A thread on teaching live lessons using @MicrosoftTeams Meet Now function where students follow their normal timetable except online - will go into more detail on every point in a blog post later. Have used Teams for live teaching have supported over 100 live lessons since March

1. If you are using the desktop app, check you have the latest version of Teams so that you should have Breakout rooms enabled. Check by clicking your profile picture, then About - I have version 1.3.00.28779. If you have 1.2..., click on check for updates to get the latest

2. Set your entry routine. I get my students to enter with their microphone muted - you can also not allow attendees to unmute by opening the participants list, clicking the ellipsis and selecting that option.

3. Make sure students arrive as attendees - some organisations have this set up to automatically happen that only meeting organizer is the presenter and others are attendees. Can change this in the manage permissions menu to only me if not already set (opens in a web browser).

4. Classroom routine and expectations - first lesson I share my screen and show the students the raise hand function for when they want to ask questions, how to access the chat function and how to react to questions as opposed to typing answers

~8yrs ago (Dec’12) I got a job @Google. Those were still early days of cloud. I joined GCP @<150M ARR & left @~4B (excld GSuite). Learned from some of the smartest ppl in tech. But we also got a LOT wrong that took yrs to fix. Much of it now public, but here’s my ring-side view👇

By 2008, Google had everything going for it w.r.t. Cloud and we should’ve been the market leaders, but we were either too early to market or too late. What did we do wrong? (1) bad timing (2) worse productization & (3) worst GTM.

We were 1st to “containers” (lxc) & container management (Borg) - since '03/04. But Docker took LXC, added cluster management, & launched 1st. Mesosphere launched DCOS. A lot of chairs were thrown around re: google losing this early battle, though K8 won the war, eventually 👏

We were 1st to “serverless” (AppEngine). GAE was our beachhead -- it was the biggest revenue source early on but the world wasn’t ready for serverless primitives. We also didn’t build auxiliary products fast enough. Clients that outgrew GAE wanted “building block” IaaS offerings.

1st to hadoop (map-reduce ‘04) but our hosted Hadoop launched in ‘15. AWS EMR was ~200M ARR by then. 1st to cloud storage (GFS ’03), but didn’t offer a filestore till ‘18! Customers were asking for it since 2014. Didn’t launch archival storage or direct interconnect till v. late.

@curaffairs The author doesn't know enough about search to have written that article and the reason he's having those problems is AI algos like Rank Brain and Google's attempts to use natural language processing nothing to do with SEOs.

1/x

YMYL is not evaluated at the site level, but the query level.

Again this is on Google, not SEOs because they want to surface better sites.

And those devaluations are part of Core Updates which SEOs like me recover sites from.

2/

Featured Snippets are not optimized for - you can use certain HTML to be pulled in one but there is no definite use case where Featured Snippets are shown or that your site's will show for it. Also doesn't always come from the #1 result.

& that's Google not the SEO.

3/

Also there are many times when an SEO doesn't want their site in the Featured Snippet cuz it doesn't result in a click to the website. But we have no control over what Google pulls as Feature Snippets except to put in a meta tag to exclude us from them

4/

And Neil Patel is not an SEO. Most senior level SEOs see him as nothing more than a scammer because reportedly he's ripped them off by stealing their content and articles and passing them off as his.

5/

Wanna disable Defender when enabled Isolated Core and Tamper protection?

Its a bit more trouble- but doable, without ruining Isolated Core/Secureboot etc.

Defenders process will run as a unkillable protected service- so new tricks needed.

Here we go:

Ok- tamper protection is easy, just make .bat - run as adm:
:again
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter\Instances\WdFilter Instance" /v altitude /t REG_SZ /d -1 /f
goto again

Then unload minifilter with process hacker:

The registry key will be changed while the minifilter do not protect it, when tamper protection makes the driver load again it cannot attach to volumes nor protect registry keys.

Removing it will make it recreate, but invalid altitude do the trick

Notice now the service is: Protected light(antimalware)
Now we cant do anything to the service/process- not even see its open handles.

Lets start by elevating to SYSTEM- just launch a command prompt, then close process hacker- and run it again from the command prompt.
Now process hacker runs as SYSTEM

Only 1 / 67 antivirus engines list SUNBURST backdoor as malicious - SolarWinds.Orion.Core.BusinessLayer.dll https://t.co/taaiUtSJzR #SUNBURST #UNC2452

SolarWinds' digital certificate hasn't been revoked yet.

