it’s also important to keep in mind that the cybersecurity field has adbanced tremendously, with cloidfare, EDRs, and in general it is now way harder to do anything anonymously without getting caught, quickly. This also males the field of hacking way more difficult to get in, which combined with reduced attention span of younger generations probably means there’s not that many bored teens willing to put the time in, and as an adult you have way much more to loose, so for hose who had the skills it would be a lot greater risk.

On the topic of Mullvad, what made me choose Kullvad over LibreWolf was the VPN being bundled in. If I’m not mistaken, the whole point of ToR browser is that you have exactly the same fingerprint as any other Tor browser user, making it a lot harder to distinguish you from others using your extensions, browser and other minor stuff your browser reports about you, that combined makes for a pretty unique fingerprint, evej of you are using a VPN.

But, if you have a browser that has the same fingerprint for all users, and it has an accompanying VPN, you can partly expect that most of other users of the same VPN will also be using the same browser, making it a lot harder to track you - because while there may be only a few thousands users of Mullvad in the wild, which renders the same fingerprint not much of an advantage (because you would be one of the few users of i.e Proton VPN with Mullvad), if you also use Mullvad VPN, it’s probable that most of other users who share your Mullvad VPN IP are also Mullvad browser users, making it easier to blend in.

Bit that’s mostly my theory, why (along with being able to pay with Monero) I feel like the combo of Mullvad browser and VPN is the best combination as far as minimizing fingerprint is considered. If someone has more knowledge about the issue, I’d love to hear some counter-arguments or tips how to improve my setup.

https://www.ccpgames.com/

EVE is one of the most unique games I’ve ever seen and I admire it, and CCP in general, from what I’ve seen in their volunteer programs or from streams, seems like a nice workplace.

Also, Island is cool.

Then the book will definitely be up your alley, it’s exaclty about that, and offers a great tips about how to approach it.

I cheated the MFAs by switching what I could to SMS, Yubikey or just copying the MFA private keynto Bitwarden. Kind of defeats the point of MFA, but makes stuff definitely easier.

Anything that’s important however is on yubikey, however.

Also, good luck! Are you going through the Digital Minimalism book? I should refresh on it, every time I try it, it doesn’t last long, but I always get rid of one more stupid online habit that I don’t pick up when I inevitably return to my pre-reading the book intetnet usage. So, after already going through like 4 attempts in the last 3 or 4 years, my internet usage is slowly but surly changing for the better. But it’s more of a long run, rather than being able to get everything on the first try, in my experience at least.

If you’re not doing it because of the book/haven’t heard of it, I definitely recommend reading Digital Minimalism by Carl Newport.

How to best approach starting secops in a small indie gamedev studio. We don’t even have a sysadmin, and our boss mostly also does most of our infra together with one of the programmers.

We would love to start setting up some basic security setup, ideally FOSS based, and while I work there as a programmer, I do have 5 years of experience working as pentester and doing red teamings, so I kind of have an idea about what we could have. But I never did anything from blue team side, and also worked for large corporations, so most of the tools and solutions I’ve encountered are waaay over the budged of 20 man indie gamedev studio.

How would I even start? Are there any frameworks that would help but arent aimed at large corporations? What of the buzzwords we even need? Do I start with hardening group policies, get rid of local admins, then set up some kind of log management/SIEM, then IDS? And it’s so hard to google for, because every blog post I found is just a disguised ad for a company that does Security as a Service. Why isn’t there some kind of easy 10 step program that would tell you “step 1. Harden configuration. Step 2. Install <one of many security tooling acronyms>.”

I vaguely know that most of the buzzwords that are thrown around have some dependencies, but what? Does IDS needs logs from SIEM, or is it the other way around? I’m obviously not qualified for this, but i dolid get time to research it, and some DIY attempts is definitely better than having no security in place at all. And, I know very well how to actually hack and test our security setup, so I can at least tell if something I’ve done is shit or useless :D

I’d go for scandiavia, if I could choose anywhere. Or Island, working for CCP is my dream job.

