BC SOFTWARE
Saved by @Mollyycolllinss

It's incredibly hard to become a customer of @Telstra so you can give them money. They absolutely despise money, and do everything in their power to erect as many obstacles as possible in the way of a normal person establishing a billing relationship with them.

 First: "I'd like to buy a 4G WiFi hotspot please."
"Umm, we don't have any. Maybe try K-Mart."

Are you serious? You can't sell me a mobile broadband service, and you'd prefer me to go to a department store. Okay...
So I go to the department store, and they have the same Telstra product $20 cheaper than Telstra does.

Go to activate it. Error message, SIM serial number has already been activated. Well goddamn.
So, back to the @Telstra shop. "Yes, I know I can return the whole thing, but all I want is a $2 SIM to get started. Can you just sell me one of those?"

No. They don't have any. Zero SIMs in the store.

ARE YOU KIDDING ME? WHAT OTHER PURPOSE DOES A TELSTRA SHOP HAVE?
Their first suggestion was to buy one from @AusPost, but they take 24 hours to activate their prepaid SIMs. Maybe try Woolies?
So I do that, and get my SIM, and go through trying to activate it. And ... now the identity check fails, so I can't.

Fuck. What?
Get @Telstra online support involved. "We'll send you an update in 30 minutes." 70 minutes later, I ping them for an update.
After much to-and-fro, it turns out that my identity check failed because someone at Telstra 8 years ago entered "Mark Newtown" instead of "Mark Newton" next to my drivers license number, so now I can't prove any ID at all to Telstra for any product.
Online support has fixed that.

So now the SIM ostensibly works.

It has taken 11.5 hours from first visit to the Telstra shop to having a working SIM in a WiFi hotspot.

I could have given up at any time. I don't know why I didn't.
How can they be so fucking bad at this? Every interaction I've ever had with @Telstra has been horrible, and they just don't learn anything, ever. All I wanted was a simple retail service, the thing their network of stores exists to sell, and they can't not screw it up.
Goddamn. So glad that's over.

More from Software

Scott Piper
Scott Piper
@0xdabbad00
As the year wrap's up, let's run through some of the worst public security mistakes and delays in fixes by AWS in 2020. A thread.

First, that time when an AWS employee posted confidential AWS customer information including including AWS access keys for those customer accounts to


Discovery by @SpenGietz that you can disable CloudTrail without triggering GuardDuty by using cloudtrail:PutEventSelectors to filter all events.


Amazon launched their bug bounty, but specifically excluded AWS, which has no bug bounty.


Repeated, over and over again examples of AWS having no change control over their Managed IAM policies, including the mistaken release of CheesepuffsServiceRolePolicy, AWSServiceRoleForThorInternalDevPolicy, AWSCodeArtifactReadOnlyAccess.json, AmazonCirrusGammaRoleForInstaller.
SOFTWARE
Yan Cui is making the AppSync Masterclass
Yan Cui is making the ...
@theburningmonk
If you missed @clare_liguori's Continuous Delivery session this week (like I did) then good news, it's available on-demand now 🎊

https://t.co/78b8sI2hHs

And here's my play-by-play for the session

🧵...

This is a typical CD pipeline in AWS.

This is far more complex than the most complex CD pipeline I have ever had! Just cos it's complex, doesn't mean it's over-engineered though. Given the blast radius, I'm glad they do releases carefully and safely.


If you look closely, beyond all the alpha, beta, gamma environments, it's one-box in a region first then the rest of the region, I assume starting with the least risky regions first.

For anyone thinking about going multi-region (after the recent Kinesis outage), this is one of the complexities you need to consider. To do multi-region right and deploy safely (minimize blast radius), this is one of the complexities you have to factor in.

