https://www.whatsupup.com/blog/ Recent content in Blog on see the changes en-us Sun, 22 May 2022 12:47:17 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220522-124718/ Sun, 22 May 2022 12:47:17 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220522-124718/ <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/category/games/">Games</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220522-082801/ Sun, 22 May 2022 08:28:01 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220522-082801/ Games<br> https://www.whatsupup.com/blog/gaper/whisky/20220521-203350/ Sat, 21 May 2022 20:33:50 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220521-203350/ <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/category/av1/">AV1</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220521-165249/ Sat, 21 May 2022 16:52:48 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220521-165249/ AV1<br> https://www.whatsupup.com/blog/augur/cussed/20220521-040453/ Sat, 21 May 2022 04:04:52 +0000 https://www.whatsupup.com/blog/augur/cussed/20220521-040453/ <a rel="noreferrer" target="_blank" href="https://discord.com/blog/our-response-to-the-tragedy-in-buffalo">Our Response to the Tragedy in Buffalo</a><br> https://www.whatsupup.com/blog/boxed/modification/20220521-003733/ Sat, 21 May 2022 00:37:33 +0000 https://www.whatsupup.com/blog/boxed/modification/20220521-003733/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pearls">pearls</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#relocatability">relocatability</a><br> My paper <a rel="noreferrer" target="_blank" href="https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2020/p1144r5.html">P1144 “Object relocation in terms of move plus destroy”</a> is still on R5 as of this writing, but I hope to publish P1144R6 Real Soon Now. I recently updated my Clang fork on <a rel="noreferrer" target="_blank" href="https://p1144.godbolt.org/z/T7ozTx34d">p1144.godbolt.org</a> to reflect the changes in R6.<br> https://www.whatsupup.com/blog/gaper/whisky/20220520-204149/ Fri, 20 May 2022 20:41:48 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220520-204149/ <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/category/web-of-things/">Web of Things</a><br> https://www.whatsupup.com/blog/lienholder/alcoholism/20220520-203839/ Fri, 20 May 2022 20:38:39 +0000 https://www.whatsupup.com/blog/lienholder/alcoholism/20220520-203839/ The basic feature set of howm is very simple, and can be condensed into the mantra “write fragmentarily and read collectively”. Essentially, howm provides an Emacs minor mode for marking text to trigger certain searches. Since it is a minor mode, you can use whatever major mode you like to use for your writing (e.g., I currently use markdown-mode ).<br> There are two essential kinds of markup howm cares about: note titles and links. By default, titles are marked up by putting a ‘ = ’ at the beginning of the line, but this can be configured (and must be done so before loading howm-mode (!)). The benefit of adding a title to a note is that you can have the summary buffer show titles instead of matching lines, which can be helpful to get a better overview of search results. (The creator of howm is sceptical of titling all notes, I think it very much depends the average length of your notes. There is no requirement to use titles.)<br> Pressing return on this line when howm-mode is enabled will show a list of all occurences of the word howm in your notes directory.<br> And this will cause the word howm in any howm-mode buffer to be underlined and trigger a search where the buffer with <<< howm will appear first.<br> It is straightforward to implement something like #tags or WikiWords using these features, if you wish to do so.<br> Additionally, howm provides an inline link syntax [[…]] that works like >>> but can appear within a line. I make a suggestion below how to turn it into a direct link to the first page with the given title; but for now I decided not to use this very much.<br> The line-based nature of the >>> syntax prevents usage for “inline” links. After giving it some thought, I consider it a strength for a note-taking system to make forward links related to a paragraph and not part of a sentence. Additionally, it also makes the plain text easier to read as the link target is not interleaved into the text. (Compare with the use of reference-style links in Markdown.)<br> An aside: howm actually supports multiple notes per file by having multiple title lines in a file. The search summary will always show the title directly before the matching line. You can use C-c , C to create a new note in the current buffer. I don’t use this much, but I think it could be useful for glossary files that contain many short notes. Some people also use this for keeping multiple daily notes in a single file.<br> Howm provides two main features to access notes: the menu and the summary buffer. The howm menu (shown with C-c , , ) provides a very customizable view into your howm notes. By default it shows your schedule, recent notes, and random notes. You can access many howm features with a single keypress from the menu. Since I don’t use the scheduling feature, I mostly access howm from the summary buffer instead.<br> The howm summary buffer shows the result of a search ( C-c , g ), a list of recent notes ( C-c , l ), or an overview of all notes ( C-c , a ). It is very convenient to see the matches and you get a preview of the note when you move the cursor to a search result. Typing RET will open the note for editing. Typing T will toggle between displaying matching lines or the titles of notes with matches.<br> In the summary buffer, you can also type @ and read all matching notes in a concatenated way, so you get the full context of all notes at once.<br> Here, we decide that ~/prj/howm is the base directory for our howm notes, and we also put the two auxiliary files howm uses there. Additionally, we change the default name format to end with .md (which also turns on markdown-mode by default).<br> The next addition is interactive search with ripgrep ( C-c , r ). This is the most useful feature I added to howm myself. I think it provides a great way to interact with your notes, as you get instant feedback from your search terms, and can stop searching as soon as you found what you were looking for. I used counsel-rg as an inspiration for this, and we turn the ripgrep matches into a regular howm summary buffer for further consumption.<br> A great usability enhancement is buffer renaming: since howm file names are a bit unwieldy (like ~/prj/howm/2022/03/2022-03-25-162227.md ) you can use these two lines to rename note buffers according to their title, which makes switching between multiple notes more convenient.<br> My configuration ends with three definitions of action-lock , the howm mechanism for marking text active and do something on RET. Two of them are related to the reference management software <a rel="noreferrer" target="_blank" href="https://www.zotero.org/">Zotero</a> , which I use for organizing papers, and enable me to link to articles in my Zotero database by URL or BibTeX identifier:<br> Finally, as mentioned above, this is how to make [[…]] wiki-links directly point to the first page with that title, skipping the summary buffer:<br> One thing I want to implement but didn’t yet get around to is support for searching notes using <a rel="noreferrer" target="_blank" href="https://github.com/Genivia/ugrep">ugrep</a> , which has a nifty boolean search mode that applies to whole files, so you can do searches that are not limited to a line context (e.g. hoge|fuga -piyo finds all notes that mention hoge or fuga, but don’t contain piyo).<br> A dozen years ago, the Unix textbook answer to this would have been: well, if its process id (pid) is 1, then it is init by definition.<br> These days, things are not that simple anymore. Containerization creates situations where pid is 1, but the process runs, well, in a container. In Linux, this is realized by using a feature called “pid namespaces”. The clone(2) syscall can take the flag CLONE_NEWPID (“since Linux 2.6.24”), which puts the new process into a new pid namespace. This means that this process will have pid 1 inside the pid namespace, but outside (i.e. in the parent pid namespace), the process has a regular pid. Various Linux API transparently translate pids between these namespaces.<br> We can try to find some evidence that we’re a freshly booted init , but none of it is really conclusive:<br> $TERM should be linux ; trivial to override.<br> $BOOT_IMAGE is set, but this depends on the boot loader.<br> System uptime is “low”, but it takes the initrd boot time into account. Our non-root init could be spawned in a container at boot time.<br> There are also some indicators the process runs in a container using one of the popular solutions such as docker or podman :<br> If we were put inside a cgroup, reading /proc/1/cgroup will indicate it.<br> The file /.dockerenv exists.<br> But there are still situations, such as the unshare call above, where all of these things may not be true.<br> I started to research this and quickly found the ioctl(2) NS_GET_PARENT which seemed to be useful: “Returns a file descriptor that refers to the parent namespace of the namespace referred to by fd.” However, it is useless for this purpose:<br> So, we need to bring out bigger guns in. I searched the kernel source for <a rel="noreferrer" target="_blank" href="https://elixir.bootlin.com/linux/v5.15/A/ident/init_pid_ns">occurrences of</a> <a rel="noreferrer" target="_blank" href="https://elixir.bootlin.com/linux/v5.15/A/ident/init_pid_ns">init_pid_ns</a> , as this namespace is called in the Linux source code. There are not too many occurrences we can rely on. The taskstats module limits the TASKSTATS_CMD_ATTR_REGISTER_CPUMASK command to the initial pid namespace only, but to use this requires speaking the netlink interface, which is terrible. Also, the behavior could change in future versions.<br> One interesting, and viable approach, is <a rel="noreferrer" target="_blank" href="https://elixir.bootlin.com/linux/v5.15/source/kernel/pid_namespace.c#L300">this limitation</a> of the reboot(2) syscall: only some LINUX_REBOOT_CMD_* commands are allowed to be sent inside a nested pid namespace. Now, we need to find a “harmless” command to call reboot(2) with to test this! (Obviously, only being able to suspend the machine from the initial pid namespace is not a very useful check…) There are two commands that do not do much harm: LINUX_REBOOT_CMD_CAD_{ON,OFF} will toggle the action that Ctrl-Alt-Delete performs. Unfortunately, it is impossible to read the state of this flag, making this test a destructive operation still. (But if you are pid 1, you may want to set it anyway, so you get pid namespace detection for free.)<br> So I kept looking for other ways until I realized there’s a quite natural property to check for, and that is to find out if there are kernel threads in the pid namespace. Kernel threads are spawned by the kernel in the initial pid namespace and help perform certain asynchronous actions the kernel has to do, subject to process scheduling. As far as I know, kernel threads never occur in a nested pid namespace, and at least the parent process of kernel threads, kthreadd , will always exist. Conveniently, it also always has pid 2.<br> /proc/PID/cmdline is empty (not a good indicator, user space processes can clear it too).<br> kernel threads have parent pid 0 (requires parsing /proc/PID/stat , which <a rel="noreferrer" target="_blank" href="https://unix.stackexchange.com/a/409493">everyone gets wrong</a> the first time, or /proc/PID/status ).<br> kernel threads have no Vm* data in /proc/PID/status .<br> kernel threads have the flag PF_KTHREAD set (requires parsing /proc/PID/stat again).<br> kernel threads have an empty symlink for /proc/PID/exe .<br> On a regular file system, using lstat(2) would have filled st_size with the length of the symlink. But on a procfs , lstat is not to be trusted, and even non-empty symlinks have st_size equal to 0. We thus really need to use the readlink(2) syscall to read the link. After doing this, you will notice that it returns ENOENT … exactly the same as if pid 2 did not exist!<br> We therefore need another check, to verify that pid 2 does exist. Luckily, here a lstat on /proc/2/exe file is fine. It must return zero.<br> Note that you need to do these operations in exactly this order , else you are subject to race conditions again: the only reason this works is that if pid 2 is kthreadd , it will not have terminated before the lstat check (because it cannot terminate).<br> Therefore, readlink(2) failing with ENOENT and lstat(2) succeeding is exactly the combination required to check pid 2 is kthreadd , which implies there are kernel threads in our pid namespace, which implies that we are in the initial namespace.<br> We subtract the ASCII lines from the character 0 to get numerical rows. The … https://www.whatsupup.com/blog/boxed/modification/20220520-200623/ Fri, 20 May 2022 20:06:23 +0000 https://www.whatsupup.com/blog/boxed/modification/20220520-200623/ <p>This is yet another followup to <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">“What is the</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">std::swap</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">two-step?”</a> (2020-07-11) and <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2022/04/14/another-reason-for-the-poison-pill/">“PSA: ADL requires that unqualified lookup has found a function”</a> (2022-04-14), as my mental model continues to evolve. (Mainly due to pressure from Jody Hagins. :))<br> As seen on the <a rel="noreferrer" target="_blank" href="https://cppalliance.org/slack/">cpplang Slack</a> (hat tip to Jody Hagins). Recall my post <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">“What is the</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">std::swap</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">two-step?”</a> (2020-07-11), where I said:<br> A qualified call like base::frotz(t) indicates, “I’m sure I know how to frotz whatever this thing may be. No type T will ever know better than me how to frotz .”<br> An unqualified call using the two-step, like using my::xyzzy; xyzzy(t) , indicates, “I know one way to xyzzy whatever this thing may be, but T itself might know a better way. If T has an opinion, you should trust T over me.”<br> An unqualified call not using the two-step, like plugh(t) , indicates, “Not only should you trust T over me, but I myself have no idea how to plugh anything. Type T must come up with a solution; I offer no guidance here.”<br> TIL: nullopt_t is not equality-comparable, but monostate is<br> On <a rel="noreferrer" target="_blank" href="https://cppalliance.org/slack/">Slack</a> , Kilian Henneberger asked for some STL types that are copyable but not equality-comparable. One example is std::function<int()> ; see <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2019/05/10/function-ref-vs-string-view/">“On</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2019/05/10/function-ref-vs-string-view/">function_ref</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2019/05/10/function-ref-vs-string-view/">and</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2019/05/10/function-ref-vs-string-view/">string_view</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2019/05/10/function-ref-vs-string-view/">”</a> (2019-05-10). The simplest example is struct S {}; — for compatibility with C, C++98 provided every class type with a copy constructor, but none of them with comparison operators.<br> What if vector<T>::iterator were just T* ?<br> Every major C++ standard library vendor defines wrappers for their contiguous iterator types — vector<T>::iterator and so on. You might think that they should just define these iterators as aliases for T* instead.<br></p> <ol> <li>Multiple book authors pushing the idea that Scott Meyers’ original phrase “universal reference” (for T&& ) is actually preferable to the now-Standard term “forwarding reference.”<br> volatile means it really happens<br> During my CppCon 2020 talk <a rel="noreferrer" target="_blank" href="https://youtu.be/F6Ipn7gCOsY">“Back to Basics: Concurrency,”</a> someone asked, “Do we ever need to use volatile ?” To which I said, “No. Please don’t use volatile for anything ever.” This was perhaps a bit overstated, but at least in the context of basic concurrency it was accurate. To describe the role of volatile in C and C++, I often use the following slogan:<br> Marking a variable as volatile means that reads and writes to that variable really happen.<br> If you don’t know what this means, then you shouldn’t use volatile .<br> const all the things?<br> Now we have a team member who has jumped on the “everything is const” bandwagon. Every code review includes dozens of lines of local function variables now declared const that litter the review.<br> TLDR: I’m not putting const on all the things, either.<br> Here’s a C++ riddle for you: When does std::invoke not invoke?<br> Given this code ( <a rel="noreferrer" target="_blank" href="https://godbolt.org/z/4rsf98rqM">Godbolt</a> ), libc++ and Microsoft accept the call to invoke , but libstdc++ rejects with a spew of errors:<br></li> </ol> https://www.whatsupup.com/blog/lynch/tiddly/20220520-163853/ Fri, 20 May 2022 16:38:53 +0000 https://www.whatsupup.com/blog/lynch/tiddly/20220520-163853/ I’ve decided that in light of the current atrocities happening across Afghanistan, I need to write this informal blog to get some things off my chest about the American Experience … <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2021/08/18/guest-writer-my-thoughts-on-afghanistan-as-a-member-of-the-us-military/">Continue reading</a> <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2021/08/18/guest-writer-my-thoughts-on-afghanistan-as-a-member-of-the-us-military/">[Guest Writer] My Thoughts On Afghanistan As A Member Of The US Military</a><br> America’s Frontline Doctors. This viral video has been circulating over the last day or so and I’ve been replying to some on their posts, but I figured since so many … <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2020/07/29/stop-politicizing-medicine/">Continue reading</a> <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2020/07/29/stop-politicizing-medicine/">STOP POLITICIZING MEDICINE: Facts vs. Myths of the Frontline Doctors Video</a><br> I am not a religious person. I would consider myself “Agnostic” if I had to put myself in a category. However, for the sake of my narrative, let’s assume that … <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2020/07/15/facebook-sucks/">Continue reading</a> <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2020/07/15/facebook-sucks/">Facebook is a disease.</a><br> Follow<br> https://www.whatsupup.com/blog/twopenny/ultraism/20220520-163807/ Fri, 20 May 2022 16:38:07 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20220520-163807/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/">World</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/europe/no-lights-no-heat-no-money-thats-life-ukraine-during-cyber-warfare-2022-01-14/">No lights, no heat, no money - that's life in Ukraine during cyber warfare</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/europe/no-lights-no-heat-no-money-thats-life-ukraine-during-cyber-warfare-2022-01-14/">, article with image</a> January 14, 2022<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/major-tech-companies-struggle-plug-holes-logging-software-2021-12-16/">Major tech companies struggle to plug holes in logging software</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/major-tech-companies-struggle-plug-holes-logging-software-2021-12-16/">, article with image</a> December 16, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/">World</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/exclusive-us-lawmakers-call-sanctions-against-israels-nso-other-spyware-firms-2021-12-15/">U.S. lawmakers call for sanctions against Israel's NSO, other spyware firms</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/exclusive-us-lawmakers-call-sanctions-against-israels-nso-other-spyware-firms-2021-12-15/">, article with gallery</a> December 15, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/us/">U.S. Markets</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/us/us-cybersecurity-officials-see-mainly-low-impact-attacks-logging-flaw-so-far-2021-12-15/">U.S. cybersecurity officials see mainly low-impact attacks from logging flaw, so far</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/us/us-cybersecurity-officials-see-mainly-low-impact-attacks-logging-flaw-so-far-2021-12-15/">, article with image</a> December 15, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/widely-used-software-with-key-vulnerability-sends-cyber-defenders-scrambling-2021-12-13/">Widely used software with key vulnerability sends cyber defenders scrambling</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/widely-used-software-with-key-vulnerability-sends-cyber-defenders-scrambling-2021-12-13/">, article with gallery</a> December 13, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/ransomware-attack-australian-utility-claimed-by-russian-speaking-criminals-2021-12-08/">Ransomware attack on Australian utility claimed by Russian-speaking criminals</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/ransomware-attack-australian-utility-claimed-by-russian-speaking-criminals-2021-12-08/">, article with image</a> December 9, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/disrupted/">Disrupted</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-us-state-department-phones-hacked-with-israeli-company-spyware-sources-2021-12-03/">U.S. State Department phones hacked with Israeli company spyware - sources</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-us-state-department-phones-hacked-with-israeli-company-spyware-sources-2021-12-03/">, article with gallery</a> December 4, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/us-seizes-6-mln-ransom-payments-charge-ukrainian-over-cyberattack-cnn-2021-11-08/">U.S. charges Ukrainian and Russian in major ransomware spree, seizes $6 mln</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/us-seizes-6-mln-ransom-payments-charge-ukrainian-over-cyberattack-cnn-2021-11-08/">, article with gallery</a> November 9, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/">EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/">, article with gallery</a> October 21, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/china-linked-hacking-group-accessing-calling-records-worldwide-crowdstrike-says-2021-10-19/">China-linked hacking group accessing calling records worldwide, CrowdStrike says</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/china-linked-hacking-group-accessing-calling-records-worldwide-crowdstrike-says-2021-10-19/">, article with image</a> October 19, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/legal/">Legal</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/legal/government/us-authorities-disclose-ransomware-attacks-against-water-facilities-2021-10-14/">U.S. authorities disclose ransomware attacks against water facilities</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/legal/government/us-authorities-disclose-ransomware-attacks-against-water-facilities-2021-10-14/">, article with image</a> October 14, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/">World</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/hackers-solarwinds-breach-stole-data-us-sanctions-policy-intelligence-probes-2021-10-07/">Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/hackers-solarwinds-breach-stole-data-us-sanctions-policy-intelligence-probes-2021-10-07/">, article with image</a> October 8, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/expressvpn-employees-complain-about-ex-spys-top-role-company-2021-09-23/">ExpressVPN employees complain about ex-spy's top role at company</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/expressvpn-employees-complain-about-ex-spys-top-role-company-2021-09-23/">, article with gallery</a> September 23, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/disrupted/">Disrupted</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/cyber-arms-dealer-exploits-new-apple-iphone-software-vulnerability-affects-most-2021-09-13/">Cyber arms dealer exploits new iPhone software vulnerability, affecting most versions, say researchers</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/cyber-arms-dealer-exploits-new-apple-iphone-software-vulnerability-affects-most-2021-09-13/">, article with video</a> September 14, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-wide-ranging-solarwinds-probe-sparks-fear-corporate-america-2021-09-10/">Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-wide-ranging-solarwinds-probe-sparks-fear-corporate-america-2021-09-10/">, article with gallery</a> September 10, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/">World</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/pro-china-social-media-campaign-expands-new-countries-blames-us-covid-2021-09-08/">Pro-China social media campaign hits new countries, blames U.S. for COVID</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/pro-china-social-media-campaign-expands-new-countries-blames-us-covid-2021-09-08/">, article with image</a> September 9, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/microsoft-warns-azure-customers-flaw-that-could-have-permitted-hackers-access-2021-09-08/">Microsoft warns Azure customers of flaw that could have permitted hackers access to data</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/microsoft-warns-azure-customers-flaw-that-could-have-permitted-hackers-access-2021-09-08/">, article with image</a> September 9, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/researchers-cybersecurity-agency-urge-action-by-microsoft-cloud-database-users-2021-08-28/">Researchers, cybersecurity agency urge action by Microsoft cloud database users</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/researchers-cybersecurity-agency-urge-action-by-microsoft-cloud-database-users-2021-08-28/">, article with image</a> August 30, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/disrupted/">Disrupted</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/">EXCLUSIVE Microsoft warns thousands of cloud customers of exposed databases</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/">, article with video</a> August 27, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-policy-groups-ask-apple-drop-plans-inspect-imessages-scan-abuse-images-2021-08-19/">Policy groups ask Apple to drop plans to inspect iMessages, scan for abuse images</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-policy-groups-ask-apple-drop-plans-inspect-imessages-scan-abuse-images-2021-08-19/">, article with gallery</a> August 19, 2021<br> https://www.whatsupup.com/blog/bilateralistic/jungle/20220520-163721/ Fri, 20 May 2022 16:37:21 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20220520-163721/ USENIX/LISA 2012 slides on <a rel="noreferrer" target="_blank" href="https://www.brendangregg.com/blog/2012-12-13/usenix-lisa-2012-performance-analysis-methodology.html">Performance Analysis Methodology</a> , summarizing ten methods and anti-methods ( <a rel="noreferrer" target="_blank" href="http://www.slideshare.net/brendangregg/lisa12-methodologies">slideshare</a> , <a rel="noreferrer" target="_blank" href="https://www.brendangregg.com/Slides/LISA2012_methodologies.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=abLan0aXJkw">youtube</a> ).<br> https://www.whatsupup.com/blog/gigabit/polenta/20220520-163553/ Fri, 20 May 2022 16:35:53 +0000 https://www.whatsupup.com/blog/gigabit/polenta/20220520-163553/ <p><a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/imgix-a-new-step-forward">Nowadays, you can take out your phone, open a user-friendly app, capture a shockingly high-quality picture, make any corrections you need, and then send that picture to your grandma, who can see it seconds later. Consumer photography is a largely solved problem. However, the same innovations that have benefited consumers - access to high quality cameras, ease of use, rapid distribution of photos - have created a multitude of complexities for businesses who are now forced to deal with both a more discerning user and a more complicated visual landscape. Delivering the highest quality, lowest latency image to your users is getting progressively harder over time as more and more factors play a role in what delivering the “perfect” image means.</a> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/imgix-a-new-step-forward">Nobody should have to become an imaging scientist to achieve the most with their images. We built imgix to solve this.</a><br> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/imgix-a-new-step-forward">By providing a simple URL API…</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/a-conspiracy-to-kill-ie6">The bittersweet consequence of YouTube’s incredible growth is that so many stories will be lost underneath all of the layers of new paint. This is why I wanted to tell the story of how, ten years ago, a small team of web developers conspired to kill IE6 from inside YouTube and got away with it.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/a-conspiracy-to-kill-ie6">I do not recall the exact triggering event that led to our web development team laying out plans to kill IE6 over lunch in the YouTube cafeteria. Perhaps it was the time I pushed out a CSS stylesheet that included an attribute selector on a semi-supported HTML element. Any reasonable web developer would expect this to be ignored by browsers not up to the task. This was not the case with older flavors of IE. Under very specific conditions, an attribute selector on an unsupported HTML element in IE would create an internal recursion that would at best, cause the browser to crash and at worst...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/imaging-and-the-internet">Consider what taking a simple photograph meant 25 years ago. You had film cameras, negatives, dark rooms, emulsions, and paper. It would take days to produce a picture you could show to someone. Now consider what taking a photograph means today. With a smartphone that fits in our pocket, we can capture a photo, edit it, view it, and show it to anyone, all in as a little as a few seconds. These fantastic devices are simultaneously capable of capturing high resolution visuals, displaying them, and immediately distributing them to a billion other devices similarly capable of the exact same things. It is now actually perceivable that a photo you take one moment could be seen by over half of the entire human population a moment later. This power in visual expression has never existed before.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/imaging-and-the-internet">We can create and express visual media so incredibly fast that it is causing new behavioral patterns...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/multiplane-camera">During a recent trip to the Disney Museum in San Francisco, I became immediately fascinated by the multiplane camera that was on display there. The gigantic machine represents so much of what I find inspiring in graphics and technology. It is fun to get lost in thought, imagining what the modern equivalent of the multiplane camera might be and how to foster the intersection of art and technology from which the multiplane camera emerged.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/multiplane-camera">The multiplane camera was invented in 1933 by famous Disney animator/director Ub Iwerks. It worked by enabling animators to position their layers of acetate animation cels at varying distances and offsets in a vertical column. They could then shoot a camera downward to compose the cels into a single frame. While animators had been using acetate celluloid frames composited over painted mattes for decades prior, the technical effects that the multiplane...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/page-weight-matters">Three years ago, while I was a web developer at YouTube, one of the senior engineers began a rant about the page weight of the video watch page being far too large. The page had ballooned to as high as 1.2MB and dozens of requests. This engineer openly vented that “if they can write an entire Quake clone in under 100KB, we have no excuse for this!” Given that I agreed with him and I was excited to find a new project, I decided to champion the cause of getting the YouTube watch page to weigh in under 100KB. On the shuttle home from San Bruno that night, I coded up a prototype. I decided to limit the functionality to just a basic masthead, the video player, five related videos, a sharing button, a flagging tool, and ten comments loaded in via AJAX. I code-named the project “Feather”.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/page-weight-matters">Even with such a limited set of features, the page was weighing in at 250KB. I dug into the code and...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/investors">When I was going through YCombinator in the summer of 2011, I felt like I was the only person in the entire class who knew nothing about taking investment. I remember distinctly when Jessica Livingston announced the $150K we would be getting from SV Angel and Start Fund. When she told us the terms, the room erupted in shouting and applause. I sat there Googling nervously, trying to understand what had just been said and wondering if I really belonged in YC at all.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/investors">Being surrounded by such a select group of founders, each in varying stages of building their companies, you pick up the knowledge you need very quickly. This is the most valuable part of the 3-month YCombinator session. One piece of knowledge you learn very early on is that investors tend to have a herd mentality. What I would later realize through observation was that founders tend to as well.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/investors">I remember getting the...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/cruise-ships">In July of 2010, I made the decision to leave YouTube. The first thoughts I had were “How am I going to explain this to anyone? How will I tell mom?” To my family, I had the greatest job in the world and the amount of money I was making was unfathomable. They were certainly not wrong in thinking this. Google is absolutely the best place in the world to work and they do pay very well. It certainly was not an easy decision on my part.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/cruise-ships">About 4 months before, I was backpacking through Europe, stopping off in major cities to present our latest HTML5 work at the local Google offices. It was my first time really exploring a different part of the world. I met fascinating people and experienced many random adventures. I was trapped in Stockholm for 9 days due to the Icelandic ash cloud. I was a successful stowaway on a train from Copenhagen to Hamburg. I had a girlfriend break up with me during...</a><br> https://www.whatsupup.com/blog/alveolar/cozey/20220520-163549/ Fri, 20 May 2022 16:35:49 +0000 https://www.whatsupup.com/blog/alveolar/cozey/20220520-163549/ As a general solution I created the every command <a rel="noreferrer" target="_blank" href="https://gist.github.com/sorbits/5c0cb7292de091253f8e">available here</a> .<br> This will run command every number time it’s invoked. For example to send an email the third, sixth, ninth, etc. time we call it, use:<br> The command uses a guard file written to $XDG_DATA_HOME/every . If XDG_DATA_HOME is unset then it defaults to $HOME/.local/share .<br> The name of the guard file is derived from the arguments passed to every (using sha1) and the content of the guard file is a counter to keep track of how many times we have been called. As a convenience we also write the command to the guard file.<br> Once the counter reaches the value given via -n then every will remove the guard file and exec your command.<br> If the external guard file is undesired or readability is not a concern, then an alternative approach is to use modular arithmetic with the UNIX epoch returned by date +%s . For an example see <a rel="noreferrer" target="_blank" href="https://coderwall.com/p/yzzu5a">this post</a> .<br> If you upgraded to Mountain Lion and often want to cd into ~/Library/Application Support you might be a little annoyed by the new Application Scripts directory that makes the normal ~/Library/Ap⇥ stop at ~/Library/Application S‸ to have you disambiguate the path.<br> To avoid this you can set the FIGNORE variable. From man bash :<br> Some other useful variables you can set in ~/.inputrc that (IMHO) improve the default behavior of filename completion:<br> The ignore case allows you to type ~/l⇥ and still get ~/Library/ .<br> Marking symlinked directories is useful for /tmp , /etc , and /var .<br> The binary installed is named g++-mp-4.5 and you must use the -std=c++0x argument to enable the new features.<br> This was executed on a 2 × 2.8 GHz Quad Core Mac Pro where PBZip2 (correctly) auto-detected 8 cores.<br> I am running PBZip2 version 1.1.0 from MacPorts ( sudo port install pbzip2 ).<br> Update: Added test with <a rel="noreferrer" target="_blank" href="http://www.nongnu.org/lzip/lzip.html">LZip</a> (an LZMA based compresser). There is a multi-threaded implementation of this ( <a rel="noreferrer" target="_blank" href="http://www.nongnu.org/lzip/plzip.html">plzip</a> ) but a quick ./configure && make did not cut it.<br> I just learned this neat thing about the cd shell command:<br> The variable CDPATH defines the search path for the directory containing «dir» . Alternative directory names in CDPATH are separated by a colon ( : ). A null directory name is the same as the current directory. If «dir» begins with a slash ( / ), then CDPATH is not used.<br> This works with tab completion (using bash 4.1.2) so regardless of the current directory, I can generally do cd Av⇥↩ to reach ~/Source/Avian .<br> This is part 2 of what I think will end up as four parts. This might be a bit of a rehash of the <a rel="noreferrer" target="_blank" href="http://sigpipe.macromates.com/2010/01/15/build-automation-part-1/">first part</a> , but I skimmed lightly over why it actually is that I am so fond of make compared to most other build systems, so I will elaborate with some examples.<br> This post is a “getting started with make ”. I plan to follow up with a part 2 about how to handle auto-generated self-updating Makefiles.<br> I host two blogs, a wiki, and a ticket system, all targets for spam, so I have since generalized the system by using <a rel="noreferrer" target="_blank" href="http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html">mod_rewrite</a> to redirect all POSTs without a cookie to a page which uses JavaScript to set this cookie and resubmit the request (which is then no longer catched by mod_rewrite due to the cookie being set). This means “blocking” spam doesn’t require a plug-in written specifically for the particular web application.<br> It is sometimes useful to have a script check the OS version, for example the way to get the user’s full name was previously done using niutil but Apple removed that command in Leopard (it can now be done using dscl ).<br> One of my path functions is normalize . It removes (redundant) slashes and references to directory meta entries (current and parent directory).<br> A lot of other path functions use or rely on normalize , for example my version of <a rel="noreferrer" target="_blank" href="x-man-page://3/dirname">dirname()</a> is simply: return normalize(path + "/.."); .<br> I was recently tasked with rewriting normalize to be more efficient and it proved to be a bit of a challenge, so I’ll share what I came up with.<br> Each time you add a rectangle you get back an identifier for this rectangle which can’t be stored in an NSArray as-is since it is of the primitive type NSTrackingRectTag (an integer).<br> If you use Objective-C++ then you can use a std::vector<NSTrackingRectTag> to avoid having to box/unbox your identifiers but if you have tried to put non-POD in the interface declaration of your Objective-C class you have probably seen that gcc does not like that.<br> Well, starting with 10.4 (so actually, some time ago) Apple added a switch to gcc which allows C++ objects as part of the instance data, and it will call both constructor and destructor for your C++ objects when allocating/deallocating the Objective-C object.<br> The flag you need to set is -fobjc-call-cxx-cdtors .<br> Occasionally it is convenient to pass a C++ object to an Objective-C method. For example I have an NSString initializer that takes a std::string as argument.<br> This works as long as you pass the object as a reference (i.e. pass a pointer), but you can use the “reference of” operator in the method signature rather than at the call-site. By using a const reference it will work for temporary/implicit objects.<br> Two very nice shell commands that Apple has given us are the pbcopy and pbpaste commands. These allow stdin to go to the clipboard and the clipboard to be written to stdout.<br> There’s just one source, it compiles to a command which works as pbcopy , when called under that name, otherwise pbpaste .<br> What I’ve done is place the command in ~/bin and added a symbolic link from pbpaste to pbcopy , like this:<br> And in addition ensured that my PATH contains ~/bin before anything else, i.e. by placing the following in my ~/.bash_profile (well, actually ~/.zshrc ):<br> https://www.whatsupup.com/blog/nuncle/haw/20220520-163523/ Fri, 20 May 2022 16:35:23 +0000 https://www.whatsupup.com/blog/nuncle/haw/20220520-163523/ For a long time, I used the built-in microphone for my laptop (along with headphones and an external webcam). Getting an all-in-one headset made a huge difference, both for me and my teammates. Between the latency and the (lack of) noise correction, using the built-in microphone meant a lot of slightly awkward pauses, or accidentally interrupting because the other person had started speaking, but I couldn’t hear it yet. With an all-in-one headset, the microphone is much closer to the source (your voice) and it doesn’t pick up the sound from your headset speakers the way your laptop microphone does when you use it without headphones. This makes the noise correction works much better, giving the illusion of lower latency, and so it feels a lot more like having a natural conversation. (I have the Jabra UC Voice ), but I think any dedicated computer headset will work better than the built-in laptop microphone and speakers).<br> If you really can’t break the habit of logging errors, you can at least add a hook to log.error that sends the error (and a complete stacktrace) to an error reporting tool like Sentry.<br> Logging can be useful for some purposes. However, it’s rare that they’re the only tool for monitoring your code. And it’s even rarer that they’re the best tool. When writing software that scales, you need to be able to deal with aggregate information – the firehose is too unwieldy to parse mentally. Logs that can be aggregated are better than logs that can’t. In those cases, it’s best to keep logging, but when you need to diagnose a problem, you’ll be interested in reading aggregate queries across your logs, rather than viewing raw, unaggregated logs in chronological order. The former is a powerful way to absorb a lot of information about your systems quickly. The latter is a glorified tail -f | grep .<br> dig gave me the following output:<br> https://www.whatsupup.com/blog/jigging/witherer/20220520-163458/ Fri, 20 May 2022 16:34:58 +0000 https://www.whatsupup.com/blog/jigging/witherer/20220520-163458/ <p><a rel="noreferrer" target="_blank" href="https://themarkup.org/pixel-hunt/2022/04/28/applied-for-student-aid-online-facebook-saw-you">Pixel Hunt</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/pixel-hunt/2022/04/28/applied-for-student-aid-online-facebook-saw-you">Applied for Student Aid Online? Facebook Saw You</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/pixel-hunt/2022/04/28/applied-for-student-aid-online-facebook-saw-you">The FAFSA form included code that sent personal information back to Facebook</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/pixel-hunt/2022/04/28/applied-for-student-aid-online-facebook-saw-you">April 28, 2022 08:00 ET</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/show-your-work/2022/04/28/how-we-built-a-meta-pixel-inspector">Show Your Work</a> <a rel="noreferrer" target="_blank" href="https://themarkup.org/show-your-work/2022/04/28/how-we-built-a-meta-pixel-inspector">Pixel Hunt</a><br> <a rel="noreferrer" target="_blank" href="https://themarkup.org/show-your-work/2022/04/28/how-we-built-a-meta-pixel-inspector">How We Built a Meta Pixel Inspector</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/show-your-work/2022/04/28/how-we-built-a-meta-pixel-inspector">The first large-scale, crowdsourced study that monitors how Meta tracks people across the internet</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/show-your-work/2021/11/18/how-we-investigated-facebooks-most-popular-content">Show Your Work</a> <a rel="noreferrer" target="_blank" href="https://themarkup.org/show-your-work/2021/11/18/how-we-investigated-facebooks-most-popular-content">Citizen Browser</a><br> <a rel="noreferrer" target="_blank" href="https://themarkup.org/show-your-work/2021/11/18/how-we-investigated-facebooks-most-popular-content">How We Investigated Facebook’s Most Popular Content</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/show-your-work/2021/11/18/how-we-investigated-facebooks-most-popular-content">We found that Facebook's popularity metric obscures how well ultra-conservative content does on the platform</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/11/18/facebook-isnt-telling-you-how-popular-right-wing-content-is-on-the-platform">Citizen Browser</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/11/18/facebook-isnt-telling-you-how-popular-right-wing-content-is-on-the-platform">Facebook Isn’t Telling You How Popular Right-Wing Content Is on the Platform</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/11/18/facebook-isnt-telling-you-how-popular-right-wing-content-is-on-the-platform">Facebook insists that mainstream news sites perform the best on its platform. But by other measures, sensationalist, partisan content reigns</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/09/22/germanys-far-right-political-party-the-afd-is-dominating-facebook-this-election">Germany’s Far-Right Political Party, the AfD, Is Dominating Facebook This Election</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/09/22/germanys-far-right-political-party-the-afd-is-dominating-facebook-this-election">Ahead of a national vote this month, Citizen Browser data shows that posts promoting the AfD party appeared more than three times as often as rivals'</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/09/21/facebook-rolls-out-news-feed-change-that-blocks-watchdogs-from-gathering-data">Facebook Rolls Out News Feed Change That Blocks Watchdogs from Gathering Data</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/09/21/facebook-rolls-out-news-feed-change-that-blocks-watchdogs-from-gathering-data">The tweak, which targets the code in accessibility features for visually impaired users, drew ire from researchers and those who monitor the platform</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/08/10/how-the-daily-wire-uses-facebooks-targeted-advertising-to-build-its-brand">How The Daily Wire Uses Facebook’s Targeted Advertising to Build Its Brand</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/08/10/how-the-daily-wire-uses-facebooks-targeted-advertising-to-build-its-brand">The social media giant's powerful targeting tools appear to be part of Ben Shapiro’s success in growing his audience on the platform</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/07/09/facebook-got-rid-of-racial-ad-categories-or-did-it">Facebook Got Rid of Racial Ad Categories. Or Did It?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/07/09/facebook-got-rid-of-racial-ad-categories-or-did-it">Our Citizen Browser project found an array of proxies through which advertisers can target Black Facebook users, among other demographics</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/06/24/after-repeatedly-promising-not-to-facebook-keeps-recommending-political-groups-to-its-users">After Repeatedly Promising Not to, Facebook Keeps Recommending Political Groups to Its Users</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/06/24/after-repeatedly-promising-not-to-facebook-keeps-recommending-political-groups-to-its-users">The company announced the policy as a way to stop spreading divisive content</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/05/20/facebook-said-it-would-stop-recommending-anti-vaccine-groups-it-didnt">Facebook Said It Would Stop Recommending Anti-Vaccine Groups. It Didn’t</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/05/20/facebook-said-it-would-stop-recommending-anti-vaccine-groups-it-didnt">As COVID-19 surged, the social media company pointed users to all sorts of anti-vaccine and anti-mask groups</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/people/julia-angwin/page/0">Newer</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/people/julia-angwin/page/2">Older</a><br> https://www.whatsupup.com/blog/popularization/compilable/20220520-163432/ Fri, 20 May 2022 16:34:32 +0000 https://www.whatsupup.com/blog/popularization/compilable/20220520-163432/ Jeff Huang Brown University <a href="mailto:home@jeffhuang.com">home@jeffhuang.com</a><br> https://www.whatsupup.com/blog/conservatorship/reemphasize/20220520-163343/ Fri, 20 May 2022 16:33:42 +0000 https://www.whatsupup.com/blog/conservatorship/reemphasize/20220520-163343/ Okay so lets begin with: sudo rm -rf / && sudo kill -9 1 .<br> https://www.whatsupup.com/blog/airbrush/misogynic/20220520-161239/ Fri, 20 May 2022 16:12:39 +0000 https://www.whatsupup.com/blog/airbrush/misogynic/20220520-161239/ <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2020/01/the-wave-particle-duality-of-git-commits/">The Wave/Particle Duality of Git Commits</a> Jan 20, 2020 Yet another way to think of git rebase<br> «<br> https://www.whatsupup.com/blog/relational/steak/20220520-161125/ Fri, 20 May 2022 16:11:25 +0000 https://www.whatsupup.com/blog/relational/steak/20220520-161125/ New Top Discussion<br> https://www.whatsupup.com/blog/gaper/whisky/20220520-155353/ Fri, 20 May 2022 15:53:53 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220520-155353/ Web of Things<br> https://www.whatsupup.com/blog/lienholder/alcoholism/20220520-155331/ Fri, 20 May 2022 15:53:31 +0000 https://www.whatsupup.com/blog/lienholder/alcoholism/20220520-155331/ <p>So, we need to bring out bigger guns in. I searched the kernel source for <a rel="noreferrer" target="_blank" href="https://elixir.bootlin.com/linux/v5.15/A/ident/init_pid_ns">occurrences of</a><br> <a rel="noreferrer" target="_blank" href="https://elixir.bootlin.com/linux/v5.15/A/ident/init_pid_ns">init_pid_ns</a><br></p> <hr> , as this namespace is called in the Linux source code. There are not too many occurrences we can rely on. The taskstats module limits the<br> tool directly influenced the user interface of my<br> <a rel="noreferrer" target="_blank" href="https://github.com/leahneukirchen/nq">nq</a><br> <hr> tool, and reading about<br> inspired my<br> <a rel="noreferrer" target="_blank" href="https://github.com/leahneukirchen/lr">lr</a><br> <hr> . His<br> lives on as my<br> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/dotfiles/bin/mend">mend</a><br> https://www.whatsupup.com/blog/sited/implore/20220520-154512/ Fri, 20 May 2022 15:45:12 +0000 https://www.whatsupup.com/blog/sited/implore/20220520-154512/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/20/business/elon-musk-twitter-takeover.html">Even Among Corporate Raiders, Elon Musk Is a Pirate</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/20/business/elon-musk-twitter-takeover.html">The world of deal making has always been rough and tumble. But Mr. Musk blows any predecessors away.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/20/business/elon-musk-twitter-takeover.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/20/business/elon-musk-twitter-takeover.html">Lauren Hirsch</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/11/technology/ftc-majority-lina-khan.html">New Majority Gives F.T.C. a Chance to Push an Aggressive Agenda</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/11/technology/ftc-majority-lina-khan.html">The confirmation of a third Democrat creates an opportunity for Lina Khan, the Federal Trade Commission’s chair, to advance efforts to rein in corporate power.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/11/technology/ftc-majority-lina-khan.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/11/technology/ftc-majority-lina-khan.html">David McCabe</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/11/technology/ftc-majority-lina-khan.html">and</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/11/technology/ftc-majority-lina-khan.html">Cecilia Kang</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/25/technology/musk-twitter-sale.html">With Deal for Twitter, Musk Lands a Prize and Pledges Fewer Limits</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/25/technology/musk-twitter-sale.html">The world’s richest man succeeded in a bid to acquire the influential social networking service, which he has said he wants to take private.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/25/technology/musk-twitter-sale.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/25/technology/musk-twitter-sale.html">Mike Isaac</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/25/technology/musk-twitter-sale.html">and</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/25/technology/musk-twitter-sale.html">Lauren Hirsch</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/22/technology/tech-regulation-europe-us.html">News Analysis</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/22/technology/tech-regulation-europe-us.html">As Europe Approves New Tech Laws, the U.S. Falls Further Behind</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/22/technology/tech-regulation-europe-us.html">Federal privacy bills, security legislation and antitrust laws to address the power of the tech giants have all failed to advance in Congress, despite hand wringing and shows of bipartisan support.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/22/technology/tech-regulation-europe-us.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/22/technology/tech-regulation-europe-us.html">Cecilia Kang</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/20/technology/barack-obama-disinformation.html">Barack Obama Takes On a New Role: Fighting Disinformation</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/20/technology/barack-obama-disinformation.html">The former president has embarked on a campaign to warn that the scourge of online falsehoods has eroded the foundations of democracy.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/20/technology/barack-obama-disinformation.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/20/technology/barack-obama-disinformation.html">Steven Lee Myers</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/20/technology/barack-obama-disinformation.html">and</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/20/technology/barack-obama-disinformation.html">Cecilia Kang</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/18/technology/zuckerberg-meta-privacy-lawsuit.html">A judge throws out D.C.’s attempt to name Zuckerberg in a privacy lawsuit.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/18/technology/zuckerberg-meta-privacy-lawsuit.html">D.C.’s attorney general had waited too long to add Mark Zuckerberg as a defendant in the suit against Meta, the judge said.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/12/business/rt-america-russian-tv.html">What It Was Like to Work for Russian State Television</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/12/business/rt-america-russian-tv.html">Until RT America ended abruptly, life as a journalist there was “actually so normal.”</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/09/business/amazon-antitrust-investigation.html">A House panel calls for a criminal investigation into Amazon.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/09/business/amazon-antitrust-investigation.html">Members of the Judiciary Committee accused Amazon of obstructing its inquiry into how the company treats third-party sellers.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/09/business/amazon-antitrust-investigation.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/09/business/amazon-antitrust-investigation.html">Cecilia Kang</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/09/business/amazon-antitrust-investigation.html">and</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/09/business/amazon-antitrust-investigation.html">David McCabe</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/02/technology/tiktok-states-investigation.html">A coalition of state attorneys general opens an investigation into TikTok.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/02/technology/tiktok-states-investigation.html">The group is looking into the Chinese-owned video site for the harms it may pose to younger users.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/28/technology/whole-foods-amazon-automation.html">Here Comes the Full Amazonification of Whole Foods</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/28/technology/whole-foods-amazon-automation.html">A newly revamped store in Washington shows how thoroughly Amazon has woven itself into the grocery shopping experience.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://twitter.com/ceciliakang">ceciliakang</a> <a rel="noreferrer" target="_blank" href="https://twitter.com/ceciliakang">twitter</a> <a rel="noreferrer" target="_blank" href="https://twitter.com/ceciliakang">page for</a> <a rel="noreferrer" target="_blank" href="https://twitter.com/ceciliakang">ceciliakang</a><br> https://www.whatsupup.com/blog/augur/cussed/20220520-154306/ Fri, 20 May 2022 15:43:06 +0000 https://www.whatsupup.com/blog/augur/cussed/20220520-154306/ <p><a rel="noreferrer" target="_blank" href="https://discord.com/category/company">Discord HQ</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/category/community">Community</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/category/product">Product & Features</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/category/safety">Policy & Safety</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/category/engineering">Engineering & Design</a><br> https://www.whatsupup.com/blog/flea/unthought/20220520-154218/ Fri, 20 May 2022 15:42:17 +0000 https://www.whatsupup.com/blog/flea/unthought/20220520-154218/ <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pandemic-and-health">Pandemic, Teams, Health, and Self-Care</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pandemic-and-health">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pandemic-and-health">June 29, 2020</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pandemic-and-health">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/50-product-lessons">50 Short Product Lessons</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/50-product-lessons">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/50-product-lessons">June 29, 2020</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/50-product-lessons">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/some-tweets">Book Pre-Order</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/some-tweets">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/some-tweets">May 16, 2020</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/some-tweets">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/mvp-and-experiment-tips">Some MVP and Experiment Tips</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/mvp-and-experiment-tips">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/mvp-and-experiment-tips">February 25, 2020</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/mvp-and-experiment-tips">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/breaking-the-rules">Great Teams Break the "Rules" All the Time</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/breaking-the-rules">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/breaking-the-rules">December 17, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/breaking-the-rules">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/promises-kept">Small Promises Regularly Kept</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/promises-kept">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/promises-kept">December 16, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/promises-kept">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/shape-up-review">Review Notes: Shape Up</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/shape-up-review">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/shape-up-review">December 13, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/shape-up-review">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-product-managers-lose-trust">How Product Managers Lose Trust</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-product-managers-lose-trust">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-product-managers-lose-trust">September 14, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-product-managers-lose-trust">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/what-is-an-mvp">What Is an MVP?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/what-is-an-mvp">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/what-is-an-mvp">September 07, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/what-is-an-mvp">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-you-want-to-fix-something">So You Want to Fix Something?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-you-want-to-fix-something">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-you-want-to-fix-something">August 19, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-you-want-to-fix-something">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/measure-to-learn-not-to-control">Measuring to Control vs. Measuring to Learn and Improve</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/measure-to-learn-not-to-control">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/measure-to-learn-not-to-control">August 16, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/measure-to-learn-not-to-control">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/small-teams-may-not-fix-the-mess">Small Teams May Not Fix The Mess</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/small-teams-may-not-fix-the-mess">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/small-teams-may-not-fix-the-mess">July 06, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/small-teams-may-not-fix-the-mess">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-system-bites-back">The System Bites Back</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-system-bites-back">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-system-bites-back">June 18, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-system-bites-back">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/making-okrs-easier">Making OKRs Easier…</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/making-okrs-easier">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/making-okrs-easier">June 16, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/making-okrs-easier">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/working-fast-and-slow">Working Fast and Slow</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/working-fast-and-slow">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/working-fast-and-slow">June 11, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/working-fast-and-slow">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/meta-advocacy">“Meta” Advocacy</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/meta-advocacy">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/meta-advocacy">June 10, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/meta-advocacy">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-youre-hiring-a-product-manager">So You’re Hiring a Product Manager?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-youre-hiring-a-product-manager">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-youre-hiring-a-product-manager">May 04, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-youre-hiring-a-product-manager">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/by-default-ship-nothing">By Default, Ship Nothing</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/by-default-ship-nothing">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/by-default-ship-nothing">April 28, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/by-default-ship-nothing">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-messy-shift-to-starting-together">The (Messy) Shift to Starting Together</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-messy-shift-to-starting-together">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-messy-shift-to-starting-together">April 17, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-messy-shift-to-starting-together">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/hot-mess">Hot Mess</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/hot-mess">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/hot-mess">April 03, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/hot-mess">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scaling-product-development-for-startups">Scaling Product Development (for Startups)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scaling-product-development-for-startups">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scaling-product-development-for-startups">March 20, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scaling-product-development-for-startups">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-big-leaps">The Big Leaps</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-big-leaps">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-big-leaps">March 18, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-big-leaps">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/prioritizing-without-level-of-effort">Prioritizing Without Level of Effort?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/prioritizing-without-level-of-effort">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/prioritizing-without-level-of-effort">March 15, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/prioritizing-without-level-of-effort">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/should-we-have-deadlines">Should We Have Deadlines?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/should-we-have-deadlines">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/should-we-have-deadlines">March 13, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/should-we-have-deadlines">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/do-this-now-8-ways-to-focus-your-product-team-on-impact-not-features">Do This Now: 8 Ways to Focus your Product Team on Impact, Not Features</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/do-this-now-8-ways-to-focus-your-product-team-on-impact-not-features">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/do-this-now-8-ways-to-focus-your-product-team-on-impact-not-features">February 16, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/do-this-now-8-ways-to-focus-your-product-team-on-impact-not-features">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-spirit-of-sprints">(The Spirit Of…) Sprints</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-spirit-of-sprints">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-spirit-of-sprints">February 09, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-spirit-of-sprints">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/make-the-time-if-it-is-important">Make the Time (If It Is Important)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/make-the-time-if-it-is-important">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/make-the-time-if-it-is-important">February 02, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/make-the-time-if-it-is-important">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-things-you-should-know-about-product-managers">15 Things You Should Know About Product Managers</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-things-you-should-know-about-product-managers">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-things-you-should-know-about-product-managers">January 27, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-things-you-should-know-about-product-managers">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/visualize-flow-at-a-higher-level">Visualize Flow at a Higher Level</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/visualize-flow-at-a-higher-level">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/visualize-flow-at-a-higher-level">January 22, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/visualize-flow-at-a-higher-level">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/organizational-debt">Organizational Debt</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/organizational-debt">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/organizational-debt">January 14, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/organizational-debt">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/going-agile">“Going Agile”</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/going-agile">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/going-agile">January 12, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/going-agile">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-models">Continuous Improvement Models</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-models">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-models">January 04, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-models">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/hybrid-boards-for-roadmapping">Hybrid Boards For Roadmapping</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/hybrid-boards-for-roadmapping">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/hybrid-boards-for-roadmapping">January 03, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/hybrid-boards-for-roadmapping">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/10-product-development-traps">10 Product Development Traps</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/10-product-development-traps">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/10-product-development-traps">January 02, 2019</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/10-product-development-traps">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/resilience-the-fork-in-the-road">Resilience: The Fork in the Road</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/resilience-the-fork-in-the-road">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/resilience-the-fork-in-the-road">December 30, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/resilience-the-fork-in-the-road">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/learning-or-just-delivering">Learning? Or Just Delivering?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/learning-or-just-delivering">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/learning-or-just-delivering">December 24, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/learning-or-just-delivering">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-posts-about-change-agency-and-continuous-improvement">15 Posts About Change Agency and Continuous Improvement</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-posts-about-change-agency-and-continuous-improvement">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-posts-about-change-agency-and-continuous-improvement">December 22, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-posts-about-change-agency-and-continuous-improvement">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-posts-on-roadmaps-prioritization-and-visualizing-the-work">15 Posts on Roadmaps, Prioritization, and Visualizing The Work</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-posts-on-roadmaps-prioritization-and-visualizing-the-work">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-posts-on-roadmaps-prioritization-and-visualizing-the-work">December 20, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-posts-on-roadmaps-prioritization-and-visualizing-the-work">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/do-this-now">Do This Now!</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/do-this-now">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/do-this-now">December 20, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/do-this-now">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-outcomes-over-outputs">Why Outcomes Over Outputs?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-outcomes-over-outputs">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-outcomes-over-outputs">December 18, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-outcomes-over-outputs">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/decision-quality-decision-velocity">Decision Quality. Decision Velocity.</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/decision-quality-decision-velocity">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/decision-quality-decision-velocity">December 11, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/decision-quality-decision-velocity">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-cold-start-problem">The Cold Start Problem</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-cold-start-problem">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-cold-start-problem">December 11, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-cold-start-problem">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/great-one-pagers">Great One-Pagers</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/great-one-pagers">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/great-one-pagers">December 10, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/great-one-pagers">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/certainty-theater">Certainty Theater</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/certainty-theater">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/certainty-theater">December 09, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/certainty-theater">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-experiment">Why Experiment?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-experiment">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-experiment">December 02, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-experiment">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/from-decision-maker-to-decision-supporter">From Decision Maker to Decision Supporter</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/from-decision-maker-to-decision-supporter">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/from-decision-maker-to-decision-supporter">December 01, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/from-decision-maker-to-decision-supporter">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/16-individual-warning-signals">16 Individual Warning Signals</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/16-individual-warning-signals">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/16-individual-warning-signals">November 23, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/16-individual-warning-signals">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-tribe">The [?] Tribe</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-tribe">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-tribe">November 20, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-tribe">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-dont-they-trust-us">Why Don’t They Trust Us?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-dont-they-trust-us">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-dont-they-trust-us">November 16, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-dont-they-trust-us">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/self-inflicted-chaos">Self-Inflicted Chaos</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/self-inflicted-chaos">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/self-inflicted-chaos">November 13, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/self-inflicted-chaos">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/practice-best-practices">Practice > Best Practices</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/practice-best-practices">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/practice-best-practices">November 02, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/practice-best-practices">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-do-we-do-ux-with-agile">How Do We Do UX With Agile?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-do-we-do-ux-with-agile">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-do-we-do-ux-with-agile">October 23, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-do-we-do-ux-with-agile">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-drift-into-technical-bankruptcy">The Drift Into Technical Bankruptcy</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-drift-into-technical-bankruptcy">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-drift-into-technical-bankruptcy">October 04, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-drift-into-technical-bankruptcy">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-person-assigned-to-each-story">One Person Assigned To Each Story?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-person-assigned-to-each-story">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-person-assigned-to-each-story">September 28, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-person-assigned-to-each-story">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-tools-vs-project-management-tools">Continuous Improvement Tools vs. Project Management Tools</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-tools-vs-project-management-tools">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-tools-vs-project-management-tools">September 24, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-tools-vs-project-management-tools">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-mvp-bait-and-switch">The MVP Bait-and-Switch</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-mvp-bait-and-switch">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-mvp-bait-and-switch">September 23, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-mvp-bait-and-switch">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-is-real-work">Continuous Improvement is Real Work</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-is-real-work">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-is-real-work">September 17, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-is-real-work">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/messy-middle">Messy Middle</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/messy-middle">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/messy-middle">September 13, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/messy-middle">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/amplitude">Amplitude</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/amplitude">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/amplitude">September 05, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/amplitude">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/less-herding-more-doing">Less Herding. More Doing.</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/less-herding-more-doing">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/less-herding-more-doing">August 30, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/less-herding-more-doing">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/thatll-never-work-here-heretics-head-noddies-and-the-drift-into-mediocrity">That’ll Never Work Here: Heretics, Head Noddies, and the Drift Into Mediocrity</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/thatll-never-work-here-heretics-head-noddies-and-the-drift-into-mediocrity">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/thatll-never-work-here-heretics-head-noddies-and-the-drift-into-mediocrity">August 28, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/thatll-never-work-here-heretics-head-noddies-and-the-drift-into-mediocrity">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pm-tip-30-seconds-answers-to-common-questions">PM Tip: 30 Seconds Answers (to Common Questions)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pm-tip-30-seconds-answers-to-common-questions">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pm-tip-30-seconds-answers-to-common-questions">August 26, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pm-tip-30-seconds-answers-to-common-questions">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-quarterly-okrs">Why Quarterly OKRs?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-quarterly-okrs">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-quarterly-okrs">August 24, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-quarterly-okrs">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/4-prioritization-lessons-using-cost-of-delay-and-cd3">4 Prioritization Lessons (using Cost of Delay and CD3)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/4-prioritization-lessons-using-cost-of-delay-and-cd3">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/4-prioritization-lessons-using-cost-of-delay-and-cd3">August 23, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/4-prioritization-lessons-using-cost-of-delay-and-cd3">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/not-leadership-material">Not Leadership “Material”</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/not-leadership-material">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/not-leadership-material">August 22, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/not-leadership-material">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/70-books-and-other-resources-for-internal-change-agents">70 Books (and Other Resources) for Internal Change Agents</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/70-books-and-other-resources-for-internal-change-agents">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/70-books-and-other-resources-for-internal-change-agents">August 22, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/70-books-and-other-resources-for-internal-change-agents">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/feels-like-faster-vs-is-actually-faster">Feels Like Faster vs. Is Actually Faster</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/feels-like-faster-vs-is-actually-faster">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/feels-like-faster-vs-is-actually-faster">August 18, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/feels-like-faster-vs-is-actually-faster">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/make-scrum-scrumptious">Make Scrum Scrumptious!</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/make-scrum-scrumptious">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/make-scrum-scrumptious">August 13, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/make-scrum-scrumptious">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-patient-change-agent">The Patient Change Agent</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-patient-change-agent">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-patient-change-agent">August 12, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-patient-change-agent">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-manager-and-the-change-agent">The Manager and the Change Agent</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-manager-and-the-change-agent">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-manager-and-the-change-agent">August 07, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-manager-and-the-change-agent">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/your-org-problems-are-not-unique">Your Org Problems Are Not Unique</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/your-org-problems-are-not-unique">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/your-org-problems-are-not-unique">August 02, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/your-org-problems-are-not-unique">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/is-agile-the-enemy-of-good-design">Is Agile the Enemy (of Good Design)?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/is-agile-the-enemy-of-good-design">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/is-agile-the-enemy-of-good-design">July 28, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/is-agile-the-enemy-of-good-design">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/whyestimates">#WhyEstimates</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/whyestimates">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/whyestimates">July 26, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/whyestimates">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ripple-effects-no-and-chips-on-shoulders">Ripple Effects, No, and Chips On Shoulders…</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ripple-effects-no-and-chips-on-shoulders">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ripple-effects-no-and-chips-on-shoulders">July 25, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ripple-effects-no-and-chips-on-shoulders">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/better-outcomes-less-drag">Better Outcomes. Less Drag</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/better-outcomes-less-drag">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/better-outcomes-less-drag">July 23, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/better-outcomes-less-drag">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-canary-dies">The Canary Dies</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-canary-dies">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-canary-dies">July 22, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-canary-dies">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-some-tool">#Why[Some Tool]</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-some-tool">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-some-tool">July 15, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-some-tool">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/slack-vs-blocked">Slack vs. Blocked</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/slack-vs-blocked">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/slack-vs-blocked">July 13, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/slack-vs-blocked">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/invest-energy-and-focus-not-time">Invest Energy and Focus, Not Time</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/invest-energy-and-focus-not-time">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/invest-energy-and-focus-not-time">July 10, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/invest-energy-and-focus-not-time">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/team-why-cant-we-go-faster">Team! Why Can’t We Go Faster?!</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/team-why-cant-we-go-faster">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/team-why-cant-we-go-faster">July 09, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/team-why-cant-we-go-faster">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/instant-results-guaranteed">Instant Results! Guaranteed!<em></a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/instant-results-guaranteed">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/instant-results-guaranteed">July 08, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/instant-results-guaranteed">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/just-one-more-sprint">Just One More Sprint!?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/just-one-more-sprint">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/just-one-more-sprint">July 07, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/just-one-more-sprint">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/quick-meeting-tips">Quick Meeting Tips</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/quick-meeting-tips">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/quick-meeting-tips">July 06, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/quick-meeting-tips">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pms-share-outcomes-with-your-team">PMs: Share Outcomes With Your Team</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pms-share-outcomes-with-your-team">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pms-share-outcomes-with-your-team">July 02, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pms-share-outcomes-with-your-team">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/opportunity-vs-intervention">Opportunity vs. Intervention</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/opportunity-vs-intervention">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/opportunity-vs-intervention">June 29, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/opportunity-vs-intervention">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agile-makes-no-sense">Agile Makes No Sense</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agile-makes-no-sense">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agile-makes-no-sense">June 28, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agile-makes-no-sense">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/start-with-naive-pragmatism">Start With Naive Pragmatism</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/start-with-naive-pragmatism">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/start-with-naive-pragmatism">June 26, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/start-with-naive-pragmatism">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/its-products-fault-right">It’s Product’s Fault! Right?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/its-products-fault-right">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/its-products-fault-right">June 25, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/its-products-fault-right">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/a-single-prioritized-list-a-story">A Single Prioritized List (a Story)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/a-single-prioritized-list-a-story">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/a-single-prioritized-list-a-story">June 22, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/a-single-prioritized-list-a-story">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/focused-advocacy-and-improvement">Focused Advocacy and Improvement</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/focused-advocacy-and-improvement">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/focused-advocacy-and-improvement">June 21, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/focused-advocacy-and-improvement">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/when-you-hear-pay-attention">When You Hear _______, Pay Attention</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/when-you-hear-pay-attention">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/when-you-hear-pay-attention">June 20, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/when-you-hear-pay-attention">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/before-adding-process">Before Adding Process</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/before-adding-process">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/before-adding-process">June 17, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/before-adding-process">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/platitudes-and-brass-tacks">Platitudes and Brass Tacks</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/platitudes-and-brass-tacks">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/platitudes-and-brass-tacks">June 15, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/platitudes-and-brass-tacks">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-random-ticket-game">The Random Ticket Game</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-random-ticket-game">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-random-ticket-game">June 12, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-random-ticket-game">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/value-and-sequencing">Value and Sequencing</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/value-and-sequencing">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/value-and-sequencing">June 07, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/value-and-sequencing">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-spokesperson-trap">The Spokesperson Trap</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-spokesperson-trap">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-spokesperson-trap">June 05, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-spokesperson-trap">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/prioritizing-non-feature-work-and-continuous-improvement">Prioritizing “Non-Feature” Work and Continuous Improvement</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/prioritizing-non-feature-work-and-continuous-improvement">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/prioritizing-non-feature-work-and-continuous-improvement">June 04, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/prioritizing-non-feature-work-and-continuous-improvement">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-need-quick-wins">We Need Quick Wins…</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-need-quick-wins">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-need-quick-wins">June 04, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-need-quick-wins">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/unsuck-days">Unsuck Days</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/unsuck-days">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/unsuck-days">June 02, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/unsuck-days">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/they-just-want-to-code-or-design-all-day">“They Just Want To Code (or Design) All Day”</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/they-just-want-to-code-or-design-all-day">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/they-just-want-to-code-or-design-all-day">May 30, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/they-just-want-to-code-or-design-all-day">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/three-deep-breaths">Three Deep Breaths</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/three-deep-breaths">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/three-deep-breaths">May 22, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/three-deep-breaths">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/systems-and-people-behaving-badly">Systems and People Behaving Badly</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/systems-and-people-behaving-badly">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/systems-and-people-behaving-badly">May 17, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/systems-and-people-behaving-badly">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/good-process-vs-bad-process">Good Process vs. Bad Process</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/good-process-vs-bad-process">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/good-process-vs-bad-process">May 16, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/good-process-vs-bad-process">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/show-dont-tell">Show Don’t Tell</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/show-dont-tell">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/show-dont-tell">May 15, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/show-dont-tell">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-does-your-company-approach-continuous-improvement">How Does Your Company Approach Continuous Improvement?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-does-your-company-approach-continuous-improvement">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-does-your-company-approach-continuous-improvement">May 12, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-does-your-company-approach-continuous-improvement">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-all-care-about-congruence-right">We All Care About Congruence. Right?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-all-care-about-congruence-right">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-all-care-about-congruence-right">May 10, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-all-care-about-congruence-right">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beyond-outcomes-over-outputs">Beyond “Outcomes Over Outputs”</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beyond-outcomes-over-outputs">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beyond-outcomes-over-outputs">May 08, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beyond-outcomes-over-outputs">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/better-decisions-by-forecasting-cycle-time-as-a-team">Better Decisions (By Forecasting Cycle Time as a Team)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/better-decisions-by-forecasting-cycle-time-as-a-team">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/better-decisions-by-forecasting-cycle-time-as-a-team">May 05, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/better-decisions-by-forecasting-cycle-time-as-a-team">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/problem-vs-solution">Problem vs. Solution</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/problem-vs-solution">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/problem-vs-solution">April 20, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/problem-vs-solution">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/working-with-software-developers-9-tips-for-product-managers">Working With Software Developers (9 Tips for Product Managers)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/working-with-software-developers-9-tips-for-product-managers">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/working-with-software-developers-9-tips-for-product-managers">April 15, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/working-with-software-developers-9-tips-for-product-managers">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/cost-per-reasonable-decision-cprd">Cost Per Reasonable Decision (CPRD)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/cost-per-reasonable-decision-cprd">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/cost-per-reasonable-decision-cprd">April 01, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/cost-per-reasonable-decision-cprd">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/task-story-bigger-story-bets-foundational-beliefs-drawing">Task, Story, Bigger Story, Bets, Foundational Beliefs (Drawing)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/task-story-bigger-story-bets-foundational-beliefs-drawing">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/task-story-bigger-story-bets-foundational-beliefs-drawing">March 27, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/task-story-bigger-story-bets-foundational-beliefs-drawing">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/starting-without-a-solution">Starting Without A Solution</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/starting-without-a-solution">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/starting-without-a-solution">March 16, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/starting-without-a-solution">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/40-roadmap-item-questions">40 Roadmap Item Questions</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/40-roadmap-item-questions">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/40-roadmap-item-questions">March 02, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/40-roadmap-item-questions">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-that-prioritization-spreadsheet">So That Prioritization Spreadsheet…</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-that-prioritization-spreadsheet">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-that-prioritization-spreadsheet">February 25, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-that-prioritization-spreadsheet">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/look-before-leaping">Look Before Leaping</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/look-before-leaping">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/look-before-leaping">February 22, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/look-before-leaping">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/yes-but">Yes, But…</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/yes-but">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/yes-but">February 19, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/yes-but">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/wip-it-real-good">WIP It Real Good</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/wip-it-real-good">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/wip-it-real-good">February 14, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/wip-it-real-good">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/round-and-round">Round and Round</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/round-and-round">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/round-and-round">February 12, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/round-and-round">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/awesome-meh-awesome-but">Awesome, Meh, Awesome But…</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/awesome-meh-awesome-but">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/awesome-meh-awesome-but">February 03, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/awesome-meh-awesome-but">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/start-together-finish-together">Start Together. Finish Together</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/start-together-finish-together">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/start-together-finish-together">January 31, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/start-together-finish-together">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-need-fewer-product-managers">We Need Fewer Product Managers</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-need-fewer-product-managers">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-need-fewer-product-managers">January 29, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-need-fewer-product-managers">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/lets-run-an-experiment">“Let’s Run an Experiment!”</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/lets-run-an-experiment">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/lets-run-an-experiment">January 28, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/lets-run-an-experiment">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-cant-do-that-in-one-sprint">We Can’t Do That In One Sprint</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-cant-do-that-in-one-sprint">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-cant-do-that-in-one-sprint">January 24, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-cant-do-that-in-one-sprint">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/my-idea-ism">My-idea-ism</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/my-idea-ism">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/my-idea-ism">January 23, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/my-idea-ism">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/measurement-malpractice">Measurement Malpractice</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/measurement-malpractice">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/measurement-malpractice">January 22, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/measurement-malpractice">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/give-and-take">Give and Take</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/give-and-take">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/give-and-take">January 21, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/give-and-take">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agile-done-right-is-continuous-design">Agile (Done Right) Is Continuous Design</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agile-done-right-is-continuous-design">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agile-done-right-is-continuous-design">January 13, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agile-done-right-is-continuous-design">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/customer-facing-product-thinking-multi-product-and-other-shenanigans">Customer-Facing, Product Thinking, “Multi-Product”, and Other Shenanigans</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/customer-facing-product-thinking-multi-product-and-other-shenanigans">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/customer-facing-product-thinking-multi-product-and-other-shenanigans">January 11, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/customer-facing-product-thinking-multi-product-and-other-shenanigans">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/inventory-and-integration">Inventory and Integration</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/inventory-and-integration">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/inventory-and-integration">January 11, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/inventory-and-integration">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-hard-thing-about-not-so-hard-things">The Hard Thing About (Not So) Hard Things</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-hard-thing-about-not-so-hard-things">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-hard-thing-about-not-so-hard-things">January 10, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-hard-thing-about-not-so-hard-things">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/story-epilogues">Story Epilogues</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/story-epilogues">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/story-epilogues">January 06, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/story-epilogues">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-story-per-sprint">One Story Per “Sprint”</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-story-per-sprint">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-story-per-sprint">January 05, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-story-per-sprint">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/of-course-psychological-safety-but-how">Of Course Psychological Safety…But How?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/of-course-psychological-safety-but-how">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/of-course-psychological-safety-but-how">January 04, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/of-course-psychological-safety-but-how">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/some-totally-cliche-career-advice">Some Totally Cliche Career Advice…</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/some-totally-cliche-career-advice">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/some-totally-cliche-career-advice">January 03, 2018</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/some-totally-cliche-career-advice">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/our-intuition-says-instead-try">Our Intuition Says… Instead, Try…</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/our-intuition-says-instead-try">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/our-intuition-says-instead-try">December 23, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/our-intuition-says-instead-try">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/flow-decoupling-cadences-and-fixed-length-sprints">Flow, Decoupling Cadences, and Fixed-Length Sprints</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/flow-decoupling-cadences-and-fixed-length-sprints">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/flow-decoupling-cadences-and-fixed-length-sprints">December 21, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/flow-decoupling-cadences-and-fixed-length-sprints">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/trying-something">“Trying Something”</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/trying-something">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/trying-something">December 19, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/trying-something">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scrum-is-the-best-thing-in-the-whole-wide-world">Scrum is the Best Thing in the Whole Wide World</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scrum-is-the-best-thing-in-the-whole-wide-world">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scrum-is-the-best-thing-in-the-whole-wide-world">December 19, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scrum-is-the-best-thing-in-the-whole-wide-world">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/100-wikipedia-articles-on-software-product-development-and-related-disciplines">100 Wikipedia Articles on Software Product Development (and Related Disciplines)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/100-wikipedia-articles-on-software-product-development-and-related-disciplines">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/100-wikipedia-articles-on-software-product-development-and-related-disciplines">December 17, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/100-wikipedia-articles-on-software-product-development-and-related-disciplines">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agiles-three-leaps-of-faith">Agile’s Three Leaps of Faith</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agiles-three-leaps-of-faith">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agiles-three-leaps-of-faith">December 16, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agiles-three-leaps-of-faith">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/fixed-length-sprints">Fixed-Length Sprints</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/fixed-length-sprints">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/fixed-length-sprints">December 12, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/fixed-length-sprints">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/stop-playing-tetris-with-teams-sprints-projects-and-individuals">Stop Playing Tetris (With Teams, Sprints, Projects, and Individuals)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/stop-playing-tetris-with-teams-sprints-projects-and-individuals">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/stop-playing-tetris-with-teams-sprints-projects-and-individuals">December 10, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/stop-playing-tetris-with-teams-sprints-projects-and-individuals">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/10-ways-the-c-suite-can-support-agility">10 Ways the C-Suite Can Support Agility</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/10-ways-the-c-suite-can-support-agility">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/10-ways-the-c-suite-can-support-agility">December 08, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/10-ways-the-c-suite-can-support-agility">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/unlearning-and-relearning-agile">Unlearning and Relearning Agile</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/unlearning-and-relearning-agile">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/unlearning-and-relearning-agile">December 07, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/unlearning-and-relearning-agile">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/18-things-your-okrs-shouldnt-do">18 Things Your OKRs Shouldn’t Do…</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/18-things-your-okrs-shouldnt-do">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/18-things-your-okrs-shouldnt-do">December 06, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/18-things-your-okrs-shouldnt-do">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/responding-to-a-failed-sprint">Responding to a “Failed” Sprint</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/responding-to-a-failed-sprint">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/responding-to-a-failed-sprint">December 05, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/responding-to-a-failed-sprint">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-way-of-ways">The Way of Ways</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-way-of-ways">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-way-of-ways">December 04, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-way-of-ways">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/work-smaller-even-if-it-makes-no-sense">Work Smaller (Even If It Makes No Sense)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/work-smaller-even-if-it-makes-no-sense">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/work-smaller-even-if-it-makes-no-sense">December 04, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/work-smaller-even-if-it-makes-no-sense">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/sensor-responder-or-in-between">Sensor? Responder? Or In Between?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/sensor-responder-or-in-between">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/sensor-responder-or-in-between">December 03, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/sensor-responder-or-in-between">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scrum-prerequisites-from-the-scrum-guide">Scrum Prerequisites (From the Scrum Guide)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scrum-prerequisites-from-the-scrum-guide">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scrum-prerequisites-from-the-scrum-guide">December 02, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scrum-prerequisites-from-the-scrum-guide">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/stop-obsessing-over-the-teams">Stop Obsessing Over “The Teams”</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/stop-obsessing-over-the-teams">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/stop-obsessing-over-the-teams">November 29, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/stop-obsessing-over-the-teams">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/product-nerding-with-annie-dunham">Product Nerding with Annie Dunham</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/product-nerding-with-annie-dunham">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/product-nerding-with-annie-dunham">November 28, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/product-nerding-with-annie-dunham">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/25-hints-youre-working-on-a-high-performing-team">25 Hints You’re Working on a High Performing Team</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/25-hints-youre-working-on-a-high-performing-team">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/25-hints-youre-working-on-a-high-performing-team">November 26, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/25-hints-youre-working-on-a-high-performing-team">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/respect-expertise-and-work-together-dont-institutionalize-handoffs">Respect Expertise and Work Together — Don’t Institutionalize Handoffs</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/respect-expertise-and-work-together-dont-institutionalize-handoffs">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/respect-expertise-and-work-together-dont-institutionalize-handoffs">November 26, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/respect-expertise-and-work-together-dont-institutionalize-handoffs">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/kanban-boards-are-a-design-challenge">Kanban Boards are a Design Challenge</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/kanban-boards-are-a-design-challenge">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/kanban-boards-are-a-design-challenge">November 25, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/kanban-boards-are-a-design-challenge">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beat-the-feature-factory-video">Beat the Feature Factory (Video)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beat-the-feature-factory-video">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beat-the-feature-factory-video">November 23, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beat-the-feature-factory-video">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/experiment-together-improve-together-win-together">Experiment Together. Improve Together. Win Together</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/experiment-together-improve-together-win-together">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/experiment-together-improve-together-win-together">November 23, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/experiment-together-improve-together-win-together">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/for-meaningful-change-look-beyond-front-line-teams">For Meaningful Change…Look Beyond Front-Line Teams</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/for-meaningful-change-look-beyond-front-line-teams">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/for-meaningful-change-look-beyond-front-line-teams">November 23, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/for-meaningful-change-look-beyond-front-line-teams">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/interview-jared-spool-on-center-centre-real-projects-and-the-future-of-ux-education">Interview: Jared Spool on Center Centre, Real Projects, and the Future of UX Education</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/interview-jared-spool-on-center-centre-real-projects-and-the-future-of-ux-education">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/interview-jared-spool-on-center-centre-real-projects-and-the-future-of-ux-education">November 22, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/interview-jared-spool-on-center-centre-real-projects-and-the-future-of-ux-education">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-modern-agile-is-worth-checking-out">Why Modern Agile is Worth Checking Out</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-modern-agile-is-worth-checking-out">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-modern-agile-is-worth-checking-out">November 21, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-modern-agile-is-worth-checking-out">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/an-apple-a-day">An Apple a Day</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/an-apple-a-day">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/an-apple-a-day">November 19, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/an-apple-a-day">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/maker-angst-job-flippers-and-do-gooders">Maker Angst — Job Flippers and Do Gooders</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/maker-angst-job-flippers-and-do-gooders">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/maker-angst-job-flippers-and-do-gooders">November 18, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/maker-angst-job-flippers-and-do-gooders">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ask-alexa-to-better-understand-your-users">Ask Alexa (To Better Understand Your Users)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ask-alexa-to-better-understand-your-users">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ask-alexa-to-better-understand-your-users">November 17, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ask-alexa-to-better-understand-your-users">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/backlog-roadmap-hygiene-tips">Backlog/Roadmap Hygiene Tips</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/backlog-roadmap-hygiene-tips">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/backlog-roadmap-hygiene-tips">November 17, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/backlog-roadmap-hygiene-tips">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-trouble-with-scrum">The Trouble With Scrum</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-trouble-with-scrum">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-trouble-with-scrum">November 16, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-trouble-with-scrum">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/30-thoughts-on-change-org-health-and-change-agency">30 Thoughts On Change, Org Health, and Change Agency</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/30-thoughts-on-change-org-health-and-change-agency">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/30-thoughts-on-change-org-health-and-change-agency">November 14, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/30-thoughts-on-change-org-health-and-change-agency">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/let-teams-figure-it-out">Let Teams Figure It Out</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/let-teams-figure-it-out">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/let-teams-figure-it-out">November 11, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/let-teams-figure-it-out">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-product-system">The Product “System”</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-product-system">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-product-system">November 09, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-product-system">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-battle-for-change">The Battle For Change</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-battle-for-change">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-battle-for-change">November 02, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-battle-for-change">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/question-given-this-scenario-what-does-the-product-manager-do">Question: Given This Scenario, What Does The Product Manager Do?