Consejos para nuevo autonomo

Hola,

Soy un estudiante que va a empezar a ganar dinero como freelancer, asi que me quiero dar de alta como autonomo para tener todo regularizado.

He leido que debo de darme de alta primero en la seguridad social, y más tarde en hacienda, en principio voy a hacerlo yo solo, solo tengo que emitir facturas de cobros, 2-3 al mes y ya, mismo cliente ya que es una plataforma intermediaría.

Creo que no debo pagar IVA porque es una empresa extranjera (EEUU) y es una operación exenta, alguien me puede confirmar esto ?

Creéis que será engorroso llevarlo todo yo ? El asiento será siempre el mismo, cobros de un cliente/empresa americana, ya miraré bien si puedo meter gastos para reducir la base imponible pero serán gastos sencillos tambíen.

Como he leido algunos posts que dan mas información de su negocio, dejo la mia, voy a ser investigador de seguridad, trabajando con una plataforma americana (HackerOne), los cobros mensuales irán desde 0 euros a unos 5000, habrá meses de 0 euros y meses de mas de 5000.

Soy estudiante de ingeniería informática y ade, tengo algo de experiencia con contabilidad pero tampoco demasiada.

Según me he informado, tendría que darme de alta en la seguridad social, luego en hacienda, a partir de ahí pagar la cuota mensual de la seguridad social (solicitaré la cuota reducida del primer año), y pagar el IRPF (modelo 130) cada trimestre, en teoría el IVA no porque son operaciones exentas, se me escapa algo ??

Algun consejo para alguien principiante ?

reddit.com
u/Federal-Dot-8411 — 9 days ago

Consejos nuevo autonomo

Hola,

Soy un estudiante que va a empezar a ganar dinero como freelancer, asi que me quiero dar de alta como autonomo para tener todo regularizado.

He leido que debo de darme de alta primero en la seguridad social, y más tarde en hacienda, en principio voy a hacerlo yo solo, solo tengo que emitir facturas de cobros, 2-3 al mes y ya, mismo cliente ya que es una plataforma intermediaría.

Creo que no debo pagar IVA porque es una empresa extranjera (EEUU) y es una operación exenta, alguien me puede confirmar esto ?

Creéis que será engorroso llevarlo todo yo ? El asiento será siempre el mismo, cobros de un cliente/empresa americana, ya miraré bien si puedo meter gastos para reducir la base imponible pero serán gastos sencillos tambíen.

Como he leido algunos posts que dan mas información de su negocio, dejo la mia, voy a ser investigador de seguridad, trabajando con una plataforma americana (HackerOne), los cobros mensuales irán desde 0 euros a unos 5000, habrá meses de 0 euros y meses de mas de 5000.

Soy estudiante de ingeniería informática y ade, tengo algo de experiencia con contabilidad pero tampoco demasiada.

Según me he informado, tendría que darme de alta en la seguridad social, luego en hacienda, a partir de ahí pagar la cuota mensual de la seguridad social (solicitaré la cuota reducida del primer año), y pagar el IRPF (modelo 130) cada trimestre, en teoría el IVA no porque son operaciones exentas, se me escapa algo ??

Algun consejo para alguien principiante ?

reddit.com
u/Federal-Dot-8411 — 9 days ago

What is your strategy on programs

Hi hackers,

I started in bug bounty about 9 months ago. So far I've only been working on a single private program that invited me, and it's gone pretty well. My strategy is to focus on just one program and go very, very deep, basically become just another developer on it.

However, this program has been paused and submissions are blocked, so I'm forced to pick up another program to diversify, since I don't want to submit any more reports to the first one until they're active again.

My question is, what's your strategy when it comes to programs?

I see that most hunters get bounties from different programs every month, how does that work? Do you hack several programs at once? Do you rotate every so often?

I'd love to know what your strategy is when it comes to programs.

Happy hacking!

reddit.com
u/Federal-Dot-8411 — 28 days ago

What's the move now ?

Hello hackers,

I have been a bit out of hacking due to my finals, now I want to come back for summer.

I have like 20 reports pending from months on HackerOne and I am a bit tired of bug bounty platforms, triage platforms don't invest in triage, and the problem is not AI slop but an inmature triage process that has been there for years (less humans and more automation/ai) and now with the AI slop volume we are paying the consequences.

Triage rn is completely ridiculous, you submit a critical report, wait 1 month for first response, triager doesn't even read the report, NMI, and you will get your next useless response in another month. Meanwhile the vuln stills open for blackhats.

