My dad found a phone a few weeks ago and asked me what he should do with it. Knowing how much it hurts to lose personal data, I said I could try to find the owner and send it back.

My first attempt was to search through the files on the SD card in order to find an identifying document (CV, bill, address...) but there were only family pictures.

My second attempt was to unlock the phone and check the information about the owner and the accounts linked to it. But for this to be possible adb has to be enabled. Good thing is that that particular brand shows an option for activating adb on the recovery menu.

But then, it's Android Oreo and I haven't found a way to lift the lock pattern. I thought I could bruteforce it over the shell (as I found there could be about 1300 possibilities for 2 to 5 point patterns), but there is the same attempt throttling as on the screen so that would take ages.

Finally, I found the owner in the most "social" way : The phone was displaying the weather for a particular place. It turns out that there are only 3K inhabitants in that city, si I thought that a big enough Facebook group might help me find the owner. So I posted a message on a 500 people FB group dedicated to this city with a selfie of the owner : someone identified her within 20 minutes.

Mission accomplished 😎

When you try to become over smart with Apple.
Client :- Ask for all user information in registration screen.
Me :- But Apple rejects app if you ask for personal information you don't need. We shouldn't ask it since Apple will reject the application
Client :- "I am more strict than Apple", just do it.
Me :- But...
Client :- Do it!

Developed the app, uploaded on Apple Store for review and the app got REJECTED!!

Reason for rejection :- Don't ask for personal information you don't need !!!

Me :- (Evil laughs)

It's been more than 15 days now, the app is still under review due to multiple other violations already informed by me.

Moral :- Listen to developers, they have more experience than you or DO THE F*****G RESEARCH !!

True story !!!!

// sorry, again a story not a rant
Category->type = 'Story';
Category->save();

Today at work I got a strange email

'about your msi laptop'

(Some background information, a few months ago I went on vacation and left my work laptop at home. Long story short some one broke in and stole my msi laptop)

So this email had my interest. I opened it and the content was something like:

Hi! My name is x, I clean/repair laptops partime and I noticed your personal information on this laptop, normally people whipe their data from their laptop before selling so this is just a double check, if the laptop was stolen please call me on xxx

If I hear nothing I'll assume its alright and will whipe your data

So of course I immediately called him, after a conversation I informed the police who is now working on the case

Javascript developer interview

One of the RH interviewers started asking about myself, personal information, etc..

He : well, let me introduce you our tech lead, he will make you some question about JS

Me : alright

Tech Lead : ummm, do you know javascript?

Me : yes..?

Tech Lead : ok, cool. We will call you.

I got the job..

- Password can't contain less than 3 chars
- Password can't contain more than 12 chars
- Password must contain only alphabetical and numerical chars
- Password must contain at least one uppercase letter
- Password can't contain a sequence of repetitive chars
- You already used this password in the past
- Password can't contain parts of passwords already used in the past
- Password can't contain your name, birthday or any other personal information
- Password can't be an anagram
- This password is too weak

"Remember that you have to update your password every 6 months".

Who the fuck has enough imagination to invent a new password that meets all these requirements every fucking 6 months?
And if so, how the fuck you can also remember it?

Fuck off… I don't really need access to my university account, right? 😡

*goes to the local town hall to get my new ID*

A week ago:
Clerk: Sorry sir, our systems don't work anymore, we can't process your request!
Me: Epic. Is there any sysadmin in here that can fix this pronto?
C: No it's a centrally managed system. It's managed by the people in ${another town}.
M (thinking): Well how about you fucking call them then, fucking user. Screaming blood and fire when nothing is wrong server-side but doing nothing when there is. Fucking amazing, useless piece of shit.

One week later, i.e. today:
M: Hey, I'd like to renew my ID card. I've got this announcement document here and my current ID card.
C: Oh no I don't need the announcement document. I need your PIN and PUK code letter.
M (thinking): What the fuck do you need that for.. isn't that shit supposed to be my private information..?
*gives PIN and PUK part of the letter*
C: Alright, to register your new ID card, please enter your PUK and then your PIN in this card reader here twice.
M: Sure, but I'd like to change both afterwards. After all they're written on this piece of paper and I'm not sure that just destroying that will be enough.
C: Sure sure you can change them. Please authenticate with the codes written on the paper.
*Authenticates*
C: So you'd like to change your codes, right?
M: Yeah but I'd like to change it at home. You know, because I can't know for sure that this PC here is secure, the card reader has a wired connection to your PC (making it vulnerable to keyloggers) and so on.
C: Impossible. You can't change your PIN at home. (What about the PUK?!)
M: But I've done that several times with my Digipass for my previous passport.. it is possible and I've done it myself.
C: Tut tut, impossible. I know it's impossible and therefore it is.
M (thinking): Thanks for confirming that I really shouldn't enter my personal PIN on your fucking PC, incompetent bitch.
M: Alright, I'll just keep this PIN, try at home and if it's really impossible because the system changed to remove this functionality (which I highly doubt, that'd be really retarded), I'll come back later.
(Just to get rid of this old stupid woman's ignorance essentially.)
C: Sure sure...
Me: I'd also like to register as an organ donor. Where can I do that?
C: That'd be over there. *points to the other room in the town hall*

FUCKING THANK YOU LORDS OF THE WICKED RAVEN AND THE LIBERATED TUX, TO GET ME AWAY FROM THAT STUPID FUCKING BITCH!!!

.. anyway. I've got my new ID and I'm an official organ donor now 🙂

My love towards Microsoft:

When install Windows 10, world's most advanced operating system, I agree to use express installation to make sure I am sharing all the information with Microsoft.

Right after installation, I chose Microsoft Edge as my default browser. Can't live without it really. I also make sure my search engine is set to Bing!

Then I continue to setup Cortana and share all my personal information with her. I install office 365 to to work with my documents and use skype to chat with my friends.

Then I install Visual studio and set all my projects to Windows Application only. I mean who uses any OS other than Windows?

It doesn't finish there. Groove Player is my first choice for listening to music, Film and TV for my videos and etc.

I also always use Microsoft Maps to find my way to work!

<3 Microsoft

- devRant TOR rant! -

There is a recent post that just basically says 'fuck TOR' and it catches unfortunate amount of attention in the wrong way and many people seem to aggree with that, so it's about time I rant about a rant!

First of all, TOR never promised encryption. It's just used as an anonymizer tool which will get your request through its nodes and to the original destination it's supposed to arrive at.

Let's assume you're logging in over an unencrypted connection over TOR and your login information was stolen because of a bad exit node. Is your privacy now under threat? Even then, no! Unless of course you had decided to use your personal information for that login data!

And what does that even have to do with the US government having funded this project even if it's 100%? Are we all conspiracy theorists now?

Let's please stop the spread of bs and fear mongering so that we can talk about actual threats and attack vectors on the TOR network. Because we really don't have any other reliable means to stop a widely implemented censorship.

worst experience with a manager was the (female) one who got away with harassing a female employee for YEARS and thought it was ok because she thought they were friends.

She also retaliated (in ways that were hard to prove), played favorites, didn't know metrics or general business sense, couldn't do her employee's jobs but loved to tell them how they were wrong all the time, and then when she was fired, after the female coworker finally reported the ass slapping and the harassment based on disability, she went back into employee only areas with client personal information and thought taking selfies was ok (she was very quickly corrected and had to wipe her phone and memory card to ensure she hadn't been doing it when she wasn't caught, which cameras later proved she had been).

(I only sound calm. I will take a needle to her probably fake boobs and deflate them with glee if I ever see her again)

I work for a company known for its unbelievable perks and benefits. Every time a job opens up, we get thousands of applications.

Candidates are becoming increasingly aggressive to stand out. Hundreds of them (literally) have purchased Facebook ads or LinkedIn promoted posts to get their information in front of current employees.

Others have taken to outright stalking our employees. I freelance occasionally and have a separate website for my freelance business. I receive dozens of calls and emails to my freelance number and email account daily from people who want to “chat about the open position.”

My husband — who has a different last name — runs a small retail shop. He’s had people come into his store and tell him that they did internet sleuthing and found out he was married to an employee of my company, and would he please pass on their resume?

I expect to get these messages on my LinkedIn or company email, but am I wrong in thinking that stalking me out and trying to contact me via personal contact info (or my husband) is way out of line?

Is there a way to sharply tell them that this is not okay? Normally, I just don’t respond, but I have to turn my phone off or it rings all day and it’s really annoying. Would it look weird to put a message on my freelance website that says do not contact me about Company X jobs?

My company is aware of this problem, and has said to forward the names of aggressive or alarming candidates their way to remove them from consideration, but it’s so common, I’m thinking this is a product of being told that if they just showed GUMPTION, they’d get the job. I feel bad for them, but it’s also creeping me out.

A big FUCK YOU to chrome, and a big FUCK YOU to google in generally. First the hell that is code.org, then the chrome. I genuinely want to open a dictionary in google to see if the word "privacy" is in there. Sure, first it was tracking users with by making them agree to a long ass TOS no one wants to read except lawyers, then barely even giving any info and asking for consent with YOUR data, but this is too far. For all you that dont know, LanSchool is an application that allows teachers to see students screens, internet history and more. Its the reason kids can't play games in English class. But most importantly, its a chrome extension. We have to do assignments from home right? So when we logon to the school account from home, LANSCHOOL GETS DOWNLOADED ANYRACKS EVERYTHING I DO. It pains me how teachers can view so much information unfairly because of some unknowing students, my friends privacy was unfairly in the hands of google and the school system. Right when I found out about tit (~2 mins after i first logged on) i made an Ubuntu VM just for goddamn google docs. Back to my friend, he went on some websites not to be considered appropriate, and got in huge trouble. He was completely unaware of the fact that they could see his screen, and I resent google for allowing a third party to manipulate my PERSONAL COMPUTER without my consent. Die google, you ruined android, which had so much potential, and now the web and virtual privacy. You should be <strike>ashamed</strike> dead, and I hope in the future you realize that one day people will have common sense.

Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.

That time when...

He wrote a social media network with end-to-end encryption before it was cool.

He wrote custom 64kb encryption for his academic HDD.

He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.

He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).

He used only hashes of passwords as passwords (which isn't actually good).

He kept a drill on the desk ready to destroy his HDD at a moments notice.

He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.

He set up a new email account for each individual online service.

He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).

He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).

He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).

He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.

He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.

He bought a burner phone to visit the capital city.

He bought a burner phone whenever he left his hometown come to think of it.

He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).

He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.

(You might be noticing it's all he's. Maybe it is, maybe it isn't).

He ate a sim card.

He brought a balaclava to pentesting training (it was pretty meme).

He printed out his source code as a manual read-only method.

He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).

He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).

