BC INTERNET
Saved by @Alex1Powell

FLASH: "Emergency Directive 21-01 calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately."-@CISAgov Read more:

 CONTD: @CISAgov is responding to an exploit of Federally operated @solarwinds Orion products by malicious actors. They Issued an Emergency Directive to federal civilian agencies to review networks & DISCONNECT OR POWER DOWN ALL SOLARWINDS ORION PRODUCTS NOW!
CONTD: @FireEye discovered an attack trojanizing @solarwinds Orion biz software distributing malware named #SUNBURST.
The attacker’s use multiple techniques to evade detection/obscure activity. The campaign is widespread affecting public & private organizations around the world.
CONTD: The trojan version of a @SolarWinds Orion plug-in codename #SUNBURST. After a dormant period of up to 2 weeks, it retrieves & executes commands including transfering files, executing files, profile the system, reboot, & disable system services.... more
CONTD: #SUNBURST hides network traffic & stores recon within legitimate plugin configuration files allowing it to blend in with legitimate activity. The backdoor uses obfuscated blocklists to i.d. forensic & anti-virus tools running as processes, services, & drivers.... more
CONTD: Worldwide Victims With #SUNBURST Distributed March thru May 2020. @FireEye has detected this malware in government, consulting, tech, telecom & extractive entities in North America, Europe, Asia & the Middle East & anticipate there are additional victims.... more
CONTD: After #SUNBURST gains access the attacker group disguise their operations moving laterally in the compromised network. The attacker maintains a light malware footprint, instead preferring legitimate credentials & remote access for access through the victim’s environment.
CONTD: If @SolarWinds infrastructure is not isolated:
-Restrict scope of connectivity to endpoints from SolarWinds servers!
-Restrict the scope of accounts that have local administrator privileged on SolarWinds servers!
.... more
CONTD: If @solarwinds infrastructure is not isolated:
-Block Internet egress from servers or other endpoints with SolarWinds software.
-At MINIMUM changing passwords for accounts that have access to SolarWinds servers / infrastructure.
....more
CONTD: If @solarwinds manages networking infrastructure:
-Review network device configurations for unexpected / unauthorized modifications. This is a proactive measure due to the scope of SolarWinds functionality.
CONTD: @SolarWinds’ Customers;
-425+ of US Fortune 500 co's
-All of top 10 US telecom co's
-All 5 branches US Military
-Pentagon
-State Department
-NASA
-NSA
-USPS
-NOAA
-DOJ
-Office of POTUS
-Top 5 US accounting firms
-100's universities/colleges
List: https://t.co/N202UZdyjC

More from Internet

Eric Seufert
Eric Seufert
@eric_seufert
Facebook -- having taken out full-page ads in the NYT, Washington Post, and WSJ -- is generally seen as the primary victim of the new app privacy controls coming in iOS14. But Google is perhaps even more vulnerable to ATT. Why has Google remained silent? (1/X)

2/ First, background: here's a high-level overview of how ATT / IDFA deprecation impacts advertisers and ad networks, and why this whole ordeal has put advertisers and ad networks into a state of panic:

3/ Google is equally as susceptible to harm from ATT as Facebook. Google's UAC product -- esp its tROAS and tCPA campaign objectives -- relies as much on IDFA-indexed monetization and engagement data as FB's mobile product does. But Google has one big weakness wrt ATT: YouTube

4/ Broadly, view-through attribution accounts for a disproportionate % of conversions from YouTube app install impressions. This means: user sees the YT ad, doesnt click, downloads app later, & Google is able to claim it by reconciling IDFA seen at impression to IDFA seen in app

5/ View-through attribution is nonexistent in the ATT paradigm as it relies on the IDFA; some significant portion of YT's attributed conversions will evaporate. So why isnt Google vocally opposing ATT? Two reasons: consumer optics and its duality as ad network / mobile platform
INTERNET , SOFTWARE
Yous \U0001f168
Yous 🅨
@YousXP
*Thread* - the hack is wack

The Master Life 'Hack' to Solve All Problems


What's easier?

Developing psychology & exerting willpower to not eat a pantry full of your favorite snacks

or

Not having those temptations in the house

Many 'solutions' being presented to people don't work

Designed to cope with the problem instead of resolving it

Darkness is the absence of light

You can't resolve or remove the darkness

You can only add more light

Recent viral obsessions with 'healing', 'being stoic', 'mental models & psychology'

They all serve their place AFTER the root has been handled

Before adding things to increase testosterone, remove what inhibits it

Before adding 'hacks', remove things causing conflict

If a person fears confrontation & is not assertive

Techniques & thinking offer some support, but the real question is

Why is this the default behavior?

