An API endpoint is just a URL with a value added onto the end that tells the system what you want to get back.
Right, I did some reading and here’s what likely happened with Parler. Lots of crossed wires here.
An API endpoint is just a URL with a value added onto the end that tells the system what you want to get back.
If you had a working URL, it just spat out whatever it had whether you were logged in or not.
I cannot describe how amateur hour this is, if true.
Okay so the admin accounts - they discovered an API endpoint that let them enumerate admin users.
This is also so unbelievably bad that it boggles the mind, from a web dev perspective
The admin accounts were not compromised, apparently, but holy fucking shit you DO NOT expose admin account data EVER. That is asking to get hacked even more.
Happy fucking Monday, let the train wreck of this week begin
More from Internet
(should also be useful for Eng, Design, Data Science, Mktg, Ops folks who want to get better at PM work or want to build more empathy for your PM friends ☺️)
(oh, and pls also share *your* favorite resources below)
👇🏾
1/
Product Management - Start Here by @cagan
(hard to go wrong if you start with Marty Cagan’s
2/
Tips for Breaking into PM by @sriramk
(I’ve recommended this thread in my DMs more often than any other thread, by a pretty wide
Breaking into PMing - a \U0001f9f5 // A question folks from eng/design/other functions often have how to become a PM in a tech co.
— Sriram Krishnan (@sriramk) April 14, 2020
It can seem non-obvious and differs with each company but here are some patterns I've seen work. All the below assumes you have no PMing on your resume.
3/
Top 100 Product Management Resources by @sachinrekhi
(well-categorized index so you can focus on whatever’s most useful right
4/
Brief interruption.
It’s important to understand your preferred learning style and go all in on that learning style (vs. struggling / procrastinating as you force a non-preferred learning
There is no One Correct Way\u2122 to learn
— Shreyas Doshi (@shreyas) August 15, 2020
Don\u2019t feel pressured to read 70 books/year just becos Super-Successful Person X does that
Videos, Podcasts, Audiobooks, Discussions\u2014all are fine
What to do:
Understand your preferred learning style
Don't resist it, embrace it
Commit to it
You May Also Like
Russia hasn't been a willing partner in this treaty for almost 3 decades. We should have ended the pretense long ago.
Naturally, Rand Paul is telling anyone who will listen to him that Trump is making a HUGE MISTAKE here.
Arms control agreements are good when you have willing partners. Lightens the load on our military.
— John Noonan (@noonanjo) October 20, 2018
Russia hasnt been a willing partner in years. There will be gnashing of teeth from people who do arms control advocacy full time, but this is right movehttps://t.co/WmQE43ERCB
Rand is just like his dad, Ron. 100% isolationist.
They've never grasped that 100% isolationist is not 'America First' when you examine it. It really means 'America Alone'.
The consistent grousing of pursuing military alliances with allies - like Trump is doing now with Saudi Arabia.
So of course Rand has also spent the last 2 days loudly calling for Trump to kill the arms deal with Saudi Arabia and end our alliance with them.
What Obama was engineering with his foreign policy was de facto isolationism: pull all the troops out of the ME, abandon the region to Iranian control as a client state of Russia.
Obama wasn't building an alliance with Iran; he was facilitating abandoning the ME to Iran.
Obama wouldn't even leave behind a token security force, so of course what happened was the rise of ISIS. He also pumped billions of dollars into the Iranian coffers, which the Mullah's used to fund destabilizing activity [wars/terrorism] & criminal enterprises all over the globe
It's all in French, but if you're up for it you can read:
• Their blog post (lacks the most interesting details): https://t.co/PHkDcOT1hy
• Their high-level legal decision: https://t.co/hwpiEvjodt
• The full notification: https://t.co/QQB7rfynha
I've read it so you needn't!
Vectaury was collecting geolocation data in order to create profiles (eg. people who often go to this or that type of shop) so as to power ad targeting. They operate through embedded SDKs and ad bidding, making them invisible to users.
The @CNIL notes that profiling based off of geolocation presents particular risks since it reveals people's movements and habits. As risky, the processing requires consent — this will be the heart of their assessment.
Interesting point: they justify the decision in part because of how many people COULD be targeted in this way (rather than how many have — though they note that too). Because it's on a phone, and many have phones, it is considered large-scale processing no matter what.