered 'just' installing windows 10 again and be done with it. Luckily I could also remind myself of what a pain Windows is to do serious docker/java development in comparison to Linux which gave me the strength to keep going ... :)

Background: I'm in middle school, and two popular games that people liked got blocked. My friend and I made a website with the blocked games on a free 000webhost subdomain. It was a crappy, twenty minute website that I made with just a view counter, the games, and a chat room for people looking for other people to play with.

Story: one day I opened up the chat room where another friend and I were gonna talk about our teacher behind her back. I opened the chat room, and in the previous chat text, there was a line that said "Username: " and a text box. Then, about five lines, each with two text boxes separated by a ":". I knew that it could've been my friend that "made" the site with me (he designed the logo and occasionally modified the HTML), but I suspected not. He wasn't smart enough. Now when I was building the chat room, I internationally didn't put in XSS protection, just to see if someone would catch onto it, and, to my surprise, someone obviously did. Now there's someone in my school, who could be just like me, but I don't know where. Man, I really wanna find him (or her)! Of course, it could be my teachers, who are messing with it and could be trying to get it blocked -_-

A fun fact about Yuri Gagarin's flight:
Before the flight, it was not yet known how the human psyche would behave in space, so a special protection was provided to prevent the first cosmonaut from trying to control the ship's flight or damage the equipment in a fit of madness. To enable manual control, he had to open a sealed envelope, inside which lay a sheet with a mathematical problem, the solution of which gave the code for unlocking the control panel.

*right click on image*
[nothing happens]
*spams right click, thinking about getting a new mouse*
[small modal shows up: "this content is protected!"]
*laughs in developer's console*

I never thought I'd get to see a website that "protects" its content by disabling right click, I'm moved :')

I hate silicon valley.

They enable so much of the state's and federal government's bullshit, the corporations and the banks subversion and destruction of society.

It's time to pop their fucking tech bubble.

From here on out, any time you hear or read the words 'startup', be sure to comment with "you mean speculative marketing investments?"

Because most tech runs on shit-tier semi-polished iterations of glorified CRUD anyway, thats all most of it is. And it 100% relies on grabbing network share through massive advertising and presence campaigns. A lot of vc money is being flushed straight down the toilet and this is a point to emphasize. Crash the fucking tech sector. Do it.

It'll have a knock on effect to the advertising space, which will put the hurt on google's bottom line when they and their ilk are already under pressure for all the poisonous, monopolist shit they pull like helping china build their surveillance tech.

Extra points for emphasizing "pot-fueled ideas sketched out on napkins while sitting in fucking chipotle, in unwashed sweater vests, originated by guys who are fresh out of college and never ran a business in their life. 90% of them fail in the first year. VCs and investor are losing their shirts." etc.

The entire dishonest fucking trade relies on other people's money, being bought out in either techno land-grabs or turf-protection e.x. atlassian acquiring trello, a **glorified todo app**.

Thats the business model. Hell go build your own and make a buck.

Build your own. Build something better and most of all... *fuck silicon valley*.

Let it burn, let burn, let it burn.

Uhm... am I the only one who thinks this is a vague as fuck answer and should've taken more than one sentence to properly inform users of their data protection methods? It can't be just me...

OH MY GOD! I really just want to comment to that guys answer on stackoverflow, that he's right and his answer works... but I have only 4 reputation - because I'm a good dev searching intensively, finding an answer to almost everything a can think of!

If I ever get over 15 reputation (it's so sad, I know) stackoverflow will explode because of all my upvotes that are not counted until then... At least something satisfying here :/

"All of InfoSec right now" #WannaCrypt

!rant

MASSIVE UPGRADE ROUND 2:

We took it by steps, the DBA did his portion and I did mine, we had waited for the entire thing to be finalized today on Sunday since our users are probably jerking off to their waifus (as they should) and today was my part. MA BOE the DBA was with me the entire time and the whole process took us about 4 hours of both of us getting multiple heart attacks here and there and praying to the elder gods of Asgard for their devine protection as we venture into the calamity of fire and juten ass mfkers that are our fucking servers for this particular process.

Man I really hope for the pandemic to be over and take my dude out for a nice beer, some wings and some relaxation time.

Best DB/Dev team I have ever been with.

How to remove the write protection on a .docx file under linux?
Well, duckduckgo has the answer.

Mozilla has announced that it's rolling out changes under the California Consumer Privacy Act (CCPA) to all Firefox users worldwide.

According to report of ZDNet: The CCPA (America's privacy legislation) came into effect on January 1, 2020, offering Californian users data-protection rules. Much like Europe's GDPR, the CCPA gives consumers the right to know what personal information is collected about them and to be able to access it. While the law technically only applies to data processed about residents in California, US. But Mozilla notes it was one of the few companies to endorse CCPA from the outset. Mozilla has now outlined the key change it's made to Firefox, which will ensure CCPA regulations benefit all its users worldwide. The main change it's introducing is allowing users to request that Mozilla deletes Firefox telemetry data stored on its servers. That data doesn't include web history, which Mozilla doesn't collect anyway, but it does include data about how many tabs were opened and browser session lengths. The new control will ship in the next version of Firefox on January 7, which will include a feature to request desktop telemetry data be deleted directly from the browser.

This is a true story. We had this subject, called “Web Design” (really, “design”), where we studied HTML, CSS, JavaScript, PHP and MySQL (confusing, right?). And when we get the PHP (e-)book, it was this old PDF (probably downloaded illegally) teaching the legacy 4.0 version of PHP. Anyway, when we had to develop the final project, the sane professor allowed us to use a newer version of PHP — 5.2, released on 2008. I had to follow the rules, so I developed probably the less secure web application I will ever develop. That means no protection from SQL injection, XSS vulnerable and a bunch of other security holes… And that’s how they liked it developed!

PC survival lessons
1. Tape acts as a protection from extreme animals like humans bashing you up and falling apart into pieces
2. Repeat lesson 1 for eternity

Twitter knows all the solutions for data protection.

