BC TECH
Saved by @jacobhtml

A long time ago I coded up a feature for SocialCoder which converts a link - any link - to a short URL. I use it all the time for sharing links to volunteer profiles and to volunteer opportunity listings.

 The feature doesn't care what the link contains, it just hashes the URL, including any query params, and returns a shortened code.
More recently, around Christmas time, I added another feature where I can click a button to send a template notification to a charity that their new listing has been reviewed and published. I call it a next-steps email.
For the past few weeks, its all been working well. Its nice to keep automating things that previously were done by hand.
Fast forward to today.

A new opportunity listing is posted by a charity.

I review and publish it, tweet about it, then click a button to send the charity an emailed notification of next steps.
All very much business as usual, except that I normally tweet about it *after* sending that next-steps email to the charity. I don't know why I deviated from my normal routine, not that its a big deviation, nor should it matter.
But, oh, what a difference that slight deviation from my normal workflow did make.
Turns out I accidentally tweeted out a shortened link that results in the site sending a next-steps email to the charity. Anyone following that link will result in another email being sent.
Almost immediately my inbox gets spammed with flying in as people click on that link, also spamming the poor charity, and proper flustering me I can tell you.
At this point I had no idea what was going on.

Could it be a mail provider problem? Unlikely.

Maybe a bug, an infinite loop or recursion in my code? More likely.
I restarted the site, but the emails kept coming.

I changed the notification email address so that it would only spam me, and not the charity.
And still the emails came.

But now that it was just me being spammed, and not the charity rep, I was able to calm down enough to see what had happened.
A relatively easy fix, and a forehead-slapping moment.

You could say it was a learning moment. So what did I learn?
Lesson 1.

Don't use HTTP GET when a POST is more appropriate. If the request parameters were in the body of the request, and not in the URL, the link would have been fine to share.
Lesson 2.

The feature that sends email should not have been available to anonymous users.

In coding terms, the controller action was missing an [Authorize] attribute. yeah ...oops.
Lesson 3.

Although the consequences of this mistake were relatively minor, affecting only me and the charity rep's Inbox, I still needed to calm down before I could see the problem clearly enough to effectively trouble-shoot. Maybe I'm drinking too much coffee. Maybe.
Lesson 4.

Being able to code a fix, run unit tests, and deploy that fix, all within within minutes is such a valuable thing.

Thank you to the @Azure team who made this so easy.
- end for now -

More from Tech

James Felton
James Felton
@JimMFelton
Butt plugs were originally sold as a miracle cure for headaches, acne, and insanity

Thread, article here and h/t: @qikipedia :
https://t.co/Ts84xnmWKJ


For a long time, medicine was pre-occupied with the question "can this be solved by putting something in the butt?"

Take, for example, tobacco smoke enemas, in which 18th Century physicians saw drowning victims and attempted to de-deadify them by blowing tobacco smoke up their rectums with a pipe.


Despite having no medical benefit whatsoever, the practice was popular, and enema kits lined the Thames like lifebelts, ready to be used as one final humiliation for somebody who was crap at swimming.

This practice ended sometime after 1800 when it became apparent that it didn't really work, given how the anus famously isn't really connected to the lungs, but doctors weren't quite finished with having a poke around in the old anus to see what happens just yet.
TECH
Yoel Roth
Yoel Roth
@yoyoel
We’ve recently seen research about so-called “bots” and misinformation on Twitter and wanted to share our perspective on why findings that might seem remarkable at first are likely inaccurate. We’re working on a more detailed explanation, but some comments for now.

We continue to be excited by the research opportunities that Twitter data provides. Our service is the largest source of real-time social media data, and we make this data available to the public for free through our public API. No other major service does this.

Many researchers, academics, and journalists use our public API — a set of tools for programmatically accessing information on Twitter. We make all public Twitter content available via our APIs. You can learn more about them here:

The basic issue with much of the research based on our public APIs is simple: The APIs don't provide insight into our defensive actions to protect Twitter from manipulation, including bots.

Because of this, API-based research can't distinguish between accounts we've already identified as bad (and hidden or removed) and real, authentic ones.
TECH
Advertisement
Tinker \u274e
Tinker ❎
@TinkerSec
Singing the Blues:
Taking Down an Insider Threat

"I had all of the advantages. I was already inside the network. No one suspected me. But they found my hack, kicked me off the network...

...and physically hunted me down."


Many pentests start from the outside, wanting to see how the perimeter might be breached.

This pentest started from the inside. My client wanted to assume they had already been breached, and, if breached, how far could an attacker go.

Could they stop me once I was inside?

So they snuck me in. Disguised me as a new employee. Gave me a work computer, an ID badge, an account in their system... hell, I even had a cubicle w/my assumed name on it.

The only person who knew who I really was was their CISO. Everyone else thought I was Jeremy in Marketing.

During most of the first morning, I completed onboarding, made introductions, and completed menial tasks.

But I had to act quick. I only had a week onsite. I had to hack their network while not raising suspicion.

So I set about it.

You have to understand... most "Internal Pentests" are straight forward. The hard part is breaching the network, but once you're inside, it's a target rich environment. End of Life computers, default passwords, everyone a Local Administrator...
TECH
Tessa Davis
Tessa Davis
@TessaRDavis
How do you optimise your slides, audio or video when delivering online teaching?

