BC INTERNET
Saved by @Alex1Powell

SolarWinds follow up. Very good tweet explaining what happened.

 Basically what this means is that SolarWinds itself was exploited. Someone posted an infected update as legitimate (digitally signed), leading customers to download a bad update.
“Multiple trojanized updates were digitally signed from March - May 2020 and posted to the SolarWinds updates website” https://t.co/8e3bMFWXYu
FireEye then explains that infected organizations were approached and exploited. This is a separate Step 2.
At this point, information is already going to “malicious domains” without extra intervention, after the malware does nothing for “up to two weeks”
But the cyber thieves take the opportunity to move around (“laterally”) inside the infected organization.
Bad actor = UNC42.
Trojan software = SUNBURST.
Basically the intruder tiptoes around the infected network grabbing more stuff.
As Chris Krebs pointed out, the hack is “resource intensive” because it takes a lot of work to do some of this. For example to create a malicious false domain with the same information as in the victim’s network.
What this means is that certain “choice” organizations are such significant targets that the cyber thief dwells on ensuring they can rummage around (spy on emails for example) undetected.
There is no definitive proof I have seen that Russia perpetrated this hack. Why won’t the media say that China or Iran or some other country could have done it?
Six years ago, another company

https://t.co/lzTINHgyAt
“Members of China's military systematically hacked the computers of SolarWorld USA, engaging in corporate espionage with the possible aim of advantaging SolarWorld's Chinese rivals, the US government alleges.” (May 19, 2014)
“Chinese bank forced western companies to install malware-laced tax software

GoldenSpy backdoor trojan found in a Chinese bank's official tax software, which the bank has been forcing western companies to install.” https://t.co/iEcdevXS7q
Another one from China: “execute files downloaded from a remote command and control (C&C) server, and update or uninstall itself.” https://t.co/CpTRlx3n8h
They tell us China is the biggest threat to our security and then refuse to publicly say that China could have done it, instead reflexively naming Russia. https://t.co/4ZOhYgWT03
Even the official denials are well known! https://t.co/29Hd0wJilI
“A bombshell report claims that China has been developing a massive spying operation for a few years that involved building hardware backdoors into critical server components with the help of microchips no bigger than a grain of rice or the tip of a sharpened pencil.”
“Those chips, once placed on motherboards that go into popular servers, would be able to help Chinese spies access information that would otherwise be unavailable to them.”
“Secret Backdoor in Some Low-Priced Android Phones Sent Data to a Server in China”
https://t.co/MQoZ3XEtgc
“Pompeo warns governors of Chinese infiltration into US: 'It's happening in your state'” (February 2020)