This "deploy small at first then more broadly" principle applies to #serverless apps too, though you can't "deploy to one box". You can do it with canary deployments instead, CodeDeploy supports this practice for Lambda (using weighted aliases) out-of-the-box.
SOFTWARE
Advertisement
Harsh Bothra
Harsh Bothra
@harshbothra_
#Learn365 Day-4: Unauthenticated & Exploitable JIRA Vulnerabilities

There are multiple security vulnerabilities associated with the various versions of JIRA software which are exploited in wild and is one of my personal favourite 3rd Party apps to hunt.

#BugBountyTips

(1/n)

(2/n)
1. CVE-2020-14179 (Information Disclosure)
a. Navigate to /secure/QueryComponent!Default.jspa
b. It leaks information about custom fields, custom SLA, etc.

2. CVE-2020-14181 (User Enumeration)
a. Navigate to /secure/ViewUserHover.jspa?username=

(3/n)
3. CVE-2020-14178 (Project Key Enumeration)
a. Navigate to /browse.
b. Observe the error message on valid vs. invalid project key. Apart from the Enumeration, you can often get unauthenticated access to the project if the protections are not in place.

(4/n)
4. CVE-2019-3402 (XSS)
a. Navigate to /secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search

5. CVE-2019-11581 (SSTI)
a. Navigate to /secure/ContactAdministrators!default.jspa

(5/n)
6. CVE-2019-3396 (Path Traversal)
7. CVE-2019-8451 (SSRF)
a. Navigate to /plugins/servlet/gadgets/makeRequest?url=https://:[email protected]
8. CVE-2019-8451 (SSRF)
a. Navigate to
SOFTWARE
Anson Horton
Anson Horton
@AnsonHorton
1/ In early 2004 we were heads down executing on Edit and Continue across a large contingent of teams. There had been several iterations of scoping, redesigns, and customer feedback.

2/ We had a weekly meeting every Thursday morning when representatives from each of the teams would get together and review progress. It was fairly heavy weight, but there were so many teams involved that it was necessary to have a regular sync.

3/ Regardless, E&C was coalescing, but teams were stretched thin working diligently to enable scenarios, improve performance, fix bugs, etc. It had been a month or so since we decided to add support for C# to the matrix as well, so folks were a bit stressed.

4/ That set the stage for the meeting that we had on the first Thursday in April. A debugger PM named Habib Heydarian ran the meeting and after a brief intro he gave me a ring to come in and present.

5/ I walked in and handed out a document that I had written up, titled DCR: C# Edit and Continue for Venus. DCR meant design change request, and Venus was the design-time code name for ASP .NET support.
SOFTWARE
Abhiram Reddy
Abhiram Reddy
@nrabhiram
It’s been a minute since I’ve written code. So, I figured that now might be a good time to start learning how to use the Blueprint system in #UnrealEngine. I felt that it’d be interesting to share my progress and mistakes. So here goes!
🧵

1.
Firstly, I made use of the auto-rigging feature in Mixamo to give my character a skeleton. This allows you to use the Mixamo animations for the character in Unreal Engine.


2.
In the Animation Blueprint, I tried to add a punching state to the character. The problem I faced initially was that the character glides while punching. This occurs because multiple states of the animation are active (as their transition conditions are satisfied).


3.
There are a couple of solutions for this:

👉Blending the punch and idle states (character can punch while running) by using the Layered Blend Per Bone node.

👉Disabling input while the punch occurs.


4.
I didn’t like the outcome when I blended the animations. as the hip rotates more than we’d like it to. This leads to the character punching upwards and to the left. This isn’t favorable as the enemy is usually straight ahead. Disabling the input worked way better!
SOFTWARE

You May Also Like

Nyck de Vries
Nyck de Vries
@nyckdevries
Lately there have been various rumours in the media about myself and Jumbo in relation to Williams. To clarify things, Jumbo is not and will not invest any money in my career. 1/2

Of course we’re collectively looking at career opportunities, however this is certainly not our philosophy and strategy. I hope to announce my future plans soon, be patient 😉 2/2
SPORT
sriram
sriram
@SriramKannan77
'Treasure Gods' - Sangha Nidhi' and 'Padma Nidhi', Tirumala, Tirupati.

