The most interesting thing is that he wasn’t the only one. A guy who called himself Victor Lustig did the same thing with the Eiffel Tower.

The 99 bottles of beer song is (was?) a popular programming exercise to teach beginners about loops. Singing it in real life would be pretty annoying because you would essentially repeat the same two sentences for a couple of minutes. Apparently, the PHP developers were planning to order one beer each, sing the song and get on everyone’s nerves. The C++ dev stopped this by buying all the remaining beer at once.

The choice of languages is probably OP’s own prejudice. These days I’d say PHP devs are on average older and more experienced than JS and Python devs, just because almost nobody learns PHP as their first language anymore.

The bakery down the road from where I grew up used to hold the Guinness world record for the largest version of a local specialty.

I’d finally finish some of my personal projects.

Over the last few years, I’ve had so many ideas for stuff, both video games and just basic useful software. This is where the curse of being a professional software engineer kicks in. I know that I’m experienced enough to actually make those things but after a full day of work, preparing dinner and getting the apartment in order, there is just not enough time and energy left to get my ass in front of an IDE again. I’d love to have the opportunity, even if just for a year or so to pause my day job and spend my energy on something that is actually mine and has emotional value for me.

On top of that, I have a couple of hobbies that would benefit from having more time. Photography, HEMA (fencing with proper swords), board games, 3d printing and painting miniatures… one thing is for sure, I wouldn’t get bored any time soon.

My first OS WAS most likely DR DOS 3.41

For my daily driver desktop PCs that was followed by

• MS-DOS 5.0
• Windows 3.11
• Windows 98 SE
• Windows XP
• Windows 7
• Windows 10

On the linux side, I got started with Gentoo, experimented with several lightweight distributions for an old laptop and had a Mint VM for a few years. These days I run Ubuntu on a couple of servers and in WSL. Never got around to using it as my main desktop OS.

For university I had (in order) an iBook G3, a MacBook and a MacBook Pro, so you can add most of macOS 10.x to that list.

Learned that the hard way. Within less than a week went from happily living in the house that I had grown up in, that I was renting from my father and that I was planning to eventually buy or inherit to having to look for an apartment because he sold it. The worst thing? That he never gave me a reason or even acknowledged how much he had hurt me. Quite the opposite, he later asked me to help the new owners set up their tv as if it was nothing.

I got hit really hard by 2048. I didn’t even play it that much but my brain started looking for groups of identical things and imagined how they slide into each other to create something new. Plates on the kitchen table, seats on the train to work, identical cars…

And I’m pretty sure that the name “hot potato license” and the comment above the license are very strong indicators for this not being the case. The license is meant to mimic a game of hot potato where you get the code for a short moment (one commit) and have to throw it to someone else. Sure, the analogy doesn’t quite work because you can’t decide who has to make the next commit but it would make even less sense if you were able to keep control over the code and add more and more commits. That would defeat the whole point of naming it “hot potato license”.

Yeah, that should read “all other citizens of earth”.

I came into this discussion from the technical perspective (of which I’ve done plenty of research, both in university and in my job) that commercial VPNs don’t do what most ads want you to think they do. Your ISP sees a lot less than they want you to think, VPNs use just the same encryption algorithms as everyone else and while public WiFi isn’t great security-wise it’s not as if anyone will read your bank password the second you connect. I still stand by those claims.

Then, the discussion drifted towards who you’d rather trust with the things that aren’t encrypted (mostly DNS and connection metadata. Someone has claimed that many messengers are unencrypted but I think they have confused a lack of user-to-user encryption with user-to-server encryption), your ISP or some VPN provider. That’s the point where we diverged: as I had no need for a VPN myself (because of the reasons mentioned above), I had not researched individual VPN providers and was not aware that Mullvad apparently has a strong track record. For that I apologize. Still, in a thread that started out with someone not knowing if they need a VPN at all and most discussion has been very general, I would not assume that anyone who comments is familiar with a specific provider without them being named explicitly. Also, I’ve stated in at least three places that I was explicitly talking about VPN providers like NordVPN and Surfshark that are prominently (mis-)advertised. Those I still would not trust further than I can throw them.

But I guess that’s online discussions. We’ve talked about two different things and took a while to notice. I’m thankful for the correction and I hope you can understand where I came from.

I checked and there is only a single comment that mentions Mullvad (other than yours that I’m replying to right now) that’s visible on my instance with no specific explanation why it’s better than other offers other than that you can pay with cash. If I’ve missed something, I promise you that it’s not in bad faith, it’s just that this distinction didn’t come through clearly.

