Security Tools

How to use Chrome securely

  1. Install uBlock Origin extension. (If you’re not from US, check its options to turn on ad block lists for your country)
  2. Do not install any other extensions ever! (exceptions: 1Password, Google Arts & Culture).
  3. Create separate “people” for different activities: e.g. home, work, browsing sketchy websites. (Click on avatar → Manage People.)
  4. If you want to turn on sync, set up encryption passphrase. It’s a separate passphrase from your Google account — your sync data will be encrypted locally with it before hitting Google servers.
  5. Disable saving/auto fill of passwords, payment, and addresses. (

That is all (for now).


Copywriting gems from a hundred-year-old Sears catalog

Sears, Roebuck & Company, which filed for bankruptcy last year, started its life as a mail-order firm in 1892, the Amazon of its time.

The early success of the company is often attributed to its co-founder’s copywriting skills. Richard Warren Sears was a railroad station agent in Minnesota when in 1886 his station received an unsolicited shipment of gold watches for a local jeweler, who refused it. Sears saw an opportunity and agreed with the wholesaler to sell them himself, in six months making a profit larger than his railroad salary. He then founded the company to sell watches and jewelry via advertisements in publications and by mailing flyers, and later started a catalog, for which Sears wrote every line of copy. He retired in 1908, but the tradition of good copywriting continued, helping the company become the largest retailer in the world.


Synchronizing Android and macOS with Nextcloud

Google and Microsoft are further along on the technology, but haven’t quite figured it out yet – tie all of our products together, so we further lock customers into our ecosystem.

Steve Jobs

We may suspend or stop providing our services to you if you do not comply with our terms or policies or if we are investigating suspected misconduct.


I recently set up my own Nextcloud server to synchronize contacts, calendars and files between my laptop and Android smartphone without intermediaries, as an experiment. Here are the client tools I used.


How to disregard business trends to find your niche

NearlyFreeSpeech.NET is a sharing hosting provider with a pretty unique approach. The amount of fucks they give about trends, be it business models popular in industry or cloud stuff or “fanatical support™ with customer champions”, is close to zero.


Securing Go web applications

There are lots of security-related things to keep in mind when writing a web application, as the Web is a place full of danger: cross-site scripting (XSS), cross-site request forgery (CSRF), clickjacking, brute forcing, spam and so on.

Go gets many things right by default: for example, templates from the standard library make it hard to accidentally introduce XSS vulnerabilities. But what about other attacks? Fortunately, there are a few open source Go packages that can help us.


Mac developers: don’t use AQDataExtensions

AQDataExtensions is an NSData category developed in 2005 by Lucas Newman and distributed with AquaticPrime framework which “allows for easily encrypting and decrypting NSData objects with AES/Rijndael (i.e. the Advanced Encryption Standard)“.

The methods are:

- (NSData*)dataEncryptedWithPassword:(NSString*)password
- (NSData*)dataDecryptedWithPassword:(NSString*)password

Unfortunately, AQDataExtensions has the following weaknesses:

  1. Weak key derivation function.
  2. No authentication.
  3. Weak random numbers.

Hello world!

I used WordPress before it was cool.