“If a target is important enough, they’re willing to send people in person. But you don’t have to do that if you can come up with an alternative like what we’re seeing here,” Hultquist says.

From the article

Here bro, for your next tweet: . . . . . . . .

Spend them wisely

I've been a funding member of the Wikimedia Foundation for over a decade. I have looked at their finances several times before and during financing them.

As with a lot of similar non-profits, a considerable amount of donations does not go into "running the servers". You have to judge this by yourself, but they don't embezzle any money and there is a reasonable bottom line. Wikipedia continuously helps tons of people, and the people who run the operation enable that.

You can download a full dump of Wikipedia any day. Compared to other lying companies, they have been true on their promises for some time.

Of all the $1 I could spend in a year, the one I give to Wikipedia is probably the least wrong invested, and that $1 actually already makes a difference

Respect the Accept header from the client. If they need JSON, send JSON, otherwise don't.

Repeating an HTTP status code in the body is redundant and error prone. Never do it.

Error codes are great. Ensure to prefix yours and keep them unique.

Error messages can be helpful, but often lead developers to just display them in the frontend, breaking i18n. Some people supply error messages in multiple languages, depending on the Accept-Language header.

There are many ways your real IP can leak, even if you are currently using Tor somehow. If I control the DNS infrastructure of a domain, I can create an arbitrary name in that domain. Like artemis.phishinsite.org, nobody in the world will know that this name exists, the DNS service has never seen a query asking for the IP of that name. Now I send you any link including that domain. You click the link and your OS will query that name through it's network stack. If your network stack is not configured to handle DNS anonymously, this query will leak your real IP, or that of your DNS resolver, which might be your ISP.

Going further, don't deliver an A record on that name. Only deliver a AAAA to force the client down an IPv6 path, revealing a potentially local address.

Just some thoughts. Not sure any of this was applicable to the case.

There are many ways to set up something that could lead to information leakage and people are rarely prepared for it.

I have double sleeved MTG cards from two decades ago just sitting in storage. Not because I think it's an investment, I just don't care anymore. People who do the rubber band and sock approach have their values straight. Have fun playing

So they call him Tampon Tim for having provided sanitary products? Do they think this is somehow insulting or belittling? I'd call myself that and act like it's my superhero name any day. WTF kind of mindset are these people in?

Climate was only cool while you could buy fake carbon credits to make up lies about responsible computing at scale. Now we save the world with AI once again. Next year, compute on mars, true planetary scale! Cloud? We're doing Starsystem now!

1. People vastly overestimate the abilities of AI.
2. Developers vastly overestimate their own abilities.
3. There are people on any level of seniority that would be perfectly replaced by a noise generator.

Samsung device telemetry

Smoking is redundant today. Kids are getting enough cancer from the environment already.

SO is a shithole, just like Reddit. All the work is done by volunteers. When it was time to cash out with the platform, they also did several things to fuck with their community. I've contributed quite a bit to the trilogy sites, and served as a moderator. I regret every second of it. But at least a few people got rich in the process.