I'm building Provisor: situational awareness for event organizers. See your team on the map; and position & collaborate in real-time. Like ATAK, but much simpler to use.
If I calculated correctly, the 75th percentile is about 43k in euro's. That's quite a bit below market for the Netherlands, but does not take cost of living into account.
I wouldn't say it is quite below the average. One of the things about Netherlands is that it really depends upon the city you live in. If you are not in Amsterdam, it is a different story.
It is in the Netherlands, permanent surveillance of employees without a specific reason (read: related to a specific instance or incident) is not permitted.
Same in Switzerland. If there is a specific reason for surveillance the employee must also be informed of upcoming surveillance and the consequences if something were to be found.
No, not if you are not working in a bank where there is a specific reason for your employer which is for example exposure to a considerable risk of being robbed. It is also permitted if you have had problems in the past with employees stealing things from the company, but only in places where it makes sense and is proportionate.
In any case, you have to make that absolutely clear to your employees. Any unanounced surveillance is a criminal offence here.
Yes. Definitively yes. If you're a typical web developer or agency, you're going to have a lot of one-off engagements, project and campaign websites. Those cost money to support, and your customer should supply that money. We never host without both a modest hosting fee, and a SLA for fixes, updates and perfective maintenance.
Very curious how you price this...per fix or standard monthly fee? If it's a fee, how do you deal with absurd feature requests whose development costs far outstrip what you've quoted?
It would likewise be easy for authorities to beat you within an inch of your life and jail you indefinitely for "hidden communication with a bad intent" or something similarly inane. They don't need you to unlock your phone for proof.
"Countermeasures" don't matter when there're a million ways to terrorize you, your family, and your friends into submission. They just have to suspect you.
This fails utterly when you can't control your clients. My student society for example ran into this problem. Students bring their own laptops and installing our root certificate on all of them is infeasible (if they even would allow us to do so). As a consequence, we need to expose critical internal services on the public internet, some of which contain private user data.
Additionally, if you let anyone bring their own device in a diverse semi-public environment like a school, you owe it to the students and faculty alike to provide them with some protection against creative types placing fake wifi access points in busy places, trying to play man-in-the-middle for any credentials and other stuff sent to your local services. HTTPS does that.
Using a proper FQDN for each service only makes everything easier to maintain.
A public domain name costs the price of a coffee (and less than a raspberry pi) and you can get a certificate for free with Let's Encrypt. There is really no reason to resort to a private CA unless you want to MITM your client's connection.
You don't need to expose your server to the public internet to use let's encrypt. I use DNS authorization and it works perfectly.
Even if you could I would highly recommend against doing that, given that this would grant you access to every https connection that isn't hpkp secured.
I actually have all webservices in my home network secured by https, all you need to do is click a cheap vps, install nginx and tinc, and then proxy /.well-known/acme-challenge/ to your internal servers. Either setup domain or ip hijacking so the public IP is routed inside your lan. Done.
If I can do this for me and my cat in my spare time, you can do this for your university.
If you can’t control your clients - maybe use a captive portal style landing page with a link to install the local certificate or something along those lines, it’s also useful to have a wireless network (SSID/VLAN) for BYOD that just has internet access and as such doesn’t need the very and one that has access to internal services that does.
https://www.provisor.app