BC INTERNET

Saved by @Mollyycolllinss

Claire Ryan
@aetherlev 3 years, 5 months ago 432 views

Save to PDF Share See On Twitter

Right, I did some reading and here’s what likely happened with Parler. Lots of crossed wires here.

First up: someone noticed that Parler uses sequential integers in the API endpoint to get content.

An API endpoint is just a URL with a value added onto the end that tells the system what you want to get back.

Using sequential integers means that a hacker can set up an automated script to start at 1 and count up, trying API calls over and over again, to get back content from Parler.

Parler apparently had no restrictions on this API endpoint, which frankly blows my mind as a web dev.

If you had a working URL, it just spat out whatever it had whether you were logged in or not.

It seems that EVERYTHING that had been uploaded - video, photos, text posts - was accessible whether it had been deleted or restricted in the app itself. Even uploaded photos of licenses etc etc.

I cannot describe how amateur hour this is, if true.

Now as well as that - Parler got kicked off Twilio so now there was no verification of phone numbers on signup. They let it fail open - allow registrations without verification. Hackers used this to create umpteen accounts, for shits n giggles apparently.

I think they closed registrations after the damage had been done.

Okay so the admin accounts - they discovered an API endpoint that let them enumerate admin users.

This is also so unbelievably bad that it boggles the mind, from a web dev perspective

Like I don’t even know why that exists. That is not something that should exist.

The admin accounts were not compromised, apparently, but holy fucking shit you DO NOT expose admin account data EVER. That is asking to get hacked even more.

Anyway the TL;DR on this is that your password probably hasn’t been compromised (I hope) but anything else uploaded to Parler might be out in the wild now even if you deleted it in the app.

Happy fucking Monday, let the train wreck of this week begin

Further update: some lively discussion of it going on here: https://t.co/swpV9JUJ5p

More from Internet

That Happy Dude
@ThatHappyDudee

1/

Thread on @signalapp:

28th Nov 2011: A deal is made.

Security researcher @Moxie Marlinspike and Roboticist Stuart Anderson's brainchild, Whisper Systems, will be sold off to Twitter for a nice sum of money. It comes as a surprise because all of Whisper System's services

Lemme know of your thoughts on this entire story of the Signal App! Also help dispel the rumors surrounding it!

Cc: @UnSubtleDesi @swati_gs @rahulroushan @bhootnath @PrinceArihan @BefittingFacts @disclosetv @TheWolfpackIN @VertigoWarrior @WarHorizon @ExSecular @RDXThinksThat

Anson Horton
@AnsonHorton

1/ @werat asked about whether the debugger was using the C# compiler or language service in VS 2002. It was not. The debugger has a component called an ‘expression evaluator’ that is provided per language and is responsible for parsing and evaluating expressions when stopped at a

2/ breakpoint. For example, if you type into the immediate window, hover over a variable, type into the watch window, etc. the expression evaluator is involved. The debugger and the language service are actually deeply integrated in a number of scenarios in VS, which may

3/ initially seem surprising. I may talk about more of these scenarios in the future, but to give a flavor, when you set a breakpoint at design time the language service is involved, when you are using Edit and Continue the LS is involved, the range of what is being evaluated

4/ when you get a debugger data tip, completion lists when typing in the data windows or immediate window, etc. Prior to VS 2002, there were distinct debug environments tailored to each target customer (VB/VBA, C++, VJ, VBScript, TSQL, FoxPro, Fortran, etc.). The goals of the

5/ VS 2002 debugger included unifying the debugger backend components and providing a single UI stack that would enable new scenarios (for example, a callstack across languages). Expression evaluators are the architecture that separate the language specific pieces from the

Advertisement

Suzie Jabarian
@SuzieJabarian

*** THREAD ***

Three really useful Google Chrome extensions for Google Classroom.

1️⃣

Mote: voice notes and feedback.

This is an efficient tool for recording and posting verbal feedback. Mote is fully integrated into Google Docs, Slides, Sheets and Google Classroom. This makes it incredibly accessible and easy to use.

The mote icon (purple) appears in the 'private comments' box when you view submissions in GC. You simply click on the icon and record. With voice recording one click away, it is easy and quick to use. You only get 30 seconds but this encourages succinct, precise feedback.

It's great that you can view the document you are providing feedback on whilst recording. This helps to ensure specificity. For example, you can highlight specific examples from a student's work and then talk through them. This sort of thing prevents me from waffling, anyway.

