@humanreader - eviltoast
  • 0 Posts
  • 21 Comments
Joined 1 year ago
cake
Cake day: June 30th, 2023

help-circle
  • You underestimate how different some people’s situations and priorities can be. For us, it’s forking 10-20 USD (not a big sum of money) once a year by credit card (which isn’t hard to obtain).

    There are parts of the world with dire financial situations or simply outdated systrms that don’t offer easy access to electric or international payments. There will be devs wanting to experiment with web services, but for them it isn’t simply “forking over the bare minimum”.

    I won’t reveal my location just for the sake of an internet discussion, but I lived in a country (It’s not exactly a “3rd world shithole”, but not a developed one either) where until around five to ten years ago or so getting a bank account with ‘credit card’ meant you ‘made it’.

    Why? If you weren’t lucky and wanted to pay for something international, you needed a friend with the aforementioned credit card to do the transaction on our behalf. Buying on Amazon? Better make it worth before bothering our friend there. What if I wanted games on steam? The friend with credit card, or use an intermediary that charges an extra before they ‘gift’ the purchased game. And so on.

    Now it has gotten much better, as fintech apps filled the gap offering virtual visa or mastercard payments, and the banks themselves started offering credit cards with lower quotas, but you have to remember that it wasn’t available until a couple of years ago, or even still out of reach for some.

    So what if you’re a developer with no affordable access to international tx and want to experiment regardless? You find the ones that don’t require payment.



  • So that setup effectively gives you an all-ports available connection (except 22) from your mobile device and anything that connects through it, like a laptop? The exit node would be the VPS.

    Could I skip the home router and EoIP+VPN directly between mobile and VPS, for instance?

    I am in a situation (restrictive firewall on ethernet/wifi, prefer personal mobile connection but it’s cgnat or something equally crap) this could be very useful for me.


  • humanreader@infosec.pubtoLemmy@lemmy.mlWill this also affect lemmy.ml?
    link
    fedilink
    English
    arrow-up
    51
    arrow-down
    2
    ·
    1 year ago

    FYI, two letter TLDs are country/region/jurisdiction specific. There’s an ISO standard for that.

    • .tv Tuvalu
    • .me Montenegro
    • .fm (Federation of) Micronesia

    Some countries append additional modifiers to classify their uses:

    • .uk United Kingdom
    • .co.uk Company

    Three or more are generic (traditional or new)

    • .com, .net, .org, …

    In some cases, Uncle Sam said “first!” and it stuck.

    • .edu Education (MURICA)
    • .mil Military (MURRICA)
    • .gov Government (MURRRICA)

    Just like what happens with Mali, what some silicon valley hipsters decide as a ‘fun’ acronym is just that, a fun thought. If the corresponding government decides to take away a specific domain, they probably can.


  • I see. I will have to document my progress and remind myself the company isn’t actually financing this. I should start by creating a blog.

    Haven’t personally talked to the IT dep yet - I am in a small dev team for internal webapps and the last time we contacted them was because of printer problems, hah. Will try contacting them once I feel ready.

    Thank you for the insights. Sorry I took too long to respond.


  • Sorry for the late answer.

    I haven’t thought of it that way - if I can convince my boss to test my skills on the legacy systems the company is running, it could be beneficial for both… assuming I get permission and enough actual skills to assess vulnerabilities.

    Thank you for the perspective. I agree that intro posts are repeated ad nauseam, I will find my own way.


  • Hi Mike, I recently started working as programming intern for a company doing webapps. I’ve worked part-time gigs in a completely different field before, that means I got no certs, no job experience in IT to speak of, I’m not the young guy fresh out of school anymore. However, my interests have always been to break into cybersecurity and have slowly added some relevant knowledge as bare minimum… linux bash scripting, selfhosting, networking and etc. I’ve been checking out the certs usually recommended plus all the specializations out there and gotta say this is no easy commitment, but I do want to learn.

    The thing is, what I’m currently seeing as intern is very different from what people in this field usually speak of online: For example, I was expecting the latest tools and whistles, but the company I’m at uses very old (10 years) frameworks for maintenance and support for corporate clients, windows only, proprietary stuff with very little documentation online. It gets… demotivating? It’s still a job and I have bills to pay, but I’m wondering how many years of experience do I need as a regular web developer (if my contract is renewed, even) to even attempt branching into infosec?

    I know this gets asked a lot. Sorry for the long text. TL;DR: just started as intern programmer, company works with ancient dinosaurs instead of latest stuff, years of experience needed to become hackerman (or jumping from first one to others shown here)?










  • Speaking of which, stuff that frequently comes up in privacy related forums:

    Differentiate between your professional accounts (it has your real name attached) and your non-professional ones (you use it to discuss pooping methods for example). Don’t mix them up. I know many will say “so what if people in the fediverse know where I live and how I poop, I got nothing to hide” a lot, but that’s how people got doxxed or swatted.

    Even if you don’t feel the need to, it’s good to sit down and identify the potential threats given certain problems. Do you recycle passwords for email and social media accounts? What about banking? If a malicious coworker or an immature family member got access to your social media profile and posted reputation-damaging content, how bad can things get? Identify the outcomes you can mitigate or must prevent, and plan accordingly.

    There is no “100%” when it comes to privacy. It’s a process, not an “all-or-nothing” switch. Beginners often ask if “program X and Y will protect me 100%”, and the answer usually boils down to “there isn’t a single magic pill”.

    Privacy ≠ Security ≠ Anonymity. A VPN subscription can secure your connection (content secret in transit), but does not make you anonymous (sender known to middle node). You could leave an anonymous message (sender unknown) on a public forum, but the message itself isn’t private (content not secret). And so on.

    Encryption is a useful tool, but don’t fall for the “military grade encryption” speech. They often mean “we just slapped whatever shit it came up with”, nothing extraordinary.

    There are many more but I will stop for now. No, I am not in Guantanamo.




  • AMAs stopped being interesting a while ago. It was more like a quick press release session with celebrities trying to promote their latest stuff.

    I kinda miss the IAmA part of it. People like us in usual or unusual circumstances sharing their daily lives. Researchers in remote islands, members of ethnicities or cultures that rarely get media attention, cool or unconventional jobs and how they got there. People and their stories.