He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.

I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.

Sometimes I wonder how compromised my parents online security would be without my intervention.

My mom logged into her gmail and there was an red bar on top informing about Google preventing an attempted login from an unknown device.

Like typical parents / old people, that red bar didn't caught her attention but I noticed it immediately. I took over and looked into it. It showed an IP address and a location that was quite odd.

I went ahead with the Account security review and I was shocked to find that she had set her work email address as the recovery email!!

I explained her that work email accounts cannot be trusted and IT department of the workplace can easily snoop emails and other info on that email address and should not be related to personal accounts.

After fixing that issue, me being a typical skeptic and curious guy, I decided to find more info about that IP address.

I looked up the IP address on a lookup website and it showed an ISP that was related to the corporate office of her workplace. I noticed the location Google reported also matched with the corporate office location of her work.

Prior to this event, few days ago, I had made her change her gmail account password to a more secure one. ( Her previous password was her name followed by birth date!! ). This must have sent a notification to the recovery mail address.

All these events are connected. It is very obvious that someone at corporate office goes through employees email addresses and maybe even abuse those information.

My initial skeptism of someone snooping throguh work email addresses was right.

You're welcome mom!

Heh, so I was working in tech doing the physical side of the department (going and moving computers or hardware fixes etc.)

Anyways since I got that job I noticed some of our recurring systems tickets are time consuming so I wrote some scripts to speed up the parts that I could.
(Like getting us all the useful information for hunting down missing machines or machines that haven't been able to be backed up in a while)

So yeah, made the scripts and some higher ups were like great you should submit them to our repo so they don't just disappear. Do it and get told by one of the like cto kinda guys that, "instead of doing a script to do what the original script should do, maybe go in and fix our original one."

So I told him, I don't get paid enough to fix your guys scripts, I don't know perl(which is what those ones are in) and honestly it's not my department for fixing those scripts, it's yours.

I had made a big post about what my scripts did and gave access to them and what they could have fixed in an hour they argued with me for months about just fixing their originals instead.

So now I've just actually gotten promoted out of that dept and into another where I will finally get paid to do more code, so I was closing my last tickets and the "trying to add my scripts to their repo" was one. The guy had denied my PReq Esso I closed the ticket thinking meh.

This guy re opens and again says just fix the scripts. Luckily I had done a personal repo for the scripts so others in my (now old) dept can keep using them. So I said I'm not in that department anymore, I made them available to the others and I still don't know perl. Not sure what your wanting me to do...

Got a laugh when he replied "oh yeah, just heard about the promotion... Congrats.. Where's the repo?"

I feel like I won finally

TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern

Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.

Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.

Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.

An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.

After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.

The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.

It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”

At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”

Facepalm.

Skipped my lectures at university just to get my new Dell laptop at home.

Here is my experience of dell account portal:

There is a 50-50 chance that your order will appear in the list of orders. It has it's own mind, sometimes it will appear, sometimes it will say it has found no orders.

Now if somehow you do see the order in the list, there is a 50-50 chance that clicking on the order number will actually show you the correct order. Most of the time it will take you to a completely different order, where you can see the name, address and other personal details of a person that you don't know. THANKS DELL!

Now if somehow clicking on the order number takes you to the right order details page, there is a 50-50 chance that there will be no courier information, it will be blank without any information. Sometimes it will show the tracking number, but no courier details.

Right, now let's say that I don't give a fuck about any of these. I stayed home, skipping my lecture, just so that I can get my laptop. They promised me that they will deliver it today and I trust them 🙂

BUT YOU MOTHERFUCKER, not only that they will not deliver it today, they haven't even bothered to give me a call and say that they won't be delivering it today. YOU PIECE OF HORSESHIT, I skipped my fucking lectures for you. Now I have to skip my lectures for another day, just to get my GODDAMN laptop.

FUCK YOU DELL, DIE IN HELL!

Putting chatgpt to some good use. Writing a complaint mail to the idiots maintaining my banking app in the style of shakespare.

Hark thee, App Support Team,

With grave disquiet and vexation doth I write to thee concerning thy recent update of the application. As a software developer, the option to enable developer settings on mine own mobile device is of paramount importance for mine work. Yet thy latest update hath impeded mine access to mine own bank account until I disable this setting. Upon launching the app, it doth redirect me to a browser tab, where I am compelled to deactivate the developer setting to avail of thy services.

This conduct of thine is most unacceptable and unprofessional in mine eyes. It doth seem a transgression of privacy, for thy app doth dictate what settings I may or may not have on mine own personal phone. How canst thou deny me access to mine own bank account information merely on the grounds of having enabled developer options? How doth this option interfere with thy application, such that thou must needs coerce thy users to forsake their phone settings to utilize thy app?

I beseech thee to rectify this issue with all due haste, so that I may access mine own bank account without hindrance. If thou art incapable of doing so, then prithee, might thou recommend a more user-friendly banking application to which I may gladly switch?

With frustration and discontent at this time,
A locked-out person.

Backstory : So recently one of my banking app stopped working and forced me to update to their latest version. As soon as i opened the newer version , it shut down and redirected to my browser with a shitty html page with just one message : Disable developer options on your device to continue using our app. I was extremely frustated and couldnt understand what kind of idiots were maintaining this app.So i decided to write up an email hoping to find some solution for this.

My websites contact form got a submission from some "manjeet" offering me his freelancing services, together with previous projects, where he apparently delivered and... has a login backdoor that he advertises to others to check out?.. with credentials etc.

Also got flagged with "It contains a suspicious link that was used to steal people's personal information. Avoid clicking links or replying with personal information."

I live in the USA. Recently moved to a new state. Contacted car insurance company to change my policy to the new state.

Upon doing so, I was told about a new program they have where you install an app on your phone that monitors your driving. It gives discounts to your premium for driving safely.

Intrigued, I decided to try it out. At the end of the month, my discount was TWO DOLLARS.

Uninstalled, not worth the surrender of personal information that they profit off of in addition to my premium payments as well as the drained battery every day.

Disillusioned, again.

Has anyone else had experiences with similar discount programs, and was it worth it for you? Maybe I’m just a shitty driver ;).

Called in on a Saturday... I’d rather have my underwear ride up for the rest of my life than having to deal with your bitch ass not knowing how to run a FUCKING computer.

No, I promise it’s working fine you dense fuck. You just don’t know how to fucking run it. Perhaps instead of calling me in, why not ask your other coworkers how to preform the task that you’re failing to learn.

And the shit thing is, I’ve explained this so many fucking times. It’s not my fault you won’t retain the mother fucking information you cheeky bastard.

STOP FUCKING CALLING ME! - who the fuck even gave you my personal number you fuck!

!dev rant about social media 🤡 s like this one.

I hate when people seek for a reason to bitch on social media. This tweet for example.

1) I went to a small high school (small compared to a lot) and we still had a personal management class and this was covered.
2) Who the fuck uses checks still.
3) It's addition and subtraction, not brain surgery.
4) if you actually cared, Google it. There's a shit ton of information on balancing a check book out there.
5) You're probably in debt due to a shitty lifestyle combined with terrible money management, but keep playing victim. It's never your fault.

But of course she doesn't care. It's another case of someone wanting a reason to bitch and moan on social media. Get a hobby you clown.

Oh wow, so many memorable co-workers, though typically not in a positive way. I guess the most memorable was this project manager who got his job solely through nepotism. He was a fucking moron, putting it lightly. He would rattle off buzzwords and jargon that he had randomly picked up in a completely nonsensical way, which made him sound even more ridiculous. He didn't seem to notice our blank stares.

Anyway, since he loved to show everyone just how awesome he was, he had to have the latest and greatest laptop. He had some top-of-the-line model which cost an insane amount of cash back in the day, but of course he got bored of it when something better came out six months later. So he decided to sell his old laptop.

Now, this was his personal laptop he was selling but we were about three months away from launching a top-secret project which had a seven figure budget and a lot riding on it. So what did this absolute goose do? He sold his laptop unformatted with a metric shit ton of confidential files and documents on it. As fate would have it... he sold it to someone who just so happened to work for a competing company.

Cut to about two and a half months later, around two weeks before the launch of this massive project, our competition comes out with something incredibly similar and beat us to market. Aghast, senior management then found out that they had obtained a treasure trove of confidential information from this numpty's laptop, handed to them on a silver platter.

The following Monday, with a sombre mood in the office, this guy cheerfully comes in through the door and is immediately yanked into the boardroom by management. What followed was around thirty minutes of brutal, relentless, non-stop shouting, table- banging and obscenities. When it finally stopped, the door quietly opened, this guy walks out as white as a sheet, turns towards the exit and left the building.

We never saw him again.

Is this some properly fucked up interpretation of GDPR or what??!

We must capture your personal information, for no reason other than to prove we're not abusing your personal information??

This former developer made an app 2 years ago which is in production since then. On the 404 page it's throws the database credentials. The database saves personal information about the mobile owner.

Luckily I found out and fixed it. The client doesn't know about this.

Oh boy!

Pulled this from a web site's privacy policy. Remember, just because there's a switch doesn't mean anyone has to abide to that rule.

Browser “Do Not Track” Signals:  Most browsers contain a “do-not-track” setting.  In general, when a “do-not-track” setting is active, the user’s browser notifies other websites that the user does not want their personal information and online behavior to be tracked and used, for example, for behavioral advertising.  As required by recent Shine the Light law amendments we are required to inform you that, as is the case with most websites, we do not honor or alter our behavior when a user to one of our Websites has activated the “do-not-track” setting on his/her browser.

Public CSS discord: "Oh, awesome thanks, man! No need to apologize, I'll check the code. I DM'd you."

DM: Total meltdown cry baby freak-out... "Oh yeah... well, if the code is broken - then why does my repo have 63 stars? I think I'd know if my code didn't work - it must be your computer. Why won't you let me team-viewer into your computer and see your screen? I don't care about your personal information. It's made with React, not CSS. I thought you would be helpful - but you're not at all. You aren't professional..."

Uh... (I can see the code... team-viewer isn't going to help you... and I'm at work... and I already spent 15 minutes helping you - you fucking prick)

I wrote a node + vue web app that consumes bing api and lets you block specific hosts with a click, and I have some thoughts I need to post somewhere.

My main motivation for this it is that the search results I've been getting with the big search engines are lacking a lot of quality. The SEO situation right now is very complex but the bottom line is that there is a lot of white hat SEO abuse.

Commercial companies are fucking up the internet very hard. Search results have become way too profit oriented thus unneutral. Personal blogs are becoming very rare. Information is losing quality and sites are losing identity. The internet is consollidating.

So, I decided to write something to help me give this situation the middle finger.