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/question-given-this-scenario-what-does-the-product-manager-do">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/question-given-this-scenario-what-does-the-product-manager-do">October 30, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/question-given-this-scenario-what-does-the-product-manager-do">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-one-week-product-management-challenge">The One Week Product Management Challenge</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-one-week-product-management-challenge">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-one-week-product-management-challenge">October 30, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-one-week-product-management-challenge">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ways">Ways</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ways">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ways">October 29, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ways">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/faster-faster-faster">Faster. Faster. Faster.</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/faster-faster-faster">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/faster-faster-faster">October 27, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/faster-faster-faster">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-work-is-never-done">The Work Is Never Done</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-work-is-never-done">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-work-is-never-done">October 21, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-work-is-never-done">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-backlog-aka-wishing-well">The Backlog (aka Wishing Well)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-backlog-aka-wishing-well">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-backlog-aka-wishing-well">October 20, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-backlog-aka-wishing-well">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/now-that-would-be-bad">Now That Would Be Bad…</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/now-that-would-be-bad">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/now-that-would-be-bad">October 19, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/now-that-would-be-bad">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-psychological-safety-dance">The (Psychological) Safety Dance</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-psychological-safety-dance">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-psychological-safety-dance">October 18, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-psychological-safety-dance">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-isnt-agile-working">Why Isn’t Agile Working?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-isnt-agile-working">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-isnt-agile-working">October 05, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-isnt-agile-working">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scaling-without-imploding">Scaling Without Imploding</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scaling-without-imploding">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scaling-without-imploding">October 03, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scaling-without-imploding">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beyond-features-and-projects-it-arena-2017-lviv-ukraine">Beyond Features and Projects (IT Arena 2017— Lviv, Ukraine)</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beyond-features-and-projects-it-arena-2017-lviv-ukraine">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beyond-features-and-projects-it-arena-2017-lviv-ukraine">September 30, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beyond-features-and-projects-it-arena-2017-lviv-ukraine">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-day-sprints">One Day Sprints</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-day-sprints">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-day-sprints">September 25, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-day-sprints">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/play-it-again-sam">Play It Again Sam!</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/play-it-again-sam">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/play-it-again-sam">September 25, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/play-it-again-sam">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/forcing-functions-and-continuous-improvement">Forcing Functions and Continuous Improvement</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/forcing-functions-and-continuous-improvement">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/forcing-functions-and-continuous-improvement">September 24, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/forcing-functions-and-continuous-improvement">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/kanban-cantban-and-risky-visualizations">Kanban, Can’tban, and Risky Visualizations</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/kanban-cantban-and-risky-visualizations">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/kanban-cantban-and-risky-visualizations">September 22, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/kanban-cantban-and-risky-visualizations">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/competition-fitness-change-and-front-line-angst">Competition, Fitness, Change, and Front-Line Angst</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/competition-fitness-change-and-front-line-angst">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/competition-fitness-change-and-front-line-angst">September 21, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/competition-fitness-change-and-front-line-angst">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/less-mature-teams">“Less Mature” Teams</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/less-mature-teams">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/less-mature-teams">September 20, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/less-mature-teams">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-is-the-loneliest-number">One Is the Loneliest Number…</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-is-the-loneliest-number">(</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-is-the-loneliest-number">September 19, 2017</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-is-the-loneliest-number">)</a><br> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-product-manager-four-teams">One Product Manager, Four Teams?</a> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-product-manager-four-teams">( …</a> https://www.whatsupup.com/blog/rubicundity/envenomation/20220520-154057/ Fri, 20 May 2022 15:40:57 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220520-154057/ <p><a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/create-a-visual-tracker-to-become-motivated">Create a visual tracker to become motivated</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-boost-your-attention-span">How to boost your attention span: 6 tips and tricks</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-not-to-get-overwhelmed-by-tasks">How not to get overwhelmed by tasks</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-increase-your-attention-span-5-key-strategies">How to increase your attention span: 5 key strategies</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/learn-to-tolerate-discomfort-or-suffer-escaping-from-it">Learn to tolerate discomfort or suffer escaping from it</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/find-go-to-activities-that-arent-scrolling-or-watching">Find go-to activities that aren't scrolling or watching</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-danger-of-expecting-work-to-be-easy-and-fun">The danger of expecting work to be easy and fun</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/it-doesnt-matter-how-many-hours-you-work">It doesn’t matter how many hours you work</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-new-meaning-of-hard-work">The new meaning of hard work</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-protect-your-intentions-from-getting-hijacked">How to protect your intentions from getting hijacked</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/let-your-discontent-crystallize">Let your discontent crystallize</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/stop-postponing-things-by-embracing-the-mess">Stop postponing things by embracing the mess</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog">1</a><br> https://www.whatsupup.com/blog/kyat/underwrite/20220520-153850/ Fri, 20 May 2022 15:38:50 +0000 https://www.whatsupup.com/blog/kyat/underwrite/20220520-153850/ A few books and papers take a completely different tack and argue that buspirone just does the same thing SSRIs do – desensitize the presynaptic autoreceptors until the cells ignore them – and then has its antianxiety action through stimulating postsynaptic receptors. But if it’s doing the same thing as SSRIs, how come it has the opposite effect on sex drive? And how come there are some studies suggesting that it’s helpful to add buspirone onto SSRIs? Why isn’t that just doubling up on the same thing?<br> <a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/page/2/">←</a> <a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/page/2/">Older posts</a><br> https://www.whatsupup.com/blog/tularemic/yahweh/20220520-153724/ Fri, 20 May 2022 15:37:24 +0000 https://www.whatsupup.com/blog/tularemic/yahweh/20220520-153724/ <p><a rel="noreferrer" target="_blank" href="https://eev.ee/blog/2018/09/06/cheezball-rising-resounding-failure/">failure</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://eev.ee/blog/2018/09/06/cheezball-rising-resounding-failure/">success?</a> .<br> https://www.whatsupup.com/blog/traveling/splay/20220520-153406/ Fri, 20 May 2022 15:34:06 +0000 https://www.whatsupup.com/blog/traveling/splay/20220520-153406/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/12/science/black-hole-photo.html">Out There</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/12/science/black-hole-photo.html">The Milky Way’s Black Hole Comes to Light</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/12/science/black-hole-photo.html">The Event Horizon Telescope has once again caught sight of the “unseeable.”</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/12/science/black-hole-photo.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/12/science/black-hole-photo.html">Dennis Overbye</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/07/science/space/astronomy-black-hole-sound.html">Hear the Weird Sounds of a Black Hole Singing</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/07/science/space/astronomy-black-hole-sound.html">As part of an effort to “sonify” the cosmos, researchers have converted the pressure waves from a black hole into an audible … something.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/24/science/scheinert-kwan-film-multiverse.html">Tripping Through the Universes</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/24/science/scheinert-kwan-film-multiverse.html">A new cosmic kung fu film explores the meaning of existence in alternate realities.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/07/science/astronomers-distant-galaxy.html">Astronomers Find What Might Be the Most Distant Galaxy Yet</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/07/science/astronomers-distant-galaxy.html">Is the object a galaxy of primordial stars or a black hole knocking on the door of time? The Webb space telescope may help answer that question.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/12/science/physics-cern-russia.html">Russian Scientists Face Isolation Following Invasion of Ukraine</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/12/science/physics-cern-russia.html">International collaborations are unraveling as researchers, including many in Russia, speak out against the invasion of Ukraine.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/11/science/webb-telescope-selfie-pictures.html">James Webb Telescope Sends Home a Selfie and 18 Images of Starlight</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/11/science/webb-telescope-selfie-pictures.html">The spacecraft recorded a series of images of a target star that will be used to help its mirrors prepare for scientific research.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/31/science/milky-way.html">An Electrifying View of the Heart of the Milky Way</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/31/science/milky-way.html">A new radio-wave image of the center of our galaxy reveals all the forms of frenzy that a hundred million or so stars can get up to.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/27/science/james-webb-space-telescope.html">The James Webb Space Telescope and a Quest Every Human Shares</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/27/science/james-webb-space-telescope.html">Building, launching and deploying the giant observatory required the best of what our species has to offer the cosmos.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/20/science/milky-way-local-bubble-stars.html">A New Map of the Sun’s Local Bubble</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/20/science/milky-way-local-bubble-stars.html">At the edge of a vast region devoid of gas and dust, scientists find an explanation for “how all nearby star formation began.”</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/08/science/james-webb-telescope-nasa-deployment.html">A Giant Telescope Grows in Space</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/08/science/james-webb-telescope-nasa-deployment.html">Everything is going great for the James Webb Space Telescope. So far.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/08/science/james-webb-telescope-nasa-deployment.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/08/science/james-webb-telescope-nasa-deployment.html">Dennis Overbye</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/08/science/james-webb-telescope-nasa-deployment.html">and</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/08/science/james-webb-telescope-nasa-deployment.html">Joey Roulette</a><br> <a rel="noreferrer" target="_blank" href="https://twitter.com/overbye">overbye</a> <a rel="noreferrer" target="_blank" href="https://twitter.com/overbye">twitter</a> <a rel="noreferrer" target="_blank" href="https://twitter.com/overbye">page for</a> <a rel="noreferrer" target="_blank" href="https://twitter.com/overbye">overbye</a><br> https://www.whatsupup.com/blog/boxed/modification/20220520-153216/ Fri, 20 May 2022 15:32:16 +0000 https://www.whatsupup.com/blog/boxed/modification/20220520-153216/ <p><a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">std::swap</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">two-step?”</a> (2020-07-11) and <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2022/04/14/another-reason-for-the-poison-pill/">“PSA: ADL requires that unqualified lookup has found a function”</a> (2022-04-14), as my mental model continues to evolve. (Mainly due to pressure from Jody Hagins. :))<br> As seen on the <a rel="noreferrer" target="_blank" href="https://cppalliance.org/slack/">cpplang Slack</a> (hat tip to Jody Hagins). Recall my post <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">“What is the</a><br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">two-step?”</a> (2020-07-11), where I said:<br> ; see <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2019/05/10/function-ref-vs-string-view/">“On</a><br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2019/05/10/function-ref-vs-string-view/">function_ref</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2019/05/10/function-ref-vs-string-view/">and</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2019/05/10/function-ref-vs-string-view/">string_view</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2019/05/10/function-ref-vs-string-view/">”</a> (2019-05-10). The simplest example is<br> https://www.whatsupup.com/blog/ideo/fleury/20220520-153215/ Fri, 20 May 2022 15:32:15 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220520-153215/ “Within days, the company edited the numerous blog posts and white papers on its website that previously stated the company did not use one-to-many to reflect the truth,” the letter alleges. “According to media reports, the company’s decision to correct its prior misleading statements came after mounting internal pressure from its employees.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/senators-urge-ftc-to-probe-id-me-over-selfie-data/#more-59891">Continue reading</a> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/senators-urge-ftc-to-probe-id-me-over-selfie-data/#more-59891">→</a><br> “Actually, it’s not carrying any virus as you can trust us, if you have our reader on hand, please just ignore it and continue the installation steps,” the message continued. “When driver installed, this message will vanish out of sight. Don’t worry.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/when-your-smart-id-card-reader-comes-with-malware/#more-59840">Continue reading</a> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/when-your-smart-id-card-reader-comes-with-malware/#more-59840">→</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/dea-investigating-breach-of-law-enforcement-data-portal/#more-59758">Continue reading</a> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/dea-investigating-breach-of-law-enforcement-data-portal/#more-59758">→</a><br> “CVE-2021-36942 was so bad it made CISA’s <a rel="noreferrer" target="_blank" href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">catalog of Known Exploited Vulnerabilities</a> ,” Wiseman said. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/microsoft-patch-tuesday-may-2022-edition/#more-59789">Continue reading</a> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/microsoft-patch-tuesday-may-2022-edition/#more-59789">→</a><br> “I worry about people who can’t afford an extra device, or can’t easily replace a broken or stolen device,” Bellovin said. “I worry about forgotten password recovery for cloud accounts.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/your-phone-may-soon-replace-many-of-your-passwords/#more-59727">Continue reading</a> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/your-phone-may-soon-replace-many-of-your-passwords/#more-59727">→</a><br> According to Russian media site Lenta.ru, since March 21 nearly <a rel="noreferrer" target="_blank" href="https://lenta.ru/news/2022/04/04/vaccc/">95,000 vacancies in IT have remained unfilled in Russia</a> . Lenta says the number unfilled job slots actually shrank 25 percent from the previous month, officially because “many Russian companies are currently reviewing their plans and budgets, and some projects have been postponed.” The story fails to even mention the recent economic sanctions that are currently affecting many Russian companies thanks to Russia’s invasion of Ukraine in late February. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/russia-to-rent-tech-savvy-prisoners-to-corporate-it/#more-59685">Continue reading</a> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/russia-to-rent-tech-savvy-prisoners-to-corporate-it/#more-59685">→</a><br> BriansClub has long abused my name and likeness to pimp its wares on the hacking forums. Its homepage includes a copy of my credit report, Social Security card, phone bill, and a fake but otherwise official looking government ID card. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/you-can-now-ask-google-to-remove-your-phone-number-email-or-address-from-search-results/#more-59639">Continue reading</a> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/you-can-now-ask-google-to-remove-your-phone-number-email-or-address-from-search-results/#more-59639">→</a><br> Fake EDRs have become such a reliable method in the cybercrime underground for obtaining information about account holders that several cybercriminals have started offering services that will submit these fraudulent EDRs on behalf of paying clients to a number of top social media and technology firms. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/fighting-fake-edrs-with-credit-ratings-for-police/#more-59232">Continue reading</a> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/fighting-fake-edrs-with-credit-ratings-for-police/#more-59232">→</a><br> On March 19, 2022, the logs and accompanying screenshots show LAPSUS$ had <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/04/hasatlas1.png">gained access to</a> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/04/hasatlas1.png">Atlas</a> , a powerful internal T-Mobile tool for managing customer accounts.<br> Perhaps to mollify his furious teammates, White changed the subject and told them he’d gained access to T-Mobile’s Slack and Bitbucket accounts. He said he’d figured out how to upload files to the virtual machine he had access to at T-Mobile. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/#more-59472">Continue reading</a> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/#more-59472">→</a><br> “Hospitals reported revenue losses due to Ryuk infections of nearly $100 million from data I obtained through interviews with hospital staff, public statements, and media articles,” Weiss wrote. “The Ryuk attacks also caused an estimated $500 million in costs to respond to the attacks – costs that include ransomware payments, digital forensic services, security improvements and upgrading impacted systems plus other expenses.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/contis-ransomware-toll-on-the-healthcare-industry/#more-59446">Continue reading</a> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/contis-ransomware-toll-on-the-healthcare-industry/#more-59446">→</a><br> https://www.whatsupup.com/blog/uprousing/bayed/20220520-153140/ Fri, 20 May 2022 15:31:40 +0000 https://www.whatsupup.com/blog/uprousing/bayed/20220520-153140/ <p><a rel="noreferrer" target="_blank" href="https://www.patreon.com/ciechanowski">Patreon</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://twitter.com/bciechanowski">Twitter</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.instagram.com/bartoszciechanowski/">Instagram</a><br> <hr> <a rel="noreferrer" target="_blank" href="mailto:bartosz@ciechanow.ski">e-mail</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://ciechanow.ski/atom.xml">rss</a><br> <hr> Let’s look at the entirety of what we’ve built so far one last time. I’m now running the mechanism at its normal speed:<br> https://www.whatsupup.com/blog/effete/washstand/20220520-152837/ Fri, 20 May 2022 15:28:37 +0000 https://www.whatsupup.com/blog/effete/washstand/20220520-152837/ <p><a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-i-accidentally-built-a-podcast-api-business-46/">How I accidentally built a Podcast API business</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-i-accidentally-built-a-podcast-api-business-46/">Dec. 20, 2021</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-i-accidentally-built-a-podcast-api-business-46/">· In this article, I’ll share with you the journey of building this API business, the technology behind it, and hopefully you can learn one thing or two and build your own API business in the future.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-i-accidentally-built-a-podcast-api-business-46/">Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-evaluate-a-3rd-party-restful-api-47/">How to evaluate a 3rd party RESTful API?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-evaluate-a-3rd-party-restful-api-47/">Nov. 26, 2021</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-evaluate-a-3rd-party-restful-api-47/">· 1, To build or to buy? 2, Can this API provide features you need? 3, Is this API both stable and scalable? 4, How easily can you talk to a real human employee of the API vendor?</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-podcasts-are-my-new-wikipedia-the-perfect-41/">Why Podcasts Are My New Wikipedia —the  Perfect Informal Learning Resource</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-podcasts-are-my-new-wikipedia-the-perfect-41/">Sept. 9, 2021</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-podcasts-are-my-new-wikipedia-the-perfect-41/">· In this article, I explain why podcasts replaced a lot of my Wikipedia usage for informal learning. I also talk about how I listen to five-plus hours of podcasts every day!</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/what-is-listen-notes-why-does-listen-notes-need-45/">What is Listen Notes? Why does Listen Notes need to make money?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/what-is-listen-notes-why-does-listen-notes-need-45/">Oct. 2, 2020</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/what-is-listen-notes-why-does-listen-notes-need-45/">· Essentially, Listen Notes is an independent podcast database that has three UIs (User Interface) to access the data.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/numbers-of-tech-companies-when-they-were-small-42/">Numbers of tech companies when they were small</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/numbers-of-tech-companies-when-they-were-small-42/">May 8, 2020</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/numbers-of-tech-companies-when-they-were-small-42/">· This is a blog post that I wish it existed when I started my startup journey. I like collecting numbers (e.g., website traffic, domain name price, revenue…) of tech companies when they were small.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-notes-for-chrome-28/">Dec. 1, 2019</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-notes-for-chrome-28/">· We just launched a Chrome extension! You can search podcasts / episodes right from your Chrome browser without opening ListenNotes.com.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/introducing-llamacorn-33/">Introducing Llamacorn!!!</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/introducing-llamacorn-33/">Sept. 21, 2019</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/introducing-llamacorn-33/">· I went to Peru last month and saw Llama… After I came back, I decided to make Llama the mascot of Listen Notes.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/some-api-improvements-34/">Some API improvements</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/some-api-improvements-34/">May 20, 2019</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/some-api-improvements-34/">· Better documentation. Better performance. Bigger thumbnail images.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-submit-a-new-podcast-to-listen-notes-38/">How to submit a new podcast to Listen Notes database</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-submit-a-new-podcast-to-listen-notes-38/">April 9, 2019</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-submit-a-new-podcast-to-listen-notes-38/">· If you are a podcaster or you are a podcast hosting service, you may want to submit new podcasts to Listen Notes database.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-api-v2-simple-pricing-same-endpoints-39/">Listen API v2: simple pricing & same endpoints</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-api-v2-simple-pricing-same-endpoints-39/">March 27, 2019</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-api-v2-simple-pricing-same-endpoints-39/">· We just launched a new(-ish) version of Listen API. We call it “Listen API v2”.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/good-enough-engineering-to-start-an-internet-27/">Good enough engineering to start an Internet company</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/good-enough-engineering-to-start-an-internet-27/">March 11, 2019</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/good-enough-engineering-to-start-an-internet-27/">· I gave a guest lecture in an undergraduate software engineering class (CSCE431) at Texas A&M University a few days ago. Now I’ve turned this lecture into a blog post here, and hopefully some people on the Internet will find this useful.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-explorer-get-similar-podcasts-40/">Listen Explorer: Get similar podcasts</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-explorer-get-similar-podcasts-40/">Jan. 22, 2019</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-explorer-get-similar-podcasts-40/">· The idea is simple: You pick a few podcasts, and you’ll get recommendations for similar podcasts.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-real-time-like-google-analytics-real-time-37/">Listen Real-Time: Like Google Analytics Real-Time, but for podcast episodes</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-real-time-like-google-analytics-real-time-37/">Dec. 30, 2018</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-real-time-like-google-analytics-real-time-37/">· Everyone’s saying “podcast discovery is broken”. Okay, here’s another way to discover podcasts — Check out what other people are listening to right now.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/just-listentm-a-simple-podcast-app-for-the-99-36/">Just Listen™: A simple podcast app for the 99%</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/just-listentm-a-simple-podcast-app-for-the-99-36/">Dec. 20, 2018</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/just-listentm-a-simple-podcast-app-for-the-99-36/">· A very simple & very opinionated podcast app from Listen Notes: Just Listen™!!</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-import-opml-to-a-podcast-app-on-ios-android-35/">How to import OPML to a podcast app on iOS / Android?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-import-opml-to-a-podcast-app-on-ios-android-35/">Sept. 14, 2018</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-import-opml-to-a-podcast-app-on-ios-android-35/">· An OPML file allows you to transfer your podcast subscriptions between podcast apps without manually subscribing to each podcast.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-a-standalone-podcast-search-engine-website-32/">Why a standalone podcast search engine website?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-a-standalone-podcast-search-engine-website-32/">June 29, 2018</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-a-standalone-podcast-search-engine-website-32/">· Why Listen Notes is a podcast search engine website? Not an app? Not a podcast player?</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-listen-notes-doesnt-allow-users-to-review-31/">Why Listen Notes doesn’t allow users to review podcasts?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-listen-notes-doesnt-allow-users-to-review-31/">May 14, 2018</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-listen-notes-doesnt-allow-users-to-review-31/">· There are ideas that sound wonderful, on paper. Allowing users to review podcasts is such an idea.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/postmortem-on-apr-22-2018-outage-30/">Postmortem on Apr 22, 2018 outage</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/postmortem-on-apr-22-2018-outage-30/">April 26, 2018</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/postmortem-on-apr-22-2018-outage-30/">· On Apr 22, 2018, Listen Notes website was down for ~4 hours and I lost 10 hours production data. This is the biggest outage since I launched Listen Notes as a side project last year.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/the-boring-technology-behind-a-one-person-23/">The boring technology behind a one-person Internet company</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/the-boring-technology-behind-a-one-person-23/">Jan. 24, 2018</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/the-boring-technology-behind-a-one-person-23/">· The tech stack of Listen Notes, the best podcast search engine and database.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/my-y-combinator-interview-experience-w18-22/">My Y Combinator interview experience (W18)</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/my-y-combinator-interview-experience-w18-22/">Jan. 12, 2018</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/my-y-combinator-interview-experience-w18-22/">· I want to be transparent on the process of building Listen Notes, as a product and as a company. If eventually I declare failure of this startup thing, these written documents may still benefit people who come from Google search :)</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-later-tm-is-like-instapaper-or-pocket-but-29/">Listen Later ™ is like Instapaper or Pocket, but for podcasts!</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-later-tm-is-like-instapaper-or-pocket-but-29/">Dec. 19, 2017</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-later-tm-is-like-instapaper-or-pocket-but-29/">· I just built a simple feature, called Listen Later. You can tell what it is from the name :) Yes, it’s like “Watch Later” on YouTube or “Read Later” on Pocket.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-do-people-use-listen-notes-26/">How do people use Listen Notes?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-do-people-use-listen-notes-26/">Nov. 12, 2017</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-do-people-use-listen-notes-26/">· I’ve got a bunch of emails from Listen Notes users. Now I have a better understanding what people use Listen Notes for.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/migrating-listen-notes-servers-to-aws-25/">Migrating Listen Notes servers to AWS</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/migrating-listen-notes-servers-to-aws-25/">Oct. 28, 2017</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/migrating-listen-notes-servers-to-aws-25/">· Well, Listen Notes was a side project of mine. I run all my side projects on Digital Ocean, because it’s cheap & convenient to set up. I decided to migrate the whole backend infrastructure to AWS.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/podcast-in-2017-is-just-like-web-in-1997-24/">Podcast in 2017 is just like Web in 1997</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/podcast-in-2017-is-just-like-web-in-1997-24/">Oct. 9, 2017</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/podcast-in-2017-is-just-like-web-in-1997-24/">· Podcast in 2017 & web in 1997 are similar in three aspects: number of users, ad spendings, and contents.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-use-listen-notes-from-chrome-address-bar-21/">How to use Listen Notes from Chrome address bar?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-use-listen-notes-from-chrome-address-bar-21/">Oct. 3, 2017</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-use-listen-notes-from-chrome-address-bar-21/">· Click “Add” in the “Other search engines” section. Fill these three things.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-notes-20-laying-the-foundation-of-future-20/">Listen Notes 2.0: laying the foundation of future fast iteration</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-notes-20-laying-the-foundation-of-future-20/">Sept. 27, 2017</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-notes-20-laying-the-foundation-of-future-20/">· Last week was the first time that I got a chance to work on my projects full-time. It was a very productive week. So, here comes Listen Notes 2.0.</a><br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/whats-next-for-listen-notes-19/">What’s next for Listen Notes?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/whats-next-for-listen-notes-19/">Sept. 20, 2017</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/whats-next-for-listen-notes-19/">· The very first official Listen Notes blog post! We used to have a mini-roadmap :)</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220520-152822/ Fri, 20 May 2022 15:28:22 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220520-152822/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/20/business/elon-musk-twitter-takeover.html">Even Among Corporate Raiders, Elon Musk Is a Pirate</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/20/business/elon-musk-twitter-takeover.html">The world of deal making has always been rough and tumble. But Mr. Musk blows any predecessors away.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/20/business/elon-musk-twitter-takeover.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/20/business/elon-musk-twitter-takeover.html">Lauren Hirsch</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/19/technology/whatsapp-meta-commercial-services.html">WhatsApp introduces commercial services as Meta, its parent, seeks fresh revenue.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/19/technology/whatsapp-meta-commercial-services.html">For a fee, the app will allow businesses to build a custom dashboard so they can chat with customers and offer customer services more easily.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/19/technology/whatsapp-meta-commercial-services.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/19/technology/whatsapp-meta-commercial-services.html">Mike Isaac</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/17/business/elon-musk-twitter.html">Elon Musk says Twitter deal ‘cannot move forward’ without more information.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/17/business/elon-musk-twitter.html">Mr. Musk called on Twitter to provide more data about the number of spam and fake accounts on the social media site.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/17/business/elon-musk-twitter.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/17/business/elon-musk-twitter.html">Lauren Hirsch, Kate Conger</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/17/business/elon-musk-twitter.html">and</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/17/business/elon-musk-twitter.html">Adam Satariano</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/16/technology/elon-musk-twitter-price.html">Elon Musk says a lower price for Twitter is ‘not out of the question.’</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/16/technology/elon-musk-twitter-price.html">Mr. Musk has been creating confusion around whether the Twitter deal will close, causing the social media company’s share price to fall.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/12/technology/twitter-elon-musk.html">Twitter fires two executives and freezes most hiring after Musk’s deal to buy the company.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/12/technology/twitter-elon-musk.html">An internal memo shared with employees said the platform’s general manager and general manager for revenue would be departing.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/10/technology/elon-musk-donald-trump-twitter-ban.html">Elon Musk says he would ‘reverse the permanent ban’ of Donald Trump on Twitter.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/10/technology/elon-musk-donald-trump-twitter-ban.html">Mr. Musk has said he wants Twitter to be a forum for debate, and he called the barring of Mr. Trump “morally wrong.” The former president has said he would not rejoin the platform.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/06/technology/elon-musk-twitter-pitch-deck.html">Inside Elon Musk’s Big Plans for Twitter</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/06/technology/elon-musk-twitter-pitch-deck.html">Here’s what Mr. Musk is projecting for Twitter’s finances over the next few years, according to a pitch deck he presented to investors.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/06/technology/elon-musk-twitter-pitch-deck.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/06/technology/elon-musk-twitter-pitch-deck.html">Mike Isaac, Lauren Hirsch</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/06/technology/elon-musk-twitter-pitch-deck.html">and</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/06/technology/elon-musk-twitter-pitch-deck.html">Anupreeta Das</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/05/business/elon-musk-twitter-investors.html">Elon Musk has brought in new investors to fund his Twitter deal, a filing shows.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/05/business/elon-musk-twitter-investors.html">The filing lists a number of investment firms and other backers who will contribute $7 billion to the deal.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/05/business/elon-musk-twitter-investors.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/05/business/elon-musk-twitter-investors.html">Lauren Hirsch, Anupreeta Das, Erin Griffith</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/05/business/elon-musk-twitter-investors.html">and</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/05/business/elon-musk-twitter-investors.html">Mike Isaac</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/30/technology/twitter-board-elon-musk.html">How Twitter’s Board Went From Fighting Elon Musk to Accepting Him</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/30/technology/twitter-board-elon-musk.html">It’s highly unusual to move from a “poison pill” to a $44 billion deal in under two weeks. But Twitter’s board ran out of options.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/30/technology/twitter-board-elon-musk.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/30/technology/twitter-board-elon-musk.html">Lauren Hirsch</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/30/technology/twitter-board-elon-musk.html">and</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/30/technology/twitter-board-elon-musk.html">Mike Isaac</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/28/technology/twitter-first-quarter-earnings-elon-musk.html">Twitter reports growth in revenue and users as Elon Musk prepares to take over.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/28/technology/twitter-first-quarter-earnings-elon-musk.html">The social media company reported a 16 percent jump in daily active users from a year ago.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/28/technology/twitter-first-quarter-earnings-elon-musk.html">By</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/28/technology/twitter-first-quarter-earnings-elon-musk.html">Mike Isaac</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/28/technology/twitter-first-quarter-earnings-elon-musk.html">and</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/28/technology/twitter-first-quarter-earnings-elon-musk.html">Adam Satariano</a><br> <a rel="noreferrer" target="_blank" href="https://twitter.com/MikeIsaac">MikeIsaac</a> <a rel="noreferrer" target="_blank" href="https://twitter.com/MikeIsaac">twitter</a> <a rel="noreferrer" target="_blank" href="https://twitter.com/MikeIsaac">page for</a> <a rel="noreferrer" target="_blank" href="https://twitter.com/MikeIsaac">MikeIsaac</a><br> <a rel="noreferrer" target="_blank" href="https://www.facebook.com/mikejisaac">mikejisaac</a> <a rel="noreferrer" target="_blank" href="https://www.facebook.com/mikejisaac">facebook</a> <a rel="noreferrer" target="_blank" href="https://www.facebook.com/mikejisaac">page for</a> <a rel="noreferrer" target="_blank" href="https://www.facebook.com/mikejisaac">mikejisaac</a><br> https://www.whatsupup.com/blog/relational/steak/20220520-040154/ Fri, 20 May 2022 04:01:54 +0000 https://www.whatsupup.com/blog/relational/steak/20220520-040154/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/twitters-frankenstein-moment">Twitter’s Frankenstein Moment</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/twitters-frankenstein-moment">Twitter finally proved its cultural influence was more valuable than the market thought. But perhaps not as planned.</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220519-172908/ Thu, 19 May 2022 17:29:08 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220519-172908/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/19/technology/whatsapp-commercial-services-revenue.html">WhatsApp introduces commercial services as Meta, its parent, seeks fresh revenue. For a fee, the app will allow businesses to build a custom dashboard so they can chat with customers and offer customer services more easily. By Mike Isaac</a><br> https://www.whatsupup.com/blog/popularization/compilable/20220519-042016/ Thu, 19 May 2022 04:20:15 +0000 https://www.whatsupup.com/blog/popularization/compilable/20220519-042016/ <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Readability_TOCHI22.pdf">Towards Individuated Reading Experiences: Different Fonts Increase Reading Speed for Different Individuals</a> Shaun Wallace, Zoya Bylinskii, Jonathan Dobres, Bernard Kerr, Sam Berlow, Rick Treitman, Nirmal Kumawat, Kathleen Arpin, Dave B. Miller, Jeff Huang, Ben D. Sawyer TOCHI (Transactions on Computer-Human Interaction), 29(4), 2022<br> https://www.whatsupup.com/blog/ideo/fleury/20220519-005943/ Thu, 19 May 2022 00:59:42 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220519-005943/ Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service , which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me.<br> In a letter to FTC Chair Lina Khan , the Senators charge that ID.me’s CEO Blake Hall has offered conflicting statements about how his company uses the facial scan data it collects on behalf of the federal government and many states that use the ID proofing technology to screen applicants for unemployment insurance.<br> The lawmakers say that in public statements and blog posts, ID.me has frequently emphasized the difference between two types of facial recognition: One-to-one, and one-to-many. In the one-to-one approach, a live video selfie is compared to the image on a driver’s license, for example. One-to-many facial recognition involves comparing a face against a database of other faces to find any potential matches.<br> Americans have particular reason to be concerned about the difference between these two types of facial recognition, says the letter to the FTC, signed by Sens. Cory Booker (D-N.J.), Edward Markey (D-Mass.), Alex Padilla (D-Calif.), and Ron Wyden (D-Ore.):<br> “While one-to-one recognition involves a one-time comparison of two images in order to confirm an applicant’s identity, the use of one-to-many recognition means that millions of innocent people will have their photographs endlessly queried as part of a digital ‘line up.’ Not only does this violate individuals’ privacy, but the inevitable false matches associated with one-to-many recognition can result in applicants being wrongly denied desperately-needed services for weeks or even months as they try to get their case reviewed.”<br> “This risk is especially acute for people of color: NIST’s Facial Recognition Vendor Test found that many facial recognition algorithms have rates of false matches that are as much as 100 times higher for individuals from countries in West Africa, East Africa and East Asia than for individuals from Eastern European countries. This means Black and Asian Americans could be disproportionately likely to be denied benefits due to a false match in a one-to-many facial recognition system.”<br> The lawmakers say that throughout the latter half of 2021, ID.me published statements and blog posts stating it did not use one-to-many facial recognition and that the approach was “problematic” and “tied to surveillance operations.” But several days after <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/irs-will-soon-require-selfies-for-online-access/">a Jan. 16, 2022 post here about the IRS’s new facial ID requirement</a> went viral and prompted a public backlash, Hall <a rel="noreferrer" target="_blank" href="https://www.linkedin.com/feed/update/urn:li:activity:6892131524746326016/">acknowledged in a LinkedIn posting</a> that ID.me does use one-to-many facial recognition.<br> “Within days, the company edited the numerous blog posts and white papers on its website that previously stated the company did not use one-to-many to reflect the truth,” the letter alleges. “According to media reports, the company’s decision to correct its prior misleading statements came after mounting internal pressure from its employees.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/senators-urge-ftc-to-probe-id-me-over-selfie-data/#more-59891">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/senators-urge-ftc-to-probe-id-me-over-selfie-data/">Senators Urge FTC to Probe ID.me Over Selfie Data</a><br> https://www.whatsupup.com/blog/rat/realty/20220519-001755/ Thu, 19 May 2022 00:17:54 +0000 https://www.whatsupup.com/blog/rat/realty/20220519-001755/ Update : Someone on Twitter (Thomas Duboucher, perhaps? Sorry, I lost the tweet!) pointed out that the 1- and 3-step ordering give the same results in many cases. Having thought about it, that's correct! As long as you don't use maps, arrays, or tagged values as map keys, I believe they coincide. For something like CTAP2, where map keys are always ints or strings, they work out the same. So perhaps things aren't so bad. (Or perhaps a really subtle difference is worse! Time will tell.)<br> https://www.whatsupup.com/blog/steeplejack/garrote/20220518-204946/ Wed, 18 May 2022 20:49:45 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20220518-204946/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/05/podcast-episode-ai-hammer-search-nail">Podcast Episode - An AI Hammer in Search of a Nail</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20220518-204539/ Wed, 18 May 2022 20:45:39 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220518-204539/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/05/podcast-episode-ai-hammer-search-nail">Podcast Episode - An AI Hammer in Search of a Nail</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220518-164916/ Wed, 18 May 2022 16:49:16 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220518-164916/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/17/business/elon-musk-twitter.html">Elon Musk says Twitter deal ‘cannot move forward’ without more information. Mr. Musk called on Twitter to provide more data about the number of spam and fake accounts on the social media site. By Lauren Hirsch, Kate Conger and Adam Satariano</a><br> https://www.whatsupup.com/blog/popularization/compilable/20220518-164741/ Wed, 18 May 2022 16:47:41 +0000 https://www.whatsupup.com/blog/popularization/compilable/20220518-164741/ <a rel="noreferrer" target="_blank" href="https://sites.google.com/brown.edu/brandonwoodard/">Brandon Woodard</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20220518-162214/ Wed, 18 May 2022 16:22:14 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220518-162214/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/05/privileged-pod-escalations-in.html">Privileged pod escalations in Kubernetes and GKE</a><br></p> <hr> Posted by GKE and Anthos Platform Security Teams<br> At the KubeCon EU 2022 conference in Valencia, security researchers from Palo Alto Networks presented research findings on “trampoline pods”—pods with an elevated set of privileges required to do their job, but that could conceivably be used as a jumping off point to gain escalated privileges. The research mentions GKE, including how developers should look at the privileged pod problem today, what the GKE team is doing to minimize the use of privileged pods, and actions GKE users can take to protect their clusters.<br> Privileged pods within the context of GKE security While privileged pods can pose a security issue, it’s important to look at them within the overall context of GKE security. To use a privileged pod as a “trampoline” in GKE, there is a major prerequisite – the attacker has to first execute a successful application compromise and container breakout attack. Because the use of privileged pods in an attack requires a first step such as a container breakout to be effective, let’s look at two areas:<br> features of GKE you can use to reduce the likelihood of a container breakout<br> steps the GKE team is taking to minimize the use of privileged pods and the privileges needed in them.<br> Reducing container breakouts There are a number of features in GKE along with some best practices that you can use to reduce the likelihood of a container breakout:<br> Use <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/concepts/sandbox-pods">GKE Sandbox</a> to strengthen the container security boundary. Over the last few months, GKE Sandbox has protected containers running it against several newly discovered <a rel="noreferrer" target="_blank" href="https://cloud.google.com/anthos/clusters/docs/security-bulletins">Linux kernel breakout CVEs</a> .<br> Adopt <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview">GKE Autopilot</a> for new clusters. Autopilot clusters have default policies that prevent host access through mechanisms like host path volumes and host network. The container runtime default seccomp profile is also <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview#security-limitations">enabled by default on Autopilot</a> which has prevented <a rel="noreferrer" target="_blank" href="https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-006">several</a> <a rel="noreferrer" target="_blank" href="https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002">breakouts</a> .<br> Subscribe to <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels">GKE Release Channels</a> and use autoupgrade to keep nodes patched automatically against kernel vulnerabilities.<br> Run <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/concepts/node-images#cos">Google’s Container Optimized OS</a> , the minimal and <a rel="noreferrer" target="_blank" href="https://cloud.google.com/container-optimized-os/docs/concepts/security">hardened</a> container optimized OS that makes much of the disk read-only.<br> Incorporate <a rel="noreferrer" target="_blank" href="https://cloud.google.com/binary-authorization">binary authorization</a> into your SDLC to require that containers admitted into the cluster are from trusted build systems and up-to-date on patching.<br> Use <a rel="noreferrer" target="_blank" href="https://cloud.google.com/security-command-center/docs/concepts-container-threat-detection-overview">Secure Command Center’s Container Threat Detection</a> or supported third-party tools to detect the most common runtime attacks.<br> More information can be found in the <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster">GKE Hardening Guide</a> .<br> How GKE is reducing the use of privileged pods. While it’s not uncommon for customers to install privileged pods into their clusters, GKE works to minimize the privilege levels held by our system components, especially those that are enabled by default. However, there are limits as to how many privileges can be removed from certain features. For example, Anthos Config Management requires permissions to modify most Kubernetes objects to be able to create and manage those objects. Some other privileges are baked into the system, such as those held by Kubelet. Previously, we worked with the Kubernetes community to build the <a rel="noreferrer" target="_blank" href="https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction">Node Restriction</a> and <a rel="noreferrer" target="_blank" href="https://kubernetes.io/docs/reference/access-authn-authz/node/">Node Authorizer</a> features to limit Kubelet's access to highly sensitive objects, such as secrets, adding protection against an attacker with access to the Kubelet credentials. More recently, we have taken steps to reduce the number of privileged pods across GKE and have added additional documentation on privileges used in system pods as well as information on how to improve pod isolation. Below are the steps we’ve taken:<br> We have added <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_self_modify">an admission controller to GKE Autopilot and GKE Standard (on by default) and GKE/Anthos (opt-in)</a> that stops attempts to run as a more privileged service account, which blocks a method of escalating privileges using privileged pods.<br> We created a permission scanning tool that identifies pods that have privileges that could be used for escalation, and we used that tool to perform an audit across GKE and Anthos.<br> The permission scanning tool is now integrated into our standard code review and testing processes to reduce the risk of introducing privileged pods into the system. As mentioned earlier, some features require privileges to perform their function.<br> We are using the audit results to reduce permissions available to pods. For example, we removed “update nodes and pods” permissions from anetd in GKE.<br> Where privileged pods are required for the operation of a feature, we’ve added additional documentation to illustrate that fact.<br> We added <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/how-to/isolate-workloads-dedicated-nodes">documentation</a> that outlines how to isolate GKE-managed workloads in dedicated node pools when you’re unable to use GKE Sandbox to reduce the risk of privilege escalation attacks.<br> In addition to the measures above, we recommend users take advantage of tools that can scan RBAC settings to detect overprivileged pods used in their applications. As part of their presentation, the Palo Alto researchers announced an open source tool, called <a rel="noreferrer" target="_blank" href="https://github.com/PaloAltoNetworks/rbac-police">rbac-police</a> , that can be used for the task. So, while it only takes a single overprivileged workload to trampoline to the cluster, there are a number of actions you can take to minimize the likelihood of the prerequisite container breakout and the number of privileges used by a pod.<br> https://www.whatsupup.com/blog/ideo/fleury/20220518-160033/ Wed, 18 May 2022 16:00:33 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220518-160033/ Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example.<br> A sample Common Access Card (CAC). Image: Cac.mil.<br> KrebsOnSecurity recently heard from a reader — we’ll call him “Mark” because he wasn’t authorized to speak to the press — who works in IT for a major government defense contractor and was issued a Personal Identity Verification (PIV) government smart card designed for civilian employees. Not having a smart card reader at home and lacking any obvious guidance from his co-workers on how to get one, Mark opted to purchase a $15 reader from Amazon that said it was made to handle U.S. government smart cards.<br> The USB-based device Mark settled on is the first result that currently comes up one when searches on Amazon.com for “PIV card reader.” The card reader Mark bought was sold by a company called Saicoo , whose sponsored Amazon listing advertises a “DOD Military USB Common Access Card (CAC) Reader” and has more than 11,700 mostly positive ratings.<br> The <a rel="noreferrer" target="_blank" href="https://www.cac.mil/common-access-card/">Common Access Card</a> (CAC) is the standard identification for active duty uniformed service personnel, selected reserve, DoD civilian employees, and eligible contractor personnel. It is the principal card used to enable physical access to buildings and controlled spaces, and provides access to DoD computer networks and systems.<br> Mark said when he received the reader and plugged it into his Windows 10 PC, the operating system complained that the device’s hardware drivers weren’t functioning properly. Windows suggested consulting the vendor’s website for newer drivers.<br> The Saicoo smart card reader that Mark purchased. Image: Amazon.com<br> So Mark went to the website mentioned on Saicoo’s packaging and found a ZIP file containing drivers for Linux, Mac OS and Windows:<br> Image: Saicoo<br> Out of an abundance of caution, Mark submitted Saicoo’s drivers file to <a rel="noreferrer" target="_blank" href="https://www.virustotal.com">Virustotal.com</a> , which simultaneously scans any shared files with more than five dozen antivirus and security products. Virustotal reported that some 43 different security tools detected the Saicoo drivers as malicious. The consensus seems to be that the ZIP file currently harbors a malware threat known as <a rel="noreferrer" target="_blank" href="https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.ramnit.a">Ramnit</a> , a fairly common but dangerous trojan horse that spreads by appending itself to other files.<br> Image: Virustotal.com<br> Ramnit is a well-known and older threat — first surfacing more than a decade ago — but it has evolved over the years and is <a rel="noreferrer" target="_blank" href="https://www.cybereason.com/blog/research/banking-trojan-delivered-by-lolbins-ramnit-trojan">still employed in more sophisticated data exfiltration attacks</a> . Amazon said in a written statement that it was investigating the reports.<br> “Seems like a potentially significant national security risk, considering that many end users might have elevated clearance levels who are using PIV cards for secure access,” Mark said.<br> Mark said he contacted Saicoo about their website serving up malware, and received a response saying the company’s newest hardware did not require any additional drivers. He said Saicoo did not address his concern that the driver package on its website was bundled with malware.<br> In response to KrebsOnSecurity’s request for comment, Saicoo sent a somewhat less reassuring reply.<br> “From the details you offered, issue may probably caused by your computer security defense system as it seems not recognized our rarely used driver & detected it as malicious or a virus,” Saicoo’s support team wrote in an email.<br> “Actually, it’s not carrying any virus as you can trust us, if you have our reader on hand, please just ignore it and continue the installation steps,” the message continued. “When driver installed, this message will vanish out of sight. Don’t worry.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/when-your-smart-id-card-reader-comes-with-malware/#more-59840">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/when-your-smart-id-card-reader-comes-with-malware/">When Your Smart ID Card Reader Comes With Malware</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20220517-162219/ Tue, 17 May 2022 16:22:19 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20220517-162219/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/">World</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/europe/no-lights-no-heat-no-money-thats-life-ukraine-during-cyber-warfare-2022-01-14/">No lights, no heat, no money - that's life in Ukraine during cyber warfare , article with image</a> January 14, 2022<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/">World</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/exclusive-us-lawmakers-call-sanctions-against-israels-nso-other-spyware-firms-2021-12-15/">U.S. lawmakers call for sanctions against Israel's NSO, other spyware firms , article with gallery</a> December 15, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/disrupted/">Disrupted</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-us-state-department-phones-hacked-with-israeli-company-spyware-sources-2021-12-03/">U.S. State Department phones hacked with Israeli company spyware - sources , article with gallery</a> December 4, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/legal/">Legal</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/legal/government/us-authorities-disclose-ransomware-attacks-against-water-facilities-2021-10-14/">U.S. authorities disclose ransomware attacks against water facilities , article with image</a> October 14, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/">World</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/hackers-solarwinds-breach-stole-data-us-sanctions-policy-intelligence-probes-2021-10-07/">Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes , article with image</a> October 8, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/disrupted/">Disrupted</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/cyber-arms-dealer-exploits-new-apple-iphone-software-vulnerability-affects-most-2021-09-13/">Cyber arms dealer exploits new iPhone software vulnerability, affecting most versions, say researchers , article with video</a> September 14, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/disrupted/">Disrupted</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/">EXCLUSIVE Microsoft warns thousands of cloud customers of exposed databases , article with video</a> August 27, 2021<br> https://www.whatsupup.com/blog/playacted/rededication/20220517-121426/ Tue, 17 May 2022 12:14:25 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220517-121426/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/17/business/elon-musk-twitter.html">Elon Musk says Twitter deal ‘cannot move forward’ without more information. Mr. Musk called on Twitter to provide more data about the number of spam and fake accounts on the social media site. By Lauren Hirsch and Adam Satariano</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220517-003637/ Tue, 17 May 2022 00:36:36 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220517-003637/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/16/technology/elon-musk-twitter-price.html">Elon Musk says a lower price for Twitter is ‘not out of the question.’ Mr. Musk has been creating confusion around whether the Twitter deal will close, causing the social media company’s share price to fall. By Lauren Hirsch</a><br> https://www.whatsupup.com/blog/alamode/heartsore/20220516-161111/ Mon, 16 May 2022 16:11:10 +0000 https://www.whatsupup.com/blog/alamode/heartsore/20220516-161111/ <p><a rel="noreferrer" target="_blank" href="https://signal.org/blog/signal-your-support/">Signal Your Support</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/aruna100">aruna100</a> on 16 May 2022<br> People around the world count on Signal for things as simple as sharing moments of celebration like a graduation or as high stakes as coordinating a protest. We’ve got your back no matter what! As we’ve seen in recent times from moments of civil unrest to demonstrations for democracy, people turn to Signal for private and even lifesaving communications.<br> Day in and day out, the team at Signal is working to keep your chats, voice, and video calls safe and private. It’s our mission. It’s also the reason why, unlike most other tech companies, we are structured as a nonprofit. ​We aren’t driven by profit and don’t make our money from your data or from advertising revenue. As a nonprofit, our whole focus is building safe, secure communication tools for you.<br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220515-081552/ Sun, 15 May 2022 08:15:52 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220515-081552/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/05/14/Golang-Generics">Golang Diaries: Generics</a> · My coding time this year has been invested in <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/05/12/Quamina">Quamina</a> , an event-filtering library implemented in Go. Just in the last couple of weeks I spotted an opportunity to bring Go’s shiny new generics to bear, and not just anywhere, but for a central data structure. I got good results, but the process was sort of painful; I kept trying things that looked like they ought to work but didn’t. I’m sharing this tour through that experience because I’m a reasonably competent programmer with mainstream tastes and if I hit these bumps in the road others probably will too <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/05/14/Golang-Generics">…</a><br> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/05/06/Long-Links">Long Links</a> · Once again, a selection of long-form pieces for those who (unlike me) have jobs and won’t have time for all of, but might benefit from ingesting one or two. This month we have lots of musical offerings, along with politics, advice on how to walk, and 5G <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/05/06/Long-Links">…</a> [2 comments]<br> https://www.whatsupup.com/blog/buckeroo/doubling/20220515-022402/ Sun, 15 May 2022 02:24:02 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220515-022402/ May 14, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/05/14/generating-ioctls.html">A Hare code generator for finding ioctl numbers</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220514-080612/ Sat, 14 May 2022 08:06:12 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220514-080612/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2012/12/06/species-definition-clarification-and-exercises/">Species definition clarification and exercises</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220514-021522/ Sat, 14 May 2022 02:15:22 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220514-021522/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/guide-to-vue-components/">This guide aims to share everything you need to know about Vue components, and includes in-depth examples of class components, dynamic components, single file components, functional components, and table components.</a><br> https://www.whatsupup.com/blog/boxed/modification/20220514-021408/ Sat, 14 May 2022 02:14:08 +0000 https://www.whatsupup.com/blog/boxed/modification/20220514-021408/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#argument-dependent-lookup">argument-dependent-lookup</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#compiler-diagnostics">compiler-diagnostics</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#hidden-friend-idiom">hidden-friend-idiom</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#llvm">llvm</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#templates">templates</a><br> As of this writing, <a rel="noreferrer" target="_blank" href="https://old.reddit.com/r/cpp/comments/uhpa7g/got_a_moment_to_to_share_your_thoughts_on_clangs/">Chris Di Bella is running a survey on /r/cpp</a> asking what are the biggest pain points with Clang’s diagnostics. In the free-form text entry field, I made two observations, which I’m now expanding into a full-fledged blog post. (Don’t worry — I didn’t type all this into that Google Forms survey!)<br> To enable ADL, add a using-declaration<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#argument-dependent-lookup">argument-dependent-lookup</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#c++-style">c++-style</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#customization-points">customization-points</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#library-design">library-design</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#name-lookup">name-lookup</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#paradigm-shift">paradigm-shift</a><br> This is yet another followup to <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">“What is the std::swap two-step?”</a> (2020-07-11) and <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2022/04/14/another-reason-for-the-poison-pill/">“PSA: ADL requires that unqualified lookup has found a function”</a> (2022-04-14), as my mental model continues to evolve. (Mainly due to pressure from Jody Hagins. :))<br> The humble potato<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#food">food</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#litclub">litclub</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#old-shit">old-shit</a><br> From Blackwood’s Magazine , November 1819:<br> https://www.whatsupup.com/blog/gaper/whisky/20220514-021214/ Sat, 14 May 2022 02:12:13 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220514-021214/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/05/improved-process-isolation-in-firefox-100/">Improved Process Isolation in Firefox 100 →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/05/improved-process-isolation-in-firefox-100/">Improved Process Isolation in Firefox 100</a><br> <hr> Firefox uses a multi-process model for additional security and stability while browsing: Web Content (such as HTML/CSS and Javascript) is rendered in separate processes that are isolated from the rest of the operating system and managed by a privileged parent process. This way, the amount of control gained by an attacker that exploits a bug in a content process is limited. In this article, we would like to dive a bit further into the latest major milestone we have reached: Win32k Lockdown, which greatly reduces the capabilities of the content process when running on Windows.<br> https://www.whatsupup.com/blog/augur/cussed/20220514-020722/ Sat, 14 May 2022 02:07:22 +0000 https://www.whatsupup.com/blog/augur/cussed/20220514-020722/ <p><a rel="noreferrer" target="_blank" href="https://discord.com/category/product">Product & Features</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/7th-birthday">Celebrate Discord’s Bir7hday with Party Mode!</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/category/company">Discord HQ</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/discord-idle-nights-merch-line-2022">Idle Nights & Vibrant Lights: Discord’s Newest Merch Line Drops Today</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/7th-birthday">Celebrate Discord’s Bir7hday with Party Mode!</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/discord-idle-nights-merch-line-2022">Idle Nights & Vibrant Lights: Discord’s Newest Merch Line Drops Today</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220514-020255/ Sat, 14 May 2022 02:02:55 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220514-020255/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/05/06/Long-Links">Long Links</a> · Once again, a selection of long-form pieces for those who (unlike me) have jobs and won’t have time for all of, but might benefit from ingesting one or two. This month we have lots of musical offerings, along with politics, advice on how to walk, and 5G <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/05/06/Long-Links">…</a> [1 comment]<br> https://www.whatsupup.com/blog/relational/steak/20220514-015714/ Sat, 14 May 2022 01:57:14 +0000 https://www.whatsupup.com/blog/relational/steak/20220514-015714/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/inside-tiktoks-explosive-growth">Inside TikTok’s Explosive Growth</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/inside-tiktoks-explosive-growth">It’s difficult to overstate how dominant TikTok's become. Even the analysts are puzzled.</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220514-015555/ Sat, 14 May 2022 01:55:55 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220514-015555/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/12/technology/twitter-elon-musk.html">Twitter fires two executives and freezes most hiring after Musk’s deal to buy the company. An internal memo shared with employees said the platform’s general manager and general manager for revenue would be departing. By Mike Isaac</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220514-015331/ Sat, 14 May 2022 01:53:31 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220514-015331/ The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.<br> Unidentified hackers shared this screenshot of alleged access to the Drug Enforcement Administration’s intelligence sharing portal.<br> On May 8, KrebsOnSecurity received a tip that hackers obtained a username and password for an authorized user of esp.usdoj.gov , which is the Law Enforcement Inquiry and Alerts (LEIA) system managed by the DEA.<br> KrebsOnSecurity shared information about the allegedly hijacked account with the DEA, the Federal Bureau of Investigation (FBI), and the Department of Justice , which houses both agencies. The DEA declined to comment on the validity of the claims, issuing only a brief statement in response.<br> “DEA takes cyber security and information of intrusions seriously and investigates all such reports to the fullest extent,” the agency said in a statement shared via email.<br> According to <a rel="noreferrer" target="_blank" href="https://www.justice.gov/open/inventory.php?page=87">this page</a> at the Justice Department website, LEIA “provides federated search capabilities for both EPIC and external database repositories,” including data classified as “law enforcement sensitive” and “mission sensitive” to the DEA.<br> A <a rel="noreferrer" target="_blank" href="https://obamawhitehouse.archives.gov/sites/default/files/ondcp/policy-and-research/southwest_strategy-3.pdf">document published by the Obama administration in May 2016</a> (PDF) says the DEA’s <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/El_Paso_Intelligence_Center">El Paso Intelligence Center</a> (EPIC) systems in Texas are available for use by federal, state, local and tribal law enforcement, as well as the Department of Defense and intelligence community.<br> EPIC and LEIA also have access to the DEA’s National Seizure System (NSS), which the DEA uses to identify property thought to have been purchased with the proceeds of criminal activity (think fancy cars, boats and homes seized from drug kingpins).<br> “The EPIC System Portal (ESP) enables vetted users to remotely and securely share intelligence, access the National Seizure System, conduct data analytics, and obtain information in support of criminal investigations or law enforcement operations,” the 2016 White House document reads. “Law Enforcement Inquiry and Alerts (LEIA) allows for a federated search of 16 Federal law enforcement databases.”<br> The screenshots shared with this author indicate the hackers could use EPIC to look up a variety of records, including those for motor vehicles, boats, firearms, aircraft, and even drones.<br> Claims about the purloined DEA access were shared with this author by “ KT ,” the current administrator of the Doxbin — a highly toxic online community that provides a forum for digging up personal information on people and posting it publicly.<br> As KrebsOnSecurity reported earlier this year, the previous owner of the Doxbin has been <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/">identified as the leader</a> of LAPSUS$ , a data extortion group that hacked into some of the world’s largest tech companies this year — including Microsoft, NVIDIA, Okta, Samsung and T-Mobile.<br> That reporting also showed how the core members of LAPSUS$ were involved in <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/">selling a service offering fraudulent Emergency Data Requests</a> (EDRs), wherein the hackers use compromised police and government email accounts to file warrantless data requests with social media firms, mobile telephony providers and other technology firms, attesting that the information being requested can’t wait for a warrant because it relates to an urgent matter of life and death.<br> From the standpoint of individuals involved in filing these phony EDRs, access to databases and user accounts within the Department of Justice would be a major coup. But the data in EPIC would probably be far more valuable to organized crime rings or drug cartels, said Nicholas Weaver , a researcher for the <a rel="noreferrer" target="_blank" href="https://www.icsi.berkeley.edu/icsi/">International Computer Science Institute</a> at University of California, Berkeley .<br> Weaver said it’s clear from the screenshots shared by the hackers that they could use their access not only to view sensitive information, but also submit false records to law enforcement and intelligence agency databases.<br> “I don’t think these [people] realize what they got, how much money the cartels would pay for access to this,” Weaver said. “Especially because as a cartel you don’t search for yourself you search for your enemies, so that even if it’s discovered there is no loss to you of putting things ONTO the DEA’s radar.”<br> The DEA’s EPIC portal login page.<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/dea-investigating-breach-of-law-enforcement-data-portal/">DEA Investigating Breach of Law Enforcement Data Portal</a><br> https://www.whatsupup.com/blog/traveling/splay/20220512-161309/ Thu, 12 May 2022 16:13:08 +0000 https://www.whatsupup.com/blog/traveling/splay/20220512-161309/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/12/science/black-hole-photo.html">Out There The Milky Way’s Black Hole Comes to Light The Event Horizon Telescope has once again caught sight of the “unseeable.” By Dennis Overbye</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20220512-160331/ Thu, 12 May 2022 16:03:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20220512-160331/ Feedback<br> https://www.whatsupup.com/blog/buckeroo/doubling/20220512-120659/ Thu, 12 May 2022 12:06:59 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220512-120659/ May 12, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/05/12/Supply-chain-when-will-we-learn.html">When will we learn?</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220512-085407/ Thu, 12 May 2022 08:54:07 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220512-085407/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2008/04/30/new-haskell-diagrams-library/">New Haskell diagrams library</a><br> https://www.whatsupup.com/blog/sited/implore/20220512-051433/ Thu, 12 May 2022 05:14:33 +0000 https://www.whatsupup.com/blog/sited/implore/20220512-051433/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/11/technology/ftc-majority-lina-khan.html">New Majority Gives F.T.C. a Chance to Push an Aggressive Agenda The confirmation of a third Democrat creates an opportunity for Lina Khan, the Federal Trade Commission’s chair, to advance efforts to rein in corporate power. By David McCabe and Cecilia Kang</a><br> https://www.whatsupup.com/blog/traveling/splay/20220512-044942/ Thu, 12 May 2022 04:49:42 +0000 https://www.whatsupup.com/blog/traveling/splay/20220512-044942/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/12/science/black-hole-photo.html">Out There Has the Milky Way’s Black Hole Come to Light? The Event Horizon Telescope reaches again for a glimpse of the “unseeable.” By Dennis Overbye</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220512-044820/ Thu, 12 May 2022 04:48:20 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220512-044820/ <p><a rel="noreferrer" target="_blank" href="https://retool.com/blog/git-branching-with-source-control/">Running git init is one of the first steps we take when starting a software development project. Version Control Systems (VCS) like git enable us to maintain history of a codebase, experiment freely</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/best-postgresql-guis-in-2020/">This post walks through the best GUIs available for querying your Postgres data, as well as remotely accessing and navigating database servers.</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20220511-203221/ Wed, 11 May 2022 20:32:21 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220511-203221/ Last month, we also started rolling out <a rel="noreferrer" target="_blank" href="https://blog.google/products/google-play/data-safety/">a new Data safety section</a> in Google Play to help you understand how apps plan to collect, share, and protect your data, before you install it. To instill even more trust in Play apps, we're enabling developers to have their apps independently validated against <a rel="noreferrer" target="_blank" href="https://github.com/OWASP/owasp-masvs">OWASP’s MASVS</a> , a globally recognized standard for mobile app security.<br> Posted by Daniel Margolis, Software Engineer, Google Account Security Team Every year, security technologies improve: <a rel="noreferrer" target="_blank" href="https://www.google.com/chrome/security/">browsers get better</a> , <a rel="noreferrer" target="_blank" href="https://transparencyreport.google.com/https/overview?hl=en">encryption becomes ubiquitous on the Web</a> , authentication becomes stronger. But phishing persistently remains a threat (as shown by <a rel="noreferrer" target="_blank" href="https://www.techrepublic.com/article/phishing-attack-spoofs-us-department-of-labor-to-steal-account-credentials/">a recent phishing attack on the U.S. Department of Labor</a> ) because users retain the ability to log into their online accounts, often with a simple password, from anywhere in the world. It’s why today <a rel="noreferrer" target="_blank" href="https://blog.google/technology/safety-security/io-safer-with-google/">at I/O we announced</a> new ways we’re reducing the risks of phishing by: scaling phishing protections to Google Docs, Sheets and Slides, continuing to auto enroll people in 2-Step Verification and more. This blog will deep dive into the method of phishing and how it has evolved today. As phishing adoption has grown, multi-factor authentication has become a particular focus for attackers. In some cases, attackers phish SMS codes directly, by following a legitimate "one-time passcode" (triggered by the attacker trying to log into the victim's account) with a spoofed message asking the victim to "reply back with the code you just received.”<br> https://www.whatsupup.com/blog/ewing/undiscernibly/20220511-192743/ Wed, 11 May 2022 19:27:43 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220511-192743/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/05/io-2022-android-13-security-and-privacy.html">I/O 2022: Android 13 security and privacy (and more!)</a><br></p> <hr> Posted by Eugene Liderman and Sara N-Marandi, Android Security and Privacy Team<br> Every year at I/O we share the latest on privacy and security features on Android. But we know some users like to go a level deeper in understanding how we’re making the latest release safer, and more private, while continuing to offer a seamless experience. So let’s dig into the tools we’re building to better secure your data, enhance your privacy and increase trust in the apps and experiences on your devices.<br> Low latency, frictionless security<br> Regardless of whether a smartphone is used for consumer or enterprise purposes, attestation is a key underpinning to ensure the integrity of the device and apps running on the device. Fundamentally, key attestation lets a developer bind a secret or designate data to a device. This is a strong assertion: "same user, same device" as long as the key is available, a cryptographic assertion of integrity can be made.<br> With Android 13 we have migrated to a new model for the provisioning of attestation keys to Android devices which is known as Remote Key Provisioning (RKP). This new approach will strengthen device security by eliminating factory provisioning errors and providing key vulnerability recovery by moving to an architecture where Google takes more responsibility in the certificate management lifecycle for these attestation keys. You can learn more about RKP <a rel="noreferrer" target="_blank" href="https://android-developers.googleblog.com/2022/03/upgrading-android-attestation-remote.html">here</a> .<br> We’re also making even more modules updatable directly through <a rel="noreferrer" target="_blank" href="https://support.google.com/product-documentation/answer/11462338">Google Play System Updates</a> so we can automatically upgrade more system components and fix bugs, seamlessly, without you having to worry about it. We now have more than 30 components in Android that can be automatically updated through Google Play, including new modules in Android 13 for Bluetooth and ultra-wideband (UWB).<br> Last year we <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/04/rust-in-android-platform.html">talked about</a> how the majority of vulnerabilities in major operating systems are caused by undefined behavior in programming languages like C/C++. Rust is an alternative language that provides the efficiency and flexibility required in advanced systems programming (OS, networking) but Rust comes with the added boost of memory safety. We are happy to report that Rust is being adopted in security critical parts of Android, such as our key management components and networking stacks.<br> Hardening the platform doesn’t just stop with continual improvements with memory safety and expansion of anti-exploitation techniques. It also includes hardening our API surfaces to provide a more secure experience to our end users.<br> In Android 13 we implemented numerous enhancements to help mitigate potential vulnerabilities that app developers may inadvertently introduce. This includes making <a rel="noreferrer" target="_blank" href="https://developer.android.com/about/versions/13/features#runtime-receivers">runtime receivers safer</a> by allowing developers to specify whether a particular broadcast receiver in their app should be exported and visible to other apps on the device. On top of this, <a rel="noreferrer" target="_blank" href="https://developer.android.com/about/versions/13/behavior-changes-13#intent-filters">intent filters block non-matching intents</a> which further hardens the app and its components.<br> For enterprise customers who need to meet certain security certification requirements, we’ve updated our security logging reporting to add more coverage and consolidate security logs in one location. This is helpful for companies that need to meet standards like Common Criteria and is useful for partners such as management solutions providers who can review all security-related logs in one place.<br> Privacy on your terms<br> Android 13 brings developers more ways to build privacy-centric apps. Apps can now implement a new Photo picker that allows the user to select <a rel="noreferrer" target="_blank" href="https://developer.android.com/about/versions/13/features/photopicker">the exact photos or videos</a> they want to share without having to give another app access to their media library.<br> With Android 13, we’re also reducing the number of apps that require your location to function using the nearby devices permission <a rel="noreferrer" target="_blank" href="https://android-developers.googleblog.com/2021/05/android-security-and-privacy-recap.html">introduced last year</a> . For example, you won’t have to <a rel="noreferrer" target="_blank" href="https://developer.android.com/about/versions/13/features/nearby-wifi-devices-permission">turn on location to enable Wi-fi</a> for certain apps and situations. We’ve also <a rel="noreferrer" target="_blank" href="https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions">changed</a> how storage works, requiring developers to ask for separate permissions to access audio, image and video files.<br> Previously, we’ve limited apps from accessing your clipboard in the background and alerted you when an app accessed it. With Android 13, we’re automatically deleting your clipboard history after a short period so apps are blocked from seeing old copied information.<br> In Android 11, we began <a rel="noreferrer" target="_blank" href="https://developer.android.com/about/versions/11/privacy/permissions#auto-reset">automatically resetting permissions</a> for apps you haven’t used for an extended period of time, and have since <a rel="noreferrer" target="_blank" href="https://android-developers.googleblog.com/2021/09/making-permissions-auto-reset-available.html">expanded the feature</a> to devices running Android 6 and above. Since then, we’ve automatically reset over 5 billion permissions.<br> In Android 13, app makers can go above and beyond in <a rel="noreferrer" target="_blank" href="https://developer.android.com/about/versions/13/features#developer-downgradable-permissions">removing permissions</a> even more proactively on behalf of their users. Developers will be able to provide even more privacy by reducing the time their apps have access to unneeded permissions.<br> Finally, we know notifications are critical for many apps but are not always of equal importance to users. In Android 13, you’ll have more control over which apps you would like to get alerts from, as new apps on your device are <a rel="noreferrer" target="_blank" href="https://developer.android.com/about/versions/13/changes/notification-permission">required to ask you for permission</a> by default before they can send you notifications.<br> Apps you can trust<br> Most app developers build their apps using a variety of software development kits (SDKs) that bundle in pre-packaged functionality. While SDKs provide amazing functionality, app developers typically have little visibility or control over the SDK code or insight into their performance.<br> We’re working with developers to make their apps more secure with a new <a rel="noreferrer" target="_blank" href="https://goo.gle/play-sdk">Google Play SDK Index</a> that helps them see SDK safety and reliability signals before they build the code into their apps. This ensures we're helping everyone build a more secure and private app ecosystem.<br> Last month, we also started rolling out <a rel="noreferrer" target="_blank" href="https://blog.google/products/google-play/data-safety/">a new Data safety section</a> in Google Play to help you understand how apps plan to collect, share, and protect your data, before you install it. To instill even more trust in Play apps, we're enabling developers to have their apps independently validated against <a rel="noreferrer" target="_blank" href="https://owasp.org/www-project-mobile-security-testing-guide/">OWASP’s MASVS</a> , a globally recognized standard for mobile security.<br> We’re working with a small group of developers and authorized lab partners to evolve the <a rel="noreferrer" target="_blank" href="https://appdefensealliance.dev/masa">program</a> . Developers who have completed this independent validation can showcase this on their Data safety section.<br> Additional mobile security and safety<br> Just like our anti-malware protection Google Play, which now scans 125 billion apps a day, we believe spam and phishing detection should be built in. We’re proud to announce that in a recent <a rel="noreferrer" target="_blank" href="https://omdia.tech.informa.com/commissioned-research/articles/omdia-consumer-mobile-security-scorecard">analyst report</a> , Messages was the highest rated built-in messaging app for anti-phishing and scams protection.<br> Messages is now also helping to protect you against 1.5 billion spam messages per month, so you can avoid both annoying texts and attempts to access your data. These phishing attempts are increasingly how bad actors are trying to get your information, by getting you to click on a link or download an app, so we are always looking for ways to offer another line of defense.<br> Last year, we introduced <a rel="noreferrer" target="_blank" href="https://www.android.com/google-features-on-android/summer-2021/#summer-2021-end-to-end-contents">end-to-end encryption in Messages</a> to provide more security for your mobile conversations. Later this year, we’ll launch end-to-end encryption group conversations in beta to ensure your personal messages get even more protection.<br> As with a lot of features we build, we try to do it in an open and transparent way. In Android 11 we announced a new <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2020/10/privacy-preserving-features-in-mobile.html">platform feature</a> that was backed by an <a rel="noreferrer" target="_blank" href="https://www.iso.org/standard/69084.html">ISO standard</a> to enable the use of digital IDs on a smartphone in a privacy-preserving way. When you hand over your plastic license (or other credential) to someone for verification it’s all or nothing which means they have access to your full name, date of birth, address, and other personally identifiable information (PII). The mobile version of this allows for much more fine-grained control where the end user and/or app can select exactly what to share with the verifier. In addition, the verifier must declare whether they intend to retain the data returned. In addition, you can present certain details of your credentials, such as age, without revealing your identity.<br> Over the last two Android releases we have been improving this API and making it easier for third-party organizations to leverage it for various digital identity use cases, such as driver’s licenses, student IDs, or corporate badges. We’re now announcing that Google Wallet uses Android <a rel="noreferrer" target="_blank" href="https://source.android.com/security/features/identity-credentials">Identity Credential</a> to support digital IDs and driver’s licenses. We’re working with states in the US and governments around the world to bring digital IDs to Wallet later this year. You can learn more about all of the new enhancements in Google Wallet <a rel="noreferrer" target="_blank" href="https://blog.google/products/android/ask-a-techspert-google-wallet">here</a> .<br> Protected by Android<br> We don’t think your security and privacy should be hard to understand and control. Later this year, we’ll begin rolling out a new destination in settings on Android 13 devices that puts all your device security and data privacy front and center.<br> The new Security & Privacy settings page will give you a simple, color-coded way to understand your safety status and will offer clear and actionable guidance to improve it. The page will be anchored by new action cards that notify you of critical steps you should take to address any safety risks. In addition to notifications to warn you about issues, we’ll also provide timely recommendations on how to enhance your privacy.<br> We know that to feel safe and in control of your data, you need to have a secure foundation you can count on. Because if your device isn’t secure, it’s not private either. We’re working hard to make sure you’re always protected by Android. Learn more about these protections on our <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/android.com/safety">website</a> .<br> https://www.whatsupup.com/blog/palpable/mulla/20220511-182516/ Wed, 11 May 2022 18:25:16 +0000 https://www.whatsupup.com/blog/palpable/mulla/20220511-182516/ <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2022/05/10/dream-watch.html">A dream I had (2013)</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220511-181420/ Wed, 11 May 2022 18:14:19 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220511-181420/ Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows.<br> By all accounts, the most urgent bug Microsoft addressed this month is <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925">CVE-2022-26925</a> , a weakness in a central component of Windows security (the “ Local Security Authority ” process within Windows). CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild. The flaw affects Windows 7 through 10 and Windows Server 2008 through 2022.<br> Greg Wiseman , product manager for Rapid7 , said Microsoft has rated this vulnerability as important and assigned it a CVSS (danger) score of 8.1 (10 being the worst), although Microsoft notes that the CVSS score can be as high as 9.8 in certain situations.<br> “This allows attackers to perform a man-in-the-middle attack to force domain controllers to authenticate to the attacker using NTLM authentication,” Wiseman said. “This is very bad news when used in conjunction with an NTLM relay attack, potentially leading to remote code execution. This bug affects all supported versions of Windows, but Domain Controllers should be patched on a priority basis before updating other servers.”<br> Wiseman said the most recent time Microsoft patched a similar vulnerability — last August in <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942">CVE-2021-36942</a> — it was also being exploited in the wild under the name “ <a rel="noreferrer" target="_blank" href="https://support.microsoft.com/en-gb/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429">PetitPotam</a> .”<br> “CVE-2021-36942 was so bad it made CISA’s <a rel="noreferrer" target="_blank" href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">catalog of Known Exploited Vulnerabilities</a> ,” Wiseman said. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/microsoft-patch-tuesday-may-2022-edition/#more-59789">Continue reading →</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220511-180719/ Wed, 11 May 2022 18:07:19 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220511-180719/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-01253-6">The $93-billion plan to put astronauts back on the Moon</a><br></p> <hr> The world’s most powerful rocket will make a trip around the Moon in 2022 — a step towards landing people there in 2025, and part of the US Artemis programme.<br> https://www.whatsupup.com/blog/ewing/undiscernibly/20220511-180603/ Wed, 11 May 2022 18:06:03 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220511-180603/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/05/taking-on-next-generation-of-phishing.html">Taking on the Next Generation of Phishing Scams</a><br></p> <hr> Posted by Daniel Margolis, Senior Software Engineer, Google Account Security Team Every year, security technologies improve: <a rel="noreferrer" target="_blank" href="https://www.google.com/chrome/security/">browsers get better</a> , <a rel="noreferrer" target="_blank" href="https://transparencyreport.google.com/https/overview?hl=en">encryption becomes ubiquitous on the Web</a> , authentication becomes stronger. But phishing persistently remains a threat (as shown by <a rel="noreferrer" target="_blank" href="https://www.techrepublic.com/article/phishing-attack-spoofs-us-department-of-labor-to-steal-account-credentials/">a recent phishing attack on the U.S. Department of Labor</a> ) because users retain the ability to log into their online accounts, often with a simple password, from anywhere in the world. It’s why today <a rel="noreferrer" target="_blank" href="https://blog.google/technology/safety-security/io-safer-with-google/">at I/O we announced</a> new ways we’re reducing the risks of phishing by: scaling phishing protections to Google Docs, Sheets and Slides, continuing to auto enroll people in 2-Step Verification and more. This blog will deep dive into the method of phishing and how it has evolved today. As phishing adoption has grown, multi-factor authentication has become a particular focus for attackers. In some cases, attackers phish SMS codes directly, by following a legitimate "one-time passcode" (triggered by the attacker trying to log into the victim's account) with a spoofed message asking the victim to "reply back with the code you just received.”<br> Left: legitimate Google SMS verification. Right: spoofed message asking victim to share verification code.<br> In other cases, attackers have leveraged more sophisticated dynamic phishing pages to conduct relay attacks. In these attacks, a user thinks they're logging into the intended site, just as in a standard phishing attack. But instead of deploying a simple static phishing page that saves the victim's email and password when the victim tries to login, the phisher has deployed a web service that logs into the actual website at the same time the user is falling for the phishing page. The simplest approach is an almost off-the-shelf "reverse proxy" which acts as a "person in the middle", forwarding the victim's inputs to the legitimate page and sending the response from the legitimate page back to the victim's browser.<br> These attacks are especially challenging to prevent because additional authentication challenges shown to the attacker—like a prompt for an SMS code—are also relayed to the victim, and the victim's response is in turn relayed back to the real website. In this way, the attacker can count on their victim to solve any authentication challenge presented. Traditional multi-factor authentication with PIN codes can only do so much against these attacks, and authentication with smartphone approvals via a prompt — while more secure against SIM-swap attacks — is still vulnerable to this sort of real-time interception.<br> The Solution Space Over the past year, we've <a rel="noreferrer" target="_blank" href="https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/">started to automatically enable device-based two-factor authentication</a> for our users. This authentication not only helps protect against traditional password compromise but, with technology improvements, we can also use it to help defend against these more sophisticated forms of phishing. Taking a broad view, most efforts to protect and defend against phishing fall into the following categories:<br> <a rel="noreferrer" target="_blank" href="https://dev.chromium.org/Home/chromium-security/enamel">Browser UI improvements</a> to help users identify authentic websites.<br> <a rel="noreferrer" target="_blank" href="https://support.google.com/accounts/answer/6208650?hl=en">Password managers</a> that can validate the identity of the web page before logging in.<br> Phishing detection, both in <a rel="noreferrer" target="_blank" href="https://safety.google/gmail/">email</a> —the most common delivery channel—and in the <a rel="noreferrer" target="_blank" href="https://safebrowsing.google.com/">browser</a> itself, to warn users about suspicious web pages.<br> Preventing the person-in-the-middle attacks mentioned above by <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html">preventing automated login attempts</a> .<br> Phishing-resistant authentication using <a rel="noreferrer" target="_blank" href="https://fidoalliance.org/how-fido-works/">FIDO</a> with security keys or a Bluetooth connection to your phone.<br> Hardening the Google Prompt challenge to help users identify suspicious sign-in attempts, or to ask them to take additional steps that can defeat phishing (like navigating to a new web address, or to join the same wireless network as the computer they're logging into).<br> Expanding phishing-resistant authentication to more users Over the last decade we’ve been working hard with a number of industry partners on expanding phishing-resistant authentication mechanisms, as part of <a rel="noreferrer" target="_blank" href="https://fidoalliance.org/">FIDO Alliance</a> . Through these efforts we introduced physical FIDO security keys, such as the <a rel="noreferrer" target="_blank" href="https://store.google.com/product/titan_security_key">Titan Security Key</a> , which prevent phishing by verifying the identity of the website you're logging into. (This verification protects against the "person-in-the-middle" phishing described above.) Recently, we <a rel="noreferrer" target="_blank" href="https://blog.google/technology/safety-security/one-step-closer-to-a-passwordless-future/">announced</a> a major milestone with the FIDO Alliance, Apple and Microsoft by expanding our support for the FIDO Sign-in standards, helping to launch us into a truly passwordless, phishing-resistant future. Even though security keys work great, we don't expect everyone to add one to their keyring.<br> Instead, to make this level of security more accessible, we're building it into mobile phones. Unlike physical FIDO security keys that need to be connected to your device via USB, we use Bluetooth to ensure your phone is close to the device you're logging into. Like physical security keys, this helps prevent a distant attacker from tricking you into approving a sign-in on their browser, giving us an added layer of security against the kind of "person in the middle" attacks that can still work against SMS or Google Prompt. ( <a rel="noreferrer" target="_blank" href="https://blog.google/technology/safety-security/security-myth-busting-and-spring-cleaning/">But don't worry</a> : this doesn't allow computers within Bluetooth range to login as you—it only grants that approval to the computer you're logging into. And we only use this to verify that your phone is near the device you're logging into, so you only need to have Bluetooth on during login.) Over the next couple of months we’ll be rolling out this technology in more places, which you might notice as a request for you to enable Bluetooth while logging in, so we can perform this additional security check. If you've signed into your Google account on your Android phone, we can enroll your phone automatically—just like with Google Prompt—allowing us to give this added layer of security to many of our users without the need for any additional setup. But unfortunately this secure login doesn't work everywhere—for example, when logging into a computer that doesn't support Bluetooth, or a browser that doesn't support security keys. That's why, if we are to offer phishing-resistant security to everyone, we have to offer backups when security keys aren't available—and those backups must also be secure enough to prevent attackers from taking advantage of them.<br> Hardening existing challenges against phishin g Over the past few months, we've started experimenting with making our traditional Google Prompt challenges more phishing resistant. We already use different challenge experiences depending on the situation—for example, sometimes we ask the user to match a PIN code with what they're seeing on the screen in addition to clicking "allow" or "deny". This can help prevent static phishing pages from tricking you into approving a challenge. We've also begun experimenting with more involved challenges for higher-risk situations, including more prominent warnings when we see you logging in from a computer that we think might belong to a phisher, or asking you to join your phone to the same Wi-Fi network as the computer you're logging into so we can be sure the two are near each other. Similar to our use of Bluetooth for Security Keys, this prevents an attacker from tricking you into logging into a "person-in-the-middle" phishing page.<br> Bringing it all together<br> Of course, while all of these options dramatically increase account security, we also know that they can be a challenge for some of our users, which is why we're rolling them out gradually, as part of a risk-based approach that also focuses on usability. If we think an account is at a higher risk, or if we see abnormal behavior, we're more likely to use these additional security measures. Over time, as FIDO2 authentication becomes more widely available, we expect to be able to make it the default for many of our users, and to rely on stronger versions of our existing challenges like those described above to provide secure fallbacks. All these new tools in our toolbox—detecting browser automation to prevent "person in the middle" attacks, warning users in Chrome and Gmail, making the Google Prompt more secure, and automatically enabling Android phones as easy-to-use Security Keys—work together to allow us to better protect our users against phishing. Phishing attacks have long been seen as a persistent threat, but these recent developments give us the ability to really move the needle and help more of our users stay safer online.<br> https://www.whatsupup.com/blog/playacted/rededication/20220511-180418/ Wed, 11 May 2022 18:04:17 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220511-180418/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/10/technology/elon-musk-donald-trump-twitter-ban.html">Elon Musk says he would ‘reverse the permanent ban’ of Donald Trump on Twitter. Mr. Musk has said he wants Twitter to be a forum for debate, and he called the barring of Mr. Trump “morally wrong.” The former president has said he would not rejoin the platform. By Mike Isaac</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20220511-175300/ Wed, 11 May 2022 17:53:00 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220511-175300/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/05/podcast-episode-philosopher-king">Podcast Episode - The Philosopher King</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20220510-201743/ Tue, 10 May 2022 20:17:42 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220510-201743/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/05/release-of-technical-report-into-amd.html">Release of Technical Report into the AMD Security Processor</a><br></p> <hr> Posted by James Forshaw, Google Project Zero<br> Today , members of Project Zero and the Google Cloud security team are releasing a <a rel="noreferrer" target="_blank" href="https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/AMD_GPZ-Technical_Report_FINAL_05_2022.pdf">technical report</a> on a security review of AMD Secure Processor (ASP). The ASP is an isolated core in AMD EPYC CPUs that adds a root of trust and controls secure system initialization. As it's a generic processor AMD can add additional security features to the firmware, but like with all complex systems it's possible these features might have security issues which could compromise the security of everything under the ASP's management.<br> The security review undertaken was on the implementation of the ASP on the 3rd Gen AMD EPYC CPUs (codenamed "Milan"). One feature of the ASP of interest to Google is <a rel="noreferrer" target="_blank" href="https://www.amd.com/en/processors/amd-secure-encrypted-virtualization">Secure Encrypted Virtualization (SEV)</a> . SEV adds encryption to the memory used by virtual machines running on the CPU. This feature is of importance to <a rel="noreferrer" target="_blank" href="https://cloud.google.com/confidential-computing">Confidential Computing</a> as it provides protection of customer cloud data in use, not just at rest or when sending data across a network.<br> A particular emphasis of the review was on the Secure Nested Paging (SNP) extension to SEV added to "Milan". SNP aims to further improve the security of confidential computing by adding integrity protection and mitigations for numerous side-channel attacks. The review was undertaken with full cooperation with AMD. The team was granted access to source code for the ASP, and production samples to test hardware attacks.<br> The review discovered 19 issues which have been fixed by AMD in public security bulletins. These issues ranged from incorrect use of cryptography to memory corruption in the context of the ASP firmware. The report describes some of the more interesting issues that were uncovered during the review as well as providing a background on the ASP and the process the team took to find security issues. You can read more about the review on the <a rel="noreferrer" target="_blank" href="https://cloud.google.com/blog/products/identity-security/google-amd-partner-to-build-a-more-secure-future-with-confidential-computing">Google Cloud security blog</a> and the <a rel="noreferrer" target="_blank" href="https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/AMD_GPZ-Technical_Report_FINAL_05_2022.pdf">final report</a> .<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/05/release-of-technical-report-into-amd.html">Release of Technical Report into the AMD Security ...</a> (May)<br> https://www.whatsupup.com/blog/steeplejack/garrote/20220510-200108/ Tue, 10 May 2022 20:01:08 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20220510-200108/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/05/podcast-episode-philosopher-king">Podcast Episode - The Philosopher King</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220510-043403/ Tue, 10 May 2022 04:34:03 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220510-043403/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2008/02/04/gobby-haskell-and-patch-theory/">Gobby, Haskell, and patch theory</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220509-174753/ Mon, 09 May 2022 17:47:53 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220509-174753/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/crud-with-the-mongodb-node-js-sdk/">If you are building an app on top of MongoDB and want some help navigating your selectOnes, understanding projections, figuring out the difference(s) between insertMany and bulkWrite, and deciphering other methods they didn’t teach you in SQL class, this tutorial is for you.</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220509-172641/ Mon, 09 May 2022 17:26:41 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220509-172641/ May 9, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/05/09/hare-ssh.html">Implementing an SSH agent in Hare</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220508-200911/ Sun, 08 May 2022 20:09:11 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220508-200911/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2008/02/13/patch-theory-part-ii-some-basics/">Patch theory, part II: some basics</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220507-201513/ Sat, 07 May 2022 20:15:12 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220507-201513/ Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.<br> Image: Blog.google<br> The tech giants are part of an industry-led effort to replace passwords, which are easily forgotten, frequently stolen by malware and phishing schemes, or leaked and sold online in the wake of corporate data breaches.<br> Apple, Google and Microsoft are some of the more active contributors to a passwordless sign-in standard crafted by the FIDO (“Fast Identity Online”) Alliance and the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/World_Wide_Web_Consortium">World Wide Web Consortium</a> (W3C), groups that have been working with hundreds of tech companies over the past decade to develop a new login standard that works the same way across multiple browsers and operating systems.<br> According to the FIDO Alliance, users will be able to sign in to websites through the same action that they take multiple times each day to unlock their devices — including a device PIN, or a biometric such as a fingerprint or face scan.<br> “This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS,” the alliance wrote on May 5.<br> Sampath Srinivas , director of security authentication at Google and president of the FIDO Alliance, said that under the new system your phone will store a FIDO credential called a “passkey” which is used to unlock your online account.