https://t.co/inXsE8UxAl
IS THE SOLARWINDS HACK RELATED TO ELECTION INTERFERENCE AS SOMEONE SUGGESTED HERE ON TWITTER (sorry I can’t find your tweet at the moment)
DID SOMEONE GAIN ACCESS TO THE STATES AND MESS WITH THEIR COMPUTERS SO THAT ELECTION DATA WAS SENT TO CHINA
THE REPORT ON FOREIGN ELECTION INTERFERENCE DROPS BY FRIDAY
Pompeo said to the governors: “The Chinese government has been methodical in the way it's analyzed our system... it's assessed our vulnerabilities and it's decided to exploit our freedoms, to gain an advantage over us at the federal level, the state level and the local level."
Pompeo warned them that we know.
“I'd be surprised if most of you in the audience had not been lobbied by the Chinese Communist Party directly."
“He said groups loyal to communist China are operating out in the open in Virginia, Minnesota, Florida and dozens of other states all around the country.”
“Other Chinese groups, however, practice their nefarious actions in the shadows in an attempt to exercise influence over U.S. citizens and lawmakers.”
Examples like “a diplomat from China, assigned here to the United States, a representative of the Chinese Communist Party, in New York City, sending a letter urging that an American elected official shouldn’t exercise his right to freedom of speech”
THEY ARE ATTACKING OUR CHILDRENS MINDS SAID POMPEO THROUGH THE SCHOOLS
“The secretary said ...that Chinese officials based in the U.S. are actively seeking to sow seeds of chaos at the state and local level -- specifically in the realm of education on college campuses and K-12 classrooms.”
“Maybe some of you have heard about the time when the Chinese consulate paid the UC San Diego students to protest the Dalai Lama. It shows depth. It shows systemization. It shows intent.”
WAKE UP WAKE UP WAKE UP REMEMBER CYNTHIA A JOHNSON PLAYING PING PONG IN DETROIT WITH THE CHINESE OFFICIAL
“Chinese Communist party officials, too, are cultivating relationships with county school boards and local politicians -- Often through what are known as 'Sister City Programs' ... This competition is well underway."
REMEMBER THE HARVARD PROFESSOR ARRESTED CHARLES LIEBER NANOTECHNOLOGY GOT PAID FROM “THOUSAND TALENTS PLAN”
“Pompeo also spoke about China's campaign to recruit U.S. scientists and academics to share vital secrets, in exchange for monetary gain through their ‘Thousand Talents Plan,’”
“a campaign that has already targeted scientists and professors on campuses such as Virginia Tech and Harvard and triggered investigations by the Department of Justice (DOJ).”
https://t.co/bozYbHtPqb
CHINA TURNS STUDENTS INTO SPIES
“He also explained how Beijing pressures Chinese students in the U.S. to keep an eye on their fellow countrymen and report back to the government about their activities.”
CHINA PROPAGANDA FLOODS KIDS MINDS AND THE AIRWAVES
“China’s propaganda starts even earlier than college. China has targeted K-12 schools around the world”
THE FAKE NEWS OWNERS DO BUSINESS WITH CHINA THAT AFFECTS OBJECTIVITY https://t.co/dnCgXIUOQg
“Pompeo then warned state governors about doing business with China and said it is common to indirectly finance communism without realizing it.”
“I want to urge vigilance on the local level too”
“I hope you will all take on board what I've said today. Don’t lose sight of the competition from China that's already present in your state. Let's all rise to the occasion and protect our security, our economy, indeed all that we hold dear."
@threadreaderapp unroll
@threader_app compile

More from Dannielle (Dossy) Blumenthal PhD

Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
“We have been reduced to a community of paranoid hypochondriacs, afraid that every breath will kill us” - Rabbi Chananya Weissman

“that the most basic human contact is an unreasonable roll of the dice, that everything we once considered normal and even obligatory must be off limits indefinitely – in some cases even forever.

This is insane. This is against everything the Torah teaches us.”

“not denying that covid is real & should be taken seriously. At the same time, I am denying...the angel of death is roaming among us, felling people left & right like Biblical plagues. This is not a Biblical plague. There are a million ways we can die...covid is just another 1.”

“I don't want to get it, and I don't want to give it to anyone else, but the terror that we have been living with for the last year is unjustified. Because of this terror, one third of Israel is currently living in poverty, with many others barely hanging on.”

“Drug and alcohol abuse are up; domestic abuse is up; suicides are up; social workers are overwhelmed; elderly people are dying from loneliness; children are traumatized; parents are falling apart; thousands of businesses have closed forever; and so much more.”
FOR LATER READ
Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
I previously did a wellness check on @SaRaAshcraft that resulted in her becoming very angry at me. She isn’t posting on Twitter. I am hoping that she is under Federal protection right now.

It wasn’t the wellness check that she was angry about - she thanked me for it - it was the fact that I characterized her as needing medical help.

This was based on her Tweets.

A true friend cares about others but also knows when to back off.

There is not a day that goes by that I do not reflect on Sarah, who is an amazing human being I was privileged to meet over Twitter.

The police officer who did the wellness check on Sarah told me his impression that she is highly intelligent, reported being a trauma victim, and only needed help to be OK.

I understand why the help he offered, eg to go to hospital, might not have been what she wanted.
HEALTH
Advertisement
Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
UNDER OBAMA, China Using OPM Records IT HACKED for Spying
ALL
Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
Shabbat Shalom! It’s Torah Study time! Woo hoo!