I wrote this because I consider the ability to block specific sites a basic universal right. If you were ripped off by a website or you just don't like it, then you should be able to block said site from your search results. It's not rocket science.

Google used to have this feature integrated but they removed it in 2013. They also had an extension that did this client side, but they removed it in 2018 too. We're years past the time where Google forgot their "Don't be evil" motto.

AFAIK, the only search engine on earth that lets you block sites is millionshort.com, but if you block too many sites, the performance degrades. And the company that runs it is a for profit too.

There is a third party extension that blocks sites called uBlacklist. The problem is that it only works on google. I wrote my app so as to escape google's tracking clutches, ads and their annoying products showing up in between my results.

But aside uBlacklist does the same thing as my app, including the limitation that this isn't an actual search engine, it's just filtering search results after they are generated.

This is far from ideal because filter results before the results are generated would be much more preferred.

But developing a search engine is prohibitively expensive to both index and rank pages for a single person. Which is sad, but can't do much about it.

I'm also thinking of implementing the ability promote certain sites, the opposite to blocking, so these promoted sites would get more priority within the results.

I guess I would have to move the promoted sites between all pages I fetched to the first page/s, but client side.

But this is suboptimal compared to having actual access to the rank algorithm, where you could promote sites in a smarter way, but again, I can't build a search engine by myself.

I'm using mongo to cache the results, so with a click of a button I can retrieve the results of a previous query without hitting bing. So far a couple of queries don't seem to bring much performance or space issues.

On using bing: bing is basically the only realiable API option I could find that was hobby cost worthy. Most microsoft products are usually my last choice.

Bing is giving me a 7 day free trial of their search API until I register a CC. They offer a free tier, but I'm not sure if that's only for these 7 days. Otherwise, I'm gonna need to pay like 5$.

Paying or not, having to use a CC to use this software I wrote sucks balls.

So far the usage of this app has resulted in me becoming more critical of sites and finding sites of better quality. I think overall it helps me to become a better programmer, all the while having better protection of my privacy.

One not upside is that I'm the only one curating myself, whereas I could benefit from other people that I trust own block/promote lists.

I will git push it somewhere at some point, but it does require some more work:
I would want to add a docker-compose script to make it easy to start, and I didn't write any tests unfortunately (I did use eslint for both apps, though).
The performance is not excellent (the app has not experienced blocks so far, but it does make the coolers spin after a bit) because the algorithms I wrote were very POC.
But it took me some time to write it, and I need to catch some breath.

There are other more open efforts that seem to be more ethical, but they are usually hard to use or just incomplete.

commoncrawl.org is a free index of the web. one problem I found is that it doesn't seem to index everything (for example, it doesn't seem to index the blog of a friend I know that has been writing for years and is indexed by google).

it also requires knowledge on reading warc files, which will surely require some time investment to learn.

it also seems kinda slow for responses,

it is also generated only once a month, and I would still have little idea on how to implement a pagerank algorithm, let alone code it.

I miss when my job was just about coding, I could spend entire workdays writing C# or TypeScript while listening rock or metal with few meetings in between, being very passionate in programming and computers sometimes I found was I doing so engaging which I spent more than my 8 hours workday on company's code base trying to improve it and my older coworkers were very happy with my code.

Then a "promotion" happened, I went to work directly with a client, a huge enterprise which is working on renovating his internal software and here the fun stopped. Long useless meetings are a regular occurrence, there are absurdly long procedures to do everything (for example since CI/CD is leaky we have to do dozens of workaround to get a microservice deployed) and having very little written documentation this gives an huge advantage to people which actually enjoy to spend their entire workdays on a MS Teams call over "lone programmers" like me which actually feel significant fatigue in doing that (alone sometimes I was able to log 12+ hours of programming daily between work and personal projects while after 3 hours of PP I feel drained) since the information passes in meetings/pair programming and I dread both.

I feel which my passion is still there, I still enjoy coding, tinkering with Linux and BSD, broadening my knowledge with technical books and having passionate conversation about tech but I dread my job, sometimes I try to look at it under a more optimistic eyes but most of the times I just end disappointed.

Went to a thrift store last week near work and they often have old dev or technology books (I picked up a first edition K&R C book, once) and I found:

1) A book on the history of codes and ciphers throughout history.
2) Beyond good and evil by Nietzsche.
3) A modern publication of a 1673 Spanish demon summoning book (to go into a local town archive).
4) The technical information and construction manual for telegram systems from 1938.

I swear I was driving home thinking:

"Please don't crash, if CSI teams have to piece my identity together from these four personal items I dread to think what conclusions they're going to come to..."

Mozilla has announced that it's rolling out changes under the California Consumer Privacy Act (CCPA) to all Firefox users worldwide.

According to report of ZDNet: The CCPA (America's privacy legislation) came into effect on January 1, 2020, offering Californian users data-protection rules. Much like Europe's GDPR, the CCPA gives consumers the right to know what personal information is collected about them and to be able to access it. While the law technically only applies to data processed about residents in California, US. But Mozilla notes it was one of the few companies to endorse CCPA from the outset. Mozilla has now outlined the key change it's made to Firefox, which will ensure CCPA regulations benefit all its users worldwide. The main change it's introducing is allowing users to request that Mozilla deletes Firefox telemetry data stored on its servers. That data doesn't include web history, which Mozilla doesn't collect anyway, but it does include data about how many tabs were opened and browser session lengths. The new control will ship in the next version of Firefox on January 7, which will include a feature to request desktop telemetry data be deleted directly from the browser.

I've assembled enough computing power from the trash. Now I can start to build my own personal 'cloud'. Fuck I hate that word.
But I have a bunch of i7s, and i5s on hand, in towers. Next is just to network them, and setup some software to receive commands.

So far I've looked at Ray, and Dispy for distributed computation. If theres others that any of you are aware of, let me know. If you're familiar with any of these and know which one is the easier approach to get started with, I'd appreciate your input.

The goal is to get all these machines up and running, a cloud thats as dirt cheap as possible, and then train it on sequence prediction of the hidden variables derived from semiprimes. Right now the set is unretrievable, but theres a lot of heavily correlated known variables and so I'm hoping the network can derive better and more accurate insights than I can in a pinch.
Because any given semiprime has numerous (hundreds of known) identities which immediately yield both of its factors if say a certain constant or quotient is known (it isn't), knowing any *one* of them and the correct input, is equivalent to knowing the factors of p.

So I can set each machine to train and attempt to predict the unknown sequence for each particular identity.

Once the machines are setup and I've figured out which distributed library to use, the next step is to setup Keras, andtrain the model using say, all the semiprimes under one to ten million.

I'm also working on a new way of measuring information: autoregressive entropy. The idea is that the prevalence of small numbers when searching for patterns in sequences is largely ephemeral (theres no long term pattern) and AE allows us to put a number on the density of these patterns in a partial sequence, but its only an idea at the moment and I'm not sure what use it has.

Heres hoping the sequence prediction approach works.

Alright... how the FUCK is an IP address considered personal data by GDPR????

Fucking boomers don't even know what an IP is. Guess what, every website you've ever been to has your IP! It's in your router, your fucking ISP's registry, and in every DNS server within 1000 miles of you!

Imagine thinking your IP gives up private information, god, just fuck me, I hate all of it, idiotic fools fumbling around with shit they don't understand.

...WKO making every developer's life a living nightmare because fucking GOOGLE FONTS stores a copy of your IP for their stupid analytics. You know what? Just don't use the internet either, that needs your IP too. In fact, don't pay taxes either, the tax office has a copy of your address, that's pretty personal information if you ask me! Just live in the woods and survive with the wolves.

I already know the future 'resolution' to this one - store fonts locally, resolve this dangerous "issue"... "waaaahhh fullStackClown! the site is slower now!!!"

...an infinite circle of clownshipness continues...

tune in next week as the world continues to approach it's circus fate!

Recently I flashed Android 9 (Pie) on my Nexus, but to this day I still haven't logged into Google from it. One reason is because I don't know my password and I didn't git clone my password store yet (where it's contained). Another reason is because I want to reclaim my privacy and not be a data battery for a Matrix of convenience that feeds itself with my personal information. Eh, it sorta works out I guess. Yalp is an amazing alternative to the Play Store, and even offers its own shadow accounts to use along with Google Play.

One problem though, while I've noticed that I could log in with my own account to get all my premium apps (couple hundred euros worth, so not easy to just discard) it apparently violates Google Play's ToS to do so from a third-party app. So I'm a bit hesitant to do that. Do you know of any viable alternative way to preserve my privacy yet install, keep and have validated those premium apps? I could download them from e.g. BlueStacks and export the apk's, but that'd be tedious and wouldn't be able to get those apps validated on my phone unless I log into Google there as well (which kinda defeats the purpose). Any suggestions?

I got an email from a seemingly random gmail address with 'essential!' written in the title.

Turns out that this was my university trying to contact me. They expect me to send my full name, university and other personal information directly over a Google survey in an email from an address I don't recognise with an unprofessional subject.

Safe to say, I didn't fill that one in.

To provide excellent customer service and provide extra services, we collect your personal information.

Bullshit. You're not using my personal information for customer service, otherwise your call center wouldn't suck so badly.

Oh boy I got a few. I could tell you stories about very stupid xss vectors like tracking IDs that get properly sanitized when they come through the url but as soon as you go to the next page and the backend returns them they are trusted and put into the Dom unsanitized or an error page for a wrong token / transaction id combo that accidentally set the same auth cookie as the valid combination but I guess the title "dumbest" would go to another one, if only for the management response to it.

Without being to precise let's just say our website contained a service to send a formally correct email or fax to your provider to cancel your mobile contract, nice thing really. You put in all your personal information and then you could hit a button to send your cancelation and get redirected to a page that also allows you to download a pdf with the sent cancelation (including all your personal data). That page was secured by a cancelation id and a (totally save) 16 characters long security token.

Now, a few months ago I tested a small change on the cancelation service and noticed a rather interesting detail : The same email always results in the same (totally save) security token...
So I tried again and sure, the token seemed to be generated from the email, well so much about "totally save". Of course this was a minor problem since our cancelation ids were strong uuids that would be incredibly hard to brute force, right? Well of course they weren't, they counted up. So at that point you could take an email, send a cancelation, get the token and just count down from your id until you hit a 200 and download the pdf with all that juicy user data, nice.

Well, of course now I raised a critical ticket and the issue was fixed as soon as possible, right?
Of course not. Well I raised the ticket, I made it critical and personally went to the ceo to make sure its prioritized. The next day I get an email from jira that the issue now was minor because "its in the code since 2017 and wasn't exploited".

