Website: We care about your privacy and don't sell your information to third parties.

*inspects Privacy Badger*
*notices a truckload of Google/facebook trackers/ad thingies*

Yeah why don't you go fuck yourself.

For the Dutch people on here, the new surveillance law in short:

- dragnet surveillance, data retention of normal data is a maximum of 3 years, encrypted data up to 6 years.

- secret DNA database, data retention up to 30(!!) years.

- use of 0days without having to report them to the vendors.

- third parties may be hacked to get to main targets; if my neighbor is suspected they may legally hack me in order to get to him/her.
Cleaning up (removing backdoors etc) afterwards is not required.

- sharing unfiltered (raw) data gathered through dragnet surveillance with foreign intelligence agencies is permitted, even if it's to a country which doesn't have as much 'democracy' as this country does.

Decide for yourself if you're voting (at all) against or in favor of this law, I'm voting against :)

We do need a new/reformed law, this one is just too intrusive imo.

My coworker requested I add a bunch of tracking to our product.

I've previously tried explaining to him (and honestly the rest of the company) about privacy issues stemming from tracking, such as by their beloved Venmo. Venmo tracks absolutely fking everything you give it access to, from location data to your entire facebook, twitter, foursquare, etc. feeds, and sells ALL of it to third parties. It's scary. but! this guy simply does not understand, and/or does not care, and marches right on into all the surveillance, loudly singing the song of convenience to all who'll listen. (Nobody else in the company cared, either. :/)

ugh.

Anyway, I'm conflicted.

I have to install some tracking, but I can probably come up with an excuse to cut most of it out and gimp their surveillance. It'll still be useful to us, but it'll limit the amount of data the tracking company can sell to third parties.

but they'll push this guy pretty hard on it, and he's as technically-inclined as a smudged glass of warm, stale beer. "Better for your conversion!" they'll say. "How much tracking do you want?" he'll reply. "@ashkin, why can't you do this right now? What else do you need to make this happen?" he'll firmly inquire. and so I'll be forced to make it happen...

ergh

I'm a bit worried at how little of my question Google actually just answered...

!!privacy
!!political

I had a discussion with a coworker earlier.

I owed him for lunch the other day, and he suggested I pay him back either with cash (which I didn't have), Venmo, or just by him lunch the next time (which I ended up doing).

I asked about Venmo, and he said it was like paypal, but always free. that sounded a bit off -- because how are they in business if it's always free? -- so I looked it up, and paid special attention to their privacy policy.

The short of it: they make money by selling your information. That's worth far more than charging users a small fee when sending $5 every few weeks. Sort of what I expected when I heard "always free," but what surprised me is just how much they collect. (In retrospect, I really shouldn't have been surprised at all...)

Here's an incomplete list:
* full name, physical address, email, DoB, SSN (or other government IDs, depending on country)
* Complete contact list (phone numbers, names, photos)
* Browser/device fingerprint
* (optional) Your entire Facebook feed and history
* (optional) all of your Facebook friends' contact info
* Your Twitter feed
* Your FourSquare activity
(The above four ostensibly for "fraud prevention")
* GPS data
* Usage info about the actual service
* Other users' usage info (e.g. mentioning you)
* Financial info (the only thing not shared with third parties)

Like, scary?

And, of course, they share all of this with their parent company, PayPal. (The privacy policy does not specify what PayPal does with it, nor does it provide any links that might describe it, e.g. PayPal's "info-shared-by-third-parties" privacy policy)

So I won't be using Venmo. ever.

I mentioned all of this to my coworker, and he just doesn't understand. at all. He even asks "So what are they going do with that, send me ads? like they already do?"

I told him why I think it's scary. Everything from them freely selling all of your info, to someone being able to look through your entire online life's history, to being able to masquerade around as you, to even reproducing your voice (e.g. voice clips collected by google assistant), to grouping people by political affiliations.

He didn't have much to say about any of them, and actually thought the voice thing was really cool. (All I could think of was would happen if the "news" had that ability....) All of his other responses were "that doesn't bother me at all" and/or "using all of these services is so convenient."

but what really got me was his reaction to the last one.

