1. If you are using the desktop app, check you have the latest version of Teams so that you should have Breakout rooms enabled. Check by clicking your profile picture, then About - I have version 1.3.00.28779. If you have 1.2..., click on check for updates to get the latest
2. Set your entry routine. I get my students to enter with their microphone muted - you can also not allow attendees to unmute by opening the participants list, clicking the ellipsis and selecting that option.
3. Make sure students arrive as attendees - some organisations have this set up to automatically happen that only meeting organizer is the presenter and others are attendees. Can change this in the manage permissions menu to only me if not already set (opens in a web browser).
4. Classroom routine and expectations - first lesson I share my screen and show the students the raise hand function for when they want to ask questions, how to access the chat function and how to react to questions as opposed to typing answers
By 2008, Google had everything going for it w.r.t. Cloud and we should’ve been the market leaders, but we were either too early to market or too late. What did we do wrong? (1) bad timing (2) worse productization & (3) worst GTM.
We were 1st to “containers” (lxc) & container management (Borg) - since '03/04. But Docker took LXC, added cluster management, & launched 1st. Mesosphere launched DCOS. A lot of chairs were thrown around re: google losing this early battle, though K8 won the war, eventually 👏
We were 1st to “serverless” (AppEngine). GAE was our beachhead -- it was the biggest revenue source early on but the world wasn’t ready for serverless primitives. We also didn’t build auxiliary products fast enough. Clients that outgrew GAE wanted “building block” IaaS offerings.
1st to hadoop (map-reduce ‘04) but our hosted Hadoop launched in ‘15. AWS EMR was ~200M ARR by then. 1st to cloud storage (GFS ’03), but didn’t offer a filestore till ‘18! Customers were asking for it since 2014. Didn’t launch archival storage or direct interconnect till v. late.
Its a bit more trouble- but doable, without ruining Isolated Core/Secureboot etc.
Defenders process will run as a unkillable protected service- so new tricks needed.
Here we go:
Ok- tamper protection is easy, just make .bat - run as adm:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter\Instances\WdFilter Instance" /v altitude /t REG_SZ /d -1 /f
Then unload minifilter with process hacker:
The registry key will be changed while the minifilter do not protect it, when tamper protection makes the driver load again it cannot attach to volumes nor protect registry keys.
Removing it will make it recreate, but invalid altitude do the trick
Notice now the service is: Protected light(antimalware)
Now we cant do anything to the service/process- not even see its open handles.
Lets start by elevating to SYSTEM- just launch a command prompt, then close process hacker- and run it again from the command prompt.
Now process hacker runs as SYSTEM
IT IS LIKELY THAT THERE WILL BE A SHUTDOWN FOR AT LEAST THREE DAYS WHEN THE FIT HITS THE SHAN. ABSOLUTELY NO NEED TO PANIC, IN FACT, IF YOU EXPECT IT YOU CAN BE READY FOR IT. IT COULD LAST 3-10 DAYS SO JUST HAVE FOOD AND WATER, AGAIN NO NEED FOR PANIC.
THE REASON FOR THIS IS MANY BUT AND I WILL GO OVER A COUPLE JUST BECAUSE IF YQU ARE INFORMED THEN YQU ARE LESS LIKELY TO PANIC WHEN THAT TIME COMES. THE DEEP STATE CONTROLS THESE MAJOR WEBSITES AND THEY HAVE USED THEM AS A POWERFUL TOOL OF CONTROL.
THEY SPY ON YQU AND BY SHADOWBANNING THE TRUTH, THEY PROMOTE THEIR PROPAGANDA. ANOTHER REASON IF FOR A INTERNET RESET, TO ACTIVATE A NEW GLOBAL INTERNET THAT IS NOT CONTROLLED BY THE BLACK HATS. THINK OF IT AS A REBOOT.
DURING THIS TIME THERE COULD BE MARTIAL LAW, AGAIN NOTHING HERE THAT I AM WARNING YQU OF IS CAUSE FOR ALARM. IT MAY FEEL SCARY, NATURALLY MASSIVE CHANGE LIKE SUCH COULD FRIGHTEN MANY, THAT IS WHY I AM TELLING YQU NOW SO THAT YQU WON'T BE (OR BE FAR LESS).
SolarWinds' digital certificate hasn't been revoked yet.