There are other benefits too:
- Verbal feedback can be transcribed, with the option to review and change before posting.
- Mote supports transcription in more than 20 languages.

$Logan | Landing Pages \U0001f4da$

Logan | Landing Pages ...
@LoftedLearning

7 Tactics To Increase Engagement on Your Threads

// THREAD //

People are constantly seeing the same stuff over and over again on their timeline.

This is why you need to learn how to stand out.

When they’re scrolling you need to grab their attention and reel them into something they want to read.

If you think about it, your job is just to get them to click your tweet. Once that’s done, they’ll be reading your other ones in no time.

In order to get them to click you need to show one of these 7 things:
> authority
> experience
> value
> lesson
> mystery
> opinion
> numbers

The easiest way to write headlines based off of these things is to write out your audience’s objections.

Then, indirectly counter their objection within your headline (sounds cool right?).

An old copywriting trick 😉

1. Authority

“Why should I read your thread? What have you done that makes me trust you”

Headline:
“$97,840 in Profit This Month Using This 5-Step Plan to Make Landing Pages”

Authority shows people you know what you’re doing by telling them a true stat/claim.

Joy of the People
@JOYofthePEOPLE

Play is our future

Skill is measurable w/ two resources 1) time, 2) energy

Players whose actions make better use of these resources can be defined as optimal. This is not subjective

Time (faster)/overload/conscious/stress
Energy(easier)/underload/unconscious/low anxiety

Orgel's First Rule:

"Whenever a spontaneous process is too slow or too inefficient a protein will evolve to speed it up or make it more efficient."

Faster (speed/strength)-Deliberate Practice
Easier--Play

Overload (D.Practice) builds faster=hypertrophy and results in measurable selection resulting in problems such as Relative Age Effect, and players with very fast cars saddled with inexperienced drivers

It's more likely to be wrapped around a tree than finish the race.

as Orgel says, if we allow it, play will produce faster and easier

Kids in play build the driving sills first, in Go Karts, like Ayrton Senna

Big brains, slow cars, easier

But where speed is limited by physics,

Ideas are plentiful and under resourced in US youth sport

Almost every coach will agree w/ the following

Competition is important
Training is more important than games
Play is more important than both

But,

the big thing is to keep the big thing the big thing

You May Also Like

Conservative Trader
@AnandableAnand

How to get rich trading (without getting lucky)

Complete beginner’s guide to wealth of Rs 10 Cr in 10 years

Step 1: start trading live

1/n

Nothing can substitute experience of live trading

No amount of back-test, studies or indicators can substitute training your mind with screen time

As a beginner, In live trading, you will make losses almost everyday

2/n

So here are the conditions which you can’t violate in first year
If you can’t follow these rules, this document is not for you

Start with trading capital of Rs 1 lakhs

Max loss per trade 0.25%, i.e. 250 Rs

Max loss for the day, 1%, i.e. Rs 1000

Max 6 trades in a day

3/n

I know, these conditions will cripple you in terms of what all you can trade and how

But just like any start up, trading is also about making it through initial gruelling constraints of life

You will also learn, how to turn these adverse rules to your advantage

4/n

Btw, you can sell directional banknifty options, obviously you can buy options, can do cash stock trading and much more under these conditions

Think about it, you will be do all kinds of instruments, just that PNL will not be roller coaster ride or exciting like a casino

5/n

Guillaume Chaslot
@gchaslot

The YouTube algorithm that I helped build in 2011 still recommends the flat earth theory by the *hundreds of millions*. This investigation by @RawStory shows some of the real-life consequences of this badly designed AI.

Flat Earth conference attendees explain how they have been brainwashed by YouTube and Infowars https://t.co/gqZwGXPOoc
— Raw Story (@RawStory) November 18, 2018

This spring at SxSW, @SusanWojcicki promised "Wikipedia snippets" on debated videos. But they didn't put them on flat earth videos, and instead @YouTube is promoting merchandising such as "NASA lies - Never Trust a Snake". 2/

A few example of flat earth videos that were promoted by YouTube #today:
https://t.co/TumQiX2tlj 3/

https://t.co/uAORIJ5BYX 4/

https://t.co/yOGZ0pLfHG 5/

Advertisement

The New York Times
@nytimes

Stan Lee’s fictional superheroes lived in the real New York. Here’s where they lived, and why. https://t.co/oV1IGGN8R6

Stan Lee, who died Monday at 95, was born in Manhattan and graduated from DeWitt Clinton High School in the Bronx. His pulp-fiction heroes have come to define much of popular culture in the early 21st century.

