CodyyyGardner Categories Software
7 days
30 days
All time
Recent
Popular
As the year wrap's up, let's run through some of the worst public security mistakes and delays in fixes by AWS in 2020. A thread.
First, that time when an AWS employee posted confidential AWS customer information including including AWS access keys for those customer accounts to
Discovery by @SpenGietz that you can disable CloudTrail without triggering GuardDuty by using cloudtrail:PutEventSelectors to filter all events.
Amazon launched their bug bounty, but specifically excluded AWS, which has no bug bounty.
Repeated, over and over again examples of AWS having no change control over their Managed IAM policies, including the mistaken release of CheesepuffsServiceRolePolicy, AWSServiceRoleForThorInternalDevPolicy, AWSCodeArtifactReadOnlyAccess.json, AmazonCirrusGammaRoleForInstaller.
First, that time when an AWS employee posted confidential AWS customer information including including AWS access keys for those customer accounts to
Fresh data breach news-
— Chris Vickery (@VickerySec) January 23, 2020
Amazon AWS engineer exposes work-related keys, passwords, and documents marked "Amazon Confidential" via public Github repository: https://t.co/7gkIegnslx
Discovered within 30 minutes of exposure by my team at @UpGuard.
Discovery by @SpenGietz that you can disable CloudTrail without triggering GuardDuty by using cloudtrail:PutEventSelectors to filter all events.
"Disable" most #AWS #CloudTrail logging without triggering #GuardDuty:https://t.co/zVe4uSHog9
— Rhino Security Labs (@RhinoSecurity) April 23, 2020
Reported to AWS Security and it is not a bug.
Amazon launched their bug bounty, but specifically excluded AWS, which has no bug bounty.
Amazon Vulnerability Research Program - Doesn't include AWS D:https://t.co/stJHDG68pj#BugBounty #AWS
— Spencer Gietzen (@SpenGietz) April 22, 2020
Repeated, over and over again examples of AWS having no change control over their Managed IAM policies, including the mistaken release of CheesepuffsServiceRolePolicy, AWSServiceRoleForThorInternalDevPolicy, AWSCodeArtifactReadOnlyAccess.json, AmazonCirrusGammaRoleForInstaller.
Are you a Designer or a Developer?👨💻
Here are some Google Chrome extensions that can make you better in 2021. 🔥🍀
(Thread) 🧵👇
1. https://t.co/zGir5E5U0J: https://t.co/PVx1wlX0Se is the easiest way to stay updated on the latest programming news. Get the hottest dev news from the best tech blogs on any topic you can think of.
2. CSS Peeper: CSS Peeper is a CSS viewer tailored for Designers. Get access to useful styles with our Chrome extension. Its mission is to let Designers focus on design, and spend as little time as possible digging in a
3. UX Check: UX Check makes heuristic evaluations quick and easy. The extension will open up Nielsen's Ten Heuristics in a side pane next to your website.
4. Checkbot: Checkbot finds critical SEO, speed & security problems before your website visitors do
Tests 100s of pages at once for broken links, duplicate titles, invalid HTML, insecure pages, and 50+ other
Here are some Google Chrome extensions that can make you better in 2021. 🔥🍀
(Thread) 🧵👇
1. https://t.co/zGir5E5U0J: https://t.co/PVx1wlX0Se is the easiest way to stay updated on the latest programming news. Get the hottest dev news from the best tech blogs on any topic you can think of.
2. CSS Peeper: CSS Peeper is a CSS viewer tailored for Designers. Get access to useful styles with our Chrome extension. Its mission is to let Designers focus on design, and spend as little time as possible digging in a
3. UX Check: UX Check makes heuristic evaluations quick and easy. The extension will open up Nielsen's Ten Heuristics in a side pane next to your website.