<br> “The passkey makes signing in far more secure, as it’s based on public key cryptography and is only shown to your online account when you unlock your phone,” Srinivas wrote. “To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access. Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer.”<br> As ZDNet <a rel="noreferrer" target="_blank" href="https://www.zdnet.com/article/google-apple-microsoft-make-a-new-commitment-for-a-passwordless-future/">notes</a> , Apple, Google and Microsoft already support these passwordless standards (e.g. “Sign in with Google”), but users need to sign in at every website to use the passwordless functionality. Under this new system, users will be able to automatically access their passkey on many of their devices — without having to re-enroll every account — and use their mobile device to sign into an app or website on a nearby device.<br> Johannes Ullrich , dean of research for the <a rel="noreferrer" target="_blank" href="https://www.sans.org">SANS Technology Institute</a> , called the announcement “by far the most promising effort to solve the authentication challenge.”<br> “The most important part of this standard is that it will not require users to buy a new device, but instead they may use devices they already own and know how to use as authenticators,” Ullrich said.<br> Steve Bellovin , a computer science professor at Columbia University and an early internet <a rel="noreferrer" target="_blank" href="https://www.cs.columbia.edu/~smb/">researcher and pioneer</a> , called the passwordless effort a “huge advance” in authentication, but said it will take a very long time for many websites to catch up.<br> Bellovin and others say one potentially tricky scenario in this new passwordless authentication scheme is what happens when someone loses their mobile device, or their phone breaks and they can’t recall their iCloud password.<br> “I worry about people who can’t afford an extra device, or can’t easily replace a broken or stolen device,” Bellovin said. “I worry about forgotten password recovery for cloud accounts.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/your-phone-may-soon-replace-many-of-your-passwords/#more-59727">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/your-phone-may-soon-replace-many-of-your-passwords/">Your Phone May Soon Replace Many of Your Passwords</a><br> https://www.whatsupup.com/blog/uprousing/bayed/20220507-160922/ Sat, 07 May 2022 16:09:21 +0000 https://www.whatsupup.com/blog/uprousing/bayed/20220507-160922/ Notice that a jewel has a small basin in it. To even further reduce energy losses of the rotating components, a small amount of special oil is placed in that cavity. That oil sticks to the jewel and a shaft that rotates inside it to further decrease the friction, which lets the watch run longer on a single wind, while also reducing wear on the delicate mechanical parts.<br> As long as the arbor is held, the mainspring can power the rest of the watch – you can see the rotation of the second hand attached to the fourth wheel on the other side of the watch. However, as we let the arbor go the mainspring finds an easy way to release its tension by just turning the arbor back – the spring quickly losses all its stored energy and the watch stops.<br> https://www.whatsupup.com/blog/traveling/splay/20220507-122019/ Sat, 07 May 2022 12:20:19 +0000 https://www.whatsupup.com/blog/traveling/splay/20220507-122019/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/07/science/space/astronomy-black-hole-sound.html">Out There Hear the Weird Sounds of a Black Hole Singing As part of an effort to “sonify” the cosmos, researchers have converted the pressure waves from a black hole into an audible … something. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/canton/ricketier/20220507-080246/ Sat, 07 May 2022 08:02:46 +0000 https://www.whatsupup.com/blog/canton/ricketier/20220507-080246/ <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=IWT6Y0YDJUo">Finding Tony Abbott's Passport Number and entering the Do Not Get Arrested Challenge 2020</a><br></p> <hr> Feature-length film (50 minutes) in which I go through my Twitter DMs live on stage. Includes a very special segment from Channel 7's Sunrise.<br> https://www.whatsupup.com/blog/playacted/rededication/20220507-001556/ Sat, 07 May 2022 00:15:55 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220507-001556/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/06/technology/elon-musk-twitter-pitch-deck.html">Inside Elon Musk’s Big Plans for Twitter Here’s what Mr. Musk is projecting for Twitter’s finances over the next few years, according to a pitch deck he presented to investors. By Mike Isaac, Lauren Hirsch and Anupreeta Das</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220506-163215/ Fri, 06 May 2022 16:32:15 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220506-163215/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2012/12/11/diagrams-0-6/">Diagrams 0.6</a><br> https://www.whatsupup.com/blog/niece/anatomized/20220506-162725/ Fri, 06 May 2022 16:27:24 +0000 https://www.whatsupup.com/blog/niece/anatomized/20220506-162725/ <p>Writing about technology and society.<br> <a rel="noreferrer" target="_blank" href="https://dkb.io/post/brave-search-interview">Interview with Brave Search</a><br></p> <hr> # search # interview<br> <a rel="noreferrer" target="_blank" href="https://dkb.io/post/brave-search-interview">Most search engines are not independent search engines, and while they may provide some value, they are qualitatively different from what Brave Search is doing. Independence is not something directly actionable, but it’s a fundamental property.</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220506-042805/ Fri, 06 May 2022 04:28:05 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220506-042805/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/05/business/elon-musk-twitter-investors.html">Elon Musk has brought in new investors to fund his Twitter deal, a filing shows. The filing lists a number of investment firms and other backers who will contribute $7 billion to the deal. By Lauren Hirsch, Anupreeta Das, Erin Griffith and Mike Isaac</a><br> https://www.whatsupup.com/blog/relational/steak/20220506-042438/ Fri, 06 May 2022 04:24:37 +0000 https://www.whatsupup.com/blog/relational/steak/20220506-042438/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-tech-stocks-are-crashing-and">Why Tech Stocks Are Crashing and Burning</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-tech-stocks-are-crashing-and">The market seeks profits, not promises, as a hope-fueled bull market sputters.</a><br> 3 hr ago<br> https://www.whatsupup.com/blog/uprousing/bayed/20220506-041726/ Fri, 06 May 2022 04:17:25 +0000 https://www.whatsupup.com/blog/uprousing/bayed/20220506-041726/ Once the pallet fork unlocks the escape wheel , that wheel has to start spinning very quickly. This is why gears in the gear train have holes in them – it reduces their moment of inertia so that the barrel can accelerate them more quickly.<br> The teal components can freely slide on the hairspring , but they reduce or increase its effective length as they prevent the tail section of the hairspring from oscillating freely. By adjusting position of these teal components we can modify the duration of a single beat and make the watch run slightly faster or slower. That speed regulation can also be fine-tuned using the screw in the top part – its head is not centered, so when turned it will gently rotate the little teal fork .<br> Personally, I think this entire mechanism known as the keyless works is a real mechanical marvel. The intricate interactions are so well balanced and each part serves many different roles. Older pocket watches were wound by a separate key, with the crown being used only to set the time, but modern watches get away with not having a winding key, which explains the keyless name. With just a few carefully shaped pieces and a single crown, we can control various settings of the watch. Before we move on, let’s secure the remaining pieces with the minute train bridge :<br> https://www.whatsupup.com/blog/gonadal/revving/20220506-041248/ Fri, 06 May 2022 04:12:48 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220506-041248/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2019/02/24/whats-the-right-way-to-quickcheck-floating-point-routines/">What’s the right way to QuickCheck floating-point routines?</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220506-000507/ Fri, 06 May 2022 00:05:07 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220506-000507/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/05/05/business/elon-musk-twitter-investors.html">Elon Musk has brought in new investors to fund his Twitter deal, a filing shows. The filing lists a number of investment firms and others backers who will contribute $7 billion to the deal. By Lauren Hirsch, Anupreeta Das, Erin Griffith and Mike Isaac</a><br> https://www.whatsupup.com/blog/uprousing/bayed/20220505-042853/ Thu, 05 May 2022 04:28:52 +0000 https://www.whatsupup.com/blog/uprousing/bayed/20220505-042853/ An important aspect of two matching gears is their number of teeth. Each tooth in one gear meets with a space between teeth in the other gear, so within a unit of time both gears rotate by the same number of teeth. If the number of teeth in two gears is different, those gears can take a different amount of time to complete a single rotation. In the demonstration below, you can change the ratio of the number of teeth between the driving red gear and the driven yellow gear to see how it affects the speed of rotation of that yellow gear :<br> We’ll start with the mainplate , which forms the main body of the movement:<br> This mechanism protects the fragile tips of the balance shaft from breaking when the watch experiences a sudden jerk. Let’s see how these pieces act together when the balance shaft is jolted around:<br> Personally, I think this entire mechanism known as the keyless works is a real mechanical marvel. The intricate interactions are so well balanced and each part serves many different roles. Older pocket watches were wound by a separate key, with the crown being used only to set the time, but modern watches get away without having a winding key, which explains the keyless name. With just a few carefully shaped pieces and a single crown, we can control various settings of the watch. Before we move on, let’s secure the remaining pieces with the minute train bridge :<br> Notice that I’m highlighting a pair of yellow and blue gears only when they’re actively transferring power directly from the weight gear to the output gear . Only one such pair is active at a time – the other either spins idly, or acts as an intermediate to change the direction of rotation to make sure the output gear always winds the spring.<br> <a rel="noreferrer" target="_blank" href="https://www.amazon.com/Watchmaking-George-Daniels/dp/0856677043">Watchmaking</a> by George Daniels is a book dedicated to the process of actually making watches from scratch. While few will endeavor this journey, the publication also explains many of the considerations required when designing a watch movement and its parts. Many of the book’s pages are accompanied by pretty technical illustrations that help to explain the concepts.<br> https://www.whatsupup.com/blog/uprousing/bayed/20220504-160940/ Wed, 04 May 2022 16:09:39 +0000 https://www.whatsupup.com/blog/uprousing/bayed/20220504-160940/ <p><a rel="noreferrer" target="_blank" href="https://ciechanow.ski/mechanical-watch/">Mechanical Watch</a><br></p> <hr> In the world of modern portable devices, it may be hard to believe that merely a few decades ago the most convenient way to keep track of time was a mechanical watch. Unlike their quartz and smart siblings, mechanical watches can run without using any batteries or other electronic components.<br> Over the course of this article I’ll explain the workings of the mechanism seen in the demonstration below. You can drag the device around to change your viewing angle, and you can use the slider to peek at what’s going on inside:<br> Loading...<br> What you see here is known as the movement – the inner part of a mechanical watch that’s usually enclosed in a metal case. In this article I’m focusing on a watch movement itself, since beautiful watch cases merely hide the intricate mechanisms which are the real stars of the show.<br> The entire watch movement has a lot of parts, and in this blog post I’ll explain the purpose of each one. The world of watchmaking is jargon-heavy, so many of the components may have unfamiliar names, but you shouldn’t feel pressured to remember them – the names and parts will be color-coded for easy reference.<br> In a functioning watch many parts are in constant motion. By default all animations in this article are enabled, but if you find them distracting, or if you want to save power, you can <a rel="noreferrer" target="_blank" href="https://ciechanow.ski/">globally pause</a> all the following demonstrations.<br> While the entire watch movement has many parts, the timekeeping system, which forms the core function of any watch, consists of just seven major elements which we can lay out in a straight line:<br> It may not look like much, but these parts still have a lot of interesting details about them that contribute to the second hand rotating at a correct pace. We’ll start exploring these details by focusing on the source of power for this entire contraption.<br> Power<br> Purely mechanical devices have a few different ways to power themselves, but one of the simplest methods to store energy is to use a spring. Most springs we see in daily life are coil springs. In the demonstration below, you can move the mass attached to this type of spring to see it bounce:<br> When a spring like this is compressed, it stores some energy that is then released when the compressing tension is removed. Mechanical watches typically use a different kind of spring – a spiral torsion spring. This type of spring is loaded when it’s twisted. When let go, the spring unwinds in the opposite direction to eventually settle in its natural state:<br> In a mechanical watch, we ultimately want to show rotating hands, so a spinning motion that a torsion spring provides is particularly useful. A spring in a typical mechanical watch has a slightly more complicated shape – you can see it below in its relaxed state. By dragging the slider you can try to wind it midair, but as soon as you let go, it will snap back to its original shape:<br> As you can see, this spring is quite strong and it wants to expand very rapidly. To contain the spring we have to put it in a casing known as a barrel :<br> Once in the barrel , the spring still wants to expand to its original state, but the barrel’s wall keep it in place. This spring is the storage of energy for the watch and its name, the mainspring , reflects its importance.<br> Unfortunately, we can’t really get any useful work from the mainspring in this state – it has already expanded to the largest possible size. To store more energy in it we need to wind it tightly using the arbor that we’ll first attach on the inner side of the mainspring :<br> If you look closely, the mainspring has a little hole near its end – you can see it in the center of the demonstration. The arbor has a little hook that grabs onto that hole:<br> When the arbor is turned, it pulls the mainspring with it, causing it to wind. In the demonstration below, we’re holding the barrel tight, and you can turn the arbor by dragging the slider:<br> Notice that as soon as you let go of the arbor by releasing the slider, the mainspring will turn the arbor right back. This is less than desired – we want the barrel to turn instead, so that it can power the other parts of the watch. To get some useful work from the mainspring , we’ll have to keep holding on to the arbor and instead let the barrel go when we want to use the stored energy:<br> We’ll soon see how this is accomplished in practice, but for now we’ll assume that the arbor is held tight and the mainspring ends up rotating the barrel , just like in the demonstration above. Before we finish up with the mainspring and the barrel , let’s discuss two other details that make this mechanism more reliable. Let me bring up the relaxed spring one more time:<br> The metal strip attached to the mainspring provides additional tension to its outer part. That metal strip really wants to snap back to its straight shape, so it pushes against the wall of the barrel , creating a lot of friction that keeps the mainspring in place:<br> This locks the outer end of the mainspring when the arbor moves the inner. If we were to keep winding the spring past its maximum capacity, we’d overpower that friction letting the mainspring slip inside – this acts as a safety mechanism to prevent the parts from breaking.<br> As we’ve seen, in its relaxed state, the mainspring forms an S-shape with varied curvature throughout. This helps to balance the tension in mainspring’s different sections when it is inside the barrel . Notice that the inner sections of the wound spring have a much smaller radius than the outer parts. If the relaxed spring was just a straight piece of metal, then after winding, the inner parts would be bent much more than the outer parts. With the S-shaped spring the outer sections of the spring are also under a similar tension because they want to get back to their curve that is bent in the opposite direction.<br> To secure the mainspring and prevent dust from getting in we close the barrel with a lid that snaps into its place:<br> We’ve managed to make some parts rotate and one could naively think that we could just attach a watch hand to the barrel to make it track time. Unfortunately, that won’t really work – you can witness this in the demonstration below. You can see how this “watch” behaves after you wind the mainspring with the slider and let it go:<br> We clearly have some work to do – the hand spins way too fast and it only does a few rotations before the mainspring inside the barrel runs out of the stored energy. Clearly, this contraption won’t let us track time in any reliable way.<br> If we wanted our watch to run continuously for around 40 hours on a single wind, we’d need the minute hand to complete 40 rotations in that time. Moreover, the second hand should cover around 40 × 60 = 2400 complete rotations in that time. We need to find a way to convert a small number of revolutions of the barrel into a large number of revolutions of the hands. This is where gears come in.<br> Gears<br> I’ve <a rel="noreferrer" target="_blank" href="https://ciechanow.ski/gears/">talked about gears</a> on this blog before, so let me just recap things very briefly. Gears can be used to change the speed of rotation between two different axes. In the demonstration below, you can witness that by observing little dots I put on each gear – the yellow gear , which is powered by the bigger red gear , takes much less time to finish a single revolution:<br> An important aspect of two matching gears it their number of teeth. Each tooth in one gear meets with a space between teeth in the other gear, so within a unit of time both gears rotate by the same number of teeth. If the number of teeth in two gears is different, those gears can take a different amount of time to complete a single rotation. In the demonstration below, you can change the ratio of the number of teeth between the driving red gear and the driven yellow gear to see how it affects the speed of rotation of that yellow gear :<br> 1:2<br> These gears are intended to work with each other so the ratio of teeth is equivalent to the ratio of the gear radii. When the driving gear has <a rel="noreferrer" target="_blank" href="https://ciechanow.ski/">more teeth</a> than the driven gear , the driven gear makes more rotations than the driving gear . We can use this behavior to make the second hand of a watch rotate many times on a single rotation of the barrel.<br> Let’s consider how much of a speed increase we have to do here. The barrel can rotate close to 7 times on a single wind, but we want the second hand to complete around 2400 revolutions in the same time. We need the ratio of teeth, or the ratio of radii, to be around 343:1. Let’s see how that would look in practice. In the demonstration below, you can use the slider to look at the two gears from further away:<br> As you can see, these proportions are ridiculous – to make the red gear fit in any reasonably sized watch, the yellow gear would have to be absolutely tiny and both gears would have to have very fragile, microscopic teeth.<br> Instead, mechanical watches use a train of gears with multiple gears working in pairs – each pair increases the speed to some extent. In the demonstration below, you can see the four wheels participating in this reduction. Notice that there are two gears on most axes of rotation. You can control the speed of rotation of this gear train using the slider:<br> The barrel acts as the first wheel , it drives the second wheel , which drives the third wheel , which finally drives the fourth wheel . Notice that each big gear drives a smaller gear called a pinion . A pinion is mounted on the same shaft as the next big gear so we’re able to keep increasing the speed on each axis. This approach has significant advantages – we’re able to make the overall mechanism much smaller and we’ll soon use one of the intermediate wheels that rotates at a slower rate to drive minute and hour hands.<br> Before we finish up with gears, let me quickly mention the shape of their teeth. While many bigger machines use an <a rel="noreferrer" target="_blank" href="https://ciechanow.ski/gears/#strings-attached">involute shape</a> for the profile of their gear teeth, mechanical watches commonly use cycloidal profiles which are obtained by <a rel="noreferrer" target="_blank" href="https://www.tec-science.com/mechanical-power-transmission/cycloidal-gear/geometry-of-cycloidal-gears/">rolling a circle on the surface of another circle</a> .<br> Let’s see how … https://www.whatsupup.com/blog/beautifying/hagriding/20220503-202422/ Tue, 03 May 2022 20:24:22 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220503-202422/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/05/podcast-episode-teaching-ai-its-targets">Podcast Episode: Teaching AI to its Targets</a><br> https://www.whatsupup.com/blog/augur/cussed/20220503-202310/ Tue, 03 May 2022 20:23:10 +0000 https://www.whatsupup.com/blog/augur/cussed/20220503-202310/ <a rel="noreferrer" target="_blank" href="https://discord.com/category/community">Community</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/aapihm-2022">AAPI Heritage Month at Discord: Celebrating Who We Are</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/category/safety">Policy & Safety</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/discord-transparency-report-h2-2021">Discord Transparency Report: July – December 2021</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/category/community">Community</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/a-focus-on-black-joy-during-black-history-month">A Focus on Black Joy During Black History Month</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/aapihm-2022">AAPI Heritage Month at Discord: Celebrating Who We Are</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20220503-201212/ Tue, 03 May 2022 20:12:11 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20220503-201212/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/05/podcast-episode-teaching-ai-its-targets">Podcast Episode: Teaching AI to its Targets</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220503-000937/ Tue, 03 May 2022 00:09:36 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220503-000937/ Image: Proxima Studios, via Shutterstock.<br> Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.<br> Multiple Russian news outlets published stories on April 27 saying the Russian Federal Penitentiary Service had announced a plan to recruit IT specialists from Russian prisons to work remotely for domestic commercial companies.<br> Russians sentenced to forced labor will serve out their time at one of many correctional centers across dozens of Russian regions, usually at the center that is closest to their hometown. Alexander Khabarov , deputy head of Russia’s penitentiary service, said his agency had received proposals from businessmen in different regions to involve IT specialists serving sentences in correctional centers to work remotely for commercial companies.<br> Khabarov told Russian media outlets that under the proposal people with IT skills at these facilities would labor only in IT-related roles, but would not be limited to working with companies in their own region.<br> “We are approached with this initiative in a number of territories, in a number of subjects by entrepreneurs who work in this area,” Khabarov told <a rel="noreferrer" target="_blank" href="https://www.rbc.ru/society/27/04/2022/626914459a7947739ffe8d31">Russian state media organization TASS</a> . “We are only at the initial stage. If this is in demand, and this is most likely in demand, we think that we will not force specialists in this field to work in some other industries.”<br> According to Russian media site Lenta.ru, since March 21 nearly <a rel="noreferrer" target="_blank" href="https://lenta.ru/news/2022/04/04/vaccc/">95,000 vacancies in IT have remained unfilled in Russia</a> . Lenta says the number unfilled job slots actually shrank 25 percent from the previous month, officially because “many Russian companies are currently reviewing their plans and budgets, and some projects have been postponed.” The story fails to even mention the recent economic sanctions that are currently affecting many Russian companies thanks to Russia’s invasion of Ukraine in late February. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/russia-to-rent-tech-savvy-prisoners-to-corporate-it/#more-59685">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/05/russia-to-rent-tech-savvy-prisoners-to-corporate-it/">Russia to Rent Tech-Savvy Prisoners to Corporate IT?</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220502-180427/ Mon, 02 May 2022 18:04:26 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220502-180427/ Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.<br> Google has for years accepted requests to remove certain sensitive data such as bank account or credit card numbers from search results. In <a rel="noreferrer" target="_blank" href="https://blog.google/products/search/new-options-for-removing-your-personally-identifiable-information-from-search/">a blog post on Wednesday</a> , Google’s Michelle Chang wrote that the company’s expanded policy now allows for the removal of additional information that may pose a risk for identity theft, such as confidential log-in credentials, email addresses and phone numbers when it appears in Search results.<br> “When we receive removal requests, we will evaluate all content on the web page to ensure that we’re not limiting the availability of other information that is broadly useful, for instance in news articles,” Chang wrote. “We’ll also evaluate if the content appears as part of the public record on the sites of government or official sources. In such cases, we won’t make removals.”<br> While Google’s removal of a search result from its index will do nothing to remove the offending content from the site that is hosting it, getting a link decoupled from Google search results is going to make the content at that link far less visible. According to recent estimates, Google enjoys somewhere near 90 percent market share in search engine usage.<br> KrebsOnSecurity decided to test this expanded policy with what would appear to be a no-brainer request: I asked Google to remove search result for <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=briansclub">BriansClub</a> , one of the largest (if not THE largest) cybercrime stores for selling stolen payment card data.<br> BriansClub has long abused my name and likeness to pimp its wares on the hacking forums. Its homepage includes a copy of my credit report, Social Security card, phone bill, and a fake but otherwise official looking government ID card. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/you-can-now-ask-google-to-remove-your-phone-number-email-or-address-from-search-results/#more-59639">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/you-can-now-ask-google-to-remove-your-phone-number-email-or-address-from-search-results/">You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220502-175640/ Mon, 02 May 2022 17:56:40 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220502-175640/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-01213-0">Costly SOFIA telescope faces termination after years of problems</a><br></p> <hr> NASA and the German space agency ground the telescope on a plane, citing the astronomy community’s concerns over cost and productivity.<br> https://www.whatsupup.com/blog/relational/steak/20220502-174936/ Mon, 02 May 2022 17:49:36 +0000 https://www.whatsupup.com/blog/relational/steak/20220502-174936/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/evaluating-elon-musks-plan-to-fix">Evaluating Elon Musk’s Plan To Fix Twitter</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/evaluating-elon-musks-plan-to-fix">Alex Roetter, who once ran Twitter engineering, evaluates the feasibility of Musk’s proposals.</a><br></p> <hr> https://www.whatsupup.com/blog/playacted/rededication/20220502-174541/ Mon, 02 May 2022 17:45:41 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220502-174541/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/30/technology/twitter-board-elon-musk.html">How Twitter’s Board Went From Fighting Elon Musk to Accepting Him It’s highly unusual to move from a “poison pill” to a $44 billion deal in under two weeks. But Twitter’s board ran out of options. By Lauren Hirsch and Mike Isaac</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20220502-173720/ Mon, 02 May 2022 17:37:20 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220502-173720/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-boost-your-attention-span">How to boost your attention span: 6 tips and tricks</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-not-to-get-overwhelmed-by-tasks">How not to get overwhelmed by tasks</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-increase-your-attention-span-5-key-strategies">How to increase your attention span: 5 key strategies</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/learn-to-tolerate-discomfort-or-suffer-escaping-from-it">Learn to tolerate discomfort or suffer escaping from it</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/find-go-to-activities-that-arent-scrolling-or-watching">Find go-to activities that aren't scrolling or watching</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-danger-of-expecting-work-to-be-easy-and-fun">The danger of expecting work to be easy and fun</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/it-doesnt-matter-how-many-hours-you-work">It doesn’t matter how many hours you work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-new-meaning-of-hard-work">The new meaning of hard work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-protect-your-intentions-from-getting-hijacked">How to protect your intentions from getting hijacked</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/let-your-discontent-crystallize">Let your discontent crystallize</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/stop-postponing-things-by-embracing-the-mess">Stop postponing things by embracing the mess</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/popularization/compilable/20220429-081148/ Fri, 29 Apr 2022 08:11:48 +0000 https://www.whatsupup.com/blog/popularization/compilable/20220429-081148/ <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/DuallyNoted_CHI22.pdf">Dually Noted: Layout-Aware Annotations with Smartphone Augmented Reality</a> Jing Qian, Qi Sun, Curtis Wigington, Han L. Han, Tong Sun, Jennifer Healey, James Tompkin, Jeff Huang CHI 2022<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Readability_TOCHI22.pdf">Towards Individuated Reading Experiences: Different Fonts Increase Reading Speed for Different Individuals</a> Shaun Wallace, Zoya Bylinskii, Jonathan Dobres, Bernard Kerr, Sam Berlow, Rick Treitman, Nirmal Kumawat, Kathleen Arpin, Dave B. Miller, Jeff Huang, Ben D. Sawyer TOCHI (Transactions on Computer-Human Interaction)<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220429-041746/ Fri, 29 Apr 2022 04:17:46 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220429-041746/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/best-practices-for-building-crud-endpoints/">If this is your first (or maybe second) time building CRUD endpoints, here are some non-intuitive best practices to follow around URL naming, which HTTP methods to use, and how to handle versioning.</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220429-001948/ Fri, 29 Apr 2022 00:19:48 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220429-001948/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-01213-0">Costly telescope-on-a-plane finally faces termination after years of problems</a><br></p> <hr> NASA and the German Space Agency ground the SOFIA observatory, citing community concerns over cost and productivity.<br> https://www.whatsupup.com/blog/ewing/undiscernibly/20220428-200915/ Thu, 28 Apr 2022 20:09:14 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220428-200915/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/04/the-package-analysis-project-scalable.html">The Package Analysis Project: Scalable detection of malicious open source packages</a><br></p> <hr> Posted by Caleb Brown, Open Source Security Team<br> Despite open source software’s essential role in all software built today, it’s far too easy for bad actors to circulate malicious packages that attack the systems and users running that software. Unlike mobile app stores that can scan for and reject malicious contributions, package repositories have limited resources to review the thousands of daily updates and must maintain an open model where anyone can freely contribute. As a result, malicious packages like <a rel="noreferrer" target="_blank" href="https://github.com/advisories/GHSA-pjwm-rvh2-c87w">ua-parser-js</a> , and <a rel="noreferrer" target="_blank" href="https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/">node-ipc</a> are regularly uploaded to popular repositories despite their best efforts, with sometimes devastating consequences for users. Google, a member of the <a rel="noreferrer" target="_blank" href="https://openssf.org/">Open Source Security Foundation</a> (OpenSSF), is proud to support the OpenSSF’s <a rel="noreferrer" target="_blank" href="https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior">Package Analysis project,</a> which is a welcome step toward helping secure the open source packages we all depend on. The Package Analysis program performs dynamic analysis of all packages uploaded to popular open source repositories and catalogs the results in a BigQuery table. By detecting malicious activities and alerting consumers to suspicious behavior before they select packages, this program contributes to a more secure software supply chain and greater trust in open source software. The program also gives insight into the types of malicious packages that are most common at any given time, which can guide decisions about how to better protect the ecosystem. To better understand how the Package Analysis program is contributing to supply chain security, we analyzed the nearly 200 malicious packages it captured over a one-month period. Here’s what we discovered:<br> Results<br> All signals collected are published in our <a rel="noreferrer" target="_blank" href="https://console.cloud.google.com/bigquery?d=packages&p=ossf-malware-analysis&t=analysis&page=table">BigQuery table</a> . Using simple queries on this table, we found around 200 meaningful results from the packages uploaded to NPM and PyPI in a period of just over a month. Here are some notable examples, with <a rel="noreferrer" target="_blank" href="https://github.com/ossf/package-analysis/blob/main/docs/case_studies.md">more available in the repository</a> .<br> PyPI: discordcmd<br> This Python package will attack the desktop client for Discord on Windows. It was found by spotting the unusual requests to raw.githubusercontent.com, Discord API, and ipinfo.io. First, it downloaded a backdoor from GitHub and installed it into the Discord electron client.<br> Next, it looked through various local databases for the user's Discord token.<br> Finally, it grabbed the data associated with the token from the Discord API and exfiltrated it back to a Discord server controlled by the attacker.<br> NPM: @roku-web-core/ajax<br> During install, this NPM package exfiltrates details of the machine it is running on and then opens a reverse shell, allowing the remote execution of commands.<br> This package was discovered from its requests to an attacker-controlled address.<br> Dependency Confusion / Typosquatting<br> The vast majority of the malicious packages we detected are dependency confusion and <a rel="noreferrer" target="_blank" href="https://www.darkreading.com/vulnerabilities-threats/beware-the-package-typosquatting-supply-chain-attack">typosquatting attacks</a> . The packages we found usually contain a simple script that runs during an install and calls home with a few details about the host. These packages are most likely the work of security researchers looking for bug bounties, since most are not exfiltrating meaningful data except the name of the machine or a username, and they make no attempt to disguise their behavior. These dependency confusion attacks were discovered through the domains they used, such as burpcollaborator.net, pipedream.com, interact.sh, which are commonly used for reporting back attacks. The same domains appear across unrelated packages and have no apparent connection to the packages themselves. Many packages also used unusual version numbers that were high (e.g. v5.0.0, v99.10.9) for a package with no previous versions.<br> Conclusions<br> The short time frame and low sophistication needed for finding the results above underscore the challenge facing open source package repositories. While many of the results above were likely the work of security researchers, any one of these packages could have done far more to hurt the unfortunate victims who installed them. These results show the clear need for more investment in vetting packages being published in order to keep users safe. This is a growing space, and having an open standard for reporting would help centralize analysis results and offer consumers a trusted place to assess the packages they’re considering using. Creating an open standard should also foster healthy competition, promote integration, and raise the overall security of open source packages.<br> Over time we hope that the Package Analysis program will offer comprehensive knowledge about the behavior and capabilities of packages across open source software, and help guide the future efforts needed to make the ecosystem more secure for everyone. To get involved, please check out the <a rel="noreferrer" target="_blank" href="https://github.com/ossf/package-analysis">GitHub Project</a> and <a rel="noreferrer" target="_blank" href="https://github.com/ossf/package-analysis/milestones">Milestones</a> for opportunities to contribute.<br> https://www.whatsupup.com/blog/gaper/whisky/20220428-200432/ Thu, 28 Apr 2022 20:04:31 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220428-200432/ <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/04/mdn-plus-now-available-in-more-markets/">MDN Plus now available in more countries</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220428-162130/ Thu, 28 Apr 2022 16:21:30 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220428-162130/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/04/common-voice-dataset-tops-20000-hours/">Common Voice dataset tops 20,000 hours →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/04/common-voice-dataset-tops-20000-hours/">Common Voice dataset tops 20,000 hours</a><br> <hr> The latest Common Voice dataset, released today, has achieved a major milestone: More than 20,000 hours of open-source speech data that anyone, anywhere can use. The dataset has nearly doubled in the past year. Mozilla’s Common Voice seeks to change the language technology ecosystem by supporting communities to collect voice data for the creation of voice-enabled applications for their own languages.<br> https://www.whatsupup.com/blog/playacted/rededication/20220428-161210/ Thu, 28 Apr 2022 16:12:10 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220428-161210/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/28/technology/twitter-first-quarter-earnings-elon-musk.html">Twitter reports growth in revenue and users as Elon Musk prepares to take over. The social media company reported a 16 percent jump in daily active users from a year ago. By Mike Isaac and Adam Satariano</a><br> https://www.whatsupup.com/blog/jigging/witherer/20220428-122039/ Thu, 28 Apr 2022 12:20:39 +0000 https://www.whatsupup.com/blog/jigging/witherer/20220428-122039/ <p>Founder and Editor-at-Large<br> <a rel="noreferrer" target="_blank" href="https://themarkup.org/pixel-hunt/2022/04/28/applied-for-student-aid-online-facebook-saw-you">Pixel Hunt Applied for Student Aid Online? Facebook Saw You The FAFSA form included code that sent personal information back to Facebook April 28, 2022 08:00 ET</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/show-your-work/2022/04/28/how-we-built-a-meta-pixel-inspector">Show Your Work Pixel Hunt How We Built a Meta Pixel Inspector The first large-scale, crowdsourced study that monitors how Meta tracks people across the internet April 28, 2022 08:00 ET</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220428-121438/ Thu, 28 Apr 2022 12:14:38 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220428-121438/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/04/mdn-plus-now-available-in-more-markets/">MDN Plus now available in more markets →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/04/mdn-plus-now-available-in-more-markets/">MDN Plus now available in more markets</a><br> <hr> Almost a month ago, we announced MDN Plus, a new premium service on MDN that allows users to customize their experience on the website. <p>We are very glad to announce today that it is now possible for MDN users around the globe to create an MDN Plus free account, no matter where they are.<br></p> https://www.whatsupup.com/blog/playacted/rededication/20220428-002543/ Thu, 28 Apr 2022 00:25:43 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220428-002543/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2022/04/27/technology/twitter-elon-musk-news/in-tweets-musk-takes-aim-at-twitter-executives-creating-outrage">In tweets, Musk takes aim at Twitter executives, creating outrage. This was featured in live coverage. By Erin Woo</a><br> https://www.whatsupup.com/blog/augur/cussed/20220428-000100/ Thu, 28 Apr 2022 00:00:59 +0000 https://www.whatsupup.com/blog/augur/cussed/20220428-000100/ <a rel="noreferrer" target="_blank" href="https://discord.com/category/product">Product & Features</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/slash-commands-permissions-discord-apps-bots">Permission to Slash, Granted: Introducing Slash Command Permissions</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/slash-commands-permissions-discord-apps-bots">Permission to Slash, Granted: Introducing Slash Command Permissions</a><br> https://www.whatsupup.com/blog/augur/cussed/20220427-201650/ Wed, 27 Apr 2022 20:16:50 +0000 https://www.whatsupup.com/blog/augur/cussed/20220427-201650/ <p><a rel="noreferrer" target="_blank" href="https://discord.com/category/product">Product & Features</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/slash-commands-permissions-discord-apps-bots">Permission to Slash, Granted: Introducing Role Permissions for Slash Commands</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/category/community">Community</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/calixta-guide-to-navigating-the-voice-acting-industry">Calixta’s Guide to Navigating the Voice Acting Industry</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/category/safety">Policy & Safety</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/important-policy-updates">Important Policy Updates</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/category/engineering">Engineering & Design</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/how-data-science-informs-strategy-innovation-at-discord">How Data Science Informs Strategy & Innovation at Discord</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/category/product">Product & Features</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/playstation-discord-account-connection-linking-game-status">PlayStation® x Discord: Connect Your Account and Show What You’re Playing</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/category/safety">Policy & Safety</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/discord-pta-collaboration-announcement-educators-parents">Parents & Educators, join us on Discord!</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/category/company">Discord HQ</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/sourcery-at-discord-the-team-who-finds-new-discord-employees">Sourcery at Discord: The Team Who Finds New Discord Employees</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/category/community">Community</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/discord-profile-tips-from-design-professionals">Make Your Discord Profile Shine: Profile Pointers from Design Pros</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/category/company">Discord HQ</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/discord-welcomes-elizabeth-hamren-as-new-coo">Discord Welcomes Elizabeth Hamren as new COO</a><br> COLLECTION<br> Product & Features<br> Announcements, new features, and general info about the Discord app.<br> <a rel="noreferrer" target="_blank" href="https://discord.com/category/product">View Collection</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/slash-commands-permissions-discord-apps-bots">Permission to Slash, Granted: Introducing Role Permissions for Slash Commands</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/3-months-free-picsart-gold-discord-nitro-promo">Starting Now, Nitro Users Get 3 Months of Picsart Gold</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/a-note-on-upcoming-community-experiments">Testing 1-2-3: A Note on Upcoming Community Experiments</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/playstation-discord-account-connection-linking-game-status">PlayStation® x Discord: Connect Your Account and Show What You’re Playing</a><br> <hr> Community<br> Stories, spotlights, and behind the scenes from the heart and soul of Discord: the community.<br> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/calixta-guide-to-navigating-the-voice-acting-industry">Calixta’s Guide to Navigating the Voice Acting Industry</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/a-focus-on-black-joy-during-black-history-month">A Focus on Black Joy During Black History Month</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/snowsgiving-2021">Snowsgiving 2021 Has Ended — See How You Made It Truly Special</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/discord-profile-tips-from-design-professionals">Make Your Discord Profile Shine: Profile Pointers from Design Pros</a><br> <hr> Resources & Education<br> Tutorials and guides to help with Discord and other topics of interest.<br> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/starting-your-first-discord-server">Starting Your First Discord Server</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/discussing-latinx-heritage-month-with-discord-hispanic-erg-la-cafeteria">Discussing Latinx Heritage Month with Discord’s Latinx ERG: La Cafetería</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/ten-tips-to-help-your-college-club-bloom-on-discord">Ten Tips to Help Your College Club Bloom on Discord</a><br> <hr> Discord HQ<br> General company updates about what Discord is up to at HQ.<br> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/sourcery-at-discord-the-team-who-finds-new-discord-employees">Sourcery at Discord: The Team Who Finds New Discord Employees</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/discord-welcomes-elizabeth-hamren-as-new-coo">Discord Welcomes Elizabeth Hamren as new COO</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/new-discord-merch-store">Introducing @everyone and @here Discord Merch — New Store Swag</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/how-the-cord-club-interns-made-their-mark-on-discord">How the Cord Club Interns Made Their Mark on Discord</a><br> <hr> Policy & Safety<br> General tips and insights from Discord's Policy & Safety teams who enable users and communities to be safe on the platform.<br> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/discord-transparency-report-h2-2021">Discord Transparency Report: July – December 2021</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/addressing-health-misinformation">Addressing Health Misinformation</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/important-policy-updates">Important Policy Updates</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/addressing-harmful-off-platform-behavior">Addressing Harmful Off-Platform Behavior</a><br> <hr> Engineering & Design<br> In-depth analysis and thought process on engineering and design challenges.<br> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/how-data-science-informs-strategy-innovation-at-discord">How Data Science Informs Strategy & Innovation at Discord</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/why-and-how-discord-uses-patch-to-test-elixir">Why and How Discord Uses Patch to Test Elixir</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/how-discord-creates-insights-from-trillions-of-data-points">How Discord Creates Insights from Trillions of Data Points</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://discord.com/blog/building-open-source-design-tools-to-improve-discords-design-workflow">Building open-source design tools to improve Discord’s design workflow</a><br> <hr> Imagine a place<br> Product<br> <a rel="noreferrer" target="_blank" href="https://discord.com/download">Download</a> <a rel="noreferrer" target="_blank" href="https://discord.com/why-discord-is-different">Why Discord</a> <a rel="noreferrer" target="_blank" href="https://discord.com/inspiration">Inspiration</a> <a rel="noreferrer" target="_blank" href="https://discord.com/college">College</a> <a rel="noreferrer" target="_blank" href="https://discord.com/nitro">Nitro</a> <a rel="noreferrer" target="_blank" href="https://discordstatus.com/">Status</a><br> Company<br> <a rel="noreferrer" target="_blank" href="https://discord.com/company">About</a> <a rel="noreferrer" target="_blank" href="https://discord.com/jobs">Jobs</a> <a rel="noreferrer" target="_blank" href="https://discord.com/branding">Branding</a> <a rel="noreferrer" target="_blank" href="https://discord.com/newsroom">Newsroom</a> <a rel="noreferrer" target="_blank" href="https://discordmerch.com/">Store</a><br> Resources<br> <a rel="noreferrer" target="_blank" href="https://support.discord.com/hc/en-us">Support</a> <a rel="noreferrer" target="_blank" href="https://discord.com/safety">Safety</a> <a rel="noreferrer" target="_blank" href="https://discord.com/blog">Blog</a> <a rel="noreferrer" target="_blank" href="https://feedback.discord.com/">Feedback</a> <a rel="noreferrer" target="_blank" href="https://discord.com/partners">Partners</a> <a rel="noreferrer" target="_blank" href="https://discord.com/verification">Verification</a> <a rel="noreferrer" target="_blank" href="https://discord.com/developers/docs">Developers</a> <a rel="noreferrer" target="_blank" href="https://discord.com/streamkit">StreamKit</a> <a rel="noreferrer" target="_blank" href="https://discord.com/open-source">Open Source</a> <a rel="noreferrer" target="_blank" href="https://discord.com/security">Security</a> <a rel="noreferrer" target="_blank" href="https://discord.com/moderation">Moderation</a><br> Policies<br> <a rel="noreferrer" target="_blank" href="https://discord.com/terms">Terms</a> <a rel="noreferrer" target="_blank" href="https://discord.com/privacy">Privacy</a> <a rel="noreferrer" target="_blank" href="https://discord.com/guidelines">Guidelines</a> <a rel="noreferrer" target="_blank" href="https://discord.com/acknowledgements">Acknowledgements</a> <a rel="noreferrer" target="_blank" href="https://discord.com/licenses">Licenses</a><br> <a rel="noreferrer" target="_blank" href="https://discord.com/register">Sign up</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220427-201527/ Wed, 27 Apr 2022 20:15:25 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220427-201527/ When KrebsOnSecurity recently explored how cybercriminals were using <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/">hacked email accounts at police departments worldwide</a> to obtain warrantless Emergency Data Requests (EDRs) from social media firms and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue , a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide.<br> A sample Kodex dashboard. Image: Kodex.us.<br> Donahue is co-founder of <a rel="noreferrer" target="_blank" href="https://www.kodex.us/">Kodex</a> , a company formed in February 2021 that builds security portals designed to help tech companies “manage information requests from government agencies who contact them, and to securely transfer data & collaborate against abuses on their platform.”<br> The 30-year-old Donahue said he left the FBI in April 2020 to start Kodex because it was clear that social media and technology companies needed help validating the increasingly large number of law enforcement requests domestically and internationally.<br> “So much of this is such an antiquated, manual process,” Donahue said of his perspective gained at the FBI. “In a lot of cases we’re still sending faxes when more secure and expedient technologies exist.”<br> Donahue said when he brought the subject up with his superiors at the FBI, they would kind of shrug it off, as if to say, “This is how it’s done and there’s no changing it.”<br> “My bosses told me I was committing career suicide doing this, but I genuinely believe fixing this process will do more for national security than a 20-year career at the FBI,” he said. “This is such a bigger problem than people give it credit for, and that’s why I left the bureau to start this company.”<br> One of the stated goals of Kodex is to build a scoring or reputation system for law enforcement personnel who make these data requests. After all, there are tens of thousands of police jurisdictions around the world — including roughly <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Law_enforcement_in_the_United_States#:~:text=There%20are%2017%2C985%20U.S.%20police,and%20federal%20law%20enforcement%20agencies.">18,000 in the United States alone</a> — and all it takes for hackers to abuse the EDR process is illicit access to a single police email account.<br> Kodex is trying to tackle the problem of fake EDRs by working directly with the data providers to pool information about police or government officials submitting these requests, and hopefully making it easier for all customers to spot an unauthorized EDR.<br> Kodex’s first big client was cryptocurrency giant Coinbase , which confirmed their partnership but otherwise declined to comment for this story. Twilio confirmed it uses Kodex’s technology for law enforcement requests destined for any of its business units, but likewise declined to comment further.<br> Within their own separate Kodex portals, Twilio can’t see requests submitted to Coinbase, or vice versa. But each can see if a law enforcement entity or individual tied to one of their own requests has ever submitted a request to a different Kodex client, and then drill down further into other data about the submitter, such as Internet address(es) used, and the age of the requestor’s email address.<br> Donahue said in Kodex’s system, each law enforcement entity is assigned a credit rating, wherein officials who have a long history of sending valid legal requests will have a higher rating than someone sending an EDR for the first time.<br> “In those cases, we warn the customer with a flash on the request when it pops up that we’re allowing this to come through because the email was verified [as being sent from a valid police or government domain name], but we’re trying to verify the emergency situation for you, and we will change that rating once we get new information about the emergency,” Donahue said.<br> “This way, even if one customer gets a fake request, we’re able to prevent it from happening to someone else,” he continued. “In a lot of cases with fake EDRs, you can see the same email [address] being used to message different companies for data. And that’s the problem: So many companies are operating in their own silos and are not able to share information about what they’re seeing, which is why we’re seeing scammers exploit this good faith process of EDRs.”<br> NEEDLES IN THE HAYSTACK<br> As social media and technology platforms have grown over the years, so have the volumes of requests from law enforcement agencies worldwide for user data. For example, in its <a rel="noreferrer" target="_blank" href="https://www.verizon.com/about/investors/transparency-report">latest transparency report</a> mobile giant Verizon reported receiving 114,000 data requests of all types from U.S. law enforcement entities in the second half of 2021.<br> Verizon said approximately 35,000 of those requests (~30 percent) were EDRs , and that it provided data in roughly 91 percent of those cases. The company doesn’t disclose how many EDRs came from foreign law enforcement entities during that same time period. Verizon currently asks law enforcement officials to send these requests via fax.<br> Validating legal requests by domain name may be fine for data demands that include documents like subpoenas and search warrants, which can be validated with the courts. But not so for EDRs, which largely bypass any official review and do not require the requestor to submit any court-approved documents .<br> Police and government authorities can legitimately request EDRs to learn the whereabouts or identities of people who have posted online about plans to harm themselves or others, or in other exigent circumstances such as a child abduction or abuse, or a potential terrorist attack.<br> But as KrebsOnSecurity <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/">reported in March</a> , it is now clear that crooks have figured out there is no quick and easy way for a company that receives one of these EDRs to know whether it is legitimate. Using illicit access to hacked police email accounts, the attackers will send a fake EDR along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately.<br> In this scenario, the receiving company finds itself caught between two unsavory outcomes: Failing to immediately comply with an EDR — and potentially having someone’s blood on their hands — or possibly leaking a customer record to the wrong person. That might explain why the compliance rate for EDRs is usually quite high — often upwards of 90 percent.<br> Fake EDRs have become such a reliable method in the cybercrime underground for obtaining information about account holders that several cybercriminals have started offering services that will submit these fraudulent EDRs on behalf of paying clients to a number of top social media and technology firms. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/fighting-fake-edrs-with-credit-ratings-for-police/#more-59232">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/fighting-fake-edrs-with-credit-ratings-for-police/">Fighting Fake EDRs With ‘Credit Ratings’ for Police</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20220427-162015/ Wed, 27 Apr 2022 16:20:15 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220427-162015/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/04/how-we-fought-bad-apps-and-developers.html">How we fought bad apps and developers in 2021</a><br></p> <hr> Posted by Steve Kafka and Khawaja Shams, Android Security and Privacy Team<br> Providing a safe experience to billions of users continues to be one of the <a rel="noreferrer" target="_blank" href="https://android-developers.googleblog.com/2022/03/privacy-and-security-direction.html">highest priorities</a> for Google Play. Last year we introduced multiple privacy focused features, enhanced our protections against bad apps and developers, and improved <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Software_development_kit">SDK</a> data safety. In addition, Google Play Protect continues to scan billions of installed apps each day across billions of devices to keep people safe from malware and unwanted software.<br> We continue to enhance our machine learning systems and review processes, and in 2021 we blocked 1.2 million policy violating apps from being published on Google Play, preventing billions of harmful installations. We also continued in our efforts to combat malicious and spammy developers, banning 190k bad accounts in 2021. In addition, we have closed around 500k developer accounts that are inactive or abandoned.<br> In May we <a rel="noreferrer" target="_blank" href="https://android-developers.googleblog.com/2021/05/new-safety-section-in-google-play-will.html">announced</a> our new Data safety section for Google Play where developers will be required to give users deeper insight into the privacy and security practices of the apps they download, and provide transparency into the data the app may collect and why. The Data safety section <a rel="noreferrer" target="_blank" href="https://blog.google/products/google-play/data-safety/">launched</a> this week, and developers are required to complete this section for their apps by July 20th.<br> We’ve also invested in making life easier for our developers. We added the <a rel="noreferrer" target="_blank" href="https://play.google.com/console/about/policystatus/">Policy and Programs</a> section to Google Play Console to help developers manage all their app compliance issues in one central location. This includes the ability to appeal a decision and <a rel="noreferrer" target="_blank" href="https://support.google.com/googleplay/android-developer/answer/9842754?hl=en">track its status</a> from this page.<br> In addition, we continued to partner with SDK developers to improve app safety, limit how user data is shared, and <a rel="noreferrer" target="_blank" href="https://support.google.com/googleplay/android-developer/answer/10358880">improve lines of communication with app developers</a> . SDKs provide functionality for app developers, but it can sometimes be tricky to know when an SDK is safe to use. Last year, we engaged with SDK developers to build a safer Android and Google Play ecosystem. As a result of this work, SDK developers have improved the safety of SDKs used by hundreds of thousands of apps impacting billions of users. This remains a huge investment area for our team, and we will continue in our efforts to make SDKs safer across the ecosystem.<br> Limiting access<br> The best way to ensure users' data stays safe is to limit access to it in the first place.<br> As a result of new platform protections and <a rel="noreferrer" target="_blank" href="https://support.google.com/googleplay/android-developer/answer/10467955">policies</a> , developer collaboration and education, 98% of apps migrating to Android 11 or higher have reduced their access to sensitive APIs and user data. We've also significantly reduced the unnecessary, dangerous, or disallowed use of <a rel="noreferrer" target="_blank" href="https://support.google.com/googleplay/android-developer/answer/10964491?hl=en#:~:text=Google%20Play%20permits%20the%20use,that%20they%20are%20accessibility%20tools.">Accessibility APIs</a> in apps migrating to Android 12, while preserving the functionality of legitimate use cases.<br> We also continued in our commitment to make Android a great place for families. Last year we disallowed the collection of Advertising ID (AAID) and other device identifiers from all users in apps solely targeting children, and gave all users the ability to delete their Advertising ID entirely, regardless of the app.<br> Pixel enhancements<br> For Pixel users, we had even more great features to help keep you safe. Our new <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">Security hub</a> helps protect your phone, apps, Google Account, and passwords by giving you a central view of your device’s current configuration. Security hub also provides recommendations to improve your security, helping you decide what settings best meet your needs.<br> In addition, Pixels now use new machine learning models that improve the detection of malware in Google Play Protect. The detection runs on your Pixel, and uses a privacy preserving technology called federated analytics to discover bad apps.<br> Our global teams are dedicated to keeping our billions of users safe, and look forward to many exciting announcements in 2022.<br> https://www.whatsupup.com/blog/augur/cussed/20220427-081434/ Wed, 27 Apr 2022 08:14:33 +0000 https://www.whatsupup.com/blog/augur/cussed/20220427-081434/ Oops! We couldn’t find that page.<br> Sorry about that.<br> Refresh the page, check <a rel="noreferrer" target="_blank" href="https://medium.statuspage.io/">Medium’s site status</a> , or <a rel="noreferrer" target="_blank" href="https://medium.com/browse/top">find something interesting to read</a> .<br> https://www.whatsupup.com/blog/playacted/rededication/20220427-001640/ Wed, 27 Apr 2022 00:16:39 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220427-001640/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2022/04/26/business/twitter-elon-musk-news/twitter-musk-breakup-fee">Elon Musk’s deal for Twitter includes a $1 billion breakup fee. Twitter would have to pay if it signed a deal with another suitor. Mr. Musk would have to pay if his financing falls apart. By Lauren Hirsch</a><br> https://www.whatsupup.com/blog/trifid/ragwort/20220427-001350/ Wed, 27 Apr 2022 00:13:50 +0000 https://www.whatsupup.com/blog/trifid/ragwort/20220427-001350/ Everything you need to know about car APIs. Delivered monthly.<br> https://www.whatsupup.com/blog/playacted/rededication/20220426-161639/ Tue, 26 Apr 2022 16:16:39 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220426-161639/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/25/business/twitter-parag-agrawal-musk.html">How Twitter’s staff reacted at a meeting after the announcement. By Mike Isaac and Kate Conger</a><br> https://www.whatsupup.com/blog/relational/steak/20220426-121359/ Tue, 26 Apr 2022 12:13:59 +0000 https://www.whatsupup.com/blog/relational/steak/20220426-121359/ [Nothing new, only with content removed] https://www.whatsupup.com/blog/relational/steak/20220426-081449/ Tue, 26 Apr 2022 08:14:49 +0000 https://www.whatsupup.com/blog/relational/steak/20220426-081449/ Share this post<br> Why Snapchat’s Product Is Booming<br> bigtechnology.substack.com<br> Copy link<br> Twitter<br> Facebook<br> Email<br> Twitter After Elon<br> Elon Musk And Twitter’s Business Are On A Collision Course<br> The Big Tech Antitrust Movement Is Finally Showing Results<br> TikTok’s Golden Opportunity<br> “A Reckoning.” The Direct To Consumer Craze Is Slamming Into Reality.<br> Ukraine And The Limits Of Russia’s Social Media Power<br> Ex-Washington Post Owner Don Graham On Doing Business With Zuckerberg And Bezos<br> Why El Salvador’s Wild Bitcoin Experiment Just Might Work<br> It’s Way Too Early To Count Out Instagram Reels<br> For Facebook, It’s Metaverse Or Bust<br> Tech Can Help Solve Our Mental Health Crisis. But We Can’t Forget The Human Element.<br> Cooling Stock Market Has Some Tech Giant Employees Exploring Their Options<br> Congress Needs To Stop Day Trading, Says Sen. Mark Warner<br> Why Jack Dorsey Went To War With Andreessen Horowitz<br> The First Annual Big Technology Book Awards<br> The Revolt Against Institutions Is 2021’s Defining Story<br> “Standing Up For Us Plebs.” Amazon Leaders Reject Policy To Push Employees Out.<br> The Internet Was Once Flat. No Longer.<br> Five Ways China Is Trying To Unaddict Kids From Social Media<br> A Xiaomi Phone Might’ve Shipped With A Censorship List In Europe. Now What?<br> Why LinkedIn Is The One Good Social Network<br> The Case To Reform The Share Button, According To Facebook’s Own Research<br> Silicon Valley’s Open Culture Era Comes To An End<br> https://www.whatsupup.com/blog/playacted/rededication/20220426-001637/ Tue, 26 Apr 2022 00:16:37 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220426-001637/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2022/04/25/business/elon-musk-twitter/twitter-parag-agrawal-musk">How Twitter’s staff reacted at a meeting after the announcement. This was featured in live coverage. By Mike Isaac and Kate Conger</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/25/technology/musk-twitter-sale.html">With Deal for Twitter, Musk Lands a Prize and Pledges Fewer Limits The world’s richest man succeeded in a bid to acquire the influential social networking service, which he has said he wants to take private. By Mike Isaac and Lauren Hirsch</a><br> https://www.whatsupup.com/blog/sited/implore/20220426-001404/ Tue, 26 Apr 2022 00:14:03 +0000 https://www.whatsupup.com/blog/sited/implore/20220426-001404/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/25/technology/musk-twitter-sale.html">With Deal for Twitter, Musk Lands a Prize and Pledges Fewer Limits The world’s richest man succeeded in a bid to acquire the influential social networking service, which he has said he wants to take private. By Mike Isaac and Lauren Hirsch</a><br> https://www.whatsupup.com/blog/relational/steak/000000-000000/ Tue, 26 Apr 2022 00:13:28 +0000 https://www.whatsupup.com/blog/relational/steak/000000-000000/ [Marking site as being monitored from now on] https://www.whatsupup.com/blog/playacted/rededication/20220425-201623/ Mon, 25 Apr 2022 20:16:23 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220425-201623/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2022/04/25/business/elon-musk-twitter/musk-twitter-sale">Musk’s deal for Twitter is worth about $44 billion. The world’s richest man succeeded in a bid to acquire the influential social networking service, which he has said he wants to take private. By Mike Isaac and Lauren Hirsch</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/25/technology/twitter-employees-elon-musk.html">Twitter Employees Search for Answers as Musk Takeover Becomes Reality Workers say they have been left largely in the dark about what a sale to the billionaire will mean for them and their shares in the company. By Kate Conger</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/25/business/meta-plans-to-open-its-first-retail-store-as-it-highlights-metaverse-related-products.html">Meta plans to open its first retail store as it highlights metaverse-related products. Meta Store, the company’s first physical storefront, will sell virtual- and augmented-reality devices. By Mike Isaac</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220425-201348/ Mon, 25 Apr 2022 20:13:47 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220425-201348/ <p><a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/recommendations">Recommendations</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.bytebytego.com/?utm_source=homepage_recommendations">ByteByteGo System Design</a><br> <hr> ByteByteGo<br> <a rel="noreferrer" target="_blank" href="https://anchorchange.substack.com/?utm_source=homepage_recommendations">Anchor Change</a><br> <hr> Katie Harbath<br> <a rel="noreferrer" target="_blank" href="https://newsletter.pragmaticengineer.com/?utm_source=homepage_recommendations">The Pragmatic Engineer</a><br> <hr> Gergely Orosz<br> <a rel="noreferrer" target="_blank" href="https://therebooting.substack.com/?utm_source=homepage_recommendations">The Rebooting</a><br> <hr> Brian Morrissey<br> <a rel="noreferrer" target="_blank" href="https://www.newcomer.co/?utm_source=homepage_recommendations">Newcomer</a><br> <hr> Eric Newcomer<br> https://www.whatsupup.com/blog/ideo/fleury/20220425-200522/ Mon, 25 Apr 2022 20:05:21 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220425-200522/ In one chat, the LAPSUS$ leader — a 17-year-old from the U.K. who goes by the nicknames “ White ,” “ WhiteDoxbin ” and “ Oklaqq ” — is sharing his screen with another LAPSUS$ member who used the handles “ Amtrak ” and “ Asyntax .”<br> https://www.whatsupup.com/blog/playacted/rededication/20220425-161641/ Mon, 25 Apr 2022 16:16:40 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220425-161641/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/25/technology/twitter-employees-elon-musk.html">Twitter Employees Search for Answers as Musk Deal Takes Shape Workers say they have been left largely in the dark about what a sale to the billionaire would mean for them and their shares in the company. By Kate Conger</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/25/business/meta-plans-to-open-its-first-retail-store-as-it-highlights-metaverse-related-products.html">Meta plans to open its first retail store as it highlights metaverse-related products. Meta Store, the company’s first physical storefront, will sell virtual and augmented reality devices. By Mike Isaac</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/24/technology/twitter-board-elon-musk.html">Twitter Nears a Deal to Sell Itself to Elon Musk The company’s 11-member board met with Mr. Musk to discuss his offer to buy the social networking service and take it private. An agreement could come as soon as Monday. By Lauren Hirsch, Mike Isaac and Kate Conger</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220425-121659/ Mon, 25 Apr 2022 12:16:59 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220425-121659/ April 25, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/04/25/Announcing-Hare.html">Announcing the Hare programming language</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220425-081623/ Mon, 25 Apr 2022 08:16:22 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220425-081623/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/24/technology/twitter-board-elon-musk.html">Twitter in Advanced Talks to Sell Itself to Elon Musk The company’s 11-member board was negotiating with Mr. Musk into the morning on Monday over his offer to buy the social networking service and take it private. By Lauren Hirsch and Mike Isaac</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220425-081547/ Mon, 25 Apr 2022 08:15:46 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220425-081547/ April 25, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/04/25/Announcing-Hare.html">Announcing the Hare programming langauge</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220425-001722/ Mon, 25 Apr 2022 00:17:22 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220425-001722/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/24/technology/twitter-board-elon-musk.html">Twitter’s Board Is Said to Seriously Consider Elon Musk’s Bid Twitter’s 11-member board met on Sunday morning to discuss Mr. Musk’s offer to buy the company and take it private. By Lauren Hirsch and Mike Isaac</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220425-001209/ Mon, 25 Apr 2022 00:12:08 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220425-001209/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/04/13/Three-Perfect-Tools">Three Perfect Tools</a> · We live in a world of things that have Product Managers and Design Teams and Documentation Architecture and often vast ambition. And yet, so many of them are so bad. And worse, some which are good <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/08/07/Apps-Get-Worse">then become bad</a> for no good reason. There is a particular joy in a product that just does what you need done, in about the way you expect or (thrillingly) better, and isn’t hard to figure out, and doesn’t change unnecessarily. Here are three to learn from <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/04/13/Three-Perfect-Tools">…</a> [1 comment]<br> https://www.whatsupup.com/blog/traveling/splay/20220424-121531/ Sun, 24 Apr 2022 12:15:31 +0000 https://www.whatsupup.com/blog/traveling/splay/20220424-121531/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/24/science/scheinert-kwan-film-multiverse.html">Out There Tripping Through the Universes A new cosmic kung fu film explores the meaning of existence in alternate realities. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/stratification/pride/20220424-121428/ Sun, 24 Apr 2022 12:14:27 +0000 https://www.whatsupup.com/blog/stratification/pride/20220424-121428/ We use cookies and other data collection technologies to provide the best experience for our customers. You may request that your data not be shared with third parties here: <a rel="noreferrer" target="_blank" href="javascript:void(0)">Do Not Sell My Data</a> .<br> https://www.whatsupup.com/blog/ideo/fleury/20220422-160552/ Fri, 22 Apr 2022 16:05:51 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220422-160552/ KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion.<br> LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the world’s largest tech companies ultimately led to the group’s undoing.<br> From its inception in December 2021 until its implosion late last month, LAPSUS$ operated openly on its Telegram chat channel, which quickly grew to more than 40,000 followers after the group started using it to leak huge volumes of sensitive data stolen from victim corporations.<br> But LAPSUS$ also used private Telegram channels that were restricted to the core seven members of the group. KrebsOnSecurity recently received a week’s worth of these private conversations between LAPSUS$ members as they plotted their final attacks late last month.<br> The candid conversations show LAPSUS$ frequently obtained the initial access to targeted organizations by purchasing it from sites like Russian Market , which sell access to remotely compromised systems, as well as any credentials stored on those systems.<br> The logs indicate LAPSUS$ had exactly zero problems buying, stealing or sweet-talking their way into employee accounts at companies they wanted to hack. The bigger challenge for LAPSUS$ was the subject mentioned by “Lapsus Jobs” in the screenshot above: Device enrollment. In most cases, this involved social engineering employees at the targeted firm into adding one of their computers or mobiles to the list of devices allowed to authenticate with the company’s virtual private network (VPN).<br> The messages show LAPSUS$ members continuously targeted T-Mobile employees, whose access to internal company tools could give them everything they needed to conduct hassle-free “ <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/category/sim-swapping/">SIM swaps</a> ” — reassigning a target’s mobile phone number to a device they controlled. These unauthorized sim swaps allow an attacker to intercept a target’s text messages and phone calls, including any links sent via SMS for password resets, or one-time codes sent for multi-factor authentication.<br> The LAPSUS$ group had a laugh at this screenshot posted by their leader, White, which shows him reading a T-Mobile news alert about their hack into Samsung. White is viewing the page via a T-Mobile employee’s virtual machine.<br> In one chat, the LAPSUS$ leader — 17-year-old from the U.K. who goes by the nicknames “ White ,” “ WhiteDoxbin ” and “ Oklaqq ” — is sharing his screen with another LAPSUS$ member who used the handles “ Amtrak ” and “ Asyntax .”<br> The two were exploring T-Mobile’s internal systems, and Amtrak asked White to obscure the T-Mobile logo on his screen. In these chats, the user “ Lapsus Jobs ” is White. Amtrak explains this odd request by saying their parents are aware Amtrak was previously involved in SIM swapping.<br> “Parents know I simswap,” Amtrak <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/04/parentsknowisimswap.png">said</a> . “So, if they see [that] they think I’m hacking.”<br> The messages reveal that each time LAPSUS$ was cut off from a T-Mobile employee’s account — either because the employee tried to log in or change their password — they would just <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/04/anothertmob.png">find or buy another set of T-Mobile VPN credentials</a> . T-Mobile currently has approximately 75,000 employees worldwide.<br> On March 19, 2022, the logs and accompanying screenshots show LAPSUS$ had <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/04/hasatlas1.png">gained access to Atlas</a> , a powerful internal T-Mobile tool for managing customer accounts.<br> LAPSUS$ leader White/Lapsus Jobs looking up the Department of Defense in T-Mobile’s internal Atlas system.<br> After gaining access to Atlas, White proceeded to look up T-Mobile accounts associated with the FBI and Department of Defense (see image above). Fortunately, those accounts were listed as requiring additional verification procedures before any changes could be processed.<br> Faced with increasingly vocal pleadings from other LAPSUS$ members <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/04/killatlasin1second.png">not to burn their access to Atlas and other tools</a> by trying to SIM swap government accounts, White unilaterally decided to <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/04/anothertmob.png">terminate the VPN connection permitting access to T-Mobile’s network.</a><br> The other LAPSUS$ members desperately wanted to SIM swap some wealthy targets for money. Amtrak <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/04/whyyyyyyy.png">throws a fit</a> , saying “ <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/04/workedreallyhardforthis.png">I worked really hard for this!</a> ” White calls the Atlas access trash and then kills the VPN connection anyway, saying he wanted to focus on using their illicit T-Mobile access to steal source code.<br> A screenshot taken by LAPSUS$ inside T-Mobile’s source code repository at Bitbucket.<br> Perhaps to mollify his furious teammates, White changed the subject and told them he’d gained access to T-Mobile’s Slack and Bitbucket accounts. He said he’d figured out how to upload files to the virtual machine he had access to at T-Mobile. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/#more-59472">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/">Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code</a><br> https://www.whatsupup.com/blog/sited/implore/20220422-121502/ Fri, 22 Apr 2022 12:15:01 +0000 https://www.whatsupup.com/blog/sited/implore/20220422-121502/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/22/technology/tech-regulation-europe-us.html">News Analysis As Europe Approves New Tech Laws, the U.S. Falls Further Behind Federal privacy bills, security legislation and antitrust laws to address the power of the tech giants have all failed to advance in Congress, despite hand wringing and shows of bipartisan support. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220422-080804/ Fri, 22 Apr 2022 08:08:04 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220422-080804/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-to-create-a-time-picker-in-react/">Date and time formatting varies globally, which can confuse users. Date and time pickers (DTPs) solve this problem by providing a simple UI component with intuitive pop-up or drop-down calendar elements. Here's how to create a React time picker in a simple demo app.</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220422-041438/ Fri, 22 Apr 2022 04:14:37 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220422-041438/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-snapchats-product-is-booming">Why Snapchat’s Product Is Booming</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-snapchats-product-is-booming">The company withstood Facebook’s best swing, now it’s growing fast again. Here’s why.</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220421-161649/ Thu, 21 Apr 2022 16:16:48 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220421-161649/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/04/adopting-users-design-feedback/">Adopting users’ design feedback →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/04/adopting-users-design-feedback/">Adopting users’ design feedback</a><br> <hr> On March 1st, 2022, MDN Web Docs released a new design and a new brand identity. Overall, the community responded to the redesign enthusiastically and we received many positive messages and kudos. We also received valuable feedback on some of the things we didn’t get quite right, like the browser compatibility table changes as well as some accessibility and readability issues.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20220421-161549/ Thu, 21 Apr 2022 16:15:49 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20220421-161549/ Thomson Reuters<br> Europe <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/europe/no-lights-no-heat-no-money-thats-life-ukraine-during-cyber-warfare-2022-01-14/">No lights, no heat, no money - that's life in Ukraine during cyber warfare , article with image</a> January 14, 2022<br> Technology <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/major-tech-companies-struggle-plug-holes-logging-software-2021-12-16/">Major tech companies struggle to plug holes in logging software , article with image</a> December 16, 2021<br> United States <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/exclusive-us-lawmakers-call-sanctions-against-israels-nso-other-spyware-firms-2021-12-15/">U.S. lawmakers call for sanctions against Israel's NSO, other spyware firms , article with gallery</a> December 15, 2021<br> U.S. Markets <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/us/us-cybersecurity-officials-see-mainly-low-impact-attacks-logging-flaw-so-far-2021-12-15/">U.S. cybersecurity officials see mainly low-impact attacks from logging flaw, so far , article with image</a> December 15, 2021<br> Technology <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/widely-used-software-with-key-vulnerability-sends-cyber-defenders-scrambling-2021-12-13/">Widely used software with key vulnerability sends cyber defenders scrambling , article with gallery</a> December 13, 2021<br> Technology <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/ransomware-attack-australian-utility-claimed-by-russian-speaking-criminals-2021-12-08/">Ransomware attack on Australian utility claimed by Russian-speaking criminals , article with image</a> December 9, 2021<br> Technology <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/us-seizes-6-mln-ransom-payments-charge-ukrainian-over-cyberattack-cnn-2021-11-08/">U.S. charges Ukrainian and Russian in major ransomware spree, seizes $6 mln , article with gallery</a> November 9, 2021<br> Technology <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/">EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline , article with gallery</a> October 21, 2021<br> Technology <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/china-linked-hacking-group-accessing-calling-records-worldwide-crowdstrike-says-2021-10-19/">China-linked hacking group accessing calling records worldwide, CrowdStrike says , article with image</a> October 19, 2021<br> Government <a rel="noreferrer" target="_blank" href="https://www.reuters.com/legal/government/us-authorities-disclose-ransomware-attacks-against-water-facilities-2021-10-14/">U.S. authorities disclose ransomware attacks against water facilities , article with image</a> October 14, 2021<br> United States <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/hackers-solarwinds-breach-stole-data-us-sanctions-policy-intelligence-probes-2021-10-07/">Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes , article with image</a> October 8, 2021<br> Technology <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/expressvpn-employees-complain-about-ex-spys-top-role-company-2021-09-23/">ExpressVPN employees complain about ex-spy's top role at company , article with gallery</a> September 23, 2021<br> Technology <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-wide-ranging-solarwinds-probe-sparks-fear-corporate-america-2021-09-10/">Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America , article with gallery</a> September 10, 2021<br> World <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/pro-china-social-media-campaign-expands-new-countries-blames-us-covid-2021-09-08/">Pro-China social media campaign hits new countries, blames U.S. for COVID , article with image</a> September 9, 2021<br> Technology <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/microsoft-warns-azure-customers-flaw-that-could-have-permitted-hackers-access-2021-09-08/">Microsoft warns Azure customers of flaw that could have permitted hackers access to data , article with image</a> September 9, 2021<br> Technology <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/researchers-cybersecurity-agency-urge-action-by-microsoft-cloud-database-users-2021-08-28/">Researchers, cybersecurity agency urge action by Microsoft cloud database users , article with image</a> August 30, 2021<br> Technology <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-policy-groups-ask-apple-drop-plans-inspect-imessages-scan-abuse-images-2021-08-19/">Policy groups ask Apple to drop plans to inspect iMessages, scan for abuse images , article with gallery</a> August 19, 2021<br> https://www.whatsupup.com/blog/palpable/mulla/20220421-080538/ Thu, 21 Apr 2022 08:05:37 +0000 https://www.whatsupup.com/blog/palpable/mulla/20220421-080538/ <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2022/04/20/function-keys.html">Little stories for every function key</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220420-201725/ Wed, 20 Apr 2022 20:17:25 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220420-201725/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2010/12/03/typed-type-level-programming-status-report/">Typed type-level programming: status report</a><br> https://www.whatsupup.com/blog/sited/implore/20220420-201441/ Wed, 20 Apr 2022 20:14:40 +0000 https://www.whatsupup.com/blog/sited/implore/20220420-201441/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/20/technology/barack-obama-disinformation.html">Barack Obama Takes On a New Role: Fighting Disinformation The former president has embarked on a campaign to warn that the scourge of online falsehoods has eroded the foundations of democracy. By Steven Lee Myers and Cecilia Kang</a><br> https://www.whatsupup.com/blog/glooming/wrackful/20220420-120719/ Wed, 20 Apr 2022 12:07:19 +0000 https://www.whatsupup.com/blog/glooming/wrackful/20220420-120719/ <a rel="noreferrer" target="_blank" href="https://robertheaton.com/almost-scammed/">I'm a security engineer and I still almost got scammed</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220420-001645/ Wed, 20 Apr 2022 00:16:45 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220420-001645/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/19/technology/elon-musk-twitter.html">Elon Musk Races to Secure Financing for Twitter Bid The world’s richest man is trying to shore up debt financing, including potentially taking out a loan against his shares of Tesla, so he can buy Twitter for $43 billion. By Lauren Hirsch</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220420-001327/ Wed, 20 Apr 2022 00:13:26 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220420-001327/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-01087-2">Next stop, Uranus? Icy planet tops priority list for next big NASA mission</a><br></p> <hr> Influential panel’s recommendation makes the ice giant a likely destination for a flagship space mission.<br> https://www.whatsupup.com/blog/spectrometry/obol/20220419-201316/ Tue, 19 Apr 2022 20:13:15 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220419-201316/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html">The More You Know, The More You Know You Don’t Know</a> (Apr)<br> https://www.whatsupup.com/blog/gonadal/revving/20220419-161610/ Tue, 19 Apr 2022 16:16:10 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220419-161610/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2018/05/21/ertugrul-soylemez-1985-2018/">Ertugrul Söylemez: 1985-2018</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20220419-161226/ Tue, 19 Apr 2022 16:12:25 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220419-161226/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html">The More You Know, The More You Know You Don’t Know</a><br></p> <hr> A Year in Review of 0-days Used In-the-Wild in 2021<br> Posted by Maddie Stone, Google Project Zero<br> This is our third annual year in review of 0-days exploited in-the-wild [ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/02/deja-vu-lnerability.html">2020</a> , <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html">2019</a> ]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a group, looking for trends, gaps, lessons learned, successes, etc. If you’re interested in the analysis of individual exploits, please check out our <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/p/rca.html">root cause analysis repository</a> .<br> We perform and share this analysis in order to make 0-day hard . We want it to be more costly, more resource intensive, and overall more difficult for attackers to use 0-day capabilities. 2021 highlighted just how important it is to stay relentless in our pursuit to make it harder for attackers to exploit users with 0-days. We heard <a rel="noreferrer" target="_blank" href="https://forbiddenstories.org/about-the-pegasus-project/">over</a> and <a rel="noreferrer" target="_blank" href="https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/">over</a> and <a rel="noreferrer" target="_blank" href="https://www.amnesty.org/en/latest/research/2021/11/devices-of-palestinian-human-rights-defenders-hacked-with-nso-groups-pegasus-spyware-2/">over</a> about how governments were targeting journalists, minoritized populations, politicians, human rights defenders, and even security researchers around the world. The decisions we make in the security and tech communities can have real impacts on society and our fellow humans’ lives.<br> We’ll provide our evidence and process for our conclusions in the body of this post, and then wrap it all up with our thoughts on next steps and hopes for 2022 in the conclusion. If digging into the bits and bytes is not your thing, then feel free to just check-out the Executive Summary and Conclusion.<br> Executive Summary<br> 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the previous maximum of 28 detected in 2015 and especially stark when you consider that there were only 25 detected in 2020. We’ve tracked publicly known in-the-wild 0-day exploits in <a rel="noreferrer" target="_blank" href="https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=0">this spreadsheet</a> since mid-2014.<br> While we often talk about the number of 0-day exploits used in-the-wild, what we’re actually discussing is the number of 0-day exploits detected and disclosed as in-the-wild. And that leads into our first conclusion: we believe the large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits.<br> With this record number of in-the-wild 0-days to analyze we saw that attacker methodology hasn’t actually had to change much from previous years . Attackers are having success using the same bug patterns and exploitation techniques and going after the same attack surfaces. Project Zero’s mission is “make 0day hard”. 0-day will be harder when, overall, attackers are not able to use public methods and techniques for developing their 0-day exploits. When we look over these 58 0-days used in 2021, what we see instead are 0-days that are similar to previous & publicly known vulnerabilities. Only two 0-days stood out as novel: one for the technical sophistication of its exploit and the other for its use of logic bugs to escape the sandbox.<br> So while we recognize the industry’s improvement in the detection and disclosure of in-the-wild 0-days, we also acknowledge that there’s a lot more improving to be done. Having access to more “ground truth” of how attackers are actually using 0-days shows us that they are able to have success by using previously known techniques and methods rather than having to invest in developing novel techniques. This is a clear area of opportunity for the tech industry.<br> We had so many more data points in 2021 to learn about attacker behavior than we’ve had in the past. Having all this data, though, has left us with even more questions than we had before. Unfortunately, attackers who actively use 0-day exploits do not share the 0-days they’re using or what percentage of 0-days we’re missing in our tracking, so we’ll never know exactly what proportion of 0-days are currently being found and disclosed publi cly.<br> Based on our analysis of the 2021 0-days we hope to see the following progress in 2022 in order to continue taking steps towards making 0-day hard:<br> All vendors agree to disclose the in-the-wild exploitation status of vulnerabilities in their security bulletins.<br> Exploit samples or detailed technical descriptions of the exploits are shared more widely.<br> Continued concerted efforts on reducing memory corruption vulnerabilities or rendering them unexploitable.Launch mitigations that will significantly impact the exploitability of memory corruption vulnerabilities.<br> A Record Year for In-the-Wild 0-days<br> 2021 was a record year for in-the-wild 0-days. So what happened?<br> Is it that software security is getting worse? Or is it that attackers are using 0-day exploits more? Or has our ability to detect and disclose 0-days increased? When looking at the significant uptick from 2020 to 2021, we think it's mostly explained by the latter. While we believe there has been a steady growth in interest and investment in 0-day exploits by attackers in the past several years, and that security still needs to urgently improve, it appears that the security industry's ability to detect and disclose in-the-wild 0-day exploits is the primary explanation for the increase in observed 0-day exploits in 2021.<br> While we often talk about “0-day exploits used in-the-wild”, what we’re actually tracking are “0-day exploits detected and disclosed as used in-the-wild”. There are more factors than just the use that contribute to an increase in that number, most notably: detection and disclosure. Better detection of 0-day exploits and more transparently disclosed exploited 0-day vulnerabilities is a positive indicator for security and progress in the industry.<br> Overall, we can break down the uptick in the number of in-the-wild 0-days into:<br> More detection of in-the-wild 0-day exploits<br> More public disclosure of in-the-wild 0-day exploitation<br> More detection<br> In the <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html">2019 Year in Review</a> , we wrote about the “Detection Deficit”. We stated “ As a community, our ability to detect 0-days being used in the wild is severely lacking to the point that we can’t draw significant conclusions due to the lack of (and biases in) the data we have collected .” In the last two years, we believe that there’s been progress on this gap.<br> Anecdotally, we hear from more people that they’ve begun working more on detection of 0-day exploits. Quantitatively, while a very rough measure, we’re also seeing the number of entities credited with reporting in-the-wild 0-days increasing. I t stands to reason that if the number of people working on trying to find 0-day exploits increases, then the number of in-the-wild 0-day exploits detected may increase.<br> We’ve also seen the number of vendors detecting in-the-wild 0-days in their own products increasing. Whether or not these vendors were previously working on detection, vendors seem to have found ways to be more successful in 2021. Vendors likely have the most telemetry and overall knowledge and visibility into their products so it’s important that they are investing in (and hopefully having success in) detecting 0-days targeting their own products. As shown in the chart above , there was a significant increase in the number of in-the-wild 0-days discovered by vendors in their own products. Google discovered 7 of the in-the-wild 0-days in their own products and Microsoft discovered 10 in their products!<br> More disclosure<br> The second reason why the number of detected in-the-wild 0-days has increased is due to more disclosure of these vulnerabilities. Apple and Google Android (we differentiate “Google Android” rather than just “Google” because Google Chrome has been annotating their security bulletins for the last few years) first began labeling vulnerabilities in their security advisories with the information about potential in-the-wild exploitation in November 2020 and January 2021 respectively. When vendors don’t annotate their release notes, the only way we know that a 0-day was exploited in-the-wild is if the researcher who discovered the exploitation comes forward. If Apple and Google Android had not begun annotating their release notes, the public would likely not know about at least 7 of the Apple in-the-wild 0-days and 5 of the Android in-the-wild 0-days. Why? Because these vulnerabilities were reported by “Anonymous” reporters. If the reporters didn’t want credit for the vulnerability, it’s unlikely that they would have gone public to say that there were indications of exploitation. That is 12 0-days that wouldn’t have been included in this year’s list if Apple and Google Android had not begun transparently annotating their security advisories.<br> Kudos and thank you to Microsoft, Google Chrome, and Adobe who have been annotating their security bulletins for transparency for multiple years now! And thanks to Apache who also annotated their release notes for <a rel="noreferrer" target="_blank" href="https://httpd.apache.org/security/vulnerabilities_24.html">CVE-2021-41773</a> this past year.<br> In-the-wild 0-days in Qualcomm and ARM products were annotated as in-the-wild in Android security bulletins, but not in the vendor’s own security advisories.<br> It's highly likely that in 2021, there were other 0-days that were exploited in the wild and detected, but vendors did not mention this in their release notes. In 2022, we hope that more vendors start noting when they patch vulnerabilities that have been exploited in-the-wild. Until we’re confident that all vendors are transparently disclosing in-the-wild status, there’s a big question of how many in-the-wild 0-days are discovered, but not labeled publicly by vendors.<br> New Year, Old Techniques<br> We had a record number of “data points” in 2021 to understand how attackers are actually using 0-day exploits. A bit surprising to us though, out of all those data points, there was nothing new amongst all this data. 0-day exploits are considered one of the most advanced attack methods an actor … https://www.whatsupup.com/blog/ideo/fleury/20220419-160524/ Tue, 19 Apr 2022 16:05:23 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220419-160524/ Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under its earlier name, “ Ryuk .”<br> On April 13, Microsoft said it executed <a rel="noreferrer" target="_blank" href="https://blogs.microsoft.com/on-the-issues/2022/04/13/zloader-botnet-disrupted-malware-ukraine/">a legal sneak attack</a> against Zloader , a remote access trojan and malware platform that multiple ransomware groups have used to deploy their malware inside victim networks. More specifically, Microsoft <a rel="noreferrer" target="_blank" href="https://noticeofpleadings.com/Zloader/">obtained a court order</a> that allowed it to seize 65 domain names that were used to maintain the Zloader botnet.<br> Microsoft’s civil lawsuit against Zloader names seven “John Does,” essentially seeking information to identify cybercriminals who used Zloader to conduct ransomware attacks. As the company’s complaint notes, some of these John Does were associated with lesser ransomware collectives such as Egregor and Netfilim .<br> But according to Microsoft and <a rel="noreferrer" target="_blank" href="https://www.cisa.gov/uscert/ncas/alerts/aa21-265a">an advisory</a> from the U.S. Cybersecurity & Infrastructure Security Agency (CISA), Zloader had a special relationship with Ryuk/Conti, acting as <a rel="noreferrer" target="_blank" href="https://threatpost.com/malsmoke-microsoft-e-signature-verification/177363/">a preferred distribution platform for deploying Ryuk/Conti ransomware</a> .<br> Several parties backed Microsoft in its legal efforts against Zloader by filing supporting declarations, including Errol Weiss , a former penetration tester for the U.S. National Security Agency (NSA). Weiss now serves as the chief security officer of the <a rel="noreferrer" target="_blank" href="https://www.h-isac.org">Health Information Sharing & Analysis Center</a> (H-ISAC), an industry group that shares information about cyberattacks against healthcare providers.<br> Weiss said ransomware attacks from Ryuk/Conti have impacted hundreds of healthcare facilities across the United States, including facilities located in 192 cities and 41 states and the District of Columbia.<br> “The attacks resulted in the temporary or permanent loss of IT systems that support many of the provider delivery functions in modern hospitals resulting in cancelled surgeries and delayed medical care,” Weiss said in <a rel="noreferrer" target="_blank" href="https://noticeofpleadings.com/zloader/files/Application%20for%20TRO/TRO%2008%20-%20Weiss%20Decl%20with%20Ex%201%20ISO%20TRO%20and%20PI.pdf">a declaration</a> (PDF) with the U.S. District Court for the Northern District of Georgia.<br> “Hospitals reported revenue losses due to Ryuk infections of nearly $100 million from data I obtained through interviews with hospital staff, public statements, and media articles,” Weiss wrote. “The Ryuk attacks also caused an estimated $500 million in costs to respond to the attacks – costs that include ransomware payments, digital forensic services, security improvements and upgrading impacted systems plus other expenses.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/contis-ransomware-toll-on-the-healthcare-industry/#more-59446">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/contis-ransomware-toll-on-the-healthcare-industry/">Conti’s Ransomware Toll on the Healthcare Industry</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220419-041632/ Tue, 19 Apr 2022 04:16:32 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220419-041632/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2007/06/21/solving-an-arithmetic-puzzle-with-haskell/">Solving an arithmetic puzzle with Haskell</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220419-001152/ Tue, 19 Apr 2022 00:11:51 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220419-001152/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/04/18/E-Bike">4,000,000m Lessons</a> · The odometer on <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/201x/2019/06/09/Micromobility">my e-bike</a> clicked over to 4K and, rather than a general-purpose “e-bikes are great” rave, I thought I’d assemble a few concrete arguments for them, suitable for re-use with friends and loved ones in the (likely) case that you’re already convinced. With pictures <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/04/18/E-Bike">…</a><br> , selected pointers to long-form pieces that have added value to my semi-retired days and one or two of which might reward you if you make time for them. A few of this month’s pieces aren’t free; it’s a bitter fact that the truth is paywalled but the lies are free. Sorry <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/04/04/Long-Links">…</a> [2 comments]<br> https://www.whatsupup.com/blog/rat/realty/20220417-200933/ Sun, 17 Apr 2022 20:09:32 +0000 https://www.whatsupup.com/blog/rat/realty/20220417-200933/ <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2022/04/17/canonsofcbor.html">The several canons of CBOR</a> (17 Apr 2022)<br> There are many encoding formats. CBOR is one of them. Like several others, a subset of it basically fine—I'm not starting that fight today.<br> Whatever encoding you use, it's nice to reduce flexibility. If there are multiple ways of encoding the same thing then, for anything with a non-negligible diversity of implementations, you'll find that there is a canonical encoding, it's just not documented. As soon as one implementation tries using a valid, but less common encoding, it'll find that it doesn't work and something will change to sort it all out. But that process of eventual coordination is expensive—better to do it explicitly and up-front.<br> For example, TCP options are chunks of tag–length–value and the spec doesn't define any restriction on their ordering. That didn't stop me <a rel="noreferrer" target="_blank" href="https://lwn.net/Articles/304791/?format=printable">blowing up a Ubuntu release</a> because a change of mine happened to alter the order that Linux sent them, and some DSL modems dropped packets when options came in that order. That's an expensive discovery of an implicit canonicalisation rule.<br> If you're using CBOR then RFC 7049 has a <a rel="noreferrer" target="_blank" href="https://datatracker.ietf.org/doc/html/rfc7049#section-3.9">section</a> titled “Canonical CBOR”. One of the things it defines is how to order map elements. Great! No more TCP options messes. You can read that section for yourself, but one interpretation of the words there is what I'll call the three-step ordering for map keys:<br> Lowest valued types come first then, within each type,<br> Shortest encoded key comes first then, within consecutive keys with equal lengths,<br> Sort lexicographically.<br> However, there is another interpretation of the same section which I'll call the two-step ordering. It drops the first step, i.e. doesn't sort by types. When I first read that section, I certainly came away with only one interpretation, but I can somewhat see how the other arises.<br> CTAP, the protocol for talking to security keys, uses CBOR a lot and <a rel="noreferrer" target="_blank" href="https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#message-encoding">explicitly picks</a> the three-step ordering. <a rel="noreferrer" target="_blank" href="https://www.rfc-editor.org/errata_search.php?eid=4409">An errata</a> was eventually raised against the RFC to “clarify” that the three-step order was correct, but it was rejected as a semantic change. So perhaps that's an official ruling that two-step was the correct understanding?<br> It only matters if you mix different types of keys in the same map, and sometimes you don't, so maybe it's moot for you. (But keep in mind that negative and non-negative numbers are different types in CBOR.) Anyway, the IETF revised the CBOR RFC to<br> firmly clarify the issue<br> add a third option:<br> RFC 7049 is obsoleted by 8949. The old “Canonical CBOR” section is replaced by “ <a rel="noreferrer" target="_blank" href="https://datatracker.ietf.org/doc/html/rfc8949#section-4.2.1">Core Deterministic Encoding Requirements</a> ” and that specifies what I'll have to call the one-step ordering:<br> Sort lexicographically on the encoded key.<br> It has some advantages! Like, why was it ever more complicated than that in the first place? But it was, and now there's two (or three) orderings. The two-step ordering even has <a rel="noreferrer" target="_blank" href="https://datatracker.ietf.org/doc/html/rfc8949#section-4.2.3">a subsection</a> of its own in the new RFC and a note saying that it “could be called Old Canonical CBOR”. If only shipped implementations were as changeable as the X-Men universe.<br> So that's why there's two and half “canonical” CBORs and now I have something that I can reference when people ask me about this.<br> https://www.whatsupup.com/blog/playacted/rededication/20220417-081648/ Sun, 17 Apr 2022 08:16:47 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220417-081648/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2022/04/17/espanol/nazi-ucrania-putin.html">Vladimir Putin habla de ‘desnazificar’ Ucrania. ¿Por qué? El surgimiento del insulto “nazi” muestra cómo el presidente de Rusia intenta utilizar estereotipos, una realidad distorsionada y el trauma persistente de la Segunda Guerra Mundial para justificar su invasión. By Anton Troianovski</a><br> https://www.whatsupup.com/blog/doable/warrantable/20220417-081013/ Sun, 17 Apr 2022 08:10:12 +0000 https://www.whatsupup.com/blog/doable/warrantable/20220417-081013/ This is taking longer than expected, check your Internet connection and reload the page if the problem persists.<br> https://www.whatsupup.com/blog/gonadal/revving/20220416-081759/ Sat, 16 Apr 2022 08:17:59 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220416-081759/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2010/04/07/functional-pearl-on-combinatorial-species/">Functional pearl on combinatorial species</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220416-081724/ Sat, 16 Apr 2022 08:17:24 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220416-081724/ April 16, 2022 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2022/04/16/Stepping-away-from-Gemini.gmi">Stepping away from Gemini</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> https://www.whatsupup.com/blog/spectrometry/obol/20220416-041335/ Sat, 16 Apr 2022 04:13:33 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220416-041335/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html">CVE-2021-1782, an iOS in-the-wild vulnerability in…</a> (Apr)<br> https://www.whatsupup.com/blog/novice/millrace/20220416-041100/ Sat, 16 Apr 2022 04:11:00 +0000 https://www.whatsupup.com/blog/novice/millrace/20220416-041100/ This is taking longer than expected, check your Internet connection and reload the page if the problem persists.<br> https://www.whatsupup.com/blog/beautifying/hagriding/20220416-002031/ Sat, 16 Apr 2022 00:20:30 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220416-002031/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/04/podcast-episode-making-hope-adam-savage">Podcast Episode: Making Hope with Adam Savage</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20220416-002029/ Sat, 16 Apr 2022 00:20:29 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20220416-002029/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/04/podcast-episode-making-hope-adam-savage">Podcast Episode: Making Hope with Adam Savage</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220416-001738/ Sat, 16 Apr 2022 00:17:38 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220416-001738/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/14/technology/elon-musk-twitter-bid.html">Elon Musk, After Toying With Twitter, Now Wants It All The billionaire executive recently became one of the company’s largest shareholders. Now he says he wants to buy the whole thing and change how it handles speech. By Mike Isaac, Kate Conger and Lauren Hirsch</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2022/04/14/business/elon-musk-twitter/elon-musk-twitter-employees">Worries inside Twitter as employees consider Elon Musk’s takeover bid. At a meeting Thursday, employees expressed concerns about how the social media company would change if Mr. Musk were to overhaul it. By Kate Conger and Mike Isaac</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2022/04/14/business/elon-musk-twitter/twitters-board-of-directors-meets-after-musks-takeover-offer">Twitter’s board is weighing a plan to thwart Musk’s takeover attempt. This was featured in live coverage. By Kate Conger and Lauren Hirsch</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/11/technology/twitter-elon-musk-problem.html">Twitter Grapples With an Elon Musk Problem Mr. Musk, Twitter’s biggest shareholder, is free to buy more stock in the company and could use the platform against itself. Some employees are dismayed. By Mike Isaac and Kate Conger</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/10/technology/elon-musk-twitter-board.html">Elon Musk Will Not Join Twitter’s Board, Company Says The announcement reverses a decision last week, when Twitter said Mr. Musk would become a board member after amassing a 9.2 percent stake in the company. By Mike Isaac</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220416-001659/ Sat, 16 Apr 2022 00:16:58 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220416-001659/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/04/mozilla-partners-with-the-center-for-humane-technology/">Mozilla partners with the Center for Humane Technology →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/04/mozilla-partners-with-the-center-for-humane-technology/">Mozilla partners with the Center for Humane Technology</a><br> <hr> We’re pleased to announce that we have partnered with Center for Humane Tech, a nonprofit organization that radically reimagines the digital infrastructure. Its mission is to drive a comprehensive shift toward humane technology that supports the collective well-being, democracy and shared information environment.<br> https://www.whatsupup.com/blog/underpeopled/multichannel/20220416-001542/ Sat, 16 Apr 2022 00:15:42 +0000 https://www.whatsupup.com/blog/underpeopled/multichannel/20220416-001542/ The modern internet was built on a legal framework of safe harbors for user-generated content. These safe harbors are widely credited with having enabled global internet innovation by protecting online…<br> At GitHub, we put developers first, and we work hard to provide a safe, open, and inclusive platform for code collaboration. This means we are committed to minimizing the disruption…<br> We regularly update our policies to reflect the evolution of our products, changing legal requirements, and user feedback. In this update, we’ve made some changes to our Terms of Service,…<br> As policymakers grapple with how to address hate speech and disinformation on the internet, they’re eying the legal structure underpinning collaborative software development: legal safe harbors. These safe harbors protect…<br> https://www.whatsupup.com/blog/hardened/twinkled/20220416-001540/ Sat, 16 Apr 2022 00:15:40 +0000 https://www.whatsupup.com/blog/hardened/twinkled/20220416-001540/ This morning, we watched in awe as the first Mars Helicopter, Ingenuity, took flight in the thin Martian atmosphere. This is an incredible achievement for the teams at NASA and…<br> Good news: we removed all cookie banners from GitHub! No one likes cookie banners. But cookie banners are everywhere. So how did we pull this off? Well, EU law…<br> https://www.whatsupup.com/blog/overgrazing/propellent/20220416-001523/ Sat, 16 Apr 2022 00:15:23 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220416-001523/ <p><a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/twitter-after-elon">Twitter After Elon</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/twitter-after-elon">Catching a falling knife can hurt like hell.</a><br> <a rel="noreferrer" target="_blank" href="javascript:void(0)">18</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/twitter-after-elon/comments">Comment 1</a><br> <hr> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> <hr> Apr 8<br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/tiktoks-golden-opportunity/comments">Comment</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220416-001442/ Sat, 16 Apr 2022 00:14:42 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220416-001442/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-00998-4">Climate change — four decades of missed opportunities</a><br></p> <hr> The United States should learn from its mistakes on decarbonization.