I said, "If you're part of the NRA, for example, you'd be grouped with Republicans. If they sell all of this information, which they do, and they don't really care who buys it or what they do with it... someone could look through the data and very very easily target those political groups."

His response? "I don't have to worry about that. I'm a Democrat, and have always voted Democrat. I'll tell anyone that."

Like.
That's basically saying every non-democrat is someone you should be wary of and keep an eye on. That's saying Democrats are the norm and everyone else is deviant and/or wrong.

and I couldn't say anything after this because... no matter what I said, it would start a political conflict, and would likely end with me being fired (since the owner is also a democrat, and they're very buddy-buddy). "What if they target democrats?" -> "They already do!" or "What if democrats use it against others?" -> "They deserve it for being violent and racist, but we never would" (except, you know, that IRS/tea-party incident for example...)

But like, this is coming from someone who firmly believes conservatives are responsible for all of the violence and looting and rioting and mass shootings in the country. ... even when every single instance has been by committed by democrats. every. single. one.

Just...
jfl;askjfasflkj.

He doesn't understand the need for privacy, and his world view is just... he actually thinks everyone with different beliefs is wrong and dangerous.

I don't even know how to deal with people like this. and with how prevalent this mindset is... coupled with the aforementioned privacy concerns... it's honestly *terrifying.*

10 years ago, I found a vulnerability in the connection between an insurer I was working for, and the network of databases of municipalities. I was only a hacker in so far as kids who watched Hak5 are considered hackers, so I always carried this laptop with a fake access point, package sniffer, wep crack, sslstrip, etc with me.

The vulnerabilities allowed me to register a new identity, for which I requested a passport.

Walking up to the town hall desk with two passports with different names, both mine, was pretty cool.

I did not do anything malicious, and was hired to fix the issues (wep encryption on insurers trusted wifi, and municipality postgres gave write access to all third parties)

For a few days I was the coolest kid in school though!

when i was fired as an external contractor with half an hour notice, because i didn't process enough tickets. I didn't process many tickets because:
1. In the morning everyone grabs tickets just to stop the timer.
2. I worked on some complicated tasks that involved multiple third and fourth parties(not to forget an fucking dropping firewall)

I was supporting a legacy CRM app which front end used Visual Basic 6 and almost the entire business logic was written on SQL store procedures.

A "feature" of the product was the open code, anyone with admin access could modify forms, code and store procedures.

We also sold "official" (and expensive) consulting services to modify the code.

A long time customer owned this thing and it was heavily customized. They had hired us to change something, hired a third party to make other changes and decided to modify some stuff themselves because, why not?

Suddenly they came to product support asking to fix a bug. The problem happened on a non customized form.

After reviewing, I realized the form used several of the modified store procedures in the business layer. I tried saying we don't support custom code but my boss was being pushed and said "look into it"

All 3 parties denied responsibility and said their changes were NOT the problem (of course). Neither of them commented or documented their changes.

The customer started to threaten to sue us.

I spent 5 full days following every field on the form through the nested and recurrent SQL store procedures and turns out it was a very simple error. A failed insert statement.

I was puzzled of why the thing didn't throw any error even while debugging. Turns out in SQL 2003 (this was a while ago) someone used a print line statement and SQL stopped throwing errors to the console. I can only assume "printing" in SQL empties the buffered error which would be shown in the console.

I removed the print statement and the error showed up, we fixed it and didn't get sued
:)

1. Focus on learning; earning should come secondary
2. If it doesn't add anything to your resume, it's probably not worth picking up
3. Do not re-invent the wheel. Explore third parties and libraries thoroughly. Use them as much as you can.
4. If you stuck at a problem for more than 2-3 hours: post on stackoverflow
5. Plan, create deadlines, and focus as if an executive chose you.
Lazy = failure!

I've lost 3 hours trying to implement third-party extension just to realize I've never imported it into the project.

Why me?