4. Checkbot: Checkbot finds critical SEO, speed & security problems before your website visitors do
Tests 100s of pages at once for broken links, duplicate titles, invalid HTML, insecure pages, and 50+ other
forgive my indulgence but 2020's been a big year for @shmuplations, so here's a look back at everything that went up over the last twelve months—there's a lot of stuff I'm sure you all read & other things you'd be forgiven for missing, so let's recap (thread)
the year kicked off with shmuplations' first big video project: a subtitled translation of a 2016 NHK documentary on the 30th anniversary of Dragon Quest which features interviews with Yuji Horii, Koichi Nakamura, Akira Toriyama, and Koichi Sugiyama https://t.co/JCWA15RTlx
following DQ30 was one of the most popular articles of the year: an assortment of interviews with composers Yuzo Koshiro and Motohiro Kawashima concerning the music of Streets of Rage 1, 2 & 3 https://t.co/QUtyC9W12Z their comments on SoR3 in particular were full of gems
Game Designers: The Next Generation profiled six potential successors to the likes of Shigeru Miyamoto & Hironobu Sakaguchi, some of who you may recognise: Kazuma Kaneko, Takeshi Miyaji (1966-2011), Noboru Harada, Kan Naitou, Takashi Tokita & Ryoji Amano https://t.co/lWZU3PLvwX
from the 2010 Akumajou Dracula Best Music Collections Box, a subbed video feature on long-time Castlevania composer Michiru Yamane https://t.co/NMJe4ROozR sadly, Chiruru has since passed; Yamane wrote these albums in his honor
https://t.co/orlgPTDsKK
https://t.co/QnQl8KI9IX
the year kicked off with shmuplations' first big video project: a subtitled translation of a 2016 NHK documentary on the 30th anniversary of Dragon Quest which features interviews with Yuji Horii, Koichi Nakamura, Akira Toriyama, and Koichi Sugiyama https://t.co/JCWA15RTlx
following DQ30 was one of the most popular articles of the year: an assortment of interviews with composers Yuzo Koshiro and Motohiro Kawashima concerning the music of Streets of Rage 1, 2 & 3 https://t.co/QUtyC9W12Z their comments on SoR3 in particular were full of gems
Game Designers: The Next Generation profiled six potential successors to the likes of Shigeru Miyamoto & Hironobu Sakaguchi, some of who you may recognise: Kazuma Kaneko, Takeshi Miyaji (1966-2011), Noboru Harada, Kan Naitou, Takashi Tokita & Ryoji Amano https://t.co/lWZU3PLvwX
from the 2010 Akumajou Dracula Best Music Collections Box, a subbed video feature on long-time Castlevania composer Michiru Yamane https://t.co/NMJe4ROozR sadly, Chiruru has since passed; Yamane wrote these albums in his honor
https://t.co/orlgPTDsKK
https://t.co/QnQl8KI9IX
The Great Software Stagnation is real, but we have to understand it to fight it. The CAUSE of the TGSS is not "teh interwebs". The cause is the "direct manipulation" paradigm : the "worst idea in computer science" \1
Progress in CS comes from discovering ever more abstract and expressive languages to tell the computer to do something. But replacing "tell the computer to do something in language" with "do it yourself using these gestures" halts that progress. \2
Stagnation started in the 1970s after the first GUIs were invented. Every genre of software that gives users a "friendly" GUI interface, effectively freezes progress at that level of abstraction / expressivity. Because we can never abandon old direct manipulation metaphors \3
The 1990s were simply the point when most people in the world finally got access to a personal computer with a GUI. So that's where we see most of the ideas frozen. \4
It's no surprise that the improvements @jonathoda cites, that are still taking place are improvements in textual representation : \5
The Great Software\xa0Stagnation https://t.co/A6peSPERaU
— Jonathan Edwards (@jonathoda) January 1, 2021
Progress in CS comes from discovering ever more abstract and expressive languages to tell the computer to do something. But replacing "tell the computer to do something in language" with "do it yourself using these gestures" halts that progress. \2
Stagnation started in the 1970s after the first GUIs were invented. Every genre of software that gives users a "friendly" GUI interface, effectively freezes progress at that level of abstraction / expressivity. Because we can never abandon old direct manipulation metaphors \3
The 1990s were simply the point when most people in the world finally got access to a personal computer with a GUI. So that's where we see most of the ideas frozen. \4
It's no surprise that the improvements @jonathoda cites, that are still taking place are improvements in textual representation : \5
@JuliaLMarcus @Iplaywithgerms This paper gives documentation on software (with causal reasoning, assumptions reviewed in appendix) for a parametric approach to estimating either "total effects" or "controlled direct effects" with competing events and time-varying
@Iplaywithgerms Total effects capture paths by which treatment affects competing event (e.g. protective total effect of lifesaving treatment on dementia may be wholly/partially due to effect on survival). Controlled direct effects do not capture these paths
@Iplaywithgerms More detailed reasoning on the difference and tradeoffs between total and controlled direct effects and causal reasoning in the point treatment context provided here along with description of some estimators and
@Iplaywithgerms If you are familiar with more robust approaches like IPW or even better TMLE for time-varying treatment, these are trivially adapted to go after the controlled direct effect by simply treating competing events like loss to follow-up (censoring). e.g.
@Iplaywithgerms Examples of IPW estimation of the total effect of a time-varying treatment described in Appendix D of this paper:
https://t.co/RNhcgTBMkb
And here
https://t.co/rMWmwFBWwV
Others in reference lists of above papers.
@Iplaywithgerms Total effects capture paths by which treatment affects competing event (e.g. protective total effect of lifesaving treatment on dementia may be wholly/partially due to effect on survival). Controlled direct effects do not capture these paths
@Iplaywithgerms More detailed reasoning on the difference and tradeoffs between total and controlled direct effects and causal reasoning in the point treatment context provided here along with description of some estimators and
@Iplaywithgerms If you are familiar with more robust approaches like IPW or even better TMLE for time-varying treatment, these are trivially adapted to go after the controlled direct effect by simply treating competing events like loss to follow-up (censoring). e.g.
@Iplaywithgerms Examples of IPW estimation of the total effect of a time-varying treatment described in Appendix D of this paper:
https://t.co/RNhcgTBMkb
And here
https://t.co/rMWmwFBWwV
Others in reference lists of above papers.