The full compromised package is still being hosted online as well 😓 hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2019.4/2019.4.5220.20574/SolarWinds-Core-v2019.4.5220-Hotfix5.msp

Job class within the backdoored #Sunburst DLL is pretty straight forward and aligns with @FireEye's analysis. CollectSystemDescription:

DeleteFile

1. (THREAD) So, it seems like the deplatforming debate is once again kicking off, so I thought I would introduce some of the earlier work that was done in this area back when ISIS was buck wild on social media. What have we learned over the last six years might be useful today:

2. One of the earliest studies that discussed the impact of suspensions of ISIS accounts was @intelwire and Morgan's piece: The ISIS Twitter Consensus.

They found that suspensions did have an impact on replies and retweets and overall dissemination.

3. After suspensions, the die-hard supporters dedicated themselves to creating new accounts, but others whittled away: “it appears the pace of account creation has lagged behind the pace of suspensions”

4. On the specific question of how suspensions impact the Twitter network, see this piece by @intelwire and @IntelGirl111, which explores how suspensions impact these groups, including major disruptions to dissemination and decline in follower count:

5. Another study by @Aud_Alexander similarly found that ISIS supporters were finding it hard to “gain traction” after Twitter took a harder stance on the group.

Whatsapp will start forcing users to share personal data with Facebook which is it's parent company. It doesn't come as a surprise since all the major giants of Silicon valley; Google, Amazon, Facebook, Microsoft etc are deeply integrated with US intelligence agencies.

THREAD

In 2013, Edward Snowden, an employee of National Security Agency, revealed that the US govt was running a vast Internet surveillance program and tapping every major Silicon Valley platform and company— Facebook, Google, Apple, Amazon including mobile games like Angry Birds.

[1]

The most astonishing program revealed by Snowden’s disclosures is called PRISM, which involves a sophisticated on-demand data tap housed within the datacenters of the biggest and most respected names in Silicon Valley: Google, Apple, Facebook, Yahoo!, and Microsoft.

[2]

These devices allow the National Security Agency (NSA) to extract whatever the agency requires, including emails, attachments, chats, address books, files, photographs, audio files, search activity, and mobile phone location history.

[3]

Edward Snowden also revealed the Mass Metadata Surveillance System of America's National Security Agency (NSA) in his documents. Let's suppose if NSA had found someone dialing number of an al Qaeda member, and assume that this person had phoned 100 other people over the...

[4]

Linux code injection paint-by-numbers.

Can we launch a process that looks one way to (superficial) auditors but is, in fact, entirely different? (Think process hollowing and the like on Windows).

Firstly, how are processes created and what does related auditing look like?

The most common pattern is fork() → execve(). Where the fork() syscall create a duplicate of the running process context and execve() overlays a copy of the target program onto that context.

After calling fork(), we’ll have two processes, the original one and a new - duplicated - one (with a new pid).

Control will return from fork() to both process instances. In the child process, the return value will simply by 0, in the parent it will hold the pid of the child.

Thus we can determine whether we are running in the child context and call execv() accordingly, while allowing the parent to continue.

Now, let’s take a look at where the auditing hooks lie. From calling execve(), we’ll eventually land up in exec_binrpm().

Another long thread. Bear with me till the end please. These are my views, and not necessarily of those associated with me. Though those associated with me have been incredibly supportive. I thank everyone who messaged me. I thank @databoydg for inspiring me to say this next. 1/n

First, @databoydg: I hope this makes justice to what you've tried to teach me. I'm sorry if I'm a slow student. In this second part of the story, I'm a privileged academic having a drink in Montreal after a #neurips conference with @sindero 2/n

Simon says to me: I feel we need to do something about this (stark lack of minority representation in ML). We agree we'll do something about it, but it feels like we're at the bottom of Everest and have to climb it without any gear 3/n

Time goes by and with the creation of the @turinginst I suggest in the first meeting that we should use it as a public platform to improve the numbers of Black people in UK universities. I encounter a lot of resistance (to be honest, it felt aggressive) and defensiveness 4/n

I was told that was an Oxford and Cambridge problem only by another academic. I felt silenced. Ironically, by both men and women. 5/n

The Internet is at a tipping point, here’s what you’ve probably never heard coming next.