I am so tired of putting hours on my work so it gets underrated or ignored, so what's the move now for bug bounty hunters that want to end up going full time ?

Perhaps going to self hosted programs and avoid the platforms ridiculous triage process ? Perhaps going to zero day brokers ?

It feels like white hackers are becoming more and more undervalued, we have warn platforms a lot over years that they are just the intermediaries between skill people and companies, if you don't take care of your hackers you are done.

I am so confused rn, bb doesn't even feel the same anymore, time ago you built a relationship with the company security team, now it feels a lot less human and demotivates me to put effort and hours.

reddit.com
u/Federal-Dot-8411 — 1 month ago
▲ 63 r/nextjs

Why Next.js Keeps Getting CVEs (And Why That's Actually Fine)

Hey,

I'm a security researcher and web developer (React side of things). Writing this because after the latest Next.js security advisory I've seen a ton of hate piled on the framework. People saying it's more vulnerable than the alternatives, that they're sick of it, the whole thing.

Before you jump on that train, you need to understand how bug bounty actually works.

There are highly skilled security researchers out there, and now with AI in the mix we're even more effective. What drives most of us (not saying I am one of the high skilled) is pretty simple:

  • Money from bug bounties
  • Recognition

So why do vulnerabilities keep popping up in Next.js and not in alternatives like TanStack Start? Simple. A few months ago Vercel launched a bug bounty program for their open source projects, and they pay solid money for vulns in stuff like Next.js.

Also, Next.js is the king of web frameworks. How many people outside the dev bubble have even heard of TanStack? Or Vinext?

That's exactly why security researchers are gunning for CVEs in Next.js. It's the most used framework, and you actually get paid for it. So you get both money and recognition.

So most of security researchers will hunt on Next.js and not in it's alternatives.

The result is that vulnerabilities surface frequently, and that's not a bad thing. Those of us who do bug bounty for a living see new vulnerabilities pop up every single day in Fortune 500 companies. The difference is most of them never get publicly disclosed, they just get patched and life moves on. It's part of the normal software lifecycle.

Using a framework with no security advisories isn't necessarily a good thing. It might just mean there aren't enough skilled people auditing it.

No software is 100% secure, that's impossible. The vulns are there. If they're not surfacing it means no one good has found them yet, but a malicious actor very well might have, and could be actively exploiting them right now.

It is actually a good thing that new vulns get patched, software gets more secure and reliable the more vulns are fixed, and also the dev team will get more understanding of security principles while aplying patches.

reddit.com
u/Federal-Dot-8411 — 2 months ago

Hi folks, a while ago I bought the Beyerdynamic 990 Pro X (48 ohms). Before that, I had only used the Logitech G733, and they caused ear pain because the ear pads were too small for my ears.

So I switched to the Beyerdynamic, and I think they’re great overall. The right side feels as comfortable and pleasant as possible. However, the left side is unbearable—not in the ear itself, but on my cheekbone. It causes pain that forces me to take the headphones off, and it’s starting to make me dislike wearing headphones altogether.

I’ve already tried stretching the headband for quite a few days, which reduced the pressure a bit, but it still hurts a lot. I’ve also tried many different positions, but it’s the same in all of them. I think my left cheekbone might stick out a bit more, and the ear pad presses there and causes pain—but I’m not really sure what’s happening or what to do.

In the photo, you can see what looks like a “bump” or ridge between my cheekbone and the ear pad.

Has anyone had a similar experience?

u/Federal-Dot-8411 — 2 months ago

Hello folks,
I am a security researcher that started doing ctf and found them very enjoyable, I don’t have an awesome level, I just clode all AI chats and try solving them the old school, reading source code and docs.
I read that if I join a team I will progress a lot and will improve my performance, the problem is that idk if I am too newbie for a team, I hope i got infosec friends but it’s not the case. So when can I say I am ready for a team ? Or how can I join a team ?

Happy hacking!

reddit.com
u/Federal-Dot-8411 — 2 months ago

Hello folks,

I am a software developer and gaming enthusiast, I own a gaming pc with nvidia card, and I am so tired of how bad windows 11 works, crashes, reboots, lag... Also I am a developer and almost all emerging tools on dev ecosystem are for linx/mac, so I thought it would be a good switch to finally migrate to linux.

I am not a linux newbie but neither an expert, I would like a distro that doesn't require too much maintenance, and it doesn't break too often.

Which distro would be a nice approach both for dev and gaming ??

reddit.com
u/Federal-Dot-8411 — 2 months ago