<br> https://www.whatsupup.com/blog/spectrometry/obol/20220416-001416/ Sat, 16 Apr 2022 00:14:15 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220416-001416/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html">CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers</a><br></p> <hr> This blog post is my analysis of a vulnerability exploited in the wild and patched in early 2021. Like the <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/04/cve-2021-30737-xerubs-2021-ios-asn1.html">writeup published last week</a> looking at an ASN.1 parser bug, this blog post is based on the notes I took as I was analyzing the patch and trying to understand the XNU vouchers subsystem. I hope that this writeup serves as the missing documentation for how some of the internals of the voucher subsystem works and its quirks which lead to this vulnerability.<br> CVE-2021-1782 was fixed in iOS 14.4, as noted by <a rel="noreferrer" target="_blank" href="https://twitter.com/s1guza/status/1354575808547999744">@s1guza on twitter</a> :<br> This vulnerability was fixed on January 26th 2021, and Apple updated the iOS 14.4 release notes on May 28th 2021 to indicate that the issue may have been actively exploited:<br> Vouchers<br> What exactly is a voucher?<br> The kernel code has a concise description:<br> Vouchers are a reference counted immutable (once-created) set of indexes to particular resource manager attribute values (which themselves are reference counted).<br> That definition is technically correct, though perhaps not all that helpful by itself.<br> To actually understand the root cause and exploitability of this vulnerability is going to require covering a lot of the voucher codebase. This part of XNU is pretty obscure, and pretty complicated.<br> A voucher is a reference-counted table of keys and values. Pointers to all created vouchers are stored in the global ivht_bucket hash table.<br> For a particular set of keys and values there should only be one voucher object. During the creation of a voucher there is a deduplication stage where the new voucher is compared against all existing vouchers in the hashtable to ensure they remain unique, returning a reference to the existing voucher if a duplicate has been found.<br> Here's the structure of a voucher:<br> struct ipc_voucher {<br> iv_index_t     iv_hash ; /* checksum hash */<br> iv_index_t     iv_sum ; /* checksum of values */<br> os_refcnt_t    iv_refs ; /* reference count */<br> iv_index_t     iv_table_size ; /* size of the voucher table */<br> iv_index_t     iv_inline_table [ IV_ENTRIES_INLINE ];<br> iv_entry_t     iv_table ; /* table of voucher attr entries */<br> ipc_port_t     iv_port ; /* port representing the voucher */<br> queue_chain_t  iv_hash_link ; /* link on hash chain */<br> #define IV_ENTRIES_INLINE MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN<br> The voucher codebase is written in a very generic, extensible way, even though its actual use and supported feature set is quite minimal.<br> Keys<br> Keys in vouchers are not arbitrary. Keys are indexes into a voucher's iv_table ; a value's position in the iv_table table determines what "key" it was stored under. Whilst the vouchers codebase supports the runtime addition of new key types this feature isn't used and there are just a small number of fixed, well-known keys:<br> #define MACH_VOUCHER_ATTR_KEY_ALL (( mach_voucher_attr_key_t )~ 0 )<br> #define MACH_VOUCHER_ATTR_KEY_NONE (( mach_voucher_attr_key_t ) 0 )<br> /* other well-known-keys will be added here */<br> #define MACH_VOUCHER_ATTR_KEY_ATM (( mach_voucher_attr_key_t ) 1 )<br> #define MACH_VOUCHER_ATTR_KEY_IMPORTANCE (( mach_voucher_attr_key_t ) 2 )<br> #define MACH_VOUCHER_ATTR_KEY_BANK (( mach_voucher_attr_key_t ) 3 )<br> #define MACH_VOUCHER_ATTR_KEY_PTHPRIORITY (( mach_voucher_attr_key_t ) 4 )<br> #define MACH_VOUCHER_ATTR_KEY_USER_DATA (( mach_voucher_attr_key_t ) 7 )<br> #define MACH_VOUCHER_ATTR_KEY_TEST (( mach_voucher_attr_key_t ) 8 )<br> #define MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN MACH_VOUCHER_ATTR_KEY_TEST<br> The iv_inline_table in an ipc_voucher has 8 entries. But of those, only four are actually supported and have any associated functionality. The ATM voucher attributes are deprecated and the code supporting them is gone so only IMPORTANCE (2), BANK (3), PTHPRIORITY (4) and USER_DATA (7) are valid keys. There's some confusion (perhaps on my part) about when exactly you should use the term key and when attribute; I'll use them interchangeably to refer to these key values and the corresponding "types" of values which they manage. More on that later.<br> Values<br> Each entry in a voucher iv_table is an iv_index_t :<br> typedef natural_t iv_index_t ;<br> Each value is again an index; this time into a per-key cache of values, abstracted as a "Voucher Attribute Cache Control Object" represented by this structure:<br> struct ipc_voucher_attr_control {<br> os_refcnt_t   ivac_refs ;<br> boolean_t     ivac_is_growing ; /* is the table being grown */<br> ivac_entry_t  ivac_table ; /* table of voucher attr value entries */<br> iv_index_t    ivac_table_size ; /* size of the attr value table */<br> iv_index_t    ivac_init_table_size ; /* size of the attr value table */<br> iv_index_t    ivac_freelist ; /* index of the first free element */<br> ipc_port_t    ivac_port ; /* port for accessing the cache control  */<br> lck_spin_t    ivac_lock_data ;<br> iv_index_t    ivac_key_index ; /* key index for this value */<br> These are accessed indirectly via another global table:<br> static ipc_voucher_global_table_element iv_global_table [ MACH_VOUCHER_ATTR_KEY_NUM_WELL_KNOWN ];<br> (Again, the comments in the code indicate that in the future that this table may grow in size and allow attributes to be managed in userspace, but for now it's just a fixed size array.)<br> Each element in that table has this structure:<br> typedef struct ipc_voucher_global_table_element {<br> ipc_voucher_attr_manager_t      ivgte_manager ;<br> ipc_voucher_attr_control_t      ivgte_control ;<br> mach_voucher_attr_key_t         ivgte_key ;<br> } ipc_voucher_global_table_element ;<br> Both the iv_global_table and each voucher's iv_table are indexed by (key-1) , not key , so the userdata entry is [6] , not [7] , even though the array still has 8 entries.<br> The ipc_voucher_attr_control_t provides an abstract interface for managing "values" and the ipc_voucher_attr_manager_t provides the "type-specific" logic to implement the semantics of each type (here by type I mean "key" or "attr" type.) Let's look more concretely at what that means. Here's the definition of ipc_voucher_attr_manager_t :<br> struct ipc_voucher_attr_manager {<br> ipc_voucher_attr_manager_release_value_t    ivam_release_value ;<br> ipc_voucher_attr_manager_get_value_t        ivam_get_value ;<br> ipc_voucher_attr_manager_extract_content_t  ivam_extract_content ;<br> ipc_voucher_attr_manager_command_t          ivam_command ;<br> ipc_voucher_attr_manager_release_t          ivam_release ;<br> ipc_voucher_attr_manager_flags              ivam_flags ;<br> ivam_flags is an int containing some flags; the other five fields are function pointers which define the semantics of the particular attr type. Here's the ipc_voucher_attr_manager structure for the user_data type:<br> const struct ipc_voucher_attr_manager user_data_manager = {<br> . ivam_release_value = user_data_release_value ,<br> . ivam_get_value = user_data_get_value ,<br> . ivam_extract_content = user_data_extract_content ,<br> . ivam_command = user_data_command ,<br> . ivam_release = user_data_release ,<br> . ivam_flags = IVAM_FLAGS_NONE ,<br> Those five function pointers are the only interface from the generic voucher code into the type-specific code. The interface may seem simple but there are some tricky subtleties in there; we'll get to that later!<br> Let's go back to the generic ipc_voucher_attr_control structure which maintains the "values" for each key in a type-agnostic way. The most important field is ivac_entry_t  ivac_table , which is an array of ivac_entry_s 's . It's an index into this table which is stored in each voucher's iv_table .<br> Here's the structure of each entry in that table:<br> struct ivac_entry_s {<br> iv_value_handle_t ivace_value ;<br> iv_value_refs_t   ivace_layered : 1 , /* layered effective entry */<br> ivace_releasing : 1 , /* release in progress */<br> ivace_free : 1 , /* on freelist */<br> ivace_persist : 1 , /* Persist the entry, don't<br> count made refs */<br> ivace_refs : 28 ; /* reference count */<br> iv_value_refs_t ivaceu_made ; /* made count (non-layered) */<br> iv_index_t      ivaceu_layer ; /* next effective layer<br> (layered) */<br> } ivace_u ;<br> iv_index_t        ivace_next ; /* hash or freelist */<br> iv_index_t        ivace_index ; /* hash head (independent) */<br> ivace_refs is a reference count for this table index. Note that this entry is inline in an array; so this reference count going to zero doesn't cause the ivac_entry_s to be free'd back to a kernel allocator (like the zone allocator for example.) Instead, it moves this table index onto a freelist of empty entries. The table can grow but never shrink.<br> Table entries which aren't free store a type-specific "handle" in ivace_value . Here's the typedef chain for that type:<br> iv_value_handle_t ivace_value<br> typedef mach_voucher_attr_value_handle_t iv_value_handle_t ;<br> typedef uint64_t mach_voucher_attr_value_handle_t ;<br> The handle is a uint64_t but in reality the attrs can (and do) store pointers there, hidden behind casts.<br> A guarantee made by the attr_control is that there will only ever be one (live) ivac_entr y_s for a particular ivace_value . This means that each time a new ivace_value needs an ivac_entry the attr_control 's ivac_table needs to be searched to see if a matching value is already present. To speed this up in-use ivac_entries are linked together in hash buckets so that a (hopefully significantly) shorter linked-list of entries can be searched rather than a linear scan of the whole table. (Note that it's not a linked-list of pointers; each link in the chain is an index into the table.)<br> Userdata attrs<br> user_data is one of the four types of supported, implemented voucher attr types. It's only purpose is to manage buffers of arbitrary, user controlled data. Since the attr_control performs deduping only on the ivace_value (which is a pointer) the userdata attr manager is responsible for ensuring that userdata values which have identical buffer values (matching length and bytes) have identical pointers.<br> To do this it maintains a hash table of user_data_value_element structures, … https://www.whatsupup.com/blog/ewing/undiscernibly/20220416-001334/ Sat, 16 Apr 2022 00:13:34 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220416-001334/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/04/how-to-slsa-part-3-putting-it-all.html">How to SLSA Part 3 - Putting it all together</a><br></p> <hr> Posted by Tom Hennen, software engineer, BCID & GOSST<br> In our last two posts ( <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/04/how-to-slsa-part-1-basics.html">1</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/04/how-to-slsa-part-2-details.html">2</a> ) we introduced a fictional example of Squirrel, Oppy, and Acme learning to SLSA and covered the basics and details of how they’d use SLSA for their organizations. Today we’ll close out the series by exploring how each organization pulls together the various solutions into a heterogeneous supply chain. As a reminder, Acme is trying to produce a container image that contains three artifacts:<br> The Squirrel package ‘foo’<br> The Oppy package ‘baz’<br> A custom executable, ‘bar’, written by Acme employees.<br> The process starts with ‘foo’ package authors triggering a build using GitHub Actions. This results in a new version of ‘foo’ (an artifact with hash ‘abc’) being pushed to the Squirrel repo along with its SLSA provenance (signed by Fulcio) and <a rel="noreferrer" target="_blank" href="https://github.com/in-toto/attestation/issues/47">source attestation</a> . When Squirrel gets this push request it verifies the artifact against the specific policy for ‘foo’ which checks that it was built by GitHub Actions from the expected source repository. After the artifact passes the policy check a VSA is created and the new package, its original SLSA provenance, and the VSA are made public in the Squirrel repo, available to all users of package ‘foo’. Next the maintainers of the Oppy ‘baz’ package trigger a new build using the Oppy Autobuilder. This results in a new version of ‘baz’ (an artifact with hash ‘def’) being pushed to a public Oppy repo with the SLSA provenance (signed by their org-specific keys) published to Rekor. When the repo gets the push request it makes the artifact available to the public. The repo does not perform any verification at this time. An Acme employee then makes a change to their Dockerfile, sending it for review by their co-worker, who approves the change and merges the PR. This then causes the Acme builder to trigger a build. During this build:<br> bar is compiled from source code stored in the same source repo as the Dockerfile.<br> acorn install downloads ‘foo’ from the Squirrel repo, verifying the VSA, and recording the use of acorn://foo@abc and its VSA in the build.<br> acme_oppy_get install (a custom script made by Acme) downloads the latest version of the Oppy ‘baz’ package and queries its SLSA provenance and other attestations from Rekor. It then performs a full verification checking that it was built by ‘https://oppy.example/slsa/builder/v1’ and the publicized key. Once verification is complete it records the use of oppy://baz@def and the associated attestations in the build.<br> The build process assembles the SLSA provenance for the container by:<br> Recording the Acme git repo the bar source and Dockerfile came from, into <a rel="noreferrer" target="_blank" href="https://slsa.dev/provenance/v0.2#materials">materials</a> .<br> Copying the reported dependencies of acorn://foo@abc and oppy://baz@def into <a rel="noreferrer" target="_blank" href="https://slsa.dev/provenance/v0.2#materials">materials</a> and adding their attestations to the output <a rel="noreferrer" target="_blank" href="https://github.com/in-toto/attestation/blob/main/spec/bundle.md">in-toto bundle</a> .<br> Recording the CI/CD entrypoint as the <a rel="noreferrer" target="_blank" href="https://slsa.dev/provenance/v0.2#invocation">invocation</a> .<br> Creating a signed <a rel="noreferrer" target="_blank" href="https://github.com/secure-systems-lab/dsse">DSSE</a> with the SLSA provenance and adding it to the output <a rel="noreferrer" target="_blank" href="https://github.com/in-toto/attestation/blob/main/spec/bundle.md">in-toto bundle</a> .<br> Once the container is ready for release the Acme verifier checks the SLSA provenance (and other data in the in-toto bundle) using the policy from their own policy repo and issues a VSA. The VSA and all associated attestations are then published to an internal Rekor instance. Acme can then create an <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Software_bill_of_materials">SBOM</a> for the container leveraging data about the build as stored in Rekor. Acme then publishes the container image, the VSA, and the SBOM on Dockerhub. Downstream users of this Acme container can then check the Acme issued VSA, and if there are any problems Acme can consult their internal Rekor instance to get more details on the build allowing Acme to trace all of their dependencies back to source code and the systems used to create them. Conclusion With SLSA implemented in the ways described in this series, downstream users are protected from many of <a rel="noreferrer" target="_blank" href="https://slsa.dev/spec/v0.1/threats">the threats affecting the software supply chain today</a> . While users still need to trust certain parties, the number of systems requiring trust is much lower and users are in a much better position to investigate any issues that arise. We’d love to see the ideas in this series implemented, refuted, or used as a foundation to build even stronger solutions. We’d also love to hear some other methods on how to solve these issues. <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa#get-involved">Show us</a> how you like to SLSA.<br> <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/04/how-to-slsa-part-2-details.html">How to SLSA Part 2 - The Details</a><br> <hr> Posted by Tom  Hennen, software engineer, BCID & GOSST<br> In <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/04/how-to-slsa-part-1-basics.html">our last post</a> we introduced a fictional example of Squirrel, Oppy, and Acme learning to use SLSA and covered the basics of what their implementations might look like. Today we’ll cover the details: where to store attestations and policies, what policies should check, and how to handle key distribution and trust.<br> Attestation storage<br> Attestations play a large role in SLSA and it’s essential that consumers of artifacts know where to find the attestations for those artifacts.<br> Co-located in repo Attestations could be colocated in the repository that hosts the artifact. This is how Squirrel plans to store attestations for packages. They even want to add support to the Squirrel CLI (e.g. acorn get-attestations foo@1.2.3). Acme really likes this approach because the attestations are always available and it doesn’t introduce any new dependencies.<br> Rekor<br> Meanwhile, Oppy plans to store attestations in <a rel="noreferrer" target="_blank" href="https://github.com/sigstore/rekor">Rekor</a> . They like being able to direct users to an existing public instance while not having to maintain any new infrastructure themselves, and the in-depth defense the transparency log provides against tampering with the attestations. Though the latency of querying attestations from Rekor is likely too high for doing verification at time of use, Oppy isn’t too concerned since they expect users to query Rekor at install time. Hybrid A hybrid model is also available where the publisher stores the attestations in Rekor as well as co-located with the artifact in the repo—along with Rekor’s inclusion proof. This provides confidence the data was added to Rekor while providing the benefits of co-locating attestations in the repository.<br> Policy content<br> ‘Policy’ refers to the rules used to determine if an artifact should be allowed for a use case. Policies often use the package name as a proxy for determining the use case. An example being, if you want to find the policy to apply you could look up the policy using the package name of the artifact you’re evaluating. Policy specifics may vary based on ease of use, availability of data, risk tolerance and more. Full verification needs more from policies than delegated verification does.<br> Default policy Default policies allow admission decisions without the need to create specific policies for each package. A default policy is a way of saying “anything that doesn’t have a more specific policy must comply with this policy”. Squirrel plans to eventually implement a default policy of “any package without a more specific policy will be accepted as long as it meets SLSA 3”, but they recognize that most packages don’t support this yet. Until they achieve critical mass they’ll have a default SLSA 0 policy (all artifacts are accepted). While Oppy is leaving verification to their users, they’ll suggest a default policy of “any package built by ‘https://oppy.example/slsa/builder/v1’”.<br> Specific policy Squirrel also plans to allow users to create policies for specific packages. For example, this policy requires that package ‘foo’ must have been built by GitHub Actions, from github.com/foo/acorn-foo, and be SLSA 4.<br> scope : 'acorn://foo'<br> target_level : SLSA_L4<br> allow_github_actions {<br> workflow : 'https://github.com/gossts/slsa-acorn/.github/workflows/builder.yml@main'<br> source_repo : 'https://github.com/foo/acorn-foo.git'<br> allow_branch : 'main'<br> Squirrel will also allow packages to create SLSA 0 policies if they’re not using SLSA compliant infrastructure.<br> scope : 'acorn://qux'<br> Policy auto generation<br> Squirrel has an enormous number of existing packages. It’s not feasible to get all those package maintainers to create specific policies themselves. Therefore, Squirrel plans to leverage <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Process_mining">process mining</a> to auto generate policies for packages based on the history of the package. E.g. “The last 10 times Squirrel package foo was published it was built by GitHub Actions from github.com/foo/acorn-foo, and met SLSA 4 (this is the policy above). Let’s create a policy that requires that and send it to the maintainers to review.” Policy add-ons Policy evaluation could do more than just evaluate the SLSA requirements. The same policies that check SLSA requirements are well placed to check other properties that are important to organizations like “was static analysis performed”, “are there any known CVEs in this artifact”, “was integration testing successful”, etc… Acme is really interested in some of these policy add-ons. They’d like to avoid the embarrassing situation of publishing a new container image with known CVEs. They’re not sure how to implement it yet but they’ll be on the lookout for tools that can help them do so.<br> Delegated policies When using delegated verification there’s much less that actually needs to be checked and they can be hard-coded directly in tooling. A minimal delegated verification policy might be “allow if trusted-party verified this artifact (identified by digest) as <package name>”. This can be tightened further by adding requirements on the artifact & its dependencies SLSA levels (data which is available in the VSA). For example, “allow if trusted-party verified this artifact as <package name> at SLSA 3 and it doesn’t have any dependencies less than SLSA 2”.<br> # Delegated verification implicitly checks that the package name we're<br> # checking matches the VSA's subject.name field.<br> allow_delegated_verification {<br> trusted_verifier : 'https://delegatedverifier.com/slsa/v1'<br> minimum_level : SLSA_L3<br> minimum_dependency_level : SLSA_L2<br> Policy storage<br> When using specific, non-default, policies … https://www.whatsupup.com/blog/boxed/modification/20220416-001331/ Sat, 16 Apr 2022 00:13:31 +0000 https://www.whatsupup.com/blog/boxed/modification/20220416-001331/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#argument-dependent-lookup">argument-dependent-lookup</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#customization-points">customization-points</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#library-design">library-design</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#name-lookup">name-lookup</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pitfalls">pitfalls</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#slack">slack</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#standard-library-trivia">standard-library-trivia</a><br> As seen on the <a rel="noreferrer" target="_blank" href="https://cppalliance.org/slack/">cpplang Slack</a> (hat tip to Jody Hagins). Recall my post <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">“What is the std::swap two-step?”</a> (2020-07-11), where I said:<br> A qualified call like<br> base::frotz(t)<br> indicates, “I’m sure I know how to<br> frotz<br> whatever this thing may be. No type<br> T<br> will ever know better than me how to<br> .”<br> An unqualified call using the two-step, like<br> using my::xyzzy; xyzzy(t)<br> , indicates, “I know one way to<br> xyzzy<br> whatever this thing may be, but<br> itself might know a better way. If<br> has an opinion, you should trust<br> over me.”<br> An unqualified call not using the two-step, like<br> plugh(t)<br> , indicates, “Not only should you trust<br> over me, but I myself have no idea how to<br> plugh<br> anything. Type<br> must come up with a solution; I offer no guidance here.”<br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220416-001250/ Sat, 16 Apr 2022 00:12:50 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220416-001250/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/04/13/Three-Perfect-Tools">Three Perfect Tools</a> · We live in a world of things that have Product Managers and Design Teams and Documentation Architecture and often vast ambition. And yet, so many of them are so bad. And worse, some which are good <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/08/07/Apps-Get-Worse">then become bad</a> for no good reason. There is a particular joy in a product that just does what you need done, in about the way you expect or (thrillingly) better, and isn’t hard to figure out, and doesn’t change unnecessarily. Here are three to learn from <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/04/13/Three-Perfect-Tools">…</a><br> , selected pointers to long-form pieces that have added value to my semi-retired days and one or two of which might reward you if you make time for them. A few of this month’s pieces aren’t free; it’s a bitter fact that the truth is paywalled but the lies are free. Sorry <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/04/04/Long-Links">…</a> [1 comment]<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220416-000850/ Sat, 16 Apr 2022 00:08:50 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220416-000850/ <p><a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-we-upgraded-postgresql-database/">Last fall, we migrated our 4TB Postgres database from version 9.6 to version 13 with minimal downtime. In this post, we’ll tell the story and share tips to help you with a similar upgrade.</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/react-component-libraries/">Get an overview of the best React component libraries looking at several factors like popularity, use cases, documentation, resources, support, and more.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/filtering-data-in-react-filter-map-and-for-loops/">In this post, you’ll learn some common data filtering techniques in JavaScript and their application in React. We’ll run through `filter()`, `map()`, and good old `for` loops, covering their strengths and limitations, and when to use a specific method over another.</a><br> https://www.whatsupup.com/blog/reigned/coffeecake/20220416-000805/ Sat, 16 Apr 2022 00:08:04 +0000 https://www.whatsupup.com/blog/reigned/coffeecake/20220416-000805/ New: <a rel="noreferrer" target="_blank" href="http://paulgraham.com/heresy.html">Heresy</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/words.html">Words</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/goodtaste.html">Taste</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/smart.html">Smart</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/weird.html">Weird</a><br> https://www.whatsupup.com/blog/augur/cussed/20220416-000737/ Sat, 16 Apr 2022 00:07:37 +0000 https://www.whatsupup.com/blog/augur/cussed/20220416-000737/ This is taking longer than expected, check your Internet connection and reload the page if the problem persists.<br> https://www.whatsupup.com/blog/popularization/compilable/20220416-000730/ Sat, 16 Apr 2022 00:07:30 +0000 https://www.whatsupup.com/blog/popularization/compilable/20220416-000730/ <p><a rel="noreferrer" target="_blank" href="https://jeffhuang.com/computer-science-open-data/">Computer Science Open Data</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/computer-science-open-data/#cs-faculty-composition-and-hiring-trends">CS Faculty</a> Composition and Hiring Trends [ <a rel="noreferrer" target="_blank" href="https://drafty.cs.brown.edu/csprofessors?src=jeffhome">source</a> ]<br> Bias in <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/computer-science-open-data/#bias-in-computer-science-rankings">Computer Science Rankings</a> [ <a rel="noreferrer" target="_blank" href="https://drafty.cs.brown.edu/csopenrankings/">source</a> ]<br> Who Wins <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/computer-science-open-data/#who-wins-cs-best-paper-awards">CS Best Paper Awards</a> ? [ <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/best_paper_awards/">source</a> ]<br> Verified <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/computer-science-open-data/#verified-computer-science-phd-stipends">Computer Science Ph.D. Stipends</a> [ <a rel="noreferrer" target="_blank" href="https://forms.gle/oLaYneCnvHCX6CKPA">source</a> ]<br> On Timeless Publishing<br> On Personal Data Tracking<br> https://www.whatsupup.com/blog/rubicundity/envenomation/20220416-000705/ Sat, 16 Apr 2022 00:07:05 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220416-000705/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-not-to-get-overwhelmed-by-tasks">How not to get overwhelmed by tasks</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-increase-your-attention-span-5-key-strategies">How to increase your attention span: 5 key strategies</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/learn-to-tolerate-discomfort-or-suffer-escaping-from-it">Learn to tolerate discomfort or suffer escaping from it</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/find-go-to-activities-that-arent-scrolling-or-watching">Find go-to activities that aren't scrolling or watching</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-danger-of-expecting-work-to-be-easy-and-fun">The danger of expecting work to be easy and fun</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/it-doesnt-matter-how-many-hours-you-work">It doesn’t matter how many hours you work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-new-meaning-of-hard-work">The new meaning of hard work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-protect-your-intentions-from-getting-hijacked">How to protect your intentions from getting hijacked</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/let-your-discontent-crystallize">Let your discontent crystallize</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/stop-postponing-things-by-embracing-the-mess">Stop postponing things by embracing the mess</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/quiz">Take a quiz</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220416-000622/ Sat, 16 Apr 2022 00:06:20 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220416-000622/ <p>Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the U.S. National Security Agency (NSA).<br> Of particular concern this month is <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24521">CVE-2022-24521</a> , which is a “privilege escalation” vulnerability in the Windows common log file system driver. In its advisory, Microsoft said it received a report from the NSA that the flaw is under active attack.<br> “It’s not stated how widely the exploit is being used in the wild, but it’s likely still targeted at this point and not broadly available,” assessed Dustin Childs with Trend Micro’s Zero Day Initiative. “Go patch your systems before that situation changes.”<br> Nine of the updates pushed this week address problems Microsoft considers “critical,” meaning the flaws they fix could be abused by malware or malcontents to seize total, remote access to a Windows system without any help from the user.<br> Among the scariest critical bugs is <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809">CVE-2022-26809,</a> a potentially “wormable” weakness in a core Windows component ( RPC ) that earned a CVSS score of 9.8 (10 being the worst). Microsoft said it believes exploitation of this flaw is more likely than not.<br> Other potentially wormable threats this month include <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24491">CVE-2022-24491</a> and <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24497">CVE-2022-24497</a> , Windows Network File System (NFS) vulnerabilities that also clock in at 9.8 CVSS scores and are listed as “exploitation more likely by Microsoft.”<br> “These could be the kind of vulnerabilities which appeal to ransomware operators as they provide the potential to expose critical data,” said Kevin Breen , director of cyber threat research at Immersive Labs . “It is also important for security teams to note that NFS Role is not a default configuration for Windows devices.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/microsoft-patch-tuesday-april-2022-edition/#more-59439">Continue reading →</a><br> The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums , an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015. The DOJ also charged the alleged administrator of RaidForums — 21-year-old Diogo Santos Coelho , of Portugal — with six criminal counts, including conspiracy, access device fraud and aggravated identity theft.<br> The “raid” in RaidForums is a nod to the community’s humble beginnings in 2015, when it was primarily an online venue for organizing and supporting various forms of electronic harassment. According to the DOJ, that early activity included ‘ raiding ‘ — posting or sending an overwhelming volume of contact to a victim’s online communications medium — and ‘ <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/tag/swatting/">swatting</a> ,’ the practice of making false reports to public safety agencies of situations that would necessitate a significant, and immediate armed law enforcement response.”<br> But over the years as trading in hacked databases became big business, RaidForums emerged as the go-to place for English-speaking hackers to peddle their wares. Perhaps the most bustling marketplace within RaidForums was its “ Leaks Market ,” which described itself as a place to buy, sell, and trade hacked databases and leaks.<br> The government alleges Coelho and his forum administrator identity “ Omnipotent ” profited from the illicit activity on the platform by charging “escalating prices for membership tiers that offered greater access and features, including a top-tier ‘God’ membership status.”<br> “RaidForums also sold ‘credits’ that provided members access to privileged areas of the website and enabled members to ‘unlock’ and download stolen financial information, means of identification, and data from compromised databases, among other items,” the DOJ said in <a rel="noreferrer" target="_blank" href="https://www.justice.gov/usao-edva/pr/us-leads-seizure-one-world-s-largest-hacker-forums-and-arrests-administrator">a written statement</a> . “Members could also earn credits through other means, such as by posting instructions on how to commit certain illegal acts.”<br> Prosecutors say Coelho also personally sold stolen data on the platform, and that Omnipotent directly facilitated illicit transactions by operating a fee-based “ Official Middleman ” service, a kind of escrow or insurance service that denizens of RaidForums were encouraged to use when transacting with other criminals.<br> Investigators described multiple instances wherein undercover federal agents or confidential informants used Omnipotent’s escrow service to purchase huge tranches of data from one of Coelho’s alternate user  identities — meaning Coelho not only sold data he’d personally hacked but also further profited by insisting the transactions were handled through his own middleman service.<br> Not all of those undercover buys went as planned. One incident described in <a rel="noreferrer" target="_blank" href="https://www.justice.gov/usao-edva/press-release/file/1493601/download">an affidavit by prosecutors</a> (PDF) appears related to the sale of tens of millions of consumer records stolen last year from T-Mobile , although the government refers to the victim only as a major telecommunications company and wireless network operator in the United States.<br> On Aug. 11, 2021, an individual using the moniker “ SubVirt ” posted on RaidForums an offer to sell Social Security numbers, dates of birth and other records on more than 120 million people in the United States (SubVirt would later edit the sales thread to say 30 million records). Just days later, <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/t-mobile-breach-exposed-ssn-dob-of-40m-people/">T-Mobile would acknowledge a data breach</a> affecting 40 million current, former or prospective customers who applied for credit with the company.<br> The government says the victim firm hired a third-party to purchase the database and prevent it from being sold to cybercriminals. That third-party ultimately paid approximately $200,000 worth of bitcoin to the seller, with the agreement that the data would be destroyed after sale. “However, it appears the co-conspirators continued to attempt to sell the databases after the third-party’s purchase,” the affidavit alleges.<br> The FBI’s seizure of RaidForums was <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/">first reported by KrebsOnSecurity on Mar. 23</a> , after a federal investigator confirmed rumors that the FBI had been secretly operating the RaidForums website for weeks. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/raidforums-get-raided-alleged-admin-arrested/#more-59419">Continue reading →</a><br> Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. Here’s a closer look at hundreds of phony crypto investment schemes that are all connected through a hosting provider which caters to people running crypto scams.<br> A security researcher recently shared with KrebsOnSecurity an email he received from someone who said they foolishly invested an entire bitcoin (currently worth ~USD $43,000) at a website called ark-x2[.]org, which promised to double any cryptocurrency investment made with the site.<br> The ark-x2[.]org site pretended to be a crypto giveaway website run by <a rel="noreferrer" target="_blank" href="https://twitter.com/CathieDWood">Cathie Wood</a> , the founder and CEO of ARKinvest , an established Florida company that manages several exchange-traded investment funds. This is hardly the first time scammers have impersonated Wood or ARKinvest; <a rel="noreferrer" target="_blank" href="https://twitter.com/cathiedwood/status/1313547340272340993?lang=en">a tweet from Wood in 2020 warned</a> that the company would never use YouTube, Twitter, Instagram or any social media to solicit money.<br> At the crux of these scams are well-orchestrated video productions published on YouTube and Facebook that claim to be a “live event” featuring famous billionaires. In reality, these videos just rehash older footage while peppering viewers with prompts to sign up at a scam investment site — one they claim has been endorsed by the celebrities.<br> “I was watching a live video at YouTube where Elon Musk, Cathy Wood, and Jack Dorsey were talking about Crypto,” the victim told my security researcher friend. “An overlay on the video pointed to subscribing to the event at their website. I’ve been following Cathy Wood in her analysis on financial markets, so I was in a comfortable and trusted environment. The three of them are bitcoin maximalists in a sense, so it made perfect sense they were organizing a giveaway.”<br> “Without any doubt (other than whether the transfer would go through), I sent them 1 BTC (~$42,800), and they were supposed to return 2 BTC back,” the victim continued. “In hindsight, this was an obvious scam. But the live video and the ARK Invest website is what produced the trusted environment to me. I realized a few minutes later, when the live video looped. It wasn’t actually live, but a replay of a video from 6 months ago.”<br> Ark-x2[.]org is no longer online. But a look at the Internet address historically tied to this domain (186.2.171.79) shows the same address is used to host or park <a rel="noreferrer" target="_blank" href="https://docs.google.com/spreadsheets/d/1R3fZBzb75eQ3_RSxZ1Oq2DErZpkN-f5IMZj4i8IRs80/edit?usp=sharing">hundreds of other newly-minted crypto scam domains</a> , including coinbase-x2[.]net (pictured below).<br> The crypto scam site coinbase-x2[.]net, which snares unwary investors with promises of free money.<br> Typical of crypto scam sites, Coinbase-x2 promises a chance to win 50,000 ETH (Ethereum virtual currency), plus a “welcome bonus” wherein they promise to double any crypto investment made with the platform. But everyone who falls for this greed trap soon discovers they won’t be getting anything in return, and that their “investment” is gone forever.<br> There isn’t a lot of information about who bought these crypto scam domains, as most of them were registered in the past month at registrars that <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2018/03/who-is-afraid-of-more-spams-and-scams/">automatically redact the site’s WHOIS ownership records</a> .<br> However, <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/04/cryptohost-us.txt">several dozen of the domains</a> are in the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/.us">.us domain space</a> , which is technically supposed to be reserved for entities physically based in the United States. Those Dot-us domains all contain the registrant name Sergei Orlovets from Moscow, the email address <a href="mailto:ulaninkirill52@gmail.com">ulaninkirill52@gmail.com</a> , and the phone number +7.9914500893 . Unfortunately, each of these clues lead to a dead end, meaning they were likely picked and used solely for these scam sites.<br> A dig into the Domain Name Server (DNS) records for Coinbase-x2[.]net shows it is hosted at a service called Cryptohost[.]to . …</p> https://www.whatsupup.com/blog/palpable/mulla/20220416-000619/ Sat, 16 Apr 2022 00:06:18 +0000 https://www.whatsupup.com/blog/palpable/mulla/20220416-000619/ <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2022/04/13/sbt-s.html">What “[S]” means in sbt’s dependencyTree output</a><br> https://www.whatsupup.com/blog/tweediest/constructed/20220409-121207/ Sat, 09 Apr 2022 12:12:07 +0000 https://www.whatsupup.com/blog/tweediest/constructed/20220409-121207/ I'm Michael Lynch, software developer and blogger. I used to work as a software engineer at large companies, but now I run small software businesses of my own and blog about the process.<br> https://www.whatsupup.com/blog/overgrazing/propellent/20220409-001648/ Sat, 09 Apr 2022 00:16:47 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220409-001648/ <a rel="noreferrer" target="_blank" href="https://substack.com/signup?utm_source=substack&utm_medium=web&utm_content=footer">Publish on Substack</a> <a rel="noreferrer" target="_blank" href="https://substack.com/app/app-store-redirect?utm_campaign=app-marketing&utm_content=web-footer-button">Get the app</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220408-160650/ Fri, 08 Apr 2022 16:06:49 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220408-160650/ The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “ Hydra ,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups.<br> FBI officials <a rel="noreferrer" target="_blank" href="https://www.fbi.gov/news/pressrel/press-releases/director-christopher-wray-announces-actions-to-disrupt-and-prosecute-russian-criminal-activity-040622">said</a> Wednesday they disrupted “ Cyclops Blink ,” a collection of compromised networking devices managed by hackers working with the Russian Federation’s Main Intelligence Directorate (GRU).<br> A <a rel="noreferrer" target="_blank" href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation">statement</a> from the U.S. Department of Justice (DOJ) says the GRU’s hackers built Cyclops Blink by exploiting previously undocumented security weaknesses in firewalls and routers made by both ASUS and WatchGuard Technologies . The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet.<br> The FBI and other agencies <a rel="noreferrer" target="_blank" href="https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter">warned in March</a> that the Cyclops Blink malware was built to replace a threat called “ VPNFilter ,” an earlier malware platform that targeted <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-now-please/">vulnerabilities in a number of consumer-grade wireless and wired routers</a> . In May 2018, the FBI executed a similar strategy to dismantle VPNFilter, which had spread to more than a half-million consumer devices.<br> On April 1, ASUS <a rel="noreferrer" target="_blank" href="https://www.asus.com/content/ASUS-Product-Security-Advisory/">released updates</a> to fix the security vulnerability in a range of its Wi-Fi routers. Meanwhile, WatchGuard appears to have <a rel="noreferrer" target="_blank" href="https://arstechnica.com/information-technology/2022/04/watchguard-failed-to-disclose-critical-flaw-exploited-by-russian-hackers/?utm_source=twitter&utm_social-type=owned&utm_brand=ars&utm_medium=social">silently fixed its vulnerability in an update shipped almost a year ago</a> , according to Dan Goodin at Ars Technica. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/actions-target-russian-govt-botnet-hydra-dark-market/#more-59305">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/actions-target-russian-govt-botnet-hydra-dark-market/">Actions Target Russian Govt. Botnet, Hydra Dark Market</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220408-041805/ Fri, 08 Apr 2022 04:18:05 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220408-041805/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2010/11/24/species-subtraction-made-simple/">Species subtraction made simple</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220408-041529/ Fri, 08 Apr 2022 04:15:29 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220408-041529/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/elon-musk-and-twitters-business-are">Elon Musk And Twitter’s Business Are On A Collision Course</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/elon-musk-and-twitters-business-are">As Twitter's revenue explodes due to its brand safety push, Musk wants a return it to the freewheeling times of old.</a><br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-big-tech-antitrust-movement-is">The Big Tech Antitrust Movement Is Finally Showing Results</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-big-tech-antitrust-movement-is">In one week, Google opened direct payments to Android developers and Europe passed the Digital Markets Act. It’s not the return of the free market, but…</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20220408-001339/ Fri, 08 Apr 2022 00:13:38 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220408-001339/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/04/cve-2021-30737-xerubs-2021-ios-asn1.html">CVE-2021-30737, @xerub's 2021 iOS ASN.1 Vulnerability</a> (Apr)<br> https://www.whatsupup.com/blog/spectrometry/obol/20220407-161536/ Thu, 07 Apr 2022 16:15:34 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220407-161536/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/04/cve-2021-30737-xerubs-2021-ios-asn1.html">CVE-2021-30737, @xerub's 2021 iOS ASN.1 Vulnerability</a><br></p> <hr> Posted by Ian Beer, Google Project Zero<br> This blog post is my analysis of a vulnerability found by <a rel="noreferrer" target="_blank" href="https://twitter.com/xerub">@xerub</a> . <a rel="noreferrer" target="_blank" href="http://phrack.org/issues/70/12.html#article">Phrack published @xerub's writeup</a> so go check that out first.<br> As well as doing my own vulnerability research I also spend time trying as best as I can to keep up with the public state-of-the-art, especially when details of a particularly interesting vulnerability are announced or a new in-the-wild exploit is caught. Originally this post was just a series of notes I took last year as I was trying to understand this bug. But the bug itself and the narrative around it are so fascinating that I thought it would be worth writing up these notes into a more coherent form to share with the community.<br> On April 14th 2021 the <a rel="noreferrer" target="_blank" href="https://www.washingtonpost.com/technology/2021/04/14/azimuth-san-bernardino-apple-iphone-fbi/">Washington Post published an article</a> on the unlocking of the San Bernardino iPhone by <a rel="noreferrer" target="_blank" href="https://www.vice.com/en/article/8xdayg/iphone-zero-days-inside-azimuth-security">Azimuth</a> containing a nugget of non-public information:<br> " Azimuth specialized in finding significant vulnerabilities . Dowd [...] had found one in open-source code from Mozilla that Apple used to permit accessories to be plugged into an iPhone’s lightning port, according to the person. "<br> There's not that much Mozilla code running on an iPhone and even less which is likely to be part of such an attack surface. Therefore, if accurate, this quote almost certainly meant that Azimuth had exploited a vulnerability in the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/ASN.1">ASN.1</a> parser used by <a rel="noreferrer" target="_blank" href="https://opensource.apple.com/source/Security/">Security.framework</a> , which is a fork of Mozilla's NSS ASN.1 parser.<br> I searched around in <a rel="noreferrer" target="_blank" href="https://bugzilla.mozilla.org/">bugzilla</a> (Mozilla's issue tracker) looking for candidate vulnerabilities which matched the timeline discussed in the Post article and narrowed it down to a handful of plausible bugs including: <a rel="noreferrer" target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1202868">1202868</a> , <a rel="noreferrer" target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1192028">1192028</a> , <a rel="noreferrer" target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1245528">1245528</a> .<br> I was surprised that there had been so many exploitable-looking issues in the ASN.1 code and decided to add auditing the NSS ASN.1 parser as an quarterly goal.<br> A month later, having predictably done absolutely nothing more towards that goal, I saw this <a rel="noreferrer" target="_blank" href="https://twitter.com/xerub/status/1397190931653222400">tweet from @xerub</a> :<br> @xerub: CVE-2021-30737 is pretty bad. Please update ASAP. (Shameless excerpt from the full chain source code) 4:00 PM - May 25, 2021<br> The shameless excerpt reads:<br> // This is the real deal. Take no chances, take no prisoners! I AM THE STATE MACHINE!<br> And CVE-2021-30737, fixed in iOS 14.6 was described in the <a rel="noreferrer" target="_blank" href="https://support.apple.com/en-us/HT212528#:~:text=2021%2D30699%3A%20videosdebarraquito-,Security,CVE%2D2021%2D30737%3A%20xerub,-WebKit">iOS release notes</a> as:<br> Impact: Processing a maliciously crafted certification may lead to arbitrary code execution<br> Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.<br> Feeling slightly annoyed that I hadn't acted on my instincts as there was clearly something awesome lurking there I made a mental note to diff the source code once Apple released it which they finally did a few weeks later on <a rel="noreferrer" target="_blank" href="https://opensource.apple.com/source/Security/Security-59754.120.12/">opensource.apple.com in the Security package</a> .<br> Here's the diff between the MacOS 11.4 and 11.3 versions of <a rel="noreferrer" target="_blank" href="https://opensource.apple.com/source/Security/Security-59754.120.12/OSX/libsecurity_asn1/lib/secasn1d.c.auto.html">secasn1d.c</a> which contains the ASN.1 parser:<br> diff -- git a / OSX / libsecurity_asn1 / lib / secasn1d . c b / OSX / libsecurity_asn1 / lib / secasn1d . c<br> index f338527 .. 5b4915a 100644<br> --- a / OSX / libsecurity_asn1 / lib / secasn1d . c<br> +++ b / OSX / libsecurity_asn1 / lib / secasn1d . c<br> @@ - 434 , 9 + 434 , 6 @@ loser :<br> PORT_ArenaRelease ( cx -> our_pool , state -> our_mark );<br> state -> our_mark = NULL ;<br> - if ( new_state != NULL ) {<br> - PORT_Free ( new_state );<br> - }<br> return NULL ;<br> @@ - 1794 , 19 + 1791 , 13 @@ sec_asn1d_parse_bit_string ( sec_asn1d_state * state ,<br> /*PORT_Assert (state->pending > 0); */<br> PORT_Assert ( state -> place == beforeBitString );<br> - if (( state -> pending == 0 ) || ( state -> contents_length == 1 )) {<br> + if ( state -> pending == 0 ) {<br> if ( state -> dest != NULL ) {<br> SecAsn1Item * item = ( SecAsn1Item *)( state -> dest );<br> item -> Data = NULL ;<br> item -> Length = 0 ;<br> state -> place = beforeEndOfContents ;<br> - if ( state -> contents_length == 1 ) {<br> - /* skip over (unused) remainder byte */<br> - return 1 ;<br> - else {<br> + return 0 ;<br> The first change (removing the PORT_Free ) is immaterial for Apple's use case as it's fixing a double free which doesn't impact Apple's build. It's only relevant when "allocator marks" are enabled and this feature is disabled.<br> The vulnerability must therefore be in sec_asn1d_parse_bit_string . We know from xerub's tweet that something goes wrong with a state machine, but to figure it out we need to cover some ASN.1 basics and then start looking at how the NSS ASN.1 state machine works.<br> ASN.1 encoding<br> ASN.1 is a Type-Length-Value serialization format, but with the neat quirk that it can also handle the case when you don't know the length of the value, but want to serialize it anyway! That quirk is only possible when ASN.1 is encoded according to Basic Encoding Rules (BER.) There is a stricter encoding called DER (Distinguished Encoding Rules) which enforces that a particular value only has a single correct encoding and disallows the cases where you can serialize values without knowing their eventual lengths.<br> <a rel="noreferrer" target="_blank" href="https://luca.ntop.org/Teaching/Appunti/asn1.html">This page is a nice beginner's guide to ASN.1</a> . I'd really recommend skimming that to get a good overview of ASN.1.<br> There are a lot of built-in types in ASN.1. I'm only going to describe the minimum required to understand this vulnerability (mostly because I don't know any more than that!) So let's just start from the very first byte of a serialized ASN.1 object and figure out how to decode it:<br> This first byte tells you the type, with the least significant 5 bits defining the type identifier. The special type identifier value of 0x1f tells you that the type identifier doesn't fit in those 5 bits and is instead encoded in a different way (which we'll ignore):<br> Diagram showing first two bytes of a serialized ASN.1 object. The first byte in this case is the type and class identifier and the second is the length.<br> The upper two bits of the first byte tell you the class of the type: universal, application, content-specific or private. For us, we'll leave that as 0 (universal.)<br> Bit 6 is where the fun starts. A value of 1 tells us that this is a primitive encoding which means that following the length are content bytes which can be directly interpreted as the intended type. For example, a primitive encoding of the string "HELLO" as an ASN.1 printable string would have a length byte of 5 followed by the ASCII characters " HELLO ". All fairly straightforward.<br> A value of 0 for bit 6 however tells us that this is a constructed encoding. This means that the bytes following the length are not the "raw" content bytes for the type but are instead ASN.1 encodings of one or more "chunks" which need to be individually parsed and concatenated to form the final output value. And to make things extra complicated it's also possible to specify a length value of 0 which means that you don't even know how long the reconstructed output will be or how much of the subsequent input will be required to completely build the output.<br> This final case (of a constructed type with indefinite length) is known as indefinite form. The end of the input which makes up a single indefinite value is signaled by a serialized type with the identifier, constructed, class and length values all equal to 0 , which is encoded as two NULL bytes.<br> ASN.1 bitstrings<br> Most of the ASN.1 string types require no special treatment; they're just buffers of raw bytes. Some of them have length restrictions. For example: a BMP string must have an even length and a UNIVERSAL string must be a multiple of 4 bytes in length, but that's about it.<br> ASN.1 bitstrings are strings of bits as opposed to bytes. You could for example have a bitstring with a length of a single bit (so either a 0 or 1 ) or a bitstring with a length of 127 bits (so 15 full bytes plus an extra 7 bits.)<br> Encoded ASN.1 bitstrings have an extra metadata byte after the length but before the contents, which encodes the number of unused bits in the final byte.<br> Diagram showing the complete encoding of a 3-bit bitstring. The length of 2 includes the unused-bits count byte which has a value of 5, indicating that only the 3 most-significant bits of the final byte are valid.<br> Parsing ASN.1<br> ASN.1 data always needs to be decoded in tandem with a template that tells the parser what data to expect and also provides output pointers to be filled in with the parsed output data. Here's the template my test program uses to exercise the bitstring code:<br> const SecAsn1Template simple_bitstring_template [] = {<br> SEC_ASN1_BIT_STRING | SEC_ASN1_MAY_STREAM , // kind: bit string,<br> //  may be constructed<br> 0 , // offset: in dest/src<br> NULL , // sub: subtemplate for indirection<br> sizeof ( SecAsn1Item ) // size: of output structure<br> A SecASN1Item is a very simple wrapper around a buffer. We can provide a SecAsn1Item for the parser to use to return the parsed bitstring then call the parser:<br> SecAsn1Item decoded = { 0 };<br> PLArenaPool * pool = PORT_NewArena ( 1024 );<br> SECStatus status =<br> SEC_ASN1Decode ( pool , // pool: arena for destination allocations<br> & decoded , // dest: decoded encoded items in to here<br> & simple_bitstring_template , // template<br> asn1_bytes , // buf: asn1 input bytes<br> asn1_bytes_len ); // len: input size<br> NSS ASN.1 state machine<br> The state machine has two core data structures:<br> SEC_ASN1DecoderContext - the overall parsing context<br> sec_asn1d_state - a single parser state, kept in a doubly-linked list forming a stack of nested states<br> Here's a trimmed version of the state object showing the relevant fields:<br> typedef struct sec_asn1d_state_struct {<br> SEC_ASN1DecoderContext * top ;<br> const SecAsn1Template * theTemplate ;<br> void * dest ;<br> struct sec_asn1d_state_struct * parent ;<br> struct sec_asn1d_state_struct * child ;<br> sec_asn1d_parse_place place ;<br> unsigned long contents_length ;<br> unsigned long pending ;<br> unsigned long consumed ;<br> int depth ;<br> } sec_asn1d_state ;<br> The main engine of the parsing state machine is the method … https://www.whatsupup.com/blog/ewing/undiscernibly/20220407-161437/ Thu, 07 Apr 2022 16:14:37 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220407-161437/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/04/improving-software-supply-chain.html">Improving software supply chain security with tamper-proof builds</a><br></p> <hr> Posted by Asra Ali and Laurent Simon, Google Open Source Security Team (GOSST)<br> Many of the recent high-profile software attacks that have alarmed open-source users globally were consequences of supply chain integrity vulnerabilities: attackers gained control of a build server to <a rel="noreferrer" target="_blank" href="https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/">use malicious source files</a> , <a rel="noreferrer" target="_blank" href="https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/">inject malicious artifacts</a> into a compromised build platform, and bypass trusted builders to <a rel="noreferrer" target="_blank" href="https://about.codecov.io/apr-2021-post-mortem/">upload malicious artifacts</a> . Each of these attacks could have been prevented if there were a way to detect that the delivered artifacts diverged from the expected origin of the software. But until now, generating verifiable information that described where, when, and how software artifacts were produced (information known as provenance) was difficult. This information allows users to trace artifacts verifiably back to the source and develop risk-based policies around what they consume. Currently, provenance generation is not widely supported, and solutions that do exist may require migrating build processes to services like <a rel="noreferrer" target="_blank" href="https://github.com/tektoncd/chains">Tekton Chains</a> . This blog post describes a new method of generating non-forgeable provenance using <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions/using-workflows">GitHub Actions workflows</a> for isolation and <a rel="noreferrer" target="_blank" href="https://www.sigstore.dev/">Sigstore’s</a> signing tools for authenticity. Using this approach, projects building on GitHub runners can achieve <a rel="noreferrer" target="_blank" href="https://slsa.dev/spec/v0.1/requirements">SLSA 3</a> (the third of four progressive SLSA “levels”), which affirms to consumers that your artifacts are authentic and trustworthy.<br> Provenance<br> <a rel="noreferrer" target="_blank" href="https://slsa.dev/">SLSA</a> ("Supply-chain Levels for Software Artifacts”) is a framework to help improve the integrity of your project throughout its development cycle, allowing consumers to trace the final piece of software you release all the way back to the source. Achieving a high SLSA level helps to improve the trust that your artifacts are what you say they are. This blog post focuses on build provenance, which gives users important information about the build: who performed the release process? Was the build artifact protected against malicious tampering? Source provenance describes how the source code was protected, which we’ll cover in future blog posts, so stay tuned.<br> Go prototype to generate non-forgeable build provenance<br> To create tamperless evidence of the build and allow consumer verification, you need to:<br> Isolate the provenance generation from the build process;<br> Isolate against maintainers interfering in the workflow;<br> Provide a mechanism to identify the builder during provenance verification.<br> The full isolation described in the first two points allows consumers to trust that the provenance was faithfully recorded; entities that provide this guarantee are called trusted builders. Our <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa-github-generator-go">Go prototype</a> solves all three challenges. It also includes running the build inside the trusted builder, which provides a strong guarantee that the build achieves SLSA 3’s <a rel="noreferrer" target="_blank" href="https://slsa.dev/spec/v0.1/requirements#ephemeral-environment">ephemeral</a> and <a rel="noreferrer" target="_blank" href="https://slsa.dev/spec/v0.1/requirements#isolated">isolated</a> requirement.<br> How does it work?<br> The following steps create the trusted builder that is necessary to generate provenance in isolation from the build and maintainer’s interference.<br> Step One: Create a reusable workflow on GitHub runners Leveraging GitHub’s <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions/using-workflows/reusing-workflows">reusable workflows</a> provides the isolation mechanism from both maintainers’ caller workflows and from the build process. Within the workflow, Github Actions creates <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions/learn-github-actions/understanding-github-actions#the-components-of-github-actions">fresh instances of virtual machines (VMs), called runners, for each job</a> . These separate VMs give the necessary isolation for a trusted builder, so that different VMs compile the project and generate and sign the SLSA provenance (see diagram below). Running the workflow on <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners">GitHub-hosted runners</a> gives the guarantee that the code run is in fact the intended workflow, which <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners">self-hosted runners</a> do not. This prototype relies on GitHub to run the exact code defined in the workflow. The reusable workflow also protects against possible interference from maintainers, who could otherwise try to define the workflow in a way that interferes with the builder. The only way to interact with a reusable workflow is through the input parameters it exposes to the calling workflow, which stops maintainers from altering information via <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#env">environment variables</a> , <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idsteps">steps</a> , <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservices">services</a> and <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#defaults">defaults</a> . To protect against the possibility of one job (e.g. the build step) tampering with the other artifacts used by another job (the provenance step), this approach uses a trusted channel to protect the integrity of the data. We use <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions/using-jobs/defining-outputs-for-jobs">job outputs</a> to send hashes (due to size limitations) and then use the hashes to verify the binary received via the untrusted artifact registry.<br> Step 2: Use OpenID Connect (OIDC) to prove the identity of the workflow to an external service (Sigstore) OpenID Connect (OIDC) is a standard used across the web for identity providers (e.g., Google) to attest to the identity of a user for a third party. GitHub now <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect">supports</a> OIDC in their workflows. Each time a workflow is run, a runner can mint a unique <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token">JWT token</a> from GitHub’s OIDC provider. The token contains verifiable information of the workflow identity, including the caller repository, commit hash, trigger, and the current (reuseable) workflow path and reference. Using OIDC, the workflow proves its identity to <a rel="noreferrer" target="_blank" href="https://www.sigstore.dev/">Sigstore's</a> Fulcio root Certificate Authority, which acts as an external verification service. Fulcio signs a short-lived certificate attesting to an ephemeral signing key generated in the runner and tying it to the workload identity. A record of signing the provenance is kept in Sigstore’s transparency log <a rel="noreferrer" target="_blank" href="https://github.com/sigstore/rekor">Rekor</a> . Users can use the signing certificate as a trust anchor to verify that the provenance was authenticated and non-forgeable; it must have been created inside the trusted builder.<br> Verification<br> The consumer can verify the artifact and its signed provenance with these steps:<br> Look up the corresponding Rekor log entry and verify the signature;<br> Verify the trusted builder identity by extracting it from the signing certificate;<br> Check that the provenance information matches the expected source and build.<br> See an <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa-github-generator-go">example in action</a> in the official repository. Performing these steps guarantees to the consumer that the binary was produced in the trusted builder at a given commit hash attested to in the provenance. They can trust that the information in the provenance was non-forgeable, allowing them to trust the build “recipe” and trace their artifact verifiably back to the source.<br> Extra Bonus: Keyless signing<br> One extra benefit of this method is that maintainers don’t need to manage or distribute cryptographic keys for signing, avoiding the <a rel="noreferrer" target="_blank" href="https://caremad.io/posts/2013/07/packaging-signing-not-holy-grail/">notoriously difficult problem</a> of key management. The OIDC protocol requires no hardcoded, long-term secrets be stored in GitHub's secrets, which sidesteps the potential problem of key mismanagement invalidating the SLSA provenance. Consumers simply use OIDC to verify that the binary artifact was built from a trusted builder that produced the expected provenance.<br> Next Steps<br> Utilizing the SLSA framework is a proven way for ensuring software supply-chain integrity at scale. This prototype shows that achieving high SLSA levels is easier than ever thanks to the newest features of popular CI/CD systems and open-source tooling. Increased adoption of tamper-safe (SLSA 3+) build services will contribute to a stronger open-source ecosystem and help close one easily exploited gap in the current supply chain. We encourage testing and adoption and welcome any improvements to the project. Please share feedback, comments and suggestions at <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa-github-generator-go">slsa-github-generator-go</a> and <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa-verifier">slsa-verifier</a> project repositories. We will officially release v1 in a few weeks! In follow-up posts, we will demonstrate adding non-forgeable source provenance attesting to secure repository settings, and showcase the same techniques for other build toolchains and package managers, etc. Stay tuned!<br> https://www.whatsupup.com/blog/traveling/splay/20220407-121723/ Thu, 07 Apr 2022 12:17:23 +0000 https://www.whatsupup.com/blog/traveling/splay/20220407-121723/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/07/science/astronomers-distant-galaxy.html">Out There Astronomers Find What Might Be the Most Distant Galaxy Yet Is the object a galaxy of primordial stars or a black hole knocking on the door of time? The Webb space telescope may help answer that question. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220406-200535/ Wed, 06 Apr 2022 20:05:35 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220406-200535/ Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual “smash and grab” attacks we’ve seen recently from LAPSUS$, a juvenile data extortion group whose short-lived, low-tech and remarkably effective tactics have put some of the world’s biggest corporations on edge.<br> Since surfacing in late 2021, LAPSUS$ has <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/">gained access to the networks or contractors</a> for some of the world’s largest technology companies, including Microsoft , NVIDIA , Okta and Samsung . LAPSUS$ typically threatens to release sensitive data unless paid a ransom, but with most victims the hackers ended up publishing any information they stole (mainly computer source code).<br> Microsoft <a rel="noreferrer" target="_blank" href="https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/">blogged about its attack</a> at the hands of LAPSUS$, and about the group targeting its customers. It found LAPSUS$ used a variety of old-fashioned techniques that seldom show up in any corporate breach post-mortems, such as:<br> -targeting employees at their personal email addresses and phone numbers; -offering to pay $20,000 a week to employees who give up remote access credentials; -social engineering help desk and customer support employees at targeted companies; -bribing/tricking employees at mobile phone stores to hijack a target’s phone number; -intruding on their victims’ crisis communications calls post-breach.<br> If these tactics sound like something you might sooner expect from spooky, state-sponsored “Advanced Persistent Threat” or <a rel="noreferrer" target="_blank" href="https://www.mandiant.com/resources/apt-groups">APT groups</a> , consider that the core LAPSUS$ members are thought to range in age from 15 to 21. Also, LAPSUS$ operates on a shoestring budget and is <a rel="noreferrer" target="_blank" href="https://twitter.com/BillDemirkapi/status/1508527487655067660">anything but stealthy</a> : According to Microsoft, LAPSUS$ doesn’t seem to cover its tracks or hide its activity. In fact, the group often announces its hacks on social media.<br> ADVANCED PERSISTENT TEENAGERS<br> This unusual combination makes LAPSUS$ something of an aberration that is probably more aptly referred to as “ Advanced Persistent Teenagers ,” said one CXO at a large organization that recently had a run-in with LAPSUS$.<br> “There is a lot of speculation about how good they are, tactics et cetera, but I think it’s more than that,” said the CXO, who spoke about the incident on condition of anonymity. “They put together an approach that industry thought suboptimal and unlikely. So it’s their golden hour.”<br> LAPSUS$ seems to have conjured some worst-case scenarios in the minds of many security experts, who worry what will happen when more organized cybercriminal groups start adopting these techniques.<br> “LAPSUS$ has shown that with only $25,000, a group of teenagers could get into organizations with mature cybersecurity practices,” said Amit Yoran , CEO of security firm <a rel="noreferrer" target="_blank" href="https://www.tenable.com">Tenable</a> and a former federal cybersecurity czar, testifying last week before the House Homeland Security Committee . “With much deeper pockets, focus, and mission, targeting critical infrastructure. That should be a sobering, if not terrifying, call to action.”<br> My CXO source said LAPSUS$ succeeds because they simply refuse to give up, and just keep trying until someone lets them in.<br> “They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. “These guys were not <a rel="noreferrer" target="_blank" href="https://www.networkworld.com/article/2333149/are-you-l33t-.html#:~:text=The%20word%20%22l33t%22%20itself%20(,(also%20%22llama%22).">leet</a> , just damn persistent.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/the-original-apt-advanced-persistent-teenagers/#more-59085">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/04/the-original-apt-advanced-persistent-teenagers/">The Original APT: Advanced Persistent Teenagers</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20220406-080631/ Wed, 06 Apr 2022 08:06:31 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220406-080631/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-increase-your-attention-span-5-key-strategies">How to increase your attention span: 5 key strategies</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/learn-to-tolerate-discomfort-or-suffer-escaping-from-it">Learn to tolerate discomfort or suffer escaping from it</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/find-go-to-activities-that-arent-scrolling-or-watching">Find go-to activities that aren't scrolling or watching</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-danger-of-expecting-work-to-be-easy-and-fun">The danger of expecting work to be easy and fun</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/it-doesnt-matter-how-many-hours-you-work">It doesn’t matter how many hours you work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-new-meaning-of-hard-work">The new meaning of hard work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/abstinence-isnt-recovery">Abstinence isn’t recovery</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-go-back-to-things-you-used-to-be-addicted-to-in-the-past">How to go back to things you used to be addicted to in the past</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-protect-your-intentions-from-getting-hijacked">How to protect your intentions from getting hijacked</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/let-your-discontent-crystallize">Let your discontent crystallize</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/stop-postponing-things-by-embracing-the-mess">Stop postponing things by embracing the mess</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/critical-effort-why-we-reach-a-goal-or-not">Critical effort: why we reach a goal (or not)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/zone-of-action-do-the-possible-to-do-the-impossible">Zone of Action: Do the possible to do the impossible</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/1-simple-technique-to-train-your-focus">1 simple technique to train your focus</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20220406-002029/ Wed, 06 Apr 2022 00:20:29 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20220406-002029/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/04/podcast-episode-your-tax-dollars-work">How to Fix the Internet: New Episode: Your Tax Dollars At Work</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220406-001749/ Wed, 06 Apr 2022 00:17:48 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220406-001749/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/04/business/twitter-elon-musk-directors.html">Elon Musk Joins Twitter’s Board, Pitching Ideas Big and Small Free speech, open-source algorithms — and an edit button: The world’s richest person will soon help steer the social media platform where he has a huge following. By Kate Conger, Mike Isaac and Lauren Hirsch</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220406-001223/ Wed, 06 Apr 2022 00:12:23 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220406-001223/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/04/04/Long-Links">Long Links</a> · Welcome to another<br> , selected pointers to long-form pieces that have added value to my semi-retired days and one or two of which might reward you if you make time for them. A few of this month’s pieces aren’t free; it’s a bitter fact that the truth is paywalled but the lies are free. Sorry <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/04/04/Long-Links">…</a><br> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/03/26/Is-5G-BS">5G Skeptic</a> · When I was working at AWS, around 2017 we started getting excited pitches from companies who wanted to be part of the 5G build-out, saying that obviously there’d be lots of opportunities for public-cloud providers. But I never walked away convinced. Either I didn’t believe the supposed customers really needed what 5G offered, or I didn’t believe the opportunity was anywhere near big enough to justify the trillion-dollar build-out investment. Six years later, I still don’t. This is a report on a little online survey I ran, looking for actual real-world 5G impact to see if I was wrong <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/03/26/Is-5G-BS">…</a> [24 comments]<br> https://www.whatsupup.com/blog/niece/anatomized/20220405-202808/ Tue, 05 Apr 2022 20:28:07 +0000 https://www.whatsupup.com/blog/niece/anatomized/20220405-202808/ <p><a rel="noreferrer" target="_blank" href="https://dkb.io/post/the-next-google">The Next Google</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://dkb.io/post/the-next-google">DuckDuckGo and Bing are not true alternatives – they’re just worse versions of Google. The next Google can’t just be an input box that spits out links. We need new thinking to create something much better than what came before.</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20220405-202318/ Tue, 05 Apr 2022 20:23:18 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220405-202318/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/04/podcast-episode-your-tax-dollars-work">How to Fix the Internet: New Episode: Your Tax Dollars At Work</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20220405-161319/ Tue, 05 Apr 2022 16:13:19 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220405-161319/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/04/find-and-eek-increased-rewards-for.html">Find and $eek! Increased rewards for Google Nest & Fitbit devices</a><br></p> <hr> Posted by Medha Jain, Program Manager, Devices & Services Security<br> At Google, we constantly invest in security research to raise the bar for our devices, keeping our users safe and building their trust in our products. In 2021, we published <a rel="noreferrer" target="_blank" href="https://safety.google/nest/">Google Nest security commitments</a> , in which we committed to engage with the research community to examine our products and services and report vulnerabilities. We are now looking to deepen this relationship and accelerate the path toward building more secure devices. Starting today, we will introduce a new vulnerability rewards structure for submissions impacting <a rel="noreferrer" target="_blank" href="https://store.google.com/category/connected_home?e=SharedFeatureEnablePolarisNavTest%3A%3ALaunch&hl=en-US">smart home</a> (Google Nest) and <a rel="noreferrer" target="_blank" href="https://store.google.com/category/fitbit?e=SharedFeatureEnablePolarisNavTest%3A%3ALaunch&hl=en-US">wearables</a> (Fitbit) devices through our <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/about">Bug Hunters</a> platform. Bonus!<br> We are paying higher rewards retroactively for eligible Google Nest and Fitbit devices reports submitted in 2021. And, starting today, for the next six months, will double the reward amount for all new eligible reports applicable to Google Nest & Fitbit devices in scope. We will continue to take reports on our web applications, services, and mobile apps at their existing reward levels. Please keep those coming! An enhanced rewards program<br> Building on our previous programs to improve devices' embedded security posture, we’re bringing all our first-party devices under a single program, starting with Google Nest, Fitbit, and Pixel. This program extends the Android Security Reward Program, making it easier for researchers to submit a vulnerability in first-party devices and improving consistency across our severity assignments. Refer to the <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/about/rules/6171833274204160/android-security-rewards-program-rules">Android and Google Devices Security Reward Program</a> for more details. What interests us?<br> We encourage researchers to report firmware, system software, and hardware vulnerabilities. Our wide diversity of platforms provides researchers with a smorgasbord of environments to explore. What's next?<br> We will be at the <a rel="noreferrer" target="_blank" href="http://Hardwear.io">Hardwear.io</a> conference this year! The VRP team is looking forward to meeting our security peers in person. We’ll be talking about the architecture of a couple of our devices, hoping to give security researchers a head start in finding vulnerabilities. We’ll have plenty of swag, too! We will continue to enhance the researchers' experience and participation. We intend to add training documentations and target areas that interest us as we grow the program. A huge thanks to Sarah Jacobus, Adam Bacchus, Ankur Chakraborty, Eduardo' Vela" <Nava>, Jay Cox, and Nic Watson.<br> https://www.whatsupup.com/blog/beautifying/hagriding/20220405-002039/ Tue, 05 Apr 2022 00:20:38 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220405-002039/ The First Amendment guarantees the right to speak your own involvement about court proceedings. Yet the Stored Communications Act currently allows the government to prevent electronic communications companies from notifying their users when they receive law enforcement orders for customer data. These gag orders can silence the companies for any…<br> https://www.whatsupup.com/blog/playacted/rededication/20220405-001740/ Tue, 05 Apr 2022 00:17:40 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220405-001740/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/04/04/technology/elon-musk-twitter.html">Elon Musk becomes Twitter’s largest shareholder. The Tesla chief executive, who has been critical of Twitter’s content moderation policies, has bought 9.2 percent of the social media company. By Mike Isaac and Lauren Hirsch</a><br> https://www.whatsupup.com/blog/niece/anatomized/000000-000000/ Mon, 04 Apr 2022 20:25:20 +0000 https://www.whatsupup.com/blog/niece/anatomized/000000-000000/ [Marking site as being monitored from now on] https://www.whatsupup.com/blog/rubicundity/envenomation/20220402-200721/ Sat, 02 Apr 2022 20:07:21 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220402-200721/ <p>Books<br> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/guide">How to finally stop procrastinating</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/dopamine-detox-guide">Dopamine Detox Definitive Guide</a><br> <hr> Programs<br> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/dopamine-detox-challenge">Dopamine Detox Challenge</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/course">Predictably Productive</a><br> <hr> Resources<br> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog">Blog</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/extension">Extension</a><br> <hr> Social media<br> <a rel="noreferrer" target="_blank" href="https://twitter.com/deprocrastinate">Twitter</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.instagram.com/deprocrastination/">Instagram</a><br> <hr> © 2022 Leveled<br> https://www.whatsupup.com/blog/spectrometry/obol/20220401-201528/ Fri, 01 Apr 2022 20:15:28 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220401-201528/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html">FORCEDENTRY: Sandbox Escape</a> (Mar)<br> https://www.whatsupup.com/blog/playacted/rededication/20220401-161908/ Fri, 01 Apr 2022 16:19:07 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220401-161908/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2022/04/01/espanol/facebook-instagram-guerra-rusia.html">La guerra en Ucrania ha generado confusión en Facebook e Instagram Las directrices sobre los contenidos de la guerra cambian constantemente en las redes sociales de Meta, lo que genera dudas entre los empleados. By Ryan Mac, Mike Isaac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220401-121914/ Fri, 01 Apr 2022 12:19:14 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220401-121914/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2022/04/01/espanol/facebook-instagram-guerra-rusia.html">La guerra en Ucrania ha generado confusión en Facebook e Instagram Las directrices sobre los contenidos de la guerra cambian constantemente en las redes sociales de Meta, lo que genera dudas entre los empleados. By Ryan Mckay, Mike Isaac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220401-121833/ Fri, 01 Apr 2022 12:18:33 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220401-121833/ April 1, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/04/01/git-snail-mail.html">Announcing git snail-mail</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220401-120552/ Fri, 01 Apr 2022 12:05:51 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220401-120552/ On Tuesday, KrebsOnSecurity <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/">warned</a> that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate’s most tech-savvy lawmakers said he was troubled by the report and is now asking technology companies and federal agencies for information about the frequency of such schemes.<br> At issue are forged “emergency data requests,” (EDRs) sent through hacked police or government agency email accounts. Tech companies usually require a search warrant or subpoena before providing customer or user data, but any police jurisdiction can use an EDR to request immediate access to data without a warrant, provided the law enforcement entity attests that the request is related to an urgent matter of life and death.<br> As Tuesday’s story showed, hackers have figured out there is no quick and easy way for a company that receives one of these EDRs to know whether it is legitimate. After all, there are roughly 18,000 distinct police organizations in the United States alone, and many thousands of government and police agencies worldwide.<br> Criminal hackers exploiting that ambiguity are enjoying remarkable success rates gaining access to the data they’re after, and some are now selling EDRs as a service to other crooks online.<br> This week’s piece included confirmation from social media platform Discord about a fraudulent EDR they recently processed. On Wednesday, Bloomberg <a rel="noreferrer" target="_blank" href="https://www.bloomberg.com/news/articles/2022-03-30/apple-meta-gave-user-data-to-hackers-who-forged-legal-requests">published a story</a> confirming that both Apple and Meta/Facebook have recently complied with fake EDRs.<br> Today, KrebsOnSecurity heard from Sen. Ron Wyden (D-Ore.), who said he was moved to action after reading this week’s coverage.<br> “Recent news reports have revealed an enormous threat to Americans’ safety and national security,” Wyden said in a statement provided to KrebsOnSecurity. “I’m particularly troubled by the prospect that forged emergency orders may be coming from compromised foreign law enforcement agencies, and then used to target vulnerable individuals.”<br> “I’m requesting information from tech companies and multiple federal agencies to learn more about how emergency data requests are being abused by hackers,” Wyden’s statement continues. “No one wants tech companies to refuse legitimate emergency requests when someone’s safety is at stake, but the current system has clear weaknesses that need to be addressed. Fraudulent government requests are a significant concern, which is why I’ve already authored legislation to stamp out forged warrants and subpoenas.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/fake-emergency-search-warrants-draw-scrutiny-from-capitol-hill/#more-59209">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/fake-emergency-search-warrants-draw-scrutiny-from-capitol-hill/">Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill</a><br> https://www.whatsupup.com/blog/palpable/mulla/20220401-080641/ Fri, 01 Apr 2022 08:06:41 +0000 https://www.whatsupup.com/blog/palpable/mulla/20220401-080641/ <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2022/03/31/finally.html">A kitchen without “finally” blocks</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20220401-000647/ Fri, 01 Apr 2022 00:06:46 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220401-000647/ Stay productive despite distractions<br> Get a practical newsletter with anti-procrastination blog posts, short tips, and visuals<br> https://www.whatsupup.com/blog/spectrometry/obol/20220331-161623/ Thu, 31 Mar 2022 16:16:22 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220331-161623/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html">FORCEDENTRY: Sandbox Escape</a><br></p> <hr> We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and Apple’s Security Engineering and Architecture (SEAR) group for collaborating with us on the technical analysis. Any editorial opinions reflected below are solely Project Zero’s and do not necessarily reflect those of the organizations we collaborated with during this research.<br> Late last year <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html">we published a writeup</a> of the initial remote code execution stage of FORCEDENTRY, the zero-click iMessage exploit attributed by Citizen Lab to NSO. By sending a .gif iMessage attachment (which was really a PDF) NSO were able to remotely trigger a heap buffer overflow in the ImageIO JBIG2 decoder. They used that vulnerability to bootstrap a powerful <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Weird_machine">weird machine</a> capable of loading the next stage in the infection process: the sandbox escape.<br> In this post we'll take a look at that sandbox escape. It's notable for using only logic bugs. In fact it's unclear where the features that it uses end and the vulnerabilities which it abuses begin. Both current and upcoming state-of-the-art mitigations such as Pointer Authentication and Memory Tagging have no impact at all on this sandbox escape.<br> An observation<br> During our initial analysis of the .gif file Samuel noticed that rendering the image appeared to leak memory. Running the heap tool after releasing all the associated resources gave the following output:<br> $ heap $pid<br> ------------------------------------------------------------<br> All zones: 4631 nodes (826336 bytes)<br> COUNT    BYTES     AVG   CLASS_NAME   TYPE   BINARY<br> =====    =====     ===   ==========   ====   ======<br> 1969   469120   238.3   non-object<br> 825    26400    32.0   JBIG2Bitmap  C++   CoreGraphics<br> heap was able to determine that the leaked memory contained JBIG2Bitmap objects.<br> Using the -address option we could find all the individual leaked bitmap objects:<br> $ heap -address JBIG2Bitmap $pid<br> and dump them out to files. One of those objects was quite unlike the others:<br> $ hexdump -C dumpXX.bin | head<br> 00000000  62 70 6c 69 73 74 30 30  |bplist00|<br> 00000018        24 76 65 72 73 69  |  $versi|<br> 00000020  6f 6e 59 24 61 72 63 68  |onY$arch|<br> 00000028  69 76 65 72 58 24 6f 62  |iverX$ob|<br> 00000030  6a 65 63 74 73 54 24 74  |jectsT$t|<br> 00000038  6f 70                    |op      |<br> 00000040        4e 53 4b 65 79 65  |  NSKeye|<br> 00000048  64 41 72 63 68 69 76 65  |dArchive|<br> It's clearly a serialized <a rel="noreferrer" target="_blank" href="https://developer.apple.com/documentation/foundation/nskeyedarchiver?language=objc">NSKeyedArchiver</a> . Definitely not what you'd expect to see in a JBIG2Bitmap object. Running strings we see plenty of interesting things (noting that the URL below is redacted):<br> Objective-C class and selector names:<br> NSFunctionExpression<br> NSConstantValueExpression<br> NSConstantValue<br> expressionValueWithObject:context:<br> filteredArrayUsingPredicate:<br> _web_removeFileOnlyAtPath:<br> context:evaluateMobileSubscriberIdentity:<br> performSelectorOnMainThread:withObject:waitUntilDone:<br> The name of the file which delivered the exploit:<br> XXX.gif<br> Filesystems paths:<br> /tmp/com.apple.messages<br> /System/Library/PrivateFrameworks/SlideshowKit.framework/Frameworks/OpusFoundation.framework<br> a URL:<br> https://XXX.cloudfront.net/YYY/ZZZ/megalodon?AAA<br> Using plutil we can convert the bplist00 binary format to XML. Performing some post-processing and cleanup we can see that the top-level object in the NSKeyedArchiver is a serialized NSFunctionExpression object.<br> NSExpression NSPredicate NSExpression<br> If you've ever used Core Data or tried to filter a Objective-C collection you might have come across NSPredicates . <a rel="noreferrer" target="_blank" href="https://developer.apple.com/documentation/foundation/nspredicate?language=objc">According to Apple's public documentation</a> they are used " to define logical conditions for constraining a search for a fetch or for in-memory filtering " .<br> For example, in Objective-C you could filter an NSArray object like this:<br> NSArray* names = @[@"one", @"two", @"three"];<br> NSPredicate* pred;<br> pred = [NSPredicate predicateWithFormat:<br> @" SELF beginswith[c] 't' "];<br> NSLog(@"%@", [names filteredArrayUsingPredicate:pred]);<br> The predicate is " SELF beginswith[c] 't'" . This prints an NSArray containing only " two " and " three ".<br> [NSPredicate predicateWithFormat] builds a predicate object by parsing a small query language, a little like an SQL query.<br> NSPredicates can be built up from NSExpressions , connected by NSComparisonPredicates (like less-than, greater-than and so on.)<br> NSExpressions themselves can be fairly complex, containing aggregate expressions (like " IN " and " CONTAINS "), subqueries, set expressions, and, most interestingly, function expressions.<br> Prior to 2007 (in OS X 10.4 and below) function expressions were limited to just the following five extra built-in methods: sum , count , min , max , and average .<br> But starting in OS X 10.5 (which would also be around the launch of iOS in 2007) NSFunctionExpressions were extended <a rel="noreferrer" target="_blank" href="https://developer.apple.com/documentation/foundation/nsexpression">to allow</a> <a rel="noreferrer" target="_blank" href="https://developer.apple.com/documentation/foundation/nsexpression">arbitrary</a> <a rel="noreferrer" target="_blank" href="https://developer.apple.com/documentation/foundation/nsexpression">method invocations</a> with the FUNCTION keyword:<br> "FUNCTION('abc', 'stringByAppendingString', 'def')" => @"abcdef"<br> FUNCTION takes a target object, a selector and an optional list of arguments then invokes the selector on the object, passing the arguments. In this case it will allocate an NSString object @"abc" then invoke the stringByAppendingString: selector passing the NSString @"def" , which will evaluate to the NSString @"abcdef" .<br> In addition to the FUNCTION keyword there's CAST which allows full reflection-based access to all Objective-C types (as opposed to just being able to invoke selectors on literal strings and integers):<br> " FUNCTION(CAST('NSFileManager', 'Class'), 'defaultManager')"<br> Here we can get access to the NSFileManager class and call the defaultManager selector to get a reference to a process's shared file manager instance.<br> These keywords exist in the string representation of NSPredicates and NSExpressions . Parsing those strings involves creating a graph of NSExpression objects, NSPredicate objects and their subclasses like NSFunctionExpression . It's a serialized version of such a graph which is present in the JBIG2 bitmap.<br> NSPredicates using the FUNCTION keyword are effectively Objective-C scripts. With some tricks it's possible to build nested function calls which can do almost anything you could do in procedural Objective-C. Figuring out some of those tricks was the key to the 2019 <a rel="noreferrer" target="_blank" href="https://realworldctf.com/">Real World CTF</a> <a rel="noreferrer" target="_blank" href="https://github.com/ChiChou/DezhouInstrumenz/">DezhouInstrumenz</a> challenge, which would evaluate an attacker supplied NSExpression format string. The <a rel="noreferrer" target="_blank" href="https://blog.chichou.me/2021/01/16/see-no-eval-runtime-code-execution-objc/">writeup by the challenge author</a> is a great introduction to these ideas and I'd strongly recommend reading that now if you haven't. The rest of this post builds on the tricks described in that post.<br> A tale of two parts<br> The only job of the JBIG2 logic gate machine described in the previous blog post is to cause the deserialization and evaluation of an embedded NSFunctionExpression . No attempt is made to get native code execution, ROP, JOP or any similar technique.<br> Prior to iOS 14.5 the isa field of an Objective-C object was not protected by Pointer Authentication Codes ( PAC) , so the JBIG2 machine builds a fake Objective-C object with a fake isa such that the invocation of the dealloc selector causes the deserialization and evaluation of the NSFunctionExpression . This is very similar to the technique used by <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-3.html">Samuel in the 2020 SLOP post</a> .<br> This NSFunctionExpression has two purposes:<br> Firstly, it allocates and leaks an ASMKeepAlive object then tries to cover its tracks by finding and deleting the .gif file which delivered the exploit.<br> Secondly, it builds a payload NSPredicate object then triggers a logic bug to get that NSPredicate object evaluated in the CommCenter process, reachable from the IMTranscoderAgent sandbox via the com.apple.commcenter.xpc NSXPC service.<br> Let's look at those two parts separately:<br> Covering tracks<br> The outer level NSFunctionExpression calls performSelectorOnMainThread:withObject:waitUntilDone which in turn calls makeObjectsPerformSelector:@"expressionValueWithObject:context:" on an NSArray of four NSFunctionExpressions . This allows the four independent NSFunctionExpressions to be evaluated sequentially.<br> With some manual cleanup we can recover pseudo-Objective-C versions of the serialized NSFunctionExpressions .<br> The first one does this:<br> [[AMSKeepAlive alloc] initWithName:"KA"]<br> This allocates and then leaks an AppleMediaServices KeepAlive object . The exact purpose of this is unclear.<br> The second entry does this:<br> [[NSFileManager defaultManager] _web_removeFileOnlyAtPath:<br> [@"/tmp/com.apple.messages" stringByAppendingPathComponent:<br> [ [ [ [<br> [NSFileManager defaultManager]<br> enumeratorAtPath: @"/tmp/com.apple.messages"<br> ]<br> allObjects<br> [<br> [NSPredicate predicateWithFormat:<br> [@"SELF ENDSWITH '"<br> stringByAppendingString: "XXX.gif"]<br> stringByAppendingString: "'"<br> ]   ] ] ]<br> firstObject<br> Reading these single expression NSFunctionExpressions is a little tricky; breaking that down into a more procedural form it's equivalent to this:<br> NSFileManager* fm = [NSFileManager defaultManager];<br> NSDirectoryEnumerator* dir_enum;<br> dir_enum = [fm enumeratorAtPath: @"/tmp/com.apple.messages"]<br> NSArray* allTmpFiles = [dir_enum allObjects];<br> NSString* filter;<br> filter = ["@"SELF ENDSWITH '" stringByAppendingString: "XXX.gif"];<br> filter = [filter stringByAppendingString: "'"];<br> pred = [NSPredicate predicateWithFormat: filter]<br> NSArray* matches;<br> matches = [allTmpFiles filteredArrayUsingPredicate: pred];<br> NSString* gif_subpath = [matches firstObject];<br> NSString* root = @"/tmp/com.apple.messages";<br> NSString* full_path;<br> full_path = [root stringByAppendingPathComponent: gifSubpath];<br> [fm _web_removeFileOnlyAtPath: full_path];<br> This finds the XXX.gif file used to deliver the exploit which iMessage has stored somewhere under the /tmp/com.apple.messages folder and deletes it .<br> The other … https://www.whatsupup.com/blog/playacted/rededication/20220331-041801/ Thu, 31 Mar 2022 04:18:00 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220331-041801/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2022/03/30/world/ukraine-russia-war-news/the-war-is-roiling-facebook-and-instagram">The war is roiling Facebook and Instagram. This was featured in live coverage. By Ryan Mac, Mike Isaac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220331-001457/ Thu, 31 Mar 2022 00:14:57 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220331-001457/ The US president wants huge increases for clean energy and public health, but a divided Congress might not go along with the plan.<br> https://www.whatsupup.com/blog/boxed/modification/20220330-201327/ Wed, 30 Mar 2022 20:13:27 +0000 https://www.whatsupup.com/blog/boxed/modification/20220330-201327/ <p><a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#jokes">jokes</a><br></p> <hr> Last month I and some family members entered the Larson Family Winery’s annual St. Patrick’s Day <a rel="noreferrer" target="_blank" href="https://www.larsonfamilywinery.com/press-release-larson-limerick-contest-2022/">limerick contest</a> . Here are our also-rans (the first by my mom, the others by me):<br> https://www.whatsupup.com/blog/gaper/whisky/20220330-162614/ Wed, 30 Mar 2022 16:26:13 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220330-162614/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/03/performance-tool-in-firefox-devtools-reloaded/">Performance Tool in Firefox DevTools Reloaded →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/03/performance-tool-in-firefox-devtools-reloaded/">Performance Tool in Firefox DevTools Reloaded</a><br> <hr> In Firefox 98, we’re shipping a new version of the existing Performance panel. This panel is now based on the Firefox profiler tool that can be used to capture a performance profile for a web page, inspect visualized performance data and analyze it to identify slow areas.<br> https://www.whatsupup.com/blog/rubicundity/envenomation/20220330-161548/ Wed, 30 Mar 2022 16:15:47 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220330-161548/ Stay productive with our newsletter!<br> https://www.whatsupup.com/blog/playacted/rededication/20220330-121940/ Wed, 30 Mar 2022 12:19:40 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220330-121940/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/30/technology/ukraine-russia-facebook-instagram.html">How War in Ukraine Roiled Facebook and Instagram The rules over what war content is permitted on Facebook and Instagram keep changing, causing internal confusion. By Ryan Mac, Mike Isaac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20220329-162036/ Tue, 29 Mar 2022 16:20:36 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220329-162036/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/03/podcast-episode-securing-internet-things">Podcast Episode - Securing the IoT</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20220329-162033/ Tue, 29 Mar 2022 16:20:33 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20220329-162033/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/03/podcast-episode-securing-internet-things">Podcast Episode - Securing the IoT</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20220329-161632/ Tue, 29 Mar 2022 16:16:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20220329-161632/ <p>Author<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/authors/joseph-menn/">Joseph Menn</a><br></p> <hr> Follow<br> 70 results<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/europe/">Europe</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/europe/no-lights-no-heat-no-money-thats-life-ukraine-during-cyber-warfare-2022-01-14/">No lights, no heat, no money - that's life in Ukraine during cyber warfare , article with image</a> January 14, 2022<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/major-tech-companies-struggle-plug-holes-logging-software-2021-12-16/">Major tech companies struggle to plug holes in logging software , article with image</a> December 16, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/">United States</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/exclusive-us-lawmakers-call-sanctions-against-israels-nso-other-spyware-firms-2021-12-15/">U.S. lawmakers call for sanctions against Israel's NSO, other spyware firms , article with gallery</a> December 15, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/exclusive-us-lawmakers-call-sanctions-against-israels-nso-other-spyware-firms-2021-12-15/">Gallery</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/us/">U.S. Markets</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/us/us-cybersecurity-officials-see-mainly-low-impact-attacks-logging-flaw-so-far-2021-12-15/">U.S. cybersecurity officials see mainly low-impact attacks from logging flaw, so far , article with image</a> December 15, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/widely-used-software-with-key-vulnerability-sends-cyber-defenders-scrambling-2021-12-13/">Widely used software with key vulnerability sends cyber defenders scrambling , article with gallery</a> December 13, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/ransomware-attack-australian-utility-claimed-by-russian-speaking-criminals-2021-12-08/">Ransomware attack on Australian utility claimed by Russian-speaking criminals , article with image</a> December 9, 2021<br> Disrupted <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-us-state-department-phones-hacked-with-israeli-company-spyware-sources-2021-12-03/">U.S. State Department phones hacked with Israeli company spyware - sources , article with gallery</a> December 4, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/us-seizes-6-mln-ransom-payments-charge-ukrainian-over-cyberattack-cnn-2021-11-08/">U.S. charges Ukrainian and Russian in major ransomware spree, seizes $6 mln , article with gallery</a> November 9, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/">EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline , article with gallery</a> October 21, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/china-linked-hacking-group-accessing-calling-records-worldwide-crowdstrike-says-2021-10-19/">China-linked hacking group accessing calling records worldwide, CrowdStrike says , article with image</a> October 19, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/legal/government/">Government</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/legal/government/us-authorities-disclose-ransomware-attacks-against-water-facilities-2021-10-14/">U.S. authorities disclose ransomware attacks against water facilities , article with image</a> October 14, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/">United States</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/hackers-solarwinds-breach-stole-data-us-sanctions-policy-intelligence-probes-2021-10-07/">Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes , article with image</a> October 8, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/expressvpn-employees-complain-about-ex-spys-top-role-company-2021-09-23/">ExpressVPN employees complain about ex-spy's top role at company , article with gallery</a> September 23, 2021<br> Disrupted <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/cyber-arms-dealer-exploits-new-apple-iphone-software-vulnerability-affects-most-2021-09-13/">Cyber arms dealer exploits new iPhone software vulnerability, affecting most versions, say researchers , article with video</a> September 14, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-wide-ranging-solarwinds-probe-sparks-fear-corporate-america-2021-09-10/">Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America , article with gallery</a> September 10, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/">World</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/pro-china-social-media-campaign-expands-new-countries-blames-us-covid-2021-09-08/">Pro-China social media campaign hits new countries, blames U.S. for COVID , article with image</a> September 9, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/microsoft-warns-azure-customers-flaw-that-could-have-permitted-hackers-access-2021-09-08/">Microsoft warns Azure customers of flaw that could have permitted hackers access to data , article with image</a> September 9, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/researchers-cybersecurity-agency-urge-action-by-microsoft-cloud-database-users-2021-08-28/">Researchers, cybersecurity agency urge action by Microsoft cloud database users , article with image</a> August 30, 2021<br> Disrupted <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/">EXCLUSIVE Microsoft warns thousands of cloud customers of exposed databases , article with video</a> August 27, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/">Technology</a> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-policy-groups-ask-apple-drop-plans-inspect-imessages-scan-abuse-images-2021-08-19/">Policy groups ask Apple to drop plans to inspect iMessages, scan for abuse images , article with gallery</a> August 19, 2021<br> 1 to 20 of 70<br> https://www.whatsupup.com/blog/ideo/fleury/20220329-160527/ Tue, 29 Mar 2022 16:05:26 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220329-160527/ There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life and death.<br> In the United States, when federal, state or local law enforcement agencies wish to obtain information about who owns an account at a social media firm, or what Internet addresses a specific cell phone account has used in the past, they must submit an official court-ordered warrant or subpoena.<br> Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.<br> But in certain circumstances — such as a case involving imminent harm or death — an investigating authority may make what’s known as an Emergency Data Request (EDR), which largely bypasses any official review and does not require the requestor to supply any court-approved documents.<br> It is now clear that some hackers have figured out there is no quick and easy way for a company that receives one of these EDRs to know whether it is legitimate. Using their illicit access to police email systems, the hackers will send a fake EDR along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately.<br> In this scenario, the receiving company finds itself caught between two unsavory outcomes: Failing to immediately comply with an EDR — and potentially having someone’s blood on their hands — or possibly leaking a customer record to the wrong person.<br> “We have a legal process to compel production of documents, and we have a streamlined legal process for police to get information from ISPs and other providers,” said Mark Rasch , a former prosecutor with the U.S. Department of Justice .<br> “And then we have this emergency process, almost like you see on [the television series] Law & Order, where they say they need certain information immediately,” Rasch continued. “Providers have a streamlined process where they publish the fax or contact information for police to get emergency access to data. But there’s no real mechanism defined by most Internet service providers or tech companies to test the validity of a search warrant or subpoena. And so as long as it looks right, they’ll comply.”<br> To make matters more complicated, there are tens of thousands of police jurisdictions around the world — including roughly <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Law_enforcement_in_the_United_States#:~:text=There%20are%2017%2C985%20U.S.%20police,and%20federal%20law%20enforcement%20agencies.">18,000 in the United States alone</a> — and all it takes for hackers to succeed is illicit access to a single police email account.<br> THE LAPSUS$ CONNECTION<br> The reality that teenagers are now impersonating law enforcement agencies to subpoena privileged data on their targets at whim is evident in the dramatic backstory behind LAPSUS$ , the data extortion group that <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/">recently hacked into some of the world’s most valuable technology companies</a> , including Microsoft , Okta , NVIDIA and Vodafone .<br> In <a rel="noreferrer" target="_blank" href="https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/">a blog post</a> about their recent hack, Microsoft said LAPSUS$ succeeded against its targets through a combination of low-tech attacks, mostly involving old-fashioned social engineering — such as bribing employees at or contractors for the target organization.<br> “Other tactics include phone-based social engineering; <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=sim+swapping">SIM-swapping</a> to facilitate account takeover; accessing personal email accounts of employees at target organizations; paying employees, suppliers, or business partners of target organizations for access to credentials and multi-factor authentication (MFA) approval; and intruding in the ongoing crisis-communication calls of their targets,” Microsoft wrote of LAPSUS$.<br> The roster of the now-defunct “Infinity Recursion” hacking team, from which some members of LAPSUS$ allegedly hail.<br> Researchers from security firms <a rel="noreferrer" target="_blank" href="https://www.unit221b.com">Unit 221B</a> and <a rel="noreferrer" target="_blank" href="https://www.paloaltonetworks.com">Palo Alto Networks</a> say that prior to launching LAPSUS$, the group’s leader “White” (a.k.a. “WhiteDoxbin,” “Oklaqq”) was a founding member of a cybercriminal group calling itself the “ <a rel="noreferrer" target="_blank" href="https://web.archive.org/web/20210410013319/http://recursion.team/">Recursion Team.</a> ” This group specialized in SIM swapping targets of interest and participating in <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=swatting">“swatting” attacks</a> , wherein fake bomb threats, hostage situations and other violent scenarios are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.<br> The founder of the Recursion Team was a then 14-year-old from the United Kingdom who used the handle “ Everlynn .” On April 5, 2021, Everlynn posted a new sales thread to the cybercrime forum cracked[.]to titled, “Warrant/subpoena service (get law enforcement data from any service).” The price: $100 to $250 per request.<br> Everlynn advertising a warrant/subpoena service based on fake EDRs. Image: Ke-la.com.<br> “Services [include] Apple, Snapchat, Google (more expensive), not doing Discord, basically any site mostly,” read Everlynn’s ad, which was posted by the user account “InfinityRecursion.”<br> A month prior on Cracked, Everlynn posted a sales thread, “1x Government Email Account || BECOME A FED!,” which advertised the ability to send email from a federal agency within the government of Argentina.<br> “I would like to sell a government email that can be used for subpoena for many companies such as Apple, Uber, Instagram, etc.,” Everlynn’s sales thread explained, setting the price at $150. “You can breach users and get private images from people on SnapChat like nudes, go hack your girlfriend or something haha. You won’t get the login for the account, but you’ll basically obtain everything in the account if you play your cards right. I am not legally responsible if you mishandle this. This is very illegal and you will get raided if you don’t use a vpn. You can also breach into the government systems for this, and find LOTS of more private data and sell it for way, way more.”<br> Last week, the BBC reported that authorities in the United Kingdom <a rel="noreferrer" target="_blank" href="https://www.bbc.com/news/technology-60864283">had detained seven individuals aged 16 to 21</a> in connection with LAPSUS$. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/#more-59088">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/">Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220329-121546/ Tue, 29 Mar 2022 12:15:46 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220329-121546/ March 29, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/03/29/free-software-free-infrastructure.html">It is important for free software to use free software infrastructure</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220329-081318/ Tue, 29 Mar 2022 08:13:18 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220329-081318/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-00897-8">Biden bids again to boost science spending — but faces long odds</a><br></p> <hr> The US president wants huge increases for clean energy and public health, but a divided Congress might not go along.<br> https://www.whatsupup.com/blog/incremental/comte/20220329-080647/ Tue, 29 Mar 2022 08:06:46 +0000 https://www.whatsupup.com/blog/incremental/comte/20220329-080647/ <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2022/03/29/A-20Software-20Estimation-20Method-20Where-20Every-20Task-20Is-20Estimated-20At-20Infinite-20Time.html">My Software Estimation Method, Where Every Task Is Estimated At Infinite Time</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220327-081941/ Sun, 27 Mar 2022 08:19:41 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220327-081941/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2015/05/12/pan-galactic-division-in-haskell/">Pan-Galactic Division in Haskell</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220327-081338/ Sun, 27 Mar 2022 08:13:38 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220327-081338/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/03/21/Prof-Dale-and-Me">Professor Dale and Me</a> · To misquote William Gibson: “The past is still here with us, just unevenly distributed.” I have a story to tell that stars Sergei Rachmaninoff and me. It starts just before 1900 in Moscow. My part ends around 1972 in the mountains of Lebanon, looking down over Beirut and the blue Mediterranean. It doesn’t have to do with computers and nothing in it matters to anyone living except me, but maybe you’ll enjoy a faintly exotic musical echo from a long time ago a long way away <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/03/21/Prof-Dale-and-Me">…</a> [5 comments]<br> https://www.whatsupup.com/blog/lienholder/alcoholism/20220327-002032/ Sun, 27 Mar 2022 00:20:31 +0000 https://www.whatsupup.com/blog/lienholder/alcoholism/20220327-002032/ Diesmal bei <a rel="noreferrer" target="_blank" href="https://twitter.com/hashtag/ichgebeauf?src=hash&ref_src=twsrc%5Etfw">#ichgebeauf</a> von <a rel="noreferrer" target="_blank" href="https://twitter.com/kriegundfreitag?ref_src=twsrc%5Etfw">@kriegundfreitag</a> : zeichnet bzw. malt eine Weihnachtskarte! <a rel="noreferrer" target="_blank" href="https://twitter.com/hashtag/kleinekunstklasse?src=hash&ref_src=twsrc%5Etfw">#kleinekunstklasse</a> <a rel="noreferrer" target="_blank" href="https://t.co/isvmDbtaly">pic.twitter.com/isvmDbtaly</a><br> https://www.whatsupup.com/blog/lienholder/alcoholism/20220326-201956/ Sat, 26 Mar 2022 20:19:56 +0000 https://www.whatsupup.com/blog/lienholder/alcoholism/20220326-201956/ <p><a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/blog/archive/2022/03/note-taking-in-emacs-with-howm.html">Note taking in Emacs with howm</a><br></p> <hr> Prelude and Motivation<br> After trying out and fiddling with a plethora of existing and self-written software to organize my notes, I have decided I need to stop experimentation and choose a solution that is sufficient, but most importantly, one that I actually will use and have migrated all my existing notes to. Note taking systems are not an end unto themselves.<br> Roughly speaking, my essential requirements are:<br> Something that works with plain text, and ideally supports Markdown as that is the syntax I publish most things in and I am most familiar with.<br> Something that can be used from Emacs, because that’s where I do most my text editing and writing.<br> Something that stores a note per file. This has just proved to be the most future-proof way.<br> Some basic means of connecting notes.