Well, long story short, I argued a lot and in the end it came to the point where I, as QA, wrote a fix to create a proper token because management just "didn't see the need" to secure such a "hard to find problem". Well, before that I sent them a zip file containing 84 pdfs I scrapped in a night and the message that they can be happy I signed an NDA.

PayPal = GayPal

PHASE 1

1. I create my personal gaypal account
2. I use my real data
3. Try to link my debit card, denied
4. Call gaypal support via international phone number
5. Guy asks me for my full name email phone number debit card street address, all confirmed and verified
6. Finally i can add my card

PAHSE 2

7. Now the account is temporarily limited and in review, for absolutely no fucking reason, need 3 days for it to be done

8. Five (5) days later still limited i cant deposit or withdraw money

9. Call gaypal support again via phone number, burn my phone bill

10. Guy tells me to wait for 3 days and he'll resolve it

PHASE 3

11. One (1) day later (and not 3), i wake up from a yellow account to a red account where my account is now permanently limited WITHOUT ANY FUCKING REASON WHY

12. They blocked my card and forever blocked my name from using gaypal

13. I contact them on twitter to tell me what their fucking problem is and they tell me this:

"Hi there, thank you for being so patient while your conversation was being escalated to me. I understand from your messages that your PayPal account has been permanently limited, I appreciate this can be concerning. Sometimes PayPal makes the decision to end a relationship with a customer if we believe there has been a violation of our terms of service or if a customer's business or business practices pose a high risk to PayPal or the PayPal community. This type of decision isn’t something we do lightly, and I can assure you that we fully review all factors of an account before making this type of decision. While I appreciate that you don’t agree with the outcome, this is something that would have been fully reviewed and we would be unable to change it. If there are funds on your balance, they can be held for up to 180 days from when you received your most recent payment. This is to reduce the impact of any disputes or chargebacks being filed against you. After this point, you will then receive an email with more information on accessing your balance.

As you can appreciate, I would not be able to share the exact reason why the account was permanently limited as I cannot provide any account-specific information on Twitter for security reasons. Also, we may not be able to share additional information with you as our reviews are based on confidential criteria, and we have no obligation to disclose the details of our risk management or security procedures or our confidential information to you. As you can no longer use our services, I recommend researching payment processors you can use going forward. I aplogise for any inconvenience caused."

PHASE 4

14. I see they basically replied in context of "fuck you and suck my fucking dick". So I reply aggressively:

"That seems like you're a fraudulent company robbing people. The fact that you can't tell me what exactly have i broken for your terms of service, means you're hiding something, because i haven't broken anything. I have NOT violated your terms of service. Prove to me that i have. Your words and confidentially means nothing. CALL MY NUMBER and talk to me privately and explain to me what the problem is. Go 1 on 1 with the account owner and lets talk

You have no right to block my financial statements for 180 days WITHOUT A REASON. I am NOT going to wait 6 months to get my money out

Had i done something wrong or violated your terms of service, I would admit it and not bother trying to get my account back. But knowing i did nothing wrong AND STILL GOT BLOCKED, i will not back down without getting my money out or a reason what the problem is.

Do you understand?"

15. They reply:

"I regret that we're unable to provide you with the answer you're looking for with this. As no additional information can be provided on this topic, any additional questions pertaining to this issue would yield no further responses. Thank you for your time, and I wish you the best of luck in utilizing another payment processor."

16. ARE YOU FUCKING KIDDING ME? I AM BLOCKED FOR NO FUCKING REASON, THEY TOOK MY MONEY AND DONT GIVE A FUCK TO ANSWER WHY THEY DID THAT?

HOW CAN I FILE A LAWSUIT AGAINST THIS FRAUDULENT CORPORATION?

Saw this sent into a Discord chat today:

"Warning, look out for a Discord user by the name of "shaian" with the tag #2974. He is going around sending friend requests to random Discord users, and those who accept his friend requests will have their accounts DDoSed and their groups exposed with the members inside it becoming a victim as well. Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him. Discord is currently working on it. SEND THIS TO ALL THE SERVERS YOU ARE IN. This is IMPORTANT: Do not accept a friend request from shaian#2974. He is a hacker.

Tell everyone on your friends list because if somebody on your list adds one of them, they'll be on your list too. They will figure out your personal computer's IP and address, so copy & paste this message where ever you can. He is going around sending friend requests to random discord users, and those who accept his requests will have their accounts and their IP Addresses revealed to him. Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him. Saw this somewhere"

I was so angry I typed up an entire feature-length rant about it (just wanted to share my anger):

"1. Unless they have access to Discord data centres or third-party data centres storing Discord user information I doubt they can obtain the IP just by sending friend requests.

2. Judging by the wording, for example, 'copy & paste this message where ever you can' and 'Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him.' this is most likely BS, prob just someone pissed off at that user and is trying to ruin their reputation etc.. Sentences equivalent to 'spread the word' are literally everywhere in this wall of text.

3. So what if you block the user? You don't even have their user ID, they can change their username and discrim if they want. Also, are you assuming they won't create any alts?

4. Accounts DDoSed? Does the creator of this wall of text even understand what that means? Wouldn't it be more likely that 'shaian' will be DDoSing your computer rather than your Discord account? How would the account even be DDoSed? Does that mean DDoSing Discord's servers themselves?

5. If 'shaian' really had access to Discord's information, they wouldn't need to send friend requests in order to 'DDoS accounts'. Why whould they need to friend you? It doesn't make sense. If they already had access to Discord user IP addresses, they won't even have to interact with the users themselves. Although you could argue that they are trolling and want to get to know the victim first or smth, that would just be inefficient and pointless. If they were DDoSing lots of users it would be a waste of time and resources.

6. The phrase 'Saw this somewhere' at the end just makes it worse. There is absolutely no proof/evidence of any kind provided, let along witnesses.

How do you expect me to believe this copypasta BS scam? This is like that 'Discord will be shutting down' scam a while back.

Why do people even believe this? Do you just blindly follow what others are doing and without thinking, copy and paste random walls of text?

Spreading this false information is pointless and harmful. It only provides benefits to whoever started this whole thing, trying to bring down whoever 'shaian' is.

I don't think people who copy & paste this sort of stuff are ready to use the internet yet.

Would you really believe everything people on the internet tell you?

You would probably say 'no'.

Then why copy & paste this? Do you have a reason?

Or is it 'just because of 'spread the word''?

I'm just sick of seeing people reposting this sort of stuff

People who send this are probably like the people who click 'Yes' to allow an app to make changes in the User Account Control window without reading the information about the publisher's certificate, or the people who click 'Agree' without actually reading the terms and conditions."

!dev

I’ve been ranting & posting a lot about my career, relocation, work life balance etc. in the last year.

Just wanna say, relocating was probably the best decision I’ve ever made. Professionally and personally..
Although it was a bit scary and I didn’t have any money left after relocating..

It’s 6PM, I’m sitting in the garden, listen to some classical music and don’t spend a single thought on work.
Tomorrow I will arrive in the office around 7:45, I will do my work. My boss recognizes my teams effort and thanks all of us for the work on the end of each sprint.

There are no personal fights in the team, everyone is getting along with the others.

I do some good work, get a good salary and don’t have to mix up work and personal life.

The people here are awesome, everyone is welcoming and supportive.

If everything goes as planned, I’ll be able to buy my dream car by the end of summer because the government doesn’t take all of my money. They take their taxes before I get my salary and the money I get is the money I HAVE..

Ireland is awesome.
At this point: thanks for the Irish guys here who provided information about work and life over here! And also to the other devs who supported me here👍

There's little irritations that happen when working with clients over time that let you know that they're stuck in the past and definitely not the kind of client you want to have long term.

My personal favorite example:

"Can we put an icon that shows the weather on the banner of the website?"

Note: I don't make "websites," information portals, content pieces, etc.

It doesn't to matter what type of application it is; time tracking, HR, mortgage application, industrial control system, etc. I don't know why, but every single client I've ever had where I've been saddled with one or more people who have no business being anywhere near the term "stakeholder" asked for this stupid, banal, 1995 web portal fuckery. Their shitty little mushroom stamp contribution wasting everyone's time.

What's worse, they want it be prominent in the screen real estate. It can't just be a responsibly sized waste of space like the screenshot's top example (from a company whose entire business is weather, nonetheless). No, it has to be the busiest fucking thing in the control space, as in the example inferior.

Or maybe I'm just wrong and people desperately want to know if the sky is going to piss on them if they leave the cave.

Anyone else have a pet peeve in regards to recurrent, pointless functionality?

We don't sell your personal information; hopefully, by our definition, "personal information" doesn't really mean anything. We track you on 75% of major websites and store every bit of data you generate. My takeout.google.com was 14GB large. FUCK YOU

I don't know why is that everytime you guys find a security bug or a data leak or that someone is saving plain passwords on their database, you try to cover and censor the company name. Listen people, fuck the company and their name and their brand if someone's data might be in danger. Everybody should be aware of what is happening with their personal information.

Also, maybe would be great if devRant would let users to post anonymous rants for this kind of issues or a special thread with latest news about our online security.

Just gonna lay this out. It is 2023. If you are still using Twitter and Facebook for personal presence you are kinda stupid (as in using your real name). They are shit sites and they can and will use that information against you. Personally I would lump LinkedIn with them, but it is still mainly business use. Twitter and Facebook are useful for business, but a huge liability for personal use. Keep up with your relatives somewhere else. Same goes for reddit, but most people there use anonymous handles anyway. So probably a bit safer.

Personally I never understood twitter. Facebook was interesting, but I started running into strange fucks on Facebook. People who were basically amoral and were okay with killing people. They were "friends" of friends. I also saw how this information could be held against someone with their political views. So I dropped Facebook more than 10 years ago. It has only gotten worse. About 2 years ago a friend of ours relative was going on vacation to Mexico. So someone called our friend in the USA and pretended the relative was kidnapped and tried to extort money. They got all of this info on the vacation off Facebook/Twitter. The same thing can happen with jobs. Wrong political views and you won't get hired. This is what I mean by being dangerous to you. People are assholes.

So my father asked me what I think about filemaker. I researched, while we were waiting for the food (restaurant) bs holy fuck, I've never gotten this bad vibes from a from something I believe to be a scripting language.

> proprietary (Apple)
> only articles I found about it were related to LinkedIn or at least written like they were
> not a single text based tutorial on the first pages of the search result, only videos (didn't watch them, because my mobile data is too scared for that)
> I can't find anything remotely explaining what this shit is about.
wikipedia was the most best resource I could find
> Free ebook about "how to train your junior developer" for filemaker requires me to enter way too much personal information.

Back in the days when I knew only Windows, I used to be a Microsoft fan. I wanted to use only Microsoft products. I had a Hotmail email account that Microsoft acquired. I used a version of Windows and Microsoft Office (even though I didn't know at the time that it was pirated). I wanted to be a Microsoft Student Partner (MSP) and promote Microsoft everywhere.