There are many learning theories out there, but Mayer’s Multimedia Learning Theory is epic.

Read this thread + use his theories to improve learning transfer

Non-ideal slide to get started👇

1/17
TECH
James Felton
James Felton
@JimMFelton
The Phantom of Heilbronn (or how for 16 years the German police hunted a serial killer who didn't exist)

(Thread, non sweary version here: https://t.co/iDOIhaFgIT)


Between the years of 1993 and 2009, police in Heilbronn, Germany were tracking just about the most elusive serial killer since Ted Cruz.

Known as the Phantom of Heilbronn, or occasionally The Woman Without A Face, she was implicated in so many crimes that the police eventually put out a reward of €300,000 for any information leading to her arrest.

The case that brought her to the media's attention and earned her two ridiculously badass nicknames

(honestly, if you don't want people to do murders you're going to have to come up with less glamorous nicknames - what's wrong with Jack Shitshispants or the Zodiac Cuck)
TECH

You May Also Like

Vibhu Vashisth
Vibhu Vashisth
@VIBHU_Tweet
RANI NAIKI DEVI AND THE BATTLE OF KASAHRADA

Mohammad Ghori, the young Ghurid Prince conquered Ghaznavids in Afghanistan in the year 1173 CE. He conducted some successful raids into the Indian territory, which even Mahmud Ghazni & the Persians couldn't do.


First&foremost,Ghori invaded states of Multan &Uch in India.After this he turned to southern states of Gujarat &Rajputana.Everybody knows this about Ghori,but what most pple r unaware of is the defeat he suffered at hands of Chalukyan Queen Naiki Devi in 1178 Battle of Kasahrada.


When he marched southwards, his first target was the prosperous fortified town of Anhilwara Patan.
It was the capital of Chalukyas(also known as Solankis of Gujarat) which was established by Vanraj of Chapotkata Dynasty in 8th century.


American historian Tertius Chandler states that it was the 10th largest city in the world at that time. The history of Chalukyas has been written by many historians, but the valour of the Great Queen Naiki Devi remains unsung.


Born to the Kadamba King Paramardin of Goa,Naiki Devi was well trained in sword fighting, horse riding, strategy & every other subject of Statesmanship. She was married to King Ajaypala of Gujarat who sat on throne in 1171CE. Unfortunately,the King died within 4 yrs of his rule.
ALL
foone
foone
@Foone
I got a Toshiba T1200, which has a bad screen, and a dead CMOS battery, and I thought the hard drive was broken too...


but I rebooted it and heard a KTHUNK and a really loud spin-up noise and holy shit, the hard drive works!


and it still has files on it. the newest date is January 1994.


It's a 21mb hard drive, with ~37k of bad sectors.

This fucker is never going to spin up again, so I better go find some serial cables and copy shit off now.


The backlight is fucked so I'm shining a flashlight on it.
without it, it looks like this.
TECH
Advertisement
Anu Satheesh \U0001f1ee\U0001f1f3
Anu Satheesh 🇮🇳...
@AnuSatheesh5
Neyyattinkara Krishna Kshetram
#Thiruvananthapuram
#KeralaTemples 🚩

Neyyattinkara Krishna Kshetram is considered as the Guruvayur of Trivandrum. Thrikkayyil Venna (butter) is main offering to Neyyattinkara Unnikannan. Kshetram is supposed to be built by Marthanda Varma.


Sthala Puranam says that, Anizham Thirunal Marthanda Varma was surrounded by his enemies, Ettuveettil Pillamar, while he was near the place where Temple is situated now. The king prayed to Padmanabhaswamy to protect him.  At that time, a small boy was seen there and he


advised the king to hide himself inside the hollow trunk of a jack fruit tree. The king was surprised to find a small boy in the forest, but agreed to the advice
Thus he was saved from the attack. When the enemies left, king tried to know about the boy, but he couldn't.


He believed that it was krishna himself who saved his life. A temple was built here, which is the present Neyyattinkara Krishna Kshetram. The jack fruit tree where  the king hid himself is now known as Ammachi Plavu. Ashtami Rohini, Vishu are very famous here

Hare Krishna
🙏🕉🙏
ALL
Greg Olear
Greg Olear
@gregolear
Strange things are afoot at the Circle K. Let’s sort it out.

[THREAD]


1/ Two nights ago, Rupert Murdoch called on Mitch McConnell, after hours. Since then, two Fox News-related Twitter accounts have not tweeted.

2/ Trump fired Sessions on Wednesday, replacing him with human dildo/Putin collaborator Matt Whitaker. Sessions had asked to stay until Friday and was told to leave immediately. So there was clearly some urgency to install the dildo...er, puppet.

3/ The Democrats won the SHIT out of the Midterms. Come January, the House check on Trump will leave him so hobbled, he’ll be like the dude from Misery.

4/ Trump went to Paris, ostensibly for an Armistice Day centennial event. He skipped the event, and much of the dinner tonight, because of “weather,” which everyone seems to agree is a bullshit excuse.
POLITICS
Bartosz Ziembinski
Bartosz Ziembinski
@zmbnski
Still wondering about this 🤔


save as q
Q