Without starting with this question

All solutions are merely Band-Aids to mask & cope with the symptoms

In reality the real root of his fear of asserting himself & confrontation may likely be:
INTERNET
Advertisement
Richard Geldreich
Richard Geldreich
@richgel999
Porting vanilla (minimal external API usage, no SIMD, no threading) C++ code to work in the browser with emscripten and WebAssembly is amazingly simple now. The Emscripten docs are excellent, but here are some things that could speed up the process of getting started:

1. Beware of code which does unaligned memory reads/writes (which "may be slow on some CPU architectures")
2. Test with -fsanitize=undefined -fsanitize=address
3. Link with "-s ALLOW_MEMORY_GROWTH=1" and "-s INITIAL_MEMORY=X", X is a multiple of 64k, allows the C++ heap to grow.

(I completely avoid unaligned memory reads/writes because when compiled to asm.js they "can fail silently".)

4. Link with "-s MALLOC=emmalloc" to reduce compiled size.
5. I usually test with -O1 because -O0 can take very long to load/execute.
6. For debugging link with -s DEMANGLE_SUPPORT=1 and -s ASSERTIONS=1

7. C++ printf() outputs to the Developer Console: Chrome Settings->More tools->Developer tools
8. If something crashes, try running in Firefox which may explain the error differently.
9. I use Web Server for Chrome for
INTERNET
Nat Cohen
Nat Cohen
@domainarts
I sympathize with mid-size companies seeking to acquire a premium domain name. Even if they stretch to make the maximum possible offer, it often still can't compete with what a larger company can offer. Their desired domain name remains always out of reach. /1


From the broker:

"The prospective buyer responded and explained that their absolute maximum amount they can spend is $100,000 USD. They are accountants and explained this is an extraordinary amount of money for them." /2

The distribution of how much a domain name is worth to a particular company may look approximately like the right half of a bell curve, with values increasing along the X-axis and the # of companies for which the domain name has that value on the y-axis. /3


Since each domain name is unique, a domain owner wishing to maximize the value of that asset will often wait for an offer in the (light green) rightmost tail of the distribution, from that small percentage of companies for whom the domain name will deliver the most value and /4

as a result can justify making the highest value offers for the domain name. But that means that the domain name will remain out of reach for the vast majority of companies that would benefit from owning the domain name. For even a company at the 80th percentile, in the /5
INTERNET
Andy Pavlo
Andy Pavlo
@andy_pavlo
If you're interested in DB internals, stop what you're doing and watch @CMUDB Quarantine Talk from Nico+Cesar about @SQLServer's Cascades query optimizer: https://t.co/FCdsbHHEaD

Many talks this semester were good. This one is the best. My thread provides key takeaways

[6:50] Microsoft hired Goetz Graffe in the 1990s to help them rewrite original Sybase optimizer into Cascades. This framework is now used across all MSFT DB products (@SQLServer, @cosmosdb, @Azure_Synapse).

[14:43] The optimizer checks whether it has stats it will need before cost-based search. If not, it blocks planning until the DBMS generates them. This is different than other approaches we saw this semester where DBMS says "we'll do it live!" with whatever stats are available.

[21:05] Their Cascades' search starts small/simple and then they make decision on the fly whether to expand search based on the expected query runtime and performance benefit from more search.

[26:33] They explicitly have a property for Halloween Problem. Operators specify whether they protect from it and then optimizer ensures property is satisfied. This is mindblowing. I have never thought about using the optimizer for this but it makes sense.
INTERNET

You May Also Like

WAKE UP AUSTRALIA WAKE UP
WAKE UP AUSTRALIA WAKE...
@WakeAustralia
Facebook originally a CIA program called "LifeLog".
LifeLog, via DARPA, terminated on Feb 4th, 2004.
Facebook was launched on Feb 4th, 2004.
Many of the LifeLog team became execs at FB.
Zuckerberg is a figurehead.
CIA allowed Cambridge to help Trump win

https://t.co/enzOXDCogV


Pentagon Kills LifeLog
BUSINESS
Robin Berjon
Robin Berjon
@robinberjon
Recently, the @CNIL issued a decision regarding the GDPR compliance of an unknown French adtech company named "Vectaury". It may seem like small fry, but the decision has potential wide-ranging impacts for Google, the IAB framework, and today's adtech. It's thread time! 👇

It's all in French, but if you're up for it you can read:
• Their blog post (lacks the most interesting details): https://t.co/PHkDcOT1hy
• Their high-level legal decision: https://t.co/hwpiEvjodt
• The full notification: https://t.co/QQB7rfynha

I've read it so you needn't!