Fast forward to now (or maybe to the time after I got introduced to GNU/Linux), I started hating Microsoft solely for the reason that they had a price-tag on everything. Later on, when I got to open-source software, I hated Microsoft for making all of their software closed-source. When I decided to move out of the Microsoft environment, my next favorite was of course, Big Brother (Google, if you haven't gotten it) - Gmail, YouTube, Google Drive. My personal information was the price to pay for the services even though I wasn't OK with that fact.

Then again, I realized that you could actually have your own stuff if you had the know-how. Compile / host your own software on your own systems. Oh, then I went on a compile spree. That's when I realized I didn't need any of these corporations to own my data. Today, I try my best to keep my data in my control and not some corporations who gives me free stuff for the price of my data and personal information, no thanks.

I got a contract with this schools to build a student portal,

I do all the needful and the project whatever guy insists that I use their current shared hosting to host this MERN stack application.

first of all, cPanel is my least favorite place when it comes to deploying, I actually dont do deploying I just hand it over to whoever is the IT guy there.

I discovered there's no provision for nodejs in their current plan, I go through all the stress of contacting the shitty customer support and the process of squeezing out useful information from them.

I'm only doing this because the project whatever has refused to pay me until their site is deployed. throughout the process of creating this project I had setup continous deployment on heroku and netlify and I had to beg this guy to look at the changes and review them.

well, today I asked the former guy that built the current site for the login details to the schools dashboard on the hosting providers site and he says he used his personal details for it, according to him projects from other organizations are there too.

I swear I'm going to loose my shit, freelancing sucks

The company I used to work for, despite me not working there contacts me to get a verification code because the crappy developer they hired can't change a couple settings on the apple website and add themselves as a developer.

At the start of this all, a couple months back I gave them the code out of courtesy, but at this point, as i'm heavily invested in the development stage of my actual job as a vr developer, I won't take time out of my day to even answer the phone for them.

But what really pisses me off is the person who contacts me, my assumbly best friend, who during the last 12 months has only called me for these codes, so work related shit or just personal shit and never to hang out or play games or generally what we used to do as friends before he got a job at that stupid company doesn't have the balls to tell his boss that i'm busy with my job, that maybe if payment was offered as an incentive that I would be happy to be contacted.

When I left that company I didn't setup anything to make it so they would have to contact me, all I did was add myself as a developer of their app. I also heavily documented everything I did, all the issues I faced and the workarounds I found, and everything including all login information needed to get things working, I went above just "developing" the app I added in all the credits to all work used in the app as partly to make sure we don't get sued for stealing someones work without the right credit.

I hate the fact that I worked for minimum wage and did all of this shit, but I never complained at all about things like the 1 1/2 hour travel time (one way I might add) to my boss, the amount of money I spent on public transportation, the little money left over that I didn't even spend and instead give to my parents.

They know nothing about how hard that year was for me, and if they want to get this code, my so called friend can come chat in person, in his off time and when I'm done working on my own shit and we can discuss terms because this shit is just not fair at all.

So I have to give a technical presentation in front of 50+ people in 6 days. I'm just about shitting my pants right now. And thinking what to talk about.

Any ideas? Mine are:
1. Arduino and Raspberry Pi--the future of automation.
2. Privacy and how personal information is now another way of profit.

SecureMessengerAndroid

A chat app that uses AES encryption and doesn't require any personal information like phone number or email address.

PSA Cloudflare had a bug in there system where they were dumping random pieces of memory in the body of HTML responses, things like passwords, API tokens, personal information, chats, hotel bookings, in plain text, unencrypted. Once discovered they were able to fix it pretty quickly, but it could have been out in the wild as early as September of last year. The major issue with this is that many of those results were cached by search engines. The bug itself was discovered when people found this stuff on the google search results page.

It's not quite end of the world, but it's much worse than Heartbleed.

Now excuse me this weekend as I have to go change all of my passwords.

Brave Browser.

There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.

Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:

Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”

If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.

But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:

“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”

Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.

In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.

Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.

I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.

There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.

In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.

Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.

I am SOOO fucking sick of being asked if our website and gaming servers are going to be GDPR compliant. All these game owners in a panic changing everything they do just to conform to this law.

Fuck GDPR. In all reality COME AT ME BITCH. The EU wants to grow a pair of balls and act like the world internet police? Bring it the FUCK on. You can't even stop pirating in your own country, so how the FUCK are you going to regulate and enforce this law on HUNDREDS of THOUSANDS of servers, when your punk ass government can't even shutdown a single torrenting website.

Give me a fucking break, and shame on you pussies for allowing it. All you people running around scared acting like your private gaming servers are important. I give a shit less how much work you put into your server. I have put more work than most anyone else, but you don't see me trying to act self important as if my gaming server is some fortune 500 company.

Your server isn't important and neither are you. The government doesn't give a shit about your server so can we all just stop acting like this fucking matters. NO ONE FUCKING CARES ABOUT YOUR SERVER.

NO ONE is going to come and sue you for not complying. GDPR is for business, and anyone that wants to argue no look it says right here it applies to all is a fucking MORON. Do you idiots stop and think or do you just believe everything typed out on paper.

THEY CANT ENFORCE THIS ON EVERYONE. They don't have the resources. So use your fucking heads and stop being so fucking scared of a law that has no resources to stop you. THEY CAN"T DO ANYTHING. EU and whoever made their polices, I DARE them to try and touch my server, I WANT them to start something with me, just so I can show the rest of the world why the Internet is still the wild west and why they have no power over me.

You think pirate bay is the only one who knows how to hide their server? You think pirate bay is the only one who keeps backups of their server to be able to re release in an instant somewhere else in the world? Bitch get real this is the internet, a place where a 5 year old can buy hand grenades from the Red Silk Road, and you wanna talk to me about your privacy? Go fuck yourself.

It's not my problem some douche bag went onto a site that used his personal information in the wrong manner. So how about you do what everyone else does and browse ANONYMOUSLY. But no it would be to easy for governments to make their own citizens responsible. Instead they have to hold all of YOUR hands, because you people are to stupid to protect yourself.

Wake the fuck up world, and stop being a bunch of whining little brats who cry for the government to bubble wrap your world so you can live safer. Natural selection is long overdue for a lot of morons still breathing air.

GitHub Packages Sucks. Like, it REALLY sucks.

It sounds like the best thing in the world - being able to host your project packages alongside your code! It has full support for Maven, Gradle, Ruby Gems, Node packages, Docker images and even dotnet CLI applications. It even lets you view statistics on how many developers have downloaded a given package! For public repositories, the packages are free to host as well!

So, I decide to use it for my Maven project since it's "so great". I've never used a public Maven repository before, so this was all very new to me. I follow the documentation - simply run "mvn deploy ...." and use a generated GitHub personal access token. No problems there. Deployment is a success and I feel a wave of happiness seeing my packages online. I follow through the various links and it even adds automatically generated usage information for other Maven users - fantastic!

That was, until I decide to try and download one of the files from this package repository. In order to download a file, you must have a GitHub access token. Okay, makes sense I guess? What if another developer wants to use my library? To do so, they have to generate their own GitHub access token, store it in their local ~/.m2/settings.xml file and only THEN can they use my library. So clearly, this is significantly inferior to other public Maven repositories where you don't have to get an access token to simply USE a library.

Upon discovering this, I decide to simply delete all of the packages and continue using whatever previous system I was using. Except of course, they forbid the deletion of public packages because "other projects could depend on it". The only way to delete public packages is to either:

[0] Make the repository private (losing all stargazers and watchers), delete the packages and then make the repository public again
[1] Contact support and ask them to delete the public packages. They say that they'll only do this for "special cases", such as legal issues or GDPR breaches.

I've sent a contact form and I'm currently hoping that they see things in my favor. I mean seriously - a public package repository where in order to use it you have to have a GitHub account and then generate an authentication token - it's absurd!

To me this is one of the most interesting topics. I always dream about creating the perfect programming class (not aimed at absolute beginners though, in the end there should be some usable software artifact), because I had to teach myself at least half of the skills I need everyday.

The goal of the class, which has at least to be a semester long, is to be able to create industry-ready software projects with a distributed architecture (i.e. client-server).

The important thing is to have a central theme over the whole class. Which means you should go through the software lifecycle at least once.

Let's say the class consists of 10 Units à ~3 hours (with breaks ofc) and takes place once a week, because that is the absolute minimum time to enable the students to do their homework.

1. Project setup, explanation of the whole toolchain. Init repositories, create SSH keys for github/bitbucket, git crash course (provide a cheat sheet).
Create a hello world web app with $framework. Run the web server, let the students poke around with it. Let them push their projects to their repositories.
The remainder of the lesson is for Q&A, technical problems and so on.

Homework: Read the docs of $framework. Do some commits, just alter the HTML & CSS a bit, give them your personal touch.
For the homework, provide a $chat channel/forum/mailing list or whatever for questions where not only the the teacher should help, but also the students help each other.

2. Setup of CI/Build automation. This is one of the hardest parts for the teacher/uni because the university must provide the necessary hardware for it, which costs money. But the students faces when they see that a push to master automatically triggers a build and deploys it to the right place where they can reach it from the web is priceless.
This is one recurring point over the whole course, as there will be more software artifacts beside the web app, which need to be added to the build process. I do not want to go deeper here, whether you use Jenkins, or Travis or whatev and Ansible or Puppet or whatev for automation. You probably have some docker container set up for this, because this is a very tedious task for initial setup, probably way out of proportion. But in the end there needs to be a running web service for every student which they can reach over a personal URL. Depending on the students interest on the topic it may be also better to setup this already before the first class starts and only introduce them to all the concepts in a theory block and do some more coding in the second half.

Homework: Use $framework to extend your web app. Make it a bit more user interactive with buttons, forms or the like. As we still have no backend here, you can output to alert or something.

3. Create a minimal backend with $backendFramework. Only to have something which speaks with the frontend so you can create API calls going back and forth. Also create a DB, relational or not. Discuss DB schema/model and answer student questions.

Homework: Create a form which gets transformed into JSON and sent to the backend, backend stores the user information in the DB and should also provide a query to view the entry.

4. Introduce mobile apps. As it would probably too much to introduce them both to iOS and Android, something like React Native (or whatever the most popular platform-agnostic framework is then) may come in handy. Do the same as with the minimal web app and add the build artifacts to CI. Also talk about getting software to the app/play store (a common question) and signing apps.

Homework: Use the view API call from the backend to show the data on the mobile. Play around with the mobile project to display it in a nice way.