You know, I am astonished at the number of people here that use(d) Facebook. It's even more amazing that these same people are actually surprised that all this shit happened with their data.

I don't have a Facebook account, or Instagram, or Twitter, etc. When this stuff first started coming out, people kept telling me to sign up for accounts.

I refused, telling them that I didn't want to give my private information to a third party that I didn't even know. And not only that, but they can use the private information about you in any way they wish and also sell it to third parties.

I was of course told to take off my tinfoil hat... and it's only now that people are realizing that they are giving away potentially private information to people they don't know?

If I came to your door and asked you everyday to send everything you did that day to me so that I could file it away and use it as I please, you would probably tell me to get the hell off your property.

It just blows me away that if you put that same offer in the format of a website, suddenly people are begging to give you their data.

It's fucking lunacy... 😞

Every year, the worst dev experience comes right at the holidays, when website owners with big egos want to launch right on (U.S.) Thanksgiving Day, Christmas Eve, or New Year’s Eve/Day because they think they’re that popular and important. It never occurs to them that this is the WORST time because any third party support you need for hosting, APIs, plugins, etc. is either backlogged or out of office. And because NOBODY is eagerly awaiting the redesign of ANY website on those particular dates since they are stuffing their faces and getting s&&&faced at bars and parties. Nobody will even notice that your website has changed until January 15th at the earliest.

So, I've had a personal project going for a couple of years now. It's one of those "I think this could be the billion-dollar idea" things. But I suffer from the typical "it's not PERFECT, so let's start again!" mentality, and the "hmm, I'm not sure I like that technology choice, so let's start again!" mentality.

Or, at least, I DID until 3-4 months ago.

I made the decision that I was going to charge ahead with it even if I started having second thoughts along the way. But, at the same time, I made the decision that I was going to rely on as little external technology as possible. Simplicity was going to be the key guiding light and if I couldn't truly justify bringing a given technology into the mix, it'd stay out.

That means that when I built the front end, I would go with plain HTML/CSS/JS... you know, just like I did 20+ years ago... and when I built the back end, I'd minimize the libraries I used as much as possible (though I allowed myself a bit more flexibility on the back end because that seems to be where there's less issues generally). Similarly, any choice I made I wanted to have little to no additional tooling required.

So, given this is a webapp with a Node back-end, I had some decisions to make.

On the back end, I decided to go with Express. Previously, I had written all the server code myself from "first principles", so I effectively built my own version of Express in other words. And you know what? It worked fine! It wasn't particularly hard, the code wasn't especially bad, and it worked. So, I considered re-using that code from the previous iteration, but I ultimately decided that Express brings enough value - more specifically all the middleware available for it - to justify going with it. I also stuck with NeDB for my data storage needs since that was aces all along (though I did switch to nedb-promises instead of writing my own async/await wrapper around it as I had previously done).

What I DIDN'T do though is go with TypeScript. In previous versions, I had. And, hey, it worked fine. TS of course brings some value, but having to have a compile step in it goes against my "as little additional tooling as possible" mantra, and the value it brings I find to be dubious when there's just one developer. As it stands, my "tooling" amounts to a few very simple JS scripts run with NPM. It's very simple, and that was my big goal: simplicity.

On the front end, I of course had to choose a framework first. React is fine, Angular is horrid, Vue, Svelte, others are okay. But I didn't want to bother with any of that because I dislike the level of abstraction they bring. But I also didn't want to be building my own widget library. I've done that before and it takes a lot of time and effort to do it well. So, after looking at many different options, I settled on Webix. I'm a fan of that library because it has a JS-centric approach. There's no JSX-like intermediate format, no build step involved, it's just straight, simple JS, and it's powerful and looks pretty good. Perfect for my needs. For one specific capability I did allow myself to bring in AnimeJS and ThreeJS. That's it though, no other dependencies (well, at first, I was using Axios because it was comfortable, but I've since migrated to plain old fetch). And no Webpack, no bundling at all, in fact. I dynamically load resources, which effectively is code-splitting, and I have some NPM scripts to do minification for a production build, but otherwise the code that runs in the browser is what I actually wrote, unlike using a framework.