Vectaury was collecting geolocation data in order to create profiles (eg. people who often go to this or that type of shop) so as to power ad targeting. They operate through embedded SDKs and ad bidding, making them invisible to users.

The @CNIL notes that profiling based off of geolocation presents particular risks since it reveals people's movements and habits. As risky, the processing requires consent — this will be the heart of their assessment.

Interesting point: they justify the decision in part because of how many people COULD be targeted in this way (rather than how many have — though they note that too). Because it's on a phone, and many have phones, it is considered large-scale processing no matter what.
TECH
Advertisement
Shalini Singh Sengar
Shalini Singh Sengar
@Maverickmusafir
(An extract from Field Marshal Sam Manekshaw, Soldiering with Dignity)

The man eventually destined to be free India's first Field Marshal was born on 3rd April 1914 at Amritsar. How did a Parsi couple settle for the holy city of the Sikhs? I once asked him and was told that in+


1899, his father recently qualified as a doctor and just married, could make no professional headway in Bombay, and was advised to try his luck at Lahore in the Punjab. With his young wife, he set off by train for Lahore. The long dusty and hot journey took five days and by the+


end of it, his young wife, who had never left the comforts and civilization of Bombay, was in hysterics and cried to go back. Poor Dr Manekshaw did all he could to comfort her, but as the train steamed into Amritsar, with her first sight of the Sikhs the young bride screamed her+

lungs out and refused to go any further. So they left the train at Amritsar, and there they stayed for forty-five years.

The Manekshaws had six children, four boys and two girls, and Sam was the fifth child. Sam had his schooling at Nainital's Sherwood College.+

After completing his schooling, he should have gone to England to pursue higher studies; this was the promise made to him by his father but, fortunately for the Indian Army, Dr Manekshaw felt that this particular son was far too young to be on his own in a foreign country, even+
HISTORY
Reagan Gomez
Reagan Gomez
@ReaganGomez
Black movie goers know which movies are for us and which films aren’t. We really don’t like our stories being made into films that center (and humanize) people that hate us. The filmmakers/studio know that by naming the film “The Green Book”, black movie goers...

...are going to be expecting a story about black people trying to safely navigate the country (real history) and instead will get a white savior film. Like folks went to see Detroit thinking it was about the riots...

Anywhoo, I know Mahershela is fantastic in it. He was the best thing about the trailer. As rich as the history behind the creation of ‘The Green Book’ is/was, as amazing as Dr. Don Shirley’s story is, WHY is this film about a random, racist driver and his family?

This feeds into the ignorant anti-Black American stereotype of “Black Americans don’t have any culture/history/mythology” or whatever. That our stories are still both being used while simultaneously erased in 2018 is wild to me. It’s gonna clean up come award season. 🤦🏾‍♀️

And now, if black filmmakers WANTED to make a film about The Greenbook, guess what it can’t be called🙃. Just like if someone wanted to make a film about the actual Detroit riots, guess what it can’t be called? Then those filmmakers would run into...
CULTURE
Anshul Pandey
Anshul Pandey
@Anshulspiritual
THE NOTICEABLE SIGNS OBSERVED ON IMPENDING DEATH(मृत्यु के संकेत या चिन्ह)

As per Skanda Puran, Kartikeya had narrated to Muni Agastya about the signs of the coming death. This is as per this ancient scripture.


If one experiences the air coming out of right nostril continuously then it is observed that the person dies within three years. If the breathing is continuous towards upper side from both the nostrils, then the person can die within two three days.

If the breathing is through the mouth instead of the nostrils then the person may live only for two days. The person should take into coignance these signs of the occurance of any sudden death.

As per astrology when the Surya is in the 7th house and Chandrama is in its own house and the breathing is only through the right nostril then the danger exists. If you see a yellow black coloured figure who becomes invisible immediately then the life span is limited to 2 years.

If any person sneezes, passes urine, stool and semen all together he has only a year more to live. If a person sees blue coloured snakes flying in the sky then he has only six more months to live. If a person sees any thing opposite to its real self like colours
RELIGION