I hadn’t heard about Mullvad before today and a quick look at their website made it look not very different from the fear-mongering you see with the others. Only after your comment I noticed the Why Mullvad VPN link at the very bottom that explains what they do differently. I’m still skeptical about some of the claims and especially of audits that they themselves requested but I’m happy to see that there are providers that seem to be more trustworthy than the ones that are constantly shoved down our throats and I’m definitely happy to have learned something new.

May I suggest that you write a top level comment that explains in detail why Mullvad is better than other services so OP (and others who stumble over this thread) has an easier time finding it?

Edit: minor typos and grammar

Oh I most certainly don’t have much faith in my local ISP. But I have even less faith in some VPN startup funded by venture capitalists who may or may not be cutting corners on security to save a few bucks on their ends even if they’re not actively malicious. At least my local ISP has been around for decades and is closely monitored by both a government agency and independent customer protection groups.

And yes, I do live in a place with a very strong regulatory framework. Our ISPs are bound by the EU GDPR and our highest federal court has confirmed multiple times that even saving connection metadata without a case-specific court order is illegal. Sure, they could break those laws but a commercial VPN provider can do just the same with the difference that not as many people would notice.

Sure, if you know that your ISP abuses your data, go ahead and do something. Though I would recommend changing ISPs before you give even more money to some other company who may or may not do the exact same thing to your data. I’m specifically not talking about TOR or some VPN that you host on your own. I’m talking about companies like NordVPN and Surfshark.

The analogy of locking your door doesn’t quite fit. Locking your door doesn’t cost you 10 dollars per month and doesn’t require you to hand your keys to the guy who sold you the lock.

A commercial VPN provider is just another random third party.

If you’re using a commercial VPN from a provider who can legally operate in your country, your national government can just as easily get that information from them as from your ISP.

While my threat model is not universal, it comes close, at least for the average user which OP seems to be from their question. In practice, there is very little unencrypted traffic these days and in the case of that traffic you will have to ask yourself if your (commercial) VPN provider is more trustworthy than your ISP.

If you need to ask if you need a VPN there’s a 99% chance that you don’t. There are certainly a few use cases for both commercial VPNs and TOR (see my other comment) but to even be aware that those apply to you, you probably already have enough technical knowledge to approach the question from the direction “I want to do XYZ, how can I be more secure?” and not “I’ve heard of VPNs, do I need one?”

Please note that the comment you’re replying to is leaving out a crucial piece of information: if your VPN provider is legally allowed to operate where you live, your government or law enforcement can get your data from them just as easily as they can get it from your ISP.

(Sorry for repeating myself but security is an important topic so I’d rather correct incomplete or misleading information in multiple comments than have someone miss the crucial part because they read only one sub-thread)

Your provider will just see encrypted traffic (mostly) anyway, so no it will not provide protection. The only thing that you’re now hiding from your provider is which servers you’re connecting to. Instead you’re showing that info to a VPN company whose main business practice is scaring people into buying a product they probably don’t need. Think about who you would trust more.

Or don’t. Unless you know that your provider is working against your best interests, a VPN provider is just as likely to be compromised as your cable or mobile ISP.

Commercial VPNs as a security measure are pretty much a scam, at least in the way they are marketed.

These days, basically any web traffic is encrypted through HTTPS. Even on an untrusted network, nobody will be able to see the actual content (passwords, personal data) of what you’re doing. DNS spoofing isn’t viable either as any fake site they would send you to would lack the right certificates to establish a convincing HTTPS connection. So all someone can see is what servers you’re connecting to, either by logging your DNS requests (can be prevented by using some form of encrypted DNS like DNS over HTTPS) or the IP addresses you connect to. And honestly, how much value does one get out of knowing that there’s someone on their network who browses beehaw.org, supergreatbank.com and bigtiddygothgfs.to with no information to connect that to an actual person?

Unless you routinely use shady open Wi-Fi networks - and I’m talking about something that may have been setup on purpose by a malicious actor, not your local supermarket - to do security-critical stuff, you don’t need a VPN. Also, if you trust your mobile data provider less than a company that tricks people into thinking you absolutely need their product to secure your data, you should get a different mobile data provider.

Now, there are use cases for VPNs but those are more along the lines of accessing stuff that’s not available in whatever region you’re currently in.

See also Tom Scott’s video on the topic. It’s a few years old but still relevant.

Edit: there is of course also the use case of hiding illegal stuff. In that case, I will not give any advice. Put some onions on top of your router or something, that’s probably cheaper and more reliable.

Edit 2: just to make this entirely clear, I’m talking about commercial VPNs like NordVPN, Surfshark and whoever else pays YouTubers to advertise for them. If you host your own VPN, some of the downsides may not be as relevant. Though I would assume that anyone who even considers hosting their own VPN has enough technical knowledge about how networking works to know about the pros and cons.