So, what's the point of this whole rant?

The point is that I've made more progress in these last few months than I did the previous several years, and the experience has been SO much better!

All the tools and dependencies we tend to use these days, by and large, I think get in the way. Oh, to be sure, they have their own benefits, I'm not denying that... but I'm not at all convinced those benefits outweighs the time lost configuring this tool or that, fixing breakages caused by dependency updates, dealing with obtuse errors spit out by code I didn't write, going from the code in the browser to the actual source code to get anywhere when debugging, parsing crappy documentation, and just generally having the project be so much more complex and difficult to reason about. It's cognitive overload.

I've been doing this professionaly for a LONG time, I've seen so many fads come and go. The one thing I think we've lost along the way is the idea that simplicity leads to the best outcomes, and simplicity doesn't automatically mean you write less code, doesn't mean you cede responsibility for various things to third parties. Those things aren't automatically bad, but they CAN be, and I think more than we realize. We get wrapped up in "what everyone else is doing", we don't stop to question the "best practices", we just blindly follow.

I'm done with that, and my project is better for it!

So for those of you keeping track, I've become a bit of a data munger of late, something that is both interesting and somewhat frustrating.

I work with a variety of enterprise data sources. Those of you who have done enterprise work will know what I mean. Forget lovely Web APIs with proper authentication and JSON fed by well-known open source libraries. No, I've got the output from an AS/400 to deal with (For the youngsters amongst you, AS/400 is a 1980s IBM mainframe-ish operating system that oriiganlly ran on 48-bit computers). I've got EDIFACT to deal with (for the youngsters amongst you: EDIFACT is the 1980s precursor to XML. It's all cryptic codes, + delimited fields and ' delimited lines) and I've got legacy databases to massage into newer formats, all for what is laughably called my "data warehouse".

But of course, the one system that actually gives me serious problems is the most modern one. It's web-based, on internal servers. It's got all the late-naughties buzzowrds in web development, such as AJAX and JQuery. And it now has a "Web Service" interface at the request of the bosses, that I have to use.

The programmers of this system have based it on that very well-known database: Intersystems Caché. This is an Object Database, and doesn't have an SQL driver by default, so I'm basically required to use this "Web Service".

Let's put aside the poor security. I basically pass a hard-coded human readable string as password in a password field in the GET parameters. This is a step up from no security, to be fair, though not much.

It's the fact that the thing lies. All the files it spits out start with that fateful string: '<?xml version="1.0" encoding="ISO-8859-1"?>' and it lies.

It's all UTF-8, which has made some of my parsers choke, when they're expecting latin-1.

But no, the real lie is the fact that IT IS NOT WELL-FORMED XML. Let alone Valid.

THERE IS NO ROOT ELEMENT!

So now, I have to waste my time writing a proxy for this "web service" that rewrites the XML encoding string on these files, and adds a root element, just so I can spit it at an XML parser. This means added infrastructure for my data munging, and more potential bugs introduced or points of failure.

Let's just say that the developers of this system don't really cope with people wanting to integrate with them. It's amazing that they manage to integrate with third parties at all...

How do I help my colleague in fighting harrassment?
This is the story of a helpless employee facing everyday harassment. Im trying to help. Seeking for your thoughts

Backstory fast forwarded: My company acquired another company. So we handle all their projects and clients now, but its a completely new domain. So we needed new people. Hired 4 employees + 1 team lead to start with. But the project process got delayed and they were free for a month. So i took 2 of them in my project and gave them some small tasks to help us over. They loved working with my team and were learning new stuff apart from what they usually did. And we were also happy of their contribution. We became good friends. All of this was in March 2020 before covid-19 was taken seriously.

About my company: I love this company. I have been in this company for more than 4 years now. People are really nice. Parties and fun events. Lot of smart and ambitious people. So company and people are awesome.