Tying Marvel’s stable of pulp-fiction heroes to a real place — New York — served a counterbalance to the sometimes gravity-challenged action and the improbability of the stories. That was just what Stan Lee wanted. https://t.co/rDosqzpP8i

The New York universe hooked readers. And the artists drew what they were familiar with, which made the Marvel universe authentic-looking, down to the water towers atop many of the buildings. https://t.co/rDosqzpP8i

The Avengers Mansion was a Beaux-Arts palace. Fans know it as 890 Fifth Avenue. The Frick Collection, which now occupies the place, uses the address of the front door: 1 East 70th Street.

Vibhu Vashisth
@VIBHU_Tweet

🌺श्री गरुड़ पुराण - संक्षिप्त वर्णन🌺

हिन्दु धर्म के 18 पुराणों में से एक गरुड़ पुराण का हिन्दु धर्म में बड़ा महत्व है। गरुड़ पुराण में मृत्यु के बाद सद्गती की व्याख्या मिलती है। इस पुराण के अधिष्ठातृ देव भगवान विष्णु हैं, इसलिए ये वैष्णव पुराण है।

गरुड़ पुराण के अनुसार हमारे कर्मों का फल हमें हमारे जीवन-काल में तो मिलता ही है परंतु मृत्यु के बाद भी अच्छे बुरे कार्यों का उनके अनुसार फल मिलता है। इस कारण इस पुराण में निहित ज्ञान को प्राप्त करने के लिए घर के किसी सदस्य की मृत्यु के बाद का समय निर्धारित किया गया है...

..ताकि उस समय हम जीवन-मरण से जुड़े सभी सत्य जान सकें और मृत्यु के कारण बिछडने वाले सदस्य का दुख कम हो सके।
गरुड़ पुराण में विष्णु की भक्ति व अवतारों का विस्तार से उसी प्रकार वर्णन मिलता है जिस प्रकार भगवत पुराण में।आरम्भ में मनु से सृष्टि की उत्पत्ति,ध्रुव चरित्र की कथा मिलती है।

तदुपरांत सुर्य व चंद्र ग्रहों के मंत्र, शिव-पार्वती मंत्र,इन्द्र सम्बंधित मंत्र,सरस्वती मंत्र और नौ शक्तियों के बारे में विस्तार से बताया गया है।
इस पुराण में उन्नीस हज़ार श्लोक बताए जाते हैं और इसे दो भागों में कहा जाता है।
प्रथम भाग में विष्णुभक्ति और पूजा विधियों का उल्लेख है।

मृत्यु के उपरांत गरुड़ पुराण के श्रवण का प्रावधान है ।
पुराण के द्वितीय भाग में 'प्रेतकल्प' का विस्तार से वर्णन और नरकों में जीव के पड़ने का वृत्तांत मिलता है। मरने के बाद मनुष्य की क्या गति होती है, उसका किस प्रकार की योनियों में जन्म होता है, प्रेत योनि से मुक्ति के उपाय...

$XVIII Airborne Corps\U0001f409$

XVIII Airborne Corps🐉...
@18airbornecorps

1 of 16: WE ARE ALL JEWS HERE: THE STORY OF RODDIE EDMONDS

One of the most moving and relevant stories of the Battle of the Bulge, or any American Soldier in any war, is that of Master Sergeant Roddie Edmonds, a Knoxville, Tennessee native, who served with the 106th Infantry.

2 of 16:

Roddie was captured early on in the Battle of the Bulge, on December 19th, when Panzer forces plowed through his unit.

He, along with almost his entire regiment, was forced to surrender.

3 of 16:

The men were transported to the Stalag IX-A POW camp in Ziegenhain, Germany.

Roddie was the senior enlisted American Soldier at the site. As such, he was the conduit between all American Soldiers and their German captors.

4 of 16:

In late January, the camp’s commandant, Major Siegmann [pictured here], ordered Roddie, a Christian, to identify all Jewish Soldiers and order them to stand in formation by themselves the next day.

[Jewish Soldiers were a minority within American units]

5 of 16:

Throughout WWII, captured Jewish Soldiers were often tortured and then killed by their German captors.

In fact, Jewish Soldiers had been told to bury their dog tags before capture. The dog tag identified Jews with the letter “H” for Hebrew.