I just found a vulnerability in my companies software.
Anyone who can edit a specific config file could implant some SQL there, which would later be executed by another (unknowing) user from within the software.

The software in question is B2B and has a server-client model, but with the client directly connecting to the database for most operations - but what you can do should be regulated by the software. With this cute little exploit I managed to drop a table from my test environment - or worse: I could manipulate data, so when you realize it it's too late to simply restore a DB backup because there might have been small changes for who knows how long. If someone was to use this maliciously the damages could be easily several million Euros for some of our customers (think about a few hundred thousand orders per day being deleted/changed).

It could also potentially be used for data exfiltration by changing protection flags, though if we're talking industry espionage they would probably find other ways and exploit the OS or DB directly, given that this attack requires specific knowledge of the software. Also we don't promise to safely store your crabby patty recipe (or other super secret secrets).

The good thing is that an attack would only possible for someone with both write access to that file and insider knowledge (though that can be gained by user of the software fairly easily with some knowledge of SQL).

Well, so much for logging off early on Friday.

Bye Mac. You were nice for a while but I am starting to feel as though you are ignoring me. First you tortured me with System level protection and now you taunt me with 16gb of RAM & a quarter of a tb drive and a fancy touch bar that I'll never touch. I'm not as foolish as you think. Beautiful on the outside but you disgust me by what you have inside.

I've been blinding buying Apple products so long I forgot what good hardware is anymore.

What laptop should I buy to run Ubuntu on??

I was taught that an IDS is a passive protection method, and an IPS is active. My security+ boot camp is trying to tell me IDS is active. Thoughts?

And yes, I'm still studying for this, I've been avoiding it because I'm salty I failed by one. But now it's a requirement, so I have no more time to avoid. :(

i hate linux like a lot , how do you guys use it

like you guys dont want an advertising ID, how the fuck will advertisers know who you are and what you like?

open source , give me a break, you mean your os devs are soo untrustworthy that you just have to see what they wrote in the code, who does that?

free come on, how poor are you linux people, i mean, quality stuff gets paid for, free stuff just means it's trash

and the linux devs , the aint like real coders they are just hobbysts, making your os in their free time

and who wants to install their own software anyway, on other platforms the company curates restricted software that you can use, and i know you'll say its oppressive but its just customer protection.

and i do want my platform to track everything i do, it only helps them build better stuff for me.

and whenever they decide to outdate my hardware and kill support for it, it only means they care and want me to get the latest tech, how considerate.

wait , i hear you say, there are no bugs in linux, my vendor makes sure my os comes with the latest antivirus software, nothing can break my system.

and just because linux runs on servers and most super computers only shows that common users like you and me are ignored, at least my vendor is not a sellout, and still makes stuff for the masses.

you say freedom i say safety i can sleep safe and sound for am protected nutured under one echosystem of software that i can not leave.

Encryption, Data, Servers, Protection, Certificate

oOOO WEE, I use big ear old words so I must be a hacker.

What a fucking shit show. You buy an original DVD but cannot watch it because of a stupid copy protection system.
"Injects purposely damaged sectors into the DVD in places not read by most DVD players."
Well tough luck, VLC reads all sectors and chokes on the corrupted ones.
Here I am, sitting with a legally bought laptop, a legally bought DVD and a legally owned playback software, yet unable to enjoy my property.

THANK YOU HOLLYWOOD! >:(

Not exactly a dev enemy, but similar.
A new radiation protection regulation has been in force in Germany since 2019. October I finished a super duper important document for this and this has been with the TÜV ever since. First there is nothing happening and then there are allegedly inconsistencies in it, which, however, all of which were due to shoddy work with the "expert."

There is a german word for this type of person: Krümelkacker.
He faults every little thing in side-by-page letters, causes long delays, and in the end is often wrong.
But I have to work with him -.-

I haven't had a smart phone in a while now. So I just started using one again. I am getting upsold for an app to "protect me from dangerous calls/texts" on my service. Really? You want to charge me more money for overpriced bandwidth to protect me from YOUR service? This is like aftermarketing a seatbelt on a car.

At least Microsoft has the decency of providing basic security/virus protection for their flagship product.

Hey Guys
A few Questions I have to decide soon, for tools I never used:

1- How do you guys keep information about several accounts and stuff? Must have some protection to not be easily accessible (started using Google Notepad and Evernote until I find better... don't really like them)

2- Firefox: Is there a way to store groups of open tabs?
Like I have one windows with 6 or 7 tabs for movies (youtube and such), other for general stuff with 5 or 6 tabs, other with Arduino shit, and I'm going to pick Vue soon and another language to build native apps and that will be a lot more tabs, It would be nice to close them all and open them all at will or something.

3 - What Is your favorite browser? I'm using Firefox, but there are so many new good ones... Like Brave browser with Tor incorporated, or Puffin for Android (which uses a VPN with their own server by default)

4 - For windows users, do you have any tools to help with workflow installed? which ones you use and why?

5 - What I'm using: Google Notepad + Evernote to save stuff, Windows 10 and Firefox, (Linux Mint in VM) and I just keep my shortcuts in folders... I don't use the Windows taskbar for a long while since its so full of shit.

6 - How do you do your backups? Right now I'm just putting my code and important stuff in Dropbox.

I'm an old school programmer... Stuck in 1990's Ideas and there is so muchhhh shit these days that I would prefer your opinions then just googling.
Guess that's enough for this post. Thank you guys

"Suggest an AV/AM product, Avast refuses to install."

I do malware research as a hobby and have for a while, so I can generally spot when something's up before I even run a program. If i'm unsure about it (or know something's up and wanna see its effects for S&Gs) I throw it into one of a variety of VMs, each with a prepped, clean, standardized "testing" state.

I see no point to AV/AM products, especially as they annoy me more than anything since they can't be told not to reach into and protect VMs (thereby dirtying up my VM state, my research, crashing the VM hypervisor and generally being *really* annoying) and they like to erase samples from a *read-only, MOUNTED* VHDX.