Coming back to the story. Lets call the team the 4 and team lead T. The 4 were happy that someone like T was in their team. This T had all the best knowledge about stuff and life was going to be awesome for the 4. Or was it?

Story starts: So I talk to one of these 4 on daily basis. Lets call this friend F. F is a real gentle person. Intelligent and dedicated to work. F is awesome to work with. And always enjoyed working. F is a team player and very very soft person. F is fking workoholic. So few days after project starts, F tells me work was not going well. F is getting real frustrated at work and not able to deal with it or find solution.

What happened:
This person T, who was supposed to help these 4, is real piece of shit. He is impatient, arrogant and MFing dick head. Aaaarggggg.
All the good qualities of a leader like supporting the team, boosting confidence, guiding team when they make mistakes, teaching them, were all missing from this person. T was a machine with no emotion and only clock working jerk. I have no idea how T cleared interview process, because one of the interview round is also about cultural fit into company. I know this because i take interviews for other domains. We have rejected lot of such well qualified but arrogant candidates.

So whats the problem now: this team of 4 are learning new tools and taking over the clients requests from old company. Most of the stuff is new for them. So in tat case people need lot of time to understand and figure out shit. people make mistakes while learning and you know have to deal with it. Person T abuses these 4 when something goes wrong. That's one.

Second, the T definitely knows more than these 4. So if these guys dont understand certain stuff they ask T. But T does not help them learn. T will either say busy or run away by saying thats simple and ull know when time comes. REALLY MF???

Third, T does not talk nice. T is rude and does not listen to team members. For eg, If F says some task cannot be done for some reason T will say, "y cant u do it? U r capable of doing it. Tats y u r in this job". And then point number one and two happens. Never responds to emails and messages. But if someone else does the same will not tolerate that and abuses them. List goes on.

So y not escalate and deal with that T:
This person F and other 3 are still under probation and they think complaint or escalation will back fire. These people do not want to lose job in between all this pandemic shit. They are scared.

So this was happening for a while. And i was giving lot of tips on how to handle certain situations. And how one should communicate these.

But being a gentle, soft and workoholic person, F focussed on work and assumed things will get in place as time goes by.

Today, F could not meet a requirement. So T told some shit which got F all sad. and F called up me late night and started crying explaining what happened. I felt real bad. I asked F to file harrassment case. F refused saying it was F's mistake on not completing requirement. WHO THE FK CARES. PEOPLE CANNOT TALK SHIT. I told ill file harrassment case against T. (We have a policy where others can also file if person is not courageous enough). But F did not allow me.

Then after calming down, I told F that telling the problems to me wont solve them. You have to talk to T directly and tell him on face not to talk like this. Or tell the manager about whats happening. Or tell the the HR about this. F said tat cant be done. I was like Y THE FK NOT.

Because the other 3 are not ready to talk about this to anyone as they fear they'll lose job. So if F talks and people question other 3 they might bail out. WAT THE HOLY SPIRIT.

so after lot of convincing F is still not going to
Talk to anyone about this.

So i have decided ill write an anonymous email to HR, the manager and other senior people in the organisation about whats happening.

I really dont know how itll go. Ill keep updating you guys. Feel free to share ur thoughts.

The amount of energy spent to just write ‘Hi’ and click a send button is so big that we should consider banning of sending hi messages.

Instead of just saying “Hi!” we are now using analog to digital preprocessors that convert it to bunch of 0 and 1 to send it over communication layer and deliver it to other human being that will convert it from digital to analog by reading it but that is simple.