If you’re following this thread, sit back and relax because I haven’t done one of these in a while and intend to dig 😊


The Bible portion this week is called “Miketz,” which literally means “from the end of.”

Genesis 41:1-44:17
Supplemental: I Kings 3:15 - 4:1

https://t.co/RF4A7OU6aa


Why would a Bible portion be named “from the end of?”

Because really what it means is “from the end, beginning”

or “the beginning of the end”

Or “the light at the end of the tunnel” (think about the tunnels and how literal that
RELIGION
Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
President Trump speaking momentarily.

The purpose of this thread will be to transcribe his remarks live to the extent possible.

View of the crowd.


Photos


God be with you all.
POLITICS

More from Internet

Alberto Gimeno \U0001f3f3\ufe0f\u200d\U0001f308\U0001f1ea\U0001f1f8\U0001f49c\U0001f90e
Alberto Gimeno 🏳️‍🌈🇪🇸💜...
@gimenete
I'm going to tell you a little bit how we work on features at GitHub. It's simple, but very powerful in my opinion. At GitHub we have a high performance culture.

We are deploying changes almost all the time while keeping the service running and the deployment failure ratio needs to be super low! We are constantly working on new medium/big features, we have frequent deploys and required peer reviews.

How do we know that big features are not conflicting with each other in functionality and in version control. How do we merge the work done in these non-trivial features? How do we do prevent peer reviews slow down our productivity?

With basically two things: split the work in small batches and feature flags. We don't have long-lived feature branches. We do very small changes all the time and deploy them.

We could split a feature in tens or hundreds of PRs, but until it is beta or GA, we don't expose it to users by using feature flags.
INTERNET
Eric Seufert
Eric Seufert
@eric_seufert
Facebook -- having taken out full-page ads in the NYT, Washington Post, and WSJ -- is generally seen as the primary victim of the new app privacy controls coming in iOS14. But Google is perhaps even more vulnerable to ATT. Why has Google remained silent? (1/X)

2/ First, background: here's a high-level overview of how ATT / IDFA deprecation impacts advertisers and ad networks, and why this whole ordeal has put advertisers and ad networks into a state of panic:

3/ Google is equally as susceptible to harm from ATT as Facebook. Google's UAC product -- esp its tROAS and tCPA campaign objectives -- relies as much on IDFA-indexed monetization and engagement data as FB's mobile product does. But Google has one big weakness wrt ATT: YouTube

4/ Broadly, view-through attribution accounts for a disproportionate % of conversions from YouTube app install impressions. This means: user sees the YT ad, doesnt click, downloads app later, & Google is able to claim it by reconciling IDFA seen at impression to IDFA seen in app

5/ View-through attribution is nonexistent in the ATT paradigm as it relies on the IDFA; some significant portion of YT's attributed conversions will evaporate. So why isnt Google vocally opposing ATT? Two reasons: consumer optics and its duality as ad network / mobile platform
INTERNET , SOFTWARE
Advertisement
Giovanni Pagano
Giovanni Pagano
@giovanni_pag
What are the implications of using hacked data for research?

A short thread inspired by the fact that, before AWs took it down, #Parler was extensively hacked and user data was leaked.

The #Parler dataset seems crazy interesting for doing research, and my first reaction after the breach was to shre it with other #CompSocSci ppl.

However, I started having second thoughts, so what follows is to organize ideas and have it somewhere I can look back to.

2/n

Generally speaking, as far as the ethics of research goes a good advice would be to handle hacked data with caution.

First of all, there's an issue of quality. Data might be altered or incomplete, and the source cannot be considered accountable (assuming src is anonymous).

3/n

Secondly and more importantly, a researcher using the data would probably be violating users’ consent and acting against the data collector's will.

Finally, users’ privacy is at stake, since researchers could see material that users didn’t agree for other people to see.

4/n

Sharing private information without consent might put people at risk of harm.

This is all the more true in cases such as the #ParlerHack, where the leaked information is of particularly sensitive nature, and there’s a high risk of unintended consequences.