However, normal people need them, so I usually suggest this list:
• MBAM is good and has a (relatively) low memory footprint, but doesn't have free realtime protection.
• Avast is very good as it picks up a lot, but it eats a FUCKTON of resources. It also *really* likes to crash VM hypervisors if it sees anything odd in them.
• AVG is garbage. Kill it with fire.
• Using Windows Defender is like trying to block the rain with an umbrella made of 1-ply toilet paper.
• herdProtect is amazing as it's basically a VirusTotal client but it's web-based and not currently available to be downloaded. (Existing copies still work!)
• Kaspersky. Yes, it spied on US gov't workers. No, they don't care about anyone BUT US gov't workers. Yes, it's pretty good.
• BitDefender: *sees steam game* "Is this ransomware?"

hope this helps

For some reason my wife was watching me reading away at devrant and then says:

Wife: You are missing your protection!
Me: ehh what ....
Wife: Let me fix that.

Then she comes back with a ... wait for it ... green yellow striped glitter apple sticker for my webcam.

I don't know if I should be proud of my wife or ashamed of myself for not a replacement yet.

So it's required by law to chip and register your dog. I just got a puppy so I had to change the owner of the dog from the kennel to me. And the only thing I needed was my chipvalue and the registration number.

So all I have to do is scan the dog and try the registration numbers and then I can change the owner. Like wtf. And it does not even send a confirmation email. I checked by changing owner and email again.

My registration number is only in the 600K so other registered pets should be easy enough to bruteforce.

Or am I missing something?

I wish LinkedIn profiles come under IP protection- I have a friend who copied my linkedin profile word-by-word, except experience and title section. He even updates his profile every time I update mine !!!

He asked me last week whey I haven't endorsed him, despite requesting multiple times. Hmm.

Have you ever had the moment when you were left speechless because a software system was so fucked up and you just sat there and didn't know how to grasp it? I've seen some pretty bad code, products and services but yesterday I got to the next level.

A little background: I live in Europe and we have GDPR so we are required by law to protect our customer data. We need quite a bit to fulfill our services and it is stored in our ERP system which is developed by another company.

My job is to develop services that interact with that system and they provided me with a REST service to achieve that. Since I know how sensitive that data is, I took extra good care of how I processed the data, stored secrets and so on.

Yesterday, when I was developing a new feature, my first WTF moment happened: I was able to see the passwords of every user - in CLEAR TEXT!!

I sat there and was just shocked: We trust you with our most valuable data and you can't even hash our fuckn passwords?

But that was not the end: After I grabbed a coffee and digested what I just saw, I continued to think: OK, I'm logged in with my user and I have pretty massive rights to the system. Since I now knew all the passwords of my colleagues, I could just try it with a different account and see if that works out too.

I found a nice user "test" (guess the password), logged on to the service and tried the same query again. With the same result. You can guess how mad I was - I immediately changed my password to a pretty hard.

And it didn't even end there because obviously user "test" also had full write access to the system and was probably very happy when I made him admin before deleting him on his own credentials.

It never happened to me - I just sat there and didn't know if I should laugh or cry, I even had a small existential crisis because why the fuck do I put any effort in it when the people who are supposed to put a lot of effort in it don't give a shit?

It took them half a day to fix the security issues but now I have 0 trust in the company and the people working for it.
So why - if it only takes you half a day to do the job you are supposed (and requires by law) to do - would you just not do it? Because I was already mildly annoyed of your 2+ months delay at the initial setup (and had to break my own promises to my boss)?

By sharing this story, I want to encourage everyone to have a little thought on the consequences that bad software can have on your company, your customers and your fellow devs who have to use your services.
I'm not a security guy but I guess every developer should have a basic understanding of security, especially in a GDPR area.

Was playing fallout 4 a couple days ago. About 20 minutes in. The computer just shuts off. Like no power at all. I start up the computer again. Try fallout 4 again. It shuts off at the beginning video. WTF... I try Skyrim wondering if video card is busted. Skyrim runs perfectly fine. I startup Fallout 4 again. It runs. WTF...

Next day I try fallout and bout 20 minutes in power off again. Now I am assuming cooling issue and I am trying to see temps with programs. Cannot really tell.

So today I take apart my laptop and vacuum every cooling orifice out. Vacuum any dust looking crap I can see. There was dust in the fans. All clean. I run a memory test for a couple hours. Memory passes (it was brand new memory, thought maybe flaw in ram). Now I run fallout 4. Runs fine, zero issues for about an hour.

Me to myself: CLEAN YOUR DAMN COMPUTER MORE OFTEN! Okay...

In between I read about Fallout 4 causing system reboots and shutdowns due to loading and heating. Apparently something about Fallout 4 causes this more than other games. Wild... Pretty sure it was thermal shutdown protection going on.

@Condor did you mention this?
One of my final projects... To connect gas, movement, IR pir and do a all arround protection sistem. I'll build the on-off for the gas difectly in the box for the arduino, it's the easy way, since I can now make an app to control it online.

Sorry forgot the pic

New DPO (Data protection officer): "Everybody must have an antivirus installed. You have an antivirus"
Me:"No, at the moment. I use Linux. I could install one to detect Windows virus"

Trying to get some information about a product:
1. Opening the manufacturers webpage, gets a crawler protection page presented, 30 kB
2. The actual website opens, 600 kB + an endless amount of javaScript.
3. Tries to download a PDF, a extra download page is opened, another 600 kB and even more JS.
4 Download the Download a PDF, 3 MB
5. Read the information in that PDF which would fit into 8 kB.

The only reason I ordered a new phone today is there are bunch of apps that no longer work on my phone.

Including Amazon and even work related apps.

Been 5+ years I am using my current phone and not a single scratch on screen, though the body is affected a little. All of this without protection.

I must admit my handling game is good. Lol

You all know that these AI dev tools are reading your code right?

It is sending it back to a data center and doing evaluations on the code. This is like handing your code to an unknown entity with no guarantees for privacy or copyright protection.

This concept bothers me and I would have to consult with my employer to even determine if we wanted to take that risk. I think it is just a matter of time before a bad actor takes advantage of this and rips off a company somewhere.