The full compromised package is still being hosted online as well 😓 hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2019.4/2019.4.5220.20574/SolarWinds-Core-v2019.4.5220-Hotfix5.msp
Job class within the backdoored #Sunburst DLL is pretty straight forward and aligns with @FireEye's analysis. CollectSystemDescription:
"so a group of developers latched onto the Press Release that Twilio put out at midnight last night. In that Press Release, Twilio
accidentally revealed which services Parler was using. Turns out it was all of the security authentications that were used to register a user. This allowed anyone to create a user, and not have to verify an email address, and immediately have a logged-on account.
because of that access, it gave them access to the behind the login box API that is used to deliver content -- ALL CONTENT (parleys, video, images, user profiles, user information, etc) --. But what it also did was revealed which USERS had "Administration" rights,
Well, then what happened, those user accounts that had Administration rights to the entire platform... The hackers, internet warriors, call it what you will, was able to use the forgot password link to change the password. Why? Because Twilio was no
longer authenticating emails. This meant, they'd get directly to the reset password screen of that Administration user.
This group of Internet Warriors then used that account, to create a handful of other ADMINISTRATION accounts, and then created a script that ended up
YMYL is not evaluated at the site level, but the query level.
Again this is on Google, not SEOs because they want to surface better sites.
And those devaluations are part of Core Updates which SEOs like me recover sites from.
Featured Snippets are not optimized for - you can use certain HTML to be pulled in one but there is no definite use case where Featured Snippets are shown or that your site's will show for it. Also doesn't always come from the #1 result.
& that's Google not the SEO.
Also there are many times when an SEO doesn't want their site in the Featured Snippet cuz it doesn't result in a click to the website. But we have no control over what Google pulls as Feature Snippets except to put in a meta tag to exclude us from them
And Neil Patel is not an SEO. Most senior level SEOs see him as nothing more than a scammer because reportedly he's ripped them off by stealing their content and articles and passing them off as his.
Time for a thread 👇👇👇
1) Let’s start with the users…
Today over 50% of the world is on social media AND on average we each have 70-80 usernames and passwords.
Each of these accounts are owned and controlled by the platforms.
Recipe for disaster.
2) In 2021 American adults spend over 4 hours a day online - that is half a work day.
Time is our most valuable asset, did you realize you are giving this away for free?
3) The applications we use today are built on the foundation of ‘Free + Ads’.
You get free access.
They get YOUR account, YOUR data, YOUR screen time, YOUR community.
And the worst part? This can all be taken away at any moment.
4) So where do we go from here?
It starts with self-sovereign digital identities.
ONLY the user owns their identity data online without intervention from outside parties.
Available now at sites like:
* being spied on all the time means that the people of the 21st century are less able to be their authentic selves;
* any data that is collected and retained will eventually breach, creating untold harms;
* data-collection enables for discriminatory business practices ("digital redlining");
* the huge, tangled hairball of adtech companies siphons lots (maybe even most) of the money that should go creators and media orgs; and
* anti-adblock demands browsers and devices that thwart their owners' wishes, a capability that can be exploited for even more nefarious purposes;
That's all terrible, but it's also IRONIC, since it appears that, in addition to everything else, ad-tech is a fraud, a bezzle.
Bezzle was John Kenneth Galbraith's term for "the magic interval when a confidence trickster knows he has the money he has appropriated but the victim does not yet understand that he has lost it." That is, a rotten log that has yet to be turned over.
Bezzles unwind slowly, then all at once. We've had some important peeks under ad-tech's rotten log, and they're increasing in both intensity and velocity. If you follow @Chronotope, you've had a front-row seat to the
The numbers are all fking fake, the metrics are bullshit, the agencies responsible for enforcing good practices are knowing bullshiters enforcing and profiting off all the fake numbers and none of the models make sense at scale of actual human users. https://t.co/sfmdrxGBNJ pic.twitter.com/thvicDEL29— Aram Zucker-Scharff (@Chronotope) December 26, 2018
I’ve been on the phone with colleagues about the hack all morning. None of us can figure out why #CISA chose this particular response to the breach. Couple of things struck us as curious.
The agencies targeted are not responding how you might expect...
JUST RELEASED: Emergency Directive 21-01 calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately. Read more: https://t.co/VFZ81W2Ow7— Cybersecurity and Infrastructure Security Agency (@CISAgov) December 14, 2020
Many talks this semester were good. This one is the best. My thread provides key takeaways
[6:50] Microsoft hired Goetz Graffe in the 1990s to help them rewrite original Sybase optimizer into Cascades. This framework is now used across all MSFT DB products (@SQLServer, @cosmosdb, @Azure_Synapse).
