A 15 years-old girl living in one of the poorest regions in one of the poorest countries in Europe is abducted, sexually abused and eventually killed while hitchhiking on her way home. Authorities took 19 hours to locate her and secure unnecessary search warrants.

Yet somehow, a brainless Romanian politician finds it appropriate to avoid talking about the difficulties the people in rural Romania face when trying to commute or about the surreal delay of responding to an emergency call in an EU country. In an effort to shift the blame to the victim, EA says that she “learned at home not to get into strangers’ cars“.

Following the same logic, here are some more gems yet to be delivered by our genius politician:

• the 0.8 billion people on Earth living in hunger should better eat their food. EA learned at home to finish her plate
• the 0.6 billion youth people living in war zones should simply stay inside. EA learned at home to stay out of trouble
• the 44 million European people suffering from depression should simply get over it. EA learned at home that depression is not a disease

I could go on, but I’m afraid she learned everything at home and there’s no more place left for her to learn new things.

My simple strategy for winning 2048, the game that kept me busy the past couple of weeks:

1. Never swipe up (*)
2. Do everything possible to avoid the situation where you must swipe up (**)
3. (*) When you can see the finish line, swipe up if needed

1. What you require you must also retire
2. Browser indicators: we are currently in a transition phase. A few years ago, the browsers only indicated secure behavior. In the near future, they will only indicate insecure behavior (ex: Chrome 75 shows HTTP sites as ‘Not secure’, but it also shows the green address bar for HTTPS sites with EV certificates)
3. HTTPS usage: 78% overall according to Firefox telemetry, but only 58% among the first 1M websites. However, we are a long way until the browsers will default to HTTPS scheme for loading a website.
4. Plaintext HTTP/1.1 is about 8 times slower compared to encrypted HTTP/2 HTTPS. https://www.httpvshttps.com/
5. Fiddler is really powerful (ex. replay requests, intercept mobile traffic, etc), but Havij (SQL injection) is close to magic when it comes to penetration testing
6. Certificate transparency is a really useful tool. The CT monitoring tool is arguably the only useful thing ever created by Facebook
7. A few tools: SuperLogout (maybe try this in an incognito window; it will log you out of all the popular websites), ZoomIt (screen zoom and annotation tool), Windows key + . (just try it if you’re on Windows ?)
8. The expectation of privacy is different on a tech website compared to an online dating one
9. Trust, but verify: you should trust the CDNs and rely on them for the massive performance improvements, but you must verify them using SRI. Tip: you don’t need to SRI your own assets.
10. The main value proposition of the Content Security Policy is mitigating XSS attacks. A strategy to get started: use a non-production environment, report only, default-src ‘none’, watch the console and build your CSP by cleaning the console errors one by one.