<br> I found I don’t need these things:<br> Support for direct HTML publishing, as I realized that most of my notes are written for myself and I’ll put them up somewhere else for publishing. (This usually involves prior editing anyway.)<br> Having a fancy UI and graph displays. I consider these goodies I can easily go without.<br> Specialized productivity features like to-do lists, date scheduling or time tracking. These are out of scope for my use: I use a regular calendar for things with a deadline (which I’m blessed to have very few of) and will stick to simple to-do lists for my personal projects.<br> Many people would recommend me <a rel="noreferrer" target="_blank" href="https://orgmode.org/">org-mode</a> now, but I’ve never been a fan of its clunky syntax and I really don’t need most of the features. <a rel="noreferrer" target="_blank" href="https://www.orgroam.com/">org-roam</a> at first looked promising but linking between notes is quite complicated and the database dependency seems to be overkill for a personal note taking system on modern hardware.<br> I decided to settle on <a rel="noreferrer" target="_blank" href="http://howm.osdn.jp/">howm</a> , an Emacs mode that is not very well-known in the Western world but has gained a certain following in Japan.<br> It’s a roughly 20-year-old Emacs mode that’s still being used and maintained by its original author Kazuyuki Hiraoka, so I have confidence it will be around for some more time. You can format notes however you like, so I can use Markdown as I prefer. Notes are one file per note by default (but see below). It actually has features for date scheduling and to-do lists, but I won’t go deeper into them for now. Its code is reasonable simple and well structured, so I was able to extend it in a few ways easily, as I’ll detail at the end of this post.<br> What really sold me was this quote I found on the mailing list:<br> I cannot show a good general guide because I’m lazy, loose, and bad at tidying. I’ve already given up well-ordered notes. Howm may be suitable for those who are tired from strict systems.<br> — Kazuyuki Hiraoka<br> Such an undogmatic system is just right for my purposes.<br> How howm works<br> Since there are very few resources in English that explain howm (apart from this <a rel="noreferrer" target="_blank" href="https://web.archive.org/web/20060409123241/http://dto.twu.net/HowmTutorial.howm.html">2006 article</a> that got lost in time), I shall give a quick introduction for the interested reader:<br> howm is short for “Hitori Otegaru Wiki Modoki”, which roughly translates to “Single-user Easy Wiki Mode”.<br> The basic feature set of howm is very simple, and can be condensed into the mantra “write fragmentarily and read collectively”. Essentially, howm provides an Emacs minor mode for marking text to trigger certain searches. Since it is a minor mode, you can use whatever major mode you like to use for your writing (e.g., I currently use<br> markdown-mode<br> Howm notes are kept in a directory hierarchy that you can organize how you wish; by default a date-based system is used and filenames include the current timestamp at creation. This provides unique and sensible note identifiers, so I stick to it. You also can create explicitly named note files, but I haven’t found a use for them yet.<br> There are two essential kinds of markup howm cares about: note titles and links. By default, titles are marked up by putting a ‘<br> =<br> ’ at the beginning of the line, but this can be configured (and must be done so before loading<br> howm-mode<br> (!)). The benefit of adding a title to a note is that you can have the summary buffer show titles instead of matching lines, which can be helpful to get a better overview of search results. (The creator of howm is sceptical of titling all notes, I think it very much depends the average length of your notes. There is no requirement to use titles.)<br> There are two kinds of links supported by howm, namely goto and come-from (in a nod to INTERCAL). goto links are forward references and written like this:<br> >>> howm<br> Pressing return on this line when<br> is enabled will show a list of all occurences of the word<br> howm<br> in your notes directory.<br> In contrast, a come-from link is written like this:<br> <<< howm<br> And this will cause the word<br> in any howm-mode buffer to be underlined and trigger a search where the buffer with<br> will appear first.<br> Thus, compared to most contemporary hypertext systems, we not only have a means of explicitly linking to other notes, but also for creating implicit contextual links—which can help you find connections between your notes that you didn’t see yet…<br> It is straightforward to implement something like<br> #tags<br> WikiWords<br> using these features, if you wish to do so.<br> Additionally, howm provides an inline link syntax<br> [[...]]<br> that works like<br> >>><br> but can appear within a line. I make a suggestion below how to turn it into a direct link to the first page with the given title; but for now I decided not to use this very much.<br> The line-based nature of the<br> syntax prevents usage for “inline” links. After giving it some thought, I consider it a strength for a note-taking system to make forward links related to a paragraph and not part of a sentence. Additionally, it also makes the plain text easier to read as the link target is not interleaved into the text. (Compare with the use of reference-style links in Markdown.)<br> An aside: howm actually supports multiple notes per file by having multiple title lines in a file. The search summary will always show the title directly before the matching line. You can use<br> C-c , C<br> to create a new note in the current buffer. I don’t use this much, but I think it could be useful for glossary files that contain many short notes. Some people also use this for keeping multiple daily notes in a single file.<br> Using howm<br> Howm provides two main features to access notes: the menu and the summary buffer. The howm menu (shown with<br> C-c , ,<br> ) provides a very customizable view into your howm notes. By default it shows your schedule, recent notes, and random notes. You can access many howm features with a single keypress from the menu. Since I don’t use the scheduling feature, I mostly access howm from the summary buffer instead.<br> The howm summary buffer shows the result of a search (<br> C-c , g<br> ), a list of recent notes (<br> C-c , l<br> ), or an overview of all notes (<br> C-c , a<br> ). It is very convenient to see the matches and you get a preview of the note when you move the cursor to a search result. Typing RET will open the note for editing. Typing<br> T<br> will toggle between displaying matching lines or the titles of notes with matches.<br> In the summary buffer, you can also type<br> @<br> and read all matching notes in a concatenated way, so you get the full context of all notes at once.<br> Setting up and customizing howm<br> Basic setup is reasonably well documented in English, but I’ll summarize it here. You can get howm from ELPA these days, so installing is very easy. You should set some variables to configure it according to your needs:<br> ;; Directory configuration (setq howm-home-directory "~/prj/howm/") (setq howm-directory "~/prj/howm/") (setq howm-keyword-file (expand-file-name ".howm-keys" howm-home-directory)) (setq howm-history-file (expand-file-name ".howm-history" howm-home-directory)) (setq howm-file-name-format "%Y/%m/%Y-%m-%d-%H%M%S.md")<br> Here, we decide that<br> ~/prj/howm<br> is the base directory for our howm notes, and we also put the two auxiliary files howm uses there. Additionally, we change the default name format to end with<br> .md<br> (which also turns on markdown-mode by default).<br> Next, we want to use <a rel="noreferrer" target="_blank" href="https://github.com/BurntSushi/ripgrep">ripgrep</a> for searching howm. For my usage, plain GNU grep would be sufficient, but I want to use ripgrep in the next step too, so for consistency let’s use it for all searches:<br> ;; Use ripgrep as grep (setq howm-view-use-grep t) (setq howm-view-grep-command "rg") (setq howm-view-grep-option "-nH --no-heading --color never") (setq howm-view-grep-extended-option nil) (setq howm-view-grep-fixed-option "-F") (setq howm-view-grep-expr-option nil) (setq howm-view-grep-file-stdin-option nil)<br> The next addition is interactive search with ripgrep (<br> C-c , r<br> ). This is the most useful feature I added to howm myself. I think it provides a great way to interact with your notes, as you get instant feedback from your search terms, and can stop searching as soon as you found what you were looking for. I used<br> counsel-rg<br> as an inspiration for this, and we turn the ripgrep matches into a regular howm summary buffer for further consumption.<br> ;; counsel-rg for howm (defun howm-list--counsel-rg (match) (if (string= match "") (howm-list-all) (if (or (null ivy--old-cands) (equal ivy--old-cands '("No matches found"))) (message "No match") (let ((howm-view-use-grep #'(lambda (str file-list &optional fixed-p force-case-fold) (mapcar (lambda (cand) (if (string-match "\\`\\(.*\\):\\([0-9]+\\):\\(.*\\)\\'" cand) (let ((file (match-string-no-properties 1 cand)) (line (match-string-no-properties 2 cand)) (match-line (match-string-no-properties 3 cand))) (list (expand-file-name file howm-directory) (string-to-number line) match-line)))) ivy--old-cands)))) (howm-search ivy--old-re t) (riffle-set-place … https://www.whatsupup.com/blog/seer/hemisphere/20220326-041515/ Sat, 26 Mar 2022 04:15:14 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220326-041515/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-00845-6">Exclusive: Documents reveal NASA’s internal struggles over renaming Webb telescope</a><br></p> <hr> E-mails show agency’s controversial response to astronomers concerned about past LGBT+ discrimination.<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220326-000819/ Sat, 26 Mar 2022 00:08:19 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220326-000819/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/what-makes-a-great-component-library/">In this article, we’ll look at some of the key factors you’ll need to consider if you’re planning on creating and maintaining an effective component library, from choosing the right component library development tools and best practices like testing and documentation.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220326-000545/ Sat, 26 Mar 2022 00:05:44 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220326-000545/ An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of “cashing out” access to hacked bank accounts worldwide.<br> Maksim Berezan , 37, is an Estonian national who was arrested nearly two years ago in Latvia. U.S. authorities alleged Berezan was a longtime member of DirectConnection , a closely-guarded Russian cybercriminal forum that existed until 2015. Berezan’s <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/03/berezanindict.pdf">indictment</a> (PDF) says he used his status at DirectConnection to secure cashout jobs from other vetted crooks on the exclusive crime forum.<br> Berezan specialized in cashouts and “drops.” Cashouts refer to using stolen payment card data to make fraudulent purchases or to withdraw money from bank accounts without authorization. A drop is a location or individual able to securely receive and forward funds or goods obtained through cashouts or other types of fraud. Drops typically are used to make it harder for law enforcement to trace fraudulent transactions and to circumvent fraud detection measures used by banks and credit card companies.<br> Acting on information from U.S. authorities, in November 2020 Latvian police searched Berezan’s residence there and found a red Porsche Carrera 911, a black Porsche Cayenne, a Ducati motorcycle, and an assortment of jewelry. They also seized $200,000 in currency, and $1.7 million in bitcoin.<br> After Berezan was extradited to the United States in December 2020, investigators searching his electronic devices said they found “significant evidence of his involvement in ransomware activity.”<br> “The post-extradition investigation determined that Berezan had participated in at least 13 ransomware attacks, 7 of which were against U.S. victims, and that approximately $11 million in ransom payments flowed into cryptocurrency wallets that he controlled,” reads <a rel="noreferrer" target="_blank" href="https://www.justice.gov/usao-edva/pr/cybercriminal-connected-multimillion-dollar-ransomware-attacks-sentenced-online-fraud">a statement</a> from the U.S. Department of Justice .<br> Berezan pleaded guilty in April 2021 to conspiracy to commit wire fraud. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/estonian-tied-to-13-ransomware-attacks-gets-66-months-in-prison/#more-59083">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/estonian-tied-to-13-ransomware-attacks-gets-66-months-in-prison/">Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220325-162020/ Fri, 25 Mar 2022 16:20:20 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220325-162020/ <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/03/introducing-mdn-plus-make-mdn-your-own/">Introducing MDN Plus: Make MDN your own →</a><br></p> <hr> MDN is one of the most trusted resources for information about web standards, code samples, tools, and everything you need as a developer to create websites. Today, we are launching MDN Plus, our first step to providing a personalized and more powerful experience while continuing to invest in our always free and open webdocs.<br> https://www.whatsupup.com/blog/gonadal/revving/20220325-041830/ Fri, 25 Mar 2022 04:18:29 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220325-041830/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2007/09/01/squarefree-numbers-in-haskell/">Squarefree numbers in Haskell</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220325-041552/ Fri, 25 Mar 2022 04:15:51 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220325-041552/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-big-tech-antitrust-movement-is">The Big Tech Antitrust Movement Is Finally Showing Results</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-big-tech-antitrust-movement-is">In one week, Google opened direct payments to Android developers and Europe passed the Digital Markets Act. It’s not the return of the free market, but it’s something.</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20220325-041413/ Fri, 25 Mar 2022 04:14:12 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220325-041413/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/03/racing-against-clock-hitting-tiny.html">Racing against the clock – hitting a tiny kernel …</a> (Mar)<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220325-040800/ Fri, 25 Mar 2022 04:08:00 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220325-040800/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/snowflake-resource-optimization-app/">You can now use Retool to not only view query results about your Snowflake resources, but also to take action on them—all from one easy-to-use UI.</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20220325-001345/ Fri, 25 Mar 2022 00:13:44 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220325-001345/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/03/racing-against-clock-hitting-tiny.html">Racing against the clock – hitting a tiny kernel race window</a><br></p> <hr> TL;DR:<br> How to make a tiny kernel race window really large even on kernels without CONFIG_PREEMPT :<br> use a cache miss to widen the race window a little bit<br> make a timerfd expire in that window (which will run in an interrupt handler - in other words, in hardirq context)<br> make sure that the wakeup triggered by the timerfd has to churn through 50000 waitqueue items created by epoll<br> Racing one thread against a timer also avoids accumulating timing variations from two threads in each race attempt - hence the title. On the other hand, it also means you now have to deal with how hardware timers actually work, which introduces its own flavors of weird timing variations.<br> I recently discovered a race condition ( <a rel="noreferrer" target="_blank" href="https://crbug.com/project-zero/2247">https://crbug.com/project-zero/2247</a> ) in the Linux kernel. (While trying to explain to someone how <a rel="noreferrer" target="_blank" href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbcf01128d0a92e131bd09f1688fe032480b65ca">the fix for CVE-2021-0920</a> worked - I was explaining why the Unix GC is now safe, and then got confused because I couldn't actually figure out why it's safe after that fix, eventually realizing that it actually isn't safe.) It's a fairly narrow race window, so I was wondering whether it could be hit with a small number of attempts - especially on kernels that aren't built with CONFIG_PREEMPT , which would make it possible to preempt a thread with another thread, <a rel="noreferrer" target="_blank" href="https://static.sched.com/hosted_files/lsseu2019/04/LSSEU2019%20-%20Exploiting%20race%20conditions%20on%20Linux.pdf#page=12">as I described at LSSEU2019</a> .<br> This is a writeup of how I managed to hit the race on a normal Linux desktop kernel, with a hit rate somewhere around 30% if the proof of concept has been tuned for the specific machine. I didn't do a full exploit though, I stopped at getting evidence of use-after-free (UAF) accesses (with the help of a very large file descriptor table and <a rel="noreferrer" target="_blank" href="https://lwn.net/Articles/819834/">userfaultfd</a> , which might not be available to normal users depending on system configuration) because that's the part I was curious about.<br> This also demonstrates that even very small race conditions can still be exploitable if someone sinks enough time into writing an exploit, so be careful if you dismiss very small race windows as unexploitable or don't treat such issues as security bugs.<br> The UAF reproducer is <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/detail?id=2247#c6">in our bugtracker</a> .<br> In the UNIX domain socket garbage collection code (which is needed to deal with reference loops formed by UNIX domain sockets that use SCM_RIGHTS file descriptor passing), the kernel tries to figure out whether it can account for all references to some file by comparing the file's refcount with the number of references from inflight SKBs (socket buffers). If they are equal, it assumes that the UNIX domain sockets subsystem effectively has exclusive access to the file because it owns all references.<br> (The same pattern also appears for files as an optimization in __fdget_pos() , see <a rel="noreferrer" target="_blank" href="https://lore.kernel.org/lkml/CAG48ez1pnatAB095dnbrn9LbuQe4+ENwh-WEW36pM40ozhpruw@mail.gmail.com/">this LKML thread</a> .)<br> The problem is that struct file can also be referenced from an RCU read-side critical section (which you can't detect by looking at the refcount), and such an RCU reference can be upgraded into a refcounted reference using get_file_rcu() / get_file_rcu_many() by __fget_files() as long as the refcount is non-zero. For example, when this happens in the dup() syscall, the resulting reference will then be installed in the FD table and be available for subsequent syscalls.<br> When the garbage collector (GC) believes that it has exclusive access to a file, it will perform operations on that file that violate the locking rules used in normal socket-related syscalls such as recvmsg() - unix_stream_read_generic() assumes that queued SKBs can only be removed under the ->iolock mutex, but the GC removes queued SKBs without using that mutex. (Thanks to Xingyu Jin for explaining that to me.)<br> One way of looking at this bug is that the GC is working correctly - here's a state diagram showing some of the possible states of a struct file , with more specific states nested under less specific ones and with the state transition in the GC marked:<br> While __fget_files() is making an incorrect assumption about the state of the struct file while it is trying to narrow down its possible states - it checks whether get_file_rcu() / get_file_rcu_many() succeeds, which narrows the file's state down a bit but not far enough:<br> And this directly leads to how <a rel="noreferrer" target="_blank" href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9185d4f5eb9a90282d1ce74772969">the bug was fixed</a> (there's <a rel="noreferrer" target="_blank" href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e386dfc56f837da66d00a078e5314bc8382fab83">another follow-up patch</a> , but that one just tries to clarify the code and recoup some of the resulting performance loss) - the fix adds another check in __fget_files() to properly narrow down the state of the file such that the file is guaranteed to be live :<br> The fix ensures that a live reference can only be derived from another live reference by comparing with an FD table entry, which is guaranteed to point to a live object.<br> [Sidenote: This scheme is similar to the one used for struct page - gup_pte_range() also uses the "grab pointer, increment refcount, recheck pointer" pattern for locklessly looking up a struct page from a page table entry while ensuring that new refcounted references can't be created without holding an existing reference. This is really important for struct page because a page can be given back to the page allocator and reused while gup_pte_range() holds an uncounted reference to it - freed pages still have their struct page , so there's no need to delay freeing of the page - so if this went wrong, you'd get a page UAF.]<br> My initial suggestion was to instead fix the issue by changing how unix_gc() ensures that it has exclusive access, letting it set the file's refcount to zero to prevent turning RCU references into refcounted ones; this would have avoided adding any code in the hot __fget_files() path, but it would have only fixed unix_gc() , not the __fdget_pos() case I discovered later, so it's probably a good thing this isn't how it was fixed:<br> [Sidenote: In my original bug report I wrote that you'd have to wait an RCU grace period in the GC for this, but that wouldn't be necessary as long as the GC ensures that a reaped socket's refcount never becomes non-zero again.]<br> The race<br> There are multiple race conditions involved in exploiting this bug, but by far the trickiest to hit is that we have to race an operation into the tiny race window in the middle of __fget_files() (which can e.g. be reached via dup() ), between the file descriptor table lookup and the refcount increment:<br> static struct file *__fget_files(struct files_struct *files, unsigned int fd,<br> fmode_t mask, unsigned int refs)<br> struct file *file;<br> rcu_read_lock();<br> loop:<br> file = files_lookup_fd_rcu(files, fd) ; // race window start<br> if (file) {<br> /* File object ref couldn't be taken.<br> * dup2() atomicity guarantee is the reason<br> * we loop to catch the new file (or NULL pointer)<br> */<br> if (file->f_mode & mask)<br> file = NULL;<br> else if (! get_file_rcu_many(file, refs) ) // race window end<br> goto loop;<br> rcu_read_unlock();<br> return file;<br> In this race window , th e file descriptor must be closed (to drop the FD's reference to the file) and a unix_gc() run must get past the point where it checks the file's refcount (" total_refs = file_count(u->sk.sk_socket->file) ").<br> In the Debian 5.10.0-9-amd64 kernel at version 5.10.70-1, that race window looks as follows:<br> <__fget_files+0x1e> cmp    r10,rax<br> <__fget_files+0x21> sbb    rax,rax<br> <__fget_files+0x24> mov    rdx,QWORD PTR [r11+0x8]<br> <__fget_files+0x28> and    eax,r8d<br> <__fget_files+0x2b> lea    rax,[rdx+rax*8]<br> <__fget_files+0x2f> mov    r12,QWORD PTR [rax] ; RACE WINDOW START<br> ; r12 now contains file*<br> <__fget_files+0x32> test   r12,r12<br> <__fget_files+0x35> je     ffffffff812e3df7 <__fget_files+0x77><br> <__fget_files+0x37> mov    eax,r9d<br> <__fget_files+0x3a> and    eax,DWORD PTR [r12+0x44] ; LOAD (for ->f_mode)<br> <__fget_files+0x3f> jne    ffffffff812e3df7 <__fget_files+0x77><br> <__fget_files+0x41> mov    rax,QWORD PTR [r12+0x38] ; LOAD (for ->f_count)<br> <__fget_files+0x46> lea    rdx,[r12+0x38]<br> <__fget_files+0x4b> test   rax,rax<br> <__fget_files+0x4e> je     ffffffff812e3def <__fget_files+0x6f><br> <__fget_files+0x50> lea    rcx,[rsi+rax*1]<br> <__fget_files+0x54> lock cmpxchg QWORD PTR [rdx],rcx ; RACE WINDOW END (on cmpxchg success)<br> As you can see, the race window is fairly small - around 12 instructions, assuming that the cmpxchg succeeds.<br> Missing some cache<br> Luckily for us, the race window contains the first few memory accesses to the struct file ; therefore, by making sure that the struct file is not present in the fastest CPU caches, we can widen the race window by as much time as the memory accesses take. The standard way to do this is to use an eviction pattern / <a rel="noreferrer" target="_blank" href="https://www.cs.columbia.edu/~simha/spyjs.ccs15.pdf">eviction set</a> ; but instead we can also make the cache line dirty on another core (see <a rel="noreferrer" target="_blank" href="https://dreamsofastone.blogspot.com/2016/02/row-hammer-java-script-and-mesi.html">Anders Fogh's blogpost</a> for more detail). (I'm not actually sure about the intricacies of how much latency this adds on different manufacturers' CPU cores, or on different CPU generations - I've only tested different versions of my proof-of-concept on Intel Skylake and Tiger Lake. Differences in cache coherency protocols or snooping might make a big difference.)<br> For the cache line containing the flags and refcount of a struct file , this can be done by, on another CPU, temporarily bumping its refcount up and then changing it back down, e.g. with close(dup(fd)) (or just by accessing the FD in pretty much any way from a multithreaded process).<br> However, when we're trying to hit the race in __fget_files() via dup() , we don't want any cache misses to occur before we hit the race window - that would slow us down and probably make us miss the race. To prevent that from happening, we can call dup() with a different FD number for a warm-up run shortly before attempting the race. Because we also want the relevant cache line in the FD table to be hot, we should choose the FD number for the warm-up run such that it uses the same cache line of the file descriptor table.<br> An … https://www.whatsupup.com/blog/buckeroo/doubling/20220324-161923/ Thu, 24 Mar 2022 16:19:22 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220324-161923/ March 24, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/03/24/Netherlands-update.html">The Netherlands so far</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220324-161917/ Thu, 24 Mar 2022 16:19:17 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220324-161917/ <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/03/introducing-mdn-plus-make-mdn-your-own/">Introducing MDN Plus: Make MDN your own</a><br></p> <hr> MDN is one of the most trusted resources for information about web standards, code samples, tools, and everything you need as a developer to create websites. In 2015, we explored how we could expand beyond documentation to provide a structured learning experience. Our first foray was the Learning Area, with the goal of providing a […]<br> https://www.whatsupup.com/blog/boxed/modification/20220324-161508/ Thu, 24 Mar 2022 16:15:08 +0000 https://www.whatsupup.com/blog/boxed/modification/20220324-161508/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#celebration-of-mind">celebration-of-mind</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#jokes">jokes</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#litclub">litclub</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#math">math</a><br> The other week, I attended a book club on Kafka’s short story <a rel="noreferrer" target="_blank" href="https://cpb-us-w2.wpmucdn.com/campuspress.yale.edu/dist/1/2391/files/2018/12/Kafka-The-Burrow-1jcjgv3.pdf">The Burrow</a> . It’s a quite frankly brilliant portrayal of neuroticism. The titular burrow reads like a metaphor for so many things at once: a house, a body of work, a life history. The story (translated by <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Willa_Muir">Willa and Edwin Muir</a> ) is quotable and yet, somehow, no pull quote could be satisfactory; all I can recommend is that you go read it!<br> https://www.whatsupup.com/blog/ideo/fleury/20220324-160557/ Thu, 24 Mar 2022 16:05:56 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220324-160557/ Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$ , a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.<br> First surfacing in December 2021 with an extortion demand on Brazil’s Ministry of Health, LAPSUS$ made headlines more recently for posting screenshots of internal tools tied to a number of major corporations, including NVIDIA, Samsung, and Vodafone.<br> On Tuesday, LAPSUS$ announced via its Telegram channel it was releasing source code stolen from Microsoft. In <a rel="noreferrer" target="_blank" href="https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/">a blog post</a> published Mar. 22, Microsoft said it interrupted the LAPSUS$ group’s source code download before it could finish, and that it was able to do so because LAPSUS$ publicly discussed their illicit access on their Telegram channel before the download could complete.<br> One of the LAPSUS$ group members admitted on their Telegram channel that the Microsoft source code download had been interrupted.<br> “This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact,” Microsoft wrote. “No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.”<br> While it may be tempting to dismiss LAPSUS$ as an immature and fame-seeking group, their tactics should make anyone in charge of corporate security sit up and take notice. Microsoft says LAPSUS$ — which it boringly calls “ DEV-0537 ” — mostly gains illicit access to targets via “social engineering.” This involves bribing or tricking employees at the target organization or at its myriad partners, such as customer support call centers and help desks.<br> “Microsoft found instances where the group successfully gained access to target organizations through recruited employees (or employees of their suppliers or business partners),” Microsoft wrote. The post continues:<br> “DEV-0537 advertised that they wanted to buy credentials for their targets to entice employees or contractors to take part in its operation. For a fee, the willing accomplice must provide their credentials and approve the MFA prompt or have the user install AnyDesk or other remote management software on a corporate workstation allowing the actor to take control of an authenticated system. Such a tactic was just one of the ways DEV-0537 took advantage of the security access and business relationships their target organizations have with their service providers and supply chains.”<br> The LAPSUS$ Telegram channel has grown to more than 45,000 subscribers, and Microsoft points to an ad LAPSUS$ posted there offering to recruit insiders at major mobile phone providers, large software and gaming companies, hosting firms and call centers.<br> Sources tell KrebsOnSecurity that LAPSUS$ has been recruiting insiders via multiple social media platforms since at least November 2021. One of the core LAPSUS$ members who used the nicknames “Oklaqq” and “WhiteDoxbin” <a rel="noreferrer" target="_blank" href="https://camas.github.io/reddit-search/#%7B%22author%22:%22oklaqq%22,%22searchFor%22:1,%22resultSize%22:100%7D">posted recruitment messages to Reddit last year</a> , offering employees at AT&T, T-Mobile and Verizon up to $20,000 a week to perform “inside jobs.”<br> LAPSUS$ leader Oklaqq a.k.a. “WhiteDoxbin” offering to pay $20,000 a week to corrupt employees at major mobile providers.<br> Many of LAPSUS$’s recruitment ads are written in both English and Portuguese. According to cyber intelligence firm <a rel="noreferrer" target="_blank" href="https://www.flashpoint-intel.com">Flashpoint</a> , the bulk of the group’s victims (15 of them) have been in Latin America and Portugal.<br> “LAPSUS$ currently does not operate a clearnet or darknet leak site or traditional social media accounts—it operates solely via Telegram and email,” Flashpoint wrote in an analysis of the group. “LAPSUS$ appears to be highly sophisticated, carrying out increasingly high-profile data breaches. The group has claimed it is not state-sponsored. The individuals behind the group are likely experienced and have demonstrated in-depth technical knowledge and abilities.”<br> Microsoft said LAPSUS$ has been known to target the personal email accounts of employees at organizations they wish to hack, knowing that most employees these days use some sort of VPN to remotely access their employer’s network.<br> “In some cases, [LAPSUS$] first targeted and compromised an individual’s personal or private (non-work-related) accounts giving them access to then look for additional credentials that could be used to gain access to corporate systems,” Microsoft wrote. “Given that employees typically use these personal accounts or numbers as their second-factor authentication or password recovery, the group would often use this access to reset passwords and complete account recovery actions.”<br> In other cases, Microsoft said, LAPSUS$ has been seen calling a target organization’s help desk and attempting to convince support personnel to reset a privileged account’s credentials.<br> “The group used the previously gathered information (for example, profile pictures) and had a native-English-sounding caller speak with the help desk personnel to enhance their social engineering lure,” Microsoft explained. “Observed actions have included DEV-0537 answering common recovery prompts such as “first street you lived on” or “mother’s maiden name” to convince help desk personnel of authenticity. Since many organizations outsource their help desk support, this tactic attempts to exploit those supply chain relationships, especially where organizations give their help desk personnel the ability to elevate privileges.”<br> LAPSUS$ recruiting insiders via its Telegram channel.<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/">A Closer Look at the LAPSUS$ Data Extortion Group</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220324-041822/ Thu, 24 Mar 2022 04:18:22 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220324-041822/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2017/01/13/my-new-programming-languages-course/">My new programming languages course</a><br> https://www.whatsupup.com/blog/doable/warrantable/20220323-201314/ Wed, 23 Mar 2022 20:13:14 +0000 https://www.whatsupup.com/blog/doable/warrantable/20220323-201314/ <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/persistent-disks-and-replication-9b9412fd9565?source=user_profile---------7-------------------------------">Persistent Disks and Replication If you are a cloud user, you probably have seen how unconventional storage options can get. This is even true for disks you access from your virtual machines. There are not many ongoing conversations or references about the underlying details of core infrastructure. One such lacking conversation is how fundamentally…</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220323-200609/ Wed, 23 Mar 2022 20:06:09 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220323-200609/ “Russia has strict regulations against processing for the gambling business,” Horohorin said. “While Russian banks can’t do it, Ukrainian ones can, so we have Ukrainian banks processing gambling and casinos, which mostly Russian gamblers use. What Pavel does is he blackmails those Ukrainian banks using his connections and knowledge. Some pay, some don’t. But some people are not very tolerant of that kind of abuse.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/spam-nation-villain-vrublevsky-charged-with-fraud/#more-58914">Continue reading →</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220323-121419/ Wed, 23 Mar 2022 12:14:19 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220323-121419/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/03/04/Get-Computer-Glasses">Get Computer Glasses</a> · Let me guess: You spend a lot of time in front of a computer, to which is attached a large high-resolution outboard screen, and you’re over 40, and you have glasses on your face. A lot of you will already know this, but if you don’t, run not walk to the nearest optometrist, get your eyes checked, and order a set of “computer glasses”. Trust me on this <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/03/04/Get-Computer-Glasses">…</a> [14 comments]<br> https://www.whatsupup.com/blog/ideo/fleury/20220322-200556/ Tue, 22 Mar 2022 20:05:54 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220322-200556/ Pavel Vrublevsky , founder of the Russian payment technology firm ChronoPay and the antagonist in my 2014 book “ <a rel="noreferrer" target="_blank" href="https://www.amazon.com/dp/B00L5QGBL0/ref=dp-kindle-redirect?_encoding=UTF8&btkr=1">Spam Nation</a> ,” was arrested in Moscow this month and charged with fraud. Russian authorities allege Vrublevsky operated several fraudulent SMS-based payment schemes, and facilitated money laundering for Hydra , the largest Russian darknet market. But according to information obtained by KrebsOnSecurity, it is equally likely Vrublevsky was arrested thanks to his propensity for carefully documenting the links between Russia’s state security services and the cybercriminal underground.<br> An undated photo of Vrublevsky at his ChronoPay office in Moscow.<br> ChronoPay specializes in providing access to the global credit card networks for “high risk” merchants — businesses involved in selling services online that tend to generate an unusually large number of chargebacks and reports of fraud, and hence have a higher risk of failure.<br> When I first began writing about Vrublevsky <a rel="noreferrer" target="_blank" href="http://voices.washingtonpost.com/securityfix/2009/07/following_the_money_trail_of_r.html">in 2009 as a reporter for The Washington Post</a> , ChronoPay and its sister firm Red & Partners (RNP) were earning millions setting up payment infrastructure <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2011/03/chronopays-scareware-diaries/">for fake antivirus peddlers</a> and <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2011/02/russian-cops-crash-pill-pusher-party/">spammers pimping male enhancement drugs</a> .<br> Using the hacker alias “ RedEye ,” the ChronoPay CEO oversaw a burgeoning pharmacy spam affiliate program called <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=rx-promotion">Rx-Promotion</a> , which paid some of Russia’s most talented spammers and virus writers to bombard the world with junk email promoting Rx-Promotion’s pill shops. RedEye also was the administrator of Crutop , a Russian language forum and affiliate program that catered to thousands of adult webmasters.<br> In 2013, Vrublevsky was <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2013/08/pavel-vrublevsky-sentenced-to-2-5-years/">sentenced to 2.5 years in a Russian penal colony</a> for convincing one of his top affiliates to launch a distributed denial-of-service (DDoS) attack against a competitor that shut down the ticketing system for the state-owned Aeroflot airline.<br> Following his release from jail, Vrublevsky began working on a new digital payments platform based in Hong Kong called HPay Ltd (a.k.a. Hong Kong Processing Corporation). HPay appears to have had a great number of clients that were running schemes which bamboozled people with fake lotteries and prize contests.<br> According to Russian prosecutors, the scam went like this: Consumers would receive an SMS with links to sites that falsely claimed a number of well-known companies were sponsoring drawings and lotteries for people who enrolled or agreed to answer surveys. All who responded were told they were winners, but also that they had to pay a commission to pick up the prize. That scheme allegedly stole 500 million rubles (~ USD $4.5 million) from over 100,000 consumers.<br> There are scant public records that show a connection between ChronoPay and HPay, apart from the fact that the latter’s website — hpay[.]io — was originally hosted on the same server (185.111.218.63) along with a handful of other domains, including Vrublevsky’s personal website rnp[.]com .<br> But then earlier this month, KrebsOnSecurity received a large amount of information that was stolen from ChronoPay recently when hackers managed to compromise the company’s Confluence server. Confluence is a web-based corporate wiki platform, and ChronoPay used their Confluence installation to document in exquisite detail how it creatively distributes the risk associated with high-risk processing by routing transactions through a myriad of shell companies and third-party processors.<br> A Google-translated snippet of the hacked ChronoPay Confluence installation. Click to enlarge.<br> Incredibly, Vrublevsky himself appears to have used ChronoPay’s Confluence wiki to document his entire 20+ years of personal and professional history in the high-risk payments space, including the company’s most recent forays with HPay. The latest document in the hacked archive is dated April 2021.<br> These diary entries, interspersed between highly technical how-tos, are all written in Russian and in the third person. But they are unmistakably Vrublevsky’s words: Some of the elaborate stories in the wiki were identical to theories that Vrublevsky himself espoused to me throughout hundreds of hours of phone interviews. Also, in some of the entries the narrator switches from “he” to “I” when describing the actions of Vrublevsky.<br> Vrublevsky’s memoire/wiki invokes the nicknames and real names of Russian hackers who worked with the protection of corrupt officials in the Russian Federal Security Service (FSB), the successor agency to the Soviet KGB. In several diary entries, Vrublevsky writes about various cybercriminals and Russian law enforcement officials involved in processing credit card payments tied to online gambling sites.<br> Russian banks are prohibited from processing payments for online gambling, and as a result many online gaming sites catering to Russian speakers have chosen to process credit card payments through Ukrainian financial institutions.<br> That’s according to Vladislav “BadB” Horohorin , the convicted cybercriminal who shared the ChronoPay Confluence data with KrebsOnSecurity. In February 2017, Horohorin was released after serving four years in a U.S. prison for his role in the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Vladislav_Horohorin">2009 theft of more than $9 million from RBS Worldpay</a> .<br> Horohorin said Vrublevsky has been using his knowledge of the card processing networks to extort people in the online gambling industry who may run afoul of Russian laws.<br> “Russia has strict regulations against processing for the gambling business,” Horohorin said. “While Russian banks can’t do it, Ukrainian ones can, so we have Ukrainian banks processing gambling and casinos, which mostly Russian gamblers use. What Pavel does is he blackmails those Ukrainian banks using his connections and knowledge. Some pay, some don’t. But some people are not very tolerant of that kind of abuse.”<br> A native of Donetsk, Ukraine, Horohorin told KrebsOnSecurity he hacked and shared the ChronoPay Confluence installation because Vrublevsky had threatened a family member. Horohorin believes Vrublevsky secretly operated the “ bad bank ” channel on Telegram, which calls attention to online gambling operations that are violating Visa and MasterCard regulations (violations that can bring the violator hundreds of thousands of dollars in fines).<br> “Pavel scrupulously wrote his diary for a long time, and there is a lot of information on the people he knows,” Horohorin told KrebsOnSecurity. “My understanding is he wrote this in order to blackmail people later. There is a lot of interesting stuff, a lot of names and a lot of very intimate info about Russian card processing market, as well as Pavel’s own escapades.”<br> ChronoPay’s hacked Confluence server contains many diary entries about major players in the Russian online gambling and bookmaking industries.<br> Among the escapades recounted in the ChronoPay founder’s diaries are multiple stories involving the self-proclaimed “King of Fraud!” Aleksandr “Nastra” Zhukov , a Russian national who ran an advertising fraud network dubbed “ <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2016/12/report-3-5m-in-ad-fraud-daily-from-methbot/">Methbot</a> ” that stole $7 million from publishers through bots made to look like humans watching videos online.<br> The journal explains that Zhukov lived with a ChronoPay employee and had a great deal of interaction with ChronoPay’s high-risk department, so much so that Zhukov at one point gave Vrublevsky a $100,000 jeweled watch as a gift. Zukhov was arrested in Bulgaria in 2018 and extradited to the United States. Following a jury trial in New York that ended last year, Zhukov was <a rel="noreferrer" target="_blank" href="https://www.justice.gov/usao-edny/pr/russian-cybercriminal-sentenced-10-years-prison-digital-advertising-fraud-scheme">sentenced to 10 years in prison</a> .<br> According to the Russian news outlet Kommersant , Vrublevsky and company operated “ Inferno Pay ,” a payments portal that worked with Hydra, the largest Russian darknet market for illicit goods, including drug trafficking, malware, and counterfeit money and documents.<br> Inferno Pay, a cryptocurrency and payment API allegedly operated by the ChronoPay CEO.<br> “The services of Inferno Pay, whose commission came to 30% of the transaction, were actively used by online casinos,” Kommersant <a rel="noreferrer" target="_blank" href="https://www.kommersant.ru/doc/5251902">wrote on Mar. 12</a> .<br> The drama surrounding Vrublevsky’s most recent arrest is reminiscent of events leading up to his imprisonment nearly a decade ago, when <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2011/06/organization-chart-reveals-chronopay%e2%80%99s-links-to-shady-internet-projects/">several years’ worth of ChronoPay internal emails were leaked online</a> .<br> Kommersant said Russian authorities also searched the dwelling of Dmitry Artimovich , a former ChronoPay director who along with his brother Igor was responsible for <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2012/06/who-is-the-festi-botmaster/">running the Festi botnet</a> , the same spam botnet that was used for years to pump out junk emails promoting Vrublevsky’s pharmacy affiliate websites. Festi also was the botnet used in the DDoS attack that sent Vrubelvsky to prison for two years in 2013.<br> Artimovich says he had a falling out with Vrublevsky roughly five years ago, and he’s been suing the company ever since. In a message to KrebsOnSecurity, Artimovich said while Vrublevsky was involved in a lot of shady activities, he doubts Vrublevksy’s arrest was really about SMS payment scams as the government claims.<br> “I do not think that it was a reason for his arrest,” Artimovich said. “O ur law enforcement usually don’t give a shit about sites like this. And I don’t think that Vrublevsky made much money there. I believe he angered some high-ranking person. Because the scale of the case is much larger than Aeroflot. Police made search of 22 people. Illegal seizure of money, computers.”<br> The Hydra darknet market. Image: bitcoin.com<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/spam-nation-villain-vrublevsky-charged-with-fraud/">‘Spam Nation’ Villain Vrublevsky Charged With Fraud</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20220322-082028/ Tue, 22 Mar 2022 08:20:28 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220322-082028/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/03/podcast-episode-hack-future">Podcast Episode: Hack to the Future</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20220322-082025/ Tue, 22 Mar 2022 08:20:25 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20220322-082025/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/03/podcast-episode-hack-future">Podcast Episode: Hack to the Future</a><br> https://www.whatsupup.com/blog/incremental/comte/20220320-120800/ Sun, 20 Mar 2022 12:08:00 +0000 https://www.whatsupup.com/blog/incremental/comte/20220320-120800/ <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2022/03/20/Proportionate-20Growth-20Software-20Estimation.html">Proportionate-Growth Software Estimation</a><br> https://www.whatsupup.com/blog/doable/warrantable/20220320-081252/ Sun, 20 Mar 2022 08:12:51 +0000 https://www.whatsupup.com/blog/doable/warrantable/20220320-081252/ <p><a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/correlation-in-latency-analysis-419357b93287?source=user_profile---------3-------------------------------">Correlation in Latency Analysis This article was my response to Amazon’s writing assessment when I was interviewed. I answered the question of “What is the most inventive or innovative thing you’ve done? It doesn’t have to be something that’s patented. It could be a process change, product idea, a new metric or customer facing…</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/health-availability-debuggability-5b0ab300b35c?source=user_profile---------8-------------------------------">Health, Availability, Debuggability As we collect various observability signals from systems, it fosters a new conversation around the classification of the signals. There is a significant discussion on observability signals and even strong advocacy for one signal over the other. Metrics, events, logs, traces or others? In order to provide some structure…</a><br> https://www.whatsupup.com/blog/doable/warrantable/20220319-041214/ Sat, 19 Mar 2022 04:12:14 +0000 https://www.whatsupup.com/blog/doable/warrantable/20220319-041214/ <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/how-does-spanner-avoid-single-point-of-failures-in-writes-4f7765cd894?source=user_profile---------5-------------------------------">How Does Spanner Avoid Single Point of Failures in Writes? Google’s Spanner is a relational database with 99.999% availability which translates to 5 mins of downtime a year. Spanner is a distributed system and can span multiple machines, multiple datacenters (and even geographical regions when configured). It splits the records automatically among its replicas and provides automatic failover. Unlike traditional…</a><br> https://www.whatsupup.com/blog/doable/warrantable/20220319-001353/ Sat, 19 Mar 2022 00:13:53 +0000 https://www.whatsupup.com/blog/doable/warrantable/20220319-001353/ <p><a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/correlation-in-latency-analysis-419357b93287?source=user_profile---------3-------------------------------">Correlation in Latency Analysis This article was my response to Amazon’s writing assessment when I was interviewed. I answered the question of “What is the most inventive or innovative thing you’ve done? It doesn’t have to be something that’s patented. …</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/how-does-spanner-avoid-single-point-of-failures-in-writes-4f7765cd894?source=user_profile---------5-------------------------------">How Does Spanner Avoid Single Point of Failures in Writes? Google’s Spanner is a relational database with 99.999% availability which translates to 5 mins of downtime a year. Spanner is a distributed system and can span multiple machines, multiple datacenters (and even geographical regions when configured). It splits the records automatically among its replicas and provides automatic failover. …</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/persistent-disks-and-replication-9b9412fd9565?source=user_profile---------7-------------------------------">Persistent Disks and Replication If you are a cloud user, you probably have seen how unconventional storage options can get. This is even true for disks you access from your virtual machines. There are not many ongoing conversations or references about the underlying details of core infrastructure. …</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/health-availability-debuggability-5b0ab300b35c?source=user_profile---------8-------------------------------">Health, Availability, Debuggability As we collect various observability signals from systems, it fosters a new conversation around the classification of the signals. There is a significant discussion on observability signals and even strong advocacy for one signal over the other. Metrics, events, logs, traces or others? …</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220319-000925/ Sat, 19 Mar 2022 00:09:25 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220319-000925/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/building-a-react-navbar/">Learn how to create a simple navbar in React, using Bootstrap and Tailwind.</a><br> https://www.whatsupup.com/blog/sited/implore/20220318-201558/ Fri, 18 Mar 2022 20:15:57 +0000 https://www.whatsupup.com/blog/sited/implore/20220318-201558/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/18/technology/zuckerberg-meta-privacy-lawsuit.html">A judge throws out D.C.’s attempt to name Zuckerberg in a privacy lawsuit. D.C.’s attorney general had waited too long to add Mark Zuckerberg as a defendant in the suit against Meta, the judge said. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/doable/warrantable/20220318-201223/ Fri, 18 Mar 2022 20:12:23 +0000 https://www.whatsupup.com/blog/doable/warrantable/20220318-201223/ <p><a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/three-ways-to-trace-end-to-end-f61181d6db63?source=user_profile---------0-------------------------------">Three Ways to Trace End-to-end Having end-to-end distributed traces is a huge challenge for any project. In distributed tracing, end-to-end tracing is a term often used to refer to traces that capture most components in a critical path. Imagine an HTTP request made to trigger a Lambda function. Being able to see the HTTP client…</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://medium.com/tag/distributed-tracing?source=user_profile--------------------distributed_tracing--------------------">Distributed Tracing</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/three-ways-to-trace-end-to-end-f61181d6db63?source=user_profile---------0-------------------------------">4 min read</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/why-is-metric-collection-still-a-hard-problem-in-2020-a901ba1e028f?source=user_profile---------1-------------------------------">Why is metric collection still a hard problem in 2020? Metric collection keeps being one of the hard problems. We’ve been collecting metrics for a very long time, so why is this a hard problem still in 2020? Our workloads are becoming larger and more sophisticated. In order to produce useful metric data, we are producing and collecting richer metric…</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://medium.com/tag/monitoring?source=user_profile--------------------monitoring--------------------">Monitoring</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/what-did-i-forget-by-working-for-the-same-company-c51b52ce2f8c?source=user_profile---------2-------------------------------">What did I forget by working for the same company? My Saturday morning coffee is disrupted by this tweet: “xooglers always be like ‘at google we…’ — devonbl A month into my departure from Google, I can relate to this. It annoys me probably more than my current coworkers at AWS because they know it’s ok to make comparisons when…</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://medium.com/tag/observability?source=user_profile--------------------observability--------------------">Observability</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/spanners-sql-story-79bda8bb632d?source=user_profile---------4-------------------------------">Spanner’s SQL Story Spanner is a distributed database Google initiated a while ago to build a highly available and highly consistent database for its own workloads. Spanner was initially built to be a key/value and was in a completely different shape than it is today and it had different goals. Since the beginning…</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://medium.com/tag/distributed-systems?source=user_profile--------------------distributed_systems--------------------">Distributed Systems</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/things-i-wished-more-developers-knew-about-databases-2d0178464f78?source=user_profile---------6-------------------------------">Things I Wished More Developers Knew About Databases A large majority of computer systems have some state and are likely to depend on a storage system. My knowledge on databases accumulated over time, but along the way our design mistakes caused data loss and outages. In data-heavy systems, databases are at the core of system design goals and…</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://medium.com/tag/database?source=user_profile--------------------database--------------------">Database</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://medium.com/tag/cloud-computing?source=user_profile--------------------cloud_computing--------------------">Cloud Computing</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/google-cloud-run-for-go-ec09ddbba111?source=user_profile---------9-------------------------------">Google Cloud Run for Go Google Cloud recently launched a fully managed container execution environment called Cloud Run. It is an environment specifically for request-driven workloads. It provides autoscaling, scaling down to zero, pretty fast deployments, automatic HTTPS support, global names and more. Google Cloud Run doesn’t have language runtime restrictions as soon as the…</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://medium.com/tag/google-cloud?source=user_profile--------------------google_cloud--------------------">Google Cloud</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220318-160617/ Fri, 18 Mar 2022 16:06:17 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220318-160617/ Researchers are tracking a number of open-source “ protestware ” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses.<br> The <a rel="noreferrer" target="_blank" href="https://github.com/ThorgrimGrudgebearer/GreatBookOfGrudges/blob/main/README.md">upstart tracking effort</a> is being crowdsourced via Telegram , but the output of the Russian research group is centralized in <a rel="noreferrer" target="_blank" href="https://docs.google.com/spreadsheets/d/1H3xPB4PgWeFcHjZ7NOPtrcya_Ua4jUolWm-7z9-jSpQ/htmlview?pru=AAABf7z88MA*ITSp0EBrKinw0LjFWZ9tzQ#gid=2074850979">a Google Spreadsheet that is open to the public</a> . Most of the GitHub code repositories tracked by this group include relatively harmless components that will either display a simple message in support of Ukraine, or show statistics about the war in Ukraine — such as casualty numbers — and links to more information on the Deep Web.<br> For example, the popular library ES5-ext hadn’t updated its code in nearly two years. But on March 7, the code project added a component “ <a rel="noreferrer" target="_blank" href="https://github.com/medikoo/es5-ext/commit/28de285ed433b45113f01e4ce7c74e9a356b2af2">postinstall.js</a> ,” which checks to see if the user’s computer is tied to a Russian Internet address. If so, the code broadcasts a “Call for peace:”<br> A message that appears for Russian users of the popular es5-ext code library on GitHub. The message has been Google-Translated from Russian to English.<br> A more concerning example can be found at the GitHub page for “ vue-cli ,” a popular Javascript framework for building web-based user interfaces. On March 15, users discovered <a rel="noreferrer" target="_blank" href="https://github.com/vuejs/vue-cli/issues/7054">a new component had been added</a> that was designed to wipe all files from any systems visiting from a Russian or Belarusian Internet address (the malicious code has since been removed):<br> Readers complaining that an update to the popular Vue-Cli package sought to wipe files if the user was coming from a Russian IP address.<br> “Man, I love politics in my APIs,” GitHub user “ MSchleckser ” commented wryly on Mar. 15. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/pro-ukraine-protestware-pushes-antiwar-ads-geo-targeted-malware/#more-58969">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/pro-ukraine-protestware-pushes-antiwar-ads-geo-targeted-malware/">Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220318-041641/ Fri, 18 Mar 2022 04:16:40 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220318-041641/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/tiktoks-golden-opportunity">TikTok’s Golden Opportunity</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/tiktoks-golden-opportunity">With Facebook beset by Apple’s tracking crackdown, TikTok can capitalize. But will it?</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220318-001814/ Fri, 18 Mar 2022 00:18:13 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220318-001814/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/17/world/europe/ukraine-putin-nazis.html">Why Vladimir Putin Invokes Nazis to Justify His Invasion of Ukraine The language of Russia’s invasion has been dominated by the word “Nazi” — a puzzling assertion about a country whose leader is Jewish. By Anton Troianovski</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220317-161857/ Thu, 17 Mar 2022 16:18:57 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220317-161857/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/03/mozilla-and-open-web-docs-working-together-on-mdn/">Mozilla and Open Web Docs working together on MDN →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/03/mozilla-and-open-web-docs-working-together-on-mdn/">Mozilla and Open Web Docs working together on MDN</a><br> <hr> For both MDN and Open Web Docs (OWD), transparency is paramount to our missions. With the upcoming launch of MDN Plus, we believe it’s a good time to talk about how our two organizations work together, and if there is a financial relationship between us. Here is an overview of how our missions overlap and how they differ, and how a premium subscription service fits all this.<br> https://www.whatsupup.com/blog/rat/realty/20220317-081112/ Thu, 17 Mar 2022 08:11:11 +0000 https://www.whatsupup.com/blog/rat/realty/20220317-081112/ There are always exceptions, but the costs of being flexible are considerable. ANSI X9.62, from 1998, specified how elliptic curves were encoded in ASN.1 and included not just 27 possible curves, but allowed the parameters to be inherited from the issuing CA and allowed completely arbitrary elliptic curves to be defined inside a public key. That specifies almost nothing and avoids really standardising on anything. Thankfully I've not seen parameter inheritance implemented for ECC (it would be a security mess) but support for custom elliptic curves does, sadly, exist.<br> It's not fair to just blame X9.62: don't get me started about RSA PSS. The cost of having too many options is frequently underestimated. Why does AES-192 exist, for example, other than to inflate test matrices?<br> https://www.whatsupup.com/blog/effete/washstand/20220317-002104/ Thu, 17 Mar 2022 00:21:04 +0000 https://www.whatsupup.com/blog/effete/washstand/20220317-002104/ <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/">MORE</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220316-200914/ Wed, 16 Mar 2022 20:09:14 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220316-200914/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/wise-customer-story/">Why the CloserIQ engineering team chose Retool for internal tools and how the WISE team manages a thriving virtual community.</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20220315-202123/ Tue, 15 Mar 2022 20:21:23 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220315-202123/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/03/podcast-episode-watching-watchers">Podcast Episode - Watching the Watchers</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20220315-202121/ Tue, 15 Mar 2022 20:21:20 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20220315-202121/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/03/podcast-episode-watching-watchers">Podcast Episode - Watching the Watchers</a><br> https://www.whatsupup.com/blog/rat/realty/20220315-201024/ Tue, 15 Mar 2022 20:10:23 +0000 https://www.whatsupup.com/blog/rat/realty/20220315-201024/ <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2022/03/15/pickingparameters.html">Picking parameters</a> (15 Mar 2022)<br> When taking something from cryptographic theory into practice, it's very important to pick parameters. I don't mean picking the right parameters — although that certainly helps. I mean picking parameters at all.<br> That might seem obvious, but there are pressures pushing towards abdication: what if you get it wrong? Why not hedge bets and add another option? What about the two groups who already shipped something? We could just add options so that everyone's happy.<br> There are always exceptions, but the costs of being flexible are considerable. ANSI X9.62, from 1998, specified how elliptic curves were encoded in ASN.1 and included not just 27 possible curves, but allowed the parameters to be inherited from the issuing CA and allowed completely arbitrary elliptic curves to be defined inside a public key. That specifies almost nothing and avoids really standardising on anything. Thankfully I've not seen parameter inheriance implemented for ECC (it would be a security mess) but support for custom elliptic curves does, sadly, exist.<br> A couple of years ago, Microsoft had a <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0601">signature bypass</a> because of support for arbitrary curves [ <a rel="noreferrer" target="_blank" href="https://twitter.com/CasCremers/status/1217510293040844800">details</a> ]. Today, OpenSSL had an <a rel="noreferrer" target="_blank" href="https://mta.openssl.org/pipermail/openssl-announce/2022-March/000219.html">infinite loop</a> in certificate parsing because of the same. On the flip side, I'm not aware that anyone has ever used the ability to specify arbitrary curves for anything useful.<br> It's not fair to just blame X9.62: don't get me started about RSA PSS. The cost of having too many options is frequently underestimated. Why does AES-192 exist, for example, other than to inflate test matrixes?<br> As an aside, it's interesting to wonder how many CPU decades have been spent fuzzing OpenSSL's certificate parsing and yet today's issue wasn't reported before. This isn't a 2 -128 fraction of state space that fuzzers couldn't be expected to find, and I'm not sure that Tavis found it from fuzzing at all.<br> https://www.whatsupup.com/blog/ideo/fleury/20220315-160603/ Tue, 15 Mar 2022 16:06:02 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220315-160603/ Aleksei Burkov, seated second from right, attends a hearing in Jerusalem in 2015. Image: Andrei Shirokov / Tass via Getty Images.<br> Aleksei Burkov , a cybercriminal who long operated two of Russia’s most exclusive underground hacking forums, was arrested in 2015 by Israeli authorities. The Russian government fought Burkov’s extradition to the U.S. for four years — even arresting and jailing an Israeli woman to force a prisoner swap. That effort failed: Burkov was sent to America, pleaded guilty, and was sentenced to nine years in prison. But a little more than a year later, he was quietly released and deported back to Russia. Now some Republican lawmakers are asking why a Russian hacker once described as “an asset of supreme importance” was allowed to shorten his stay.<br> A native of St. Petersburg, Russia, Burkov admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being a founder of DirectConnection — a closely guarded online community that attracted some of the world’s most-wanted Russian hackers.<br> But Burkov’s cybercriminal activities spanned far beyond mere credit card fraud. A <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2019/11/why-were-the-russians-so-set-against-this-hacker-being-extradited/">2019 deep dive into Burkov’s hacker alias “K0pa”</a> revealed he also was co-administrator of the secretive Russian cybercrime forum “ <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/03/three-top-russian-cybercrime-forums-hacked/">Mazafaka</a> .” Like DirectConnection, Mazafaka’s member roster was a veritable “Who’s Who?” of the Russian hacker underground, and K0pa played a key role in vetting new members and settling disputes for both communities.<br> K0pa’s elevated status in the Russian cybercrime community made him one of the most connected malicious hackers ever apprehended by U.S. authorities. As I wrote at the time of Burkov’s extradition, the Kremlin was probably concerned that he simply knew too much about Russia’s propensity to outsource certain activities to its criminal hacker community.<br> “To my knowledge, no one has accused Burkov of being some kind of cybercrime fixer or virtual badguy Rolodex for the Russian government,” KrebsOnSecurity <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2019/11/why-were-the-russians-so-set-against-this-hacker-being-extradited/">wrote</a> in 2019. “On the other hand, from his onetime lofty perch atop some of the most exclusive Russian cybercrime forums, K0pa certainly would have fit that role nicely.”<br> Burkov was arrested in December 2015 on an international warrant while visiting Israel, and over the ensuing four years the Russian government aggressively sought to keep him from being extradited to the United States.<br> When Israeli authorities turned down requests to send him back to Russia — supposedly to face separate hacking charges there — the Russians imprisoned Israeli citizen Naama Issachar on trumped-up drug charges in a bid to trade prisoners. Nevertheless, Burkov was extradited to the United States in November 2019.<br> And if there were any doubts Issachar was jailed for use as a political pawn, Russian President Vladimir Putin erased those by <a rel="noreferrer" target="_blank" href="https://www.bbc.com/news/world-europe-51301827">pardoning her</a> in January 2020, <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2020/01/russian-cybercrime-boss-burkov-pleads-guilty/">just hours after Burkov pleaded guilty in the United States</a> .<br> In June 2020, Burkov was <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2020/06/russian-cybercrime-boss-burkov-gets-9-years/">sentenced to nine years in prison</a> . But a little more than a year later — Aug. 25, 2021 — Burkov was released and deported back to Russia. According to <a rel="noreferrer" target="_blank" href="https://gop-foreignaffairs.house.gov/wp-content/uploads/2022/03/Letter-to-Sullivan-on-Aleksei-Burkov.pdf">a letter</a> (PDF) sent Monday by four Republican House lawmakers to White House National Security Advisor Jake Sullivan , U.S. Immigration and Customs Enforcement (ICE) officials escorted Burkov onto a plane destined for Moscow shortly after his release. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/lawmakers-probe-early-release-of-top-ru-cybercrook/#more-58917">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/lawmakers-probe-early-release-of-top-ru-cybercrook/">Lawmakers Probe Early Release of Top RU Cybercrook</a><br> https://www.whatsupup.com/blog/glooming/wrackful/20220315-080811/ Tue, 15 Mar 2022 08:08:11 +0000 https://www.whatsupup.com/blog/glooming/wrackful/20220315-080811/ <a rel="noreferrer" target="_blank" href="https://robertheaton.com/christmas-magic/">We're responsible for the Christmas magic now</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220314-201929/ Mon, 14 Mar 2022 20:19:29 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220314-201929/ Can you tell I am on sabbatical? <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/#fnref1">↩︎</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220314-200856/ Mon, 14 Mar 2022 20:08:56 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220314-200856/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/react-lazy-loading-and-performance/">Lazy loading is an optimization technique where the loading of an item is delayed until it’s absolutely required. It works well for common UX components and patterns like dialogs, warnings, and notifications. Learn how to build and use lazily-loaded components in React.</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220314-161819/ Mon, 14 Mar 2022 16:18:18 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220314-161819/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2016/04/05/the-network-reliability-problem-and-star-semirings/">The network reliability problem and star semirings</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220314-161736/ Mon, 14 Mar 2022 16:17:35 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220314-161736/ March 14, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/03/14/It-takes-a-village.html">It takes a village</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220314-042049/ Mon, 14 Mar 2022 04:20:49 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220314-042049/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2009/12/11/mgus-and-universal-properties/">Mgu's and universal properties</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220313-161854/ Sun, 13 Mar 2022 16:18:53 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220313-161854/ March 13, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/03/13/Why-am-I-working-in-private.html">Why am I building a programming language in private?</a><br> https://www.whatsupup.com/blog/traveling/splay/20220313-041658/ Sun, 13 Mar 2022 04:16:58 +0000 https://www.whatsupup.com/blog/traveling/splay/20220313-041658/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/12/science/physics-cern-russia.html">Out There Russian Scientists Face Isolation Following Invasion of Ukraine International collaborations are unraveling as researchers, including many in Russia, speak out against the invasion of Ukraine. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220313-000602/ Sun, 13 Mar 2022 00:06:02 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220313-000602/ “While our overall traffic dropped in Kyiv — and slightly increased in Warsaw due to infrastructure outages inside of .ua — the ratio of (good queries):(blocked queries) has spiked in both cities,” he continued. “The spike in that blocking ratio [Wednesday] afternoon in Kyiv was around 10x the normal level when comparing against other cities in Europe (Amsterdam, Frankfurt.) While Ukraine always is slightly higher (20%-ish) than Western Europe, this order-of-magnitude jump is unprecedented.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/report-recent-10x-increase-in-cyberattacks-on-ukraine/#more-58886">Continue reading →</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220312-121919/ Sat, 12 Mar 2022 12:19:19 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220312-121919/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/12/technology/ukraine-minister-war-digital.html">Shaming Apple and Texting Musk, a Ukraine Minister Uses Novel War Tactics Mykhailo Fedorov, Ukraine’s youngest minister, has turned technology, cryptocurrency and social media into modern weapons of war. By Adam Satariano</a><br> https://www.whatsupup.com/blog/traveling/splay/20220312-121837/ Sat, 12 Mar 2022 12:18:37 +0000 https://www.whatsupup.com/blog/traveling/splay/20220312-121837/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/12/science/physics-cern-russia.html">Out There Make Science, Not War, Scientists Say International collaborations are unraveling as researchers, including many in Russia, speak out against the invasion of Ukraine. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/sited/implore/20220312-121633/ Sat, 12 Mar 2022 12:16:32 +0000 https://www.whatsupup.com/blog/sited/implore/20220312-121633/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/12/business/rt-america-russian-tv.html">What It Was Like to Work for Russian State Television Until RT America ended abruptly, life as a journalist there was “actually so normal.” By Cecilia Kang</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220312-001957/ Sat, 12 Mar 2022 00:19:57 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220312-001957/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/11/technology/facebook-meta-perks.html">Facebook’s Parent Company Will Make Employees Do Their Own Laundry The company told workers on Friday that it will reduce or eliminate some of its famous perks as it prepares for a return to the office. By Mike Isaac, Ryan Mac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220312-001613/ Sat, 12 Mar 2022 00:16:12 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220312-001613/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-00727-x">Russia’s invasion of Ukraine is redrawing the geopolitics of space</a><br></p> <hr> The International Space Station is operating as normal, but other partnerships are unravelling.<br> https://www.whatsupup.com/blog/ideo/fleury/20220311-200541/ Fri, 11 Mar 2022 20:05:40 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220311-200541/ As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.<br> John Todd is general manager of <a rel="noreferrer" target="_blank" href="https://www.quad9.net/news/blog/quad9-and-your-data/">Quad9</a> , a free “anycast” DNS platform. DNS stands for Domain Name System, which is like a globally distributed phone book for the Internet that maps human-friendly website names (example.com) to numeric Internet addresses (8.8.4.4.) that are easier for computers to manage. Your computer or mobile device generates DNS lookups each time you send or receive an email, or browse to a webpage.<br> With anycast, one Internet address can apply to many servers, meaning that any one of a number of DNS servers can respond to DNS queries, and usually the one that is geographically closest to the customer making the request will provide the response.<br> Quad9 insulates its users from a range of cyberattacks by blocking DNS requests for known-bad domain names, i.e., those confirmed to be hosting malicious software, phishing websites, stalkerware and other threats. And normally, the ratio of DNS queries coming from Ukraine that are allowed versus blocked by Quad9 is fairly constant.<br> But Todd says that on March 9, Quad9’s systems blocked 10 times the normal number of DNS requests coming from Ukraine, and to a lesser extent Poland.<br> Todd said Quad9 saw a significant drop in traffic reaching its Kyiv POP [point of presence] during the hostilities, presumably due to fiber cuts or power outages. Some of that traffic then shifted to Warsaw, which for much of Ukraine’s networking is the next closest significant interconnect site.<br> Quad9’s view of a spike in malicious traffic targeting Ukrainian users this week. Click to enlarge.<br> “While our overall traffic dropped in Kyiv — and slightly increased in Warsaw due to infrastructure outages inside of .ua — the ratio of (good queries):(blocked queries) has spiked in both cities,” he continued. “The spike in that blocking ratio [Wednesday] afternoon in Kyiv was around 10x the normal level when comparing against other cities in Europe (Amsterdam, Frankfurt.) While Ukraine always is slightly higher (20%-ish) than Western Europe, this order-of-magnitude jump is unprecedented.”<br> Quad9 declined to further quantify the data that informed the Y axis in the chart above, but said there are some numbers the company is prepared to share as absolutes.<br> “Looking three weeks ago on the same day of the week as yesterday, we had 118 million total block events, and of that 1.4 million were in Ukraine and Poland,” Todd said. “Our entire network saw yesterday on March 9th 121 million blocking events, worldwide. Of those 121 million events, 4.6 million were in Ukraine and Poland.”<br> Bill Woodcock is executive director at <a rel="noreferrer" target="_blank" href="https://www.pch.net">Packet Clearing House</a> , a nonprofit based in San Francisco that is one of several sponsors of Quad9. Woodcock said the spike in blocked DNS queries coming out of Ukraine clearly shows an increase in phishing and malware attacks against Ukrainians.<br> “They’re being targeted by a huge amount of phishing, and a lot of malware that is getting onto machines is trying to contact malicious command-and-control infrastructure,” Woodcock said.<br> Both Todd and Woodcock said the smaller spike in blocked DNS requests originating from Poland is likely the result of so many Ukrainians fleeing their country: Of the two million people who have fled Ukraine since the beginning of the Russian invasion, more than 1.4 million have made their way to Poland, according to <a rel="noreferrer" target="_blank" href="https://www.bbc.com/news/world-60555472">the latest figures</a> from the United Nations .<br> The increase in malicious activity detected by Quad9 is the latest chapter in an ongoing series of cyberattacks against Ukrainian government and civilian systems since the outset of the war in the last week of February.<br> As Russian military tanks and personnel began crossing the border into Ukraine last month, security experts tracked a series of <a rel="noreferrer" target="_blank" href="https://zetter.substack.com/p/second-wiper-attack-strikes-systems">destructive data “wiper” attacks</a> aimed at Ukrainian government agencies and contractor networks. Security firms also <a rel="noreferrer" target="_blank" href="https://www.bleepingcomputer.com/news/security/white-house-pins-ukraine-ddos-attacks-on-russian-gru-hackers/">attributed to Russia’s intelligence services</a> a volley of distributed denial-of-service (DDoS) attacks against Ukrainian banks just prior to the invasion.<br> Thus far, the much-feared large scale cyberattacks and retaliation from Russia <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/11/opinion/russia-ukraine-cyberattacks.html">haven’t materialized</a> (for a counterpoint here, see <a rel="noreferrer" target="_blank" href="https://www.theguardian.com/technology/2022/mar/10/us-russia-cyber-attack-prepared">this piece</a> from The Guardian ). But the data collected by Quad9 suggest that a great deal of low-level cyberattacks targeting Ukrainians remain ongoing.<br> It is unclear to what extent — if any — Russia’s vaunted cyber prowess may be stymied by mounting economic sanctions enacted by both private companies and governments. In the past week, two major backbone Internet providers <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/internet-backbone-giant-lumen-shuns-ru/">said they would stop routing traffic for Russia</a> .<br> Earlier today, the London Internet Exchange (LINX), one of the largest peering points where networks around the world exchange traffic, <a rel="noreferrer" target="_blank" href="https://twitter.com/briankrebs/status/1502298540701323264">said</a> it would stop routing for Russian Internet service providers Rostelecom and MegaFon . Rostelecom is Russia’s largest ISP, while MegaFon is Russia’s second-largest mobile phone operator and third largest ISP.<br> Doug Madory , director of research for Internet infrastructure monitoring firm <a rel="noreferrer" target="_blank" href="https://www.kentik.com">Kentik</a> , said LINX’s actions will further erode the connectivity of these large Russia providers to the larger Internet.<br> “If the other major European exchanges followed suit, it could be really problematic for Russian connectivity,” Madory said.<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/report-recent-10x-increase-in-cyberattacks-on-ukraine/">Report: Recent 10x Increase in Cyberattacks on Ukraine</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220311-161445/ Fri, 11 Mar 2022 16:14:45 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220311-161445/ Visit <a rel="noreferrer" target="_blank" href="https://www.nature.com/news">Nature news</a> for the latest coverage and read <a rel="noreferrer" target="_blank" href="https://www.springernature.com/gp/advancing-discovery/springboard/blog/blogposts-open-research/springer-nature-condemns-russian-invasion/20191448">Springer Nature's statement on the Ukraine conflict</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220311-041542/ Fri, 11 Mar 2022 04:15:41 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220311-041542/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/a-reckoning-the-direct-to-consumer">“A Reckoning.” The Direct To Consumer Craze Is Slamming Into Reality</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/a-reckoning-the-direct-to-consumer">An industry built on cheap Facebook ad space and low shipping costs is crashing with no bottom in sight.</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20220310-201302/ Thu, 10 Mar 2022 20:13:02 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220310-201302/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/03/whats-up-with-in-wild-exploits-plus.html">What's up with in-the-wild exploits? Plus, what we're doing about it.</a><br></p> <hr> Posted by Adrian Taylor, Chrome Security Team<br> If you are a regular reader of our <a rel="noreferrer" target="_blank" href="https://chromereleases.googleblog.com/search/label/Stable%20updates">Chrome release blog</a> , you may have noticed that phrases like 'exploit for CVE-1234-567 exists in the wild' have been appearing more often recently. In this post we'll explore why there seems to be such an increase in exploits, and clarify some misconceptions in the process. We'll then share how Chrome is continuing to make it harder for attackers to achieve their goals.<br> How things work today<br> While the increase may initially seem concerning, it’s important to understand the reason behind this trend. If it's because there are many more exploits in the wild, it could point to a worrying trend. On the other hand, if we’re simply gaining more visibility into exploitation by attackers, it's actually a good thing! It’s good because it means we can respond by providing bug fixes to our users faster, and we can learn more about how real attackers operate.<br> So, which is it? It’s likely a little of both.<br> Our colleagues at Project Zero <a rel="noreferrer" target="_blank" href="https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1123292625">publicly track all known in-the-wild “zero day” bugs</a> . Here’s what they’ve reported for browsers:<br> First, we don’t believe there was no exploitation of Chromium based browsers between 2015 and 2018. We recognize that we don’t have full view into active exploitation, and just because we didn’t detect any zero-days during those years, doesn’t mean exploitation didn’t happen. Available exploitation data suffers from sampling bias.<br> Teams like Google’s <a rel="noreferrer" target="_blank" href="https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/">Threat Analysis Group</a> are also becoming increasingly sophisticated in their efforts to protect users by discovering zero-days and in-the-wild attacks. A good example is <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=g09EvzVsDbk">a bug in our Portals feature</a> that we fixed last fall. This bug was discovered by a team member in Switzerland and reported to Chrome through our bug tracker. While Chrome normally keeps each web page locked away in a box called the “renderer sandbox,” this bug allowed the code to break out, potentially allowing attackers to steal information. Working across multiple time zones and teams, it took the team three days to come up with a fix and roll it out, as detailed in our video on the process:<br> Why so many exploits?<br> There are a number of factors at play, from changes in vendor and attacker behavior, to changes in the software itself. Here are four in particular that we've been discussing and exploring as a team.<br> First, we believe we’re seeing more bugs thanks to vendor transparency. Historically, many browser makers didn’t announce that a bug was being exploited in the wild, even if they knew it was happening. Today, most major browser makers have increased transparency via publishing details in release communications, and that may account for more publicly tracked “in the wild” exploitation. These efforts have been spearheaded by both browser security teams and dedicated research groups, such as <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/">Project Zero.</a><br> Second, we believe we’re seeing more exploits due to evolved attacker focus. There are two reasons to suspect attackers might be choosing to attack Chrome more than they did in the past.<br> Flash deprecation : In 2015 and 2016, Flash was a primary exploitation target. Chrome gradually made Flash a less attractive target for attackers <a rel="noreferrer" target="_blank" href="https://www.chromium.org/flash-roadmap/">(for instance requiring user clicks to activate Flash content)</a> before finally removing it in Chrome 88 in January last year. As Flash is no longer available, attackers have had to switch to a harder target: the browser itself.<br> Chromium popularity : Attackers go for the most popular target. In early 2020, Edge switched to using the Chromium rendering engine. If attackers can find a bug in Chromium, they can now attack a greater percentage of users.<br> Third, some attacks that could previously be accomplished with a single bug now require multiple bugs. Before 2015, only a single in-the-wild bug was required to steal a user’s secrets from other websites, because multiple web pages lived together in a single <a rel="noreferrer" target="_blank" href="https://www.chromium.org/developers/design-documents/multi-process-architecture">renderer process</a> . If an attacker could compromise the renderer process belonging to a malicious website that a user visited, they might have been able to access the credentials for some other more sensitive website.<br> With Chrome’s multiyear <a rel="noreferrer" target="_blank" href="https://www.chromium.org/Home/chromium-security/site-isolation">Site Isolation</a> project largely complete, a single bug is almost never sufficient to do anything really bad. Attackers often need to chain at least two bugs: first, to compromise the renderer process, and second, to jump into the privileged Chrome browser process or directly into the device operating system. Sometimes multiple bugs are needed to achieve one or both of these steps.<br> So, to achieve the same result, an attacker generally now has to use more bugs than they previously did. For exactly the same level of attacker success, we’d see more in-the-wild bugs reported over time, as we add more layers of defense that the attacker needs to bypass.<br> Fourth, there’s simply the fact that software has bugs . Some fraction of those bugs are exploitable. Browsers increasingly mirror the complexity of operating systems — providing access to your peripherals, filesystem, 3D rendering, GPUs — and more complexity means more bugs.<br> Ultimately, we believe data is an important part of the story, but the absolute number of exploited bugs isn't a sufficient measure of security risk. Since some security bugs are inevitable, how a software vendor architects their software (so that the impact of any single bug is limited) and responds to critical security bugs is often much more important than the specifics of any single bug.<br> How Chrome is raising the bar<br> The Chrome team works hard to both detect and fix bugs before releases and get bug fixes out to users as quickly as possible. We’re proud of <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html">our record at fixing serious bugs quickly</a> , and we are continually working to do better.<br> For example, one area of concern for us is the risk of n-day attacks: that is, exploitation of bugs we’ve already fixed, where the fixes are visible in our open-source code repositories. We have greatly reduced our “patch gap” from 35 days in Chrome 76 to an average of 18 days in subsequent milestones, and we expect this to reduce slightly further with <a rel="noreferrer" target="_blank" href="https://blog.chromium.org/2021/03/speeding-up-release-cycle.html">Chrome’s faster release cycle</a> .<br> Irrespective of how quickly bugs are fixed, any in-the-wild exploitation is bad. Chrome is working hard to make it expensive and difficult for attackers to achieve their goals.<br> Some examples of the projects ongoing:<br> We continue to strengthen Site Isolation, <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/07/protecting-more-with-site-isolation.html">especially on Android</a> .<br> <a rel="noreferrer" target="_blank" href="https://docs.google.com/document/d/1FM4fQmIhEqPG8uGp5o9A-mnPB5BOeScZYpkHjo0KKA8/edit#heading=h.fg3qxf1x0p2q">The V8 heap sandbox</a> will prevent attackers using JavaScript just-in-time (JIT) compilation bugs to compromise the renderer process. This will require attackers to add a third bug to these exploit chains, which means increased security, but could increase the amount of in-the-wild exploits reported.<br> The <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=gevcleRHRZ4">MiraclePtr and *Scan</a> projects aim to prevent exploitability of many of our largest class of browser process bugs, called “use-after-free”. We will be applying similar systematic solutions to other classes of bugs over time.<br> Since “memory safety” bugs account for 70% of the exploitable security bugs, we aim to write new parts of Chrome in <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/09/an-update-on-memory-safety-in-chrome.html">memory-safe languages</a> .<br> We continue to work on post-exploitation mitigations such as <a rel="noreferrer" target="_blank" href="https://www.intel.com/content/www/us/en/developer/articles/technical/technical-look-control-flow-enforcement-technology.html">CET</a> and <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/secbp/control-flow-guard">CFG</a> .<br> We are well past the stage of having “easy wins” when it comes to raising the bar for security. All of these are long term projects with significant engineering challenges. But as we've shown with Site Isolation, Chrome isn't afraid of making long term investments in major security engineering projects. One of the major challenges is performance: all of these technologies (except memory safe languages) could risk slowing the browser. Expect a series of blog posts over the coming months as we explore performance vs. security trade-offs. These decisions are really hard : we do not want to make Chrome slower for billions of people, especially as this disproportionately hits users with slower devices – we strive to make Chrome secure for all our users, not just those with the high end systems.<br> How you can help<br> Above all: if Chrome is reminding you to update, please do!<br> If you’re an enterprise IT professional, keep your users up-to-date by keeping auto-update on, and familiarize yourself with <a rel="noreferrer" target="_blank" href="https://chromeenterprise.google/browser/security/">the added enterprise policies and controls</a> that you can apply to Chrome within your organization. We strongly advise not focusing on zero-days when making decisions about updates, but instead to assume any Chrome security bug is under exploitation as an n-day.<br> If you're a security researcher, you can report bugs you find to the <a rel="noreferrer" target="_blank" href="https://g.co/chrome/vrp">Chrome Vulnerability Rewards Program</a> — and thanks for helping us make Chrome safer for everyone!<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220310-200745/ Thu, 10 Mar 2022 20:07:45 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220310-200745/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/gotchas-git-github-api/">While building the Source Control feature in Retool, we hit a few gotchas working with the GitHub API, in particular with Git trees and API limits. We share those lessons in this post.</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20220310-200632/ Thu, 10 Mar 2022 20:06:31 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220310-200632/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/learn-to-tolerate-discomfort-or-suffer-escaping-from-it">Learn to tolerate discomfort or suffer escaping from it</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/find-go-to-activities-that-arent-scrolling-or-watching">Find go-to activities that aren't scrolling or watching</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-danger-of-expecting-work-to-be-easy-and-fun">The danger of expecting work to be easy and fun</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/it-doesnt-matter-how-many-hours-you-work">It doesn’t matter how many hours you work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-new-meaning-of-hard-work">The new meaning of hard work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/abstinence-isnt-recovery">Abstinence isn’t recovery</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-go-back-to-things-you-used-to-be-addicted-to-in-the-past">How to go back to things you used to be addicted to in the past</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-protect-your-intentions-from-getting-hijacked">How to protect your intentions from getting hijacked</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/let-your-discontent-crystallize">Let your discontent crystallize</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/stop-postponing-things-by-embracing-the-mess">Stop postponing things by embracing the mess</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/critical-effort-why-we-reach-a-goal-or-not">Critical effort: why we reach a goal (or not)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/zone-of-action-do-the-possible-to-do-the-impossible">Zone of Action: Do the possible to do the impossible</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/1-simple-technique-to-train-your-focus">1 simple technique to train your focus</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20220310-120707/ Thu, 10 Mar 2022 12:07:07 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220310-120707/ Like this post? Stay up to date<br> Get practical anti-procrastination blog posts, short tips, and illustrations in your inbox.<br> https://www.whatsupup.com/blog/ideo/fleury/20220310-000634/ Thu, 10 Mar 2022 00:06:34 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220310-000634/ “I am trying to make a p2p network in Rust,” Van told “ Demon ” on Feb. 19, 2022 [Demon appears to be one of Stern’s aliases]. “I’m sorting it out and have already started writing code.”<br> https://www.whatsupup.com/blog/sited/implore/20220309-201558/ Wed, 09 Mar 2022 20:15:58 +0000 https://www.whatsupup.com/blog/sited/implore/20220309-201558/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/09/business/amazon-antitrust-investigation.html">A House panel calls for a criminal investigation into Amazon. Members of the Judiciary Committee accused Amazon of obstructing its inquiry into how the company treats third-party sellers. By Cecilia Kang and David McCabe</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220309-200550/ Wed, 09 Mar 2022 20:05:48 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220309-200550/ Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users, and relatively few “critical” fixes. And yet we know from experience that attackers are already trying to work out how to turn these patches into a roadmap for exploiting the flaws they fix. Here’s a look at the security weaknesses Microsoft says are most likely to be targeted first.<br> Greg Wiseman , product manager at Rapid7 , notes that three vulnerabilities fixed this month have been previously disclosed, potentially giving attackers a head start in working out how to exploit them. Those include remote code execution bugs <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512">CVE-2022-24512</a> , affecting .NET and Visual Studio , and <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21990">CVE-2022-21990</a> , affecting Remote Desktop Client . <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24459">CVE-2022-24459</a> is a vulnerability in the Windows Fax and Scan service. All three publicly disclosed vulnerabilities are rated “ <a rel="noreferrer" target="_blank" href="https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system?SilentAuth=1&wa=wsignin1.0">Important</a> ” by Microsoft.<br> Just three of the fixes this month earned Microsoft’s most-dire “ Critical ” rating, which Redmond assigns to bugs that can be exploited to remotely compromise a Windows PC with little to no help from users. Two of those critical flaws involve Windows video codecs. Perhaps the most concerning critical bug quashed this month is <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23277">CVE-2022-23277</a> , a  remote code execution flaw affecting Microsoft Exchange Server .<br> “Thankfully, this is a post-authentication vulnerability, meaning attackers need credentials to exploit it,” Wiseman said. “Although passwords can be obtained via phishing and other means, this one shouldn’t be as rampantly exploited as the <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/">deluge of Exchange vulnerabilities we saw throughout 2021</a> . Exchange administrators should still patch as soon as reasonably possible.”<br> <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24508">CVE-2022-24508</a> is a remote code execution bug affecting Windows SMBv3 , the technology that handles file sharing in Windows environments.<br> “This has potential for widespread exploitation, assuming an attacker can put together a suitable exploit,” Wiseman said. “Luckily, like this month’s Exchange vulnerabilities, this, too, requires authentication.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/microsoft-patch-tuesday-march-2022-edition/#more-58876">Continue reading →</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220309-161551/ Wed, 09 Mar 2022 16:15:51 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220309-161551/ <a rel="noreferrer" target="_blank" href="https://substack.com/app?utm_campaign=app-marketing&utm_content=footer-button">Get the Substack app</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220309-080609/ Wed, 09 Mar 2022 08:06:08 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220309-080609/ <p>Lumen Technologies , an American company that operates one of the largest Internet backbones and carries a significant percentage of the world’s Internet traffic, said today it will stop routing traffic for organizations based in Russia. Lumen’s decision comes just days after a similar exit by backbone provider Cogent , and amid a news media crackdown in Russia that has already left millions of Russians in the dark about what is really going on with their president’s war in Ukraine.<br> Monroe, La. based Lumen [ <a rel="noreferrer" target="_blank" href="https://www.google.com/finance/quote/LUMN:NYSE">NYSE: LUMN</a> ] (formerly CenturyLink ) initially said it would halt all new business with organizations based in Russia, leaving open the possibility of continuing to serve existing clients there. But on Tuesday the company said it could no longer justify that stance.<br> “Life has taken a turn in Russia and Lumen is unable to continue to operate in this market,” Lumen said in a published statement. “The business services we provide are extremely small and very limited as is our physical presence. However, we are taking steps to immediately stop business in the region.”<br> “We decided to disconnect the network due to increased security risk inside Russia,” the statement continues. “We have not yet experienced network disruptions but given the increasingly uncertain environment and the heightened risk of state action, we took this move to ensure the security of our and our customers’ networks, as well as the ongoing integrity of the global Internet.”<br> According to Internet infrastructure monitoring firm Kentik , Lumen is the top international transit provider to Russia, with customers including Russian telecom giants Rostelecom and TTK, as well as all three major mobile operators (MTS, Megafon and VEON).<br> “A backbone carrier disconnecting its customers in a country the size of Russia is without precedent in the history of the internet and reflects the intense global reaction that the world has had over the invasion of Ukraine,” <a rel="noreferrer" target="_blank" href="https://www.kentik.com/blog/cogent-disconnects-from-russia/">wrote</a> Doug Madory , Kentik’s director of Internet analysis.<br> It’s not clear whether any other Internet backbone providers — some of which are based outside of the United States — will follow the lead of Lumen and Cogent. But Madory notes that as economic sanctions continue to exact a toll on Russia’s economy, its own telecommunications firms may have difficulty paying foreign transit providers for service.<br> Ukrainian leaders petitioned the Internet Corporation for Assigned Names and Numbers (ICANN) — the nonprofit organization charged with overseeing the global domain name system — to disconnect Russia’s top-level domain (.ru) from the Internet. ICANN respectfully declined that request, but many technology giants, including Amazon, Apple and Microsoft, have moved on their own to suspend new business in the country.<br> Meanwhile, Russia recently cracked down on the last remaining vestiges of a free press within its borders, passing a new law that threatens up to 15 years in jail for anyone who publishes content that refers to the conflict in Ukraine as a “war” or “invasion.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/internet-backbone-giant-lumen-shuns-ru/#more-58854">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/internet-backbone-giant-lumen-shuns-ru/">Internet Backbone Giant Lumen Shuns .RU</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/category/russias-war-on-ukraine/">Russia's War on Ukraine</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220308-200540/ Tue, 08 Mar 2022 20:05:39 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220308-200540/ Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/">evaded law enforcement and intelligence agencies</a> , what it was like on <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office/">a typical day at the Conti office</a> , and how Conti <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iii-weaponry/">secured the digital weaponry used in their attacks</a> . This final post on the Conti conversations explores different schemes that Conti pursued to invest in and steal cryptocurrencies.<br> When you’re perhaps the most successful ransomware group around — Conti made $180 million last year in extortion payments, <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/03/contistats-768x391.png">well more than any other crime group</a> , according to Chainalysis — you tend to have a lot digital currency like Bitcoin.<br> This wealth allowed Conti to do things that regular investors couldn’t — such as moving the price of cryptocurrencies in one direction or the other. Or building a cryptocurrency platform and seeding it with loads of ill-gotten crypto from phantom investors.<br> One Conti top manager — aptly-named “ Stern ” because he incessantly needled Conti underlings to complete their assigned tasks — was obsessed with the idea of creating his own crypto scheme for cross-platform blockchain applications.<br> “I’m addicted right now, I’m interested in trading, defi, blockchain, new projects,” Stern told “ Bloodrush ” on Nov. 3, 2021. “Big companies have too many secrets that they hold on to, thinking that this is their main value, these patents and data.”<br> In a discussion thread that spanned many months in Conti’s internal chat room, Stern said the plan was to create their own crypto universe.<br> “Like Netherium, Polkadot and Binance smart chain, etc.,” Stern wrote. “Does anyone know more about this? Study the above systems, code, principles of work. To build our own, where it will already be possible to plug in NFT, DEFI, DEX and all the new trends that are and will be. For others to create their own coins, exchanges and projects on our system.”<br> It appears that Stern has been paying multiple developers to pursue the notion of building a peer-to-peer (P2P) based system for “smart contracts” — programs stored on a blockchain that run whenever predetermined conditions are met.<br> It’s unclear under what context the Conti gang was interested in smart contracts, but the idea of a ransomware group insisting on payments via smart contracts is not entirely new. In 2020, researchers from Athens University School of Information Sciences and Technology in Greece <a rel="noreferrer" target="_blank" href="https://arxiv.org/pdf/2003.04426.pdf">showed</a> (PDF) how ransomware-as-a-service offerings might one day be executed through smart contracts.<br> Before that, Jeffrey Ladish , an information security consultant based in Oakland, Calif., penned a <a rel="noreferrer" target="_blank" href="https://medium.com/reserve-currency/smart-contracts-will-make-ransomware-more-profitable-part-1-a687fc370320">two-part analysis</a> on why smart contracts will make ransomware more profitable.<br> “By using a smart contract, an operator can trustlessly sell their victims a decryption key for money,” Ladish wrote. “That is, a victim can send some money to a smart contract with a guarantee that they will either receive the decryption key to their data or get their money back. The victim does not have to trust the person who hacked their computer because they can verify that the smart contract will fairly handle the exchange.”<br> The Conti employee “ Van ” appears to have taken the lead on the P2P crypto platform, which he said was being developed using the Rust programming language.<br> “I am trying to make a p2p network in Rust,” Van told a co-worker “ Demon ” on Feb. 19, 2022. “I’m sorting it out and have already started writing code.”<br> “It’s cool you like Rust,” Demon replied. “I think it will help us with smart contracts.”<br> Stern apparently believed in his crypto dreams so much that he sponsored a $100,000 article writing contest on the Russian language cybercrime forum Exploit, asking interested applicants to put forth various ideas for crypto platforms. Such contests are an easy way to buy intellectual property for ongoing projects, and they’re also effective recruiting tools for cybercriminal organizations.<br> “Cryptocurrency article contest! [100.000$],” wrote mid-level Conti manager “Mango,” to boss Stern, copying the title of the post on the Exploit forum. “What the hell are you doing there…”<br> A few days later Mango reports to Stern that he has “prepared everything for both the social network and articles for crypto contests.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iv-cryptocrime/#more-58766">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iv-cryptocrime/">Conti Ransomware Group Diaries, Part IV: Cryptocrime</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220308-081828/ Tue, 08 Mar 2022 08:18:28 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220308-081828/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2015/11/15/a-strange-representation-of-z6/">A strange representation of Z6</a><br> https://www.whatsupup.com/blog/boxed/modification/20220307-201318/ Mon, 07 Mar 2022 20:13:17 +0000 https://www.whatsupup.com/blog/boxed/modification/20220307-201318/ nullopt_t<br> is not equality-comparable, but<br> monostate<br> is<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#ranges">ranges</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#slack">slack</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#standard-library-trivia">standard-library-trivia</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#today-i-learned">today-i-learned</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#value-semantics">value-semantics</a><br> On <a rel="noreferrer" target="_blank" href="https://cppalliance.org/slack/">Slack</a> , Kilian Henneberger asked for some STL types that are copyable but not equality-comparable. One example is<br> std::function<int()><br> ; see <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2019/05/10/function-ref-vs-string-view/">“On function_ref and string_view ”</a> (2019-05-10). The simplest example is<br> struct S {};<br> — for compatibility with C, C++98 provided every class type with a copy constructor, but none of them with comparison operators.<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220307-080839/ Mon, 07 Mar 2022 08:08:39 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220307-080839/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/the-react-lifecycle-methods-and-hooks-explained/">Learn more about the React component lifecycle and the different methods within each phase (for class-based components), focusing particularly on methods and hooks.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220306-040556/ Sun, 06 Mar 2022 04:05:55 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220306-040556/ Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/">dealt with its own internal breaches</a> . Part II explored what it’s like <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office/">to be an employee of Conti’s sprawling organization</a> . Today’s Part III looks at how Conti abused popular commercial security services to undermine the security of their targets, as well as how the team’s leaders strategized for the upper hand in ransom negotiations with victims.<br> https://www.whatsupup.com/blog/playacted/rededication/20220305-042014/ Sat, 05 Mar 2022 04:20:14 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220305-042014/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/04/world/europe/russia-facebook-ukraine.html">Russia blocks Facebook inside the country, as the Kremlin moves to stifle dissent. By Mike Isaac and Adam Satariano</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220305-040618/ Sat, 05 Mar 2022 04:06:17 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220305-040618/ Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/">dealt with its own internal breaches</a> . Part II explored what it’s like <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office/">to be an employee of Conti’s sprawling organization</a> . Today’s Part III looks at how Conti abused a panoply of popular commercial security services to undermine the security of their targets, as well as how the team’s leaders strategized for the upper hand in ransom negotiations with victims.<br> Conti is by far the most aggressive and profitable ransomware group in operation today. Image: Chainalysis<br> Conti is by far the most successful ransomware group in operation today, routinely pulling in multi-million dollar payments from victim organizations. That’s because more than perhaps any other ransomware outfit, Conti has chosen to focus its considerable staff and talents on targeting companies with more than $100 million in annual revenues.<br> As it happens, Conti itself recently joined the $100 million club. According to the latest <a rel="noreferrer" target="_blank" href="https://go.chainalysis.com/rs/503-FAP-074/images/Crypto-Crime-Report-2022.pdf">Crypto Crime Report</a> (PDF) published by virtual currency tracking firm Chainalysis , Conti generated at least $180 million in revenue last year.<br> On Feb. 27, a Ukrainian cybersecurity researcher who is currently in Ukraine leaked almost two years’ worth of internal chat records from Conti, which had just posted a press release to its victim shaming blog saying it fully supported Russia’s invasion of his country. Conti warned it would use its cyber prowess to strike back at anyone who interfered in the conflict.<br> The leaked chats show that the Conti group — which fluctuated in size from 65 to more than 100 employees — budgeted several thousand dollars each month to pay for a slew of security and antivirus tools. Conti sought out these tools both for continuous testing (to see how many products detected their malware as bad), but also for their own internal security.<br> A chat between Conti upper manager “ Reshaev ” and subordinate “ Pin ” on Aug. 8, 2021 shows Reshaev ordering Pin to quietly check on the activity of the Conti network administrators once a week — to ensure they’re not doing anything to undermine the integrity or security of the group’s operation. Reshaev tells Pin to install endpoint detection and response (EDR) tools on every administrator’s computer.<br> “Check admins’ activity on servers each week,” Reshaev said. “Install EDR on every computer (for example, Sentinel, Cylance, CrowdStrike); set up more complex storage system; protect LSAS dump on all computers; have only 1 active accounts; install latest security updates; install firewall on all network.”<br> Conti managers were hyper aware that their employees handled incredibly sensitive and invaluable data stolen from companies, information that would sell like hotcakes on the underground cybercrime forums. But in a company run by crooks, trust doesn’t come easily.<br> “You check on me all the time, don’t you trust me?,” asked mid-level Conti member “ Bio ” of “ Tramp ” (a.k.a. “ Trump “), a top Conti overlord. Bio was handling a large bitcoin transfer from a victim ransom payment, and Bio detected that Trump was monitoring him.<br> “When that kind of money and people from the street come in who have never seen that kind of money, how can you trust them 1,000%?” Trump replied. “I’ve been working here for more than 15 years and haven’t seen anything else.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iii-weaponry/#more-58724">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iii-weaponry/">Conti Ransomware Group Diaries, Part III: Weaponry</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220305-001647/ Sat, 05 Mar 2022 00:16:47 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220305-001647/ Ukraine: visit <a rel="noreferrer" target="_blank" href="https://www.nature.com/news">Nature news</a> for the latest coverage and <a rel="noreferrer" target="_blank" href="https://www.springernature.com/gp/advancing-discovery/springboard/blog/blogposts-open-research/springer-nature-condemns-russian-invasion/20191448">click here for Springer Nature's statement</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220304-201948/ Fri, 04 Mar 2022 20:19:48 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220304-201948/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2022/03/04/world/russia-ukraine/russia-facebook-ukraine">Russia blocks Facebook inside the country, as the Kremlin moves to stifle dissent. This was featured in live coverage. By Mike Isaac and Adam Satariano</a><br></p> <hr> March 4, 2022<br> https://www.whatsupup.com/blog/boxed/modification/20220304-201518/ Fri, 04 Mar 2022 20:15:18 +0000 https://www.whatsupup.com/blog/boxed/modification/20220304-201518/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#access-control">access-control</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#wg21-folkloristics">wg21-folkloristics</a><br> Thanks to Jody Hagins for inspiring this blog post, for digging up some old wordings, and for reviewing a draft of this post. Also thanks to Pal Balog for P1847; its historical details were indispensable in writing this post.<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#argument-dependent-lookup">argument-dependent-lookup</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#implementation-divergence">implementation-divergence</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#library-design">library-design</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#llvm">llvm</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#stl-classic">stl-classic</a><br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#concepts">concepts</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#llvm">llvm</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#metaprogramming">metaprogramming</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#overload-resolution">overload-resolution</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pitfalls">pitfalls</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#war-stories">war-stories</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220304-201426/ Fri, 04 Mar 2022 20:14:25 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220304-201426/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/02/26/Long-Links">Long Links</a> · Welcome to another curation of long-form pieces, the kind of thing that I, as a semi-retired person, have time for. While you probably don’t have the space for all of these, one or two might reward an investment of your attention. These are obviously grim times and indeed there’s grim stuff here but I’ve tried to add some smiles for balance <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/02/26/Long-Links">…</a> [3 comments]<br> https://www.whatsupup.com/blog/ideo/fleury/20220304-200622/ Fri, 04 Mar 2022 20:06:22 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220304-200622/ On July 30, 2021, Mango tells stern the payroll has increased to 87 salaried employees, with more hires on the way. But trying to accurately gauge the size of the Conti organization is problematic, in part because cybersecurity experts have long held that Conti is merely a rebrand of another ransomware strain and affiliate program known as <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Ryuk_(ransomware)">Ryuk</a> .