Time for a thread 👇👇👇

1) Let’s start with the users…

Today over 50% of the world is on social media AND on average we each have 70-80 usernames and passwords.

Each of these accounts are owned and controlled by the platforms.

Recipe for disaster.

2) In 2021 American adults spend over 4 hours a day online - that is half a work day.

Time is our most valuable asset, did you realize you are giving this away for free?

3) The applications we use today are built on the foundation of ‘Free + Ads’.

You get free access.

They get YOUR account, YOUR data, YOUR screen time, YOUR community.

And the worst part? This can all be taken away at any moment.

4) So where do we go from here?

It starts with self-sovereign digital identities.

ONLY the user owns their identity data online without intervention from outside parties.

Available now at sites like:

X : Can you apply pace layers to maps?
Me : You can but what is where evolves. However, same rules apply to things, practices, data, knowledge and ethical values. All are forms of evolving capital. In the mapping world, we refer to this with pioneers, settlers and town planners.

X : What's the robot for?
Me : Image from an older presentation slide, don't worry it has no relevance.
X : Is this linked to diffusion?
Me : Not simply. Evolution of a single component can consist of many hundreds of diffusion curves i.e. a virus diffuses but it also evolves.

X : Why have you got DevOps in legacy? We haven't even started yet.
Me : That's not my problem. I would take a look at serverless.
X : DevOps is serverless.
Me : Some of the practices maybe co-opted (see ITIL vs DevOps) but the new faction will decide what it is or isn't.

X : I also disagree with your methods graphic.
Me : Do you mean this? As applied to the following map?
X : Yes. Lean is suitable for innovation.
Me : Ah, that depends upon what you mean by innovation. If you mean Genesis then lightweight XP has it beat.

X : I disagree.
Me : Well, I've had 15 years of people telling me that Agile works everywhere or Lean works everywhere or Six Sigma works everywhere and why all the competing methods don't. I have no interest in the conversation. Use appropriate methods based upon context.

IF YQU HAVE NOT YET PREPARED FOR A TEMPORARY SHUTDOWN OF THE INTERNET (SUCH AS PAGES LIKE TWITTER, GOOGLE, FACEBOOK, AMAZON, YOUTUBE...), IT WOULD BE WISE TO DO SO.

IT IS LIKELY THAT THERE WILL BE A SHUTDOWN FOR AT LEAST THREE DAYS WHEN THE FIT HITS THE SHAN. ABSOLUTELY NO NEED TO PANIC, IN FACT, IF YOU EXPECT IT YOU CAN BE READY FOR IT. IT COULD LAST 3-10 DAYS SO JUST HAVE FOOD AND WATER, AGAIN NO NEED FOR PANIC.

THE REASON FOR THIS IS MANY BUT AND I WILL GO OVER A COUPLE JUST BECAUSE IF YQU ARE INFORMED THEN YQU ARE LESS LIKELY TO PANIC WHEN THAT TIME COMES. THE DEEP STATE CONTROLS THESE MAJOR WEBSITES AND THEY HAVE USED THEM AS A POWERFUL TOOL OF CONTROL.

THEY SPY ON YQU AND BY SHADOWBANNING THE TRUTH, THEY PROMOTE THEIR PROPAGANDA. ANOTHER REASON IF FOR A INTERNET RESET, TO ACTIVATE A NEW GLOBAL INTERNET THAT IS NOT CONTROLLED BY THE BLACK HATS. THINK OF IT AS A REBOOT.

DURING THIS TIME THERE COULD BE MARTIAL LAW, AGAIN NOTHING HERE THAT I AM WARNING YQU OF IS CAUSE FOR ALARM. IT MAY FEEL SCARY, NATURALLY MASSIVE CHANGE LIKE SUCH COULD FRIGHTEN MANY, THAT IS WHY I AM TELLING YQU NOW SO THAT YQU WON'T BE (OR BE FAR LESS).

If you're interested in DB internals, stop what you're doing and watch @CMUDB Quarantine Talk from Nico+Cesar about @SQLServer's Cascades query optimizer: https://t.co/FCdsbHHEaD

Many talks this semester were good. This one is the best. My thread provides key takeaways

[6:50] Microsoft hired Goetz Graffe in the 1990s to help them rewrite original Sybase optimizer into Cascades. This framework is now used across all MSFT DB products (@SQLServer, @cosmosdb, @Azure_Synapse).