5/n
INTERNET
Amit Ganguli
Amit Ganguli
@amit_ganguli
Many conversations happening on #WhatsApp (WA) groups about new #WhatsAppPrivacyPolicy .
This thread has arguments to help ditch WA & move to @signalapp:
https://t.co/En4fe9VxUN
Share, use, copy-paste, modify with understanding as you deem fit on any platform in whole or part
1/n

Note: No affiliations, conflict of interest
Info presented with NO bias, prejudice, malice or indemnity.
Open to corrections: individual tweets may be deleted, tweets added to thread or corrected as replies.
Points that are unclear or uncertain are marked with "(?)".
2/n

CONTENT OF WA MESSAGES SHALL REMAIN ENCRYPTED END TO END.
BUT, there's data: contacts, group affiliations, co-affiliations, locations (live?), frequency of contacts, *tags* generated when we send or forward a message or file to contacts or groups, links, clicks on links, etc.
3/n

It is unclear whether this data is anonymized.
NOTHING in latest policy *prevents* the collection, retention, sharing or sale by FaceBook (FB: owner of WA) of this data in part or whole whether with identifying information or anonymized.
Meme source:
https://t.co/nMDTUlb0rl
4/n


Companies need to make money & generate profits:
To create software, install & maintain infrastructure.
Google, FB, Insta, Amazon etc sell data created from our content & data generated from our interactions (searches, clicks, purchases etc).
This makes many uncomfortable.
5/n
INTERNET
Fran\xe7ois Chollet
François Chollet
@fchollet
Here's an overview of key adoption metrics for deep learning frameworks over 2020: downloads, developer surveys, job posts, scientific publications, Colab usage, Kaggle notebooks usage, GitHub data.

TensorFlow/Keras = #1 deep learning solution.


Note that we benchmark adoption vs Facebook's PyTorch because it is the only TF alternative that registers on the scale. Another option would have been sklearn, which has massive adoption, but it isn't really a TF alternative. In the future, I hope we can add JAX.

TensorFlow has seen 115M downloads in 2020, which nearly doubles its lifetime downloads. Note that this does *not* include downloads for all TF-adjacent packages, like tf-nightly, the old tensorflow-gpu, etc.


Also note that most of these downloads aren't from humans, but are automated downloads from CI systems (but none are from Google's systems, as Google doesn't use PyPI).

In a way, this metric reflects usage in production.

There were two worldwide developer surveys in 2020 that measured adoption of various frameworks: the one from StackOverflow, targeting all developers, and the one from Kaggle.
INTERNET

You May Also Like

ArmaniTalks \U0001f399\U0001f525
ArmaniTalks 🎙🔥...
@ArmaniTalks
Shy people are either overthinking or highly observant of the social setting.

And in many cases it can be both.

'So what do I do?'

You learn the 75/25 law.

'What is that?'

The law of charisma...👇

Let's address the over thinkers first.

Do you have any idea why you overthink?

'Yea. Because others are judging how shy I am.'

Incorrect.

Others are thinking about themselves, not you.

But the fact that you think they are thinking about you, you fuck up the interaction.

Now you stay in your head too much & avoid the present moment.

A major no no in the social world.

Your tendency to think that others are judging you for being shy, coincidentally makes you more shy.

And that's when you start giving off a strange vibration to the social setting.

This is when you begin attracting comments like 'why are you so quiet?'
LIFE
Sam
Sam
@SamKhan999
This day was inevitable. Indian Muslims always lived in La La Land. They bad mouthed real well wishers & slept with the enemy who never considered them as part of them. In Gulf, Indian Muslims were busy with Javed Akhtar & Sonu Nigam. Never interacted with South Asian diaspora

Now when Indian Muslims are thrown to wolves it’s Pakistani & Bangladeshi Muslims with whom they kept distance are the only ones feeling their pain. None of the people who they invited for Eid Milan. Qawali & Mushaira are there for them. Such people invoke wrath upon themselves

Indian Muslims never spoke for Kashmiri Muslims. Distancing from separatist was understandable but we never even bothered to highlight their human rights violation & rapes carried out by forces. We could have sent them humanitarian help we didn’t. Our silence made us complicit.