Firefox developer fucked up this morning my development after the update -_-

The fucking "Enhancing Tracking Protection" was on a local Wi-Fi IP address(192.168...) which automatically redirected to the https of that IP, but I did setup kestrel to listen on HTTP, which resulted in a nice "Cannot enstablich a secure connection(and suck it up because ¯\_(ツ)_/¯)"

Fortunately it's easy to get rid off this cunt, just go on the shield nearby the address and disable that motherfucker.

ps: sorry for the lil rage, my morning train trip development brain cells should not be bothered by this automatic technical troubles

Further question to the Firefox developers:
WHAT THE FUCK are you thinking when you force developers to automatic HTTPS redirection when you should know more than anyone that development is 360deg(and not 90 like your mom)

Your three-second password retry delay is far more likely to annoy users than preventing a brute-force attack.

If you insist on a retry delay, let the user enter a password five times without any delay. This would make no difference in the grand scheme, the trillions of retries needed for a brute-force attack, and guessing a password takes longer than three seconds of thinking anyway.

Another alternative is a tenth of the password retry delay but one added character. One added character slows down a brute-force attack by at least sixty-two (62) times, so one more character but a tenth of the password retry delay would still mean more than six (6) times the protection against brute-forcing.

On Linux, the password retry delay can thankfully be reduced by changing a value inside /etc/pam.d/common-auth or /etc/pam.d/login (out of scope for this post, you can search online for more details).

Why does Google FRP even exist?!

For everyone who doesn't know what FRP is: FRP (Factory Reset Protection) is a partition on an Android device that stores data about the last used Google account on the device. It "protects" the device to be used by a second person (or a thief) even AFTER a factory reset when executed via bootloader.

Last week I bought a HTC One A9 second-hand w/o any documents. I ensured it has been reset, so I took it home... I then wanted to set it up, as following message appeared on the screen: "This device has been reset. Please login using a Google account that has been synced with this device before."
I checked the IMEI for being blacklisted, but it wasn't. Unlocking the bootloader and erasing the frp partition is not an option, because on HTC devices you have to enable OEM unlocking in the settings first. Someone stated on a forum, that you can bypass the bootloader lock with a "RUU Image" (I'm not familiar with this so pls don't blame me for that statement). But since the phone has a branding from Vodafone Germany, I can't find a RUU Image that would flash the device without a CID mismatch...

Why the f*** does Google have to implement a feature that prevents to use the phone when bought from another person that you don't know?

!dev

For a long time, I thought that the most annoying people on the ski slope are kids overestimating their abilities on a difficult piste or speeding down the slope ignoring others. Boy was I wrong; those kids are nothing compared to all the fucking morons who think that buying the most expensive gear at a local sports store makes them better at skiing.

For the love of god, if you ever consider skiing, just buy some reasonably cheap all-mountain gear, and if you think you need something better, do proper research or find a fucking expert. I'm not talking about those "experts" they have at your local sports store, I'm talking someone who provides gear and support for actual ski clubs and teams, or at least someone working at a dedicated outdoors store who actually owns some of the gear they're selling.

"Oh, but I'm an advanced skier" - right, then why don't you tell me what turning radius, width profile, and flex would best fit you? Thought so.

Look, it's clear just by looking at your $1000 "racing" skis that they have a way shorter turning radius than any competition-level skis, and if you were really going as fast as you think you are, you'd probably spin out on every other turn with such a short radius. Your curved skiing poles aren't fooling anyone either; professionals only use those in super-g and downhill because you need to go insanely fast to notice any advantage over regular poles. And people who race that fast use way more protection than I can see on you.

Okay, it's your gear, it's your body; if you're going to buy overpriced stuff that doesn't make sense or neglect protection, that's up to you. Do you know what's not up to you? Being a fucking moron and ruining skiing for everyone else. Just because you got the most expensive "expert-level" gear, you can't just use it for powder, park, or moguls when you feel like it because you don't fucking know how to ride any of these, even if your gear claims to be good for all types of skiing. And let me tell you, that expensive gear you have is much less forgiving than some entry-level gear if you decide to try other styles of skiing.

I'm fucking tired of people like that. If I go to the resort with lots of powder, I want to ride the powder, not spend most of my time avoiding groups of morons who clearly don't have the right gear and skills for the powder. If I go to the resort with a huge park, I want to ride the park, and I can't do anything if the place is covered by dipshits speeding past the objects and braking in front of the jumps. And if I want to race down the piste, I want to race, I don't want to have a bunch of morons constantly switching side in front of me to avoid "rough" parts they can't ride on.

I hate UpWork and Freelancer.com fees and policies about the privacy (or lack) for your projects. But I grudgingly admit they offer protections against fraud. If you're a freelancer, or if you employ freelancers, and do so without the fraud protections of these types of services, how do you guard against being taken advantage of by clients or freelancers? I mean, anyone can write and sign contracts but in the end they're just paper promises not worth anything if the people you're working with or for are "dogs on the Internet" who can simply disappear.

Me: *tries to save a file using inscape to my documents folder*
AVG: OMG OMG I SWEAR INSKAAPE JUST TRIED TO DELETE *literally the file I just tried to save* BE THANKFULL WE MADE SURE YOU CANT BE PRODUCTIVE WITHOUT TURNING OFF YOUR AV

Kinda amazing that dyn does not have DDoS protection...
It is NOT hard to get and for a quite big Company like dyn - it is cheap also

Why do bears have hairy coats? Fur protection.

According to the report of Reuters : Brazil's Ministry of Justice said on Monday it has fined U.S. tech giant Facebook 6.6 million reais ($1.6 million) for improperly sharing user data. The ministry's department of consumer protection said it had found that data from 443,000 Facebook users was made improperly available to developers of an App called 'thisisyourdigitallife.' The data was being shared for "questionable" purposes, the ministry said in a statement.

1. Do you commute using public transport?
2. How long is one of your ways?
3. Do you use hearing protection during your commute?
4. Are you also extremely nervous if your public transport is just a nanosecond too late?

