1. 16
    1. Disable Windows animations/themes/transparency. On Windows 10: Win+Pause > Advanced system settings > Performance, Settings, Custom, uncheck all the boxes except “Smooth edges of screen fonts”.
    2. Disable tray-icon hiding. Right click the task bar when your cursor is below some tray icon and touching the lowest row of pixels on the screen > Settings > Notification area > Select which icons appear on the task bar > Always show all icons in the notification area > On.
    3. Create your own personal menu. Right click in the same spot as the previous step > Toolbars… > New Toolbar… > Create an empty directory somewhere like c:\users\your.name\mymenu. (Consider picking a short name.) That name should appear on your taskbar. Right click it > uncheck “Lock all task bars”. Right click your custom menu again more times and select these options: Show Title, Show Text, View > Small icons. Drag the double line edge of your custom menu to make it shrink until the » icon appears. Now you have a customizable menu! Right click it once last time and re-check the “Lock all task bars” option.
    4. Memorize this keystroke combination and use it all the time: Win+x
    5. Install the Ditto Clipboard Manager.
    6. Install 64bit git for windows from git-scm.org, even if you don’t use git. It comes with bash, sed, awk, grep, find, etc, plus a decent terminal emulator! The installer has options to associate .sh scripts with bash… I use that option on some of my machines and don’t use it on others. *shrug* UPDATE: it comes with ssh, too!
    7. Install WinMerge. (As of today, that links to the 2.x line. The 3.x line is a re-write which wasn’t ready yet last time I checked, months ago. It might be great when it is ready.)
    8. Install emacs-26 for Windows from the one true source.
    9. Lordy, did you say you are in a VM already, some AWS thing? You may have trouble installing virtualbox… :/ That’s a problem. The things I named are literally the only stuff I use other than a couple standard Debian Sid VMs under virtualbox. The virtualbox-guest-additions package is a must.
    10. UPDATE: I also use notepad++. If you want to use plugins, use the 32-bit version rather than the 64-bit.
    11. UPDATE2: If you have to use Outlook, you may find that OWA searches are more performant and less buggy than the client-side outlook.exe searches.
    1. 1

      Sidenote to your update, at this point I’d suggest taking a crack at Visual Studio Code instead of Notepad++. The plugin ecosystem is more robust, active, wide-ranging, and (in my experience) better performance.

    1. 2

      Something I’ve been wondering about (and this is probably the wrong forum to ask about) is whether or not doing this would result in employees or executives having issues if they go to Europe?

      1. 0

        What do you mean?

        I’m doing GDPR consulting at the moment.

        1. 1

          Suppose I work for a company in Canada and that company flagrantly violate’s the GDPR. I later leave the company and move to Europe.

          Is it possible for Europe to come after me personally, instead of (or as well as) the company?

          What if I’m the CTO? CEO? Owner? Just an employee but directly responsible for the GDPR violations?

          What if I don’t leave the company and just go to Europe on a vacation?

          1. 4

            Is it possible for Europe to come after me personally, instead of (or as well as) the company?

            This is the entire point of the legal fiction of a “corporate person”. If a corporation is doing bad things, you go after the corporation. It’s very rare that anyone within the company directly is charged with a crime unless they’re knowingly and intentionally violating something. GDPR is fairly lenient with remediation and other things.

            What if I don’t leave the company and just go to Europe on a vacation?

            They’d more or less have to issue a warrant for you, and you would know.

            1. 2

              Maybe if it were egregious enough.

              The US has been known to go after employees of money launderers and copyright violators in other companies, so it’s not without an international precedent, but I’d need more information to give better advice.

            2. 1

              I think the question is something along the lines of “could a company be prosecuted for violations of the GDPR if its employees visit or work in Europe”.

              I assume the answer is “no”, as long as they’re not actually doing business in Europe. (Which would be the primary reason to have employees there, but with the increased prevalence of remote work, it’s not necessarily the case.)

              1. 2

                I am fairly certain you could even go to EU and work in an office on data for non-EU customers and still not be subject to GDPR. As long as you are not dealing with any EU entities, your physical location should not matter.

                1. 1

                  “It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.”

                  https://www.eugdpr.org/gdpr-faqs.html

                  So if you are working in the EU, your company would probably need to comply with GDPR, as they likely has personal information on you in their systems. I guess it comes down to how lawyers would interpret “residence”. Enforcable? Idk.

          1. 9

            Normally, I’d say this is off-topic for lobste.rs but the writer IS pretty entertaining and I LOL-ed at

            Sure, Google and Facebook and Apple do have to worry about this, because they’ve domiciled their foreign HQ’s in Ireland so that they can shelter all that foreign revenue from US taxation. Karma’s a bitch.

            Also, way to go to break that stereotype about Canadians being polite doormats.

            But for those of us here who are lawyers (or are close to the law, preferably not on the broke-the-law side) how accurate is this position?