5. Introduction to refactoring (yes, really), if we are really talking about JS here, mention things like typescript, flow, elm, reason and everything with types which compiles to JS. Types make it so much easier to refactor growing codebases and imho everybody should use it.
Flowtype would make it probably easier to get gradually introduced in the already existing codebase (and it plays nice with react native) but I want to be abstract here, so that is just a suggestion (and 100% typed languages such as ELM or Reason have so much nicer errors).
Also discuss other helpful tools like linters, formatters.

Homework: Introduce types to all your API calls and some important functions.

6. Introduction to (unit) tests. Similar as above.
Homework: Write a unit test for your form.

(TBC)

10 Signs You Picked the Wrong ISP !!

10. Their company logo: two tin cans and a length of string.
9. You check out their address, and it's a phone booth containing a Compaq portable and an acoustic coupler.
8. Their chief technical officer lives in a 10-foot-by-7-foot shack in the woods.
7. Their proud boast: "We've been on the Internet since it was CB radio."
6. Their promo materials use the words "information" and "superhighway" in the same sentence.
5. You order an SLIP/PPP connection, e-mail, and 2MB of server space for your personal Web site, and the voice on the other end of the phone asks, "Would you like fries with that?"
4. "As seen in Better Business Bureau special reports."
3. "Access speeds up to 9,600 bps in most areas."
2. They hawk both domain names and Rolexes on street corners.
1. They charge by the word.

Rant #1
I’ve got a new client wanting me to take over their website, okay... I’ll take care of you.

What’s the hold up?
1. Anon, Get ahold of this person, they’ve got the info you’ll need.
2. We will get together sometime to go over paperwork.
3. We are waiting on the board to sign off on a contract switch.
4. I’m needing this changed immediately on the site or we will be fined, but I understand you don’t have the information to make that change - can you get ahold of X to get the information?
5. *gets ahold of X* - still waiting on Y to approve contract release and change.

Listen, I have my faults too on running my own business but at least I know what I can and can’t do when either accepting or turning away a client. I’d be happy to work on your website, but you’ve got to get approval from those on your team before you make a change, that’s not on me. It’s cool that you need whatever changed on your site before the end of the week, but I can’t help you until I’m officially signed on. Please don’t request content change when I don’t have access to the content to change it.

Go get approval by your team first before you call me about making changes to your site, we haven’t even exchanged any information or paperwork yet.

Rant #2
If you call me again knowing that I’m on a two month leave from work, I’ll slit your throat and fuck the wound. It’s 1:40. There are other techs, you’ve got the on-call list in front of you. I’m flattered you went through the trouble of finding my PERSONAL NUMBER, but I have rants to write damn it.

Reading "duh... that link looks sketchy" time after time when attempting to nudge people in the direction of good resources, e.g., on-line manual pages, becomes rather irritating. Is typing the URL into VirusTotal or something really such a fucking hassle? Are you sufficiently special to warrant the creation of an IP grabber which is dedicated to targeting you... AFTER you posted your exact location on Instagram last week?

Similarly, some pants-shitting, worm-eating troglodytes who have the gall to claim to know anything about cybersecurity STILL think that for all Web sites k, that k's URL begins with "https" implies that k is secure. NO! Unencrypted Web sites are FINE unless sensitive information is being transferred. Are publicly available manual pages sensitive information now?

Grabbing the campaign hat and writing death threats and very personal insults is sometimes slightly tempting.

I actually do have something to rant about!

The people I've decided to work with... are complete and utter fools. They don't want to keep updated with new practices and merely talk about awesome stuff... Let me elaborate.

The first person is someone I spent really many hours just writing with, I've helped him build on his personal project, which has now become our project (which I've done most of the work on now). He keeps writing about things that aren't fucking relevant for the current task - furthermore, he completely refuses to use any type of collaboration software in order to keep an eye on tasks we want to, and already have completed. He likes Git but doesn't provide helpful git messages, sometimes even stuff like 'forgot this'.. never any freaking description of what's actually been done! Not even after agreeing it should be done, he just doesn't understand what a helpful message is apparently.
I might be a bit special regarding wanting to follow practices, but how the fuck do you make any amount of money by being so ignorant!? He was a WP 'developer' a while ago, and has since changed to JS and are using a framework which he doesn't understand - he can't even remember what the documentation states.

So why do I 'work' with him? He knows a lot of phrases he's read in books, blogs, and the likes. That makes him really inspirational and positive and he really wants to become successful(like me!). But over the last few months, I've realized how bad he is at programming - he doesn't know basic programming concepts and have a hard time applying any sort of knowledge to his programming. If it's not pre-built, he can't use it, not even if the documentation has specific examples. He barely grasps the concept of binding data to a variable. He wouldn't know how to access it again though, it's just for the sake of binding it to some existing functionality.

The other guy really likes his old style. He hired me to maintain some application. Which has turned out to be a hell of several small tasks he needs to be finished or reworked - with no clear definition of the task. Most of the time, he'll do some initial changes, show the changes to me, vaguely explain what they do (not what he's trying to achieve) and first THEN ask me to do these changes, most often in some files that don't exist (he uses the wrong filenames so I have to guess/ask where the changes need to be made).
To top it all off, old syntax is used and don't get me started on the spaces+tabs for indenting lines... Because I've already added a great ESLint+Prettier conf and everything should be nicely formatted according to pre-defined rules.
But he won't take the time to install some plugins in his editor and I'm left with sometimes buggy, badly formatted code (the code I have to make changes with!) - that's while he several times have agreed that I can do what I want and that he even questions his own ways when looking at my changes which he calls by-the-book.
So why the motherfucking fuck do I keep working with him?

Well, he keeps paying so that's really nice - I haven't been able to properly execute the bigger tasks(which pays more) though, due to a lack of information or some badly written code I couldn't quite figure out how works (at a glance).

He also keeps talking about these new projects he wants to make.. he even has these freaking papers with descriptions and data-structures and we converse really good about these new awesome projects. He also likes cryptocurrencies(which is an interest of mine he has inflamed quite a bit) and lastly, he seems like a genuinely nice guy who I'd like to spend some time with even besides coding and work.

So now I stand here - stuck with people that make me feel like a demi-god or something because I use a git style-guide and ESLint+Prettier with the Airbnb style-guide.

What should I do? I'd really like some remote work and have a desperate need for money... So much so, that I might even have to pick up a fulltime job, in order to save my sorry ass - all because I like speaking with people who just like the thought of programming...

I'm actually quite lonely with my thoughts and they are the two only people I've had some sort of relationship with - who has an invested interest in programming/dev... I really like that, despite having to follow their thoughts as they surely can't follow mine.

Please be my friend or give me some paid work lol.

Also, I've been moving the last couple weeks - those weeks has been the most stressful of my life and have not contributed to my overall wellbeing and relations with people... It's good to be back at the computer again and be reading some devRant though!

I AM SO ANGRY! Today my job fired me for the stupidest reason!! A while back I lost my job a (non-important) client for having an "overactive temper" so my boss made me begin taking VRTAM (or virtual reality therapy for Anger Management). Well I attended the first couple things but decided to stop because they were definitely stealing my information. I don't know what sketchy website they found for that but as a dev I can tell when they are taking my personal information. Also there's no way it works I attended a couple sessions and nothing helped because I DONT HAVE ANGER ISSUES!!! Anyway my job found out I had been skipping them and when they confronted me they avoided my concerns and just fired me... Haven't told my wife yet, she's going to be so mad.

Starting the day with Management complaining about budget and how R&D spends a lot. I start talking about the form to get a machine to a developer, that requires detailed information about the specs, proper justification, provide price comparison, fields of text which I know their departments will not check or fully comprehend BUT administration type departments always get the latest MacBook when their work literally involves little more than read emails, PDFs, write word documents and not high demanding software tools. R&D colleague suggests that a Raspberry pi would suffice for what administration personal needs out of a PC.
Management didn't comment.

DevRant has many privacy-conscious people and honestly just people who don't like when their personally identifiable data gets shared.

Yet, DevRant uses Carbon Ads owned by BuySellAds. Here's what their privacy policy reads:

"Some Personally Identifiable Information may also be provided to intermediaries and other Third Party Service Providers (defined in part (4) below) who assist us with the Services"

You know what's the funniest thing? In "part 4 below" they never actually state which companies do they share personally identifiable information with.

Just a quick reminder that when you use DevRant, your personally identifiable information may be shared with any amount of third parties, and you could bet a lot of money that the list includes Google and Facebook because of remarketing. Remarketing is a fancy term that means not selling personal data but instead giving it away for free.

Use AdGuard or any other browser extension that blocks analytic scripts. Buy a Raspberry Pi Zero W and make yourself a PiHole. When you're using DevRant mobile app, use analytics-blocking VPN.

I find adobe website fucked up. They asking to many personal information just for downloading a fucking trial software. Dude WTF?

Sometimes I feel that as we have some rules and accessibility guidelines for 18+ when they visit any website, play a game etc., we should also think about 60+ who are not technology friendly. I've explained to many elders why they should not share their personal information on public forums like facebook or twitter, or why should they not reply a spam mail.... but :(

Back when I was a freshman in high school a friend of mine put an emulator on the shared drive, so we could play NES games while in the computer lab. Didn't know better/didn't care. One day I get pulled out of class and walked into the computer guys office. In there is also the principal of the school and the Chief of police.

The computer guy tells me there was an issue last week that caused the school server to crash and it caused damage. I asked what happened and the he said one of the emulators we were playing had a script that crashed the server and caused damage. I asked how much damage and they informed me it was over 3 thousand dollars. At this point I'm very skeptical that the damage was worth about the cost of a new workstation (the old one sitting on his desk, buried in boxes), and afterwards none of the faculty knew of any kind of an outage. I asked for him to show me what broke and what had to be done to fix/replace the damaged equipment but all I got was a simple, "I'm sorry. I can't show you that at this time."

They threatened legal action for a felony of damaging a school property. Myself and the other tech savvy kids talked about it over the next couple of days wondering what would happen. They threatened expulsion for myself and a couple of other kids, but ultimately just got a talking to about keeping personal information safe.

What I got out of it was if they think I'm good with computers I must be doing something right. Now I'm in IT. This is where it went wrong.

What are your plans for Christmas?!?!!??

I normally won't engage in societal tropes like pointless, generic, smalltalk or those questions people ask for lack of independent thought/societal trope-isms....