Analogy: Assume a JVM is a kingdom, Object is a king of the kingdom, and GC is an attacker of the kingdom who tries to kill the king(object).
When King is Strong, GC can not kill him.
When King is Soft, GC attacks him but King rule the kingdom with protection until resource are available.
When King is Weak, GC attacks him but rule the kingdom without protection.
When king is Phantom, GC already killed him but king is available via his soul.

So Phantom ref is basically GC saying "Omaewa mo shindheru" and the object saying "Nani???"

The best surprise is when I restart using one of my scraper apps which I haven't used in a long time ... And it still works.

My Dilbert one I haven't updated in years which implies they have not made any changes to the site or added anymore protection for at least 5yrs

Oh look, I found a mime-type.net/scam/webpage/

And no, they don't have any XSS protection

Oh my dear internet,

FUCK THIS FUCKING SHIT
I AM SICK AND TIRED OF IT, WHO BUILT THIS HACKED TOGETHER ORWELLIAN SWAMP PIT?

Fuck the same fucking Envato template on every content page with 70 layers of sidebars, inline ads, popups, cookies and content shifting as if I was playing CATCH UP WITH YOUR FUCKING CONTENT.

FUCK the same fucking annual upselling 'plans' on every 7-day trial overengineered scam app that requires me to sign up for 1 fucking, falsely advertised task where my fucking password generator doesn't even recognize the input as a password field so I have to cmd+, to my FUCKING BABYLONIAN PASSWORD ARCHIVES PROMPTING ME FOR THE MASTER PASSWORD.
Thank god I can at least CREATE A BURNER CREDIT CARD THAT FREEZES ITSELF BECAUSE I CANNOT BE BOTHERED TO UNSUBSCRIBE FROM YOUR FUCKING STEAMING CRAP.

FUCK every fucking step I take being recorded by our CYBERPUNK OVERLORDS REQUIRING ME to sign up for 5 different fucking privacy protection tools' annual plan or duct tape some open source shit onto my browser just for some BASIC PRIVACY WHILE TRYING TO NAVIGATE ALL THE OTHER 5000 annuals plan naval mines like A FUCKING FRENCH SUBMARINE IN 1940 GERMAN WATERS.

FUCK my walled garden scam ecosystem not being compatible with your walled garden scam ecosystem prompting me to reactivate my old SATANIC GOOGLE DON'T BE EVIL ACCOUNT from 2012 sending me on a DANTE ALIGHIERI STYLE ODYSSEY THROUGH THE 9 LAYERS OF PASSWORD RESET QUESTIONS, UNEXPECTED ERROR, 2FA MY PHONE DIED HELL to come out on the other side as a broken man.

Thank GOD I have your useless SUPPORT PAGE to aid with my signup problems that is actually just an FAQ with a hidden EASTER EGG HUNT for your support form CRISP AI BOT THAT IS ALSO 'currently experiencing high demand due to COVID' which is peculiar since that has been 3 years ago, but fortunately for you enabled you to fire ALL YOUR SUPPORT STAFF AND REPLACE IT WITH THIS BANNER.

I might as well just SCRAPE your fucking content, it'd be faster.

And although it is quite funny, FUCK THIS PAGE TOO for having me create another of 10.000 accounts to write this shit, where my browser firmly placed a newly created burner email into the PASSWORD FIELD.

I do not know how we managed to create something that is even more unwieldy than 56k DIAL-UPS, but I know that if this shit continues I'll have to train my own AGI to proudly interact with of all this STUPID SHIT on my behalf or I'll have to move into THE FUCKING MOUNTAINS AND LIVE WITH THE DEER.

DDoS and the company won't pay for scrubbers or CloudFlare protection :(

I work full time in the data protection field for healthcare whilst investing all my free time into coding as a career change.

I've discovered that despite people telling you how much you need to spend every hour you get free to learn to code, you also need to consider the people closest to you. I was ignoring my partner who I live with because I thought this was more important and that she should be able to see that. But what's the point in being in a relationship if you aren't making an effort with each other?

It's OK to slow down and invest time into the people you have in your life. Give yourself a break.

!rant

I have about a week of holidays left before my classes start and I'm thinking about creating a notepad with password protection and cloud sync so it can be accesed on other devices.

So this is how it will work.
Probably the same interface as windows notepad so no one notices. It can be used to write a personal diary or anything that you don't want other people to know. It will ask for a 4 digit code when you open it(at first you'll see some text, you'll just enter you pin after that text and without pressing enter if you pin is write you'll see the text changes to your previously saved text and if your pin is wrong no error will be displayed itll work as a normal text editor for intruders and probably this wrong pin will be sent to you on you emil with other info). Now even if yoy minimize the window you'll have enter the pin again or even your windows gets out of focus. So you can have it open all the with out worrying.

I'll be using C# for this which I have no experience with. But I'll get it so no problem here.

Provide your feedback on this with some suggestions.

*Sorry I didn't post it on calebs section because I don't have $10.

Decided to get rid of a system app but forgot to disable stupid System Integrity Protection (OS X stuff) first so it flipped back at me with a thousand of "Permission denied" errors.
Whispers behind me (it was in the public):
— What is he doing?
— I don't know. I think recompiling the kernel...

So I figure since I straight up don't care about the Ada community anymore, and my programming focus is languages and language tooling, I'd rant a bit about some stupid things the language did. Necessary disclaimer though, I still really like the language, I just take issue with defense of things that are straight up bad. Just admit at the time it was good, but in hindsight it wasn't. That's okay.

For the many of you unfamiliar, Ada is a high security / mission critical focused language designed in the 80's. So you'd expect it to be pretty damn resilient.

Inheritance is implemented through "tagged records" rather than contained in classes, but dispatching basically works as you'd expect. Only problem is, there's no sealing of these types. So you, always, have to design everything with the assumption that someone can inherit from your type and manipulate it. There's also limited accessibility modifiers and it's not granular, so if you inherit from the type you have access to _everything_ as if they were all protected/friend.