By sending message using phone we also:
- save it to local phone
- convert it to couple protocols
- transmit it over air so make connection to internet provider services that would generate logs on this provider as well as whole routing table before it gets to the target person
- save it on messaging provider disk
- probably be processed by filters by provider, sometimes be reviewed or listened by third parties and also processed in bulk by artificial intelligence algorithms
- finally delivered to target phone and saved there where that person would just change this text to their inner voice and save it
- sometimes encrypted and decrypted
- sometimes saved on provider
- sometimes saved on phone manufacturer cloud backup
- don’t get me started on people involved to keep this infrastructure in place for you just to say hi

There are also some indirect infinite possibilities of actions for example:
- emit sound and light that can lead to walking from one room to other
- the floor in your house is destroyed cause of it so you need to renovate your floor
- sound can expose your position and kill you if you’re hiding from attacker
- sound can wake you up so you wake up in different hours
- it can stop you from having sex or even lead to divorce as a result simple hi can destroy your life
- can get you fired
- can prevent from suicide and as a result you can make technology to destroy humans

and I can write about sound and light all day but that’s not the point, the point is that every invention makes life more complicated, maybe it saves time but does it really matter ?

I can say that every invention we made didn’t make world simpler. The world is growing with complexity instead.

It’s just because most of those inventions lead to computer that didn’t make our world simpler but made it more complicated.

Sus!
yesterday I bought a cool domain in namecheap, I was very lucky to find short and good one for my case.

Today (at weekends!!!!) I receive a letter:
>Hello **redacted name**,
>
>We are contacting you from the Namecheap Risk Management Team regarding your '**redacted name account**' account.
>
>Unfortunately, your Namecheap account was flagged by our fraud screening system as requiring verification and was locked.
>
>Please follow the instructions below to get your account verified:
>
>- take a color photo of the credit card used for the payment at **redacted link**
>
>Please make sure all of the edges of the credit card are visible, and that we can clearly see the card holder's name, expiration, and last four digits of the card number. The screenshots or images of the card cannot be accepted for verification. >If the submission does not meet these requirements, we can either request to submit the details again or permanently suspend your account.
>
>- provide a valid phone number and the best time to call you (within normal business hours, US Pacific time).
>
>If we do not hear back from you within 24 hours, we will be forced to cancel your orders.
>
>We apologize for any inconvenience that may result from this process. This extra verification is done for your security and to ensure that orders are legitimate. This industry, unfortunately, has a high rate of fraudulent orders, and this sort of >verification helps us drastically reduce fraud and ensure our customers remain secure. Such documents are used for verification only and are not provided to third parties in any way. Account verification is a one-time procedure, after your account >is verified, you will never face this issue again.
>
>Looking forward to your reply.
>
>---------------
>Dmitriy K.
>Risk Management
> Namecheap, Inc.

what if I did not notice it in 24 hours? It is the weekend for god's sake! People usually rest until monday.
They would what, cancel order and scalpel it to super high price?!
I have some doubts if the request is trully having anti fraudulent origins.

What if I used digital visa card? How was I supposed to photo it?

And the service they provided for photoing accepts only photos from web camera. I was lucky that I bought recently web camera with high enough amount of pixel power and manual focus. What if I did not?

That's all really SUS!
The person can not notice the letter within 24 hours time frame until the morning, when it would be already too late.

"You are fired!"

Is what I wanted to sent to all clients and third parties involved in the project. Stop making your problems my problems. My systems are ready, properly tested and well documented. Stop changing the requirements and stop adding requirements until you are sending valid requests to my API.

Taking over from/working with an external dev company on an existing project.

Listen Mr CEO, I'm not here to mess with your firm's code and undo all of your work. I'm just doing my job. Stop telling me that the only thing left to do is "data" without any context. The site that I'm here to work on isn't even finished.

DevRant has many privacy-conscious people and honestly just people who don't like when their personally identifiable data gets shared.

Yet, DevRant uses Carbon Ads owned by BuySellAds. Here's what their privacy policy reads:

"Some Personally Identifiable Information may also be provided to intermediaries and other Third Party Service Providers (defined in part (4) below) who assist us with the Services"

You know what's the funniest thing? In "part 4 below" they never actually state which companies do they share personally identifiable information with.

Just a quick reminder that when you use DevRant, your personally identifiable information may be shared with any amount of third parties, and you could bet a lot of money that the list includes Google and Facebook because of remarketing. Remarketing is a fancy term that means not selling personal data but instead giving it away for free.