Here's my templated answer this year:

Background = ~2k$ in piles of tech... server upgrades components, apparently the only managed switch left in business/non-custom enterprise networking in the country/indexed for sale
(2k in what I would pay.... my tech sourcing is more base level and +4 years pro exp(yea... since age 8... really))

Foreground.... a shiny ✨️ new, wonderfully discounted for dumb reasons that i appreciate... 10Tb LFF HDD! 🥹🥲🤩

I really like raw data... enough raw data and proper context relevant high-level, custom, precise algorithms and i genuinely believe literally any questions or problems can be quantified and solved for

So... I just keep getting data, life, sourcing, stats on human behaviour... i factor everything

Yes i realise im very odd

//initial context plus curiousities
As parsed out to somewhat tangential commentary below... i cant keep making people go away for societally viewed polite engagement. Therefore, when asked again by factory sales rep who enjoys verbosity and apparent finds me extremely worth his intrigue/personal time

// additional context (and my attempt to be more parse and comment conscious)

With a bunch of initial reveals and launches startjng in a week and technically being the "owner/boss"(cringy to me so Ive officially made my title (anywhere with custom input fields) DragonOverlord...dragons being a tied in theme to all sects and no one can say DragonOverlord isn't a position... as it's clearly a class... unless you find a human more style code ignorant, comment inept, and in need of a very multilingual scribe to create a lexicon 2 steps before my code would be even follow-able without a likely, bad, headache and davinci code like adventure including the improbably well placed wise scholars that just happen to have significant unique and vital information they are willing to freely share with strangers.

Why?! Why do companies need to build a useless application for their product every... single... time? It's not like I'm going to watch the state of my (future) pension every single day, I only want to update my personal information.

(I kinda get why, but still, you can get similar features out of a PWA as well, which is less annoying for the end user)

For me big list is there ;)
But recently one of the team in our internship has built a project where admin can add and update his own educational details into the project and no one can see admin personal information because of privacy :|

Incoming rant.

I have 4 years professional experience at a small shop working on a web application for property and liability insurance. The application is ASP.NET with C# as the code-behind. I have a BCS and will finish my MSIS fall 2017. I have no idea why I have the degrees. I know that when I enrolled, it seemed like they would be a nice addition to an otherwise empty resume. I was lucky enough to land my first and only development job during my sophomore year of my undergraduate program. Is this enough experience to land a new job?

I feel like I'm learning nothing at my current job. The specs that come in seem very vague to me. When asked for clarification, there is often push back, and I don't know whether that's because I don't have enough experience to parse what the client means in the two sentence spec I got or if it's because the client does not actually know what they want.

I hate my current job. My productivity is low because I spend more time trying to figure out what the client wants and analyzing an 8 year old system that has 0 documentation. I know some of you will just say, "Suck it up" at this point, but I really want another job. The only thing I like about this job is that it's 100% remote. It also pays $60k a year, so a replacement should be at least that salary.

Most postings I see require professional experience of 5 years or more, and knowledge of other frameworks. I can work on getting knowledge of the other frameworks, but will have no professional experience with them. I don't live in an area with a lot of software development jobs, and the ones I see are for non-IT organizations that want 1 person to run a distributed system from 10 or more locations. A hospital system out here wants to pay $30k a year for a guy to be both software developer for new tools as well as the helpdesk and IT support guy that's on-call for four locations in the county. I made more than that before I got into the development industry, for less work, and would rather leave than settle for something like that.

I've thought about moving to somewhere near San Francisco or San Jose, but I have my daughter to think about. I have joint custody of her, and would have to give that up in order to move out of the county.

I like programming and using it to solve problems. I like designing architectures and how all the components will interface. I like designing and normalizing databases. I like taking part in coding competitions for employers that are well-known (Amazon, Facebook, Uber, Twitch, etc.), even though I often just place middle of the pack. When that happens, I feel like I'm an imposter in this industry.

I think I have the most fun just working on small projects for personal use. My latest is an assistant calculator for the game Transport Fever to figure out cargo throughputs per annum based on the in-game timing information. Past projects have also been small. Ones I could use in a portfolio are a sudoku solver desktop application, PC/Web game in Unity that is a 3D FPS remake of Duck Hunt that allows open world exploration but locks the camera's viewpoint for shooting events, and a building assistant for Rome II: Total War that maps out all the bonuses/perks of user-specified building combinations in provinces so users can record their long term building plans without using all their turns to see the final results.

I seem to be an unproductive, average developer who dabbles in projects here and there.

This is what I want from other Ranters. Just say something. I don't care if it is, "Suck it up and get better." It could be your tips for finding and securing a new position. It could even be empathy, if such a thing exists on the Internet. Whatever you want, just say something that will help get me thinking of what the next steps in my career should be.

After all this time I’m still confused, why was Cambridge Analytica such a huge deal? I feel like a lot of people knew this in years prior, that Facebook/Google were scraping user data and activities to use for personal profiles and hence more directed as placement. Stuff like Ghostery, Privacy Badger, Disconnect, Ad Nauseum (rip it’s Chrome plug-in) etc. all focused on not allowing these same trackers to get information, so not like this case just magically busted the doors wide open screaming that all those websites you visited are now in Facebook’s database and no one knew.

I just can’t quite understand why everyone got up in arms after this.

I don't get why there are laws restricting the use of my website.

Let's say I pay for the electricity, internet, housing and everything related to my server and the website that is hosted on it.

This makes the computer my property and I allow connections to be made over the internet to it, and people accept whatever I send back to them and their machine acts based on that information.

In no way am I forcing or attacking their machine, so why are the restictuons on what data I can send (other than illegal images and such, I'm talking about cookies and privacy stuff).

Their machine is the one setting and storing cookies, not mine. They're entering their personal info and sending it to me, nothing is forced and most the time it is written out what will be done with that data.

The NPC has stated that the personal data of atleast 2000 people was leaked after the attacks on the websites of the philippinian goverment on april 1, the data contains; names,adresses,passwords and school data.

Over 7 administrators of schools, universities and other goverment structures have been called out for not reporting on the leakage of personal info on public facebook groups and violaton of the NPC in under 72 hours.

The representatives of the next structures stood before the comission on the 23 and 24 of april

- Taguig City University

- Department of Education offices in Bacoor City and Calamba City

- the Province of Bulacan

- Philippine Carabao Center

- Republic Central Colleges in Angeles City

- Laguna State Polytechnic University

The agency has reported that none of the organisations had notified about the personal info leakage yet.

This is a good reminder that you should inform about security/personal info breaches everyone that might be related to it as soon as possible, even if it seems unecessary.

I want to know how a certain type of software is called.

I once saw a talk where someone tracked his personal life for a year or so. This means photos are tomestamped and have a geolocation. Emails and phone calls are timestamped as well ...

On a timeline software he could then see exactly where he was and what he did on a specific date like 2 years ago...

There's a name for software that tracks all kind of data about your personal life. I think it starts with m.

!rant (I got down voted for this on Stack Overflow, so I try to discuss the issue with a more professional crowd.)

In a Software Engineering class, we had an assignment to read Parnas' seminal paper on modularization [0]. In this paper, two approaches of dividing a software into modules are discussed:

Traditional Approach: A flow chart is drawn to work out the single processing steps and the program's high-level flow. Then every processing step is turned into a module. This approach doesn't yield very good results.
New Approach: Every design decision will be turned into a module by the means of information hiding. This approach leads to much better results.

My personal interpretation of the term design decision is that the modules are identified as data structures rather than as processing steps of an algorithm. This makes sense, because data structures are much more suitable for information hiding then processing steps of an algorithm. (The information inside a data structure is hidden behind functions, whereas a function only hides more detailed processing steps and no information; the information is actually passed in as arguments.)

Why does the second approach work so much better than the first approach? Here comes my second interpretation: The single processing steps of an algorithm are not replaceable (and thus not reusable), whereas it's possible to convert data structures into other data structures.

And here's my question: Could that be the reason why software development using workflow engines (based on BPMN, for example) never really took off?

My personal experience is that the activities created in such workflows are hardly ever reused, but there often are big data structures passed around all the involved activities, even if most of the activities use only one or two of them.

My question exaggerated: Could we get rid of all those clumsy workflow engines by giving managers Parnas' paper to read?

[0]: On the criteria to be used in decomposing systems into modules (Parnas 1972)

Studying information technology, working as a devops guy and in parallel paying a flat for my girlfriend and me, as well as a car and motorcycle.
Just struggling as there is not much spare time for personal projects.

Layoff wave in Germany.
There is a new open-source project on Github, willbeallright-COVID19 for engineers being recently layoff because of the COVID19 situation. The main aim is to help programmers to stay connected to job opportunities. Quite interesting as the main contributor mentioned immediate questions that should be asked after the notification, and it seems to be on point as even here I've seen people searching for that information like What about all the personal items you have on the company computer? How can you get this information back? She is looking for community support so if you have any experience with layoff might be an interesting project.

I'm thinking about publishing a modified clone of my portfolio website here to get helpful feedbacks.

I don't feel ready to give out all of my personal information. I will change some personal data like names and address to something else. Thus the need for the modified clone.

Please help me before I get mad,
First day with Linux Mint.
Objective: Make a 3Tb Hdd Read and Write, Right now I can use it only to Read.
Finally Installed Linux after some bumps (bad ISO).
I have 2 HDDs, the SSD with Linux and a 3Tb HDD
Right now the 3T has 4 partitions, one for windows, 3 for personal use with lots of personal stuff I can't lose.
I've been looking for videos, tutorials and the maximum I got was to had one partition mounted as a folder
<code>
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/sda1 during installation
UUID=f0a65631-ccec-4aec-bbf5-393f83e230db / ext4 errors=remount-ro 0 1
/swapfile none swap sw 0 0
UUID=F8F07052F07018D8 /mnt/3T_Rodrigo ntfs-3g rw,auto,users,uid=1000,gid=100,dmask=027,fmask=137,utf8 0 0
</code>

What am I missing?
PS.: Next: Make fingerprint work in Linux

Given the recent #deletefacebook movement and everyone deleting their Facebook accounts for privacy reasons, I must ask. Is LinkedIn any better than facebook? How much do you guys trust them with personal information?

Three Layers of Security
As InfoWorld notes, all smartphones have three basic
elements of security. Your first major task as a mobile
user is to become aware of these layers and enable them
in your devices:
1. Device Protection: Allowing remote data "wiping" if your
device is ever lost or stolen.
2. Data Protection: Preventing corporate data from being
transferred to personal apps running on the same device
or personal network
3. App-Management Security: Protecting your in-app
information from becoming compromised.

I had to do a modular deduplication project that could read, parse and clean up the data.
The data? Personal information: Name, Surname, phone, address and more.
Imagine the zip code in any of the following formats: ####AA, #### AA. Names with and without dashes. Address with(out) spaces, dashes, underscores etc. as well as typos! Now clean it up, and dedup.

But what files have priority over another? What data is newer? How to process address changes?