            The thing with collecting the taxes reminded me that Amazon now collects state taxes. I’m totally ok with this, but it is a state law Amazon is having to comply with, without which they would have to cease operations in that state. So I’m surprised that easyDNS can serve UK customers without collecting taxes - they must be violating UK law, right?

            I also see, in principle, how this translates to having to start obeying contradictory laws. Say the Saudis say women can’t access the internet and all internet providers now have to track gender of the user. What happens to a US based company that is prohibited from denying services on the basis of gender. I guess they’ll have to create a new company in Saudi that’s a wholly owned subsidiary but is a Saudi company and so on and so forth.

            Ah the joys of being one big happy planet.

            1. 9

              I guess they’ll have to create a new company in Saudi that’s a wholly owned subsidiary but is a Saudi company and so on and so forth.

              Or they just don’t trade in Saudi Arabia.

              That’s an option for many people dealing with the GDPR: If you don’t have a website in Europe, or a business in Europe, and you don’t trade in European data, then the GDPR doesn’t apply to you. However Facebook – even if they weren’t in Ireland does trade in European data by selling advertisements to European businesses.

              They could choose not to- they could refuse to do any business with any company in Europe. This kind of structuring would probably make them safe, but it’s not realistic: There’s simply too much money in Europe.

              1. 1

                They would have to cease trading with any company AND not have any European “customers” (users). Having the data of any entity (person or company) that resides in a European country makes you liable according to GDPR.

                Problem is, without perfect geo-blocking and more, users will “slip” through and then they are in the same situation.

                1. 2

                  I think the point is that if you have no company footprint in EU, not business partners there, etc, then the GDPR is unenforceable against you. Yes, they can sue you in an EU court and bring a judgement against your corporation, but if your corporation will never have any footprint there then there is no power to enforce the judgement.

                  1. 1

                    Having the data of any entity (person or company) that resides in a European country makes you liable according to GDPR.

                    Ehm… no.

                    The “data subject” is always a European citizen, a person, not a company.

                    Can you point me to the GDPR article that lead you to this conclusion?

                    1. 1

                      You are completely right in that sense. However, companies who are handling personal EU data will make any company, that they in turn hand (parts of) that data to, liable (and require a data processor / data manager agreement). As you say, handling data for a EU company that has no personal data is not liable to GDPR, but it is a slippery slope because handling pay slips, staff management, etc. will very often have personal data.

                    2. 0

                      Problem is, without perfect geo-blocking and more, users will “slip” through and then they are in the same situation.

                      An IP Address isn’t “personal data”, a name isn’t “personal data”, even a login name isn’t “personal data”. What exactly are the circumstances that you believe you would be “slipped” some personal data without realising it?

                      1. 1

                        Problem is, without perfect geo-blocking and more, users will “slip” through and then they are in the same situation.

                        What exactly are the circumstances that you believe you would be “slipped” some personal data without realising it?

                        Frankly, that sentence sounds a lot like FUD, but IP addresses and names are personal data according to GDPR.

                        1. 1

                          Frankly, that sentence sounds a lot like FUD,

                          “FUD” means “fear, uncertainty and doubt” and refers to a specific kind of marketing campaign where the goal is to spread enough misinformation about a subject so that people are afraid of engaging further with a subject.

                          Telling people they’re going to be accidentally breaking the law for being connected to the Internet is FUD. Please stop spreading it.

                          but IP addresses and names are personal data according to GDPR.

                          False.

                          The GDPR doesn’t mention IP addresses at all. It never once says that a “name” is personal data.

                          The ICO (GDPR Regulator in the UK) even gives the example of Names not being personal data:

                          By itself the name John Smith may not always be personal data because there are many individuals with that name.

                          1. 1

                            It never once says that a “name” is personal data.

                            Dude, you really need to read the law:

                            (1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

                            I urge anyone using your consulting to hire a competent European lawyer instead.

                            1. 1

                              That doesn’t disagree with what the ICO said.

                              The key language is an “identified or identifiable natural person”.

                              If you can’t identify a natural person with it, and you have no normal business practice that would enable you to do so, it’s not personal data.

                              For a consistent ruling of this, see opinion 4 which teaches that a dynamic IP address cannot identify a person. Why would anyone think a name would?

                              I urge anyone using your consulting to hire a competent European lawyer instead.

                              I do the same. I’m not a lawyer. I’m an SME who tells companies what they can do, and then invites outside legal to review my advice. I’m significantly more expensive than a European lawyer (in billings), but companies who want to understand what exactly can they do need someone like me instead of some guy on the Internet.

                              1. 0

                                If you can’t identify a natural person with it, and you have no normal business practice that would enable you to do so, it’s not personal data.

                                For a consistent ruling of this, see opinion 4 which teaches that a dynamic IP address cannot identify a person. Why would anyone think a name would?