Use AdGuard or any other browser extension that blocks analytic scripts. Buy a Raspberry Pi Zero W and make yourself a PiHole. When you're using DevRant mobile app, use analytics-blocking VPN.

I am supposed to make a module that does sftp to third parties. Users put in their credentials and we connect and dump files on their servers. It seems like a terrible idea. We don’t administer those computers or define anything about their security. We don’t know if they are entering third party credentials or handling data according to our TOS. Can’t we just send them a presigned link by email on a schedule or something?

Disclaimer: This is all theoretical. Neither me nor my friend (with whom I discussed this) are stupid enough to even try to pursue this, but as an idea, i believe it might generate cool/new ideas/ways for handling secure communications across social groups.

Let's do some role play. Let's design a delivery app for drug dealers, think Seamless or Uber Eats, but for drugs. Not for big deliveries, like kilograms of coke, but smaller stuff. Maybe a few grams of it or something. The clients could rate dealers, and vide-versa. This would build a level of trust within the system. There would be no names, just anonymous reviews, ratings, and prices. Only the info you'd need to know.

The biggest (only?) problem we found (besides legality) was that, how would you prove that you're a client and not a snitch (or cop). This would have to somehow be handled both on signup, as well as when ordering (let's imagine that all who are clients are pure and won't ever snitch).

One of the ways we found to combat this was to have the app invite-only. This would, in theory, do away with the problem of having snitches signing up. However, what if the phone got stolen/breached by a snitch, and they also got full access to the account. One way we thought we could combat this would be with a "dispose number" or something similar. Basically, you call a number, or send a text, or message a Signal bot etc, which would lead to the account's instant termination, no traces of that user left. Hence, a dispose number.

The flow of the app would be as follows:
A client wants some amount of heroin. He opens the app, searches for a dealer, sends the him the desired amount, and in return gets back a price from the dealer. If both parties agree on the amount and price, the deal would start.

The app would then select a random time (taken from the client's selected timeframe and the dealer's "open" time) and a location (within a certain radius of both them, somewhere in between them both for convenience). If both of them accept the time and place, they'll have to meet up at said time and place.

The actual delivery could also be done using two dead drops - the client drops the money at one of them, the dealer drops the goods at the other one. Yes, this might be subject to abuse, but it wouldn't be that bad. I doubt that clients would make huge orders to unknown/badly rated dealers, as well as dealers accepting offers from badly rated clients. My idea is that they would start small, just so if they do lose their money/goods, the actual loss wouldn't be as big for them, but for the other party, having bad ratings would mean less clients willing to buy or dealers willing to sell.

A third way would be to use crypto, but the reason I left this as the last one is because it's not that wide-spread yet, at least not in local drug dealing. With this method, the client would initiate the order, the crypto would be sent to either the dealer or an escrow account, the dealer would then drop the goods at a random place and let the client know where to go to get them. After the client has gotten the goods, they could both review/rate the quality as well as the overall experience with that dealer, which would either make or break the dealer's upcoming deals. This would be pretty much like other DNM's, but on a local scale, making deliveries faster.

So far, this would seem like something that would work. Are there any ideas that might improve this? Anything that might make things more secure/anonymous?

My reason for this post is to spark a conversation about security and anonymity, not to endorse drugs or other illegal stuff.

Cheers!

PS. Really loving the new PC design of devRant

This week has been a good week, work wise at least.

My projects are coming along, I’m getting a CI-CD server spun up so we can start making use of Gitlab runners for builds and testing (deployment is next on my list)

The boss gave good feed back in the gitlab issues I raised after a demo yesterday (new features, nothing major but it’s nice to have positive feed back)

My focus has very much been on the technical side of things, testing and de-bugging web services,

The boss is very keen for me to start implementing apis, starting with one of the apps I’m working on, so we can start writing apis for other systems which integrate with third parties.

I’m actually excited about my work again, and I think it shows, which is why they’re steering me this way.