<br> First spotted in 2018, Ryuk was just as ruthless and mercenary as Conti, and the FBI says that in the first year of its operation Ryuk earned more than $61 million in ransom payouts.<br> https://www.whatsupup.com/blog/seer/hemisphere/20220304-161721/ Fri, 04 Mar 2022 16:17:20 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220304-161721/ Ukraine: visit <a rel="noreferrer" target="_blank" href="https://www.nature.com/news">Nature news</a> for the latest coverage and click <a rel="noreferrer" target="_blank" href="https://www.springernature.com/gp/advancing-discovery/springboard/blog/blogposts-open-research/springer-nature-condemns-russian-invasion/20191448">here</a> for Springer Nature's statement<br> https://www.whatsupup.com/blog/gonadal/revving/20220304-042107/ Fri, 04 Mar 2022 04:21:06 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220304-042107/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2009/07/24/introducing-math-combinatorics-species/">Introducing Math.Combinatorics.Species!</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220304-041817/ Fri, 04 Mar 2022 04:18:17 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220304-041817/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/ukraine-and-the-limits-of-russias">Ukraine And The Limits Of Russia’s Social Media Power</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/ukraine-and-the-limits-of-russias">The Kremlin is pulling its usual tricks. Here's why they're falling flat.</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220303-201947/ Thu, 03 Mar 2022 20:19:47 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220303-201947/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/03/interop-2022/">Announcing Interop 2022 →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/03/interop-2022/">Announcing Interop 2022</a><br> <hr> Writing high quality standards is a necessary first step to an interoperable web platform, but ensuring that browsers are consistent in their behavior requires an ongoing process. Browsers must work to ensure that they have a shared understanding of web standards, and that their implementation matches that understanding. <p>Interop 2022 is a cross-browser initiative to find and address the most important interoperability pain points on the web platform. The end result is a public metric that will assess progress toward fixing these interoperability issues.<br></p> https://www.whatsupup.com/blog/boxed/modification/20220303-201539/ Thu, 03 Mar 2022 20:15:39 +0000 https://www.whatsupup.com/blog/boxed/modification/20220303-201539/ vector<T>::iterator<br> were just<br> T*<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#argument-dependent-lookup">argument-dependent-lookup</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#implementation-divergence">implementation-divergence</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#library-design">library-design</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#llvm">llvm</a><br> Every major C++ standard library vendor defines wrappers for their contiguous iterator types —<br> and so on. You might think that they should just define these iterators as aliases for<br> instead.<br> https://www.whatsupup.com/blog/ideo/fleury/20220303-040630/ Thu, 03 Mar 2022 04:06:29 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220303-040630/ Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti , one of the more rapacious and ruthless ransomware gangs in operation today. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/">Tuesday’s story</a> examined how Conti dealt with its own internal breaches and attacks from private security firms and governments. In Part II of this series we’ll explore what it’s like to work for Conti, as described by the Conti employees themselves.<br> The Conti group’s chats reveal a great deal about its internal structure and hierarchy. Conti maintains many of the same business units as a legitimate, small- to medium-sized enterprise, including a Human Resources department that is in charge of constantly interviewing potential new hires.<br> Other Conti departments with their own distinct budgets, staff schedules, and senior leadership include:<br> – Coders: Programmers hired to write malicious code, integrate disparate technologies – Testers: Workers in charge of testing Conti malware against security tools and obfuscating it – Administrators: Workers tasked with setting up, tearing down servers, other attack infrastructure – Reverse Engineers: Those who can disassemble computer code, study it, find vulnerabilities or weaknesses – Penetration Testers/Hackers: Those on the front lines battling against corporate security teams to steal data, and plant ransomware.<br> Conti appears to have contracted out much of its spamming operations, or at least there was no mention of “Spammers” as direct employees. Conti’s leaders seem to have set strict budgets for each of its organizational units, although it occasionally borrowed funds allocated for one department to address the pressing cashflow needs of another.<br> A great many of the more revealing chats concerning Conti’s structure are between “ Mango ” — a mid-level Conti manager to whom many other Conti employees report each day — and “ Stern ,” a sort of cantankerous taskmaster who can be seen constantly needling the staff for reports on their work.<br> In July 2021, Mango told Stern that the group was placing ads on several Russian-language cybercrime forums to hire more workers. “The salary is $2k in the announcement, but there are a lot of comments that we are recruiting galley slaves,” Mango wrote. “Of course, we dispute that and say those who work and bring results can earn more, but there are examples of coders who work normally and earn $5-$10k salary.”<br> The Conti chats show the gang primarily kept tabs on the victim bots infected with their malware via both the Trickbot and Emotet crimeware-as-a-service platforms, and that it employed dozens of people to continuously test, maintain and expand this infrastructure 24 hours a day, 7 days a week.<br> Conti members referred to Emotet as “ Booz ” or “ Buza ,” and it is evident from reading these chat logs that Buza had its own stable of more than 50 coders, and likely much of the same organizational structure as Conti.<br> According to Mango, as of July 18, 2021 the Conti gang employed 62 people, mostly low-level malware coders and software testers. However, Conti’s employee roster appears to have fluctuated wildly from one month to the next. For example, on multiple occasions the organization was forced to fire many employees as a security precaution in the wake of its own internal security breaches.<br> In May 2021, Stern told Mango he wanted his underlings to hire 100 more “encoders” to work with the group’s malware before the bulk of the gang returns from their summer vacations in Crimea. Most of these new hires, Stern says, will join the penetration testing/hacking teams headed by Conti leaders “ Hof ” and “ Reverse .” Both Hof and Reverse appear to have direct access to the Emotet crimeware platform.<br> Trying to accurately gauge the size of the Conti organization is problematic, in part because cybersecurity experts have long held that Conti is merely a rebrand of another ransomware strain and affiliate program known as <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Ryuk_(ransomware)">Ryuk</a> . First spotted in 2018, Ryuk was just as ruthless and mercenary as Conti, and the FBI says that in the first year of its operation Ryuk earned more than $61 million in ransom payouts.<br> “Conti is a Targeted version of Ryuk, which comes from Trickbot and Emotet which we’ve been monitoring for some time,” researchers at <a rel="noreferrer" target="_blank" href="https://www.paloaltonetworks.com/blog/security-operations/conti-or-so-i-am-told/">Palo Alto Networks wrote about Ryuk last year</a> . “A heavy focus was put on hospital systems, likely due to the necessity for uptime, as these systems were overwhelmed with handling the ongoing COVID-19 pandemic. We observed initial Ryuk ransom requests ranging from US$600,000 to $10 million across multiple industries.”<br> On May 14, 2021, Ireland’s Health Service Executive (HSE) <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/12/inside-irelands-public-healthcare-ransomware-scare/">suffered a major ransomware attack at the hands of Conti</a> . The attack would disrupt services at several Irish hospitals, and resulted in the near complete shutdown of the HSE’s national and local networks, forcing the cancellation of many outpatient clinics and healthcare services. It took the HSE until Sept. 21, 2021 to fully restore all of its systems from the attack, at an estimated cost of more than $600 million.<br> It remains unclear from reading these chats how many of Conti’s staff understood how much of the organization’s operations overlapped with that of Ryuk. Lawrence Abrams at <a rel="noreferrer" target="_blank" href="https://www.bleepingcomputer.com">Bleeping Computer</a> pointed to an October 2020 Conti chat in which the Emotet representative “Buza” posts a link to a security firm’s analysis of Ryuk’s return.<br> “ Professor ,” the nickname chosen by one of Conti’s most senior generals, replies that indeed Ryuk’s tools, techniques and procedures are nearly identical to Conti’s.<br> “adf.bat — this is my fucking batch file,” Professor writes, evidently surprised at having read the analysis and spotting his own code being re-used in high-profile ransomware attacks by Ryuk.<br> “Feels like [the] same managers were running both Ryuk and Conti, with a slow migration to Conti in June 2020,” Abrams <a rel="noreferrer" target="_blank" href="https://twitter.com/LawrenceAbrams/status/1499046186942144523">wrote on Twitter</a> . “However, based on chats, some affiliates didn’t know that Ryuk and Conti were run by the same people.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office/#more-58690">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office/">Conti Ransomware Group Diaries, Part II: The Office</a><br> https://www.whatsupup.com/blog/sited/implore/20220303-001725/ Thu, 03 Mar 2022 00:17:24 +0000 https://www.whatsupup.com/blog/sited/implore/20220303-001725/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/03/02/technology/tiktok-states-investigation.html">A coalition of state attorneys general opens an investigation into TikTok. The group is looking into the Chinese-owned video site for the harms it may pose to younger users. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220302-120628/ Wed, 02 Mar 2022 12:06:26 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220302-120628/ A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees. The records also provide insight into how Conti has dealt with its own internal breaches and attacks from private security firms and foreign governments.<br> Conti’s threatening message this week regarding international interference in Ukraine.<br> Conti makes international news headlines each week when it publishes to its dark web blog new information stolen from ransomware victims who refuse to pay an extortion demand. In response to Russia’s invasion of Ukraine, Conti <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/russia-based-ransomware-group-conti-issues-warning-kremlin-foes-2022-02-25/">published a statement</a> announcing its “full support.”<br> “If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use all our possible resources to strike back at the critical infrastructures of an enemy,” the Conti blog post read.<br> On Sunday, Feb. 27, a new Twitter account “ <a rel="noreferrer" target="_blank" href="https://twitter.com/contileaks">Contileaks</a> ” posted links to an archive of chat messages taken from Conti’s private communications infrastructure, dating from January 29, 2021 to the present day. Shouting “Glory for Ukraine,” the Contileaks account has since published additional Conti employee conversations from June 22, 2020 to Nov. 16, 2020.<br> The Contileaks account did not respond to requests for comment. But Alex Holden , the Ukrainian-born founder of the Milwaukee-based cyber intelligence firm <a rel="noreferrer" target="_blank" href="https://www.holdsecurity.com">Hold Security</a> , said the person who leaked the information is not a former Conti affiliate — as many on Twitter have assumed. Rather, he said, the leaker is a Ukrainian security researcher who has chosen to stay in his country and fight.<br> “The person releasing this is a Ukrainian and a patriot,” Holden said. “He’s seeing that Conti is supporting Russia in its invasion of Ukraine, and this is his way to stop them in his mind at least.”<br> GAP #1<br> The temporal gaps in these chat records roughly correspond to times when Conti’s IT infrastructure was dismantled and/or infiltrated by security researchers, private companies, law enforcement, and national intelligence agencies. The holes in the chat logs also match up with periods of relative quiescence from the group, as it sought to re-establish its network of infected systems and dismiss its low-level staff as a security precaution.<br> On Sept. 22, 2020, the U.S. National Security Agency (NSA) began <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2020/10/report-u-s-cyber-command-behind-trickbot-tricks/">a weeks-long operation</a> in which it seized control over the Trickbot botnet , a malware crime machine that has infected millions of computers and is often used to spread ransomware. Conti is one of several cybercrime groups that has regularly used Trickbot to deploy malware.<br> Once in control over Trickbot, the NSA’s hackers sent all infected systems a command telling them to disconnect themselves from the Internet servers the Trickbot overlords used to control compromised Microsoft Windows computers. On top of that, the NSA <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbot-botnet/">stuffed millions of bogus records about new victims into the Trickbot database</a> .<br> News of the Trickbot compromise was <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbot-botnet/">first published here on Oct. 2, 2020</a> , but the leaked Conti chats show that the group’s core leadership detected something was seriously wrong with their crime machine just a few hours after the initial compromise of Trickbot’s infrastructure on Sept. 22.<br> “The one who made this garbage did it very well,” wrote “ Hof ,” the handle chosen by a top Conti leader, commenting on the Trickbot malware implant that was supplied by the NSA and quickly spread to the rest of the botnet. “He knew how the bot works, i.e. he probably saw the source code, or reversed it. Plus, he somehow encrypted the config, i.e. he had an encoder and a private key, plus uploaded it all to the admin panel. It’s just some kind of sabotage.”<br> “Moreover, the bots have been flooded with such a config that they will simply work idle,” Hof explained to his team on Sept. 23, 2020. Hof noted that the intruder even kneecapped Trickbot’s built-in failsafe recovery mechanism. Trickbot was configured so that if none of the botnet’s control servers were reachable, the bots could still be recaptured and controlled by registering a pre-computed domain name on EmerDNS , a decentralized domain name system based on the Emercoin virtual currency.<br> “After a while they will download a new config via emercoin, but they will not be able to apply this config, because this saboteur has uploaded the config with the maximum [version] number, and the bot is checking that the new config [version number] should be larger than the old one,” Hof wrote. “Sorry, but this is fucked up. I don’t know how to get them back.”<br> It would take the Conti gang several weeks to rebuild its malware infrastructure, and infect tens of thousands of new Microsoft Windows systems. By late October 2020, Conti’s network of infected systems had grown to include 428 medical facilities throughout the United States. The gang’s leaders saw an opportunity to create widespread panic — if not also chaos — by deploying their ransomware simultaneously to hundreds of American healthcare organizations already struggling amid a worldwide pandemic.<br> “Fuck the clinics in the USA this week,” wrote Conti manager “Target” on Oct. 26, 2020. “There will be panic. 428 hospitals.”<br> On October 28, the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an “ <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2020/10/fbi-dhs-hhs-warn-of-imminent-credible-ransomware-threat-against-u-s-hospitals/">imminent cybercrime threat to U.S. hospitals and healthcare providers</a> .”<br> Follow-up reporting confirmed that at least a dozen healthcare organizations were hit with ransomware that week, but the carnage apparently was not much worse than a typical week in the healthcare sector. One information security leader in the healthcare industry told KrebsOnSecurity at the time that it wasn’t uncommon for the industry to see at least one hospital or health care facility hit with ransomware each day. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/#more-58685">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/">Conti Ransomware Group Diaries, Part I: Evasion</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220301-161930/ Tue, 01 Mar 2022 16:19:30 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220301-161930/ March 1, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/03/01/Open-source-is-defined-by-the-OSD.html">Open Source is defined by the OSI's Open Source Definition</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220301-161927/ Tue, 01 Mar 2022 16:19:27 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220301-161927/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/03/a-new-year-a-new-mdn/">A new year, a new MDN →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/03/a-new-year-a-new-mdn/">A new year, a new MDN</a><br> <hr> If you’ve accessed the MDN website today, you probably noticed that it looks quite different. We hope it’s a good different. Let us explain! <p>In mid-2021 we started to think about modernizing MDN’s design, to create a clean and inviting website that makes navigating our 44,000 articles as easy as possible. We wanted to create a more holistic experience for our users, with an emphasis on improved navigability and a universal look and feel across all our pages.<br></p> https://www.whatsupup.com/blog/overgrazing/propellent/20220301-001827/ Tue, 01 Mar 2022 00:18:26 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220301-001827/ Sign in<br> https://www.whatsupup.com/blog/sited/implore/20220228-201834/ Mon, 28 Feb 2022 20:18:34 +0000 https://www.whatsupup.com/blog/sited/implore/20220228-201834/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/28/technology/whole-foods-amazon-automation.html">Here Comes the Full Amazonification of Whole Foods A newly revamped store in Washington shows how thoroughly Amazon has woven itself into the grocery shopping experience. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220228-201805/ Mon, 28 Feb 2022 20:18:04 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220228-201805/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-00542-4">Space junk heading for Moon will add to 60+ years of lunar debris</a><br></p> <hr> In an upcoming collision, a spent rocket booster will be the first long-circulating piece of human-made debris to smash into the lunar surface.<br> https://www.whatsupup.com/blog/sited/implore/20220228-161802/ Mon, 28 Feb 2022 16:18:01 +0000 https://www.whatsupup.com/blog/sited/implore/20220228-161802/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/28/technology/whole-foods-amazon-automation.html">Your Old Whole Foods Is Fading. Here Comes the Amazon Whole Foods. A newly revamped store in Washington shows how thoroughly Amazon has woven itself into the grocery shopping experience. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220228-082028/ Mon, 28 Feb 2022 08:20:28 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220228-082028/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2022/02/27/world/russia-ukraine-war/facebooks-parent-company-says-it-shut-down-digital-operations-targeting-ukraine">Facebook’s parent company says it shut down digital operations targeting Ukraine. This was featured in live coverage. By Mike Isaac and Kate Conger</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220228-080929/ Mon, 28 Feb 2022 08:09:29 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220228-080929/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/react-native-component-library-roundup/">Here is our roundup of React native component libraries—both general and special purpose ones—with most important characteristics and helpful links.</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220228-041959/ Mon, 28 Feb 2022 04:19:58 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220228-041959/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2012/10/17/and-now-back-to-your-regularly-scheduled-combinatorial-species/">And now, back to your regularly scheduled combinatorial species</a><br> https://www.whatsupup.com/blog/boxed/modification/20220228-001438/ Mon, 28 Feb 2022 00:14:38 +0000 https://www.whatsupup.com/blog/boxed/modification/20220228-001438/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#web">web</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#wordle">wordle</a><br> Has it been a week since <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/wordle-clone/birdle/">Birdle</a> already? Wow. Anyway, I’ve made another Wordle variant. I call this one <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/wordle-clone/evirdle/">Evirdle</a> , because it is evil. It tries to make your Wordle experience as challenging as possible.<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#jokes">jokes</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#web">web</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#wordle">wordle</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220227-201341/ Sun, 27 Feb 2022 20:13:41 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220227-201341/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/02/26/Long-Links">Long Links</a> · Welcome to another curation of long-form pieces, the kind of thing that I, as a semi-retired person, have time for. While you probably don’t have the space for all of these, one or two might reward an investment of your attention. These are obviously grim times and indeed there’s grim stuff here but I’ve tried to add some smiles for balance <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/02/26/Long-Links">…</a><br> Beatles documentary. I’m a pretty intense music geek and while I gather there were some for whom this was Too Much Beatles, there was hardly a moment I wanted to look away. I found the whole thing intense and feel like sharing a few purely musical take-aways: If you care about will-George-quit or the-meaning-of-Yoko drama, I got nothing for you <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/02/18/Get-Back">…</a> [1 comment]<br> https://www.whatsupup.com/blog/rubicundity/envenomation/20220226-160629/ Sat, 26 Feb 2022 16:06:29 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220226-160629/ Want tips to overcome procrastination?<br> Get blog posts, short tips, and illustrations in <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/newsletter">the Deprocrastination newsletter</a> about once a week.<br> Found the article helpful?<br> For practical tips:<br> https://www.whatsupup.com/blog/ideo/fleury/20220226-000607/ Sat, 26 Feb 2022 00:06:06 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220226-000607/ President Biden joined European leaders this week in enacting economic sanctions against Russia in response to its invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its allies, which could escalate into cyber attacks on Western financial institutions and energy infrastructure.<br> Michael Daniel is a former cybersecurity advisor to the White House during the Obama administration who now heads the <a rel="noreferrer" target="_blank" href="https://www.cyberthreatalliance.org">Cyber Threat Alliance</a> , an industry group focused on sharing threat intelligence among members. Daniel said there are two primary types of cyber threats the group is concerned about potentially coming in response to sanctions on Russia.<br> The first involves what Daniel called “spillover and collateral damage” — a global malware contagion akin to a <a rel="noreferrer" target="_blank" href="https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">NotPeyta event</a> — basically some type of cyber weapon that has self-propagating capabilities and may even leverage a previously unknown security flaw in a widely-used piece of hardware or software.<br> Russia has been suspected of releasing <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Petya_(malware)">NotPetya</a> , a large-scale cyberattack in 2017 initially aimed at Ukrainian businesses that mushroomed into an extremely disruptive and expensive global malware outbreak.<br> “The second level [is that] in retaliation for sanctions or perceived interference, Russia steps up more direct attacks on Western organizations,” Daniel said. “The Russians have shown themselves to be incredibly ingenious and creative in terms of how they come up with targets that seem to catch us by surprise. If the situation escalates in cyberspace, there could be some unanticipated organizations that end up in the crosshairs.”<br> What kinds of attacks are experts most concerned about? In part because the Russian economy is so dependent on energy exports, Russia has invested heavily in probing for weaknesses in the cyber systems that support bulk power production and distribution.<br> Ukraine has long been used as the testing grounds for Russian offensive hacking capabilities targeting power infrastructure. State-backed Russian hackers have been blamed for <a rel="noreferrer" target="_blank" href="https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/">the Dec. 23, 2015 cyberattack on Ukraine’s power grid</a> that left 230,000 customers shivering in the dark.<br> Experts warn that Russia could just as easily use its arsenal of sneaky cyber exploits against energy systems that support U.S. and European nations. In 2014, then National Security Agency Director Mike Roger s <a rel="noreferrer" target="_blank" href="https://www.bloomberg.com/news/articles/2014-11-20/foreign-governments-have-hacked-u-s-power-system-nsa-head-says">told lawmakers</a> that hackers had been breaking into U.S. power utilities to probe for weaknesses, and that Russia had been caught planting malware in the same kind of industrial computers used by power utilities.<br> “All of that leads me to believe it is only a matter of when, not if, we are going to see something dramatic,” Rogers said at the time.<br> That haunting prophecy is ringing anew as European leaders work on hammering out additional sanctions, which the European Commission president says will restrict the Russian economy’s ability to function by starving it of important technology and access to finance.<br> A draft of the new penalties obtained by The New York Times would see the European Union ban the export of aircraft and spare parts that are necessary for the maintenance of Russian fleets.<br> “The bloc will also ban the export of specialized oil-refining technology as well as semiconductors, and it will penalize more banks — although it will stop short of targeting VTB, Russia’s second-largest bank, which is already crippled by American and British sanctions,” The Times <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/25/world/europe/eu-russian-sanctions.html">wrote</a> .<br> Dmitri Alperovitch is co-founder and former chief technology officer at the security firm CrowdStrike . Writing for The Economist , Alperovitch said America must tailor its response carefully to avoid initiating a pattern of escalation that could result in a potentially devastating hot war with Russia.<br> “The proposed combination of sanctions on top Russian banks and implementation of export controls on semiconductors would be likely to severely debilitate the Russian economy,” Alperovitch <a rel="noreferrer" target="_blank" href="https://www.economist.com/by-invitation/2022/02/23/dmitri-alperovitch-on-the-risks-of-escalation">wrote</a> . “And although many in the West may initially cheer this outcome as righteous punishment for Russia’s blatant violation of Ukrainian sovereignty, these measures will probably trigger significant Russian retaliation against America. That prospect all but guarantees that the conflict will not come to an end with an invasion of Ukraine.”<br> Faced with a potentially existential threat to its economic well-being — and seeing itself as having nothing more to lose — Russia will have several tools at its disposal with which to respond, he said: One of those will be carrying out cyber-attacks against American and European financial institutions and energy infrastructure.<br> “Having already exhausted the power of economic sanctions, America and its European allies would have few choices other than to respond to these attacks with offensive cyber-strikes of their own,” Alperovitch wrote. “This pattern of tit-for-tat cyber retaliation could place Russia and the West on a worrying path. It could end with the conflict spilling out of cyberspace and into the realm of a hot conflict. This outcome—a hot conflict between two nuclear powers with extensive cyber capabilities—is one that everyone in the world should be anxious to avoid.”<br> In May 2021, Russian cybercriminals unleashed <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/">a ransomware attack against Colonial Pipeline</a> , a major fuel distributor in the United States. The resulting outage caused fuel shortages and price spikes across the nation. Alperovitch says a retaliation from Russia in response to sanctions could make the Colonial Pipeline attack seem paltry by comparison.<br> “The colonial pipeline is going to be like child’s play if the Russians truly unleash all their capability,” Alperovitch told CNBC this week.<br> For example, having your organization’s computers and servers locked by ransomware may seem like a day at the park compared to getting hit with “wiper” malware that simply overwrites or corrupts data on infected systems.<br> Kim Zetter , a veteran Wired reporter who now runs her own <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/">cybersecurity-focused Substack newsletter</a> , has painstakingly documented two separate wiper attacks launched in the lead-up to the Russian invasion that targeted Ukrainian government and contractor networks, as well as systems in Latvia and Lithuania.<br> One contractor interviewed by Zetter said the wiper attacks appeared to be extremely targeted, going after organizations that support the Ukrainian government — regardless of where those organizations are physically located. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/russia-sanctions-may-spark-escalating-cyber-conflict/#more-58650">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/russia-sanctions-may-spark-escalating-cyber-conflict/">Russia Sanctions May Spark Escalating Cyber Conflict</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220224-001630/ Thu, 24 Feb 2022 00:16:30 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220224-001630/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/ex-washington-post-owner-don-graham">Ex-Washington Post Owner Don Graham On Doing Business With Zuckerberg And Bezos</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/ex-washington-post-owner-don-graham">Plus: Big Technology Podcast is joining LinkedIn Podcast Network.</a><br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/about">About</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/archive">Archive</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/about?sort=people">Authors</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20220223-201346/ Wed, 23 Feb 2022 20:13:45 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220223-201346/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/02/mitigating-kernel-risks-on-32-bit-arm.html">Mitigating kernel risks on 32-bit ARM</a><br></p> <hr> Posted by Ard Biesheuvel, Google Open Source Security Team Linux kernel support for the 32-bit ARM architecture was contributed in the late 90s, when there was little corporate involvement in Linux development, and most contributors were students or hobbyists, tinkering with development boards, often without much in the way of documentation.<br> Now 20+ years later, 32-bit ARM's maintainer has downgraded its support level to <a rel="noreferrer" target="_blank" href="https://git.kernel.org/linus/18bd49043caa8b272649d4868c29133eb0a3d143">'odd fixes</a> ,' while remaining active as a kernel contributor. This is a common pattern for aging and obsolete architectures: corporate funding for Linux kernel development has tremendously increased the pace of development, but only for architectures with a high return on investment. As a result, the 32-bit ARM port of Linux is essentially in maintenance-only mode, and lacks core Linux advancements such as THREAD_INFO_IN_TASK or VMAP_STACK, which protect against stack overflow attacks. The lack of developer attention does not imply that the 32-bit ARM port has ceased to make economic sense, though. Instead, it has evolved from being one of the spearheads of Linux innovation to a stable and mature platform, and while funding its upstream development may not make sense in the long term, deploying 32-bit ARM into the field today most certainly still makes economic sense when margins are razor thin and <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Bill_of_materials">BOM</a> costs need to be kept to an absolute minimum. This is why 32-bit ARM is still widely used in embedded systems like set-top boxes and wireless routers.<br> Running 32-bit Linux on 64-bit ARM systems Ironically, at these low price points, the DRAM is actually the dominant component in terms of BOM cost, and many of these 32-bit ARM systems incorporate a cheap ARMv8 <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/System_on_a_chip">SoC</a> that happens to be capable of running in 64-bit mode as well. The reason for running 32-bit applications nonetheless is that these generally use less of the expensive DRAM, and can be deployed directly without the need to recompile the binaries. As 32-bit applications don't need a 64-bit kernel (which itself uses more memory due to its internal use of 64-bit pointers), the product ships with a 32-bit kernel instead. If you're choosing to use a 32-bit kernel for its smaller memory footprint, it's not without risks. You'll likely experience performance issues, unpatched vulnerabilities, and unexpected misbehaviors such as:<br> 32-bit kernels generally cannot manage more than 1 GiB of physical memory without resorting to HIGHMEM bouncing, and cannot provide a full virtual address space of 4 GiB to user space, as 64-bit kernels can.<br> Side channels or other flaws caused by silicon errata may exist that haven't been mitigated in 32-bit kernels. For example, the hardening against Spectre and Meltdown vulnerabilities were only done for ARMv7 32-bit only CPUs, and many ARMv8 cores running in 32-bit mode may still be vulnerable (only Cortex-A73 and A75 are handled specifically). And in general, silicon flaws in 64-bit parts that affect the 32-bit kernel are less likely to be found or documented, simply because the silicon validation teams don’t prioritize them.<br> The 32-bit ARM kernel does not implement the elaborate <a rel="noreferrer" target="_blank" href="https://youtu.be/CUAXCeRjw3c?t=2687">alternatives patching framework</a> that is used by other architectures to implement handling of silicon errata, which are particular to certain revisions of certain CPUs. Instead, on 32-bit multiplatform kernels, we simply enable all errata workarounds that may be needed by any of the cores that may ever run the image in question, potentially affecting performance unnecessarily on cores that have no need for them.<br> Silicon vendors are phasing out 32-bit support in the longer term. Given an ecosystem containing a handful of operating systems and thousands of applications, support for 32-bit operating systems (which is more complex technically) is highly likely to be dropped first. For products with longer life cycles, long-term procurement contracts for components available today are usually much more costly than adjusting the BOM over time and using newer, cheaper parts.<br> The 32-bit kernel does not implement <a rel="noreferrer" target="_blank" href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f80fb3a3d50843a401dac4b566b3b131da8077a2">kernel address space randomization</a> , and even if it did, its comparatively tiny address space simply leaves very little space for randomization. Other hardening features, such as <a rel="noreferrer" target="_blank" href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c55191e96caa9">rodata=full</a> or <a rel="noreferrer" target="_blank" href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=87143f404f338">hierarchical eXecute Never attributes</a> , are missing as well on 32-bit, and are not likely to be implemented, either due to lack of support in the architecture, or because of the complexity of the 32-bit memory management code, which still supports all of the different architecture revisions dating back to the initial Linux port running on the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Risc_PC">Risc PC</a> .<br> Keeping the 32-bit ARM kernel secure There are cases, though, where using the 32-bit kernel is the only option, e.g., if the CPUs are in fact 32-bit only (which is the case even for some ARMv8 cores such as Cortex-A32), or when relying on an existing 32-bit only codebase running in the kernel (drivers for legacy peripherals). Note that in such cases, it still makes sense to use the most recent kernel version compatible with the hardware, since we are in fact making an effort to enable some of the existing hardening features on 32-bit ARM as well.<br> THREAD_INFO_IN_TASK for v7 SMP cores<br> The v5.16 release of the Linux kernel <a rel="noreferrer" target="_blank" href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=18ed1c01a7dd3d7c780b06a49124da237a4c1790">implements</a> support for THREAD_INFO_IN_TASK when running on ARMv7 SMP systems. This protects the kernel's per-task bookkeeping (called thread_info), which lives on the far (and normally unused) end of the stack, against stack overflows which may occur in rare -yet sometimes exploitable- cases where the control flow of the program simply ends up accumulating more state than the stack can hold. (Note that a stack overflow is not the same as a stack buffer overflow, where the overflow happens in the opposite direction.)<br> By moving thread_info off the stack and into the kernel heap, and by using a special SMP CPU register to keep track of its location, we can mitigate the risk of stack overflows resulting in thread_info corruption. However, it does not prevent stack overflows themselves: these may still occur, and result in corruption of other data structures that happen to be adjacent to the task stack in memory.<br> THREAD_INFO_IN_TASK for other cores<br> For CPUs that lack this special SMP CPU register, we also proposed an implementation of THREAD_INFO_IN_TASK that is expected to land in v5.18. Instead of a special register, it uses a global variable to keep track of the location of thread_info.<br> VMAP_STACK support<br> Preventing stack overflows from corrupting unrelated memory contents is the goal of VMAP_STACK, which we are <a rel="noreferrer" target="_blank" href="https://lore.kernel.org/linux-arm-kernel/20211122092816.2865873-1-ardb@kernel.org/">enabling for 32-bit ARM</a> as well. When VMAP_STACK is enabled, kernel mode stacks are allocated from the kernel heap as before, but mapped into a different part of the kernel's address space, and surrounded by guard regions, which are guaranteed to be kept unpopulated. Given that accesses to such unpopulated regions will trigger an exception, the kernel's memory management layer can step in and terminate the program as soon as a stack overflow occurs, and prevent it from causing memory corruption.<br> Support for IRQ stacks Coming up with a bounded worst case on which to base the size of the kernel stack is rather hard, especially given the fact that it is shared between the program itself and any exception handling routines that may be called on its behalf, including interrupt handlers. To mitigate the risk of a pathological worst case occurring, where an interrupt fires that needs a lot of stack space right at a time when most of the stack is already being used by the program, we are also <a rel="noreferrer" target="_blank" href="https://lore.kernel.org/linux-arm-kernel/20211115084732.3704393-1-ardb@kernel.org/">enabling IRQ_STACKS for 32-bit ARM</a> , which will run handlers of both hard and soft interrupts from a dedicated stack, one for each CPU. By decoupling the task and interrupt contexts like this, the likelihood that a well-behaved program needs to be terminated due to stack overflow should be all but eliminated.<br> Conclusion With <a rel="noreferrer" target="_blank" href="https://lore.kernel.org/linux-arm-kernel/20211208092611.1012773-1-ardb@kernel.org/">these changes</a> in place, kernel stack overflow protection will be available for all ARM systems supported by Linux, including ancient ones like the Risc PC or <a rel="noreferrer" target="_blank" href="https://lore.kernel.org/linux-arm-kernel/874k7pn923.wl-maz@kernel.org/">Netwinder</a> , provided that it runs a Linux distribution that is <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/08/linux-kernel-security-done-right.html">keeping up with the times.</a><br> However, relying on legacy hardware and software comes with a risk, and even though we try to help keep users of the 32-bit kernel as safe as we reasonably can, it is not the right choice for new designs that incorporate 64-bit capable hardware.<br> https://www.whatsupup.com/blog/gonadal/revving/20220223-081921/ Wed, 23 Feb 2022 08:19:20 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220223-081921/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2010/02/20/math-combinatorics-multiset/">Math.Combinatorics.Multiset</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220223-041945/ Wed, 23 Feb 2022 04:19:45 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220223-041945/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2009/01/30/fad-diets-are-like-burrito-tutorials/">Fad diets are like burrito tutorials</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2009/06/29/2009-icfp-programming-contest-reflections/">2009 ICFP programming contest reflections</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220223-001349/ Wed, 23 Feb 2022 00:13:49 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220223-001349/ Get Back<br> Beatles documentary. I’m a pretty intense music geek and while I gather there were some for whom this was Too Much Beatles, there was hardly a moment I wanted to look away. I found the whole thing intense and feel like sharing a few purely musical take-aways: If you care about will-George-quit or the-meaning-of-Yoko drama, I got nothing for you <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/02/18/Get-Back">…</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220222-200606/ Tue, 22 Feb 2022 20:06:05 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220222-200606/ <p>The U.S. Internal Revenue Service (IRS) said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov. In lieu of providing biometric data, taxpayers can now opt for a live video interview with ID.me , the privately-held Virginia company that runs the agency’s identity proofing system. The IRS also said any biometric data already shared with ID.me would be permanently deleted over the next few weeks, and any biometric data provided for new signups will be destroyed after an account is created.<br> “Taxpayers will have the option of verifying their identity during a live, virtual interview with agents; no biometric data – including facial recognition – will be required if taxpayers choose to authenticate their identity through a virtual interview,” the IRS said in <a rel="noreferrer" target="_blank" href="https://www.irs.gov/newsroom/irs-statement-new-features-put-in-place-for-irs-online-account-registration-process-strengthened-to-ensure-privacy-and-security">a Feb. 21 statement</a> .<br> “Taxpayers will still have the option to verify their identity automatically through the use of biometric verification through ID.me’s self-assistance tool if they choose,” the IRS explained. “For taxpayers who select this option, new requirements are in place to ensure images provided by taxpayers are deleted for the account being created. Any existing biometric data from taxpayers who previously created an IRS Online Account that has already been collected will also be permanently deleted over the course of the next few weeks.”<br> In addition, the IRS said it planned to roll out Login.gov as an authentication tool for those seeking access to their tax records online. Login.gov is a single sign-on solution already used to access 200 websites run by 28 federal agencies.<br> “The General Services Administration is currently working with the IRS to achieve the security standards and scale required of Login.Gov, with the goal of moving toward introducing this option after the 2022 filing deadline,” the agency wrote. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/irs-selfies-now-optional-biometric-data-to-be-deleted/#more-58627">Continue reading →</a><br> Missouri Governor Mike Parson made headlines last year when he <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/">vowed to criminally prosecute a journalist</a> for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. But Missouri prosecutors now say they will not pursue charges following revelations that the data had been exposed since 2011 — two years after responsibility for securing the state’s IT systems was centralized within Parson’s own Office of Administration.<br> In October 2021, St. Louis Post-Dispatch reporter <a rel="noreferrer" target="_blank" href="https://www.stltoday.com/users/profile/jrenaud">Josh Renaud</a> alerted Missouri education department officials that their website was exposing the Social Security numbers of more than 100,000 primary and secondary teachers in the state. Renaud found teachers’ SSNs were accessible in the HTML source code of some Missouri education department webpages.<br> After confirming that state IT officials had secured the exposed teacher data, the Post-Dispatch <a rel="noreferrer" target="_blank" href="https://www.stltoday.com/news/local/education/missouri-teachers-social-security-numbers-at-risk-on-state-agencys-website/article_f3339700-ece0-54a1-9a45-f300321b7c82.html">ran a story about their findings</a> . Gov. Parson responded by holding a press conference in which he vowed his administration would seek to prosecute and investigate “the hackers” and anyone who aided the publication in its “attempt to embarrass the state and sell headlines for their news outlet.”<br> “The state is committed to bringing to justice anyone who hacked our systems or anyone who aided them to do so,” Parson said in October. “A hacker is someone who gains unauthorized access to information or content. This individual did not have permission to do what they did. They had no authorization to convert or decode, so this was clearly a hack.”<br> Parson tasked the Missouri Highway Patrol to produce a report on their investigation into “the hackers.”  On Monday, Feb. 21, The Post-Dispatch published <a rel="noreferrer" target="_blank" href="https://s3.documentcloud.org/documents/21271820/redacted-information-for-sunshine-request.pdf">the 158-page report</a> (PDF), which concluded after 175 hours of investigation that Renaud did nothing wrong and only accessed information that was publicly available.<br> Emails later obtained by the Post-Dispatch showed that the FBI told state cybersecurity officials that there was “not an actual network intrusion” and the state database was “misconfigured.” The emails also revealed the proposed message when education department leaders initially prepared to respond in October:<br> “We are grateful to the member of the media who brought this to the state’s attention,” was the proposed quote attributed to the state’s education commissioner before Parson began shooting the messenger. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/report-missouri-governors-office-responsible-for-teacher-data-leak/#more-58607">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/irs-selfies-now-optional-biometric-data-to-be-deleted/">IRS: Selfies Now Optional, Biometric Data to Be Deleted</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/report-missouri-governors-office-responsible-for-teacher-data-leak/">Report: Missouri Governor’s Office Responsible for Teacher Data Leak</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20220221-200649/ Mon, 21 Feb 2022 20:06:48 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220221-200649/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/find-go-to-activities-that-arent-scrolling-or-watching">Find go-to activities that aren't scrolling or watching</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-danger-of-expecting-work-to-be-easy-and-fun">The danger of expecting work to be easy and fun</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/it-doesnt-matter-how-many-hours-you-work">It doesn’t matter how many hours you work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-new-meaning-of-hard-work">The new meaning of hard work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/abstinence-isnt-recovery">Abstinence isn’t recovery</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-go-back-to-things-you-used-to-be-addicted-to-in-the-past">How to go back to things you used to be addicted to in the past</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-protect-your-intentions-from-getting-hijacked">How to protect your intentions from getting hijacked</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/let-your-discontent-crystallize">Let your discontent crystallize</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/stop-postponing-things-by-embracing-the-mess">Stop postponing things by embracing the mess</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/critical-effort-why-we-reach-a-goal-or-not">Critical effort: why we reach a goal (or not)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/zone-of-action-do-the-possible-to-do-the-impossible">Zone of Action: Do the possible to do the impossible</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/1-simple-technique-to-train-your-focus">1 simple technique to train your focus</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/boxed/modification/20220221-001353/ Mon, 21 Feb 2022 00:13:52 +0000 https://www.whatsupup.com/blog/boxed/modification/20220221-001353/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#jokes">jokes</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#web">web</a><br> From the “committing to the bit” department, I present: <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/wordle-clone/birdle/">Birdle</a> .<br> https://www.whatsupup.com/blog/gonadal/revving/20220220-201909/ Sun, 20 Feb 2022 20:19:09 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220220-201909/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2012/08/28/creating-documents-with-embedded-diagrams/">Creating documents with embedded diagrams</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220220-161948/ Sun, 20 Feb 2022 16:19:47 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220220-161948/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2011/05/17/announcing-diagrams-preview-release/">Announcing diagrams preview release</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220219-161836/ Sat, 19 Feb 2022 16:18:36 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220219-161836/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2012/07/07/new-haxr-release/">New haxr release</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220219-161734/ Sat, 19 Feb 2022 16:17:33 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220219-161734/ February 19, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/02/19/Plaid-is-an-evil-nightmare-product.html">Plaid is an evil nightmare product from Security Hell</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220219-081121/ Sat, 19 Feb 2022 08:11:21 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220219-081121/ <a rel="noreferrer" target="_blank" href="https://t.co/HXRnlcGyQx"><a href="https://t.co/HXRnlcGyQx">https://t.co/HXRnlcGyQx</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/nE211Iyu8t"><a href="https://t.co/nE211Iyu8t">https://t.co/nE211Iyu8t</a></a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220219-080832/ Sat, 19 Feb 2022 08:08:32 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220219-080832/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/react-markdown-component-the-easy-way-to-create-rich-text/">React-markdown is a React component that safely renders Markdown into HTML. It lets you create rich content without having to worry about all the formatting and code placement. In this blog post, we explore how react-markdown works and why you should start using it.</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220219-041205/ Sat, 19 Feb 2022 04:12:04 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220219-041205/ Friday night AMA – ask me anything!<br> https://www.whatsupup.com/blog/stratification/pride/20220218-201626/ Fri, 18 Feb 2022 20:16:25 +0000 https://www.whatsupup.com/blog/stratification/pride/20220218-201626/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104285199/?p=boingboing&utm_source=boingboing">$9,900 JetSurf Race TITANIUM EFI Board 2020</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104293116/?p=boingboing&utm_source=boingboing">$80,298 2015 BMW i8</a><br> https://www.whatsupup.com/blog/depository/unfitted/20220218-201402/ Fri, 18 Feb 2022 20:14:02 +0000 https://www.whatsupup.com/blog/depository/unfitted/20220218-201402/ <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/how-on-earth/">How on earth I became an entrepreneur</a> : 2022<br> https://www.whatsupup.com/blog/phonic/shopboy/20220218-201153/ Fri, 18 Feb 2022 20:11:53 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220218-201153/ "The manager of a fruit-and-vegetable shop places in his window the slogan: 'Workers of the world, unite!' Why does he do it? What is he trying to communicate to the world? Is he genuinely enthusiastic about the idea of unity among the workers of the world?"<br> Interpretation: Essentially everything happening around us is an Availability Cascade, sparked by one or more Availability Entrepreneurs. <a rel="noreferrer" target="_blank" href="https://t.co/MeN5vNltnz"><a href="https://t.co/MeN5vNltnz">https://t.co/MeN5vNltnz</a></a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220218-041557/ Fri, 18 Feb 2022 04:15:57 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220218-041557/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-el-salvadors-wild-bitcoin-experiment">Why El Salvador’s Wild Bitcoin Experiment Just Might Work</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-el-salvadors-wild-bitcoin-experiment">Last fall, El Salvador made Bitcoin legal tender. Here’s what it looks like on the ground.</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220218-041117/ Fri, 18 Feb 2022 04:11:17 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220218-041117/ Interpretation: History can only move forward. History cannot move backward, since you can't remove the information and experience that caused the change from how things were before. <a rel="noreferrer" target="_blank" href="https://t.co/UWcj6EYI7e"><a href="https://t.co/UWcj6EYI7e">https://t.co/UWcj6EYI7e</a></a><br> “There is no question of returning to the pre-1968 situation, if only for the reason that the pre-1968 situation included the conditions that led to 1968.” —Valéry Giscard d’Estaing HT @bgmasters<br> https://www.whatsupup.com/blog/buckeroo/doubling/20220218-001739/ Fri, 18 Feb 2022 00:17:38 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220218-001739/ February 17, 2022 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2022/02/17/tar-is-good-actually.gmi">tar is good actually</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> https://www.whatsupup.com/blog/seer/hemisphere/20220218-001516/ Fri, 18 Feb 2022 00:15:15 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220218-001516/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-00469-w">A year on Mars: How NASA’s Perseverance hit a geological jackpot</a><br></p> <hr> The rover collected exciting rock samples on the first leg of its epic journey. Next, it will turn towards an ancient river delta to look for past life.<br> https://www.whatsupup.com/blog/phonic/shopboy/20220218-001132/ Fri, 18 Feb 2022 00:11:31 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220218-001132/ "’Tis better to have tweeted and deleted, than never to have tweeted at all." –Alfred Lord Tennyson<br> But those beliefs of six years ago did not anticipate all the changes of the last six years. So they were, nearly across the board, wrong? Many things are clearer now, aren't they? @BretWeinstein <a rel="noreferrer" target="_blank" href="https://t.co/4ydfr8J9eX"><a href="https://t.co/4ydfr8J9eX">https://t.co/4ydfr8J9eX</a></a><br> Andreessen's Corollary to Buffett's Principle: It's virtually impossible to insulate your thoughts and behavior from the super-contagious emotions that swirl about the marketplace. <a rel="noreferrer" target="_blank" href="https://t.co/P3Bh8Q9oSv"><a href="https://t.co/P3Bh8Q9oSv">https://t.co/P3Bh8Q9oSv</a></a><br> https://www.whatsupup.com/blog/playacted/rededication/20220217-201725/ Thu, 17 Feb 2022 20:17:25 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220217-201725/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/17/arts/music/spotify-joe-rogan-misinformation.html">Spotify Bet Big on Joe Rogan. It Got More Than It Counted On. The deal that brought his podcast to Spotify is said to be worth over $200 million, more than was previously known. Accusations that he spreads misinformation have roiled the company. By Katherine Rosman, Ben Sisario, Mike Isaac and Adam Satariano</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220217-161853/ Thu, 17 Feb 2022 16:18:53 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220217-161853/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2014/05/13/unique-isomorphism-and-generalized-the/">Unique isomorphism and generalized "the"</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220217-161755/ Thu, 17 Feb 2022 16:17:54 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220217-161755/ <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/02/version-100-in-chrome-and-firefox/">Version 100 in Chrome and Firefox →</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220217-121053/ Thu, 17 Feb 2022 12:10:53 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220217-121053/ Democracy (via the Iron Law of Oligarchy) <a rel="noreferrer" target="_blank" href="https://t.co/ud7SPBzQEi"><a href="https://t.co/ud7SPBzQEi">https://t.co/ud7SPBzQEi</a></a><br> Autonomy - Oligarchy - Monarchy <a rel="noreferrer" target="_blank" href="https://t.co/RklckzSTT9"><a href="https://t.co/RklckzSTT9">https://t.co/RklckzSTT9</a></a><br> TENET was a <em>great</em> movie. <a rel="noreferrer" target="_blank" href="https://t.co/7VyUJDAJPy"><a href="https://t.co/7VyUJDAJPy">https://t.co/7VyUJDAJPy</a></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220217-081111/ Thu, 17 Feb 2022 08:11:11 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220217-081111/ "Would it shock you to know that two people, one with the traits of Extreme-Altruism (X-Altruism) and the other the traits of a sociopath, could be related? Even siblings? And that their personality traits are very similar, with only a few features to distinguish them?"<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220217-080815/ Thu, 17 Feb 2022 08:08:15 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220217-080815/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/supabase-tutorial-admin-panel/">For this tutorial we are going to set up a Supabase user database and build an admin panel that allows us to create, read, update and delete the entries. We’ll display the data in a table, and use a panel on the right-hand side to tab between create and update forms, all in less than 20 minutes.</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220217-041143/ Thu, 17 Feb 2022 04:11:43 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220217-041143/ "Motion to rename 'online advertising' to 'small business customer discovery and economic growth technology'." –Aaron Levie @levie – credit where credit is due, that's spot on.<br> "The world of the future. The world I want. A world of obedience and unity. A world where the thought of each man will not be his own, but an attempt to guess the thought of his neighbor, who'll have no thought of his own but an attempt to guess…and so on, around the globe."<br> Present day politics totally aside, everyone should read Junger's 1997 post-apocalyptic science fiction novel "Eumeswil"–how to preserve one's soul under tyranny, a subject Junger knew well. It will stay with you. <a rel="noreferrer" target="_blank" href="https://t.co/BWn1a3DVfG"><a href="https://t.co/BWn1a3DVfG">https://t.co/BWn1a3DVfG</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/KEilXznpwD"><a href="https://t.co/KEilXznpwD">https://t.co/KEilXznpwD</a></a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20220217-002216/ Thu, 17 Feb 2022 00:22:15 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220217-002216/ In a <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/02/victory-irs-wont-require-facial-recognition-idme">victory for privacy and security,</a> the Internal Revenue Service <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/07/us/politics/irs-idme-facial-recognition.html">reversed course</a> from its <a rel="noreferrer" target="_blank" href="https://www.washingtonpost.com/technology/2022/01/27/irs-face-scans/">recent announcement</a> that it was partnering with ID.me, a third-party identity verification service, to use facial recognition for verification of users managing many aspects of their taxes online. Importantly, this change only…<br> https://www.whatsupup.com/blog/ideo/fleury/20220217-000614/ Thu, 17 Feb 2022 00:06:13 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220217-000614/ Update, 2:00 p.m., ET: The ICRC just published an update to its <a rel="noreferrer" target="_blank" href="https://www.icrc.org/en/document/cyber-attack-icrc-what-we-know">FAQ on the breach</a> . The ICRC now says the hackers broke in on Nov. 9, 2021, using an unpatched critical vulnerability (CVE-2021-40539). “This vulnerability allows malicious cyber actors to place web shells and conduct post-exploitation activities such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files. Once inside our network, the hackers were able to deploy offensive security tools which allowed them to disguise themselves as legitimate users or administrators. This in turn allowed them to access the data, despite this data being encrypted.”<br> Original story:<br> https://www.whatsupup.com/blog/overgrazing/propellent/20220216-201541/ Wed, 16 Feb 2022 20:15:41 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220216-201541/ © 2022 Alex Kantrowitz<br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/privacy">Privacy</a> ∙ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/tos">Terms</a> ∙ <a rel="noreferrer" target="_blank" href="https://substack.com/ccpa#personal-data-collected">Collection notice</a><br> <a rel="noreferrer" target="_blank" href="https://substack.com">Substack</a> is the home for great writing<br> https://www.whatsupup.com/blog/seer/hemisphere/20220216-201508/ Wed, 16 Feb 2022 20:15:07 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220216-201508/ Sort by:<br> Relevance<br> Date published (new to old)<br> Date published (old to new)<br> https://www.whatsupup.com/blog/phonic/shopboy/20220216-201134/ Wed, 16 Feb 2022 20:11:33 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220216-201134/ "Vaguely redpilled." –@vgr<br> Wednesday energy. <a rel="noreferrer" target="_blank" href="https://t.co/40vT2B6W0k"><a href="https://t.co/40vT2B6W0k">https://t.co/40vT2B6W0k</a></a><br> https://www.whatsupup.com/blog/ideo/fleury/20220216-200558/ Wed, 16 Feb 2022 20:05:57 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220216-200558/ A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.<br> On Jan. 19, the ICRC disclosed the compromise of servers hosting the personal information of more than 500,000 people receiving services from the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/International_Red_Cross_and_Red_Crescent_Movement">Red Cross and Red Crescent Movement</a> . The ICRC said the hacked servers contained data relating to the organization’s Restoring Family Links services, which works to reconnect people separated by war, violence, migration and other causes.<br> The same day the ICRC went public with its breach, someone using the nickname “ Sheriff ” on the English-language cybercrime forum RaidForums advertised the sale of data from the Red Cross and Red Crescent Movement. Sheriff’s sales thread suggests the ICRC was asked to pay a ransom to guarantee the data wouldn’t be leaked or sold online.<br> “Mr. Mardini, your words have been heard,” Sheriff wrote, posting a link to the Twitter profile of ICRC General Director Robert Mardini and urging forum members to tell him to check his email. “Check your email and send a figure you can pay.”<br> RaidForums member “unindicted” aka Sheriff selling access to the International Red Cross and Red Crescent Movement data. Image: Ke-la.com<br> In their <a rel="noreferrer" target="_blank" href="https://www.icrc.org/en/document/cyber-attack-icrc-what-we-know">online statement about the hack</a> (updated on Feb. 7) the ICRC said it had not had any contact with the hackers, and no ransom demand had been made.<br> “In line with our standing practice to engage with any actor who can facilitate or impede our humanitarian work, we are willing to communicate directly and confidentially with whoever may be responsible for this operation to impress upon them the need to respect our humanitarian action,” the ICRC statement reads.<br> Asked to comment on Sheriff’s claims, the ICRC issued the following statement:<br> “Right now, we do not have any conclusive evidence that this information from the data breach has been published or is being traded. Our cybersecurity team has looked into any reported allegation of data being available on the dark web.”<br> The email address that Sheriff used to register at RaidForums — <a href="mailto:kelvinmiddelkoop@hotmail.com">kelvinmiddelkoop@hotmail.com</a> — appears in <a rel="noreferrer" target="_blank" href="https://www.justice.gov/usao-ndca/press-release/file/1334571/download">an affidavit for a search warrant filed by the FBI</a> roughly a year ago. That FBI warrant came on the heels of <a rel="noreferrer" target="_blank" href="https://www.mandiant.com/resources/report-suspected-iranian-influence-operation">an investigation published by security firm FireEye</a> , which examined an Iranian-based network of inauthentic news sites and social media accounts aimed at the United States., U.K. and other western audiences.<br> “This operation is leveraging a network of inauthentic news sites and clusters of associated accounts across multiple social media platforms to promote political narratives in line with Iranian interests,” FireEye researchers wrote. “These narratives include anti-Saudi, anti-Israeli, and pro-Palestinian themes, as well as support for specific U.S. policies favorable to Iran.”<br> The FBI says the domains registered by the email address tied to Sheriff’s RaidForums account were used in service of the Liberty Front Press, a network of phony news sites thought to originate from Iran.<br> According to the FBI affidavit, the address <a href="mailto:kelvinmiddelkoop@hotmail.com">kelvinmiddelkoop@hotmail.com</a> was used to register at least three different domains for phony news sites, including awdnews[.]com, sachtimes[.]com, and whatsupic[.]com. A reverse WHOIS search on that email address at <a rel="noreferrer" target="_blank" href="https://www.domaintools.com">DomainTools.com</a> (an advertiser on this site) shows it was used to register 17 domains between 2012 and 2021, including moslimyouthmedia[.]com, moslempress[.]com, and realneinovosti[.]net. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/red-cross-hack-linked-to-iranian-influence-operation/#more-58533">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/red-cross-hack-linked-to-iranian-influence-operation/">Red Cross Hack Linked to Iranian Influence Operation?</a><br> https://www.whatsupup.com/blog/stratification/pride/20220216-121720/ Wed, 16 Feb 2022 12:17:19 +0000 https://www.whatsupup.com/blog/stratification/pride/20220216-121720/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104290152/?p=boingboing&utm_source=boingboing">$49,000 1967 Chevrolet Impala</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104288058/?p=boingboing&utm_source=boingboing">$300 DJI Drone Mavic 2 pro Flying Foldable Drone With HD Camera A…</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220216-121211/ Wed, 16 Feb 2022 12:12:11 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220216-121211/ <p><a rel="noreferrer" target="_blank" href="https://t.co/Ak7hQ4owON"><a href="https://t.co/Ak7hQ4owON">https://t.co/Ak7hQ4owON</a></a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://t.co/QFmUAjHIiB">https://t.co/QFmUAjHIiB</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://t.co/ScNgrCT214">https://t.co/ScNgrCT214</a><br> https://www.whatsupup.com/blog/glooming/wrackful/20220216-120823/ Wed, 16 Feb 2022 12:08:23 +0000 https://www.whatsupup.com/blog/glooming/wrackful/20220216-120823/ <p><a rel="noreferrer" target="_blank" href="https://robertheaton.com/otr4">Off-The-Record Messaging part 4: key insights</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://robertheaton.com/otr3">Off-The-Record Messaging part 3: how OTR works</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://robertheaton.com/otr2">Off-The-Record Messaging part 2: deniability and forward secrecy</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://robertheaton.com/otr1">Off-The-Record Messaging part 1: the problem with PGP</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220216-081150/ Wed, 16 Feb 2022 08:11:49 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220216-081150/ <p><a rel="noreferrer" target="_blank" href="https://t.co/8ypBz5NISr"><a href="https://t.co/8ypBz5NISr">https://t.co/8ypBz5NISr</a></a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://t.co/wVxzFM8nuf">https://t.co/wVxzFM8nuf</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://t.co/7WWzxjBQq8">https://t.co/7WWzxjBQq8</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220216-001841/ Wed, 16 Feb 2022 00:18:41 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220216-001841/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/15/technology/metamates-meta-facebook.html">Out With the Facebookers. In With the Metamates. Now that Facebook has renamed itself Meta, that’s what employees will be known as, the company said. By Mike Isaac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220216-001345/ Wed, 16 Feb 2022 00:13:45 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220216-001345/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/02/08/Crocuses">2022 Crocuses</a> · It is an annual tradition on this blog to celebrate the early-spring arrival, in our front yard, of the first crocuses. Winters suck everywhere in Canada and while Vancouver’s don’t freeze your ass they do subtract light from life for way too many months. Thus, giving the little purple fellas a hearty greeting is therapeutic. With notes on photography and dead leaves <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/02/08/Crocuses">…</a> [1 comment]<br> https://www.whatsupup.com/blog/phonic/shopboy/20220216-001202/ Wed, 16 Feb 2022 00:12:01 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220216-001202/ "The soul is that which can't be ruled. It must be broken. Drive a wedge in, get your fingers on it–and the man is yours. You won't need a whip–he'll bring it to you and ask to be whipped. Set him in reverse–and his own mechanism will do your work for you."<br> <a rel="noreferrer" target="_blank" href="https://t.co/L681l9iRLc"><a href="https://t.co/L681l9iRLc">https://t.co/L681l9iRLc</a></a><br></p> <hr> Overheard in Silicon Valley: "Ayn Rand's heroes are fake, but her villains are real."<br> https://www.whatsupup.com/blog/gaper/whisky/20220215-201820/ Tue, 15 Feb 2022 20:18:19 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220215-201820/ <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/02/version-100-in-chrome-and-firefox/">Version 100 in Chrome and Firefox</a><br></p> <hr> Chrome and Firefox will reach version 100 in a couple of months. This has the potential to cause breakage on sites that rely on identifying the browser version to perform business logic.  This post covers the timeline of events, the strategies that Chrome and Firefox are taking to mitigate the impact, and how you can help.<br> https://www.whatsupup.com/blog/phonic/shopboy/20220215-081206/ Tue, 15 Feb 2022 08:12:06 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220215-081206/ <a rel="noreferrer" target="_blank" href="https://t.co/LTgfJcb674"><a href="https://t.co/LTgfJcb674">https://t.co/LTgfJcb674</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/k32r6bYb3H"><a href="https://t.co/k32r6bYb3H">https://t.co/k32r6bYb3H</a></a><br> <a rel="noreferrer" target="_blank" href="https://t.co/MgmvHHRTP2"><a href="https://t.co/MgmvHHRTP2">https://t.co/MgmvHHRTP2</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/gvY2qgjRrb"><a href="https://t.co/gvY2qgjRrb">https://t.co/gvY2qgjRrb</a></a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220215-041631/ Tue, 15 Feb 2022 04:16:31 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220215-041631/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/">New</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/">Top</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/">Community</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220215-041151/ Tue, 15 Feb 2022 04:11:51 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220215-041151/ "A Breastplate of Righteousness is 'a protective shield of [fake] superpropriety with a shining quality, blinding [surrounding people to certain of the wearer’s practices'."<br> https://www.whatsupup.com/blog/overgrazing/propellent/20220214-231744/ Mon, 14 Feb 2022 23:17:44 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220214-231744/ Log in<br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/">Home</a><br></p> <hr> More<br> return ;<br> https://www.whatsupup.com/blog/phonic/shopboy/20220214-231256/ Mon, 14 Feb 2022 23:12:55 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220214-231256/ <p><a rel="noreferrer" target="_blank" href="https://t.co/KEEQEddZpw"><a href="https://t.co/KEEQEddZpw">https://t.co/KEEQEddZpw</a></a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://t.co/sKZROCjVal">https://t.co/sKZROCjVal</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://t.co/PMQaoclT4n">https://t.co/PMQaoclT4n</a><br> https://www.whatsupup.com/blog/sited/implore/20220214-201538/ Mon, 14 Feb 2022 20:15:37 +0000 https://www.whatsupup.com/blog/sited/implore/20220214-201538/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/14/technology/texas-facebook-facial-recognition-lawsuit.html">Texas sues Facebook’s parent, saying it collected facial recognition data without consent. The state’s attorney general said the company repeatedly captured and commercialized biometric data in photos and videos for more than a decade without users’ permission. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20220214-201347/ Mon, 14 Feb 2022 20:13:46 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220214-201347/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/02/roses-are-red-violets-are-blue-giving.html">🌹 Roses are red, Violets are blue 💙 Giving leets 🧑‍💻 more sweets 🍭 All of 2022!</a><br></p> <hr> Posted by Eduardo Vela, Vulnerability Matchmaker<br> Until December 31 2022 we will pay 20,000 to 91,337 USD for exploits of vulnerabilities in the Linux Kernel, Kubernetes, GKE or kCTF that are exploitable on our test lab. We launched an <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/11/trick-treat-paying-leets-and-sweets-for.html">expansion</a> of kCTF VRP on November 1, 2021 in which we paid 31,337 to 50,337 USD to those that are able to compromise our kCTF cluster and obtain a flag. We increased our rewards because we recognized that in order to attract the attention of the community we needed to match our rewards to their expectations. We consider the expansion to have been a success, and because of that we would like to extend it even further to at least until the end of the year (2022). During the last three months, we received 9 submissions and paid over 175,000 USD so far. The submissions included five 0days and two 1days. Three of these are already fixed and are public: <a rel="noreferrer" target="_blank" href="https://access.redhat.com/security/cve/cve-2021-4154">CVE-2021-4154</a> , <a rel="noreferrer" target="_blank" href="https://ubuntu.com/security/CVE-2021-22600">CVE-2021-22600</a> ( <a rel="noreferrer" target="_blank" href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755">patch</a> ) and <a rel="noreferrer" target="_blank" href="https://ubuntu.com/security/CVE-2022-0185">CVE-2022-0185</a> ( <a rel="noreferrer" target="_blank" href="https://www.willsroot.io/2022/01/cve-2022-0185.html">writeup</a> ). These three bugs were first found by <a rel="noreferrer" target="_blank" href="https://syzkaller.appspot.com/upstream">Syzkaller</a> , and two of them had already been fixed on the mainline and stable versions of the Linux Kernel at the time they were reported to us. Based on our experience these last 3 months, we made a few improvements to the submission process:<br> Reporting a 0day will not require including a flag at first. We heard some concerns from participants that exploiting a 0day in the shared cluster could leak it to other participants. As such, we will only ask for the exploit checksum (but you still have to exploit the bug and submit the flag within a week after the patch is merged on <a rel="noreferrer" target="_blank" href="https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux">mainline</a> ). Please make sure that your exploit <a rel="noreferrer" target="_blank" href="https://cloud.google.com/container-optimized-os/docs/concepts/security#security-hardened_kernel">works on COS</a> with minimal modifications (test it on your own <a rel="noreferrer" target="_blank" href="https://github.com/google/google-ctf/tree/master/vrp">kCTF cluster</a> ), as some common exploit primitives (like eBPF and userfaultfd) might not be available.<br> Reporting a 1day will require including a link to the patch. We will automatically publish the patches of all submissions if the flag is valid. We also encourage you all to include a link to a Syzkaller dashboard report if applicable in order to help reduce duplicate submissions and so you can see which bugs were exploited already.<br> You will be able to submit the exploit in the same form you submit the flag. If you had submitted an exploit checksum for a 0day, please make sure that you include the original exploit as well as the final exploit and make sure to submit it within a week after the patch is merged on <a rel="noreferrer" target="_blank" href="https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux">mainline</a> . The original exploit shouldn't require major modifications to work. Note that we need to be able to understand your exploit, so please add comments to explain what it is doing.<br> We are now running two clusters, one on the <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/release-notes-regular">REGULAR</a> release channel and another one on the <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/release-notes-rapid">RAPID</a> release channel. This should provide more flexibility whenever a vulnerability is only exploitable on modern versions of the Linux Kernel or Kubernetes.<br> We are also changing the reward structure slightly. Going forward the rewards will be:<br> 31,337 USD to the first valid exploit submission for a given vulnerability. This will only be paid once per vulnerability and only once per cluster version/build (available at /etc/node-os-release).<br> 0 USD for exploits for duplicate exploits for the same vulnerability. The bonuses below might still apply.<br> Bonuses<br> 20,000 USD for exploits for 0day vulnerabilities. This will only be paid once per vulnerability to the first valid exploit submission.<br> To submit 0days, please test your exploit (we recommend to test it on your own kCTF cluster to avoid leaking it to other participants), make a checksum and send the checksum to us. Within a week after the vulnerability is fixed on the <a rel="noreferrer" target="_blank" href="https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux">mainline</a> , submit the form as a 1day and include the exploit of which you sent a checksum to us.<br> 20,000 USD for exploits for vulnerabilities that do not require unprivileged user namespaces (CLONE_NEWUSER). This will only be paid once per vulnerability to the first valid exploit submission.<br> Our test lab allows unprivileged user namespaces, so we will manually check the exploits to check if they work without unprivileged user namespaces when deciding whether to issue the bonus. We decided to issue additional rewards for exploits that do not require unprivileged user namespaces because containers <a rel="noreferrer" target="_blank" href="https://github.com/moby/moby/blob/3c06ebd876687555fdf030a3307a66908c4fa57c/profiles/seccomp/default_linux.go#L576">default seccomp policy</a> does not allow the use of unprivileged user namespaces on containers that are run without CAP_SYS_ADMIN. This feature is now <a rel="noreferrer" target="_blank" href="https://kubernetes.io/docs/tutorials/security/seccomp/">available</a> on Kubernetes and all nodes running on <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview#container_isolation">GKE Autopilot</a> have it enabled by default.<br> 20,000 USD for exploits using novel exploit techniques. This is a bonus in addition to the base rewards (applies for duplicate exploits). To qualify for this additional reward please send us a write-up explaining it.<br> An example of something considered as a novel technique could be the exploitation of previously unknown objects to transform a limited primitive into a more powerful one, such as an arbitrary/out-of-bounds read/write or arbitrary free. For example, in all our submissions, researchers leveraged message queues to achieve kernel information leaks. We are looking for similarly powerful techniques that allow heap exploits to be “plugged in” and immediately allow kernel access. Another example is bypassing a common security mitigation or a technique for exploiting a class of vulnerabilities more reliably.<br> These changes increase some 1day exploits to 71,337 USD (up from 31,337 USD), and makes it so that the maximum reward for a single exploit is 91,337 USD (up from 50,337 USD). We also are going to pay even for duplicates at least 20,000 USD if they demonstrate novel exploit techniques (up from 0 USD). However, we will also limit the number of rewards for 1days to only one per version/build. There are 12-18 <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/release-notes">GKE releases</a> per year on each channel, and we have two clusters on different channels, so we will pay the 31,337 USD base rewards up to 36 times (no limit for the bonuses). While we don't expect every upgrade to have a valid 1day submission, we would love to learn otherwise. You can find the flag submission status for our clusters (and their versions) <a rel="noreferrer" target="_blank" href="https://google.github.io/kctf/vrp#notes">here</a> . We look forward to hearing from you, and continue to strengthen our shared ecosystem. If you are interested to participate but don't know where to start, Arizona State University has a free public Kernel Exploitation workshop at <a rel="noreferrer" target="_blank" href="https://dojo.pwn.college/challenges/kernel">https://dojo.pwn.college/challenges/kernel</a> as part of an overall memory corruption course and you can find a community-maintained list of past Linux Kernel vulnerabilities, exploits and writeups curated by Andrey Konovalov at <a rel="noreferrer" target="_blank" href="https://github.com/xairy/linux-kernel-exploitation">https://github.com/xairy/linux-kernel-exploitation</a> . This is part of our Vulnerability Reward Program, which we've been running for over 10 years, and <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/about/rules/6625378258649088">the rules</a> include some more information. Same as with our other rewards, we will double them if they are donated to charity, and submitters will be included on our site at <a rel="noreferrer" target="_blank" href="http://bughunters.google.com/">bughunters.google.com</a> . If you are ready to submit something, please read the instructions on our site <a rel="noreferrer" target="_blank" href="https://google.github.io/kctf/vrp">here</a> and if you have any other questions please contact us <a rel="noreferrer" target="_blank" href="https://discord.gg/V8UqnZ6JBG">on Discord</a> .<br> https://www.whatsupup.com/blog/ideo/fleury/20220214-200600/ Mon, 14 Feb 2022 20:06:00 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220214-200600/ In January, KrebsOnSecurity examined clues left behind by “ Wazawaka ,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists.<br> Wazawaka, a.k.a. Mikhail P. Matveev, a.k.a. “Orange,” a.k.a. “Boriselcin,” showing off his missing ring finger.<br> In <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/who-is-the-network-access-broker-wazawaka/">last month’s story</a> , we explored clues that led from Wazawaka’s multitude of monikers, email addresses, and passwords to a 30-something father in Abakan, Russia named Mikhail Pavlovich Matveev . This post concerns itself with the other half of Wazawaka’s identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became “ Orange ,” the founder of the ransomware-focused Dark Web forum known as “ RAMP .”<br> The same day the initial profile on Wazawaka was published here, someone registered the Twitter account “ <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/02/waza-twitter.png">@fuck_maze</a> ,” a possible reference to the now-defunct Maze Ransomware gang.<br> The background photo for the @fuck_maze profile included a logo that read “Waka Waka;” the bio for the account took a swipe at <a rel="noreferrer" target="_blank" href="https://twitter.com/ddd1ms?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor">Dmitry Smilyanets</a> , a researcher and blogger for <a rel="noreferrer" target="_blank" href="https://therecord.media">The Record</a> who was once part of a cybercrime group the Justice Department <a rel="noreferrer" target="_blank" href="https://www.justice.gov/opa/pr/russian-national-admits-role-largest-known-data-breach-conspiracy-ever-prosecuted">called</a> the “largest known data breach conspiracy ever prosecuted.”<br> The @fuck_maze account messaged me a few times on Twitter, but largely stayed silent until Jan. 25, when it tweeted three videos of a man who appeared identical to <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/02/wazawaka-vk.png">Matveev’s social media profile on Vkontakte</a> (the Russian version of Facebook). The man seemed to be slurring his words quite a bit, and started by hurling obscenities at Smilyanets, journalist <a rel="noreferrer" target="_blank" href="https://twitter.com/campuscodi">Catalin Cimpanu</a> (also at The Record), and <a rel="noreferrer" target="_blank" href="https://twitter.com/AShukuhi">a security researcher from Cisco Talos</a> .<br> At the beginning of the videos, Matveev holds up his left hand to demonstrate that his ring finger is missing. This he smugly presents as evidence that he is indeed Wazawaka.<br> The story goes that Wazwaka at one point made a bet wherein he wagered his finger, and upon losing the bet severed it himself. It’s unclear if that is the real story about how Wazawaka lost the ring finger on his left hand; his remaining fingers appear oddly crooked.<br> “Hello Brian Krebs! You did a really great job actually, really well, fucking great — it’s great that journalism works so well in the US,” Matveev said in the video. “By the way, it is my voice in the background, I just love myself a lot.”<br> In one of his three videos, Wazawaka says he’s going to release exploit code for a security vulnerability. Later that same day, the @fuck_maze account posted a link to a Pastebin-like site that included working exploit code for a recently patched security hole in SonicWall VPN appliances ( <a rel="noreferrer" target="_blank" href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017">CVE-2021-20028</a> ).<br> When KrebsOnSecurity first started researching Wazawaka in 2021, it appeared this individual also used two other important nicknames on the Russian-speaking crime forums. One was Boriselcin , a particularly talkative and brash personality who was simultaneously the public persona of Babuk, a ransomware affiliate program that surfaced on New Year’s Eve 2020.<br> The other handle that appeared tied to Wazawaka was “Orange,” the founder of <a rel="noreferrer" target="_blank" href="https://ke-la.com/new-russian-speaking-forum-a-new-place-for-raas/">the RAMP ransomware forum</a> . I just couldn’t convincingly connect those two identities with Wazawaka using the information available at the time. This post is an attempt to remedy that. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/wazawaka-goes-waka-waka/#more-58373">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/wazawaka-goes-waka-waka/">Wazawaka Goes Waka Waka</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220214-081201/ Mon, 14 Feb 2022 08:12:00 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220214-081201/ <p><a rel="noreferrer" target="_blank" href="https://t.co/IbltkuDfQP"><a href="https://t.co/IbltkuDfQP">https://t.co/IbltkuDfQP</a></a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://t.co/Q3udlwoFFD">https://t.co/Q3udlwoFFD</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://t.co/58OngjCW1l">https://t.co/58OngjCW1l</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220214-041208/ Mon, 14 Feb 2022 04:12:08 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220214-041208/ "Preference Falsification is the act of communicating a preference that differs from one's true preference. The public frequently [lies], especially to researchers or pollsters, because they believe the conveyed preference is more acceptable socially."<br> Overheard in Silicon Valley: "Be so scary, they make multiple Superbowl commercials trying to dismiss you."<br> Overheard in Silicon Valley: "Nobody's right 100% of the time, but some people are perfect contrary indicators."<br> https://www.whatsupup.com/blog/buckeroo/doubling/20220213-121900/ Sun, 13 Feb 2022 12:19:00 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220213-121900/ February 13, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/02/13/Framing-accessibility-in-broader-terms.html">Framing accessibility in broader terms</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220213-041314/ Sun, 13 Feb 2022 04:13:14 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220213-041314/ "In Greek mythology, Apollo and Dionysus are both sons of Zeus. Apollo is the god of the sun, of rational thinking and order, and appeals to logic, prudence and purity. Dionysus is the god of wine and dance, of irrationality and chaos, and appeals to emotions and instincts."<br> "I have little direct evidence about the atrocities in the Spanish Civil War. I know that some were committed by the Republicans [the left], and some by the Fascists [the right]… But atrocities are believed in or disbelieved in solely on grounds of political predilection."<br> https://www.whatsupup.com/blog/reigned/coffeecake/20220213-011100/ Sun, 13 Feb 2022 01:11:00 +0000 https://www.whatsupup.com/blog/reigned/coffeecake/20220213-011100/ New: <a rel="noreferrer" target="_blank" href="http://paulgraham.com/words.html">Putting Ideas into Words</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/goodtaste.html">Taste</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/smart.html">Smart</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/weird.html">Weird</a><br> https://www.whatsupup.com/blog/popularization/compilable/20220213-010933/ Sun, 13 Feb 2022 01:09:33 +0000 https://www.whatsupup.com/blog/popularization/compilable/20220213-010933/ My Ph.D. is in Information Science from the University of Washington in Seattle, and my masters and undergraduate degrees are in Computer Science from the University of Illinois at Urbana-Champaign (UIUC). Before joining Brown, I analyzed search behavior at Microsoft Research, Google, Yahoo, and Bing; and co-founded World Blender, a Techstars-backed startup that made geolocation mobile games.<br> https://www.whatsupup.com/blog/spectrometry/obol/20220212-161410/ Sat, 12 Feb 2022 16:14:08 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220212-161410/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html">A walk through Project Zero metrics</a> (Feb)<br> https://www.whatsupup.com/blog/phonic/shopboy/20220212-081127/ Sat, 12 Feb 2022 08:11:27 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220212-081127/ <a rel="noreferrer" target="_blank" href="https://t.co/TgLE4nXwPh"><a href="https://t.co/TgLE4nXwPh">https://t.co/TgLE4nXwPh</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/KdSrz1eLf7"><a href="https://t.co/KdSrz1eLf7">https://t.co/KdSrz1eLf7</a></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220212-041222/ Sat, 12 Feb 2022 04:12:22 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220212-041222/ <p>Danegeld:</p> <p>"It is always a temptation for a rich and lazy nation, To puff and look important and to say: 'Though we know we should defeat you, we have not the time to meet you. We will therefore pay you cash to go away.'…"<br></p> https://www.whatsupup.com/blog/phonic/shopboy/20220212-001302/ Sat, 12 Feb 2022 00:13:02 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220212-001302/ <p>New Twitter logo just dropped! <a rel="noreferrer" target="_blank" href="https://t.co/9U7S538FSp"><a href="https://t.co/9U7S538FSp">https://t.co/9U7S538FSp</a></a><br> Overheard in Silicon Valley:</p> <p>"Don't need to dispose of nuclear waste if you don't have any nuclear power."<br></p> https://www.whatsupup.com/blog/traveling/splay/20220211-201925/ Fri, 11 Feb 2022 20:19:25 +0000 https://www.whatsupup.com/blog/traveling/splay/20220211-201925/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/11/science/webb-telescope-selfie-pictures.html">James Webb Telescope Sends Home a Selfie and 18 Images of Starlight The spacecraft recorded a series of images of a target star that will be used to help its mirrors prepare for scientific research. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220211-121308/ Fri, 11 Feb 2022 12:13:07 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220211-121308/ The four American art forms are software, hip hop, memes, and stonks. <a rel="noreferrer" target="_blank" href="https://t.co/8TQPLA765p"><a href="https://t.co/8TQPLA765p">https://t.co/8TQPLA765p</a></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220211-081441/ Fri, 11 Feb 2022 08:14:40 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220211-081441/ <a rel="noreferrer" target="_blank" href="https://t.co/xT4r2cYz0n"><a href="https://t.co/xT4r2cYz0n">https://t.co/xT4r2cYz0n</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/g8lHonOOX0"><a href="https://t.co/g8lHonOOX0">https://t.co/g8lHonOOX0</a></a><br> "The Dark Triad comprises the personality traits of narcissism, Machiavellianism, and psychopathy. They are called dark because of their malevolent qualities."<br> <a rel="noreferrer" target="_blank" href="https://t.co/oqdIT72zeW"><a href="https://t.co/oqdIT72zeW">https://t.co/oqdIT72zeW</a></a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220211-041936/ Fri, 11 Feb 2022 04:19:35 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220211-041936/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/its-way-too-early-to-count-out-instagram">It’s Way Too Early To Count Out Instagram Reels</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/its-way-too-early-to-count-out-instagram">Despite the narrative, TikTok hasn’t crushed Reels just yet.</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220211-001356/ Fri, 11 Feb 2022 00:13:55 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220211-001356/ <p><a rel="noreferrer" target="_blank" href="https://t.co/fW8wpTKCCK"><a href="https://t.co/fW8wpTKCCK">https://t.co/fW8wpTKCCK</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/V3Ssdn7zVS"><a href="https://t.co/V3Ssdn7zVS">https://t.co/V3Ssdn7zVS</a></a><br></p> <ul> <li>Pick up trendy crunchy hippie Whole Wheat Non-GMO Peach Apricot Fruit Bars</li> <li>Two 1-ounce bars, 200 calories</li> <li>[Reading reading…]</li> <li>41g carbs, 20g sugars including 17g added sugars SMH<br> Alec Stapp <a rel="noreferrer" target="_blank" href="https://twitter.com/AlecStapp">@AlecStapp</a><br> The Nuclear Regulatory Commission was created in 1975.</li> </ul> <p>In the 47 years since then, not a single new nuclear power plant has begun operations.</p> <p>I’m beginning to understand why. <a rel="noreferrer" target="_blank" href="https://t.co/zRG7jNYaQE"><a href="https://t.co/zRG7jNYaQE">https://t.co/zRG7jNYaQE</a></a><br></p> https://www.whatsupup.com/blog/spectrometry/obol/20220210-201553/ Thu, 10 Feb 2022 20:15:52 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220210-201553/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html">A walk through Project Zero metrics</a><br></p> <hr> Posted by Ryan Schoen, Project Zero<br> tl;dr<br> In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago.<br> In addition to the average now being well below the <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html">90-day deadline</a> , we have also seen a dropoff in vendors missing the deadline (or the additional <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html#deadlinemiss">14-day grace period</a> ). In 2021, only one bug exceeded its fix deadline, though 14% of bugs required the grace period.<br> Differences in the amount of time it takes a vendor/product to ship a fix to users reflects their product design, development practices, update cadence, and general processes towards security reports. We hope that this comparison can showcase best practices, and encourage vendors to experiment with new policies.<br> This data aggregation and analysis is relatively new for Project Zero, but we hope to do it more in the future. We encourage all vendors to consider publishing aggregate data on their time-to-fix and time-to-patch for externally reported vulnerabilities, as well as more data sharing and transparency in general.<br> Overview<br> For nearly ten years, Google’s Project Zero has been working to make it more difficult for bad actors to find and exploit security vulnerabilities, significantly improving the security of the Internet for everyone. In that time, we have partnered with folks across industry to transform the way organizations prioritize and approach fixing security vulnerabilities and updating people’s software.<br> To help contextualize the shifts we are seeing the ecosystem make, we looked back at the set of vulnerabilities Project Zero has been reporting, how a range of vendors have been responding to them, and then attempted to identify trends in this data , such as how the industry as a whole is patching vulnerabilities faster.<br> For this post, we look at fixed bugs that were reported between January 2019 and December 2021 (2019 is the year we made changes to our disclosure policies and also began recording more detailed metrics on our reported bugs). The data we'll be referencing is publicly available on the <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/list">Project Zero Bug Tracker</a> , and on various open source project repositories (in the case of the data used below to track the timeline of open-source browser bugs).<br> There are a number of caveats with our data, the largest being that we'll be looking at a small number of samples, so differences in numbers may or may not be statistically significant. Also, the direction of Project Zero's research is almost entirely influenced by the choices of individual researchers, so changes in our research targets could shift metrics as much as changes in vendor behaviors could. As much as possible, this post is designed to be an objective presentation of the data, with additional subjective analysis included at the end.<br> The data!<br> Between 2019 and 2021, Project Zero reported <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com">376 issues</a> to vendors under our standard 90-day deadline. 351 (93.4%) of these bugs have been fixed, while 14 (3.7%) have been marked as WontFix by the vendor s. 11 (2.9%) other bugs remain unfixed, though at the time of this writing 8 have passed their deadline to be fixed; the remaining 3 are still within their deadline to be fixed. Most of the vulnerabilities are clustered around a few vendors, with 96 bugs (26%) being reported to Microsoft, 85 (23%) to Apple, and 60 (16%) to Google.<br> Deadline adherence<br> Once a vendor receives a bug report under our standard deadline, they have 90 days to fix it and ship a patched version to the public. The vendor can also request a 14-day grace period if the vendor confirms they plan to release the fix by the end of that total 104-day window.<br> In this section, we'll be taking a look at how often vendors are able to hit these deadlines. The table below includes all bugs that have been reported to the vendor under the 90-day deadline since January 2019 and have since been fixed, for vendors with the most bug reports in the window.<br> Deadline adherence and fix time 2019-2021, by bug report volume<br> Vendor<br> Total bugs<br> Fixed by day 90<br> Fixed during grace period<br> Exceeded deadline<br> & grace period<br> Avg days to fix<br> Apple<br> 73 (87%)<br> Microsoft<br> Google<br> Linux<br> Adobe<br> Mozilla<br> Samsung<br> Oracle<br> Others *<br> TOTAL<br> * For completeness, the vendors included in the "Others" bucket are Apache, ASWF, Avast, AWS, c-ares, Canonical, F5, Facebook, git, Github, glibc, gnupg, gnutls, gstreamer, haproxy, Hashicorp, insidesecure, Intel, Kubernetes, libseccomp, libx264, Logmein, Node.js, opencontainers, QT, Qualcomm, RedHat, Reliance, SCTPLabs, Signal, systemd, Tencent, Tor, udisks, usrsctp, Vandyke, VietTel, webrtc, and Zoom.<br> Overall, the data show that almost all of the big vendors here are coming in under 90 days, on average. The bulk of fixes during a grace period come from Apple and Microsoft (22 out of 34 total).<br> Vendors have exceeded the deadline and grace period about 5% of the time over this period. In this slice, Oracle has exceeded at the highest rate, but admittedly with a relatively small sample size of only about 7 bugs. The next-highest rate is Microsoft, having exceeded 4 of their 80 deadlines.<br> Average number of days to fix bugs across all vendors is 61 days. Zooming in on just that stat, we can break it out by year:<br> Bug fix time 2019-2021, by bug report volume<br> Bugs in 2019<br> (avg days to fix)<br> 61 (71)<br> Others*<br> * For completeness, the vendors included in the "Others" bucket are Adobe, Apache, ASWF, Avast, AWS, c-ares, Canonical, F5, Facebook, git, Github, glibc, gnupg, gnutls, gstreamer, haproxy, Hashicorp, insidesecure, Intel, Kubernetes, libseccomp, libx264, Logmein, Mozilla, Node.js, opencontainers, Oracle, QT, Qualcomm, RedHat, Reliance, Samsung, SCTPLabs, Signal, systemd, Tencent, Tor, udisks, usrsctp, Vandyke, VietTel, webrtc, and Zoom.<br> From this, we can see a few things: first of all, the overall time to fix has consistently been decreasing, but most significantly between 2019 and 2020. Microsoft, Apple, and Linux overall have reduced their time to fix during the period, whereas Google sped up in 2020 before slowing down again in 2021. Perhaps most impressively, the others not represented on the chart have collectively cut their time to fix in more than half, though it's possible this represents a change in research targets rather than a change in practices for any particular vendor.<br> Finally, focusing on just 2021, we see:<br> Only <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com">1 deadline exceeded</a> , versus an average of 9 per year in the other two years<br> The grace period used 9 times (notably with half being by Microsoft), versus the slightly lower average of 12.5 in the other years<br> Mobile phones<br> Since the products in the previous table span a range of types (desktop operating systems, mobile operating systems, browsers), we can also focus on a particular, hopefully more apples-to-apples comparison: mobile phone operating systems.<br> Avg fix time<br> iOS<br> Android (Samsung)<br> Android (Pixel)<br> The first thing to note is that it appears that iOS received remarkably more bug reports from Project Zero than any flavor of Android did during this time period, but rather than an imbalance in research target selection, this is more a reflection of how Apple ships software. Security updates for "apps" such as iMessage, Facetime, and Safari/WebKit are all shipped as part of the OS updates, so we include those in the analysis of the operating system. On the other hand, security updates for standalone apps on Android happen through the Google Play Store, so they are not included here in this analysis.<br> Despite that, all three vendors have an extraordinarily similar average time to fix. With the data we have available, it's hard to determine how much time is spent on each part of the vulnerability lifecycle (e.g. triage, patch authoring, testing, etc). However, open-source products do provide a window into where time is spent.<br> Browsers<br> For most software, we aren't able to dig into specifics of the timeline. Specifically: after a vendor receives a report of a security issue, how much of the "time to fix" is spent between the bug report and landing the fix , and how much time is spent between landing that fix and releasing a build with the fix? The one window we do have is into open-source software, and specific to the type of vulnerability research that Project Zero does, open-source browsers.<br> Fix time analysis for open-source browsers , by bug volume<br> Browser<br> Bugs<br> Avg days from bug report to public patch<br> Avg days from public patch to release<br> Avg days from bug report to release<br> Chrome<br> WebKit<br> Firefox<br> Total<br> We can also take a look at the same data, but with each bug spread out in a histogram. In particular, the histogram of the amount of time from a fix being landed in public to that fix being shipped to users shows a clear story (in the table above, this corresponds to "Avg days from public patch to release" column:<br> The table and chart together tell us a few things:<br> Chrome is currently the fastest of the three browsers, with time from bug report to releasing a fix in the stable channel in 30 days . The time to patch is very fast here, with just an average of 5 days between the bug report and the patch landing in public. The time for that patch to be released to the public is the bulk of the overall time window, though overall we still see the Chrome (blue) bars of the histogram toward the left side of the histogram. (Important note: despite being housed within the same company, Project Zero follows the same policies and procedures with Chrome that an external security researcher would follow. More information on that is available in our <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html#earlyaccess">Vulnerability Disclosure FAQ</a> .)<br> Firefox comes in second in this analysis, though with a relatively small number of data points to analyze. Firefox releases a fix on average in 38 days . A little under half of that is time for the fix to land in public, though it's important to note that Firefox … https://www.whatsupup.com/blog/ewing/undiscernibly/20220210-201524/ Thu, 10 Feb 2022 20:15:24 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220210-201524/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/02/vulnerability-reward-program-2021-year.html">Vulnerability Reward Program: 2021 Year in Review</a><br></p> <hr> Posted by Sarah Jacobus, Vulnerability Rewards Team<br> Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify and fix thousands of  vulnerabilities – helping keep our users and the internet safe.<br> Thanks to these incredible researchers, Vulnerability Reward Programs across Google continued to grow, and we are excited to report that in 2021 we awarded a record breaking $8,700,000 in vulnerability rewards – with researchers donating over $300,000 of their rewards to a charity of their choice.<br> We also <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/07/a-new-chapter-for-googles-vulnerability.html">launched</a> <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/">bughunters.google.com</a> in 2021, a public researcher portal dedicated to keeping Google products and the internet safe and secure. This new platform brings all of our VRPs (Google, Android, Abuse, Chrome, and Google Play) closer together and provides a single intake form, making security bug submission easier than ever. We’re excited about everything the new Bug Hunters portal has to offer, including:<br> More opportunities for interaction and a bit of healthy competition through gamification, per-country leaderboards, awards/badges for certain bugs, and more!<br> A more functional and aesthetically pleasing <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/leaderboard">leaderboard</a> . We know a lot of you are using your achievements in our VRPs to find jobs (we’re hiring!) and we hope this acts as a useful resource.<br> A stronger emphasis on learning: bug hunters can improve their skills through the content available in our new <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/learn">Bug Hunter University</a><br> Streamlined publication process: we know the value that knowledge sharing brings to our community. That’s why we want to make it easier for you to <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/report/reports">publish your bug reports</a> .<br> We now offer <a rel="noreferrer" target="_blank" href="https://twitter.com/GoogleVRP/status/1420129759833493507">swag</a> ! The first 20 folks who share this blog post on Twitter and tag <a rel="noreferrer" target="_blank" href="https://twitter.com/GoogleVRP">@GoogleVRP</a> will receive a gift voucher for swag in their DMs.<br> As in <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2020/01/vulnerability-reward-program-2019-year.html">past years</a> , we are sharing our 2021 Year in Review statistics across all of our programs. We would like to give a special thank you to all of our dedicated researchers - we look forward to more collaboration in the future!<br> Android<br> The Android VRP doubled its 2020 total payouts in 2021 with nearly $3 million dollars in rewards, and awarded the highest payout in Android VRP history: an exploit chain discovered in Android receiving a reward of $157,000!<br> Our industry leading prize of $1,500,000 for a compromise of our Titan-M Security chip used in our Pixel device remains unclaimed - for more information on this reward and Android exploit chain rewards, please visit our <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/about/rules/6171833274204160">public rules page</a> .<br> The program also launched the Android Chipset Security Reward Program (ACSRP), a vulnerability reward program offered by Google in collaboration with manufacturers of certain popular Android chipsets. This private, invite-only program, provides reward and recognition for contributions of security researchers who invest their time and effort into helping make Android devices more secure. In 2021 the ACSRP paid out $296,000 for over 220 valid and unique security reports.<br> We would like to give a special shoutout to some of our top researchers whose continued hard work keeps Android safe and secure:<br> Aman Pandey of <a rel="noreferrer" target="_blank" href="https://bugsmirror.com">Bugsmirror Team</a> has skyrocketed to our top researcher last year, submitting 232 vulnerabilities in 2021! Since submitting their first report in 2019, Aman has reported over 280 valid vulnerabilities to the Android VRP and has been a crucial part of making our program so successful.<br> Yu-Cheng Lin (林禹成) ( <a rel="noreferrer" target="_blank" href="https://twitter.com/AndroBugs">@AndroBugs</a> ) has been another phenomenal researcher for the Android VRP, submitting a whopping 128 valid reports to the program in 2021.<br> Researcher gzobqq@gmail.com discovered a critical exploit chain in Android (CVE-2021-39698) , receiving the highest payout in Android VRP history of $157,000.<br> Chrome<br> This year the Chrome VRP also set some new records – 115 Chrome VRP researchers were rewarded for 333 unique Chrome security bug reports submitted in 2021, totaling $3.3 million in VRP rewards. The contributions not only help us to improve Chrome, but also the web at large by bolstering the security of all browsers based on Chromium.<br> Of the $3.3 million, $3.1 million was awarded for Chrome Browser security bugs and $250,500 for Chrome OS bugs, including a $45,000 top reward amount for an <a rel="noreferrer" target="_blank" href="https://crbug.com/1166932">individual Chrome OS security bug report</a> and $27,000 for an <a rel="noreferrer" target="_blank" href="https://crbug.com/1197904">individual Chrome Browser security bug report</a> .<br> Of these totals, $58,000 was awarded for security issues discovered by fuzzers contributed by VRP researchers to the <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/about/rules/5745167867576320#:~:text=%245%2C000%20%2D%20%2415%2C000-,Chrome%20Fuzzer%20Program,-The%20Chrome%20Fuzzer">Chrome Fuzzing program</a> . Each valid report from an externally provided fuzzer received a $1,000 patch bonus, with <a rel="noreferrer" target="_blank" href="https://crbug.com/1242257">one fuzzer report</a> receiving a $16,000 reward.<br> The Chrome VRP would not be able to smash these records over the last year without the efforts of so many exceptional VRP researchers. We’d like to highlight a few researcher achievements made in 2021:<br> Rory McNamara, a Chrome OS VRP researcher who has been participating in the Chrome VRP for five years, became the highest awarded Chrome VRP researcher of all time. This year he was rewarded for six reports achieving root privilege escalation in Chrome OS, one of which received the highest reward amount achieved for a <a rel="noreferrer" target="_blank" href="https://crbug.com/1166932">single Chrome bug report</a> in 2021 at $45,000.<br> Chrome Browser VRP researcher Leecraso (@leecraso) of 360 Vulnerability Research Institute was the most awarded researcher of 2021, with 18 valid bug reports; a majority of which were for memory corruption vulnerabilities affecting the browser process.<br> We love when researchers write about their findings (only after we have publicly disclosed the bug, of course)! Chrome Browser VRP researcher Brendon Tiszka wrote an excellent two-part blog series on his <a rel="noreferrer" target="_blank" href="https://tiszka.com/blog/CVE_2021_21225.html">discovery</a> and <a rel="noreferrer" target="_blank" href="https://tiszka.com/blog/CVE_2021_21225_exploit.html">exploitation</a> of a V8 vulnerability, CVE-2021-21225, the analysis and reporting of which earned him a $22,000 VRP reward.<br> Huge thanks and congratulations to all Chrome VRP researchers that helped us make Chrome and Chrome OS more safe for all users in 2021!.<br> Google Play<br> Google Play paid out $550,000 in rewards to over 60 unique security researchers.<br> The Google Play Security Reward Program also <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/learn/presentations/5783688075542528">released their Android App Hacking Workshop content</a> and published a <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/12/empowering-next-generation-of-android.html">blog</a> on their work to empower the next generation of Android Application Security Researchers.<br> kCTF VRP<br> In November we <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/11/trick-treat-paying-leets-and-sweets-for.html">expanded</a> our reward amounts for exploits against our kCTF cluster from 5,000-10,000 up to 31,337-50,337 USD. In the last 3 months we were happy to have several participants receive $175,685 USD in rewards. We also extended the timeline of the increased rewards until February 14 (from January 31) which should give everyone a couple more weeks to finalize any almost-working exploits.<br> GCP VRP Prize<br> To encourage security researchers to focus on Google Cloud Platform, we initiated the annual GCP VRP Prize in 2019. In March this year, we <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/03/announcing-winners-of-2020-gcp-vrp-prize.html">announced</a> the winners of the 2020 edition of the prize and paid out $313,337 in prizes. Ezequiel Pereira won the top prize of $133,337 for finding an <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/report/reports/5105155099590656">RCE in Google Cloud Deployment Manager</a> . We saw some amazing research on Google Cloud Platform this year too. Stay tuned for the 2021 winners!<br> Research Grants<br> Six years ago, the Google VRP launched an experimental <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/about/rules/5479188746993664">Vulnerability Research Grant program</a> to encourage seasoned security researchers to take a detailed and extensive look into the security of Google products and services. And reward them even if there are no vulnerabilities found. Six years later, we are happy to announce that in 2021 we awarded over $200,000 in grants to more than 120 security researchers around the world.<br> If you are a Google VRP researcher and want to be considered for a Vulnerability Research Grant make sure you opted in on your <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/">bughunters profile</a> .<br> Looking forward<br> With the launch of the new Bug Hunters portal, we plan to continue improving our platform and listening to you - our researchers - on ways we can improve our platform and Bug Hunter University.