                                Because you cannot know if a specific name can be used to identify the user.

                                You just need one identificable name to violate the GDPR for that user.

                                Your “normal business” practices means nothing in this regards.
                                Article 33 explicitly states that:

                                The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with this Article.

                                This means that a company is accountable for any personal data leak, be it due to a bad employee or a smart hackers crew using a zero day.

                                The law says that any information that can be used to identify a user directly or indirectly is personal data. And it includes data related to “one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

                                So if a company holds my dynamic ip address with the time of my connection in its database and a third party can use these informations together to learn my identity (as the ISP that assigned me the IP could do) these information are personal data.

                                Same for a login name, if somebody can identify my identity with the couple username + host, that username is personal data per GDPR.

                                I’m not a lawyer.

                                Neither do I.

                                But I can read a law as any other European citizen can do.

                                What you said about name and IP is simply misleading.

                                I’m significantly more expensive than a European lawyer

                                Really, I have no doubt.

                                If that is the problem I can suggest pretty expensive and competent European lawyers.

                                But while I have no economic interest in this, as an European whose personal data are protected by the GDPR, I’m not happy to read you give technical advises without a minimal understanding of the law.

                                I’d like to have a list of the companies taking your advices, to avoid using their services.

                                1. -1

                                  What you said about name and IP is simply misleading.

                                  The court decision you’re referring to (and you should read it, since it’s clear you haven’t) considers an IP Address and timestamp identifying to the ISP, since they can look up their customer’s name.

                                  You just need one identificable name to violate the GDPR for that user.

                                  That is nonsense.

                                  Go away troll.

                                  1. 0

                                    You just need one identificable name to violate the GDPR for that user.

                                    That is nonsense.

                                    That is the GDPR law. Literally. Article 4.

                                    If my name is unique, and your db store my name, you are holding my personal data.

                                    The court decision you’re referring to considers an IP Address and timestamp identifying to the ISP, since they can look up their customer’s name.

                                    And if an ISP employee breach into a system and get the IP Address and timestamp of the users, she will be able to identify such people and gain sensible informations about them from the system.

                                    Now, if the system’s controller don’t notify the European users about the data breach, thinking he is not collecting personal data subject to the GDPR, he will violate the Article 33.

                                    Go away troll.

                                    Fine, I guess I can not convince you to admit a mistake on this topic as it seems a good source of revenue.

                                    But please, try to read and understand the law. It’s pretty simple and clear.

                                    1. 0

                                      You just need one identificable name to violate the GDPR for that user.

                                      That is nonsense.

                                      That is the GDPR law. Literally. Article 4.

                                      Stop trolling. The GDPR never uses the string “identificable”

                                      If my name is unique, and your db store my name, you are holding my personal data.

                                      The ICO disagrees. They’re the one responsible for regulating me (I’m in the UK) and they’ve given no further guidance on the subject. It is however consistent with their other positions on identifying personal data.

                                      And if an ISP employee breach into a system…

                                      What exactly do you think the normal person should think the risk is of someone who works at an ISP breaking into their website? You’re being absurd.

                                      Stop trolling.

                                      1. 2

                                        Stop trolling. The GDPR never uses the string “identificable”

                                        However, correcting the obvious typo shows the word “identifiable” appears eight times in that article.

                                        1. 1

                                          Nowhere does it say “one identifiable” or a “single identifiable” or anything related to that.

                                          What is your point?

                                        2. 0

                                          Both texts you refer to predate GDPR. And the GDPR never refer to them.

                                          So they are both off-topic in this thread.

                                          But, actually, I think that everyone can compare your statements with the GDPR text and can easily see how rooted are your advises.

                                          1. 1

                                            So they are both off-topic in this thread.

                                            The ICO’s opinion is all that matters.

                                            Not yours.

                                            But, actually, I think that everyone can compare your statements with the GDPR text and can easily see how rooted are your advises.

                                            Yes. I’m telling people don’t panic, and you’re shouting panic; pointing to articles you haven’t read with interpretations that isn’t shared by the regulators even most professionals working in this space.

                                            Then there’s that weird thing you’re saying about ISP employees breaching people’s sites…

                                            Go away.

                          2. 1

                            I might not have been clear, my point is that a company/website/service cannot reliably avoid european users (by geo-blocking, asking them to swear that they are not from EU, etc.) and once those users are on the platform their data is subject to the GDPR.

                            1. 0

                              You’re not.

                              Having a European visit your website doesn’t necessarily mean you have any extra burdens.

                              If you don’t trade with Europeans and aren’t trading data specifically about Europeans[2], then you aren’t in-territory.

                              If you don’t know who they are, cannot find out who they are, and the information you have doesn’t through your normal business practices identify a natural person[2], then your data is not material.