I’m going to give it 6 months and then ask for a pay review, as I think my responsibilities have increased enough to warrant at least asking about a pay rise

Google researchers have exposed details of multiple security flaws in Safari web browser that allowed user's browsing behavior to be tracked.

According to a report : The flaws which were found in an anti-tracking feature known as Intelligent Tracking Prevention, were first disclosed by Google to Apple in August last year. In a published paper, researchers in Google's cloud team have identified five different types of attacks that could have resulted from the vulnerabilities, allowing third parties to obtain "sensitive private information about the user's browsing habits."

Apple rolled out Intelligent Tracking Prevention in 2017, with the specific aim of protecting Safari browser users from being tracked around the web by advertisers and other third-party cookies.

Probably the one where we had an error, because the service from a thirdparty we needed to install used a fourthparty service that was behind a proxy. Due of internal reasons we needed to use our own tomcat instead of the standard tomcat. We made a meeting because we didn't found out at that point that the problem was the firewall that dropped the packages from the application. We replayed it to them (at that point it was in my musclememory) and after a month i got the idea to use tcpdump to see if the server is calling another webservice, which was denied by the developers.

Two years ago we took over this project which has been a nightmare to maintain. It's a set of netcore 2.1 webapps running on an on-prem windows machine. Everyone who has worked on it so far has quit, leading to two episodes of it being passed on with near zero handover.

Its function is fairly simple, so naturally we have been nagging to redo it and cloudlift it.

I was finally given one week to see how far I'd get, and had a poc running in Azure after one day; 4 apps in clean net6, SSO, and managed identities. The only thing lacking was setting up the authentication for third parties.

And... they still don't want "something new" when the old one works. Back to IIS and debugging windows event logs.

Random question...
Do you guys happen to know a nice videocall website and/or app for smartphone (Android)?
Possibly one that doesn't send all of your data to third parties and whatnot? °w°
Thaaaaanks ♡

Here's a story about why putting util functionality in a generic parent class is baaaad. So we run into a bug where an online shop module we develop causes a third party module to break the entire site until the session expires.

We track the bug down to the fact that the third party module has added some functionality to the part of the shop that deals with the cart and that functionality expects that one of the module's libraries is initialized. But as it turns out another of that module's libraries that is loaded earlier is fetching the cart and thus triggers our module which adds gifts to it.

Now, since we need a deeper integration with the cart to make gifts depend on the cart contents we call the part of it that now depends on the third party module's unloaded library.. So we think changing the order the third party libraries are loaded will fix the issue, only to discover the unloaded one is a child class of the first and the cart is fetched in the parent constructor. The parent of course then turns out to be a generic util class, inherited by all the module's libraries, so whatever order we load them in, the constructor is always called, so we had no other choice but to dynamically disable our module during the initialization of those libraries and then patch the updated cart contents into them after they've all been initialized.

At this point we get curious what that module's doing with the cart contents only to discover.. nothing. It's just that the parent class is full of utils and data fetching that the vendor reuses in all their modules..

Imagine enabling verbose logging for a complex ETL process that typically takes 8 hours to run but has been failing for some reason after running for about 7 hours. Naturally, you want to check the log file to find out what went wrong.
Now imagine not having read access to the log file.

What’s the best way to manage third party libraries in C++ especially when you’re not just dealing with software but several hardware?

I usually just store each library in its own sub module that gets rebuilt each update/pull, but this is started to get crazy as my project gets larger that it is not scaling.

Been integrating with a third party system for the last 2 weeks, we can send them requests fine but when they post the response to us they get a generic error.

After responding very politely to an increasingly aggressive contact at their company for the entire day, where he says it is our system that is badly configured, they figured it out.

Their system only has support for sending data using TLS 1.0 and below....

So turns out he was right our system wasn't configured to work with theirs. We only allow 1.2 and above...

I've built whole backend for my app (my as I created it for company I'm working in) that's using AWS for storing data about users. I wanted to replace AWS with something custom, easier to use and without any dependency on third parties.
Boss never let me migrate from AWS to this solution because there are not enough clients for the app and he's got a lot of other work for me 😅