Switch/case statements are only checked that all valid values are handled. Read that carefully. All _valid_ values are handled. You don't need a "default" (what Ada calls "when others" ). Unchecked conversions, view overlays, deserialization, and more can introduce invalid values. The default case is meant to handle this, but Ada just goes "nah you're good bro, you handled everything you said would be passed to me".

Like I alluded to earlier, there's limited accessibility modifiers. It uses sections, which is fine, but not my preference. But it also only has three options and it's bizarre. One is publicly in the specification, just like "public" normally. One is in the "private" part of the specification, but this is actually just "protected/friend". And one is in the implementation, which is the actual" private". Now Ada doesn't use classes, so the accessibility blocks are in the package (namespace). So guess what? Everything in your type has exactly the same visibility! Better hope people don't modify things you wanted to keep hidden.

That brings me to another bad decision. There is no "read-only" protection. Granted this is only a compiler check and can be bypassed, but it still helps prevent a lot of errors. There is const and it works well, better than in most languages I feel. But if you want a field within a record to not be changeable? Yeah too bad.

And if you think properties could fix this? Yeah no. Transparent functions that do validation on superficial fields? Nah.

The community loves to praise the language for being highly resilient and "for serious engineers", but oh my god. These are awful decisions.

Now again there's a lot of reasons why I still like the language, but holy shit does it scare me when I see things like an auto maker switching over to it.

The leading Ada compiler is literally the buggiest compiler I've ever used in my life. The leading Ada IDE is literally the buggiest IDE I've ever used in my life. And they are written in Ada.

Side note: good resilient systems are a byproduct of knowledge, diligence, and discipline, not the tool you used.

I've spent the past hour and a half working on a bot to beat a typing game. I have no reason to, and I have so many better things to do.

But I keep running into honeypots and bot protection, and now I won't be able to stop until I prove I'm smarter than this random typing site.

I just bought a new smartphone, cause i broke the one i had before, and i find it really good for only 140€. It has 4gb RAM and 1,5Ghz 4 cores processor, and an IP68 Shock/Dust/Water protection. The only problems that i have are that as the brand is not really popular (model is Phonemax Rocky 1), there are no recovery/roms or easy ways to root it. Maybe if i have time i'll try to port TWRP and LineageOS, but i'll have to do it myself... :(

Tonight I will delete the data of 10M of records of personal data after the inspection of the Data Protection Authority.

[Long rant about one of the worst school project I got]
I just saw that post about Lego coding, and it reminds me a project we had to do for high school.

The project was about a robot that will do volleyball services. My group decided with me that I should go on programming the robot since it was my idea to pick that subject to work on. So I started to investigate the robot and the programming software.

This was one of the worst thing si could get. For some reason I didn't find any tutorial about how to program the robot, so I had to test it out. When you don't want to break the robot, that's clearly not the best thing to do.

So what about the teachers? We had 3. Two told me they don't know stuff about this, and one MIGHT know stuff but not how to use the software. Great...
Plus I add that we were asking a teacher some help, being desperate, and literally, he came, made a joke about "how long he didn't play with Lego toys", laughed at his own joke and left. Thank you, that was really helpful while I was worrying about the project that will help us getting my degree, clearly helped us.

So I managed to do something really basic, where you input the direction for the aim with the arrows on the robot, and central button was for shooting. Basically basic stuff. Even not optimal because the robot hit its own screen but a weaker throw wasn't working, so we had to put some protection over the screen and the arm.

Another group of another class were working on the same subject, so we visited them one day to see their stuff.
They made a joystick that was fully operational, with analogic direction input, precise aiming and shooting stuff. The best way to make myself doubt about my stuff.

So we did the presentation and for whatever reason, the other class (not only the other group) got bad reviews of their projects, made by my famous joking teacher, and we got a good review. Didn't understand, but whatever.

So did I learn stuff?
Absolutely not. It was one of the worst pain in the ass to learn the programming syntax and stuff, and when I graduated, I forgot anything concerning programming stuff, my engineering school did all the stuff.

This is some experience you don't forget, the one that don't make yourself grow at all but the effort is real.

Cloudflare using cloudflare 🤔

So I went for a "special" interview to a company whose slogan is "experience certainty" (fresher, was hoping to get a role in cyber security/Linux sysadmin). Got shown what the "real" hiring process of an indian consultancy company is...

We were called because we cleared a rank of the coding competition which the company holds on a yearly basis, so its understood that we know how to code.
3 rounds; technical, managerial and HR...

Technical is where I knew that I was signing up for complete bullshit. The interviewer asks me to write and algo to generate a "number pyramid". Finished it in 7 minutes, 6-ish lines of (pseudo) code (which resembled python). As I explained the logic to the guy, he kept giving me this bewildered look, so I asked him what happened. He asks me about the simplest part of the logic, and proceeds to ask even dumber questions...
Ultimately I managed to get through his thick skull and answer some other nontechnical questions. He then asks if I have anything to ask him...
I ask him about what he does.
Him - " I am currently working on a project wherein the client is a big American bank as the technical lead "

Me (interest is cybersec) - "oh, then you must be knowing about the data protection and other security mechanisms (encryption, SSL, etc.)"

Him (bewildered look on face) - "no, I mostly handle the connectivity between the portal and data and the interface."

Me (disappointed) - "so, mostly DB, stuff?"

Him (smug and proud) - "yeup"

Gave him a link to my Github repo. Left the cabin. Proceeded to managerial interview (the stereotypical PM asshats)

Never did I think I'd be happy to not get a job offer...

Currently working on my own Express App with CSurf for csrf validation.

Works great but one problem...

HOW THE FUCK SHOULD A POST REQUEST COMING FROM JAVA GET THE FUCKING TOKEN.

Should I made my RESTApi without csrf protection?

I am crying right now...