[14:43] The optimizer checks whether it has stats it will need before cost-based search. If not, it blocks planning until the DBMS generates them. This is different than other approaches we saw this semester where DBMS says "we'll do it live!" with whatever stats are available.

[21:05] Their Cascades' search starts small/simple and then they make decision on the fly whether to expand search based on the expected query runtime and performance benefit from more search.

[26:33] They explicitly have a property for Halloween Problem. Operators specify whether they protect from it and then optimizer ensures property is satisfied. This is mindblowing. I have never thought about using the optimizer for this but it makes sense.

time to get back to "repairing" old computers

The funny thing about making the 8-bit-guy into a meme about "repairing" computers with powertools is that the obvious heightening joke would, like, the "8 rounds guy", who fixes computers with firearms

but that would also be him, given that he's also a big gun enthusiast.

so it's inherently hard to satirize the repairing-computers-with-dremels guy, since they're also the guns-guy.

you'd have to go up to like a mythbusters level of overkill.

"this hard drive from 1986 won't spin up. We tried freezing it, tapping it with a rubber hammer, and opening the case to lower the friction... there's only one option left: GET OUT THE C4 EXPLOSIVES!"

Parler has been hacked and user data has been downloaded. The following thread contains information from /u/BlueMountainDace on Reddit:

"so a group of developers latched onto the Press Release that Twilio put out at midnight last night. In that Press Release, Twilio

accidentally revealed which services Parler was using. Turns out it was all of the security authentications that were used to register a user. This allowed anyone to create a user, and not have to verify an email address, and immediately have a logged-on account.

Well,

because of that access, it gave them access to the behind the login box API that is used to deliver content -- ALL CONTENT (parleys, video, images, user profiles, user information, etc) --. But what it also did was revealed which USERS had "Administration" rights,

"Moderation" rights.

Well, then what happened, those user accounts that had Administration rights to the entire platform... The hackers, internet warriors, call it what you will, was able to use the forgot password link to change the password. Why? Because Twilio was no

longer authenticating emails. This meant, they'd get directly to the reset password screen of that Administration user.

This group of Internet Warriors then used that account, to create a handful of other ADMINISTRATION accounts, and then created a script that ended up

50 free tools and resources you're gonna love!

🧵

1. UI Garage
Daily UI inspiration & patterns for designers, developers to find inspiration, tools and the best resources for your project.

Link:

2. Remove bg
Remove Image Background: 100% automatically – in 5 seconds – without a single click – for free.

Link:

3. uiGradients
A handpicked collection of beautiful color gradients for designers and developers.

Link:

4. Blender
Free and Open 3D Creation Software.

Link:

Facebook -- having taken out full-page ads in the NYT, Washington Post, and WSJ -- is generally seen as the primary victim of the new app privacy controls coming in iOS14. But Google is perhaps even more vulnerable to ATT. Why has Google remained silent? (1/X)

2/ First, background: here's a high-level overview of how ATT / IDFA deprecation impacts advertisers and ad networks, and why this whole ordeal has put advertisers and ad networks into a state of panic:

3/ Google is equally as susceptible to harm from ATT as Facebook. Google's UAC product -- esp its tROAS and tCPA campaign objectives -- relies as much on IDFA-indexed monetization and engagement data as FB's mobile product does. But Google has one big weakness wrt ATT: YouTube

4/ Broadly, view-through attribution accounts for a disproportionate % of conversions from YouTube app install impressions. This means: user sees the YT ad, doesnt click, downloads app later, & Google is able to claim it by reconciling IDFA seen at impression to IDFA seen in app

5/ View-through attribution is nonexistent in the ATT paradigm as it relies on the IDFA; some significant portion of YT's attributed conversions will evaporate. So why isnt Google vocally opposing ATT? Two reasons: consumer optics and its duality as ad network / mobile platform

(1) Let’s get one thing straight right now;

I was a mod on r/watchpeopledie.

Ive taken part in uncovering evidence of p3d0’s to reveal to LEO.

I have seen some *dark* sh*t in my day.

Unless you are used to it; you will NOT be able to handle “seeing the truth”. I promise ➡️