Deadline: 2 moths, impossible deadline for a (at the time - 4 years ago - rookie developer)
Anyway, night before the deadline, code was running somewhat (Java) and was able to get a Regexed address cleanup of about 70 - 80%.

My boss comes in to check the progress, sits me down next to him and says: Not good enough, let's do it together tonight, it was 4pm, day normally ends at 5pm.

No thank you, I can't do that. if you don't want this code, then I can't meet your deadline.
bye

Does React collect your personal information?

the last several times i reached out to support there were at least 5 days of tumbleweed and cricket noises. fine with that while not accessing personal mails during the week. last time i got a response the next day with request for more information and case closed the other day due to lack of response. well played...

I'm dreaming about an assistant system, which is omnipresent.
Popping up on screens in public, sitting in many ear listening to my speech, with my personal feed off contextbased information.
Like a juxtaposition of Wikipedia, Facebook, Twitter, etc...

I don't want to pick my device from my pocket to type in a search or to push a button and say "ok buddy".

It just have to be omnipresent and focused on my requests.

main problem before you touch on the between here and there problem of people eating up all their time and the theft these garbage engage in of vital memory recall objects which even they actually need believe it or not and they don't even repress their memories, is the lack of desire to interact for anything other than sex or personal profit. that has reallllllllllllllly fucked the world up lately.

and if you isolate us, the only decent people from each other, and put us around asocial people who are all liars and trash, when we know, when the information is in our minds why would we want to speak with them ?

I've sort of got this personal interest, and that is information security, but it's a frickin jungle out there. Where would you guys start?

CONSULT PROFESSIONAL BITCOIN RECOVERY EXPERTS // MAESTRO ENCRYPTER FINANCIER

You want to hear confidence-boosting success tales about getting your lost bitcoins back. Maestro Encrypter Financier has a remarkable history of assisting people and companies in getting their lost money back. Consider the instance of Connor Jack , who unintentionally sent his bitcoins to the incorrect address. Connor's face returned after Maestro Encrypter Financier used their knowledge and tenacity to track down the transaction and get his bitcoins back.
What distinguishes Maestro Encrypter Financier from other alternatives for recovering bitcoin? Above all, their team of professionals is well-versed in handling bitcoin transactions, which enables them to handle even the most complicated circumstances. Furthermore, their customer-focused methodology guarantees that you will receive tailored support and consistent updates during the recuperation procedure. To demonstrate the superiority of Maestro Encrypter Financier, let's compare their performance with that of their competitors. In a head-to-head analysis, Maestro Encrypter Financier consistently outperformed other recovery services in terms of success rate, speed of recovery, and customer satisfaction. Time and time again, they have proven their ability to recover lost bitcoins when others have failed. At Maestro Encrypter Financier, your privacy and confidentiality are of utmost importance. They employ robust security measures to safeguard your personal information and ensure that it remains strictly confidential. You can trust that your data is in safe hands throughout the recovery process. Not only does Maestro Encrypter Financier excel in recovering lost bitcoins, but they also prioritize helping clients protect their funds from future loss. Their team provides expert advice on the latest security practices, including wallet management and secure transaction techniques. By equipping you with the knowledge to safeguard your investments, Maestro Encrypter Financier goes above and beyond to ensure your long-term financial security. For enquiry, Email:(maestroencrypter @ financier . com) or call/ WhatsApp:+14722038937

I just never expected to run into people who don't have shit better to do then literally the same shit and cyberstalking people they don't even know trying to act like they give a damn for personal amusement or just lurking in the same places waiting to spring up and say the same thing or just whatever the hell this crap is when the person they're doing this too doesn't really have anything of interest other than precisely what i've indicated, that or try to be nosy and be amateur intelligence people trying to gather information over what a person is thinking regarding the activities of certain garbage in his environment :P emphasis on amateur.

Buy Verified Cash App Account: Navigating the Digital Transaction Landscape
In an age dominated by digital transactions, the concept of purchasing a verified Cash App account has gained significant traction. This article aims to explore the nuances of buying a verified Cash App account, elucidating the advantages, potential risks, and offering a comprehensive guide for individuals considering this financial move.

Introduction
The Growing Trend of Buying Verified Cash App Accounts
As online transactions become more prevalent, the trend of purchasing verified Cash App accounts is on the rise. Users are increasingly recognizing the added benefits and security that come with having a verified account.

Understanding the Importance of Account Verification
Account verification is a crucial step in enhancing the security of digital transactions. A verified Cash App account provides users with an additional layer of protection, making their financial interactions more secure and reliable.

Advantages of Purchasing a Verified Cash App Account
Enhanced Security Features
One of the primary advantages of a verified Cash App account is the incorporation of advanced security features. These may include multi-factor authentication and additional verification steps, adding an extra layer of defense against unauthorized access.

Increased Transaction Limits
Verified accounts often come with substantially increased transaction limits. This proves beneficial for users engaged in larger financial transactions or those running businesses through the Cash App platform.

Access to Exclusive Cash App Features
Apart from heightened security and increased transaction limits, verified accounts may unlock exclusive features within the Cash App. This could range from priority customer support to early access to new features and promotions.

How to Safely Purchase a Verified Cash App Account
Researching Reputable Sellers
Before entering the purchasing process, it's crucial to research and identify reputable sellers. Reading reviews and testimonials can provide valuable insights into the credibility and reliability of a seller.

Authenticating Account Legitimacy
Ensuring the authenticity of the accounts offered by sellers is paramount. A legitimate verified account should have gone through the necessary verification steps outlined by Cash App.

Ensuring Transparency in Transactions
Transparency in transactions is vital. Buyers should choose sellers who provide clear information about the accounts, including their verification status and any associated features.

Risks and Precautions in Buying Verified Accounts
Common Scams in the Verified Account Market
The digital landscape is not without risks, and the market for verified Cash App accounts is no exception. Being aware of common scams, such as fake listings and phishing attempts, is essential.

Tips for a Secure Transaction Process
To mitigate the risk of falling victim to fraudulent transactions, following best practices such as using secure payment methods and verifying the seller's credentials is crucial.

Step-by-Step Guide to Verifying a Cash App Account
Understanding the Cash App Verification Process
Before attempting to verify a Cash App account, it is essential to understand the process thoroughly. Familiarizing oneself with the required documentation and steps ensures a smooth verification experience.

Submitting Required Information
During the verification process, users typically need to provide personal information, such as a valid ID and proof of address. Ensuring the accuracy and legitimacy of this information is key to a successful verification.

Navigating Potential Challenges
While the verification process is generally straightforward, users may encounter challenges. Being prepared to troubleshoot and address potential issues ensures a seamless verification experience.

Conclusion
Summarizing the Benefits and Risks
In conclusion, opting for a verified Cash App account offers users enhanced security, increased transaction limits, and exclusive access to platform features. While potential risks exist, informed decision-making and adherence to safety precautions can lead to a positive experience.

Encouraging Informed Decision-Making
As users consider the option of purchasing a verified Cash App account, it is crucial to approach the process with caution and awareness. Choosing sellers with proven credibility, staying informed about potential risks, and following best practices contribute to a secure and positive experience.

Never post or trade personal pictures. Never reveal personal information, such as an address, phone number, or school name or location. Use only a screen name and don't share passwords (other than with parents).

So my hosting service recently informed me of a personal information leak due to a data feed that “accidently“ went public. I'm lost for words.

Online investment schemes have become increasingly popular, promising high returns with minimal effort. However, it is crucial to be aware of the significant risks associated with these schemes. Many online investment platforms, particularly those in the cryptocurrency space, operate with limited regulation and oversight, which makes them fertile ground for scams and fraudulent activities. Recent personal experiences have underscored these risks, highlighting the importance of vigilance and due diligence when engaging in online investments. My unfortunate journey began with a company called "CryptoTX," which presented itself as a legitimate crypt0currency trading platform. Initially, I was drawn in by the promise of lucrative returns and was reassured by my assigned account manager, Sarah Malone. She portrayed CryptoTX as a reputable firm with a track record of success. During our interactions, I mentioned my previous experience with another online trading platform, "Click’s Dealer." I had encountered significant issues with Click’s Dealer, and Sarah Malone assured me that it was a scam, further reinforcing my trust in CryptoTX. I started with an initial investment of $1,000, which, at first, seemed promising. I saw some trades yielding returns and even experienced what appeared to be substantial profits. Encouraged by these early successes, I decided to invest more, eventually committing a total of $180,000. However, this initial optimism soon turned into a nightmare. The tipping point came when I began to notice inconsistencies in the information provided by Sarah Malone. Each time I was contacted, I was urged to invest more money to cover "bad trades" or to capitalize on supposed new opportunities. Despite my growing concerns, I continued to follow their advice, largely due to the pressure exerted by the account manager and the desire to recover my previous losses. It became clear that CryptoTX promises were unfounded. My investments, which had initially shown some potential for profit, quickly dwindled. I found myself losing all of my hard-earned savings, amounting to a staggering $180,000. This sum represented my life savings, intended to secure my financial future and support me in retirement. The financial loss was devastating, not only due to the amount but also because of the emotional and psychological toll it took on me. In the aftermath of this experience, I realized that the terms and conditions I had agreed to likely included clauses that absolve CryptoTX of responsibility for investment losses. Many online investment schemes use such disclaimers to shield themselves from liability, arguing that investment inherently involves risk and that they cannot guarantee returns. This legal shield makes it challenging to hold them accountable, despite their misleading practices. Determined to recover my lost funds, I explored various avenues for redress. During my search, I discovered GRAYWARE TECH SERVICES, a consultancy and recovery firm that specializes in helping victims of online investment fraud. The firm had received positive reviews for its success in assisting individuals who had been defrauded by unregulated brokers. Deciding to give them a chance, I contacted GRAYWARE TECH SERVICES. Engaging with GRAYWARE TECH SERVICES turned out to be one of the best decisions I made. Their team provided expert guidance and support, working tirelessly to investigate my case and facilitate the recovery of my funds. Through their dedicated efforts, I was able to retrieve a significant portion of my losses, which was a tremendous relief. This experience has underscored the importance of exercising caution when dealing with online investment schemes. Many of these platforms operate with minimal regulation and oversight, making them ripe for exploitation. It is crucial to conduct thorough research before committing funds, be wary of platforms that promise guaranteed returns, and understand the terms and conditions associated with any investment. while the online investment landscape can offer lucrative opportunities, it is fraught with risks and potential pitfalls. Scammers and fraudulent schemes are prevalent, and it is essential to be proactive in protecting oneself from such threats. Educate yourself about common warning signs of fraud, seek professional advice if needed, and remain vigilant to safeguard your financial well-being.

GRAYWARE TECH SERVICES CONTACT INFO: What's App: +447421348767
Best Regards,
Ben Agnes.