                              I still cannot see how you can collect personal data accidentally if you know what personal data means, or what the GDPR is attempting to accomplish. The law doesn’t talk about “users” or “platform” in this way, and the regulators do not provide guidance in ethereal cases like yours.

                              [1]: For example, if you sell targeted advertising on your website and allow your buyers to break down by Geography, then you’re in-territory.

                              [2]: That last one might seem tricky, but it’s designed to catch companies who make behavioural profiles of people using cookies and IP addresses. If you’re not doing anything like that, then you’re probably fine, but I’d need a specific example to say.

                              1. 0

                                through your normal business practices

                                Please @cpnielsen, compare this to the definitions for “personal data breach” in Article 4 of GDPR:

                                ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

                                and to the definition of “personal data” in the same article:

                                ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

                                Neither definitions cite in any way the use you do of the personal data in your business practices.

                                A certain set of data is personal indipendently from the use or the inferences that you can do about them.

                                Any information relating to an identified or identifiable natural person is personal data.

                                1. 1

                                  Did you mean to tag me or was that meant for @geocar? Either way, I think we agree.

                                  To examplify my point: Let us pretend you are Bookface. You explicitly block any European user from signing up for your site (and since you opened on the day of the GDPR launch there are no users already signed up). Because your blocking is not perfect, Gerard from France stumbles across Bookface.com, signs up and gives you his full name, e-mail, date of birth and street address. You are now subject to GDPR as you are holding personal information about him. You can try to ignore it, and actual enforcement might be difficult (especially for individual cases), but the EU is very clear on this: You are subject to GDPR.

                                  Depending on how you use this data and whether it is required for your platform to operate, you may have to ask Gerard to explicitly opt-in (or not use the service at all, if presented at sign-up).

                                  1. 2

                                    Did you mean to tag me or was that meant for geocar?

                                    Comment was for both of you.

                                    But I realized by his last answer, that @geocar is not talking about GDPR as generally applied in Europe for European citizens, but about the UK reception that protect UK citizens only.
                                    This explains his lack of understanding of the GDPR, but it also means that you can (probably, IANAL) safely take his advices for data relating UK citizens. Not for data relating to other Europeans.

                                    A relevant example is the name of a user (or her IP Address) that are notoriously personal data according to the European GDPR, but that, according to geocar, are not to be consider as such in UK.

                                    To examplify my point […]

                                    Yes, we agree.

                                    In your example, once the data of Gerard are in your system, you are subject to GDPR. Even if Gerard agrees on the processing you do, you have several obligations in his regards, such as assuming proper security measure to protect his data and informing him if his data get disclosed by an accidental data breach. You should read the law for a full list of the obligations.

                                    And, AFAIK, you can only avoid such obligations by completely removing Gerard’s data from your system (including from logs and backups).

                                    I encourage you and everybody else to read the law. It is really clear and well written.

                                    And while a competent European lawyer might help, anybody in good faith can easily understand it.

                      2. 4

                        So I’m surprised that easyDNS can serve UK customers without collecting taxes - they must be violating UK law, right?

                        I would imagine there is an amount of “Okay, so come and get it” involved with the VAT taxes and other laws. There’s no mechanism for enforcement of that decision if you hold no assets within EU member states. Now, the EU could attempt to block access to that website, but we all know how effective that is.

                        If you can’t hit someone with a stick what incentive do they have to follow your orders? Especially if there is no reward for doing so other than a pat on the head? Doubly so if following those orders is a pain in the butt.

                        1. 1

                          If you can’t hit someone with a stick what incentive do they have to follow your orders?

                          Can you elaborate?

                          Are you saying people can violate US laws (eg a US company copyrights) till they stay outside the USA?

                        2. 2

                          Normally, I’d say this is off-topic for lobste.rs

                          This is something I sincerely do not understand.

                          Why it’s off-topic if its tags are [law] and [privacy]?

                          1. 3

                            The way to detect a true lobste.rs topic is to find one whose title you barely understand, which has one upvote and which has few replies. The replies, however, are substantial, mind opening and mind blowing. After reading the comments you can go back to the article and perhaps understand the title. To understand the article you might have to write some code yourself.

                            That’s how we started out.

                            I’m not that much of an old grouch to deny people their party line talk, but frankly, there’s still that YCombinator powered bar fight site, right? Why clone it here?

                            That said, I’m okay with a writeup like this appearing once in a blue moon. But I do find myself aggressively hiding stories more and more.

                            1. 0

                              The way to detect a true lobste.rs topic is to find one whose title you barely understand… To understand the article you might have to write some code yourself.

                              It’s an amazing high standard.

                              But I’d say it would exclude 99% of the posts here and anything related to law, privacy, practices and culture.

                              Also I’d have some issues at posting anything I wrote myself, because I only write about topics I understand myself.

                              1. 2

                                because I only write about topics I understand myself

                                Beginner mistake;)