When Sania Mirza married Shoaib Malik it was something legal. A Muslim married another Muslim. Entire Hindutva media went after her. They launched a witch-hunt for months. No Indian Muslim stood by her. All were silent. Now days come when Muslims are arrested for marrying a Hindu

Indian Muslims particularly the elite downplayed communalism in India by saying it will pass or Hindu majority is good. Fringe are bad. They misguiding others. Muslims were always others. Indians were happy to see Muslims sing & dance & eat their food but never considered as own
INDIA
Advertisement
Jaya_Upadhyaya
Jaya_Upadhyaya
@Jayalko1
ANTARVEDI LAKSHMI NARASIMHA SWAMY, EAST GODAVARI DIST.(AP)

Located where Vasistha Godavari joins Bay of Bengal.

Present structure was built by Kapanati Krishnamma of Agnikula Kshatriya clan in 1823.

It is one of the oldest among 32 Narasimha Kshetras in AP.
@LostTemple7


Legend says that here Maharishi Vasishta prayed to Narasimha to end the demon Rakta Vilochana.

Narasimha created Maha Maya, also called Ashwaroodambika or Gurralakka to suck his blood as he got a boon from Brahma that blood falling from his body would produce another demon.


After his death, the stream of blood was let out by Maya to form a pond called Rakta Kulya.

Narasimha,then,washed Sudarshan Chakra at a place called Chakra Tirtha.

Brahma is said to have performed Yagna and installed Shiva Linga here. Hence the place was called Antarvedi.


Later Sri Rama prayed here and Arjun also visited here.

Panchamrita Abhishekam is done every day.
One can have Nijarupa Darshanam (main murti without any decorative shield) between 6.00 a.m. and 8.00 a.m.

Anna Prasadam is very famous and distributed daily from 10:30 to 2 pm.
ALL
Patrick McKenzie
Patrick McKenzie
@patio11
A thread on HN about bad code in legacy projects both makes me think how little we've learned as a discipline over the years and, honestly, how little credit we give ourselves for some pretty major

Fun going down this list and thinking: "Hmm, plausible at a well-run modern software shop", "Hmm, possible, but requires implausible tradeoffs", "Literally disallowed by languages", and "If you were to attempt doing that our test suite wouldn't let you merge."

I think we as an industry celebrate (not quite the right word) failure too much and don't celebrate success nearly enough. There is no DailyWTF for competent execution, word of which generally stays pretty local to the source while incompetence passes into legend.

Alrighty let me try to thread the needle on being the change I want to see in the world while not giving away anything that will get me in trouble:

Ruby has wonderful developer ergonomics. Typed languages are easier for machines to guarantee the correctness of. We built a type checker for Ruby (and I believe it is slated for OSS release sometime).

c.f.
TECH
Nikita Poojary
Nikita Poojary
@niki_poojary
Time for a Thread🧵On yesterday’s “F&O Pe Charcha - Diary Of An Option Seller” with @Mitesh_Engr by @Paytm Money

Why Gain/loss ratio is important that the batting average
• More than the Win Loss ratio check the total Gain /loss ratio
• If your avg loss is 1% and avg gain is +5% then even if you are losing in 7 positions and winning in 3 out of 10 still you will be net profitable

Treat Trading as a business:
• Stick to a single strategy. Eg: A restaurateur usually wouldn’t be changing his recipe on a daily basis
• Mitesh Sir only works on BO or BD strategy, as he is a versatile trader

• Any trader should atleast experience 3 scenarios i.e. bull, bear & consolidation
• Target 4% per month i.e. 48% p.a.
• Option buying requires skill, everyday there wont be huge momentum, so buying options won’t yield good results, but high chances of falling into a bad habit

Stock Selection:
• In F&O segment there are ~150 stocks
• Not everyday all stocks will move
• Only 5-7 stocks move upside or downside
• Focus only these momentum stocks
• Check which one is moving
• Range BO/BD never disappoints. BO/BD from a rectangle (consolidation)
MPLEARNINGS , ALL , OPTION SELLING