<br> Thank you again for making Google, the Internet, and our users safe and secure! Follow us on <a rel="noreferrer" target="_blank" href="http://twitter.com/googlevrp">@GoogleVRP</a><br> Thank you to Adam Bacchus, Dirk Göhmann, Sarah Jacobus, Amy Ressler, Martin Straka, Jan Keller, Jon Bottarini<br> https://www.whatsupup.com/blog/phonic/shopboy/20220210-201244/ Thu, 10 Feb 2022 20:12:44 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220210-201244/ this is what the mind of a shape rotator looks like. what a nightmare <a rel="noreferrer" target="_blank" href="https://t.co/5duHBsmdOl"><a href="https://t.co/5duHBsmdOl">https://t.co/5duHBsmdOl</a></a><br> Harvard total streaming subscribers: 30,391 <a rel="noreferrer" target="_blank" href="https://t.co/95fJl7BfF9"><a href="https://t.co/95fJl7BfF9">https://t.co/95fJl7BfF9</a></a><br> Also tall sizes. I only wear vests from companies that like my kind and stock tall sizes. <a rel="noreferrer" target="_blank" href="https://t.co/DSudsl7KsU"><a href="https://t.co/DSudsl7KsU">https://t.co/DSudsl7KsU</a></a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20220210-082322/ Thu, 10 Feb 2022 08:23:22 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220210-082322/ On Wednesday, February 9, EFF sent a <a rel="noreferrer" target="_blank" href="https://eff.org/document/eff-opposes-earn-it-act">letter</a> to the Senate Judiciary Committee to strongly oppose S. 3538, the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2022 (EARN IT Act). EFF opposed the original and amended versions of this bill in the previous Congress, and our…<br> https://www.whatsupup.com/blog/phonic/shopboy/20220210-081236/ Thu, 10 Feb 2022 08:12:35 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220210-081236/ Yes, this is a subtweet of <em>that</em>. <a rel="noreferrer" target="_blank" href="https://t.co/3Ly7DbWLMs"><a href="https://t.co/3Ly7DbWLMs">https://t.co/3Ly7DbWLMs</a></a><br> Michael Climacus <a rel="noreferrer" target="_blank" href="https://twitter.com/MCVictorEremita">@MCVictorEremita</a><br> @pmarca <a rel="noreferrer" target="_blank" href="https://t.co/CGLmMmm7ov"><a href="https://t.co/CGLmMmm7ov">https://t.co/CGLmMmm7ov</a></a><br> Kartik <a rel="noreferrer" target="_blank" href="https://twitter.com/ayyar">@ayyar</a><br> @pmarca <a rel="noreferrer" target="_blank" href="https://t.co/YuJFDjkAoH"><a href="https://t.co/YuJFDjkAoH">https://t.co/YuJFDjkAoH</a></a><br> https://www.whatsupup.com/blog/ideo/fleury/20220210-080630/ Thu, 10 Feb 2022 08:06:30 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220210-080630/ Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown — the second closure of major card fraud shops by Russian authorities in as many weeks — comes closely behind <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/at-request-of-u-s-russia-rounds-up-14-revil-ransomware-affiliates/">Russia’s arrest of 14 alleged affiliates of the REvil ransomware gang</a> , and has many in the cybercrime underground asking who might be next.<br> Dept. K’s message for Trump’s Dumps users.<br> On Feb. 7 and 8, the domains for the carding shops <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2017/05/trumps-dumps-making-dumps-great-again/">Trump’s Dumps</a> , Ferum Shop , Sky-Fraud and UAS were seized by Department K , a division of the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Ministry_of_Internal_Affairs_(Russia)">Ministry of Internal Affairs of the Russian Federation</a> that focuses on computer crimes. The websites for the carding stores were retrofitted with a message from Dept. K asking, “Which one of you is next?”<br> According to cyber intelligence analysts at <a rel="noreferrer" target="_blank" href="https://www.flashpoint-intel.com">Flashpoint</a> , that same message was included in the website for UniCC , another major and venerated carding shop that was seized by Dept. K in January.<br> Around the same time Trump’s Dumps and the other three shops began displaying the Dept. K message, the Russian state-owned news outlet TASS <a rel="noreferrer" target="_blank" href="https://tass.ru/obschestvo/13637797">moved a story</a> naming six Russian men who were being charged with “the illegal circulation of means of payment.”<br> TASS reports the six detained include Denis Pachevsky , general director of Saratovfilm Film Company LLC; Alexander Kovalev , an individual entrepreneur; Artem Bystrykh , an employee of Transtekhkom LLC; Artem Zaitsev ; an employee of Get-net LLC ; and two unemployed workers, Vladislav Gilev and Yaroslav Solovyov .<br> None of the stories about the arrests tie the men to the four carding sites. But Flashpoint found that all of the domains seized by Dept. K. were registered and hosted through Zaitsev’s company — Get-net LLC.<br> “All four sites frequently advertised one another, which is generally atypical for two card marketplaces competing in the same space,” Flashpoint analysts wrote.<br> Stas Alforov is director of research for <a rel="noreferrer" target="_blank" href="https://www.geminiadvisory.io">Gemini Advisory</a> , a New York firm that monitors underground cybercrime markets. Alforov said it is most unusual for the Russians to go after carding sites that aren’t selling data stolen from Russian citizens.<br> “It’s not in their business to be taking down Russian card shops,” Alforov said. “Unless those shops were somehow selling data on Russian cardholders, which they weren’t.”<br> A carding shop that sold stolen credit cards and invoked 45’s likeness and name was among those taken down this week by Russian authorities.<br> Debuting in 2011, Ferum Shop is one of the oldest observed dark web marketplaces selling “card not present” data (customer payment records stolen from hacked online merchants), according to Gemini.<br> “Every year for the last 5 years, the marketplace has been a top 5 source of card not present records in terms of records posted for sale,” Gemini found. “In this time period, roughly 66% of Ferum Shop’s records have been from United States financial institutions. The remaining 34% have come from over 200 countries.”<br> In contrast, Trump’s Dumps focuses on selling card data stolen from hacked point-of-sale devices, and it benefited greatly from <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/01/jokers-stash-carding-market-to-call-it-quits/">the January 2021 retirement of Joker’s Stash</a> , which for years dwarfed most other carding shops by volume. Gemini found Trump’s Dumps gained roughly 40 percent market share after Joker’s closure, and that more than 87 percent of the payment card records it sells are from U.S. financial institutions.<br> “In the past 5 years, Ferum Shop and Trump’s Dumps have cumulatively added over 64 million compromised payment cards,” Alforov wrote. “Based on average demand for CP and CNP records and the median price of $10, the total revenue from these sales is estimated to be over $430 million. Due to the 20 to 30% commission that shops generally receive, the administrators of Ferum Shop and Trump’s Dumps likely generated between $86 and $129 million in profits from these card sales.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/russian-govt-continues-carding-shop-crackdown/#more-58435">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/russian-govt-continues-carding-shop-crackdown/">Russian Govt. Continues Carding Shop Crackdown</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220210-041157/ Thu, 10 Feb 2022 04:11:56 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220210-041157/ <p>CEOs of big tech companies: You almost certainly have wordcels as employees. What are you going to do about it?<br> my sources are telling me that the wordcel terminology has made it to c level exec meetings and VC town halls at big tech cos…<br> The modal faculty member is now 65. In 1980, the modal faculty member was <em>35</em>.</p> <p>"Boomer Ballast" — in this "uncapping", as in so many other cases, compounded by favorable policy for Boomers at each stage of the life cycle <a rel="noreferrer" target="_blank" href="https://t.co/7uktXZYX9I"><a href="https://t.co/7uktXZYX9I">https://t.co/7uktXZYX9I</a></a><br></p> https://www.whatsupup.com/blog/seer/hemisphere/20220210-001652/ Thu, 10 Feb 2022 00:16:51 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220210-001652/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-00394-y">Why the Tongan eruption will go down in the history of volcanology</a><br></p> <hr> The 15 January blast sent shock waves around the globe and defied scientific expectations. Researchers are now scrambling to work out why.<br> https://www.whatsupup.com/blog/phonic/shopboy/20220210-001303/ Thu, 10 Feb 2022 00:13:02 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220210-001303/ <a rel="noreferrer" target="_blank" href="https://t.co/Dd6CxbRqtG"><a href="https://t.co/Dd6CxbRqtG">https://t.co/Dd6CxbRqtG</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/xrMHQ10v8Y"><a href="https://t.co/xrMHQ10v8Y">https://t.co/xrMHQ10v8Y</a></a><br> <a rel="noreferrer" target="_blank" href="https://t.co/goe3HDb7Le"><a href="https://t.co/goe3HDb7Le">https://t.co/goe3HDb7Le</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/GasuQUYTdh"><a href="https://t.co/GasuQUYTdh">https://t.co/GasuQUYTdh</a></a><br> A Series A term sheet to a new competitor. @Austen <a rel="noreferrer" target="_blank" href="https://t.co/lxAYyAJhjc"><a href="https://t.co/lxAYyAJhjc">https://t.co/lxAYyAJhjc</a></a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20220209-202222/ Wed, 09 Feb 2022 20:22:22 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220209-202222/ Along with 60 other human rights, civil rights and open Internet organizations, EFF sent a <a rel="noreferrer" target="_blank" href="https://cdt.org/wp-content/uploads/2022/02/Human-rights-coalition-opposition-letter-to-EARN-IT-Act-S3538.pdf">letter</a> to the Senate Judiciary Committee on Wednesday, February 9 outlining our concerns with the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2022 (EARN IT, S.3538).As we <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/02/its-back-senators-want-earn-it-bill-scan-all-online-messages">wrote when the</a> …<br> First, the Internal Revenue Service <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/07/us/politics/irs-idme-facial-recognition.html">reversed course</a> from its <a rel="noreferrer" target="_blank" href="https://www.washingtonpost.com/technology/2022/01/27/irs-face-scans/">recent announcement</a> that it was partnering with ID.me, a third-party identity verification service, to use facial recognition for verification of users managing many aspects of their taxes online. Now, ID.me—which provides identity verification services for dozens of government agencies—says…<br> https://www.whatsupup.com/blog/sited/implore/20220209-201654/ Wed, 09 Feb 2022 20:16:53 +0000 https://www.whatsupup.com/blog/sited/implore/20220209-201654/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/09/technology/microsoft-activision.html">Microsoft starts a charm offensive to push through its Activision deal. Regulators are expected to give Microsoft’s proposed acquisition of Activision Blizzard — the largest in Microsoft’s history — a tough review. By David McCabe and Cecilia Kang</a><br> https://www.whatsupup.com/blog/stratification/pride/20220209-161707/ Wed, 09 Feb 2022 16:17:07 +0000 https://www.whatsupup.com/blog/stratification/pride/20220209-161707/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104290073/?p=boingboing&utm_source=boingboing">$4,000 Camera</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292850/?p=boingboing&utm_source=boingboing">$45,891 2019 Tesla Model 3</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220209-121459/ Wed, 09 Feb 2022 12:14:58 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220209-121459/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-00375-1">Researchers frustrated as Biden’s science adviser resigns amid scandal</a><br></p> <hr> Geneticist Eric Lander had a reputation for being a bully, scientists say, as they call for more inspiring leadership.<br> Lauren Wolf<br> https://www.whatsupup.com/blog/phonic/shopboy/20220209-121121/ Wed, 09 Feb 2022 12:11:20 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220209-121121/ Who can sleep with all this excitement? <a rel="noreferrer" target="_blank" href="https://t.co/f5c8wfGhSv"><a href="https://t.co/f5c8wfGhSv">https://t.co/f5c8wfGhSv</a></a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20220209-120647/ Wed, 09 Feb 2022 12:06:47 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220209-120647/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-danger-of-expecting-work-to-be-easy-and-fun">The danger of expecting work to be easy and fun</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/it-doesnt-matter-how-many-hours-you-work">It doesn’t matter how many hours you work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-new-meaning-of-hard-work">The new meaning of hard work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/abstinence-isnt-recovery">Abstinence isn’t recovery</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-go-back-to-things-you-used-to-be-addicted-to-in-the-past">How to go back to things you used to be addicted to in the past</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-protect-your-intentions-from-getting-hijacked">How to protect your intentions from getting hijacked</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/let-your-discontent-crystallize">Let your discontent crystallize</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/stop-postponing-things-by-embracing-the-mess">Stop postponing things by embracing the mess</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/critical-effort-why-we-reach-a-goal-or-not">Critical effort: why we reach a goal (or not)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/zone-of-action-do-the-possible-to-do-the-impossible">Zone of Action: Do the possible to do the impossible</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/1-simple-technique-to-train-your-focus">1 simple technique to train your focus</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220209-081337/ Wed, 09 Feb 2022 08:13:37 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220209-081337/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/01/30/Cloud-Lock-In">Lock-in and Multi-Cloud</a> · Alone in a room with the customer’s CTO, I said “So, I spent this morning talking to your people, and it looks like you’re using low-level generic tech for everything and managing it yourself. You could save a shit-ton of money by using high-level managed services and get load-scaling for free.” “Yeah,” he said, “but then we’d be locked in and the next time our enterprise contract comes up for renewal, you can screw us.” <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/01/30/Cloud-Lock-In">…</a> [4 comments]<br> https://www.whatsupup.com/blog/phonic/shopboy/20220209-081154/ Wed, 09 Feb 2022 08:11:54 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220209-081154/ I honestly do not know how anyone sleeps anymore.<br> Arthur Chrenkoff <a rel="noreferrer" target="_blank" href="https://twitter.com/TheDailyChrenk">@TheDailyChrenk</a><br> @neontaster Lumpenmillionairiat<br> Not proleplaying? <a rel="noreferrer" target="_blank" href="https://t.co/RjX9Y7Qr9r"><a href="https://t.co/RjX9Y7Qr9r">https://t.co/RjX9Y7Qr9r</a></a><br> https://www.whatsupup.com/blog/ideo/fleury/20220209-080616/ Wed, 09 Feb 2022 08:06:15 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220209-080616/ Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month’s relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents.<br> While none of the patches address bugs that earned Microsoft’s most dire “critical” rating, there are multiple “remote code execution” vulnerabilities that Redmond believes are ripe for exploitation. Among those is <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22005">CVE-2022-22005</a> , a weakness in Microsoft’s Sharepoint Server versions 2013-2019 that could be exploited by any authenticated user.<br> “The vulnerability does require an attacker to be authenticated in order to exploit it, which is likely why Microsoft only labeled it ‘Important,'” said Allan Liska , senior security architect at Recorded Future . “However, given the number of stolen credentials readily available on underground markets, getting authenticated could be trivial. Organizations that have public-facing SharePoint Servers should prioritize implementing this patch.”<br> Kevin Breen at Immersive Labs called attention to <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21996">CVE-2022-21996</a> , an elevation of privilege vulnerability in the core Windows component “ Win32k .”<br> “In January we saw CVE-2022-21882, a vulnerability in Win32k that was being actively exploited in the wild, which prompted CISA to issue a directive to all federal agencies to mandate that patches be applied,” Breen said. “February sees more patches for the same style of vulnerability in this same component. It’s not clear from the release notes whether this is a brand new vulnerability or if it is related to the previous month’s update. Either way, we have seen attackers leverage this vulnerability so it’s safer to err on the side of caution and update this one quickly.”<br> Another elevation of privilege flaw <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21989">CVE-2022-21989</a> — in the Windows Kernel — was the only vulnerability fixed this month that was publicly disclosed prior to today.<br> “Despite the lack of critical fixes, it’s worth remembering that attackers love to use elevation of privilege vulnerabilities, of which there are 18 this month,” said Greg Wiseman , product manager at Rapid7 . “Remote code execution vulnerabilities are also important to patch, even if they may not be considered ‘wormable.’ In terms of prioritization, defenders should first focus on patching server systems.”<br> February’s Patch Tuesday is once again brought to you by Print Spooler , the Windows component responsible for handling printing jobs. Four of the bugs quashed in this release relate to our friend Mr. Print Spooler. In July 2021, Microsoft issued an emergency fix for a Print Spooler flaw dubbed “ <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/">PrintNightmare</a> ” that was actively being exploited to remotely compromise Windows PCs. Redmond has been steadily spooling out patches for this service ever since. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/microsoft-patch-tuesday-february-2022-edition/#more-58425">Continue reading →</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220208-201618/ Tue, 08 Feb 2022 20:16:17 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220208-201618/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/02/improving-the-storage-access-api-in-firefox/">Improving the Storage Access API in Firefox →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/02/improving-the-storage-access-api-in-firefox/">Improving the Storage Access API in Firefox</a><br> <hr> Before we roll out State Partitioning for all Firefox users, we intend to make a few privacy and ergonomic improvements to the Storage Access API. In this blog post, we’ll detail a few of the new changes we made.<br> https://www.whatsupup.com/blog/phonic/shopboy/20220208-201030/ Tue, 08 Feb 2022 20:10:30 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220208-201030/ Chaos <a rel="noreferrer" target="_blank" href="https://twitter.com/chaosprime">@chaosprime</a><br> <a rel="noreferrer" target="_blank" href="https://t.co/aaIxqp0qp8"><a href="https://t.co/aaIxqp0qp8">https://t.co/aaIxqp0qp8</a></a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220208-200743/ Tue, 08 Feb 2022 20:07:43 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220208-200743/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/incident-response-tools-stripe/">The importance of names, the surprising benefits of restricting your product, and other lessons from an engineer who built Stripe's "Big Red Button"</a><br> https://www.whatsupup.com/blog/lynch/tiddly/20220208-160645/ Tue, 08 Feb 2022 16:06:45 +0000 https://www.whatsupup.com/blog/lynch/tiddly/20220208-160645/ America’s Frontline Doctors. This viral video has been circulating over the last day or so and I’ve been replying to some on their posts, but I figured since so many … <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2020/07/29/stop-politicizing-medicine/">Continue reading STOP POLITICIZING MEDICINE: Facts vs. Myths of the Frontline Doctors Video</a><br> I am not a religious person. I would consider myself “Agnostic” if I had to put myself in a category. However, for the sake of my narrative, let’s assume that … <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2020/07/15/facebook-sucks/">Continue reading Facebook is a disease.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220208-160607/ Tue, 08 Feb 2022 16:06:06 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220208-160607/ Since my credentials at the IRS will soon no longer work, I opted to create an ID.me account and share the experience here. An important preface to this walk-through is that verifying one’s self with Id.me requires one to be able to take a live, video selfie — either with the camera on a mobile device or a webcam attached to a computer (your webcam must be able to open on the device you’re using to apply for the ID.me account).<br> Update, Feb.7, 2022, 10:21 p.m. ET: The IRS said today it is transitioning away from requiring face biometric data to identify taxpayers. Read more here: <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/irs-to-ditch-biometric-requirement-for-online-access/">IRS To Ditch Biometric Requirement for Online Access</a> .<br> https://www.whatsupup.com/blog/playacted/rededication/20220208-121819/ Tue, 08 Feb 2022 12:18:19 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220208-121819/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2022/02/08/espanol/meta-facebook-perdidas.html">Meta está en problemas: te decimos por qué El valor de mercado de la empresa antes conocida como Facebook descendió en más de 230.000 millones de dólares, el peor revés de su historia sucedido en un solo día. By Mike Isaac</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220208-121125/ Tue, 08 Feb 2022 12:11:25 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220208-121125/ <a rel="noreferrer" target="_blank" href="https://t.co/OSTOnZCMZg"><a href="https://t.co/OSTOnZCMZg">https://t.co/OSTOnZCMZg</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/FFkd4epA9s"><a href="https://t.co/FFkd4epA9s">https://t.co/FFkd4epA9s</a></a><br> <a rel="noreferrer" target="_blank" href="https://t.co/8kPU79jaZb"><a href="https://t.co/8kPU79jaZb">https://t.co/8kPU79jaZb</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/P38UQ7oOhA"><a href="https://t.co/P38UQ7oOhA">https://t.co/P38UQ7oOhA</a></a><br> https://www.whatsupup.com/blog/stratification/pride/20220208-081602/ Tue, 08 Feb 2022 08:16:01 +0000 https://www.whatsupup.com/blog/stratification/pride/20220208-081602/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292749/?p=boingboing&utm_source=boingboing">$93,000 1969 Chevrolet Camaro</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104289806/?p=boingboing&utm_source=boingboing">$3,000 2004 saab 9-3 linear turbo engine 4-1985 2.0L</a><br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291567/?p=boingboing&utm_source=boingboing">$22,700 2017 Airstream International Signature 19</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292216/?p=boingboing&utm_source=boingboing">$6,000 Trek Session 9 X01 2022</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220208-081131/ Tue, 08 Feb 2022 08:11:31 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220208-081131/ <p>Daniel Tenreiro <a rel="noreferrer" target="_blank" href="https://twitter.com/TenreiroDaniel">@TenreiroDaniel</a><br> #TeamEarth <a rel="noreferrer" target="_blank" href="https://t.co/4KEo01VVFt"><a href="https://t.co/4KEo01VVFt">https://t.co/4KEo01VVFt</a></a><br> Neovictorian23 <a rel="noreferrer" target="_blank" href="https://twitter.com/neovictorian23">@neovictorian23</a><br> So many people never get out of their reality tunnel and look at things from a different angle. <a rel="noreferrer" target="_blank" href="https://t.co/kq47EhPMfk"><a href="https://t.co/kq47EhPMfk">https://t.co/kq47EhPMfk</a></a><br> immad <a rel="noreferrer" target="_blank" href="https://twitter.com/immad">@immad</a><br> For a long time I thought these towers were spewing out some sort of industrial “toxic” fumes.</p> <p>Turns out they are cooling towers that use water to cool pipes. What you see is just water vapors.</p> <p>There are 2 million cooling towers in America! <a rel="noreferrer" target="_blank" href="https://t.co/uScVjbaGCD"><a href="https://t.co/uScVjbaGCD">https://t.co/uScVjbaGCD</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/VwcdjRnMIy"><a href="https://t.co/VwcdjRnMIy">https://t.co/VwcdjRnMIy</a></a><br></p> https://www.whatsupup.com/blog/phonic/shopboy/20220208-041139/ Tue, 08 Feb 2022 04:11:39 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220208-041139/ <p>Historical example of Shape Rotator on Wordcel violence.</p> <p>Carnegie tries to take away the wordcels’ power: words.</p> <p>He spent $500k annually funding the Simplified Spelling Board:</p> <p>"An organization designed to make the language more obvious and phonetic."</p> <p>@pmarca @tszzl <a rel="noreferrer" target="_blank" href="https://t.co/hjcXNe9CwM"><a href="https://t.co/hjcXNe9CwM">https://t.co/hjcXNe9CwM</a></a><br> Shaun Maguire (smc.eth) <a rel="noreferrer" target="_blank" href="https://twitter.com/shaunmmaguire">@shaunmmaguire</a><br> words and shapes throughout the ages</p> <p>the timeless saga</p> <p>CC @tszzl @pmarca <a rel="noreferrer" target="_blank" href="https://t.co/c9tGmnRsSB"><a href="https://t.co/c9tGmnRsSB">https://t.co/c9tGmnRsSB</a></a><br> #TeamEarth <a rel="noreferrer" target="_blank" href="https://t.co/HhHeUevoOz"><a href="https://t.co/HhHeUevoOz">https://t.co/HhHeUevoOz</a></a><br></p> https://www.whatsupup.com/blog/playacted/rededication/20220208-001913/ Tue, 08 Feb 2022 00:19:12 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220208-001913/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/07/technology/peter-thiel-facebook.html">Peter Thiel to Exit Meta’s Board to Support Trump-Aligned Candidates The tech billionaire, who has been on the board of the company formerly known as Facebook since 2005, is backing numerous politicians in the midterm elections. By Ryan Mac and Mike Isaac</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20220208-001513/ Tue, 08 Feb 2022 00:15:12 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220208-001513/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html">How a simple Linux kernel memory corruption bug c…</a> (Oct)<br> https://www.whatsupup.com/blog/phonic/shopboy/20220208-001218/ Tue, 08 Feb 2022 00:12:17 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220208-001218/ #TeamEarth <a rel="noreferrer" target="_blank" href="https://t.co/DZhBxnwdVV"><a href="https://t.co/DZhBxnwdVV">https://t.co/DZhBxnwdVV</a></a><br> #TeamEarth <a rel="noreferrer" target="_blank" href="https://t.co/acjVjegEbr"><a href="https://t.co/acjVjegEbr">https://t.co/acjVjegEbr</a></a><br> #TeamEarth <a rel="noreferrer" target="_blank" href="https://t.co/88kdp3VgZ6"><a href="https://t.co/88kdp3VgZ6">https://t.co/88kdp3VgZ6</a></a><br> https://www.whatsupup.com/blog/ideo/fleury/20220208-000656/ Tue, 08 Feb 2022 00:06:55 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220208-000656/ The Internal Revenue Service (IRS) said today it will be transitioning away from requiring biometric data from taxpayers who wish to access their records at the agency’s website. The reversal comes as privacy experts and lawmakers have been pushing the IRS and other federal agencies to find less intrusive methods for validating one’s identity with the U.S. government online.<br> Late last year, the login page for the IRS was updated with text advising that by the summer of 2022, the only way for taxpayers to access their records at irs.gov will be through ID.me , an online identity verification service that collects biometric data — such as live facial scans using a mobile device or webcam.<br> The IRS first announced its partnership with ID.me in November, but the press release received virtually no attention. On Jan. 19, KrebsOnSecurity published the story <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/irs-will-soon-require-selfies-for-online-access/">IRS Will Soon Require Selfies for Online Access</a> , detailing a rocky experience signing up for IRS access via ID.me. That story immediately went viral, bringing this site an almost unprecedented amount of traffic. A tweet about it quickly garnered more than two million impressions.<br> It was clear most readers had no idea these new and more invasive requirements were being put in place at the IRS and other federal agencies (the Social Security Administration also is steering new signups to ID.me).<br> ID.me says it has approximately 64 million users, with 145,000 new users signing up each day. Still, the bulk of those users are people who have been forced to sign up with ID.me as a condition of receiving state or federal financial assistance, such as unemployment insurance, child tax credit payments, and pandemic assistance funds.<br> In the face of COVID, dozens of states collectively lost tens of billions of dollars at the hands of identity thieves impersonating out-of-work Americans seeking unemployment insurance. Some 30 states and 10 federal agencies now use ID.me to screen for ID thieves applying for benefits in someone else’s name.<br> But ID.me has been problematic for many legitimate applicants who saw benefits denied or delayed because they couldn’t complete ID.me’s verification process.  Critics charged the IRS’s plan would unfairly disadvantage people with disabilities or limited access to technology or Internet, and that facial recognition systems tend to be less accurate for people with darker skin.<br> Many readers were aghast that the IRS would ask people to hand over their biometric and personal data to a private company that begin in 2010 as a way to help veterans, teachers and other public servants qualify for retail discounts. These readers had reasonable questions: Who has (or will have) access to this data? Why should it be stored indefinitely (post-verification)? What happens if ID.me gets breached?<br> The Washington Post <a rel="noreferrer" target="_blank" href="https://www.washingtonpost.com/technology/2022/02/07/irs-gsa-id-facial-recogntion/?utm_campaign=wp_the_technology_202&utm_medium=email&utm_source=newsletter&wpisrc=nl_technology202">reported</a> today that in a meeting with lawmakers, IRS officials said they were considering another identity verification option that wouldn’t use facial recognition. At the same time, Senate Finance Committee Chairman Ron Wyden (D-Ore.) challenged the Treasury Department and IRS to reconsider the biometric requirements.<br> In a statement published today, the IRS said it was transitioning away from using a third-party service for facial recognition to help authenticate people creating new online accounts.<br> “The transition will occur over the coming weeks in order to prevent larger disruptions to taxpayers during filing season,” the IRS said. “During the transition, the IRS will quickly develop and bring online an additional authentication process that does not involve facial recognition. The IRS will also continue to work with its cross-government partners to develop authentication methods that protect taxpayer data and ensure broad access to online tools.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/irs-to-ditch-biometric-requirement-for-online-access/#more-58407">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/irs-to-ditch-biometric-requirement-for-online-access/">IRS To Ditch Biometric Requirement for Online Access</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220207-201726/ Mon, 07 Feb 2022 20:17:25 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220207-201726/ February 7, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/02/07/Free-software-licenses-MIT.html">Free software licenses explained: MIT</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220207-201131/ Mon, 07 Feb 2022 20:11:31 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220207-201131/ Verdant Rivers <a rel="noreferrer" target="_blank" href="https://twitter.com/St_Rev">@St_Rev</a><br> Now if we can just get angry trust fund Harvard graduates in Brooklyn to write ridiculous web screeds about the awful threat of angry trust fund Harvard graduates in Brooklyn <a rel="noreferrer" target="_blank" href="https://t.co/C53bGkLasW"><a href="https://t.co/C53bGkLasW">https://t.co/C53bGkLasW</a></a><br> wordcel is now more popular than incel. rather than contribute to incel ideology i have defeated it <a rel="noreferrer" target="_blank" href="https://t.co/F4MLIZxE9i"><a href="https://t.co/F4MLIZxE9i">https://t.co/F4MLIZxE9i</a></a><br> "An auto-da-fé was the ritual of public penance carried out of condemned heretics and apostates imposed by the Spanish, Portuguese, or Mexican Inquisition as punishment and enforced by civil authorities. Its most extreme form was death by burning."<br> https://www.whatsupup.com/blog/alamode/heartsore/20220207-201105/ Mon, 07 Feb 2022 20:11:05 +0000 https://www.whatsupup.com/blog/alamode/heartsore/20220207-201105/ <a rel="noreferrer" target="_blank" href="https://signal.org/blog/change-number/">You Can Change Your Number</a><br></p> <hr> Millions of people worldwide rely on Signal every day for secure and private communication. Some of these people change their phone number, but want to continue using Signal without registering for a new account. We now provide the ability to change the phone number on your Signal account, while retaining all of your chats, profile information, and groups.<br> https://www.whatsupup.com/blog/phonic/shopboy/20220207-041256/ Mon, 07 Feb 2022 04:12:55 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220207-041256/ "Human sacrifice is the act of killing one or more humans as part of a ritual, which is usually intended to please or appease gods, a human ruler, an authoritative/priestly figure or spirits of dead ancestors."<br> "A witch hunt is a search for people who have been labeled witches or a search for evidence of witchcraft."<br> https://www.whatsupup.com/blog/phonic/shopboy/20220206-121214/ Sun, 06 Feb 2022 12:12:13 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220206-121214/ <p>captain nemo ( , ) <a rel="noreferrer" target="_blank" href="https://twitter.com/TheCaptain_Nemo">@TheCaptain_Nemo</a><br> shape rotating at wordceling in UC Berkeley: the woods: <a rel="noreferrer" target="_blank" href="https://t.co/rsasntaJNs"><a href="https://t.co/rsasntaJNs">https://t.co/rsasntaJNs</a></a><br> Helen Dale (not on your team, but always fair) <a rel="noreferrer" target="_blank" href="https://twitter.com/_HelenDale">@_HelenDale</a><br> Fact-checkers, represent. <a rel="noreferrer" target="_blank" href="https://t.co/MhgaFnslhF"><a href="https://t.co/MhgaFnslhF">https://t.co/MhgaFnslhF</a></a><br> shakoist <a rel="noreferrer" target="_blank" href="https://twitter.com/cauchyfriend">@cauchyfriend</a><br> I've been deeply concerned observing so many of you categorize verbal rotators as wordcels. Or worse, claim that a high SAT math/verbal is isomorphic to rotator/wordcel. My friends, this is <em>wrong</em>.</p> <p>I've attempted to clear it up for you: <a rel="noreferrer" target="_blank" href="https://t.co/MI9IiW9txd"><a href="https://t.co/MI9IiW9txd">https://t.co/MI9IiW9txd</a></a><br></p> https://www.whatsupup.com/blog/phonic/shopboy/20220206-081150/ Sun, 06 Feb 2022 08:11:49 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220206-081150/ <ol start="18"> <li>Many are inclined to dismiss this whole shape rotator and wordcel thing because it came from 4chan, and "everyone knows" 4chan is icky and hateful or whatever.</li> </ol> <p>But I take it seriously. It's a new internet-native culture trying to understand the human world on its own terms.<br> https://www.whatsupup.com/blog/phonic/shopboy/20220206-041235/ Sun, 06 Feb 2022 04:12:34 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220206-041235/ "Ostracism (Greek: ὀστρακισμός, ostrakismos) was an Athenian democratic procedure in which any citizen could be expelled from the city-state of Athens for ten years. While some instances clearly expressed popular anger at the citizen, ostracism was often used preemptively."<br> "'Year Zero' is an idea put into practice by Pol Pot in Cambodia, that all culture and traditions within a society must be completely destroyed or discarded, and a new revolutionary culture must replace it, starting from scratch."<br> anat◎ly <a rel="noreferrer" target="_blank" href="https://twitter.com/aeyakovenko">@aeyakovenko</a><br> halp, trying to rotate shape <a rel="noreferrer" target="_blank" href="https://t.co/LBqteS4v1J"><a href="https://t.co/LBqteS4v1J">https://t.co/LBqteS4v1J</a></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220206-001156/ Sun, 06 Feb 2022 00:11:56 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220206-001156/ <p>Rudy Havenstein, Vampire Slayer. <a rel="noreferrer" target="_blank" href="https://twitter.com/RudyHavenstein">@RudyHavenstein</a><br> I know a kid who does this while holding his breath, but this is next-level.</p> <p>You could hold a gun to my head and give me 14 days and I wouldn't be able to solve this.</p> <p>People's brains are wired differently. <a rel="noreferrer" target="_blank" href="https://t.co/X3R3B7GhKL"><a href="https://t.co/X3R3B7GhKL">https://t.co/X3R3B7GhKL</a></a><br> John Dulin <a rel="noreferrer" target="_blank" href="https://twitter.com/JohnDDulin">@JohnDDulin</a><br> "Experts say" as the chant of a wordcel shaperotator cargo cult. <a rel="noreferrer" target="_blank" href="https://t.co/eAUVtjf7Qp"><a href="https://t.co/eAUVtjf7Qp">https://t.co/eAUVtjf7Qp</a></a><br> narendra | narpublic.eth <a rel="noreferrer" target="_blank" href="https://twitter.com/narendra">@narendra</a><br> @pmarca Should we be worried that wordcel is end stage affluenza?<br></p> https://www.whatsupup.com/blog/phonic/shopboy/20220205-201103/ Sat, 05 Feb 2022 20:11:02 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220205-201103/ <p>vitalik.eth <a rel="noreferrer" target="_blank" href="https://twitter.com/VitalikButerin">@VitalikButerin</a><br></p> <ol> <li>Thinking about this tweet lately. Here we have someone with a "tech people vs word people" dichotomy, but unlike @balajis and all the others who do this, crypto ends up on the side of… the word people.</li> </ol> <p>This is not my image of what crypto is! So what's going on? <a rel="noreferrer" target="_blank" href="https://t.co/g8y9mQruNi"><a href="https://t.co/g8y9mQruNi">https://t.co/g8y9mQruNi</a></a><br></p> https://www.whatsupup.com/blog/uprousing/bayed/20220205-200841/ Sat, 05 Feb 2022 20:08:41 +0000 https://www.whatsupup.com/blog/uprousing/bayed/20220205-200841/ <p><a rel="noreferrer" target="_blank" href="https://ciechanow.ski/gps/">GPS</a><br></p> <hr> Global Positioning System is, without a doubt, one of the most useful inventions of the late 20 th century. It made it significantly easier for ships, airplanes, cars, and hikers to figure out where they are with high degree of accuracy.<br> One of the most exciting aspects of this system are the satellites surrounding Earth. Here’s a current constellation of active satellites, you can drag the view around to see it from different angles:<br> However, the satellites are just a part of what makes GPS possible. While I’ll discuss their motion in depth, over the course of this blog post I’ll also explain how the satellites help a GPS receiver determine where it is, and I’ll dive into the clever methods the system uses to make sure the signals sent all the way from space are reliably decoded on Earth.<br> We’ll start by creating a positioning system that can tell us where we are. Our initial approach will be quite simple, but we’ll step-by-step improve upon it to build an understanding of the positioning method used by GPS.<br> Simple Positioning<br> Here’s a small chunk of a world we’ll be playing with. The little yellow figurine represents our position in that world – you can grab and move it around. You can also drag the landscape itself to change the viewing angle. The view on the right represents a map of that landscape – we’ll try to evaluate where exactly the figurine is on this map:<br> This situation may seem a bit daunting, but notice that the landscape we’re in has three little landmarks on the ground that are easy to reference on the map. Just by using these three reference points we can attempt to relate the figurine’s position in the environment to an approximate placement on the map.<br> Intuitively, if we’re standing right on top of one of the colored landmarks, then we can tell exactly where we are on the map. If we take a single step away from a landmark, then our accuracy will degrade a little, but we’re still reasonably sure of our position. However, as we keep going further away the uncertainty in our estimate increases.<br> We can draw that estimation of our position on the map using a yellow area . Its size symbolizes uncertainty – the more of a guesswork we’re doing the bigger the circle. We also know where, more or less, to place that yellow area based on our position relative to the landmarks. For instance, if we’re between the green landmark and the blue landmark then we’ll be somewhere between those two dots on the map as well:<br> The further away from a landmark we are, the larger the uncertainty, but the distance to a landmark itself also carries some information. If we attach a rope to a landmark and walk away holding the other end, it will at some point prevent us from going further. Moreover, if we keep the rope taut it will limit our motion to a circular path around that landmark :<br> Since the rope has a fixed length, every point on that circle is at the same distance to the landmark . Instead of using a rope we can attach a measuring tape to a landmark and track the measured distance as we roam around. A measured distance lets us draw an appropriately sized circle on the map, based on the map’s scale. We know that we have to be somewhere on that circle, because all the points on that circle are equally distant to the landmark :<br> If we also keep track of the distance to the second landmark we know that our position is somewhere on the intersection of those two circles because the intersections are the only places that have the expected distances to both locations:<br> With two distance measurements there are only two possible positions on the map where we could be located. Measuring distance to the third landmark narrows down that location to just a single choice:<br> Notice that this third measurement is often redundant. We usually just “know” which of the two positions on the map makes sense given our position on the ground relative to the landmarks we see. In the demonstration below we’re measuring distances to just two landmarks, unless we’re almost inline with them, it’s usually fairly clear which answer is the right one:<br> The process of calculating a location of a point using measurement of distances is called trilateration – that procedure lies at the heart of a GPS receiver. However, being tied to two or three measuring tapes is certainly not how any GPS device functions, so let’s keep on making our primitive positioning system better.<br> Time of Flight<br> The only purpose of the measuring tapes was to measure distances, but there are other ways to figure out how far away something is. For example, when we drive a car at a more or less constant speed of 60 mph we can easily calculate that after 15 minutes we’ve traveled a distance of around 15 mi . As a side note, I’m using imperial units here, but you can <a rel="noreferrer" target="_blank" href="https://ciechanow.ski">switch</a> to the metric system if you prefer.<br> Instead of driving from point to point we can fly a little drone around. In the simulation below you can control the progress of time with the slider. The clock marks the time between the drone starting and ending its journey with a blue arc :<br> In the bottom part of the demonstration I put a timeline that also tracks the duration of flight using a bit more compact representation – you can think of it as a clock unwrapped from an arc shape to a straight line. Notice that the length of the blue bar is directly tied to the duration of the flight, which in turn is directly tied to the traveled distance. When you <a rel="noreferrer" target="_blank" href="https://ciechanow.ski">change position</a> , the duration of flight needed to reach the goal changes as well.<br> The constant velocity of a drone allows us to use time as a measure of distance, because that distance s is proportional to the time of flight t with drone’s velocity v acting as a scaling factor:<br> s = v × t<br> Let’s see how we can employ two drones to replicate the measurements we did with two tapes. In the demonstration below we’re sending two drones at the same time, the slider once again controls the time :<br> As the drones arrive to their destinations we get the direct measure of distance to each landmark as shown by the length of their bars on the timeline. This allows us to draw the circles of range on the map which in turn pinpoints our position.<br> This method is less restrictive than the measuring tapes we’ve used, but having to fly drones to the landmarks to measure distances is still a bit ridiculous. However, the idea of using time of flight is very promising, we just need to come up with a faster and more convenient messenger.<br> Thankfully, we don’t have to look too far. We can use the very same substance that allows drones to fly – the air itself. Instead of rapidly moving it around to generate lift for the little machines, we’ll just make noises and let the air propagate sounds through itself.<br> Do you hear me?<br> While at close ranges the sound seems to propagate almost instantaneously, at longer distances we can certainly witness the limits of the speed of sound – you’ve probably experienced the delay between seeing a lightning bolt and hearing its thunder. There is even a convenient rule of thumb that states that the strike was another 1 mile away for every 5 seconds of delay.<br> We can use sound to measure distances with a very simple setup. We’ll put a microphone and a light bulb at each landmark – when a microphone detects a loud sound the light bulb will turn on. To measure the distance to a landmark we’ll make a noise – I’m visualizing the propagation of that noise with a dark ring . As time passes the sound wave travels further and we can mark how long it took for the lightbulb to turn on:<br> For now we can safely ignore the delay caused by the speed of light – at our limited scale it won’t affect the measurement too much. If we mount microphones and lightbulbs at the other landmarks we can get a reliable system to measure distances, which lets us draw the circles on the map and mark our location:<br> This solution actually works well, but it has a fatal flaw. As soon as someone else tries to estimate their position we may have a hard time recognizing if the flash happened because of our or someone else’s sound. Let’s see what happens when a red figurine also tries to estimate its position:<br> Notice that we have no idea if we should stop the clock on the first or the second flash of a landmark, but regardless of the approach our measurements may be completely wrong. Even when we use the robust method of intersecting three circles we very often fail to converge to a single location. The more users trying to estimate their positions the more error prone everyone’s range estimation would be, especially since they all can start making their noises at different times.<br> The problem with this approach is that we’ve created an active system in which the landmarks have to actively respond to users’ requests to provide the needed information. As the number of users increases, the complexity of the system grows significantly. Even if we came up with some clever way for the landmarks to distinguish the incoming signals and emit different responses, we’re guaranteed to find some number of users that would overwhelm the infrastructure.<br> Fortunately, we can solve this problem by flipping it on its head. Instead of the users sending audio signals to the landmarks, we’ll have the landmarks emit the sounds and have the users listen to those sounds.<br> Do I hear you?<br> Let’s rejig the landmarks to have a speaker that will emit a sound at every minute on the minute , that is when the second hand on the clock shows 0 seconds. When we hear the signal we can then check our clock to see how much time has elapsed and thus measure the distance:<br> It may seem that this solution works well, but it requires a bit more attention. Notice that we’re actually dealing with two different clocks here, one in our hand, and another one, located in the landmark itself, that drives the sound emission. Those two clocks may not be perfectly synchronized with each other.<br> In the demonstration below you can see the current time as tracked by the … https://www.whatsupup.com/blog/novice/millrace/20220205-161433/ Sat, 05 Feb 2022 16:14:32 +0000 https://www.whatsupup.com/blog/novice/millrace/20220205-161433/ <a rel="noreferrer" target="_blank" href="https://mooseyanon.medium.com/github-f-ck-your-name-change-de599033bbbe?source=user_profile---------0-------------------------------">GitHub, f*ck your name change. Last summer an(other) unarmed black man was killed by police in Minneapolis, Minnesota. The subsequent 8 minute and 46 second video clip swept across social media and raised widespread condemnation. Hours of discourse and weeks of protests followed. …</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220205-121135/ Sat, 05 Feb 2022 12:11:34 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220205-121135/ <p>Kevin Munger <a rel="noreferrer" target="_blank" href="https://twitter.com/kmmunger">@kmmunger</a><br> Since you're going to learn the term "wordcel" online sooner or later, I'd rather you did it here.</p> <p>A characteristically sunny take on modern communication technology for your Friday <a rel="noreferrer" target="_blank" href="https://t.co/SGzbrpdrWU"><a href="https://t.co/SGzbrpdrWU">https://t.co/SGzbrpdrWU</a></a><br> Bertrand Russell on death: <a rel="noreferrer" target="_blank" href="https://t.co/zuRxii9OiL"><a href="https://t.co/zuRxii9OiL">https://t.co/zuRxii9OiL</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/69KJZeVyMO"><a href="https://t.co/69KJZeVyMO">https://t.co/69KJZeVyMO</a></a><br> garrytan.eth 陈嘉兴 (∞, ∞) <a rel="noreferrer" target="_blank" href="https://twitter.com/garrytan">@garrytan</a><br> Humans see too little of the world and are so limited and by the time we figure anything out we die</p> <p>Memes and genes are the only thing left behind<br></p> https://www.whatsupup.com/blog/phonic/shopboy/20220205-081148/ Sat, 05 Feb 2022 08:11:48 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220205-081148/ <p>Matteo™ <a rel="noreferrer" target="_blank" href="https://twitter.com/bertchintus">@bertchintus</a><br> <a rel="noreferrer" target="_blank" href="https://t.co/LvNeN07MAK"><a href="https://t.co/LvNeN07MAK">https://t.co/LvNeN07MAK</a></a><br></p> <hr> ᐱ ᑎ ᑐ ᒋ ᕮ ᒍ <a rel="noreferrer" target="_blank" href="https://twitter.com/Andr3jH">@Andr3jH</a><br> If pmarca hadn't skyrocketed the wordcel meme, the silicon valley Irish mafia would be still the hottest meme around. Connect the dots.<br> https://www.whatsupup.com/blog/phonic/shopboy/20220205-041121/ Sat, 05 Feb 2022 04:11:21 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220205-041121/ <p>raccovelt.sol <a rel="noreferrer" target="_blank" href="https://twitter.com/TeddyRaccovelt">@TeddyRaccovelt</a><br> a response to @pmarca and @tszzl</p> <p>on the behalf of wordcels everywhere <a rel="noreferrer" target="_blank" href="https://t.co/7Z8RyVtJo6"><a href="https://t.co/7Z8RyVtJo6">https://t.co/7Z8RyVtJo6</a></a><br> Weekend listening: @michaelmalice podcasts with @lexfridman –> <a rel="noreferrer" target="_blank" href="https://t.co/DY2pYv8EdP"><a href="https://t.co/DY2pYv8EdP">https://t.co/DY2pYv8EdP</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/YVNvMKTguy"><a href="https://t.co/YVNvMKTguy">https://t.co/YVNvMKTguy</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/tvWpDzX7d9"><a href="https://t.co/tvWpDzX7d9">https://t.co/tvWpDzX7d9</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/EY3tKvPnNQ"><a href="https://t.co/EY3tKvPnNQ">https://t.co/EY3tKvPnNQ</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/k20w1w9bOi"><a href="https://t.co/k20w1w9bOi">https://t.co/k20w1w9bOi</a></a><br> <a rel="noreferrer" target="_blank" href="https://t.co/dU0tUAI7Q9"><a href="https://t.co/dU0tUAI7Q9">https://t.co/dU0tUAI7Q9</a></a><br></p> https://www.whatsupup.com/blog/phonic/shopboy/20220204-121242/ Fri, 04 Feb 2022 12:12:41 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220204-121242/ CEOs of big tech companies: You almost certainly have shape rotators as employees. What are you going to do about it? <a rel="noreferrer" target="_blank" href="https://t.co/Y4shLGbVY8"><a href="https://t.co/Y4shLGbVY8">https://t.co/Y4shLGbVY8</a></a><br> Phil Filippak <a rel="noreferrer" target="_blank" href="https://twitter.com/blisstweeting">@blisstweeting</a><br> Every wordcel should do a bit of shape rotating and every shape rotator should do a bit of wordceling.<br> https://www.whatsupup.com/blog/phonic/shopboy/20220204-082003/ Fri, 04 Feb 2022 08:20:03 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220204-082003/ <p>ReLuxe <a rel="noreferrer" target="_blank" href="https://twitter.com/Mo_Porkburger">@Mo_Porkburger</a><br> @eigenrobot You may think the earth's biosphere is huge and complicated, but it's the gods' smallest and simplest way to make memes.<br> eigenrobot <a rel="noreferrer" target="_blank" href="https://twitter.com/eigenrobot">@eigenrobot</a><br> in any case i think the correct way to view humans is as symbiotes of biological and non-biological life</p> <p>a biological agglomeration hosting an egregome, working cooperatively or in opposition at varying turns</p> <p>related <a rel="noreferrer" target="_blank" href="https://t.co/Ps7IjOGgGw"><a href="https://t.co/Ps7IjOGgGw">https://t.co/Ps7IjOGgGw</a></a><br> Quick, draw a 4D hypercube.<br></p> https://www.whatsupup.com/blog/overgrazing/propellent/20220204-041550/ Fri, 04 Feb 2022 04:15:49 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220204-041550/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/for-facebook-its-metaverse-or-bust">For Facebook, It’s Metaverse Or Bust</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/for-facebook-its-metaverse-or-bust">Wednesday’s earnings results make the future the present</a><br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/tech-can-help-solve-our-mental-health">Tech Can Help Solve Our Mental Health Crisis. But We Can’t Forget The Human Element.</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/tech-can-help-solve-our-mental-health">Tom Insel was the director of the National Institute of Mental Health from 2002-2015 and led the mental health team at Alphabet's Verily. Tech alone…</a><br> Jan 28 <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/tech-can-help-solve-our-mental-health/comments">Comment</a> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220204-041117/ Fri, 04 Feb 2022 04:11:16 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220204-041117/ Wordcel overload. <a rel="noreferrer" target="_blank" href="https://t.co/0fn7i71M3z"><a href="https://t.co/0fn7i71M3z">https://t.co/0fn7i71M3z</a></a><br> https://www.whatsupup.com/blog/playacted/rededication/20220204-001831/ Fri, 04 Feb 2022 00:18:31 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220204-001831/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/03/technology/facebook-meta-challenges.html">6 Reasons Meta Is in Trouble The company formerly known as Facebook has hit major turbulence as it suffered its biggest one-day wipeout ever. By Mike Isaac</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220204-001139/ Fri, 04 Feb 2022 00:11:39 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220204-001139/ <p>Wordcel epiphany! <a rel="noreferrer" target="_blank" href="https://t.co/A9Es4W1UpB"><a href="https://t.co/A9Es4W1UpB">https://t.co/A9Es4W1UpB</a></a><br> Nathan Taylor <a rel="noreferrer" target="_blank" href="https://twitter.com/ntaylor963">@ntaylor963</a><br> TIL who originated the the wordcel v shape rotator meme. It's @tszzl, though obviously @pmarca's given a huge boost in popularizing it.</p> <p>Here's his post. <a rel="noreferrer" target="_blank" href="https://t.co/F19oAULah4"><a href="https://t.co/F19oAULah4">https://t.co/F19oAULah4</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/9YsLaThL5h"><a href="https://t.co/9YsLaThL5h">https://t.co/9YsLaThL5h</a></a><br> Shape rotation. <a rel="noreferrer" target="_blank" href="https://t.co/iyUGlSVave"><a href="https://t.co/iyUGlSVave">https://t.co/iyUGlSVave</a></a><br></p> https://www.whatsupup.com/blog/ideo/fleury/20220204-000558/ Fri, 04 Feb 2022 00:05:58 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220204-000558/ If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other ne’er-do-wells are hoping you will, because they’ve long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands (but chiefly Linkedin’s parent firm Microsoft ).<br> At issue is a “redirect” feature available to businesses that chose to market through LinkedIn.com. The LinkedIn redirect links allow customers to track the performance of ad campaigns, while promoting off-site resources. These links or “ Slinks ” all have a standard format: “https://www.linkedin.com/slink?code=” followed by a short alphanumeric variable.<br> Here’s the very first Slink created: <a href="http://www.linkedin.com/slink?code=1,">http://www.linkedin.com/slink?code=1,</a> which redirects to the homepage for LinkedIn Marketing Solutions .<br> The trouble is, there’s little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using Slinks. Urlscan.io , a free service that provides detailed reports on any scanned URLs, also offers a historical look at suspicious links submitted by other users. <a rel="noreferrer" target="_blank" href="https://urlscan.io/search/#task.domain%3Alinkedin.com%20AND%20task.url%3Aslink%20AND%20NOT%20page.domain%3Alinkedin.com">This search via Urlscan</a> reveals dozens of recent phishing attacks that have leveraged the Slinks feature.<br> Here’s <a rel="noreferrer" target="_blank" href="https://urlscan.io/result/74a84028-d554-43c1-a9ea-1618586c64f2/">one example from Jan. 31</a> that uses Linkedin.com links to redirect anyone who clicks to a site that spoofs Adobe , and then prompts users to log in to their Microsoft email account to view a shared document.<br> A recent phishing site that abused LinkedIn’s marketing redirect. Image: Urlscan.io.<br> Urlscan also found <a rel="noreferrer" target="_blank" href="https://urlscan.io/result/4b08c28c-b313-4d79-a6b0-f3ab301136dc/">this phishing scam from Jan. 12</a> that uses Slinks to spoof the U.S. Internal Revenue Service . <a rel="noreferrer" target="_blank" href="https://urlscan.io/result/00abef42-70a6-4e89-aa29-2ec951a8752f/#behaviour">Here’s a Feb. 3 example</a> that leads to a phish targeting Amazon customers. <a rel="noreferrer" target="_blank" href="https://urlscan.io/result/5bd64123-b19e-4f72-8cc9-0fc7b38c841e/">This Nov. 26 sample from Urlscan</a> shows a LinkedIn link redirecting to a Paypal phishing page. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/how-phishers-are-slinking-their-links-into-linkedin/#more-58383">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/02/how-phishers-are-slinking-their-links-into-linkedin/">How Phishers Are Slinking Their Links Into LinkedIn</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220203-202005/ Thu, 03 Feb 2022 20:20:04 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220203-202005/ <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/02/retrospective-and-technical-details-on-the-recent-firefox-outage/">Retrospective and Technical Details on the recent Firefox Outage →</a><br> https://www.whatsupup.com/blog/stratification/pride/20220203-201901/ Thu, 03 Feb 2022 20:19:01 +0000 https://www.whatsupup.com/blog/stratification/pride/20220203-201901/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291898/?p=boingboing&utm_source=boingboing">$700 Gibson 1949 TB150 5 string conversion</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104290088/?p=boingboing&utm_source=boingboing">$8,500 Handmade art painting 2pac</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220203-201419/ Thu, 03 Feb 2022 20:14:19 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220203-201419/ <p>Patrick Collison <a rel="noreferrer" target="_blank" href="https://twitter.com/patrickc">@patrickc</a><br> Certainly thought-provoking. Blowtorching a steel chain to open world's longest suspension bridge after 4 years of construction vs finger scissors on toilet paper to reopen bathrooms that were closed 20 years ago.</p> <p>"Abundance agenda" from @DKThomp, @ezraklein is very important. <a rel="noreferrer" target="_blank" href="https://t.co/SHDhgr0MBF"><a href="https://t.co/SHDhgr0MBF">https://t.co/SHDhgr0MBF</a></a><br> Crazy talk. <a rel="noreferrer" target="_blank" href="https://t.co/XYoEXoVfNm"><a href="https://t.co/XYoEXoVfNm">https://t.co/XYoEXoVfNm</a></a><br> Tonight's topic: <a rel="noreferrer" target="_blank" href="https://t.co/UAxP0F9xp9"><a href="https://t.co/UAxP0F9xp9">https://t.co/UAxP0F9xp9</a></a><br></p> https://www.whatsupup.com/blog/lynch/tiddly/20220203-200635/ Thu, 03 Feb 2022 20:06:34 +0000 https://www.whatsupup.com/blog/lynch/tiddly/20220203-200635/ I’ve decided that in light of the current atrocities happening across Afghanistan, I need to write this informal blog to get some things off my chest about the American Experience … <a href=" <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2021/08/18/guest-writer-my-thoughts-on-afghanistan-as-a-member-of-the-us-military/&quot"><a href="https://ryanandrewlangdon.wordpress.com/2021/08/18/guest-writer-my-thoughts-on-afghanistan-as-a-member-of-the-us-military/&quot">https://ryanandrewlangdon.wordpress.com/2021/08/18/guest-writer-my-thoughts-on-afghanistan-as-a-member-of-the-us-military/&quot</a></a> ; class="more-link">Continue reading <span class="screen-reader-text">[Guest Writer] My Thoughts On Afghanistan As A Member Of The US Military</span></a><br> America’s Frontline Doctors. This viral video has been circulating over the last day or so and I’ve been replying to some on their posts, but I figured since so many … <a href=" <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2020/07/29/stop-politicizing-medicine/&quot"><a href="https://ryanandrewlangdon.wordpress.com/2020/07/29/stop-politicizing-medicine/&quot">https://ryanandrewlangdon.wordpress.com/2020/07/29/stop-politicizing-medicine/&quot</a></a> ; class="more-link">Continue reading <span class="screen-reader-text">STOP POLITICIZING MEDICINE: Facts vs. Myths of the Frontline Doctors Video</span></a><br> I am not a religious person. I would consider myself “Agnostic” if I had to put myself in a category. However, for the sake of my narrative, let’s assume that … <a href=" <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2020/07/15/facebook-sucks/&quot"><a href="https://ryanandrewlangdon.wordpress.com/2020/07/15/facebook-sucks/&quot">https://ryanandrewlangdon.wordpress.com/2020/07/15/facebook-sucks/&quot</a></a> ; class="more-link">Continue reading <span class="screen-reader-text">Facebook is a disease.</span></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220203-121205/ Thu, 03 Feb 2022 12:12:05 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220203-121205/ Therefore the wordchad. <a rel="noreferrer" target="_blank" href="https://t.co/UiJyl4pvEa"><a href="https://t.co/UiJyl4pvEa">https://t.co/UiJyl4pvEa</a></a><br> roon <a rel="noreferrer" target="_blank" href="https://twitter.com/tszzl">@tszzl</a><br> @pmarca <a rel="noreferrer" target="_blank" href="https://t.co/G1sAhMTIg4"><a href="https://t.co/G1sAhMTIg4">https://t.co/G1sAhMTIg4</a></a><br> <a rel="noreferrer" target="_blank" href="https://t.co/miJBvQwRdB"><a href="https://t.co/miJBvQwRdB">https://t.co/miJBvQwRdB</a></a> To be continued…<br> https://www.whatsupup.com/blog/phonic/shopboy/20220203-081205/ Thu, 03 Feb 2022 08:12:05 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220203-081205/ James Clark ¯_(ツ)_/¯ <a rel="noreferrer" target="_blank" href="https://twitter.com/mr_james_c">@mr_james_c</a><br> Wordcels: I've got no head for shape rotation Society: That's ok, modern society was build for Wordceling Shape Rotators: But I <em>built</em> modern society <a rel="noreferrer" target="_blank" href="https://t.co/cri2Inozic"><a href="https://t.co/cri2Inozic">https://t.co/cri2Inozic</a></a><br> Bret Weinstein <a rel="noreferrer" target="_blank" href="https://twitter.com/BretWeinstein">@BretWeinstein</a><br> @pmarca There is truth here, but much is missing. What makes humans special is in the cognitive layer: consciousness (meme generation) and culture (meme transmission. But until the present, most memetic transmission was vertical. Modernity is dominated by horizontal—and noise dominates<br> the post man <a rel="noreferrer" target="_blank" href="https://twitter.com/deepfates">@deepfates</a><br> unified meme theory states that the "meme", defined as the transmissible unit of human thought, and defined has a picture with some words on it that gets copied on the internet, are not different. <a rel="noreferrer" target="_blank" href="https://t.co/tkLy9gSydI"><a href="https://t.co/tkLy9gSydI">https://t.co/tkLy9gSydI</a></a><br> https://www.whatsupup.com/blog/gonadal/revving/20220203-041816/ Thu, 03 Feb 2022 04:18:16 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220203-041816/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2014/05/08/avoiding-the-axiom-of-choice-part-i/">Avoiding the axiom of choice, part I</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220203-041810/ Thu, 03 Feb 2022 04:18:10 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220203-041810/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/02/02/technology/meta-facebook-earnings-metaverse.html">Meta spent $10 billion on the metaverse in 2021, dragging down profit. Quarterly profits decreased 8 percent, to $10.3 billion, from a year earlier. Shares of Meta’s stock plunged about 22 percent in after-hours trading. By Mike Isaac</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2022/02/02/espanol/facebook-meta.html">‘Este es el futuro de la ciencia ficción’: la transformación de Facebook en Meta El cambio de una empresa de redes sociales de 68.000 personas hacia el metaverso teórico ha causado grandes cambios internos e incertidumbre. By Sheera Frenkel, Mike Isaac and Ryan Mac</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220203-041742/ Thu, 03 Feb 2022 04:17:41 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220203-041742/ <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/02/retrospective-and-technical-details-on-the-recent-firefox-outage/">Retrospective and Technical Details on the recent Firefox Outage</a><br></p> <hr> On January 13th 2022, Firefox became unusable for close to two hours for users worldwide. This incident interrupted many people’s workflow. This post highlights the complex series of events and circumstances that, together, triggered a bug deep in the networking code of Firefox.<br> https://www.whatsupup.com/blog/boxed/modification/20220203-041408/ Thu, 03 Feb 2022 04:14:08 +0000 https://www.whatsupup.com/blog/boxed/modification/20220203-041408/ <p><a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#c++-learner-track">c++-learner-track</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#holy-wars">holy-wars</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#memes">memes</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#slack">slack</a><br> Two convergent observations from my corner of the C++ world:<br></p> <ol> <li>Multiple book authors pushing the idea that Scott Meyers’ original phrase “universal reference” (for<br> T&&<br> ) is actually preferable to the now-Standard term “forwarding reference.”<br></li> <li>Multiple C++ learners (or perhaps intermediate-level C++ programmers having a senior moment) asking whether there’s an easy way to pass an rvalue expression to a function expecting a const lvalue reference.<br></li> </ol> https://www.whatsupup.com/blog/phonic/shopboy/20220203-041141/ Thu, 03 Feb 2022 04:11:41 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220203-041141/ But they've always been wordcels. <a rel="noreferrer" target="_blank" href="https://t.co/YGQxN09hzP"><a href="https://t.co/YGQxN09hzP">https://t.co/YGQxN09hzP</a></a><br> Colorized photo of shape rotator circa 1775. <a rel="noreferrer" target="_blank" href="https://t.co/GNhQyIHxjz"><a href="https://t.co/GNhQyIHxjz">https://t.co/GNhQyIHxjz</a></a><br> Appeal to Authoritycel Fallacy <a rel="noreferrer" target="_blank" href="https://t.co/bVXHBOOT4b"><a href="https://t.co/bVXHBOOT4b">https://t.co/bVXHBOOT4b</a></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220202-001317/ Wed, 02 Feb 2022 00:13:17 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220202-001317/ Ryan Delk <a rel="noreferrer" target="_blank" href="https://twitter.com/delk">@delk</a><br> We’ve villainized hard work, having kids, and religion — and are left with a crisis of meaning. <a rel="noreferrer" target="_blank" href="https://t.co/ZIwNR6QMhu"><a href="https://t.co/ZIwNR6QMhu">https://t.co/ZIwNR6QMhu</a></a><br> https://www.whatsupup.com/blog/sunbelt/debunk/000000-000000/ Tue, 01 Feb 2022 20:27:31 +0000 https://www.whatsupup.com/blog/sunbelt/debunk/000000-000000/ [Marking site as being monitored from now on] https://www.whatsupup.com/blog/phonic/shopboy/20220201-201321/ Tue, 01 Feb 2022 20:13:20 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220201-201321/ Made in Cosmos <a rel="noreferrer" target="_blank" href="https://twitter.com/made_in_cosmos">@made_in_cosmos</a><br> @pmarca Admitting that life has a meaning would require evaluating some choices as more valuable than others, and that’s a hard pill to swallow in the postmodern world.<br> "There is a subject nowadays which is taboo in the way that sexuality was once taboo, which is to talk about life as if it had any meaning." – Nicholas Mosley<br> "Oh, come now, we must never lose our sense of humor. Nothing’s really sacred but a sense of humor." – Ellsworth Toohey<br> https://www.whatsupup.com/blog/beautifying/hagriding/20220201-082347/ Tue, 01 Feb 2022 08:23:47 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220201-082347/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/01/podcast-episode-saving-podcasts-patent-troll">H2FTI - Marc Maron - Ep 110</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20220201-082337/ Tue, 01 Feb 2022 08:23:36 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20220201-082337/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/01/podcast-episode-saving-podcasts-patent-troll">H2FTI - Marc Maron - Ep 110</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220201-081258/ Tue, 01 Feb 2022 08:12:58 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220201-081258/ mypetgoat.se <a rel="noreferrer" target="_blank" href="https://twitter.com/Brett_Fujioka">@Brett_Fujioka</a><br> @pmarca @tszzl if we're talking about David Foster Wallace: post-irony-cel.<br> Irony pandemic. Herd immunity nowhere in sight.<br> <a rel="noreferrer" target="_blank" href="https://t.co/SAOI56UDl4"><a href="https://t.co/SAOI56UDl4">https://t.co/SAOI56UDl4</a></a><br> https://www.whatsupup.com/blog/tularemic/yahweh/20220201-080754/ Tue, 01 Feb 2022 08:07:54 +0000 https://www.whatsupup.com/blog/tularemic/yahweh/20220201-080754/ Welcome to Monday Night Itch, a harebrained scheme to encourage folks to play more non- AAA games by adding a touch of social gamification. I thought I would be tweeting my adventures here, but I just had an experience so profound it can only be captured within a blog post.<br> <a rel="noreferrer" target="_blank" href="https://eev.ee/blog/2022/01/31/monday-night-itch-1-mystery-trap-adventure/">Monday Night Itch #1: Mystery Trap Adventure</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220201-041432/ Tue, 01 Feb 2022 04:14:31 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220201-041432/ Ironycel -> nihilcel -> wokecel pipeline? CC @tszzl<br> And for the rest of us… <a rel="noreferrer" target="_blank" href="https://t.co/TK3m2RBWWV"><a href="https://t.co/TK3m2RBWWV">https://t.co/TK3m2RBWWV</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/N6zMSHbKL6"><a href="https://t.co/N6zMSHbKL6">https://t.co/N6zMSHbKL6</a></a><br> <a rel="noreferrer" target="_blank" href="https://t.co/7dvn4c9SnS"><a href="https://t.co/7dvn4c9SnS">https://t.co/7dvn4c9SnS</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/yk7CfH54IQ"><a href="https://t.co/yk7CfH54IQ">https://t.co/yk7CfH54IQ</a></a><br> https://www.whatsupup.com/blog/traveling/splay/20220201-002157/ Tue, 01 Feb 2022 00:21:56 +0000 https://www.whatsupup.com/blog/traveling/splay/20220201-002157/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/31/science/milky-way.html">Out There An Electrifying View of the Heart of the Milky Way A new radio-wave image of the center of our galaxy reveals all the forms of frenzy that a hundred million or so stars can get up to. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/gaper/whisky/20220131-202113/ Mon, 31 Jan 2022 20:21:13 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220131-202113/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/01/hacks-decoded-adewale-adetona/">Hacks Decoded: Adewale Adetona →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/01/hacks-decoded-adewale-adetona/">Hacks Decoded: Adewale Adetona</a><br> <hr> Adetona Adewale Akeem, more popularly known as iSlimfit, is a Nigeria-born revered digital technologist and marketing expert. He is the co-founder of Menopays, a fintech startup offering another Buy Now Pay Later (BNPL) option across Africa. We chatted with him about founding Menopays and the impact of tech solutions developed in Nigeria.<br> https://www.whatsupup.com/blog/stratification/pride/20220131-161906/ Mon, 31 Jan 2022 16:19:06 +0000 https://www.whatsupup.com/blog/stratification/pride/20220131-161906/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292581/?p=boingboing&utm_source=boingboing">$300 Sony PlayStation 4 PS4 500GB Console With 20th Anniversary C…</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292559/?p=boingboing&utm_source=boingboing">$68,000 2019 Audi e-tron</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220131-122039/ Mon, 31 Jan 2022 12:20:38 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220131-122039/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/31/technology/facebook-meta-change.html">How Facebook Is Morphing Into Meta Shifting a 68,000-person social networking company toward the theoretical metaverse has caused internal disruption and uncertainty. By Sheera Frenkel, Mike Isaac and Ryan Mac</a><br> https://www.whatsupup.com/blog/novice/millrace/20220131-081448/ Mon, 31 Jan 2022 08:14:48 +0000 https://www.whatsupup.com/blog/novice/millrace/20220131-081448/ <p><a rel="noreferrer" target="_blank" href="https://mooseyanon.medium.com/github-f-ck-your-name-change-de599033bbbe?source=user_profile---------0-------------------------------">GitHub, f*ck your name change. Last summer an(other) unarmed black man was killed by police in Minneapolis, Minnesota. The subsequent 8 minute and 46 second video clip swept across social media and raised widespread condemnation. Hours of discourse and weeks of protests followed. Every company and their grandma released performative statements of solidarity with the…</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://medium.com/tag/github?source=user_profile--------------------github--------------------">Github</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mooseyanon.medium.com/github-f-ck-your-name-change-de599033bbbe?source=user_profile---------0-------------------------------">6 min read</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220130-202127/ Sun, 30 Jan 2022 20:21:26 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220130-202127/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2008/04/17/an-interesting-monoid/">An interesting monoid</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20220130-200754/ Sun, 30 Jan 2022 20:07:54 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220130-200754/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-new-meaning-of-hard-work">The new meaning of hard work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/abstinence-isnt-recovery">Abstinence isn’t recovery</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-go-back-to-things-you-used-to-be-addicted-to-in-the-past">How to go back to things you used to be addicted to in the past</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-protect-your-intentions-from-getting-hijacked">How to protect your intentions from getting hijacked</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/let-your-discontent-crystallize">Let your discontent crystallize</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/stop-postponing-things-by-embracing-the-mess">Stop postponing things by embracing the mess</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/critical-effort-why-we-reach-a-goal-or-not">Critical effort: why we reach a goal (or not)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/zone-of-action-do-the-possible-to-do-the-impossible">Zone of Action: Do the possible to do the impossible</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/1-simple-technique-to-train-your-focus">1 simple technique to train your focus</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220130-121254/ Sun, 30 Jan 2022 12:12:53 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220130-121254/ Martijn - mdk.eth <a rel="noreferrer" target="_blank" href="https://twitter.com/mdekuijper">@mdekuijper</a><br> Wow <a rel="noreferrer" target="_blank" href="https://t.co/26hOa913aC"><a href="https://t.co/26hOa913aC">https://t.co/26hOa913aC</a></a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20220130-120742/ Sun, 30 Jan 2022 12:07:42 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220130-120742/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-protect-your-intentions-from-getting-hijacked">How to protect your intentions from getting hijacked</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/let-your-discontent-crystallize">Let your discontent crystallize</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/stop-postponing-things-by-embracing-the-mess">Stop postponing things by embracing the mess</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/critical-effort-why-we-reach-a-goal-or-not">Critical effort: why we reach a goal (or not)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/zone-of-action-do-the-possible-to-do-the-impossible">Zone of Action: Do the possible to do the impossible</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/1-simple-technique-to-train-your-focus">1 simple technique to train your focus</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220130-081301/ Sun, 30 Jan 2022 08:13:00 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220130-081301/ <p>Antonio García Martínez (agm.eth) <a rel="noreferrer" target="_blank" href="https://twitter.com/antoniogm">@antoniogm</a><br> I have absolute freedom to write whatever I like on @SubstackInc and don't fear any reprisals.</p> <p>They don't arbitrarily yank people off their platform….as happened many times on Twitter when you were in charge, @jack. <a rel="noreferrer" target="_blank" href="https://t.co/rPCiU9UGWt"><a href="https://t.co/rPCiU9UGWt">https://t.co/rPCiU9UGWt</a></a><br></p> https://www.whatsupup.com/blog/ideo/fleury/20220130-080647/ Sun, 30 Jan 2022 08:06:46 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220130-080647/ Several articles here have delved into the history of John Bernard , the pseudonym used by a fake billionaire technology investor who tricked dozens of startups into giving him tens of millions of dollars. Bernard’s latest victim — a Norwegian company hoping to build a fleet of environmentally friendly shipping vessels — is now embroiled in a lawsuit over a deal gone bad, in which Bernard falsely claimed to have secured $100 million from six other wealthy investors, including the founder of Uber and the artist Abel Makkonen Tesfaye , better known as The Weeknd .<br> John Bernard is a pseudonym used by John Clifton Davies , a convicted fraudster from the United Kingdom who is currently a fugitive from justice and residing in Ukraine. Davies’ Bernard persona has fleeced dozens of technology companies out of an estimated $30 million with the promise of lucrative investments.<br> For several years until reinventing himself again quite recently, Bernard <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2020/09/due-diligence-that-money-cant-buy/">pretended to be a billionaire Swiss investor</a> who made his fortunes in the dot-com boom 20 years ago and who was seeking investment opportunities. Bernard generated a stream of victims by offering extraordinarily generous finder’s fees for investment brokers who helped him secure new clients. But those brokers would eventually get stiffed as well because Bernard’s company would never consummate a deal.<br> In case after case, Bernard would promise to invest millions in tech startups, and then insist that companies pay tens of thousands of dollars worth of due diligence fees up front. However, the due diligence company he insisted on using — another Swiss firm called Inside Knowledge — also was secretly owned by Bernard, who would invariably pull out of the deal after receiving the due diligence money.<br> The scam artist John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015.<br> But Bernard would adopt a slightly different approach to stealing from Freidig Shipping Ltd. , a Norwegian company formed in 2017 that was seeking the equivalent of USD $100 million investment to bring its green fleet of 30 new offshore service vessels to fruition.<br> Journalists Harald Vanvik and Harald Berglihn from the Norwegian Business Daily write that through investment advisors in London, Bernard was introduced to Nils-Odd Tønnevold , co-founder of Freidig Shipping and an investment advisor with 20 years of experience.<br> “Both Bernard and Inside Knowledge appeared to be professionals,” the reporters wrote in a story that’s behind a paywall. “Bernard appeared to be experienced. He knew a lot about start-ups and got into things quickly. Credible and reliable was the impression of him, said Tønnevold.”<br> “Bernard eventually took on the role of principal investor, claiming he had six other wealthy investors on the team, including artist Abel Makkonen Tesfaye, known as The Weeknd, Uber founder Garrett Camp and Norilsk Nickel owner Russian Vladimir Potanin ,” the Norwegian journalists wrote. “These committed to contribute $99.25 million to Freidig.”<br> So in this case Bernard conveniently claimed he’d come up with almost all of the investment, which came $750,000 short of the goal. Another investor, a Belgian named Guy Devos , contributed the remaining $750,000.<br> But by the spring of 2020, it was clear that Devos and others involved in the shipping project had been tricked, and that all the money which had been paid to Bernard — an estimated NOK 15 million (~USD $1.67 million) — had been lost. By that time the two co-founders and their families had borrowed USD $1.5 million, and had transferred the funds to Inside Knowledge. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/fake-investor-john-bernard-sinks-norwegian-green-shipping-dreams/#more-58153">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/fake-investor-john-bernard-sinks-norwegian-green-shipping-dreams/">Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220130-041302/ Sun, 30 Jan 2022 04:13:02 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220130-041302/ You can't argue with math. <a rel="noreferrer" target="_blank" href="https://t.co/QHdGftWmDu"><a href="https://t.co/QHdGftWmDu">https://t.co/QHdGftWmDu</a></a><br> Debo Olaosebikan <a rel="noreferrer" target="_blank" href="https://twitter.com/dolaoseb">@dolaoseb</a><br> Personally i think what people think is the log is the true count… <a rel="noreferrer" target="_blank" href="https://t.co/u46lzs6eG1"><a href="https://t.co/u46lzs6eG1">https://t.co/u46lzs6eG1</a></a><br> <a rel="noreferrer" target="_blank" href="https://t.co/t3pI5tAbdO"><a href="https://t.co/t3pI5tAbdO">https://t.co/t3pI5tAbdO</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/CGgxIUU6sp"><a href="https://t.co/CGgxIUU6sp">https://t.co/CGgxIUU6sp</a></a><br> https://www.whatsupup.com/blog/boxed/modification/20220130-001614/ Sun, 30 Jan 2022 00:16:14 +0000 https://www.whatsupup.com/blog/boxed/modification/20220130-001614/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#compiler-diagnostics">compiler-diagnostics</a><br></p> <hr> I just ran into some code like this in a test suite:<br> struct MoveOnlyWidget { MoveOnlyWidget(int); MoveOnlyWidget(const MoveOnlyWidget&) = delete; MoveOnlyWidget(MoveOnlyWidget&&) = default; MoveOnlyWidget& operator=(const MoveOnlyWidget&) = delete; MoveOnlyWidget& operator=(MoveOnlyWidget&&) = default; MoveOnlyWidget() = default; };<br> https://www.whatsupup.com/blog/phonic/shopboy/20220130-001336/ Sun, 30 Jan 2022 00:13:35 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220130-001336/ Me too. <a rel="noreferrer" target="_blank" href="https://t.co/66muPLG8jh"><a href="https://t.co/66muPLG8jh">https://t.co/66muPLG8jh</a></a><br> “Post more!” <slap> “Post less!” <slap> <a rel="noreferrer" target="_blank" href="https://t.co/1nqWnlfxXU"><a href="https://t.co/1nqWnlfxXU">https://t.co/1nqWnlfxXU</a></a><br> But this should make it <em>easier</em> to see all these supposed “people”, not harder. <a rel="noreferrer" target="_blank" href="https://t.co/rtCdmgMDJB"><a href="https://t.co/rtCdmgMDJB">https://t.co/rtCdmgMDJB</a></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220129-161304/ Sat, 29 Jan 2022 16:13:03 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220129-161304/ Zack Kanter <a rel="noreferrer" target="_blank" href="https://twitter.com/zackkanter">@zackkanter</a><br> Fat Eartherism in a nutshell. <a rel="noreferrer" target="_blank" href="https://t.co/iNBbe5eG2M"><a href="https://t.co/iNBbe5eG2M">https://t.co/iNBbe5eG2M</a></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220129-121303/ Sat, 29 Jan 2022 12:13:02 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220129-121303/ The real Fermi Paradox was here on Earth all along. <a rel="noreferrer" target="_blank" href="https://t.co/eyVv1Vq0hM"><a href="https://t.co/eyVv1Vq0hM">https://t.co/eyVv1Vq0hM</a></a><br> Market Mystic <a rel="noreferrer" target="_blank" href="https://twitter.com/LoveCheeseH8Gov">@LoveCheeseH8Gov</a><br> All this over-counting of everyone in everything just happens to conveniently make a lot of very smart and good people feel like an insignificant minority <a rel="noreferrer" target="_blank" href="https://t.co/zYfKRK2oFy"><a href="https://t.co/zYfKRK2oFy">https://t.co/zYfKRK2oFy</a></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220129-081249/ Sat, 29 Jan 2022 08:12:49 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220129-081249/ SEE? <a rel="noreferrer" target="_blank" href="https://t.co/XKmgz6WZ6e"><a href="https://t.co/XKmgz6WZ6e">https://t.co/XKmgz6WZ6e</a></a><br> QED: American, Italian, Indian, Chinese, Taco Bell, Chick-fil-A. Why don't we have more kinds of food? So weird. <a rel="noreferrer" target="_blank" href="https://t.co/kCBWBpnB4B"><a href="https://t.co/kCBWBpnB4B">https://t.co/kCBWBpnB4B</a></a><br> Right. We'd have more than like 6 kinds of food too. <a rel="noreferrer" target="_blank" href="https://t.co/hli1GFhmQr"><a href="https://t.co/hli1GFhmQr">https://t.co/hli1GFhmQr</a></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220129-041352/ Sat, 29 Jan 2022 04:13:52 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220129-041352/ My God, this happens to me too. <a rel="noreferrer" target="_blank" href="https://t.co/zcCV6PJ7sp"><a href="https://t.co/zcCV6PJ7sp">https://t.co/zcCV6PJ7sp</a></a><br> To be clear, I'm not questioning the Kumbh Mela, I'm questioning the existence of """space cameras""". <a rel="noreferrer" target="_blank" href="https://t.co/5SZoNwiU8z"><a href="https://t.co/5SZoNwiU8z">https://t.co/5SZoNwiU8z</a></a><br> Clickfraud committed by the 14 people who actually work at Google. <a rel="noreferrer" target="_blank" href="https://t.co/f3unFT5Q6m"><a href="https://t.co/f3unFT5Q6m">https://t.co/f3unFT5Q6m</a></a><br> https://www.whatsupup.com/blog/traveling/splay/20220128-202010/ Fri, 28 Jan 2022 20:20:10 +0000 https://www.whatsupup.com/blog/traveling/splay/20220128-202010/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/27/science/james-webb-space-telescope.html">Out There The James Webb Space Telescope and a Quest Every Human Shares Building, launching and deploying the giant observatory required the best of what our species has to offer the cosmos. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220128-201314/ Fri, 28 Jan 2022 20:13:13 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220128-201314/ <a rel="noreferrer" target="_blank" href="https://t.co/SizqY2z6lZ"><a href="https://t.co/SizqY2z6lZ">https://t.co/SizqY2z6lZ</a></a><br> https://www.whatsupup.com/blog/ideo/fleury/20220128-200645/ Fri, 28 Jan 2022 20:06:44 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220128-200645/ That same ToX ID was claimed by a user called “ smiseo ” on the Russian forum BHF, in which smiseo <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/01/rustclipper.png">advertises “clipper” malware</a> written in Rust that <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/man-robbed-of-16-bitcoin-sues-young-thieves-parents/">swaps in the attacker’s bitcoin address</a> when the victim copies a cryptocurrency address to their computer’s temporary clipboard.<br> The nickname “ YBCat ” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2022/01/ybcatcookiedays.png">advertised</a> that same ToX ID on Carder[.]uk, where this user claimed ownership over the Telegram account @CookieDays , and said they could be hired to do software and bot development “of any level of complexity.” YBCat mostly sold “installs,” offering paying customers to ability to load malware of their choice on thousands of hacked computers simultaneously.<br> https://www.whatsupup.com/blog/buckeroo/doubling/20220128-161950/ Fri, 28 Jan 2022 16:19:50 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220128-161950/ January 28, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/01/28/Implementing-mime-in-xxxx.html">Implementing a MIME database in XXXX</a><br> https://www.whatsupup.com/blog/boxed/modification/20220128-161521/ Fri, 28 Jan 2022 16:15:20 +0000 https://www.whatsupup.com/blog/boxed/modification/20220128-161521/ means it really happens<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#antipatterns">antipatterns</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#c++-learner-track">c++-learner-track</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#concurrency">concurrency</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#slogans">slogans</a><br> During my CppCon 2020 talk <a rel="noreferrer" target="_blank" href="https://youtu.be/F6Ipn7gCOsY">“Back to Basics: Concurrency,”</a> someone asked, “Do we ever need to use<br> ?” To which I said, “No. Please don’t use<br> for anything ever.” This was perhaps a bit overstated, but at least in the context of basic concurrency it was accurate. To describe the role of<br> in C and C++, I often use the following slogan:<br> Marking a variable as<br> means that reads and writes to that variable really happen.<br> If you don’t know what this means, then you shouldn’t use<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#antipatterns">antipatterns</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#c++-style">c++-style</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#holy-wars">holy-wars</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pitfalls">pitfalls</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220128-160629/ Fri, 28 Jan 2022 16:06:28 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220128-160629/ In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant.<br> Image: Varonis.<br> According to an analysis <a rel="noreferrer" target="_blank" href="https://www.varonis.com/blog/alphv-blackcat-ransomware">released this week by Varonis</a> , ALPHV is actively recruiting operators from several ransomware organizations — including <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=REvil">REvil</a> , <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=blackmatter">BlackMatter</a> and <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=darkside">DarkSide</a> — and is offering affiliates up to 90 percent of any ransom paid by a victim organization.<br> “The group’s leak site, active since early December 2021, has named over twenty victim organizations as of late January 2022, though the total number of victims, including those that have paid a ransom to avoid exposure, is likely greater,” Varonis’s Jason Hill wrote.<br> One concern about more malware shifting to <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Rust_(programming_language)">Rust</a> is that it is considered a much more secure programming language compared to C and C++, writes Catalin Cimpanu for <a rel="noreferrer" target="_blank" href="https://therecord.media/alphv-blackcat-is-the-first-professional-ransomware-gang-to-use-rust/">The Record</a> . The upshot? Security defenders are constantly looking for coding weaknesses in many ransomware strains, and if more start moving to Rust it could become more difficult to find those soft spots.<br> Researchers at Recorded Future say they believe the ALPHV/BlackCat author was previously involved with the infamous REvil ransomware cartel in some capacity. Earlier this month the Russian government announced that at the United States’ request it <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/at-request-of-u-s-russia-rounds-up-14-revil-ransomware-affiliates/">arrested 14 individuals in Russia thought to be REvil operators</a> .<br> Still, REvil rolls on despite these actions, according to Paul Roberts at <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com">ReversingLabs</a> . “The recent arrests have NOT led to a noticeable change in detections of REvil malicious files,” Roberts wrote. “In fact, detections of files and other software modules associated with the REvil ransomware increased modestly in the week following the arrests by Russia’s FSB intelligence service.”<br> Meanwhile, the U.S. State Department has <a rel="noreferrer" target="_blank" href="https://www.state.gov/reward-offers-for-information-to-bring-sodinokibi-revil-ransomware-variant-co-conspirators-to-justice/">a standing $10 million reward</a> for information leading to the identification or location of any individuals holding key leadership positions in REvil.<br> WHO IS BINRS?<br> A confidential source recently had a private conversation with a support representative who fields questions and inquiries on several cybercrime forums on behalf of a large and popular ransomware affiliate program. The affiliate rep confirmed that a coder for ALPHV was known by the handle “ Binrs ” on multiple Russian-language forums.<br> On the cybercrime forum RAMP , the user Binrs says they are a Rust developer who’s been coding for 6 years. “My stack is Rust, nodejs, php, golang,” Binrs said in an introductory post, in which they claim to be fluent in English. Binrs then signs the post with their identification number for <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Tox_(protocol)">ToX</a> , a peer-to-peer instant messaging service.<br> That same ToX ID was claimed by a user called “ smiseo ” on the Russian forum BHF, in which smiseo advertises “clipper” malware written in Rust that <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/man-robbed-of-16-bitcoin-sues-young-thieves-parents/">swaps in the attacker’s bitcoin address</a> when the victim copies a cryptocurrency address to their computer’s temporary clipboard.<br> The nickname “ YBCat ” advertised that same ToX ID on Carder[.]uk, where this user claimed ownership over the Telegram account @CookieDays , and said they could be hired to do software and bot development “of any level of complexity.” YBCat mostly sold “installs,” offering paying customers to ability to load malware of their choice on thousands of hacked computers simultaneously.<br> There is also an active user named Binrs on the Russian crime forum wwh-club[.]co who says they’re a Rust coder who can be reached at the @CookieDays Telegram account.<br> On the Russian forum Lolzteam, a member with the username “ DuckerMan ” uses the @CookieDays Telegram account in his signature. In one thread, DuckerMan promotes an affiliate program called CookieDays that lets people make money by getting others to install cryptomining programs that are infected with malware. In another thread, DuckerMan is selling a different clipboard hijacking program called Chloe Clipper.<br> The CookieDays moneymaking program.<br> According to threat intelligence firm <a rel="noreferrer" target="_blank" href="https://www.flashpoint-intel.com">Flashpoint</a> , the Telegram user DuckerMan employed another alias — Sergey Duck . These accounts were most active in the Telegram channels “Bank Accounts Selling,” “Malware developers community,” and “Raidforums,” a popular English-language cybercrime forum. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/who-wrote-the-alphv-blackcat-ransomware-strain/#more-58279">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/who-wrote-the-alphv-blackcat-ransomware-strain/">Who Wrote the ALPHV/BlackCat Ransomware Strain?</a><br> https://www.whatsupup.com/blog/veld/paternal/20220128-121634/ Fri, 28 Jan 2022 12:16:34 +0000 https://www.whatsupup.com/blog/veld/paternal/20220128-121634/ Blog<br> https://www.whatsupup.com/blog/overgrazing/propellent/20220128-041808/ Fri, 28 Jan 2022 04:18:08 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220128-041808/ <p><a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/tech-can-help-solve-our-mental-health">Tech Can Help Solve Our Mental Health Crisis. But We Can’t Forget The Human Element.</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/tech-can-help-solve-our-mental-health">Tom Insel was the director of the National Institute of Mental Health from 2002-2015 and led the mental health team at Alphabet's Verily. Tech alone can't solve our mental health crisis, he writes.</a><br> <a rel="noreferrer" target="_blank" href="https://substack.com/profile/55917650-thomas-insel">Thomas Insel</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/tech-can-help-solve-our-mental-health/comments">Comment</a> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220128-041305/ Fri, 28 Jan 2022 04:13:05 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220128-041305/ <a rel="noreferrer" target="_blank" href="https://t.co/W0W6fsJh4k"><a href="https://t.co/W0W6fsJh4k">https://t.co/W0W6fsJh4k</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/DeVPiJcXAL"><a href="https://t.co/DeVPiJcXAL">https://t.co/DeVPiJcXAL</a></a><br> https://www.whatsupup.com/blog/traveling/splay/20220127-161930/ Thu, 27 Jan 2022 16:19:29 +0000 https://www.whatsupup.com/blog/traveling/splay/20220127-161930/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/27/science/james-webb-space-telescope.html">Out There With the James Webb Space Telescope, Humanity Did the Right Thing Every person on Earth shares in the quest that the giant observatory will now begin. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/novice/millrace/20220127-121440/ Thu, 27 Jan 2022 12:14:40 +0000 https://www.whatsupup.com/blog/novice/millrace/20220127-121440/ Last summer an(other) unarmed black man was killed by police in Minneapolis, Minnesota. The subsequent 8 minute and 46 second video clip swept across social media and raised widespread condemnation. Hours of discourse and weeks of protests followed. Every company and their grandma released performative statements of solidarity with the…<br> https://www.whatsupup.com/blog/phonic/shopboy/20220127-081329/ Thu, 27 Jan 2022 08:13:28 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220127-081329/ <a rel="noreferrer" target="_blank" href="https://t.co/k50bCwdMvx"><a href="https://t.co/k50bCwdMvx">https://t.co/k50bCwdMvx</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/VBPLNTxwvt"><a href="https://t.co/VBPLNTxwvt">https://t.co/VBPLNTxwvt</a></a><br> Notice with immediate effect: Anyone who disregards my Calendly links will be permabanned from raising venture capital in Silicon Valley.<br> https://www.whatsupup.com/blog/gonadal/revving/20220127-042037/ Thu, 27 Jan 2022 04:20:36 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220127-042037/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2019/04/30/code-style-and-moral-absolutes/">Code style and moral absolutes</a><br> https://www.whatsupup.com/blog/stratification/pride/20220127-001903/ Thu, 27 Jan 2022 00:19:03 +0000 https://www.whatsupup.com/blog/stratification/pride/20220127-001903/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292374/?p=boingboing&utm_source=boingboing">$400 CLEAN</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292408/?p=boingboing&utm_source=boingboing">$110 CLEAN</a><br> https://www.whatsupup.com/blog/evildoer/onionskin/20220127-001034/ Thu, 27 Jan 2022 00:10:34 +0000 https://www.whatsupup.com/blog/evildoer/onionskin/20220127-001034/ Mozilla recently submitted its comments to a public consultation on reforming the UK’s data protection regime launched by the UK Department for Digital, Culture, Media & Sport. With the public … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2021/11/29/mozilla-files-comments-on-uk-data-protection-consultation/">Read more</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220126-201248/ Wed, 26 Jan 2022 20:12:48 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220126-201248/ <a rel="noreferrer" target="_blank" href="https://t.co/wl7NGwD8kX"><a href="https://t.co/wl7NGwD8kX">https://t.co/wl7NGwD8kX</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/JSTVyBNzjI"><a href="https://t.co/JSTVyBNzjI">https://t.co/JSTVyBNzjI</a></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220126-121429/ Wed, 26 Jan 2022 12:14:28 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220126-121429/ Strong endorse. <a rel="noreferrer" target="_blank" href="https://t.co/Cz6GUD22Tl"><a href="https://t.co/Cz6GUD22Tl">https://t.co/Cz6GUD22Tl</a></a><br> https://www.whatsupup.com/blog/tularemic/yahweh/20220126-081109/ Wed, 26 Jan 2022 08:11:08 +0000 https://www.whatsupup.com/blog/tularemic/yahweh/20220126-081109/ <p>A Chronicling of the Lyfe and Times of one Miss Pearl Twig Woods, who has Passed at a Young Age from Troubles of the Heart. She is survived by Anise, her Arch Nemesis; Cheeseball, her Adoptive Ruffian; and Napoleon, her Star-Crossed Suitor for Whom she Longed from Afar.<br> <a rel="noreferrer" target="_blank" href="https://eev.ee/blog/2022/01/25/goodbye-pearl/">Goodbye, Pearl</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/birthday/">birthday</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/cats/">cats</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/cheezball-rising/">cheezball rising</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/culture/">culture</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/doom/">doom</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/dywypi/">dywypi</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/eulogy/">eulogy</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/food/">food</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/gadgets/">gadgets</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/game-night/">game night</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/gamedev/">gamedev</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/gender/">gender</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/git/">git</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/identity/">identity</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/infosec/">infosec</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/isaacs-descent/">isaac's descent</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/law/">law</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/linux/">linux</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/making-things/">making things</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/mario-maker/">mario maker</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/math/">math</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/media/">media</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/meta/">meta</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/nsfw/">nsfw</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/patreon/">patreon</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/perl/">perl</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/personal/">personal</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/photos/">photos</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/php/">php</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/plt/">plt</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/pokemon/">pokemon</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/popular/">popular</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/project-euler/">project euler</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/puzzles/">puzzles</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/pyramid/">pyramid</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/python/">python</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/raidne/">raidne</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/reference/">reference</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/runed-awakening/">runed awakening</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/rust/">rust</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/sanpera/">sanpera</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/spline/">spline</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/squiggle/">squiggle</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/status/">status</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/styx/">styx</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/systems/">systems</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/tech/">tech</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/tools/">tools</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/typography/">typography</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/ui/">ui</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/unicode/">unicode</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/veekun/">veekun</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/web/">web</a> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/tags/yelling/">yelling</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220126-001446/ Wed, 26 Jan 2022 00:14:46 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220126-001446/ <a rel="noreferrer" target="_blank" href="https://t.co/OynV4SXWEa"><a href="https://t.co/OynV4SXWEa">https://t.co/OynV4SXWEa</a></a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20220125-202540/ Tue, 25 Jan 2022 20:25:40 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220125-202540/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/01/podcast-episode-data-doppelgangers">Podcast Episode: Data Doppelgängers</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20220125-202538/ Tue, 25 Jan 2022 20:25:38 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20220125-202538/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/01/podcast-episode-data-doppelgangers">Podcast Episode: Data Doppelgängers</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220125-201847/ Tue, 25 Jan 2022 20:18:46 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220125-201847/ The ambitious observatory has arrived at its home — near a gravitationally special spot called L2 — for a premier view of the Universe.<br> https://www.whatsupup.com/blog/phonic/shopboy/20220125-201412/ Tue, 25 Jan 2022 20:14:12 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220125-201412/ <p>The wait is over!</p> <p>@pmarca at his best … in depth and unfiltered</p> <p>Apple: <a rel="noreferrer" target="_blank" href="https://t.co/drwQ44qfGl"><a href="https://t.co/drwQ44qfGl">https://t.co/drwQ44qfGl</a></a> Spotify: <a rel="noreferrer" target="_blank" href="https://t.co/HySEzG1arX"><a href="https://t.co/HySEzG1arX">https://t.co/HySEzG1arX</a></a> Youtube: <a rel="noreferrer" target="_blank" href="https://t.co/QB9NbjcXKX"><a href="https://t.co/QB9NbjcXKX">https://t.co/QB9NbjcXKX</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/CyV2gT52Oy"><a href="https://t.co/CyV2gT52Oy">https://t.co/CyV2gT52Oy</a></a><br> Shane Parrish <a rel="noreferrer" target="_blank" href="https://twitter.com/ShaneAParrish">@ShaneAParrish</a><br> Here's my conversation with @pmarca.</p> <p>This one was epic. <a rel="noreferrer" target="_blank" href="https://t.co/g8f5FXdEik"><a href="https://t.co/g8f5FXdEik">https://t.co/g8f5FXdEik</a></a><br></p> https://www.whatsupup.com/blog/ideo/fleury/20220125-200727/ Tue, 25 Jan 2022 20:07:26 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220125-200727/ What’s worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One reader’s nightmare experience spotlights what can happen when ID thieves and hackers start targeting online payday lenders.<br> The reader who shared this story (and copious documentation to go with it) asked to have his real name omitted to avoid encouraging further attacks against his identity. So we’ll just call him “Jim.” Last May, someone applied for some type of loan in Jim’s name. The request was likely sent to an online portal that takes the borrower’s loan application details and shares them with multiple prospective lenders, because Jim said over the next few days he received dozens of emails and calls from lenders wanting to approve him for a loan.<br> Many of these lenders were eager to give Jim money because they were charging exorbitant 500-900 percent interest rates for their loans. But Jim has long had <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2018/09/credit-freezes-are-free-let-the-ice-age-begin/">a security freeze on his credit file with the three major consumer credit reporting bureaus</a> , and none of the lenders seemed willing to proceed without at least a peek at his credit history.<br> Among the companies that checked to see if Jim still wanted that loan he never applied for last May was <a rel="noreferrer" target="_blank" href="https://www.mountainsummitfinancial.com">Mountain Summit Financial</a> (MSF), a lending institution owned by a Native American tribe in California called the <a rel="noreferrer" target="_blank" href="https://www.hpultribe-nsn.gov/">Habematelol Pomo of Upper Lake</a> .<br> Jim told MSF and others who called or emailed that identity thieves had applied for the funds using his name and information; that he would never take out a payday loan; and would they please remove his information from their database? Jim says MSF assured him it would, and the loan was never issued.<br> Jim spent months sorting out that mess with MSF and other potential lenders, but after a while the inquiries died down. Then on Nov. 27 — Thanksgiving Day weekend — Jim got a series of rapid-fire emails from MSF saying they’ve received his loan application, that they’d approved it, and that the funds requested were now available at the bank account specified in his MSF profile.<br> Curiously, the fraudsters had taken out a loan in Jim’s name with MSF using his real email address — the same email address the fraudsters had used to impersonate him to MSF back in May 2021. Although he didn’t technically have an account with MSF, their authentication system is based on email addresses, so Jim requested that a password reset link be sent to his email address. That worked, and once inside the account Jim could see more about the loan details:<br> The terms of the unauthorized loan in Jim’s name from MSF.<br> Take a look at that 546.56 percent interest rate and finance charges listed in this $1,000 loan. If you pay this loan off in a year at the suggested bi-weekly payment amounts, you will have paid $3,903.57 for that $1,000.<br> Jim contacted MSF as soon as they opened the following week and found out the money had already been dispersed to a Bank of America account Jim didn’t recognize. MSF had Jim fill out an affidavit claiming the loan was the result of identity theft, which necessitated filing a report with the local police and a number of other steps. Jim said numerous calls to Bank of America’s fraud team went nowhere because they refused to discuss an account that was not in his name.<br> Jim said MSF ultimately agreed that the loan wasn’t legitimate, but they couldn’t or wouldn’t tell him how his information got pushed through to a loan — even though MSF was never able to pull his credit file.<br> Then in mid-January, Jim heard from MSF via snail mail that they’d discovered a data breach.<br> “We believe the outsider may have had an opportunity to access the accounts of certain customers, including your account, at which point they would be able to view personal information pertaining to that customer and potentially obtain an unauthorized loan using the customer’s credentials,” MSF said.<br> MSF said the personal information involved in this incident may have included name, date of birth, government-issued identification numbers (e.g., SSN or DLN), bank account number and routing number, home address, email address, phone number and other general loan information.<br> A portion of the Jan. 14, 2022 breach notification letter from tribal lender Mountain Summit Financial.<br> Nevermind that his information was only in MSF’s system because of an earlier attempt by ID thieves: The intruders were able to update his existing (never-deleted) record with new banking information and then push the application through MSF’s systems.<br> “MSF was the target of a suspected third-party attack,” the company said, noting that it was working with the FBI, the California Sheriff’s Office, and the Tribal Commission for Lake County, Calif.  “Ultimately, MSF confirmed that these trends were part of an attack that originated outside of the company.”<br> MSF has not responded to questions about the aforementioned third party or parties that may be involved. But it is possible that other tribal lenders could have been affected: Jim said that not long after the phony MSF payday loan was pushed through, he received at least three inquiries in rapid succession from other lenders who were all of a sudden interested in offering him a loan.<br> In a statement sent to KrebsOnSecurity, MSF said it was “the victim of a malicious attack that originated outside of the company, by unknown perpetrators.”<br> “As soon as the issue was uncovered, the company initiated cybersecurity incident response measures to protect and secure its information; and notified law enforcement and regulators,” MSF wrote. “Additionally, the company has notified individuals whose personal identifiable information may have been impacted by this crime and is actively working with law enforcement in its investigation. As this is an ongoing criminal investigation, we can make no additional comment at this time.”<br> According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C. representing tribal lenders, the short-term installment loan products offered by NAFSA members are not payday loans but rather “ <a rel="noreferrer" target="_blank" href="https://nativefinance.org/truth-tribal-lending/">installment loans</a> ” — which are amortized, have a definite loan term, and require payments that go toward not just interest, but that also pay down the loan principal.<br> NAFSA did not respond to multiple requests for comment.<br> Nearly all U.S. states have usury laws that limit the amount of interest a company can charge on a loan, but those limits traditionally haven’t applied to tribal lenders. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/scary-fraud-ensues-when-id-theft-usury-collide/#more-58202">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/scary-fraud-ensues-when-id-theft-usury-collide/">Scary Fraud Ensues When ID Theft & Usury Collide</a><br> https://www.whatsupup.com/blog/hardened/twinkled/20220125-162035/ Tue, 25 Jan 2022 16:20:35 +0000 https://www.whatsupup.com/blog/hardened/twinkled/20220125-162035/ Good news: we removed all cookie banners from GitHub! No one likes cookie banners. But cookie banners are everywhere. So how did we pull this off? Well, EU law requires you to use cookie banners if your website contains cookies that are not required for it to work. Common examples of such cookies are […]<br> https://www.whatsupup.com/blog/hardened/twinkled/20220125-122042/ Tue, 25 Jan 2022 12:20:42 +0000 https://www.whatsupup.com/blog/hardened/twinkled/20220125-122042/ <a rel="noreferrer" target="_blank" href="https://github.blog/2021-04-19-open-source-goes-to-mars/">Open source goes to Mars 🚀</a><br></p> <hr> Good news: we removed all cookie banners from GitHub! 🎉 No one likes cookie banners. But cookie banners are everywhere. So how did we pull this off? Well, EU law requires you to use cookie banners if your website contains cookies that are not required for it to work. Common examples of such cookies are […]<br> https://www.whatsupup.com/blog/audiometry/cottony/20220125-042206/ Tue, 25 Jan 2022 04:22:05 +0000 https://www.whatsupup.com/blog/audiometry/cottony/20220125-042206/ <a rel="noreferrer" target="_blank" href="https://github.com/reHackable/awesome-reMarkable">dustinkirkland starred reHackable/awesome-reMarkable</a> - 1/24/2022<br> https://www.whatsupup.com/blog/underpeopled/multichannel/20220125-042038/ Tue, 25 Jan 2022 04:20:38 +0000 https://www.whatsupup.com/blog/underpeopled/multichannel/20220125-042038/ <p>November 17, 2021<br> The modern internet was built on a legal framework of safe harbors for user-generated content. These safe harbors are widely credited with having enabled global internet innovation by protecting online platforms from liability for user content they host. Despite this, they are increasingly at risk around the world as regulators look to curb objectionable content […]<br> At GitHub, we put developers first, and we work hard to provide a safe, open, and inclusive platform for code collaboration. This means we are committed to minimizing the disruption of software projects, protecting developer privacy, and being transparent with developers about content moderation and disclosure of user information. This kind of transparency is vital […]<br> We regularly update our policies to reflect the evolution of our products, changing legal requirements, and user feedback. In this update, we’ve made some changes to our Terms of Service, Privacy Statement, and other site policies. We’ve also made some updates to the process for updating our site policies. We welcome your feedback in our […]<br> As policymakers grapple with how to address hate speech and disinformation on the internet, they’re eying the legal structure underpinning collaborative software development: legal safe harbors. These safe harbors protect online platforms from liability for the user content that they host, and without these safe harbors, countless user-generated content platforms like GitHub wouldn’t be here […]<br> We're excited to share GitHub’s 2018 Transparency Report, a by-the-numbers look at how we handle requests for user data and moderate content on GitHub.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2018-11-15-global-commitments-on-building-an-internet-of-trust/">Developers on the world stage—global commitments on building an internet of trust</a><br></p> <hr> At the Paris Peace Forum and the Internet Governance Forum, governments, companies, and civil society made commitments to building an internet of trust. Developers are central to making these commitments a reality.