| Founder of | https://kilpi.tech |
| Personal website | https://nyman.re |
@hamatti in case you aren't familiar, it's not for everyone but I found https://gobeyondgoals.com/ useful to help me focus more on doing more of what I want and less other things.
I don't know you but I just from following you I have a feeling you might like it, somehow you remind me of the nice people who run it.
I also don't know when the next workshop is happening but sign up if to the newsletter if it sounds interesting, best part is that it's pay what you want so you decide afterwards how much it was worth, might have been a small sign up fee also but I don't remember
Love them or hate them, SOC 2 reports have become table stakes for SaaS deals. But the framework leaves the vendor in control of the system boundary and auditor selection, which means the reports vary drastically in rigor.
I wrote about what that structural gap means for vendors trying to build credible programs and buyers trying to evaluate them:
#Baltic Friends!
I'm going to be travelling starting in #Helsinki and then working my way through #Estonia, #Latvia, and #Lithuania mid-June through mid-July this summer. While I expect most schools will be on vacation, I'm still looking for any interesting #UX groups/teams that I could visit. Please feel free to pass my name along to anyone.
@claushoumann @codinghorror one company realised this early and tried hard to not become evil that they even made it their motto, but inevitably they failed
It's interesting to think about it on a higher level, our current capitalistic system leaves it up to the company to decide if they are evil or not, the laws for public companies say that you must do what's best for the shareholders, why don't the laws say "don't do evil"?
I have a persistent little botnet that has been hammering my non-standard ssh-port on my personal VPS for a while since it found it some weeks ago. For a long time I just ignored it, but today I decided to fight back a little.
First, I had claude write me a little script to fetch abuseipdb and turn it into a ipset rule to block everything before it even hits the server. But turns out the free level of abuseipdb only includes the top 10k ones. So I included a otx one also, but still did not catch all of them. Now I added blocklist.de which had the last ones. Let's see where that takes us.
Why am I doing this you might wonder? Is getting your ssh brute forced not part of life on the internet?
Probably, but I like making life hard for attackers even if it's mostly symbolic. First I had a ssh-tarpit with the hopes that it would tie up the scanners, but I think most scanners nowadays written in vibed in golang and it handles concurrency without trouble.
So next I thought I'd impose some cost on their botnet, by reporting them to abuseipdb. If that "burns" their IP and forces them to find a new one, then it's a win. But I was still getting too many connections that was already on the list, so me saying +1 it's bad was not adding much value.
So I thought, what if I block "all" the "known" ones. That means that if someone gets through and reported to abuseipdb, maybe that was a clean address that is now marked bad and might not work against others.
I guess it's like trying to put out a forest fire with a bucket of water, but it's at least something. And at least it cuts down on the noise on my server 10x.
European #DigitalRights is looking for interested candidates to become a member of the @edri Board. As Board Member, you will help shape the future of the organisation and the network and advance its mission to promote and protect #HumanRights in the digital environment.
https://edri.org/take-action/careers/call-for-nomination-edri-board-elections-2026/
@claushoumann it seems like too many companies (nowadays?) decided that as long as 9X% of customers are (happy) paying, the rest are acceptable losses
EU is again having to step in and put in law that you must be able to contact a humans and escalate
On the other hand though if you give consumers too much power or if companies try to "be nice" some people start abusing these privileges to th detriment of others.
Bunnie Huang did an interesting talk on how organized crime made a lot of money out of getting replacement iPhones. They made Frankenstein-phones out of scavenged parts. Just enough that the phone displayed the behaviour of a known manufacturing issue that Apple replaced without questions. Then they shipped them to US and had people get them replaced in Apple stores.
It sounded far fetched first time I heard it but I don't see why he would make it up and at scale, you probably make a decent chunk of money.
Lenny Zeltser
Scott Jenson
Jan Penfrat