------------------------------------

These are the two guards guarding the Wealth and Treasure of Lord Sri Venkateswara.

They are representatives of two treasures of Kubera, the God of Wealth.


One guard who is holding shangam (conch) on both the hands is known as Shanka Nidhi ('nidhi' means wealth).

On the other side, the guard who is holding Lotus flowers on both the hands is known as Padma nidhi.

Shangu is from the ocean which includes all types of wealth like pearls and corals.

Why shagam in his hand? Because shangam only gives the sound of 'omkaram'.

'Padmam' is the symbol of water sources in land like river, lakes, tanks etc. which is very important for all living beings.

As per the tradition, these guards are installed at the third entrance of the temple.

One enters the holy shrine after saluting the first protection threshold - Sankha Nidhi and Padma Nidhi.
ALL
Advertisement
Simon Wardley #EEA
Simon Wardley #EEA
@swardley
X : Our executive team is concerned that we need to up our game in order to out innovate Amazon.
Me : Do you map?
X : Yes
Me : Like this?
X : No. What's that?
Me : A map of a tea shop.


X : Why is that a map?
Me : Long story, all to do with how space has meaning. To keep it short, maps help people to focus on user needs, the components involved, to communicate missing components and scenario play ideas like staff becoming robots.


Me : They’re also good for measuring and managing capital flow, making investment decisions, removing bias and getting rid of duplication.
X : I don’t see how that helps with innovation?


Me : Well, innovation is a tricky word because we use it to describe many things. If you’re talking about differentiation with the adjacent unexplored then you’re experimenting in the “uncharted” space e.g. immortality with magic provided by the special custom built kettle.


X : That sounds like nonsense.
Me : A lot of what people think will be the next great innovation is nonsense. Actually, most of it is. That’s the nature of the uncharted space, it’s experimental, high risk and generally results in failure.
X : We need more reliable innovation.
TECH
Andrew Chen
Andrew Chen
@andrewchen
👇 Thread. New deck getting published this week: "Consumer startups are awesome, and here's what I'm looking to invest in at Andreessen Horowitz." If you want to read it, subscribe to my newsletter here: https://t.co/262t8eh0wf


1/ A lot of new consumer technologies have been introduced to US households in the last 100 years. But it's taken many of them - like the telephone - more than 50 years to get to the majority of the US. Why is that?


2/ We had to literally teach people how to use phone. Which end goes to your mouth, which goes to your ear. Say "hello" when people call. The motivation of consumers to talk to their friends has always been there, but we had to teach the behavior


3/ If you compare phones to the latest technologies, there's been a huge shift. Things are being picked up much faster.


4/ Even while there's been all this innovation recently, physically speaking, we are still the same human beings from 100,000 years ago.
STARTUPS
Kieran Snyder
Kieran Snyder
@KieranSnyder
1 There's a chasm between an NLP technology that works well in the research lab and something that works for applications that real people use. This was eye-opening when I started my career, and every time I talk to an NLP engineer at @textio, it continues to strike me even now.

2 Research conditions are theoretical and/or idealized. A huge problem for so-called NLP or AI startups with highly credentialed academic founders is that they bring limited knowledge of what it takes to build real products outside the lab.

3 A product is ultimately a thing that people pay for - not just cool technology or user experience. But I’m not even talking about knowledge gaps in go-to-market work. I'm talking purely technical gaps: how you go from science project to performant + delightful user experience.

4 Most commoditized NLP packages solve well-understood problems in standard ways that sacrifice either precision or performance. In a research lab, this is not usually a hard trade-off; in general, no one is using what you make, so performance is less important than precision.

5 In software, when you’re making something for real people to use, these tradeoffs are a big deal. Especially if you’re asking those people to pay for what you’ve made (can’t get away from that pesky GTM thinking). They expect quality, which includes precision AND performance.
MACHINE LEARNING