When I tried that, it lasted me for almost a year and a half, before I unfortunately got a second job that required MFA and I needed to be more online in general due to juggling two jobs. And it was amazing!

What I eventually did however was to get a dumb phone that can do a wifi hotspot, and still carried my smartphone but without simcard and net access, and powered off. When I really needed to get a taxi or look up a way home when I overslept drunk on public transport and ended up who knows where, I could always just fire up hotspot, power on the smartphone and do stuff I needed. Cause when that happened first time, it was when I first realized how much dependent I am on smartphone and net access.

Thanks for reminding me, I just quit one of the jobs and I can afford to be more offline, so back to the dumb phone I go! Convincing my GF again that she has to text me instead of using discord will be hard, though … Or explaining that I really cant look up the fact she wants, or call a taxi quickly…

I still have a python bot that forwarded discord messages to my own bare html website, so I can chat with her with the basic web browser of the dumb phone.

https://wbo.ophir.dev/boards/klFrzLZIyfumYW6larIfi-NKQescKcR8pMib1hlochQ-

Feel free to draw here.

One night when returning from a party at work, I’ve decided to stay a while longer in the tram to escort my co-workers to the tram central hub (which was like half an hour of tram ride), instead of getting out at my home, which was only 5 minutes from our workplace.

When I got into the tram back home, there was an older guy with a carboard robot costume, who was talking to someone about his work in the theater. Because I find people like that interesting, I decided to move closer and sit next to them, so I can listen to their pretty interesting conversation. I’ve tripped and basically literally fell into their conversation, and the other guy left, so we started talking. It turned out he does a prop-guy on movies and for theater, and we hit it off pretty well. He also lived literally 3 minutes from my place, and we have decided to go have a few more beers at his home, which was basically a storage lot full of random stuff without much furniture - just random props, one bed, and a lot of beer.

I’ve messaged my GF that I’ll be late, since I’m drinking with this pretty cool old guy, and send her a picture of the place. Her reponse was “Wait, isn’t that <name>?”. Turns out, he was a prop guy on a movie they were filming a lot of years ago at their old family house when she was young, and not only he was the most fun guy to be around there, always sneaking out to drink with them, but also briefly dated her (late) mother, so he’s basically her step-dad. Since he’s pretty old-school, no social networks, internet and barely a phone, we did exchange contacts and since then have seen him a few times, and it was always a treat, like getting us to the backstage of theater production. But the way we have met is so, so random and the odds of something like that happening are mind blowing. I usually don’t follow random people home, but here we have hit it off so well that we wanted to keep talking and it didn’t even felt weird.

I can’t decide whether this sentence is a joke or not. It has the same tone that triggers my PTSD from my CS degree classes and I also do recognize some of the terms, but it also sounds like it’s just throwing random science terms around as if you asked a LLM to talk about math.

I love it.

Also, it’s apparently also real and correct.

I call the goth scene/genre 80s goth mostly because in the last decade, saying you listen to goth music would for most people mean Nightwish and gothic metal, which has exactly zero things in common with the 80s goth bands like The Cure or Sisters of Mercy. Calling it a trad goth may have been less confusing, though.

I though that MC means magnetic cassete, every time I shopped for them on our local version of ebay, they had MC in the name. Might be local thing, though.

I’m 27 and regularly atttlend concerts in the 80s goth/postpunk/arkwave/synthpop scene. Every band has a CD and I always get one, though if they have MCs, which they sometimes have, I preffer those. As a profesional poser, listening to MCs on a walkman just has this unique feel CDs can’t replicate, while also helping with my attnention span since I can’t just easily skip songs midway and stick to the few ones I like, instead forcing me to enjoy the whole album which eventually grows on me.

However, I’m probably not a good reference, since I also regularly host parties, DJ and help the local scene promoter with events, so music is pretty big part of my life.