[14:43] The optimizer checks whether it has stats it will need before cost-based search. If not, it blocks planning until the DBMS generates them. This is different than other approaches we saw this semester where DBMS says "we'll do it live!" with whatever stats are available.
[21:05] Their Cascades' search starts small/simple and then they make decision on the fly whether to expand search based on the expected query runtime and performance benefit from more search.
[26:33] They explicitly have a property for Halloween Problem. Operators specify whether they protect from it and then optimizer ensures property is satisfied. This is mindblowing. I have never thought about using the optimizer for this but it makes sense.
2. One of the earliest studies that discussed the impact of suspensions of ISIS accounts was @intelwire and Morgan's piece: The ISIS Twitter Consensus.
They found that suspensions did have an impact on replies and retweets and overall dissemination.
3. After suspensions, the die-hard supporters dedicated themselves to creating new accounts, but others whittled away: “it appears the pace of account creation has lagged behind the pace of suspensions”
4. On the specific question of how suspensions impact the Twitter network, see this piece by @intelwire and @IntelGirl111, which explores how suspensions impact these groups, including major disruptions to dissemination and decline in follower count:
5. Another study by @Aud_Alexander similarly found that ISIS supporters were finding it hard to “gain traction” after Twitter took a harder stance on the group.
There are seperate hyperlinks for terms and privacy policies. Both these hyperlinks lead to multiple pages of contracts written in a very jargonised language. A few things I noted :
The information 'we' provide to #WhatsApp include our messages. Also WhatsApp claims that it is end to end encrypted BUT,
BUT if your friend / enemy / boyfriend / family or anyone is offline and your message sent to him cannot be delivered #immediately, it will be saved on #WhatsApp servers for 30 days.
Also: When you forward media msg in #WhatsApp that media is stored temporarily in encrypted form on it's servers to aid in more efficient delivery of additional forwards. Tada! (Consider a thousand times before sending any images; news anchors can officially read your chats.)
Can we launch a process that looks one way to (superficial) auditors but is, in fact, entirely different? (Think process hollowing and the like on Windows).
Firstly, how are processes created and what does related auditing look like?
The most common pattern is fork() → execve(). Where the fork() syscall create a duplicate of the running process context and execve() overlays a copy of the target program onto that context.
After calling fork(), we’ll have two processes, the original one and a new - duplicated - one (with a new pid).
Control will return from fork() to both process instances. In the child process, the return value will simply by 0, in the parent it will hold the pid of the child.
Thus we can determine whether we are running in the child context and call execv() accordingly, while allowing the parent to continue.
Now, let’s take a look at where the auditing hooks lie. From calling execve(), we’ll eventually land up in exec_binrpm().
Let's start with some definitions:
❓ Docker client
🪣 Docker Registry
Definitions Below 👇
🏠Docker (Active) Host
A computer with Docker installed and the daemon running.
It can process Docker and non-Docker workloads.
A Client-Server application. It has 3 components:
- "daemon process": A server that is a type of long-running program.
- "Rest API": to specify interfaces that programs can use to talk and interact with the daemon.
- "CLI": A command-line interface client
It sends commands to dockerd, using the Docker API.
It can communicate with multiple daemons.
It's a text document that contains all the commands a user could call on the command line to assemble an image.
Boy do I have some mindblowing statistics for you...
I compared the current mail-in voting tallies for each Congressional District against November mail-in votes for those districts.
The statewide figure currently sits at 62%. Guess which district leads the state?
You guessed it!
GA-14 at 69%. Marjorie Taylor Greene's district.
#2 is GA-8 at 68%.
Jody Hice of "I'm joining Marjorie Taylor Greene in her effort to throw out the Electoral College vote" fame.
GA-9 (Doug Collins) is above the state average at 64%.
IF Republicans were ditching absentee balloting en masse to vote on Election Day, you'd expect to see it by now. But the early *in-person* voting totals are what's actually lagging, not mail-in voting.
Pardon the sloppy spreadsheet, but those last 4 columns are what I'm looking at. The last one in particular.
These websites will help you create professional mockups for your applications:
1. Shot Snap:
Create beautiful device mockup images for your app or website
2. Smart Mockups:
Create stunning product mockups (free & premium)
Instantly turn your screenshot into a mockup
4. Screenshot .rocks:
Create beautiful browser & mobile mockups in seconds.