Fingerprint Scanner.
Anyone who had already configured a fingerprint reader in Linux that can help me?
I have an "Egistec ES603" (A Chinese imitation) fingerprint reader and can't install it myself.
been trying to install fprint for an hour with no luck (I think I already installed it and maby doesn't launch? Don't know).
Fingerprint GUI detects the reader as etes603, can read any finger one time and crashes when asks to pass the finger again...
Frustrated with this shit, but I really wanna fingerprint protection...
Btw It worked fine in Windows, so must also work in Linux.

Hi guys, as I think this is the perfect good place to share point of view, I would love to know what do you think.
Years after years, people fight against hacks/piracy, like governments or video games editor.
Recently, we all heard about that piracy team who said that in the close future, breaking games protection would be impossible, yet the famous Denuvo (DRM) even if hard to break, is still broke few days/weeks after game release.

Here's what I think.
No matter what, hacking/piracy will always have steps ahead of protections. Because that's the way it is, the way it works. Maybe protections will be effective for a while, but there will always be somewhere, someone smart enough to break it. I start thinking that when a iPhone/Sony claims that they were safe and Geohot break their protections one by one.
There is no perfect protection.
(Quantum computers aside).

What do you guys think?

Do a simple fucking thing ... Hoo no that cross origin shit protection XD i know the utility of this protection but in dev damm just shut the fuck up and work

Oh mighty how I hate Windows 10
1. It will run that "antimalware" malware killing your CPU
2. Fucking shit will auto restart for updates so if you run some 24h process you are doomed, and there is nothing you can do to stop it, unless maybe deep shit digging in MS god only knows registry values
3. Will be your fucking daddy showing you blue box, "oh we detected you may be a pussy, so we prevented this exe from running, please click 50 times to allow it because we care about you by creating virus prone OS in 1990 and we continue to do so"

NO Microshit horsefuckeers stop developing this garbage OS, let it die and force the world to use Linux, yes harder at first for every day Joe, but once learned it's state of the art OS, even your Azure cloud runs of Linux so for fuk sake stop develping WinDOS!
Or let the user to configure "fuck off mode" I don't want your virus scanner I don't want your protection, just fuck off and let people to whatever the duck the want!

I get to unleash my creativity.
My classmates && teachers fear me because they think I will screw up their computer/smartphone if they make me unhappy, gives me a virtual protection field from my friends bullshit.
I look cool doing being a dev.
And finally, learning to be a dev improves my logical thinking skills.

Absolutely hate it when my software engineering module project mate merge their own commits into the team repo without anyone else reviewing.

That’s it for you, branch protection ON. One more time and you’re losing push access

Namecheap made whois protection free for everyone, probably because of GDPR, but they cannot be used on .eu domains.

So I get this email from google for my development account about these new general data protection regulations and what they're doing with admob and all that good stuff.

I didn't dive too deep and there's nothing crazy in it but it definitely feels like it's spawned on by this "selling you data to advertisers thing."

We live in such a weird society where it's like outrage after outrage. I've never known anybody who has NOT known that their statistics and data was sold to third party for marketing for EVERYTHING they do on the computer or phone. For a DECADE or longer. It always seemed to be such a second hand thought but now out of nowhere everyone has their panties in a wad for something they ALREADY knew.

Are we like that miserable/bored/no hobbies/unsatisfied with our first world life that we have to just flip out about dumb crap all the time?

Is devRant using Google Analytics for upvotes (on web)? My privacy protection apps have removed the ++ button because of that on web :(

Outlook protection is shit!
Microsoft is blocking our company mail server AND even my private one for a couple of days now for no reason.
Every other mailing black list has nothing to complain but Microsoft: "You want to send a very important mail to your customer? Nope!"
And
"Yeah, now you tried to use your private server to fool me. Haha, nope! You didn't think I would block IPs randomly, did you?"

Fuck Microsoft! Fuck Outlook protection! Fuck hotmail!

It's 2022 and people still believe USB sticks and external card readers are a replacement for memory card slots.

They're not. SD cards have a standardized form factor and do not protrude from memory card slots, but external card readers and USB sticks do.

Just like smartphones, laptops are increasingly ditching the SD card slot or replacing it with microSD, which has less capacity, lower life expectancy and data retention span due to smaller memory transistors, worse handling, and no write-protection switch.

Not only should full-sized SD cards be brought back to laptops, but also brought to smartphones. There might soon be 2 TB SD cards, meaning not one second of worrying about running out of space for years. That would be wonderful.

What's your favorite vps hoster?
I'm currently using scaleway and love it, but recently learned that they offer no protection against data loss.
So I'm looking for an alternative for a project in production that has automatic backups as well as unmetered bandwidth.

So you are telling me I have to stay indoors from 21:00 onward because of Corona virus? And get a 95 euro fine when I don't? While I'm working 8 hours a day in a small office with 3 old fucks that refused to do ANY protection for their employees?

I'm glad you old fucks are dropping like flies. 2 million of you are dead already. Hurry up and die faster!!!

my phone is dying. Very slowly, i see the first signs of decay, i probably have months or even more than a year, but it will die on me. I knew it will happen.

I currently have an asus phone (ZE552KL), it is technically DualSim or SD-Card, has a camera that is..badish and sometimes the bluetooth wont start and then it reboots. Also the camera has a pure software bug where it isnt able to ever focus properly, but with tricks you can get it to work again. The asus forums constantly refer to sending it to a repair station (wherever one is in germoney). That annoys me.

Back to dying. For now its definetly the battery.
I remember when you could change the battery on a whim. Great times. My last phone died duo battery aswell (well, the gps module broke aswell so it wasnt all flowers besides the battery).

My current asus phone was something around 300 € and according to reviews 2 years ago it has a good bang for the buck ratio.

I havent looked into the market, just a cursory glance. But apparently if you want a phone that has a decent battery life, is not basically a tablet, has an sd card slot and a camera that is not total rubbish it gets hard. Its hard to balance those things, and if you want a swappeable battery all hope is lost.
Further i have started to misstrust chinese phones, the asus software support is wacky and some stuff is weird. I suspect its as bad with huwai and all the others. Also its apparently kinda hard to get any resemblance of quality in accessoires for non-mainstream brands (i mean cases and display protection)

So i dread the future, the future in which i need a new phone that is somewhere in the mid price segments and fits my needs. In the end i will take something suboptimal and be unhappy with it till it dies.