Also, I don’t really listen to them much. I have my own NAS with music, and instead of paying for spotify I download what I need from a private torrent tracker (which I need mostly for DJing, which I never get paid for and always volunteer, just like we do the events with free entry, yo no income from that). That’s why I make sure to buy the CDs, while also having a budget that’s in the same range as I’d spend on Spotify, that I make sure to use every month to buy an album I liked on Bandcamp, slowly replacing everything I’ve pirated with either CDs or bought digital albums. I feel like that way a lot more of my money end up at the hands of the artists, than if I just payed for a streaming service I don’t want to support, while also not limiting me just to the few albums I can afford (and also giving me offline backup if they ever pull the songs from spotify). Pirating is not ideal and I generaly don’t endorse it, but I feel like my approach is kind of morally ok-ish in the long run. Still not excusable, but I’d say better than just paying for Spotify.

O(fuck)

A random account on FB, with only like one or two mutual friends and a name and profile picture both being reference to Tim Burton’s movies has messaged me because of a photo of me on a local old school goth festival. We started talking and hit it off pretty well, and eventually decided to meet. No-one of my friends knew who she was, I never saw any of her real pictures or had any indication whether I’m being scammed, catfished, or who the hell it is, other than her mentioning that she was part of the local goth scene several years ago, before I started participating.

We decided to eventually meet before another party, and I went in half expecting I’ll just get a funny catfish story out of it, but I like collecting funny stories so why not. And she promised to bring alcohol, so all I was risking was one awkward afternoon I’d spend getting drunk with someone.

We both arrived already tipsy, and I was met at the train station with a really nice looking girl carrying three bottles of mead, which we’ve managed to drink on the way to the party. It was amazing experience and we hit it off immediately and it was basically love at first sight. Both of us could hold our drinks well, and we got to the party pretty drunk but nowhere near too drunk - I can drink a lot and be OK (not that I do it too often), and it’s rare when I meet someone who can keep up with me.

When we arrived, it turned out that half of the people already knows her, because she indeed was part of the scene around five years before my time, before she got into a really bad relationship she couldn’t get out of due to mortage for several years, cutting contact, but she changed her nickname so no one realized it was her I was talking about. She just got out of the relationship by moving out within a day because she found out he was cheating on her, and few months after that randomly decided to message me, because she saw me on photos with her highschool classmate - who was also my best friend who got me in the scene several years before that (I’m around 6 years younger than both of them), and her friend convinced her to just give it a try and message me.

We’ve been together for almost 6 years, moved together four years ago, and we’ve eventually started DJing and hosting our own goth parties, among other things, while also helping local promoters with their events. All in all, it’s good, but it was a pretty random luck that we’ve met.

I mean, if it’s **just ** a normal screen-sized website, that already makes it a lot easier. Not having to deal with responsiveness bullshit would make webdev a lot better experience. That is assuming “normal screen” means 1920*1080, or whatever is the median screen size.

One important thing about CS was that it’s also marked as a boot-start driver. That flag tells the OS that it can’t boot without it no matter what happens, aside from safe mode, and iirc if your driver doesn’t have that flag, which drivers probably shouldnt have, from how I understand it if such a boot loop would happen due to a faulty non-boot-start driver, the system will recognize that and simply disable it.

What stops you from tampering with the game folder, and changing the function that sends the hash, to send a pre-calculated and valid value, instead of calculating it from real files you are running?

I might be wrong, but from how I understand it it probably wouldn’t help. Kernel drivers have a rigorous QA and cert by Microsoft if you want to get them signed, which is a process that may take a long time - longer than you can afford when pushing updates to AV/EDR to catch emerging threats. What Crowdstrike does to bypass this requirement is that the CS Falcon is just an engine, that loads, interprets and executes code from definition files. The kernel driver code then doesn’t need to change, so no need for new MS cert, and they can just push new definition files. So, they kind of have to deal with unsafe in this case, since you are executing a new code.