> didn't have deep enough experience with "object oriented programming". What does that even mean?
This could mean two things. "You aren't knowledgeable about OOP" or "you couldn't show us that you are knowledgeable in OOP". If it isn't the former, maybe it's the latter? Maybe the real+underlying feedback is that you couldn't convey your breadth of knowledge in your interview?
Plus, you can obfuscate that too by using a random port for Wireguard (instead of the default 51820): if Wireguard isn't able to authenticate (or pre-authenticate?) a client, it'll act as if the port is closed. So, a malicious actor/bot wouldn't even know you have a port open that it can exploit.
This enshittification is surprising for Bitwarden, given how much it emphasized its open source strategy and that practically made a bunch of us recommending it to our friends and family. But maybe not too much because, as you say, its a natural process for organizations.
This is primarily the reason I am careful going deep into the Tailscale ecosystem (which, similar to earlier Bitwarden, is touting a "hey, we are the good guys" horn for now). My network is a critical piece of my infra and I don't want to put too much trust in one company.
> This is primarily the reason I am careful going deep into the Tailscale ecosystem (which, similar to earlier Bitwarden, is touting a "hey, we are the good guys" horn for now). My network is a critical piece of my infra and I don't want to put too much trust in one company
I love Tailscale, but this has been bothering me too. Actually, I think it's an even bigger concern than with Bitwarden because of what Tailscale does - once you start using it, it literally becomes your entire network.
That said, what Tailscale provides is really important. We need tools like this to push back against how rigid and centralized the Internet has become over the years.
For those worried about this: what are you doing about it? Did you just move to Headscale? Or are you using something completely different? How has that worked out for you?
I really want to use KeePass and its ecosystem but the password sharing story isn't great there. I and wife have a lot of shared passwords and Bitwarden works really good for that. So, I don't know what's a good viable alternative for us.
Coincidentally, just earlier today I was looking for one-time-use prepaid cards. I thought I'd buy a few $100 worth cards and use them for pseudo-anonymous transactions. However, all I could find were prepaid "debit cards" (which could be easily tied back to be) our store specific "gift" cards.
Curious to see if anyone has a good solution for that? (In the US.)
Visa vanilla is fairly practical for most threat models. I know some orgs are trying to do more ad targeting via security cameras across multiple stores, but afaik you'll have no problem paying cash for a visa vanilla gift card, activating it online (through a vpn or something if you're worried about that level of tracking), and then using it like a credit card at nearly any brick-and-mortar store and many online retailers.
Potential flaws:
(1) They used to have a bit of overhead (1-5%). Not sure nowadays.
(2) None of that is ironclad anonymity. Don't be an outspoken gay ukrainian hacktivist journalist visiting russia or anything.
(3) Some organizations will only do business with you if they're able to slurp up more data than the initial transaction would suggest to a reasonable person. You can't use prepaid phones to sign up to many online accounts (notably Facebook for a long time) because the site owner can't slurp up your address and other info without certain postpaid plans, and you can't use any pseudo-anonymous card [0] to make transactions at a place that wants to buy your address and purchasing habits from the card issuer.
[0] Solutions like privacy.com might qualify here perhaps, in that you can actually anonymize your name/address/... and still use most of the sites trying to capitalize on that data, but fundamentally that just turns them into a middleman with the same data, and I expect they'll sell out eventually. Plus they have raw access to your bank account and other things you might not want to give out.
>You can't use prepaid phones to sign up to many online accounts
Presumably this is meaning prepaid phone numbers? Also assuming this is likely a US thing? Or I'm misreading it somehow.
Because otherwise, I've always bought my phone cash and buy my airtime and data prepaid (no contract) in both EU and Africa and have never come across a service that restricted my phone number for being prepaid.
Yeah, prepaid phone numbers. I assume it's also likely a US thing as well. If you drop down to the store and buy a TracPhone or Cricket Wireless product or whatever and load it up with a few pre-paid minutes, that'll fail a lot of the identity verification steps happening behind the scenes when you try to create accounts with it. Generally post-paid plans (or "contracts" as they're often called, since we love overloading words) will work for that sort of thing day one.
My number in EU (LTU) is not prepaid, but likely on some bullshit outdated prefix blacklist, so US companies (microsoft and blizzard so far) do not allow to use it for authenticators and such for being a prepaid number. MS simply refused to send the SMS, blizzard explicitly mentioned the prepaid reason.
I tried to buy something with a new vanilla visa prepaid card while on a VPN recently and found stripe failed the transaction with a vague something happened error. And then found the visa balance check website plays the same game. Googling around it sounds like they've blocked the card and I'll have to call them and wait on hold if I want any chance of getting the stolen funds back. The card doesn't work on my standard IP either now.
It depends on how you technology/security savvy you are.
For instance, here is everything I do:
- Use an open source firewall+router (== Opnsense) and not commercial routers (such as Netgear, Tp Link etc.)
- Open up port 80 and 443 on the firewall.
- Both the ports go to a Traefik reverse proxy that is configured to always redirect port 80 to 443.
- Traefik then reverse-proxies requests to relevant Docker containers.
- Auto-update Traefik every day (through Watch Tower).
- Use Authelia, with 2FA, where I can for the publicly available services.
I assume I am reasonably secure but I've also built this over a few months. You may not get there right away, so start small and slow and don't go crazy early on.
> IMO fidelity is probably the closest you’ll get,
This is not true. I have decent knowledge about investing (index funds, stocks vs bonds vs real estate allocation etc.). So, I know when my Fidelity investment advisor was BSing me when she started selling me "alternative investments" (such as private annuity and direct indexing). Needless to say, I don't talk to her anymore.
This could mean two things. "You aren't knowledgeable about OOP" or "you couldn't show us that you are knowledgeable in OOP". If it isn't the former, maybe it's the latter? Maybe the real+underlying feedback is that you couldn't convey your breadth of knowledge in your interview?