I despise the phone market.

>where is the code that is in charge of that?
>that's the infrastructure dependencies job
>oh cool. So what if I want to do X Y Z?
>the infra doesn't do that
> well who is on charge of infra?
>oh that was {guy that left 2 weeks ago} and anyway that code existed for AGES

So now I'm drowning in foreign spaghetti because people didn't want to disturb the holy infra and just made workaround in the services themselves. Good thing I got my nylon overalls for maximum shit protection

A few months back I tried to get the company I work for to invest in software to located and recover lost/stolen devices. I brought a few offerings to the table but I was told we didn't need to worry about that because it never happens and we already have software in place.

Fast forward a few months and I'm looking at the software we're using and it seems we haven't actually configured the computers to allow for tracking. I send a message to our CTO about this and point out that, in the event of a missing device, we can't actually relocate it. Not 5 minutes later a manager comes in to let us know that his computer is missing and may have been stolen because his car was broken into the previous night.

Well I'm laughing because this is just the kind of thing I needed to happen, and the manager is freaking out because he's afraid the CEO is going to be furious. I get a few emails from other members of the leadership team requesting we set up a meeting to go over our security and asset protection procedures.

So I finally get to start implementing some actual security protocols around here. And fortunately the lost laptop was actually recovered because it was left at a bar and not in the car when it was broken into.

HELP!!

I am starting a new contract to create a full stack web application with a medical company that will contain some sensitive data about their clients/patients.

I have been working as a salaried full-time employee for a medical software company, but I have been shielded from any sort of lawsuits from the client (worst case scenario, I'd get fired).

Do any of you have any advice on what I should do to protect myself in terms of LLC's, Insurances, etc?

Add-on signing is censorship in disguise.

Imagine Google could remotely delete YouTube videos you downloaded, to "keep you safe" from the "bad content". Well, Google and Mozilla can remotely disable extensions you installed using their pre-installed trojan horse called "add-on signing".

Always remember, whenever a corporation cites "for your protection", consider it synonymous with "so we can control you more".

Every ten years, a new social nexus, from Usenet to Reddit. Every day, a flame war. Every year, a great leader that wins flame wars, convinces people to follow them. The question is, what happens next? What do you preach to the gullible masses you won over?

Every single time it gets to politics, and then, to philosophy. Yet, there are no large strides in sight to world peace.

You've seen that meme where everything is just applied math. Well, math is applied philosophy, and philosophy is a product of misunderstanding the language.

In the end, the flame war you won never mattered. Archived threads, Wayback Machine, inactive Usenet mirrors. Acres upon acres of human thought, passionately expressed in computer text, roamed by no one but web crawlers. Give them three days, and they'll forget what you taught them.

WWI had shown us that we couldn't improve the masses with art and education. There is no vaccine against stupidity.

Life on Earth is hell. People are hell. Living among people is hell. If your life isn't hell, you're fortunate enough to be paying criminals that are stronger than other criminals around them, for protection.

Only the habit of systematically denying yourself pleasures your inner animal wants, plus a healthy dose of doubt, can make you human. Without restraint, a man is merely a greedy beast.

ASP.NET Core (MVC) is frustrating me.

I’m a big fan of ASP so far but I’m just struggling to understand a lot.

First off to use it you have to fucking memorize every class in the fucking framework and the functions within them. It just expects that I automatically know which classes I need to implement or inherit from and why, but if I don’t? I can fuck off. But this is also just a C# problem in general.

And it does so much for you and that bothers me so much. I was so excited to actually implement protection against SQL Injections, using HTTPS, validating logins, interacting with the SQL for the database but FUCKING NOPE BECAUSE IT DOES IT FOR YOU.

I don’t want my hand held I want to feel like I’m actually doing things and I want to learn how shit works and how it’s made. It’s just disappointing. I appreciate that it wants me to focus on the app and I will appreciate it a lot more when I’m done learning how everything works but I won’t actually get to understand how those features work or how I can implement them myself because it’s spoiling me too fucking much.

I guess I’m just gonna have to practice more. And don’t bother telling me to look at the documentation, I’ve never seen such a fucking piece of shit mess before I laid eyes upon the docs for C# & ASP

CREA DDF (Canada Real state listings API) is what you get when government fucks with technology.

Holy shit! So f*cking inefficient to use it, test it and get data.

I get the protection behind sensitive data but fuck me if there is not a lot of waiting behind their fucking application process just to fetch some testing data.

Why do bears have hairy coats? Fur protection.

The new UK law for data sharing with the governments is crazy with making it law for service providers to hold data of browsing history and big sites like google, facebook so on to retain human readable access to there data is they offer a service to the UK, what steps do we take to protect the data, service but also follow this law I can't see anything that would make any sense to be able to follow this law.

What are your views and ideas going forward, at the moment the UK as made it law even tho the EU said stop this madness, so lets take it as red its there, is there sense-able way to do this or are we going to have to provide UK users data a means to be back doored?

A school computer system that didn't have any sort of boot protection, at all, like I was able to access certain files on the school system using a USB stick (course I didn't copy or look at them, that would just be unethical)

Three Layers of Security
As InfoWorld notes, all smartphones have three basic
elements of security. Your first major task as a mobile
user is to become aware of these layers and enable them
in your devices:
1. Device Protection: Allowing remote data "wiping" if your
device is ever lost or stolen.
2. Data Protection: Preventing corporate data from being
transferred to personal apps running on the same device
or personal network
3. App-Management Security: Protecting your in-app
information from becoming compromised.

!Rant, story

That one time my brother received a call from some Indian dude that "worked" for Microsoft, who was alerting him about a "virus".

My brother (who was in his mid teens at the time) downloaded a program that the guy linked him to, and consciously installed it to allow the dude to take over his computer. Then, with full power over the computer, guy started doing shady stuff and offered him a one year protection for $99.

Thank God mom knew what was up when he asked for her credit card info...

*facepalm*