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2018-10-23-github-goes-to-brussels/">EU copyright update: GitHub goes to Brussels</a><br> <hr> Read about our open source and copyright event in Brussels–plus the latest on the EU copyright negotiations.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2018-09-17-whats-next-for-the-eu-copyright-proposal/">What’s next for the EU copyright proposal?</a><br> <hr> EU Parliament voted last week on the Copyright Directive. Find out what they decided, how this affects software, and what you can do next.<br> https://www.whatsupup.com/blog/hardened/twinkled/20220125-042025/ Tue, 25 Jan 2022 04:20:25 +0000 https://www.whatsupup.com/blog/hardened/twinkled/20220125-042025/ <p>November 3, 2021<br> Today, we're launching a technical preview of GitHub Copilot, a new AI pair programmer that helps you write better code.<br> This morning, we watched in awe as the first Mars Helicopter, Ingenuity, took flight in the thin Martian atmosphere. This is an incredible achievement for the teams at NASA and the Jet Propulsion Lab (JPL). It’s also an achievement powered, in part, by an invisible team of open source developers from around the world. In […]<br> We're excited to announce that npm will be joining GitHub.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2019-01-07-new-year-new-github/">New year, new GitHub: Announcing unlimited free private repos and unified Enterprise offering</a><br></p> <hr> Today we’re announcing two major updates to make GitHub more accessible to developers.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2018-10-26-github-and-microsoft/">Pull request successfully merged. Starting build…</a><br> <hr> With the Microsoft acquisition of GitHub complete, Nat Friedman joins as CEO.<br> https://www.whatsupup.com/blog/phonic/shopboy/20220125-041408/ Tue, 25 Jan 2022 04:14:07 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220125-041408/ RIP my father-in-law and hero John Arrillaga, 1937-2022. <a rel="noreferrer" target="_blank" href="https://t.co/SxCb6j9kNu"><a href="https://t.co/SxCb6j9kNu">https://t.co/SxCb6j9kNu</a></a><br> https://www.whatsupup.com/blog/stratification/pride/20220125-002420/ Tue, 25 Jan 2022 00:24:20 +0000 https://www.whatsupup.com/blog/stratification/pride/20220125-002420/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104290758/?p=boingboing&utm_source=boingboing">$80</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292380/?p=boingboing&utm_source=boingboing">$5,660 chair</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220125-002318/ Tue, 25 Jan 2022 00:23:17 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220125-002318/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-00128-0">Webb telescope reaches its final destination far from Earth</a><br></p> <hr> The ambitious observatory has arrived at its home — near a gravitationally stable spot called L2 — for a premier view of the Universe.<br> https://www.whatsupup.com/blog/sited/implore/20220124-202030/ Mon, 24 Jan 2022 20:20:29 +0000 https://www.whatsupup.com/blog/sited/implore/20220124-202030/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/24/technology/google-location-services-lawsuit.html">Four Attorneys General Claim Google Secretly Tracked People Three states and the District of Columbia allege that the tech giant misled consumers by continuing to track those who had changed their privacy settings to prevent data collection. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220124-042341/ Mon, 24 Jan 2022 04:23:41 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220124-042341/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2016/09/20/the-generic-random-library-part-1-simple-generic-arbitrary-instances/">The generic-random library, part 1: simple generic Arbitrary instances</a><br> https://www.whatsupup.com/blog/boxed/modification/20220124-041731/ Mon, 24 Jan 2022 04:17:31 +0000 https://www.whatsupup.com/blog/boxed/modification/20220124-041731/ all the things?<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#antipatterns">antipatterns</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#c++-style">c++-style</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pitfalls">pitfalls</a><br> Last week someone posted a /r/cpp thread titled <a rel="noreferrer" target="_blank" href="https://old.reddit.com/r/cpp/comments/s823vk/declaring_all_variables_local_to_a_function_as/">“Declaring all variables local to a function as const”</a> :<br> Ok, so I’m an old-school C++ programmer using the language now since the early ’90s. I’m a fan of const-correctness for function and member declarations, parameters, and the like. Where, I believe, it actually matters.<br> Now we have a team member who has jumped on the “everything is const” bandwagon. Every code review includes dozens of lines of local function variables now declared<br> that litter the review.<br> Intellectually, I understand the (what I consider mostly insignificant) arguments in favor of this practice, but in nearly 30 years I have never had a bug introduced into my code because a local function variable was mutable when I didn’t expect it. It does nothing for me to aid in code analysis or tracking. It has at most a tiny impact on performance.<br> Maybe I’m just an old dog finally unable to learn a new trick. So, on this fine Wednesday, who’s up for a religious war? What are y’all doing?<br> TLDR: I’m not putting<br> on all the things, either.<br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220124-041633/ Mon, 24 Jan 2022 04:16:33 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220124-041633/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/01/16/Pulp-Fiction">Pulp Fiction</a> · A dozen years ago, our growing family created a problem: Too many books! So after I finished <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/200x/2009/06/12/Music-Migration-Done">ripping our thousand CDs</a> , we repurposed the CD rack into a bookcase, stuffed it with our genre paperbacks, and put it in the guest room. A few years later, the guest room became our son’s room and the pulp fiction went into boxes. But just now after another bout of domestic reorganization, they’re back out among us. I find their dingy colorful presence cheering. Check out the picture! <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/01/16/Pulp-Fiction">…</a> [6 comments]<br> https://www.whatsupup.com/blog/phonic/shopboy/20220123-121229/ Sun, 23 Jan 2022 12:12:29 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220123-121229/ <p>FS <a rel="noreferrer" target="_blank" href="https://twitter.com/farnamstreet">@farnamstreet</a><br> @morganhousel @pmarca @ShaneAParrish This lines up with what Historian John Lewis Gaddis told us. <a rel="noreferrer" target="_blank" href="https://t.co/f9uWnKHljD"><a href="https://t.co/f9uWnKHljD">https://t.co/f9uWnKHljD</a></a><br> Morgan Housel <a rel="noreferrer" target="_blank" href="https://twitter.com/morganhousel">@morganhousel</a><br> "What people think of as technological change is actually societal change and specifically societal change of the form of a reordering of the power and status structure."<br> "The further back I read the more universal themes I find. And the more things that I think are remarkable and unique to our era actually turn out to be quite universal."</p> <p>Good podcast with @pmarca and @ShaneAParrish. <a rel="noreferrer" target="_blank" href="https://t.co/5D07JXL90J"><a href="https://t.co/5D07JXL90J">https://t.co/5D07JXL90J</a></a><br></p> https://www.whatsupup.com/blog/kickback/overgeneralization/20220122-041024/ Sat, 22 Jan 2022 04:10:23 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220122-041024/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/event-driven-architecture-and-reactive-programming/">This article will look at the terminology of event-driven architecture and reactive programming, and the problems they are trying to solve.</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220122-002312/ Sat, 22 Jan 2022 00:23:12 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220122-002312/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/21/technology/twitter-security-team.html">Twitter shakes up its security team. Parag Agrawal, the new chief executive, fired the company’s head of security this week. Twitter’s chief information security officer is also leaving. By Mike Isaac and Kate Conger</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220122-001500/ Sat, 22 Jan 2022 00:15:00 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220122-001500/ <a rel="noreferrer" target="_blank" href="https://t.co/GyvWv8UI8w"><a href="https://t.co/GyvWv8UI8w">https://t.co/GyvWv8UI8w</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/wBh7mdeL5g"><a href="https://t.co/wBh7mdeL5g">https://t.co/wBh7mdeL5g</a></a><br> <a rel="noreferrer" target="_blank" href="https://t.co/HG4DM8Eubi"><a href="https://t.co/HG4DM8Eubi">https://t.co/HG4DM8Eubi</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/oX4tvkk20a"><a href="https://t.co/oX4tvkk20a">https://t.co/oX4tvkk20a</a></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220121-201336/ Fri, 21 Jan 2022 20:13:35 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220121-201336/ The head chef presenting the first course during dinner at @jack's. <a rel="noreferrer" target="_blank" href="https://t.co/qXmPP1ucw4"><a href="https://t.co/qXmPP1ucw4">https://t.co/qXmPP1ucw4</a></a><br> https://www.whatsupup.com/blog/ideo/fleury/20220121-200716/ Fri, 21 Jan 2022 20:07:16 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220121-200716/ Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club , a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.<br> Criminals ripping off other crooks is a constant theme in the cybercrime underworld; Accountz Club’s slogan  — “the best autoshop for your favorite shops’ accounts” — just normalizes this activity by making logins stolen from users of various cybercrime shops for sale at a fraction of their account balances.<br> The site says it sells “cracked” accounts, or those that used passwords which could be easily guessed or enumerated by automated tools. All of the credentials being sold by Accountz provide access to services that in turn sell access to stolen information or hijacked property, as in the case of “bot shops” that resell access to infected computers.<br> One example is <a rel="noreferrer" target="_blank" href="http://digitalshadows.com/blog-and-research/the-technology-adoption-lifecycle-of-genesis-market/">Genesis Market</a> , where customers can search for stolen credentials and authentication cookies from a broad range of popular online destinations. Genesis even offers a custom-made web browser where you can load authentication cookies from botted PCs and waltz right into the account without having to enter a username or password or mess with multi-factor authentication.<br> Accountz is currently selling four different Genesis logins for about 40-50 percent of their unspent balances. Genesis mostly gets its inventory of botted computers and stolen logins from resellers who specialize in deploying infostealer malware via email and booby-trapped websites. Likewise, it appears Accountz also derives much of its stock from a handful of resellers, who presumably are the same ones doing the cybercrime service account cracking.<br> The Genesis bot shop.<br> In essence, Accountz customers are paying for illicit access to cybercrime services that sell access to compromised resources that can be abused for cybercrime. That’s seriously meta. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/crime-shop-sells-hacked-logins-to-other-crime-shops/#more-58194">Continue reading →</a><br> “This is Russian ransomware diplomacy,” Alperovitch said on Twitter.<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/crime-shop-sells-hacked-logins-to-other-crime-shops/">Crime Shop Sells Hacked Logins to Other Crime Shops</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220121-121944/ Fri, 21 Jan 2022 12:19:43 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220121-121944/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/21/technology/twitter-security-team.html">Twitter shakes up its security team. Parag Agrawal, Twitter’s new chief executive, terminated the company’s head of security this week. Twitter’s chief information security officer is also leaving. By Mike Isaac and Kate Conger</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20220121-121533/ Fri, 21 Jan 2022 12:15:32 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220121-121533/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/01/zooming-in-on-zero-click-exploits.html">Zooming in on Zero-click Exploits</a> (Jan)<br> https://www.whatsupup.com/blog/playacted/rededication/20220121-081944/ Fri, 21 Jan 2022 08:19:43 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220121-081944/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/21/technology/twitter-security-team.html">Twitter Shakes Up Security Team Parag Agrawal, Twitter’s new chief executive, terminated the company’s head of security this week. Twitter’s chief information security officer is also leaving. By Mike Isaac and Kate Conger</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220121-081724/ Fri, 21 Jan 2022 08:17:23 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220121-081724/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/cooling-stock-market-has-some-tech">Cooling Stock Market Has Some Tech Giant Employees Exploring Their Options</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/cooling-stock-market-has-some-tech">Stock-based compensation is less exciting when the stock goes down.</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220121-081237/ Fri, 21 Jan 2022 08:12:36 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220121-081237/ It's times like this when I'm glad I turned leadership of the World Economic Forum over to @jack. <a rel="noreferrer" target="_blank" href="https://t.co/5Os991fpn8"><a href="https://t.co/5Os991fpn8">https://t.co/5Os991fpn8</a></a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220121-041624/ Fri, 21 Jan 2022 04:16:23 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220121-041624/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-00108-4">Has Biden followed the science? What researchers say</a><br></p> <hr> As the US president’s first year in office ends, Nature assesses whether he’s kept his promise to make evidence-based decisions.<br> Max Kozlov<br> https://www.whatsupup.com/blog/stratification/pride/20220121-001724/ Fri, 21 Jan 2022 00:17:24 +0000 https://www.whatsupup.com/blog/stratification/pride/20220121-001724/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104289797/?p=boingboing&utm_source=boingboing">$29,000 1935 Harley Davidson Trike</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292274/?p=boingboing&utm_source=boingboing">$47,000 2019 Tesla Model 3</a><br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292174/?p=boingboing&utm_source=boingboing">$200 Sony PlayStation 4 ,PS4 Original Slim Pro 500GB 1TB 2TB Choi…</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292171/?p=boingboing&utm_source=boingboing">$600 Apple MacBook Air 13.3" M1 Chip 8GB 512GB SSD 2020 Model Spa…</a><br> https://www.whatsupup.com/blog/sited/implore/20220121-001646/ Fri, 21 Jan 2022 00:16:45 +0000 https://www.whatsupup.com/blog/sited/implore/20220121-001646/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/20/technology/big-tech-senate-bill.html">Efforts to Rein In Big Tech May Be Running Out of Time With midterm elections approaching, a vote taken on Thursday could be the first of several that Congress takes on bills aimed at the industry. By Cecilia Kang and David McCabe</a><br> https://www.whatsupup.com/blog/sited/implore/20220120-201734/ Thu, 20 Jan 2022 20:17:34 +0000 https://www.whatsupup.com/blog/sited/implore/20220120-201734/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/20/technology/big-tech-senate-bill.html">Efforts to Rein in Big Tech May Be Running Out of Time With midterm elections approaching, a vote taken on Thursday could be the first of several that Congress takes on bills aimed at the industry. By Cecilia Kang and David McCabe</a><br> https://www.whatsupup.com/blog/sited/implore/20220120-161635/ Thu, 20 Jan 2022 16:16:35 +0000 https://www.whatsupup.com/blog/sited/implore/20220120-161635/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/20/technology/big-tech-senate-bill.html">Efforts to Rein in Big Tech May Be Running Out of Time With midterm elections approaching, a vote expected on Thursday could be the first of several that Congress takes on bills aimed at the industry. By Cecilia Kang and David McCabe</a><br> https://www.whatsupup.com/blog/boxed/modification/20220120-161442/ Thu, 20 Jan 2022 16:14:41 +0000 https://www.whatsupup.com/blog/boxed/modification/20220120-161442/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#jokes">jokes</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#slogans">slogans</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#sre">sre</a><br> Two economists are walking down the street. One of them notices what appears to be a $100 bill just lying on the sidewalk, and points it out to the other. “Nonsense,” declares his friend. “If that were a real $100 bill, someone would have picked it up already.”<br> Before you read this post — which contains spoilers — you should read <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2022/01/06/memcached-interview/">“The best engineering interview question I’ve ever gotten, Part 1”</a> (2022-01-06).<br> https://www.whatsupup.com/blog/traveling/splay/20220120-121721/ Thu, 20 Jan 2022 12:17:20 +0000 https://www.whatsupup.com/blog/traveling/splay/20220120-121721/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/20/science/milky-way-local-bubble-stars.html">Out There A New Map of the Sun’s Local Bubble At the edge of a vast region devoid of gas and dust, scientists find an explanation for “how all nearby star formation began.” By Dennis Overbye</a><br> https://www.whatsupup.com/blog/novice/millrace/20220120-081332/ Thu, 20 Jan 2022 08:13:31 +0000 https://www.whatsupup.com/blog/novice/millrace/20220120-081332/ 310 Followers<br> https://www.whatsupup.com/blog/ideo/fleury/20220120-000612/ Thu, 20 Jan 2022 00:06:11 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220120-000612/ These days, ID.me is perhaps better known as the online identity verification service that many states now use to help stanch the loss of billions of dollars in unemployment insurance and pandemic assistance stolen each year by identity thieves. The privately-held company says it has approximately 64 million users, and gains roughly 145,000 new users each day.<br> https://www.whatsupup.com/blog/ideo/fleury/20220119-200648/ Wed, 19 Jan 2022 20:06:47 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220119-200648/ If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me , an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device.<br> The IRS says it will require ID.me for all logins later this summer.<br> McLean, Va.-based ID.me was originally launched in 2010 with the goal of helping e-commerce sites validate the identities of customers who might be <a rel="noreferrer" target="_blank" href="https://shop.id.me/">eligible for discounts</a> at various retail establishments, such as veterans, teachers, students, nurses and first responders.<br> These days, ID.me is perhaps better known as the online identity verification service that many states now use to help staunch the loss of billions of dollars in unemployment insurance and pandemic assistance stolen each year by identity thieves. The privately-held company says it has approximately 64 million users, and gains roughly 145,000 new users each day.<br> Some 27 states already use ID.me to screen for identity thieves applying for benefits in someone else’s name, and now the IRS is joining them. The service requires applicants to supply a great deal more information than typically requested for online verification schemes, such as scans of their driver’s license or other government-issued ID, copies of utility or insurance bills, and details about their mobile phone service.<br> When an applicant doesn’t have one or more of the above — or if something about their application triggers potential fraud flags — ID.me may require a recorded, live video chat with the person applying for benefits.<br> Since my credentials at the IRS will soon no longer work, I opted to create an ID.me account and share the experience here. An important preface to this walk-through is that verifying one’s self with Id.me requires one to be able to take a live, video selfie — either with the camera on a mobile device or a webcam attached to a computer (your webcam must be able to open on the device you’re using to apply for the ID.me account). <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/irs-will-soon-require-selfies-for-online-access/#more-58154">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/irs-will-soon-require-selfies-for-online-access/">IRS Will Soon Require Selfies for Online Access</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220119-161900/ Wed, 19 Jan 2022 16:19:00 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220119-161900/ January 19, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/01/19/Help-Chile-promote-digital-freedoms.html">Help Chile write free software values, privacy, and digital sovereignty into their constitution</a><br> https://www.whatsupup.com/blog/trifid/ragwort/20220119-161627/ Wed, 19 Jan 2022 16:16:27 +0000 https://www.whatsupup.com/blog/trifid/ragwort/20220119-161627/ <a rel="noreferrer" target="_blank" href="https://smartcar.com/blog/smartcar-series-b-funding/">Announcing Smartcar's $24M Series B Funding</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20220119-161455/ Wed, 19 Jan 2022 16:14:55 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20220119-161455/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2022/01/reducing-security-risks-in-open-source.html">Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4</a><br></p> <hr> Posted by Laurent Simon and Azeem Shaikh, Google Open Source Security Team (GOSST)<br> Since our <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/07/measuring-security-risks-in-open-source.html">July announcement</a> of Scorecards V2, the Scorecards project—an automated security tool to flag risky supply chain practices in open source projects—has grown steadily to over 40 unique contributors and 18 implemented security checks. Today we are proud to announce the V4 release of Scorecards, with larger scaling, a new security check, and a new Scorecards GitHub Action for easier security automation. The Scorecards Action is released in partnership with GitHub and is available from <a rel="noreferrer" target="_blank" href="https://github.com/marketplace/actions/ossf-scorecard-action">GitHub's Marketplace</a> . The Action makes using Scorecards easier than ever: it runs automatically on repository changes to alert developers about risky supply-chain practices. Maintainers can view the alerts on GitHub's <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository">code scanning dashboard</a> , which is available for free to public repositories on GitHub.com and via GitHub Advanced Security for private repositories. Additionally, we have scaled our weekly Scorecards scans to over one million GitHub repositories, and have partnered with the <a rel="noreferrer" target="_blank" href="http://deps.dev/">Open Source Insights</a> website for easy user access to the data. For more details about the release, including the new Dangerous-Workflow security check, visit the OpenSSF's official blog post <a rel="noreferrer" target="_blank" href="https://security.googleblog.com">here</a> .<br> https://www.whatsupup.com/blog/stratification/pride/20220119-122046/ Wed, 19 Jan 2022 12:20:46 +0000 https://www.whatsupup.com/blog/stratification/pride/20220119-122046/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292175/?p=boingboing&utm_source=boingboing">$1,260 50CC TRIKE MEAN DOGG II SCOOTER GAS MOPED</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292107/?p=boingboing&utm_source=boingboing">$3,000 Joss West Pool Cue….</a><br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292141/?p=boingboing&utm_source=boingboing">$300 P s 5</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291898/?p=boingboing&utm_source=boingboing">$700 Gibson 1949 TB150 5 string conversion</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220119-082253/ Wed, 19 Jan 2022 08:22:52 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220119-082253/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2020/07/18/competitive-programming-in-haskell-cycle-decomposition-with-mutable-arrays/">Competitive programming in Haskell: cycle decomposition with mutable arrays</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220119-042112/ Wed, 19 Jan 2022 04:21:12 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220119-042112/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/18/technology/video-games-activision-microsoft.html">‘New Eyes’: Gamers Greet Microsoft’s Activision Deal With Guarded Optimism Some players, unhappy with Activision in recent years, said the Microsoft deal could reverse a decline in quality. By Erin Woo and Kellen Browning</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220119-041309/ Wed, 19 Jan 2022 04:13:08 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220119-041309/ Important clarification: I have been informed I am not actually the new Chairman of the WEF. Instead, it turns out I am the new Chairman of the WWE. I regret the error. <a rel="noreferrer" target="_blank" href="https://t.co/edMe736vYR"><a href="https://t.co/edMe736vYR">https://t.co/edMe736vYR</a></a><br> As my first act as Chairman, the World Economic Forum is hereby renamed Wef3. <a rel="noreferrer" target="_blank" href="https://t.co/0BNrfFaOWE"><a href="https://t.co/0BNrfFaOWE">https://t.co/0BNrfFaOWE</a></a><br> Proud to announce my new job as Chairman of the World Economic Forum. <a rel="noreferrer" target="_blank" href="https://t.co/CaOSqTJVMj"><a href="https://t.co/CaOSqTJVMj">https://t.co/CaOSqTJVMj</a></a><br> https://www.whatsupup.com/blog/reigned/coffeecake/20220119-040936/ Wed, 19 Jan 2022 04:09:35 +0000 https://www.whatsupup.com/blog/reigned/coffeecake/20220119-040936/ © mmxxii pg<br> https://www.whatsupup.com/blog/beautifying/hagriding/20220119-002552/ Wed, 19 Jan 2022 00:25:51 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220119-002552/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/01/podcast-episode-how-private-is-your-bank-account">Podcast Episode: How private is your bank account?</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20220119-002551/ Wed, 19 Jan 2022 00:25:50 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20220119-002551/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/01/podcast-episode-how-private-is-your-bank-account">Podcast Episode: How private is your bank account?</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220118-201935/ Tue, 18 Jan 2022 20:19:35 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220118-201935/ January 18, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/01/18/Pine64s-weird-priorities.html">Pine64 should re-evaluate their community priorities</a><br> https://www.whatsupup.com/blog/sited/implore/20220118-201758/ Tue, 18 Jan 2022 20:17:58 +0000 https://www.whatsupup.com/blog/sited/implore/20220118-201758/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2022/01/18/business/stock-market-economy-news/regulators-aim-to-rewrite-rules-for-big-mergers">Regulators aim to rewrite rules for big mergers. U.S. antitrust leaders said they would focus on the tech industry’s free services as they strengthened the review process for corporate consolidation. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20220118-201606/ Tue, 18 Jan 2022 20:16:05 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20220118-201606/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2022/01/zooming-in-on-zero-click-exploits.html">Zooming in on Zero-click Exploits</a><br></p> <hr> Posted by Natalie Silvanovich, Project Zero<br> Zoom is a video conferencing platform that has gained popularity throughout the pandemic. Unlike other video conferencing systems that I have investigated, where one user initiates a call that other users must immediately accept or reject, Zoom calls are typically scheduled in advance and joined via an email invitation. In the past, I hadn’t prioritized reviewing Zoom because I believed that any attack against a Zoom client would require multiple clicks from a user. However, a zero-click attack against the Windows Zoom client was recently <a rel="noreferrer" target="_blank" href="https://blog.zoom.us/zoom-sponsors-pwn2own-security-competition/">revealed</a> at Pwn2Own, showing that it does indeed have a fully remote attack surface. The following post details my investigation into Zoom.<br> This analysis resulted in two vulnerabilities being reported to Zoom. One was a buffer overflow that affected both Zoom clients and MMR servers, and one was an info leak that is only useful to attackers on MMR servers. Both of these vulnerabilities were fixed on November 24, 2021.<br> Zoom Attack Surface Overview<br> Zoom’s main feature is multi-user conference calls called meetings that support a variety of features including audio, video, screen sharing and in-call text messages. There are several ways that users can join Zoom meetings. To start, Zoom provides full-featured installable clients for many platforms, including Windows, Mac, Linux, Android and iPhone. Users can also join Zoom meetings using a browser link, but they are able to use fewer features of Zoom. Finally, users can join a meeting by dialing phone numbers provided in the invitation on a touch-tone phone, but this only allows access to the audio stream of a meeting. This research focused on the Zoom client software, as the other methods of joining calls use existing device features.<br> Zoom clients support several communication features other than meetings that are available to a user’s Zoom Contacts. A Zoom Contact is a user that another user has added as a contact using the Zoom user interface. Both users must consent before they become Zoom Contacts. Afterwards, the users can send text messages to one another outside of meetings and start channels for persistent group conversations. Also, if either user hosts a meeting, they can invite the other user in a manner that is similar to a phone call: the other user is immediately notified and they can join the meeting with a single click. These features represent the zero-click attack surface of Zoom. Note that this attack surface is only available to attackers that have convinced their target to accept them as a contact. Likewise, meetings are part of the one-click attack surface only for Zoom Contacts, as other users need to click several times to enter a meeting.<br> That said, it’s likely not that difficult for a dedicated attacker to convince a target to join a Zoom call even if it takes multiple clicks, and the way some organizations use Zoom presents interesting attack scenarios. For example, many groups host public Zoom meetings, and Zoom supports a paid Webinar feature where large groups of unknown attendees can join a one-way video conference. It could be possible for an attacker to join a public meeting and target other attendees. Zoom also relies on a server to transmit audio and video streams, and end-to-end encryption is off by default. It could be possible for an attacker to compromise Zoom’s servers and gain access to meeting data.<br> Zoom Messages<br> I started out by looking at the zero-click attack surface of Zoom. Loading the Linux client into IDA, it appeared that a great deal of its server communication occurred over XMPP. Based on strings in the binary, it was clear that XMPP parsing was performed using a library called <a rel="noreferrer" target="_blank" href="https://camaya.net/gloox/">gloox</a> . I fuzzed this library using AFL and other coverage-guided fuzzers, but did not find any vulnerabilities. I then looked at how Zoom uses the data provided over XMPP.<br> XMPP traffic seemed to be sent over SSL, so I located the SSL_write function in the binary based on log strings, and hooked it using <a rel="noreferrer" target="_blank" href="https://frida.re/">Frida</a> . The output contained many XMPP stanzas (messages) as well as other network traffic, which I analyzed to determine how XMPP is used by Zoom. XMPP is used for most communication between Zoom clients outside of meetings, such as messages and channels, and is also used for signaling (call set-up) when a Zoom Contact invites another Zoom Contact to a meeting.<br> I spent some time going through the client binary trying to determine how the client processes XMPP, for example, if a stanza contains a text message, how is that message extracted and displayed in the client. Even though the Zoom client contains many log strings, this was challenging, and I eventually asked my teammate Ned Williamson for help locating symbols for the client. He discovered that several old versions of the Android Zoom SDK contained symbols. While these versions are roughly five years old, and do not present a complete view of the client as they only include some libraries that it uses, they were immensely helpful in understanding how Zoom uses XMPP.<br> Application-defined tags can be added to gloox’s XMPP parser by extending the class StanzaExtension and implementing the method newInstance to define how the tag is converted into a C++ object. Parsed XMPP stanzas are then processed using the MessageHandler class. Application developers extend this class, implementing the method handleMessage with code that performs application functionality based on the contents of the stanza received. Zoom implements its XMPP handling in CXmppIMSession::handleMessage , which is a large function that is an entrypoint to most messaging and calling features. The final processing stage of many XMPP tags is in the class ns_zoom_messager::CZoomMMXmppWrapper , which contains many methods starting with ‘On’ that handle specific events. I spent a fair amount of time analyzing these code paths, but didn’t find any bugs. Interestingly, Thijs Alkemade and Daan Keuper released a <a rel="noreferrer" target="_blank" href="https://sector7.computest.nl/post/2021-08-zoom/">write-up</a> of their Pwn2Own bug after I completed this research, and it involved a vulnerability in this area.<br> RTP Processing<br> Afterwards, I investigated how Zoom clients process audio and video content. Like all other video conferencing systems that I have analyzed, it uses Real-time Transport Protocol (RTP) to transport this data. Based on log strings included in the Linux client binary, Zoom appears to use a branch of WebRTC for audio. Since I have looked at this library a great deal in <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-1.html">previous</a> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-1.html">posts</a> , I did not investigate it further. For video, Zoom implements its own RTP processing and uses a custom underlying codec named Zealot (libzlt).<br> Analyzing the Linux client in IDA, I found what I believed to be the video RTP entrypoint, and fuzzed it using afl-qemu. This resulted in several crashes, mostly in RTP extension processing. I tried modifying the RTP sent by a client to reproduce these bugs, but it was not received by the device on the other side and I suspected the server was filtering it. I tried to get around this by enabling end-to-end encryption, but Zoom does not encrypt RTP headers, only the contents of RTP packets (as is typical of most RTP implementations).<br> Curious about how Zoom server filtering works, I decided to set up <a rel="noreferrer" target="_blank" href="https://support.zoom.us/hc/en-us/articles/360034064852-Zoom-On-Premise-Deployment">Zoom On-Premises Deployment</a> . This is a Zoom product that allows customers to set up on-site servers to process their organization’s Zoom calls. This required a fair amount of configuration, and I ended up reaching out to the Zoom Security Team for assistance. They helped me get it working, and I greatly appreciate their contribution to this research.<br> Zoom On-Premises Deployments consist of two hosts: the controller and the Multimedia Router (MMR) . Analyzing the traffic to each server, it became clear that the MMR is the host that transmits audio and video content between Zoom clients. Loading the code for the MMR process into IDA, I located where RTP is processed, and it indeed parses the extensions as a part of its forwarding logic and verifies them correctly, dropping any RTP packets that are malformed.<br> The code that processes RTP on the MMR appeared different than the code that I fuzzed on the device, so I set up fuzzing on the server code as well. This was challenging, as the code was in the MMR binary, which was not compiled as a relocatable binary (more on this later). This meant that I couldn’t load it as a library and call into specific offsets in the binary as I usually do to fuzz binaries that don’t have source code available. Instead, I compiled my own fuzzing stub that called the function I wanted to fuzz as a relocatable that defined fopen , and loaded it using LD_PRELOAD when executing the MMR binary. Then my code would take control of execution the first time that the MMR binary called fopen , and was able to call the function being fuzzed.<br> This approach has a lot of downsides, the biggest being that the fuzzing stub can’t accept command line parameters, execution is fairly slow and a lot of fuzzing tools don’t honor LD_PRELOAD on the target. That said, I was able to fuzz with code coverage using Mateusz Jurczyk’s excellent <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/DrSancov">DrSanCov</a> , with no results.<br> Packet Processing<br> When analyzing RTP traffic, I noticed that both Zoom clients and the MMR server process a great deal of packets that didn’t appear to be RTP or XMPP. Looking at the SDK with symbols, one library appeared to do a lot of serialization: libssb_sdk.so. This library contains a great deal of classes with the methods load_from and save_to defined with identical declarations, so it is likely that they all implement the same virtual class.<br> One parameter to the load_from methods is an object of class msg_db_t ,  which implements a buffer that supports reading different data types. Deserialization is performed by load_from methods by reading needed data from the msg_db_t object, and serialization is performed by save_to methods by writing to it.<br> After hooking a few save_to methods with Frida and comparing … https://www.whatsupup.com/blog/gaper/whisky/20220118-162130/ Tue, 18 Jan 2022 16:21:29 +0000 https://www.whatsupup.com/blog/gaper/whisky/20220118-162130/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/01/contributing-to-mdn-meet-the-contributors/">Contributing to MDN: Meet the Contributors →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2022/01/contributing-to-mdn-meet-the-contributors/">Contributing to MDN: Meet the Contributors</a><br> <hr> If you’ve ever built anything with web technologies, you’re probably familiar with MDN Web Docs. With about 13,000 pages documenting how to use programming languages such as HTML, CSS and JavaScript, the site has about 8,000 people using it at any given moment. MDN relies on contributors to help maintain its ever-expanding and up to date documentation. We reached out to 4 long-time community contributors to talk about how and why they started contributing, why they kept going, and ask what advice they have for new contributors.<br> https://www.whatsupup.com/blog/phonic/shopboy/20220118-081451/ Tue, 18 Jan 2022 08:14:50 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220118-081451/ Josh Kopelman <a rel="noreferrer" target="_blank" href="https://twitter.com/joshk">@joshk</a><br> One of my favorite pastimes when spending time with other VC's is to try to decide which phase of the VC lifecycle they are currently in… <a rel="noreferrer" target="_blank" href="https://t.co/8yjcI5O0cl"><a href="https://t.co/8yjcI5O0cl">https://t.co/8yjcI5O0cl</a></a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220118-001626/ Tue, 18 Jan 2022 00:16:25 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220118-001626/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/01/12/New-Years-Day">New Year’s Day</a> · In Vancouver, we have a tradition of going for a walk on New Year’s Day, no matter how foul the weather, if only to prove to Other Canadians that the thing is possible. 2022 too, despite its being an extremely low-expectations year. And it wasn’t the worst New Year’s Day beachwalk ever, so maybe it won’t be the worst year ever. And it leaves me with advice for the world. But first… <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/01/12/New-Years-Day">…</a> [1 comment]<br> https://www.whatsupup.com/blog/phonic/shopboy/20220117-201245/ Mon, 17 Jan 2022 20:12:45 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220117-201245/ Since we can't make it to Davos this year… <a rel="noreferrer" target="_blank" href="https://t.co/HLuIwImJJ0"><a href="https://t.co/HLuIwImJJ0">https://t.co/HLuIwImJJ0</a></a><br> Davos DeVille <a rel="noreferrer" target="_blank" href="https://twitter.com/DavosDeville">@DavosDeville</a><br> SPECIAL ADDRESS: DAVOS UNLEASHED #WEF22 #WEF2022 #WIF2022 #davosunleashed <a rel="noreferrer" target="_blank" href="https://t.co/vcDRLB05Fx"><a href="https://t.co/vcDRLB05Fx">https://t.co/vcDRLB05Fx</a></a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220117-161841/ Mon, 17 Jan 2022 16:18:41 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220117-161841/ Our use of cookies<br> We use necessary cookies to make our site work. We also set performance and functionality cookies that help us make improvements by measuring traffic on our site. For more detailed information about the cookies we use, please see our <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/privacy#cookies">privacy policy</a> . ✖<br> https://www.whatsupup.com/blog/ideo/fleury/20220117-160709/ Mon, 17 Jan 2022 16:07:08 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220117-160709/ “This is Russian ransomware diplomacy,” Alperovitch said on Twitter. “It is a signal to the United States — if you don’t enact severe sanctions against us for invasion of Ukraine, we will continue to cooperate with you on ransomware investigations.”<br> The REvil arrests were announced as many government websites in Ukraine were <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/14/world/europe/hackers-ukraine-government-sites.html">defaced by hackers</a> with an ominous message warning Ukrainians that their personal data was being uploaded to the Internet. “Be afraid and expect the worst,” the message warned. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/at-request-of-u-s-russia-rounds-up-14-revil-ransomware-affiliates/#more-58116">Continue reading →</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220117-042107/ Mon, 17 Jan 2022 04:21:07 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220117-042107/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2009/10/28/collecting-attributes/">Collecting attributes</a><br> https://www.whatsupup.com/blog/stratification/pride/20220117-001945/ Mon, 17 Jan 2022 00:19:44 +0000 https://www.whatsupup.com/blog/stratification/pride/20220117-001945/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292107/?p=boingboing&utm_source=boingboing">$3,000 Joss West Pool Cue….</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292141/?p=boingboing&utm_source=boingboing">$300 P s 5</a><br> https://www.whatsupup.com/blog/palpable/mulla/20220117-000738/ Mon, 17 Jan 2022 00:07:38 +0000 https://www.whatsupup.com/blog/palpable/mulla/20220117-000738/ <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2022/01/16/hydra-states.html">Hydra (Diablo 3 Season 25), simplified</a><br> https://www.whatsupup.com/blog/stratification/pride/20220116-041636/ Sun, 16 Jan 2022 04:16:35 +0000 https://www.whatsupup.com/blog/stratification/pride/20220116-041636/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291898/?p=boingboing&utm_source=boingboing">$700 Gibson 1949 TB150 5 string conversion</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292109/?p=boingboing&utm_source=boingboing">$800 Made by RC Designs</a><br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291531/?p=boingboing&utm_source=boingboing">$39,984 2019 Tesla Model 3</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104290697/?p=boingboing&utm_source=boingboing">$18,000 1977 Mercedes-Benz 450SL</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20220115-161820/ Sat, 15 Jan 2022 16:18:20 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20220115-161820/ January 15, 2022 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2022/01/15/2022-01-15-The-RISC-V-experience.html">The RISC-V experience</a><br> https://www.whatsupup.com/blog/playacted/rededication/20220115-121809/ Sat, 15 Jan 2022 12:18:09 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220115-121809/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/15/technology/crypto-gamers-nfts.html">Crypto Enthusiasts Meet Their Match: Angry Gamers Game publishers are offering NFTs, but skeptical gamers smell a moneymaking scheme and are fighting back. By Mike Isaac and Kellen Browning</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20220115-001713/ Sat, 15 Jan 2022 00:17:13 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20220115-001713/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ukraine-crisis-cyber-impact/no-lights-no-heat-no-money-thats-life-in-ukraine-during-cyber-warfare-idUSKBN2JO29P">No lights, no heat, no money - that's life in Ukraine during cyber warfare</a><br></p> <hr> Hackers who defaced and interrupted access to numerous Ukrainian government websites https://www.reuters.com/world/europe/exclusive-hackers-likely-used-software-administration-rights-third-party-hit-2022-01-14 on Friday could be setting the stage for more serious cyberattacks that would disrupt the lives of ordinary Ukrainians, experts said.<br> https://www.whatsupup.com/blog/sited/implore/20220115-001618/ Sat, 15 Jan 2022 00:16:18 +0000 https://www.whatsupup.com/blog/sited/implore/20220115-001618/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/14/technology/facebook-antitrust-case.html">States appeal a judge’s decision to throw out their Facebook antitrust case. The states’ central claim is that Facebook acquired competitors — particularly Instagram in 2012 and WhatsApp in 2014 — in a predatory manner, by crushing competition. By Cecilia Kang</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/14/business/martin-shkreli-barred.html">Martin Shkreli is barred from the drug industry and ordered to repay $64.6 million. A federal judge found that Mr. Shkreli violated state and federal antitrust laws by trying to maintain a monopoly over a lifesaving drug and must pay back the excess profits. By Rebecca Robbins and Cecilia Kang</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220115-001201/ Sat, 15 Jan 2022 00:12:00 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220115-001201/ <a rel="noreferrer" target="_blank" href="https://t.co/bPjrehGY26"><a href="https://t.co/bPjrehGY26">https://t.co/bPjrehGY26</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/B1yVWx16Wq"><a href="https://t.co/B1yVWx16Wq">https://t.co/B1yVWx16Wq</a></a><br> Please join us in building American Dynamism! <a rel="noreferrer" target="_blank" href="https://t.co/bPjrehGY26"><a href="https://t.co/bPjrehGY26">https://t.co/bPjrehGY26</a></a><br> https://www.whatsupup.com/blog/ideo/fleury/20220115-000608/ Sat, 15 Jan 2022 00:06:07 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220115-000608/ The Russian government said today it arrested 14 people accused of working for “ REvil ,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a request from U.S. officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin’s decision to station 100,000 troops along the nation’s border with Ukraine.<br> The FSB <a rel="noreferrer" target="_blank" href="http://www.fsb.ru/fsb/press/message/single.htm%21id%3D10439388%40fsbMessage.html">said</a> it arrested 14 REvil ransomware members, and searched more than two dozen addresses in Moscow, St. Petersburg, Leningrad and Lipetsk. As part of the raids, the FSB seized more than $600,000 US dollars, 426 million rubles (~$USD 5.5 million), 500,000 euros, and 20 “premium cars” purchased with funds obtained from cybercrime.<br> “The search activities were based on the appeal of the US authorities, who reported on the leader of the criminal community and his involvement in encroaching on the information resources of foreign high-tech companies by introducing malicious software, encrypting information and extorting money for its decryption,” the FSB said. “Representatives of the US competent authorities have been informed about the results of the operation.”<br> The FSB did not release the names of any of the individuals arrested, although a report from the Russian news agency TASS <a rel="noreferrer" target="_blank" href="https://tass.ru/proisshestviya/13431845">mentions two defendants</a> : Roman Gennadyevich Muromsky , and Andrey Sergeevich Bessonov . Russian media outlet RIA Novosti released video footage from some of the raids:<br> REvil is widely thought to be a reincarnation of <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=gandcrab">GandCrab</a> , a Russian-language ransomware affiliate program that bragged of stealing more than $2 billion when it closed up shop in the summer of 2019. For roughly the next two years, REvil’s “Happy Blog” would churn out press releases naming and shaming dozens of new victims each week. A February 2021 analysis from researchers at IBM found the REvil gang <a rel="noreferrer" target="_blank" href="https://www.ibm.com/security/data-breach/threat-intelligence">earned more than $120 million in 2020 alone</a> .<br> But all that changed last summer, when REvil associates working with another ransomware group — DarkSide — attacked Colonial Pipeline , <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/">causing fuel shortages and price spikes across the United States</a> . Just months later, a multi-country law enforcement operation allowed investigators <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/">to hack into the REvil gang’s operations and force the group offline</a> .<br> In November 2021, Europol <a rel="noreferrer" target="_blank" href="https://www.europol.europa.eu/media-press/newsroom/news/five-affiliates-to-sodinokibi/revil-unplugged">announced</a> it arrested seven REvil affliates who collectively made more than $230 million worth of ransom demands since 2019. At the same time, U.S. authorities <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/revil-ransom-arrest-6m-seizure-and-10m-reward/">unsealed two indictments against a pair of accused REvil cybercriminals</a> , which referred to the men as “REvil Affiliate #22” and “REvil Affiliate #23.”<br> It is clear that U.S. authorities have known for some time the real names of REvil’s top captains and moneymakers. Last fall, President Biden told Putin that <a rel="noreferrer" target="_blank" href="https://www.cnbc.com/2021/07/09/ransomware-biden-presses-putin-to-disrupt-cybercriminals-in-russia.html">he expects Russia to act</a> when the United States shares information on specific Russians involved in ransomware activity.<br> So why now? Russia has amassed approximately 100,000 troops along its southern border with Ukraine, and diplomatic efforts to defuse the situation have reportedly broken down. The Washington Post and other media outlets today <a rel="noreferrer" target="_blank" href="https://www.washingtonpost.com/national-security/russia-ukraine-invasion-sabotage-operations/2022/01/14/769314a2-754f-11ec-8ec6-9d61f7afbe17_story.html">report</a> that the Biden administration has accused Moscow of sending saboteurs into Eastern Ukraine to stage an incident that could give Putin a pretext for ordering an invasion.<br> “The most interesting thing about these arrests is the timing,” said Kevin Breen , director of threat research at <a rel="noreferrer" target="_blank" href="https://www.immersivelabs.com">Immersive Labs</a> . “For years, Russian Government policy on cybercriminals has been less than proactive to say the least. With Russia and the US currently at the diplomatic table, these arrests are likely part of a far wider, multi-layered, political negotiation.”<br> President Biden has warned that Russia can expect severe sanctions should it choose to invade Ukraine. But Putin in turn has said such sanctions could cause a complete break in diplomatic relations between the two countries.<br> Dmitri Alperovitch , co-founder of and former chief technology officer for the security firm <a rel="noreferrer" target="_blank" href="https://www.crowdstrike.com">CrowdStrike</a> , called the REvil arrests in Russia “ransomware diplomacy.”<br> “This is Russian ransomware diplomacy,” Alperovitch said on Twitter. “It is a signal to the United States — if you don’t enact severe sanctions against us for invasion of Ukraine, we will continue to cooperate with you on ransomware investigations.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/at-request-of-u-s-russia-rounds-up-14-revil-ransomware-affiliates/#more-58116">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/at-request-of-u-s-russia-rounds-up-14-revil-ransomware-affiliates/">At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20220114-201614/ Fri, 14 Jan 2022 20:16:13 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20220114-201614/ If you already know what MetaMask does, skip this part.<br> Yet another dependency: this time to something called “<br> Update (1/14): the comments below discuss key generation in<br> , but MetaMask uses a BIP39-based keyphrase, which means that most ECDSA keys are actually generated elsewhere (allegedly in <a rel="noreferrer" target="_blank" href="https://github.com/bitcoinjs/bip39">bitcoinjs/bip39</a> ). In retrospect this should have been obvious to me, but thanks to <a rel="noreferrer" target="_blank" href="https://twitter.com/kumavis_">@kumavis_</a> for pointing it out. I’m keeping the section below just to be complete, but this code (probably) isn’t used by MetaMask.<br> A basic point to make here is that much of this review has come down to examining code that solves a single problem: (deterministically) sampling integers within a precise range. So far I’ve reviewed at least two different custom implementations of the same process, both with slightly different results. Why is the same code repeated so often? Just make this a subroutine so we can analyze it and be sure it’s working correctly.<br> https://www.whatsupup.com/blog/doable/warrantable/20220114-201340/ Fri, 14 Jan 2022 20:13:40 +0000 https://www.whatsupup.com/blog/doable/warrantable/20220114-201340/ <p><a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/?source=user_profile----------------------------------------">Jaana Dogan</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/followers?source=user_profile----------------------------------------">9.98K Followers</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/about?source=user_profile----------------------------------------">About</a><br> <hr> Follow<br> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com">Sign in</a><br> <hr> Get started<br> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/three-ways-to-trace-end-to-end-f61181d6db63?source=user_profile---------0-------------------------------">Jul 7, 2021</a><br> <hr> Having end-to-end distributed traces is a huge challenge for any project. In distributed tracing, end-to-end tracing is a term often used to refer to traces that capture most components in a critical path. Imagine an HTTP request made to trigger a Lambda function. Being able to see the HTTP client…<br> 257<br> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/three-ways-to-trace-end-to-end-f61181d6db63?responsesOpen=true&source=user_profile---------0-------------------------------">1</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/why-is-metric-collection-still-a-hard-problem-in-2020-a901ba1e028f?source=user_profile---------1-------------------------------">Why is metric collection still a hard problem in 2020?</a><br> <hr> Metric collection keeps being one of the hard problems. We’ve been collecting metrics for a very long time, so why is this a hard problem still in 2020? Our workloads are becoming larger and more sophisticated. In order to produce useful metric data, we are producing and collecting richer metric…<br> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/what-did-i-forget-by-working-for-the-same-company-c51b52ce2f8c?source=user_profile---------2-------------------------------">What did I forget by working for the same company?</a><br> <hr> “xooglers always be like ‘at google we…’ — <a rel="noreferrer" target="_blank" href="https://twitter.com/devonbl/status/1329905383175929858">devonbl</a><br> A month into my departure from Google, I can relate to this. It annoys me probably more than my current coworkers at <a rel="noreferrer" target="_blank" href="https://twitter.com/rakyll/status/1315068454873907200">AWS</a> because they know it’s ok to make comparisons when…<br> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/correlation-in-latency-analysis-419357b93287?source=user_profile---------3-------------------------------">Correlation in Latency Analysis</a><br> <hr> This article was my response to Amazon’s writing assessment when I was interviewed. I answered the question of “What is the most inventive or innovative thing you’ve done? It doesn’t have to be something that’s patented. …<br> <a rel="noreferrer" target="_blank" href="https://medium.com/google-cloud?source=user_profile---------4-------------------------------">Published in Google Cloud - Community</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://medium.com/google-cloud/spanners-sql-story-79bda8bb632d?source=user_profile---------4-------------------------------">· Jul 22, 2020</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://medium.com/google-cloud/spanners-sql-story-79bda8bb632d?source=user_profile---------4-------------------------------">Spanner’s SQL Story</a><br> <hr> Spanner is a distributed database Google initiated a while ago to build a highly available and highly consistent database for its own workloads. Spanner was initially built to be a key/value and was in a completely different shape than it is today and it had different goals. Since the beginning…<br> <a rel="noreferrer" target="_blank" href="https://medium.com/google-cloud/how-does-spanner-avoid-single-point-of-failures-in-writes-4f7765cd894?source=user_profile---------5-------------------------------">How Does Spanner Avoid Single Point of Failures in Writes?</a><br> <hr> Google’s <a rel="noreferrer" target="_blank" href="https://cloud.google.com/spanner">Spanner</a> is a relational database with 99.999% availability which translates to 5 mins of downtime a year. Spanner is a distributed system and can span multiple machines, multiple datacenters (and even geographical regions when configured). It splits the records automatically among its replicas and provides automatic failover. …<br> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/things-i-wished-more-developers-knew-about-databases-2d0178464f78?source=user_profile---------6-------------------------------">Things I Wished More Developers Knew About Databases</a><br> <hr> A large majority of computer systems have some state and are likely to depend on a storage system. My knowledge on databases accumulated over time, but along the way our design mistakes caused data loss and outages. In data-heavy systems, databases are at the core of system design goals and…<br> 10.4K<br> <a rel="noreferrer" target="_blank" href="https://medium.com/google-cloud/persistent-disks-and-replication-9b9412fd9565?source=user_profile---------7-------------------------------">Persistent Disks and Replication</a><br> <hr> If you are a cloud user, you probably have seen how unconventional storage options can get. This is even true for disks you access from your virtual machines. There are not many ongoing conversations or references about the underlying details of core infrastructure. …<br> <a rel="noreferrer" target="_blank" href="https://medium.com/observability?source=user_profile---------8-------------------------------">Published in Observability+</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://medium.com/observability/health-availability-debuggability-5b0ab300b35c?source=user_profile---------8-------------------------------">Health, Availability, Debuggability</a><br> <hr> As we collect various observability signals from systems, it fosters a new conversation around the classification of the signals.<br> There is a significant discussion on observability signals and even strong advocacy for one signal over the other. Metrics, events, logs, traces or others? …<br> Show more<br> <a rel="noreferrer" target="_blank" href="https://medium.com/google-cloud/google-cloud-run-for-go-ec09ddbba111?source=user_profile---------9-------------------------------">Google Cloud Run for Go</a><br> <hr> Google Cloud recently launched a fully managed container execution environment called <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com">Cloud Run</a> . It is an environment specifically for request-driven workloads. It provides autoscaling, scaling down to zero, pretty fast deployments, automatic HTTPS support, global names and more. Google Cloud Run doesn’t have language runtime restrictions as soon as the…<br> <a rel="noreferrer" target="_blank" href="https://help.medium.com/hc/en-us?source=user_profile----------------------------------------">Help</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=user_profile----------------------------------------">Legal</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20220114-161540/ Fri, 14 Jan 2022 16:15:39 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20220114-161540/ I want to stress that this was an informal code review : I didn’t use any tooling, didn’t even download (most) code to my computer. In fact my “review” mostly involved poking around various Github repositories to see if I could find anything that immediately jumped out as incorrect, and failing that, at least could give me a feeling for the quality of MetaMask’s crypto code. (In fact I did about half the work on my phone while eating a burrito bowl at Chipotle.)<br> And this last part isn’t just a personal gripe. My TL;DR is that finding and reviewing the correct code was made difficult because there were far too many different organizations owning the dependencies that led to the crypto routines themselves. This made me uncomfortable, given how much money these routines are responsible for securing.<br> Since many readers have probably never used DeFi, I figure I should give a quick background here on “web3” and MetaMask in particular. If you know something about MetaMask, skip this part.<br> Ok, so forget everything I did above. That was my mistake. I promise to come back to those newer code paths soon, but that’s for the future. My goal in this review was to look at MetaMask as it exists today. Apparently that means I need to look at Fedor’s <a rel="noreferrer" target="_blank" href="https://github.com/indutny/elliptic">elliptic</a> library.<br> seems poorly defined and serves two slightly different purposes, triggered by a boolean flag — which is just omitted in some calls.<br> A basic point to make here is that much of this review has come down to reviewing code that solves a simple problem: (deterministically) sampling integers within a precise range. So far I’ve reviewed at least two different custom implementations of the same process, both with slightly different results. Why is the same code repeated so often? Just make this a subroutine so we can analyze it and be sure it’s working correctly.<br> Anyway the (possible) issues above probably don’t really matter. I’ll assume in most cases private keys are generated correctly using a secure random number generator, which takes the most obvious risks off the table.<br> If you’re writing a security-critical routine like “sample random integer in a precise range,” write that routine one time , not multiple times. Please!<br> https://www.whatsupup.com/blog/playacted/rededication/20220114-041907/ Fri, 14 Jan 2022 04:19:07 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220114-041907/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/13/us/politics/jan-6-tech-subpoenas.html">Jan. 6 Committee Subpoenas Four Big Tech Firms The panel investigating the attack on the Capitol is demanding information from Alphabet, Meta, Reddit and Twitter. By Luke Broadwater and Mike Isaac</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220114-041648/ Fri, 14 Jan 2022 04:16:47 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220114-041648/ <p><a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/congress-needs-to-stop-day-trading">Congress Needs To Stop Day Trading, Says Sen. Mark Warner</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/congress-needs-to-stop-day-trading">“If you take these jobs of responsibility, you have to be willing to give up something," Warner tells Big Technology.</a><br> <a rel="noreferrer" target="_blank" href="https://substack.com/profile/52351-alex-kantrowitz">Alex Kantrowitz</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/about">What is Big Technology?</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/archive">Archive</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/about?sort=people">Authors</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/account">My Account</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20220114-041546/ Fri, 14 Jan 2022 04:15:44 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20220114-041546/ NB: This post describes a very casual code review of a few cryptography functions used by MetaMask. It does not describe any vulnerabilities. If you’re the kind of person who likes a meandering and amateurish code review that goes absolutely nowhere, you’ll enjoy this post. Otherwise you might want to read something more exciting: I suggest Moxie’s recent <a rel="noreferrer" target="_blank" href="https://moxie.org/2022/01/07/web3-first-impressions.html">post on web3</a> .<br> For reasons I can’t fully explain, the other day I decided that it might be fun to spend an hour or two investigating the cryptography used by <a rel="noreferrer" target="_blank" href="https://metamask.io/">MetaMask</a> .<br> For those who aren’t familiar with the tool, MetaMask is a browser-based cryptocurrency wallet that is used used to access decentralized applications (dapps) on networks like Ethereum. My interest in MetaMask is mostly just based on curiosity: I recently invested about $100 into a decentralized finance application and I wanted to see how safe it really was. While there are lots of different ways I could lose that money, taking a look at MetaMask’s crypto seemed like as good a place to start as any.<br> I want to stress that this was an extremely casual code review : I didn’t use any tooling, didn’t even download (most) code to my computer. In fact my “review” mostly involved poking around various Github repositories to see if I could find anything that immediately jumped out as incorrect, and failing that, at least could give me a feeling for the quality of MetaMask’s crypto code. (In fact I did about half the work on my phone while eating a burrito bowl at Chipotle.)<br> After an hour or two of hunting through dependencies, I made the mistake of tweeting about my feelings:<br> I decided to look at MetaMask’s crypto, and oh wow I wish I could unlook.<br> — Matthew Green (@matthew_d_green) <a rel="noreferrer" target="_blank" href="https://twitter.com/matthew_d_green/status/1481327159599841280?ref_src=twsrc%5Etfw">January 12, 2022</a><br> I swear that this offhand Tweet was not meant to make anyone unhappy or scare people that their funds were at risk. Although I had a couple of scary moments, those were entirely on me. So let me be clear as possible right now: I did not find any exploitable vulnerabilities in MetaMask’s crypto!<br> What I did come back with is an uncomfortable feeling about the complexity and quality of MetaMask’s (current) crypto code, and some unhappy feelings about its dependency structure. Some of this stuff is basically unavoidable: file it under “browser crypto is scary.” Some is specific to the way the code is laid out. And some of it is a (non-trivial) gripe: this code is is much harder to audit than it should be.<br> And this last part isn’t just a personal gripe. My TL;DR is that finding and reviewing the correct code was much harder than it had to be. Moreover, there were far too many different organizations owning the dependencies that led to the crypto routines themselves. This made me uncomfortable, given how much money these routines are responsible for securing.<br> In this post I’m going to justify these opinions by walking you through a casual skim of MetaMask’s code and and crypto dependencies. To make you feel “like you were there”, I’m going to discuss the review more or less in the order it occurred — including the embarrassing part where I went off the rails and reviewed the wrong code.<br> If you enjoy reading crypto code for entertainment, this post might be for you. If you’re hoping that this will actually lead to anything exciting, I suspect you’ll be very disappointed.<br> Quick explainer: what is MetaMask?<br> Since many readers have probably never used DeFi, I figure I should give a quick background here on “web3” and MetaMask in particular.<br> From a technical perspective, web3 is pretty straightforward. It consists of many “decentralized apps” (dapps), each of which typically comprises a (typically Javascript) front-end web app, as well as some back-end business logic. What makes dapps special is the back-end portion, which is decentralized. Generally this means it relies on a smart contract running in a network like Ethereum.<br> Web3 front-ends are just web apps, and typically they’re served to your browser via standard web infrastructure. (Security here usually means HTTPS, so anyone who hacks a server or steals a <a rel="noreferrer" target="_blank" href="https://www.bloomberg.com/news/articles/2021-12-10/badgerdao-says-cloudflare-flaw-led-to-130-million-heist">Cloudflare API key</a> can change these apps’ code in malicious ways.)<br> Of course, web apps can’t communicate directly to blockchains, nor are they a good place to store private keys. This is why MetaMask exists. In its most popular instantiation, MetaMask ships as a browser extension for Chrome and Firefox. When a web application needs to send a transaction to a smart contract (e.g., because you want to deposit money into <a rel="noreferrer" target="_blank" href="https://aave.com/">Aave</a> ), MetaMask is responsible for signing the transaction and shipping the transaction to the chain.<br> On the bright side for this review, the actual cryptography in MetaMask is fairly limited: as a wallet, it must generate and store Ethereum public and private keys and it also needs to handle “simple” operations like ECDSA signing. On the other hand: we’re in a browser . So nothing is actually simple.<br> Climbing the dependency ladder<br> To put some bounds on the effort required, I decided to only look at the implementation of ECDSA signing and key generation (excluding the curve operations.) This seemed like an easy task I could get done in an hour or two while eating an extended lunch.<br> Finding the starting point for a review like this was harder than I expected. In short: it isn’t easy to grok the control flow of a complex event-based <a rel="noreferrer" target="_blank" href="https://github.com/MetaMask/metamask-extension">Javascript browser extension</a> to find out exactly which calls are “real” and which are tests or dead code. To shortcut this problem, my approach amounts to “grepping and hoping”, starting from the “ <a rel="noreferrer" target="_blank" href="https://github.com/MetaMask/metamask-extension">develop” branch of MetaMask’s extension repository.</a><br> A quick search for “sign” leads us to a promising call in the file <a rel="noreferrer" target="_blank" href="https://github.com/MetaMask/metamask-extension/blob/develop/app/scripts/metamask-controller.js">metamask-controller.js</a> :<br> ( <a rel="noreferrer" target="_blank" href="https://github.com/MetaMask/metamask-extension/blob/develop/app/scripts/metamask-controller.js">source file</a> )<br> Sadly, following this call path quickly leads us into dependency hell.<br> First, we reach a library called <a rel="noreferrer" target="_blank" href="https://www.npmjs.com/package/eth-keyring-controller">eth-keyring-controller</a> , which presumably manages Ethereum keyrings. A quick scan of that library shows it calling a second dependency: <a rel="noreferrer" target="_blank" href="https://github.com/MetaMask/eth-sig-util">eth-sig-util</a> . (Both are NPM packages developed by MetaMask.) We’ll jump right to the latter package, which… you guessed it, calls yet another package:<br> This call takes us out of MetaMask-owned code and out to a new package called “ <a rel="noreferrer" target="_blank" href="https://www.npmjs.com/package/ethereumjs-util">ethereum-jsutil</a> ” that’s maintained by the “ <a rel="noreferrer" target="_blank" href="https://github.com/ethereumjs">Ethereum Javascript community</a> “, whoever they are. (Don’t worry, we won’t stay here long enough to care.) Of course, in this package we find yet another layer of dependency indirection:<br> From here, we head over to a package called “ <a rel="noreferrer" target="_blank" href="https://github.com/ethereum/js-ethereum-cryptography/blob/master/src/secp256k1.ts">js-ethereum-cryptography</a> “, which holy cow is actually a repository maintained by the Ethereum project itself!<br> At this point I’m about halfway into my allotted review time and asking myself questions like “why didn’t MetaMask just call this library directly” and “why do I make poor life choices”. But never mind, we’re almost there: surely we are going to see some actual crypto code soon!<br> Except no, we are not. This is what we find in the Ethereum library:<br> Yet another call and yet another dependency: this time to something called “<br> noble<br> “. Here my quick-and-dirty approach to dependency resolution (Google “npm <package-name>”) fails me, since NPM says that “noble” is is a “ <a rel="noreferrer" target="_blank" href="https://www.npmjs.com/package/noble">Node.js Bluetooth Low Energy library</a> .” As cool as that would be — access the blockchain through Bluetooth! — I’m guessing this is not right.<br> A bit more searching leads me to believe that<br> is actually the <a rel="noreferrer" target="_blank" href="https://paulmillr.com/noble/">Noble cryptography library</a> , which appears to have been developed by Paul Miller. And hey, this code looks promising! The page lists actual cryptography design goals that seem reasonable, and the code is written in TypeScript. Even better: the library has been subject to an <a rel="noreferrer" target="_blank" href="https://cure53.de/pentest-report_noble-lib.pdf">audit</a> by Cure53.<br> Nonetheless, and with no disrespect to Paul or anyone else in this community: I would like to take a moment to complain about this dependency structure:<br> Resolving all these pointless dependencies has eaten up a lot more of my review time than you might imagine. (I’m leaving out all the times I accidentally visited the wrong libraries because they used some combination of “js” and “ethereum” and “cryptography” and just Googling is risky here.)<br> More substantively, I can’t help but notice that there are a lot of code owners in this critical path. So far I’ve traveled through repositories owned by four different organizations, and the last one is someone’s <a rel="noreferrer" target="_blank" href="https://github.com/paulmillr/noble-secp256k1">personal Github account</a> . Is this normal for a system that secures billions of dollars of user funds? Maybe it should not be.<br> But enough complaining. There is actual crypto code here! We can finally look at ECDSA.<br> Except… it turns out that we can’t do that, because I made a stupid mistake.<br> After speaking with Paul Miller on Twitter, I learned that this whole code review has been premised on a very foolish assumption: namely that the code in the main (development) branches of MetaMask and its dependencies is actually the code people are using in MetaMask today. That turns out to be wrong. In fact, Paul tells me, the<br> library is slated for deployment in an upcoming release. The current release of MetaMask relies on a library called “ <a rel="noreferrer" target="_blank" href="https://github.com/indutny/elliptic">elliptic</a> “, which was written by <a rel="noreferrer" target="_blank" href="https://github.com/indutny">Fedor Indutny</a> .<br> I’m now scraping up those last bits of cheese in the burrito bowl.<br> Let’s look at elliptic<br> Ok, forget everything I did above. That was my mistake. I promise to come back to those newer code paths soon, but that’s for the future. My goal in this review was to look at MetaMask as it exists today. Apparently that means I need to look at Fedor’s <a rel="noreferrer" target="_blank" href="https://github.com/indutny/elliptic">elliptic</a> library.<br> (Note: if I was being professional then what I would really do is review all the release branches of MetaMask and all of its dependencies just to make sure I’m in the right place, and to see what the calls looked like. But life is too short: I’m going to trust Paul.)<br> The<br> elliptic<br> library is written in “plain old” Javascript, so types will tend to be confusing. On the bright side, it’s relatively compact. The core library supports Ed25519 (for EdDSA) and Secp256k1 for ECDSA on networks like Ethereum. Let’s focus on the latter.<br> I’m not a … https://www.whatsupup.com/blog/stratification/pride/20220114-001747/ Fri, 14 Jan 2022 00:17:47 +0000 https://www.whatsupup.com/blog/stratification/pride/20220114-001747/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292068/?p=boingboing&utm_source=boingboing">$45,995 2018 Tesla Model 3</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291502/?p=boingboing&utm_source=boingboing">$225 New 6/6 Double Lap Steel Slide Electric Guitar</a><br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291882/?p=boingboing&utm_source=boingboing">$230 Apple Watch Series 4 44 mm Space Grey Aluminum Case with Bla…</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292047/?p=boingboing&utm_source=boingboing">$500 Apple iPhone 11 pro max 64gb AT&T Midnight Green Hairline</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220114-001219/ Fri, 14 Jan 2022 00:12:19 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220114-001219/ "All history, and most especially the history of the 20th century, argues against placing ideas in the saddle and allowing them to ride mankind." – Terry Teachout, RIP<br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220113-081410/ Thu, 13 Jan 2022 08:14:10 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220113-081410/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/01/12/New-Years-Day">New Year’s Day</a> · In Vancouver, we have a tradition of going for a walk on New Year’s Day, no matter how foul the weather, if only to prove to Other Canadians that the thing is possible. 2022 too, despite its being an extremely low-expectations year. And it wasn’t the worst New Year’s Day beachwalk ever, so maybe it won’t be the worst year ever. And it leaves me with advice for the world. But first… <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/01/12/New-Years-Day">…</a><br> early in each month, recommending long-form pieces that I’d had the time to read, acknowledging that people who aren’t semi-retired wouldn’t have time for all of them but perhaps one or two would add value even for the busy. I fell out of that habit but now it’s 2022 and there are plenty of tabs I meant to write about, some dating back to early 2021. So… Welcome, everyone, to 2022, and let’s go long! <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/01/05/Long-Links">…</a> [4 comments]<br> https://www.whatsupup.com/blog/overgrazing/propellent/20220113-001722/ Thu, 13 Jan 2022 00:17:21 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220113-001722/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/five-ways-china-is-trying-to-unaddict">Five Ways China Is Trying To Unaddict Kids From Social Media</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/five-ways-china-is-trying-to-unaddict">Blackout hours, educational content, time limits, and interspersed pauses. This is how China is attempting to mitigate social media addiction…</a><br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/a-xiaomi-phone-mightve-shipped-with">A Xiaomi Phone Might’ve Shipped With A Censorship List In Europe. Now What?</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/a-xiaomi-phone-mightve-shipped-with">European researchers say they found hundreds of terms the phone could block, including “Tiananmen” and “Hong Kong Independence.” There’s no playbook for…</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220112-080617/ Wed, 12 Jan 2022 08:06:16 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220112-080617/ In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by “ Wazawaka ,” the hacker handle chosen by a major access broker in the Russian-speaking cybercrime scene.<br> Wazawaka has been a highly active member of multiple cybercrime forums over the past decade, but his favorite is the Russian-language community Exploit . Wazawaka spent his early days on Exploit and other forums selling distributed denial-of-service (DDoS) attacks that could knock websites offline for about USD $80 a day. But in more recent years, Wazawaka has focused on peddling access to organizations and to databases stolen from hacked companies.<br> “Come, rob, and get dough!,” reads a thread started by Wazawaka on Exploit in March 2020, in which he sold access to a Chinese company with more than $10 billion in annual revenues. “Show them who is boss.”<br> According to their posts on Exploit, Wazawaka has worked with at least two different ransomware affiliate programs, including LockBit. Wazawaka said LockBit had paid him roughly $500,000 in commissions for the six months leading up to September 2020.<br> Wazawaka also said he’d teamed up with <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=darkside">DarkSide</a> , the ransomware affiliate group responsible for <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/">the six-day outage</a> at Colonial Pipeline last year that caused nationwide fuel shortages and price spikes. The U.S. Department of State has since offered a $5 million reward for information leading to the arrest and conviction of any DarkSide affiliates.<br> Wazawaka seems to have adopted the uniquely communitarian view that when organizations being held for ransom decline to cooperate or pay up, any data stolen from the victim should be published on the Russian cybercrime forums for all to plunder — not privately sold to the highest bidder. In thread after thread on the crime forum XSS , Wazawaka’s alias “ Uhodiransomwar ” can be seen posting download links to databases from companies that have refused to negotiate after five days.<br> “The only and the main principle of ransomware is: the information that you steal should never be sold,” Uhodiransomwar wrote in August 2020. “The community needs to receive it absolutely free of charge if the ransom isn’t paid by the side that this information is stolen from.”<br> Wazawaka hasn’t always been so friendly to other cybercrooks. Over the past ten years, his contact information has been used to register numerous phishing domains intended to siphon credentials from people trying to transact on various dark web marketplaces. In 2018, Wazawaka registered a slew of domains spoofing the real domain for the Hydra dark web market. In 2014, Wazawaka confided to another crime forum member via private message that he made good money stealing accounts from drug dealers on these marketplaces.<br> “I used to steal their QIWI accounts with up to $500k in them,” Wazawaka recalled. “A dealer would never go to the cops and tell them he was selling stuff online and someone stole his money.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/who-is-the-network-access-broker-wazawaka/#more-58018">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/who-is-the-network-access-broker-wazawaka/">Who is the Network Access Broker ‘Wazawaka?’</a><br> https://www.whatsupup.com/blog/barbecuing/persuadably/20220112-041826/ Wed, 12 Jan 2022 04:18:25 +0000 https://www.whatsupup.com/blog/barbecuing/persuadably/20220112-041826/ Funder<br> Investing $15+ million a year into early-stage startups. <a rel="noreferrer" target="_blank" href="https://shl.capital">Co-invest with me?</a><br> Painter<br> https://www.whatsupup.com/blog/stratification/pride/20220112-041648/ Wed, 12 Jan 2022 04:16:48 +0000 https://www.whatsupup.com/blog/stratification/pride/20220112-041648/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291965/?p=boingboing&utm_source=boingboing">$70 Jordan Flight 23 UK 8.5</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291822/?p=boingboing&utm_source=boingboing">$158 Jackson JS Series Rhoads</a><br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292007/?p=boingboing&utm_source=boingboing">$82,000 2015 BMW i8</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291137/?p=boingboing&utm_source=boingboing">$12,500 47 WILLY'S SEDAN DELIVERY</a><br> https://www.whatsupup.com/blog/sited/implore/20220112-041618/ Wed, 12 Jan 2022 04:16:17 +0000 https://www.whatsupup.com/blog/sited/implore/20220112-041618/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/11/technology/facebook-antitrust-ftc.html">A Facebook antitrust suit can move forward, a judge says, in a win for the F.T.C. The government can proceed with its claims that the company abused its monopoly power through acquisitions. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220112-041147/ Wed, 12 Jan 2022 04:11:46 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220112-041147/ Ref <a rel="noreferrer" target="_blank" href="https://t.co/iZTGIoD1eu"><a href="https://t.co/iZTGIoD1eu">https://t.co/iZTGIoD1eu</a></a> for the kids in the back. <a rel="noreferrer" target="_blank" href="https://t.co/eAEpxVuDy5"><a href="https://t.co/eAEpxVuDy5">https://t.co/eAEpxVuDy5</a></a><br> <a rel="noreferrer" target="_blank" href="https://t.co/VM2E1SpniE"><a href="https://t.co/VM2E1SpniE">https://t.co/VM2E1SpniE</a></a><br> https://www.whatsupup.com/blog/stratification/pride/20220112-001659/ Wed, 12 Jan 2022 00:16:59 +0000 https://www.whatsupup.com/blog/stratification/pride/20220112-001659/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291822/?p=boingboing&utm_source=boingboing">$158 Jackson JS Series Rhoads</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104292007/?p=boingboing&utm_source=boingboing">$82,000 2015 BMW i8</a><br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291137/?p=boingboing&utm_source=boingboing">$12,500 47 WILLY'S SEDAN DELIVERY</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104290760/?p=boingboing&utm_source=boingboing">CLEAN 1964 FORD FALCON DELUXE WAGON</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220112-001552/ Wed, 12 Jan 2022 00:15:52 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220112-001552/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-00059-w">How to protect US science from political meddling after Trump</a><br></p> <hr> In a fresh report, federal researchers recommend ways to strengthen scientific integrity and preserve public trust in government.<br> https://www.whatsupup.com/blog/ideo/fleury/20220112-000637/ Wed, 12 Jan 2022 00:06:37 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220112-000637/ Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.<br> Nine of the vulnerabilities fixed in this month’s Patch Tuesday received Microsoft’s “critical” rating, meaning malware or miscreants can exploit them to gain remote access to vulnerable Windows systems through no help from the user.<br> By all accounts, the most severe flaw addressed today is <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907">CVE-2022-21907,</a> a critical, remote code execution flaw in the “ HTTP Protocol Stack .” Microsoft says the flaw affects Windows 10 and Windows 11 , as well as Server 2019 and Server 2022 .<br> “While this is definitely more server-centric, remember that Windows clients can also run http.sys, so all affected versions are affected by this bug,” said Dustin Childs from Trend Micro’s Zero Day Initiative . “Test and deploy this patch quickly.”<br> Quickly indeed. In May 2021, Microsoft patched a similarly critical and wormable vulnerability in the HTTP Protocol Stack; less than a week later, computer code made to exploit the flaw <a rel="noreferrer" target="_blank" href="https://www.bleepingcomputer.com/news/security/exploit-released-for-wormable-windows-http-vulnerability/">was posted online</a> .<br> Microsoft also fixed three more remote code execution flaws in Exchange Server , a technology that hundreds of thousands of organizations worldwide use to manage their email. Exchange flaws are a major target of malicious hackers. Almost a year ago, hundreds of thousands of Exchange servers worldwide were compromised by malware after attackers started mass-exploiting four zero-day flaws in Exchange.<br> Microsoft says the limiting factor with these three newly found Exchange flaws is that an attacker would need to be tied to the target’s network somehow to exploit them. But Satnam Narang at Tenable notes Microsoft has labeled all three Exchange flaws as “exploitation more likely.”<br> “One of the flaws, <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21846">CVE-2022-21846</a> , was disclosed to Microsoft by the National Security Agency ,” Narang said. “Despite the rating, Microsoft notes the attack vector is adjacent, meaning exploitation will require more legwork for an attacker, unlike the ProxyLogon and ProxyShell vulnerabilities which were remotely exploitable.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/wormable-flaw-leads-january-2022-patch-tuesday/#more-58072">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/wormable-flaw-leads-january-2022-patch-tuesday/">‘Wormable’ Flaw Leads January 2022 Patch Tuesday</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20220111-202004/ Tue, 11 Jan 2022 20:20:03 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20220111-202004/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/01/podcast-episode-algorithms-just-future">Podcast Episode 107</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20220111-201957/ Tue, 11 Jan 2022 20:19:56 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20220111-201957/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2022/01/podcast-episode-algorithms-just-future">Podcast Episode 107</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20220111-160722/ Tue, 11 Jan 2022 16:07:21 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20220111-160722/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-protect-your-intentions-from-getting-hijacked">How to protect your intentions from getting hijacked</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/let-your-discontent-crystallize">Let your discontent crystallize</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/stop-postponing-things-by-embracing-the-mess">Stop postponing things by embracing the mess</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/critical-effort-why-we-reach-a-goal-or-not">Critical effort: why we reach a goal (or not)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/zone-of-action-do-the-possible-to-do-the-impossible">Zone of Action: Do the possible to do the impossible</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/1-simple-technique-to-train-your-focus">1 simple technique to train your focus</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-change-for-the-better">How to change for the better</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted">4 most common ways of getting distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/novice/millrace/20220111-121217/ Tue, 11 Jan 2022 12:12:17 +0000 https://www.whatsupup.com/blog/novice/millrace/20220111-121217/ What happened?<br> This website is using a security service to protect itself from online attacks.<br> https://www.whatsupup.com/blog/doable/warrantable/20220111-121152/ Tue, 11 Jan 2022 12:11:52 +0000 https://www.whatsupup.com/blog/doable/warrantable/20220111-121152/ What happened?<br> This website is using a security service to protect itself from online attacks.<br> https://www.whatsupup.com/blog/augur/cussed/20220111-120742/ Tue, 11 Jan 2022 12:07:42 +0000 https://www.whatsupup.com/blog/augur/cussed/20220111-120742/ What happened?<br> This website is using a security service to protect itself from online attacks.<br> https://www.whatsupup.com/blog/alamode/heartsore/20220110-201136/ Mon, 10 Jan 2022 20:11:36 +0000 https://www.whatsupup.com/blog/alamode/heartsore/20220110-201136/ <a rel="noreferrer" target="_blank" href="https://signal.org/blog/new-year-new-ceo/">New year, new CEO</a><br></p> <hr> It’s a new year, and I’ve decided it’s a good time to replace myself as the CEO of Signal.<br> I have now been working on Signal for almost a decade. It has always been my goal for Signal to grow and sustain beyond my involvement, but four years ago that would still not have been possible. I was writing all the Android code, was writing all of the server code, was the only person on call for the service, was facilitating all product development, and was managing everyone. I couldn’t ever leave cell service, had to take my laptop with me everywhere in case of emergencies, and occasionally found myself sitting alone on the sidewalk in the rain late at night trying to diagnose a service degradation.<br> https://www.whatsupup.com/blog/lienholder/alcoholism/20220109-001921/ Sun, 09 Jan 2022 00:19:20 +0000 https://www.whatsupup.com/blog/lienholder/alcoholism/20220109-001921/ <p><a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2022/01/how-to-check-you-re-in-the-initial-pid-namespace.html">How to check you're in the initial pid namespace?</a><br></p> <hr> It all started with a simple question: how can a Linux process determine whether it is the init process of a freshly booted system?<br> A dozen years ago, the Unix textbook answer to this would have been: well, if its process id (pid) is 1, then it is<br> init<br> by definition.<br> These days, things are not that simple anymore. Containerization creates situations where pid is 1, but the process runs, well, in a container. In Linux, this is realized by using a feature called “pid namespaces”. The clone(2) syscall can take the flag<br> CLONE_NEWPID<br> (“since Linux 2.6.24”), which puts the new process into a new pid namespace. This means that this process will have pid 1 inside the pid namespace, but outside (i.e. in the parent pid namespace), the process has a regular pid. Various Linux API transparently translate pids between these namespaces.<br> The pid namespaces form a hierarchy, and the one at the very top is called “initial pid namespace”.<br> You can use the tool unshare(1) to play with pid namespaces:<br> % unshare --fork --map-root-user --pid bash -c 'echo $$' 1<br> This is a way to spawn (as a regular user!) a process that has pid 1, at least, that’s what it looks like to the process.<br> We can try to find some evidence that we’re a freshly booted<br> , but none of it is really conclusive:<br> Our user id is 0, we are root (necessary but not sufficient of course).<br> $TERM<br> should be<br> linux<br> ; trivial to override.<br> $BOOT_IMAGE<br> is set, but this depends on the boot loader.<br> System uptime is “low”, but it takes the initrd boot time into account. Our non-root<br> could be spawned in a container at boot time.<br> There are also some indicators the process runs in a container using one of the popular solutions such as<br> docker<br> or<br> podman<br> The process has a lot of supplementary groups already.<br> If we were put inside a cgroup, reading<br> /proc/1/cgroup<br> will indicate it.<br> The file<br> /.dockerenv<br> exists.<br> But there are still situations, such as the<br> unshare<br> call above, where all of these things may not be true.<br> Therefore I tried to find the ultimate way to detect whether we are in the initial pid namespace.<br> I started to research this and quickly found the ioctl(2)<br> NS_GET_PARENT<br> which seemed to be useful: “Returns a file descriptor that refers to the parent namespace of the namespace referred to by fd.” However, it is useless for this purpose:<br> EPERM The requested namespace is outside of the caller's namespace scope. This error can occur if, for example, the owning user namespace is an ancestor of the caller's current user namespace. It can also occur on attempts to obtain the parent of the initial user or PID namespace.<br> Of course, it makes a lot of sense that we cannot get a handle to the surrounding pid namespace, as this would make the encapsulation provided by namespaces futile. However, coalescing these two error conditions (namespace is outside the caller namespace, and namespace is initial pid namespace) doesn’t make our life easier.<br> So, we need to bring out bigger guns in. I searched the kernel source for <a rel="noreferrer" target="_blank" href="https://elixir.bootlin.com/linux/v5.15/A/ident/init_pid_ns">occurrences of init_pid_ns</a> , as this namespace is called in the Linux source code. There are not too many occurrences we can rely on. The taskstats module limits the<br> TASKSTATS_CMD_ATTR_REGISTER_CPUMASK<br> command to the initial pid namespace only, but to use this requires speaking the netlink interface, which is terrible. Also, the behavior could change in future versions.<br> One interesting, and viable approach, is <a rel="noreferrer" target="_blank" href="https://elixir.bootlin.com/linux/v5.15/source/kernel/pid_namespace.c#L300">this limitation</a> of the reboot(2) syscall: only some<br> LINUX_REBOOT_CMD_*<br> commands are allowed to be sent inside a nested pid namespace. Now, we need to find a “harmless” command to call reboot(2) with to test this! (Obviously, only being able to suspend the machine from the initial pid namespace is not a very useful check…) There are two commands that do not do much harm:<br> LINUX_REBOOT_CMD_CAD_{ON,OFF}<br> will toggle the action that Ctrl-Alt-Delete performs. Unfortunately, it is impossible to read the state of this flag, making this test a destructive operation still. (But if you are pid 1, you may want to set it anyway, so you get pid namespace detection for free.)<br> So I kept looking for other ways until I realized there’s a quite natural property to check for, and that is to find out if there are kernel threads in the pid namespace. Kernel threads are spawned by the kernel in the initial pid namespace and help perform certain asynchronous actions the kernel has to do, subject to process scheduling. As far as I know, kernel threads never occur in a nested pid namespace, and at least the parent process of kernel threads,<br> kthreadd<br> , will always exist. Conveniently, it also always has pid 2.<br> Thus, we just need to figure out if pid 2 is a kernel thread! Note that just checking whether pid 2 exists is cheap, but racy: the container runtime could have spawned another process before we are scheduled to do the check, and this process will as well get pid 2 then.<br> Luckily, kernel threads have quite a few special properties, that are of different difficulty to check from a C program:<br> /proc/PID/cmdline<br> is empty (not a good indicator, user space processes can clear it too).<br> kernel threads have parent pid 0 (requires parsing<br> /proc/PID/stat<br> , which <a rel="noreferrer" target="_blank" href="https://unix.stackexchange.com/a/409493">everyone gets wrong</a> the first time, or<br> /proc/PID/status<br> kernel threads have no<br> Vm*<br> data in<br> kernel threads have the flag<br> PF_KTHREAD<br> set (requires parsing<br> again).<br> kernel threads have an empty symlink for<br> /proc/PID/exe<br> I decided to go with the latter. On Linux, empty symlinks are impossible to create as a user, so we just need to check that and we’re done, right?<br> On a regular file system, using lstat(2) would have filled<br> st_size<br> with the length of the symlink. But on a<br> procfs<br> , lstat is not to be trusted, and even non-empty symlinks have<br> equal to 0. We thus really need to use the readlink(2) syscall to read the link. After doing this, you will notice that it returns<br> ENOENT<br> … exactly the same as if pid 2 did not exist!<br> We therefore need another check, to verify that pid 2 does exist. Luckily, here a lstat on<br> /proc/2/exe<br> file is fine. It must return zero.<br> Note that you need to do these operations in exactly this order , else you are subject to race conditions again: the only reason this works is that if pid 2 is<br> , it will not have terminated before the lstat check (because it cannot terminate).<br> Therefore, readlink(2) failing with<br> and lstat(2) succeeding is exactly the combination required to check pid 2 is<br> , which implies there are kernel threads in our pid namespace, which implies that we are in the initial namespace.<br> Phew, this went deeper than expected.<br> NP: David Bowie—Lazarus<br> NP: Sade—Keep Looking<br> https://www.whatsupup.com/blog/stratification/pride/20220109-001704/ Sun, 09 Jan 2022 00:17:03 +0000 https://www.whatsupup.com/blog/stratification/pride/20220109-001704/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291903/?p=boingboing&utm_source=boingboing">$25,995 2018 BMW i3</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291898/?p=boingboing&utm_source=boingboing">$700 Gibson 1949 TB150 5 string conversion</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20220109-001550/ Sun, 09 Jan 2022 00:15:50 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20220109-001550/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-022-00035-4">Landmark Webb observatory is now officially a telescope</a><br></p> <hr> The observatory has flawlessly unfurled its mirrors and sunshield — although more steps are needed before the science can begin.<br> https://www.whatsupup.com/blog/gonadal/revving/20220108-201731/ Sat, 08 Jan 2022 20:17:30 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220108-201731/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2007/06/26/deducing-code-from-types-filterm/">Deducing code from types: filterM</a><br> https://www.whatsupup.com/blog/traveling/splay/20220108-201644/ Sat, 08 Jan 2022 20:16:43 +0000 https://www.whatsupup.com/blog/traveling/splay/20220108-201644/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/08/science/james-webb-telescope-nasa-deployment.html">A Giant Telescope Grows in Space Everything is going great for the James Webb Space Telescope. So far. By Dennis Overbye and Joey Roulette</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/08/science/webb-telescope-nasa-time-livestream.html">What We Know About Unfolding the James Webb Space Telescope Engineers sent commands to deploy the mirrors on the space observatory, then latch them into place, a critical milestone before it begins its science mission. By Joey Roulette and Dennis Overbye</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220108-200536/ Sat, 08 Jan 2022 20:05:35 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220108-200536/ Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/">make money mining virtual currency</a> . But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto .<br> Avira Crypto<br> Founded in 2006, <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Avira">Avira Operations GmbH & Co. KG</a> is a German multinational software company best known for their Avira Free Security (a.k.a. Avira Free Antivirus). In January 2021, Avira was acquired by Tempe, Ariz.-based NortonLifeLock Inc ., the same company that now owns Norton 360.<br> In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp. , which was renamed to NortonLifeLock in 2019. LifeLock is now included in the Norton 360 service; Avira offers users a similar service called Breach Monitor.<br> Like Norton 360, Avira comes with a cryptominer already installed, but customers have to opt in to using the service that powers it. Avira’s <a rel="noreferrer" target="_blank" href="https://support.avira.com/hc/en-us/articles/4407469485585-What-is-Avira-Crypto-">FAQ on its cryptomining service</a> is somewhat sparse. For example, it doesn’t specify how much NortonLifeLock gets out of the deal (NortonLifeLock keeps 15 percent of any cryptocurrency mined by Norton Crypto).<br> “Avira Crypto allows you to use your computer’s idle time to mine the cryptocurrency Ethereum (ETH),” the FAQ explains. “Since cryptomining requires a high level of processing power, it is not suitable for users with an average computer. Even with compatible hardware, mining cryptocurrencies on your own can be less rewarding. Your best option is to join a mining pool that shares their computer power to improve their chance of mining cryptocurrency. The rewards are then distributed evenly to all members in the pool.”<br> NortonLifeLock hasn’t yet responded to requests for comment, so it’s unclear whether Avira uses the same cryptomining code as Norton Crypto. But there are clues that suggest that’s the case. NortonLifeLock <a rel="noreferrer" target="_blank" href="https://www.avira.com/en/blog/avira-unveils-extended-features-with-avira-crypto-game-booster-and-breach-monitor">announced Avira Crypto in late October 2021</a> , but multiple other antivirus products have flagged Avira’s installer as malicious or unsafe for including a cryptominer as far back as Sept. 9, 2021.<br> Avira was detected as potentially unsafe for including a cryptominer back in Sept. 2021. Image: Virustotal.com.<br> The above screenshot was taken on <a rel="noreferrer" target="_blank" href="https://www.virustotal.com">Virustotal.com</a> , a service owned by Google that scans submitted files against dozens of antivirus products. The detection report pictured was found by searching Virustotal for “ANvOptimusEnablementCuda,” a function included in the Norton Crypto mining component “Ncrypt.exe.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/500m-avira-antivirus-users-introduced-to-cryptomining/#more-58020">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/500m-avira-antivirus-users-introduced-to-cryptomining/">500M Avira Antivirus Users Introduced to Cryptomining</a><br> https://www.whatsupup.com/blog/traveling/splay/20220108-161847/ Sat, 08 Jan 2022 16:18:47 +0000 https://www.whatsupup.com/blog/traveling/splay/20220108-161847/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/08/science/webb-telescope-nasa-time-livestream.html">Watch Live: James Webb Space Telescope Finishes Unfolding While there are no cameras aboard the spacecraft, NASA is providing updates as the telescope deploys its mirrors. Here’s what you need to know. By Joey Roulette and Dennis Overbye</a><br> https://www.whatsupup.com/blog/traveling/splay/20220108-081743/ Sat, 08 Jan 2022 08:17:42 +0000 https://www.whatsupup.com/blog/traveling/splay/20220108-081743/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/08/science/webb-telescope-nasa-time-livestream.html">The James Webb Space Telescope Finishes Unfolding: How to Watch While there are no cameras aboard the spacecraft, NASA is providing updates as the telescope deploys its mirrors. Here’s what you need to know. By Joey Roulette and Dennis Overbye</a><br> https://www.whatsupup.com/blog/ideo/fleury/20220108-080553/ Sat, 08 Jan 2022 08:05:52 +0000 https://www.whatsupup.com/blog/ideo/fleury/20220108-080553/ Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, “Dude, where’s my crypto?”<br> Norton 360 is owned by Tempe, Ariz.-based NortonLifeLock Inc . In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp. , which was renamed to NortonLifeLock in 2019 (LifeLock is now included in the Norton 360 service).<br> According to <a rel="noreferrer" target="_blank" href="https://community.norton.com/en/forums/faq-norton-crypto">the FAQ posted on its site</a> , “ Norton Crypto ” will mine <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Ethereum">Ethereum</a> (ETH) cryptocurrency while the customer’s computer is idle. The FAQ also says Norton Crypto will only run on systems that meet certain hardware and software requirements (such as an NVIDIA graphics card with at least 6 GB of memory).<br> “Norton creates a secure digital Ethereum wallet for each user,” the FAQ reads. “The key to the wallet is encrypted and stored securely in the cloud. Only you have access to the wallet.”<br> NortonLifeLock began offering the mining service in July 2021, and <a rel="noreferrer" target="_blank" href="https://www.bleepingcomputer.com/news/cryptocurrency/norton-360-antivirus-now-lets-you-mine-ethereum-cryptocurrency/">early news coverage of the program</a> did not immediately receive widespread attention. That changed on Jan. 4, when <a rel="noreferrer" target="_blank" href="https://boingboing.net/">Boing Boing</a> co-editor Cory Doctorow <a rel="noreferrer" target="_blank" href="https://twitter.com/doctorow/status/1478479483585933312">tweeted</a> that NortonCrypto would run by default for Norton 360 users.<br> NortonLifeLock says Norton Crypto is an opt-in feature only and is not enabled without user permission.<br> “If users have turned on Norton Crypto but no longer wish to use the feature, it can be disabled by temporarily shutting off ‘tamper protection’ (which allows users to modify the Norton installation) and deleting NCrypt.exe from your computer,” NortonLifeLock said in a written statement. However, many users <a rel="noreferrer" target="_blank" href="https://www.digitaltrends.com/computing/no-easy-way-to-uninstall-norton-crypto/">have reported difficulty removing the mining program</a> .<br> From reading user posts on the Norton Crypto community forum, it seems some longtime Norton customers were horrified at the prospect of their antivirus product installing coin-mining software, regardless of whether the mining service was turned off by default.<br> “How on Earth could anyone at Norton think that adding crypto mining within a security product would be a good thing?,” reads <a rel="noreferrer" target="_blank" href="https://community.norton.com/en/comment/8518793#comment-8518793">a Dec. 28 thread</a> titled “Absolutely furious.”<br> “Norton should be DETECTING and killing off crypto mining hijacking, not installing their own,” the post reads. “The product people need firing. What’s the next ‘bright idea’? Norton Botnet? ‘ And I was just about to re-install Norton 360 too, but this has literally has caused me to no longer trust Norton and their direction.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/#more-57993">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/">Norton 360 Now Comes With a Cryptominer</a><br> https://www.whatsupup.com/blog/gonadal/revving/20220108-042004/ Sat, 08 Jan 2022 04:20:04 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220108-042004/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2009/12/16/how-to-solve-this-differential-equation/">How to solve this differential equation?</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220108-041706/ Sat, 08 Jan 2022 04:17:06 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220108-041706/ Jan 7 <a rel="noreferrer" target="_blank" href="javascript:void(0)">4</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-jack-dorsey-went-to-war-with/comments">Comment</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220108-041202/ Sat, 08 Jan 2022 04:12:02 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220108-041202/ <p>Dan Primack <a rel="noreferrer" target="_blank" href="https://twitter.com/danprimack">@danprimack</a><br> Both @bhorowitz and @pmarca are listed a general partners on all three funds @a16z raised today (totaling $9b).</p> <p>Means they're committing for several years forward. In other words, not retired.<br> I am looking forward to helping our great entrepreneur partners build a better future. <a rel="noreferrer" target="_blank" href="https://t.co/i2YPD3hxY4"><a href="https://t.co/i2YPD3hxY4">https://t.co/i2YPD3hxY4</a></a><br></p> https://www.whatsupup.com/blog/phonic/shopboy/20220107-201107/ Fri, 07 Jan 2022 20:11:06 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220107-201107/ <a rel="noreferrer" target="_blank" href="https://a16z.com/category/bio-health/">bio + health</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220107-041823/ Fri, 07 Jan 2022 04:18:23 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220107-041823/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-jack-dorsey-went-to-war-with">Why Jack Dorsey Went To War With Andreessen Horowitz</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-jack-dorsey-went-to-war-with">“Jack was always a slightly restrained volcano.”</a><br> 2 hr ago <a rel="noreferrer" target="_blank" href="javascript:void(0)">4</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-jack-dorsey-went-to-war-with/comments">Comment</a><br> https://www.whatsupup.com/blog/stratification/pride/20220107-001841/ Fri, 07 Jan 2022 00:18:41 +0000 https://www.whatsupup.com/blog/stratification/pride/20220107-001841/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291822/?p=boingboing&utm_source=boingboing">$158 Jackson JS Series Rhoads</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291879/?p=boingboing&utm_source=boingboing">$500 Pioneer DJM-S9 Pro DJ Scratch Style 2-channel</a><br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104289739/?p=boingboing&utm_source=boingboing">$1,200 Ken Griffey Jr. Rookie card</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291818/?p=boingboing&utm_source=boingboing">$531 1979 Honda other</a><br> https://www.whatsupup.com/blog/novice/millrace/20220107-001504/ Fri, 07 Jan 2022 00:15:04 +0000 https://www.whatsupup.com/blog/novice/millrace/20220107-001504/ <p><a rel="noreferrer" target="_blank" href="https://mooseyanon.medium.com/?source=user_profile----------------------------------------">MooseyAnon</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://mooseyanon.medium.com/followers?source=user_profile----------------------------------------">309 Followers</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mooseyanon.medium.com/about?source=user_profile----------------------------------------">About</a><br> <hr> Follow<br> <a rel="noreferrer" target="_blank" href="https://mooseyanon.medium.com">Sign in</a><br> <hr> Get started<br> <a rel="noreferrer" target="_blank" href="https://mooseyanon.medium.com/github-f-ck-your-name-change-de599033bbbe?source=user_profile---------0-------------------------------">GitHub, f*ck your name change.</a><br> <hr> A black square for solidarity.<br> <a rel="noreferrer" target="_blank" href="https://mooseyanon.medium.com/github-f-ck-your-name-change-de599033bbbe?readmore=1&source=user_profile---------0-------------------------------">Read more · 6 min read</a><br> <hr> 16.7K<br> <a rel="noreferrer" target="_blank" href="https://mooseyanon.medium.com/github-f-ck-your-name-change-de599033bbbe?responsesOpen=true&source=user_profile---------0-------------------------------">107</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://help.medium.com/hc/en-us?source=user_profile----------------------------------------">Help</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=user_profile----------------------------------------">Legal</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220107-001303/ Fri, 07 Jan 2022 00:13:03 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220107-001303/ <p><a rel="noreferrer" target="_blank" href="https://t.co/YhK3aBv77O"><a href="https://t.co/YhK3aBv77O">https://t.co/YhK3aBv77O</a></a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://t.co/XKqn7WYlpo">https://t.co/XKqn7WYlpo</a><br> https://www.whatsupup.com/blog/novice/millrace/20220106-201314/ Thu, 06 Jan 2022 20:13:14 +0000 https://www.whatsupup.com/blog/novice/millrace/20220106-201314/ Please wait…<br> We are checking your browser… mooseyanon.medium.com<br> Please stand by, while we are checking your browser…<br> Why do I have to complete a CAPTCHA?<br> Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.<br> What can I do to prevent this in the future?<br> If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.<br> If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.<br> Another way to prevent getting this page in the future is to use Privacy Pass. You may need to download version 2.0 now from the <a rel="noreferrer" target="_blank" href="https://chrome.google.com/webstore/detail/privacy-pass/ajhmfdgkijocedmfjonnpjfojldioehi">Chrome Web Store</a> .<br> https://www.whatsupup.com/blog/doable/warrantable/20220106-201218/ Thu, 06 Jan 2022 20:12:17 +0000 https://www.whatsupup.com/blog/doable/warrantable/20220106-201218/ Please wait…<br> We are checking your browser… rakyll.medium.com<br> Please stand by, while we are checking your browser…<br> Why do I have to complete a CAPTCHA?<br> Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.<br> What can I do to prevent this in the future?<br> If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.<br> If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.<br> Another way to prevent getting this page in the future is to use Privacy Pass. You may need to download version 2.0 now from the <a rel="noreferrer" target="_blank" href="https://chrome.google.com/webstore/detail/privacy-pass/ajhmfdgkijocedmfjonnpjfojldioehi">Chrome Web Store</a> .<br> https://www.whatsupup.com/blog/augur/cussed/20220106-200756/ Thu, 06 Jan 2022 20:07:56 +0000 https://www.whatsupup.com/blog/augur/cussed/20220106-200756/ Please stand by, while we are checking your browser…<br> https://www.whatsupup.com/blog/boxed/modification/20220106-161635/ Thu, 06 Jan 2022 16:16:34 +0000 https://www.whatsupup.com/blog/boxed/modification/20220106-161635/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#sre">sre</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#war-stories">war-stories</a><br> It’s been a while since I was on the receiving end of a software engineering interview. But I still remember my favorite interview question. It was at MemSQL circa 2013. (They <a rel="noreferrer" target="_blank" href="https://www.singlestore.com/blog/revolution/">haven’t even kept their name</a> , so I assume they’re not still relying on this specific interview question. I don’t feel bad for revealing it. It’s a great story that I tell people a lot; I’ve just never blogged it before.)<br> https://www.whatsupup.com/blog/phonic/shopboy/20220106-121241/ Thu, 06 Jan 2022 12:12:41 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220106-121241/ <p>Balaji Srinivasan <a rel="noreferrer" target="_blank" href="https://twitter.com/balajis">@balajis</a><br> People forget just how completely non-obvious the entire digital revolution was every step of the way.</p> <p>1995: WWW will fail 2002: Google will fail 2007: iPhone will fail 2013: Facebook will fail <a rel="noreferrer" target="_blank" href="https://t.co/wZtpj9bg6E"><a href="https://t.co/wZtpj9bg6E">https://t.co/wZtpj9bg6E</a></a><br></p> https://www.whatsupup.com/blog/phonic/shopboy/20220106-081312/ Thu, 06 Jan 2022 08:13:12 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220106-081312/ From a friend! <a rel="noreferrer" target="_blank" href="https://t.co/OReCKc6SrX"><a href="https://t.co/OReCKc6SrX">https://t.co/OReCKc6SrX</a></a><br> From a friend! <a rel="noreferrer" target="_blank" href="https://t.co/dKxtwlpJkG"><a href="https://t.co/dKxtwlpJkG">https://t.co/dKxtwlpJkG</a></a><br> From a friend! <a rel="noreferrer" target="_blank" href="https://t.co/7jNt7KcwTu"><a href="https://t.co/7jNt7KcwTu">https://t.co/7jNt7KcwTu</a></a><br> https://www.whatsupup.com/blog/underpeopled/multichannel/20220106-041848/ Thu, 06 Jan 2022 04:18:47 +0000 https://www.whatsupup.com/blog/underpeopled/multichannel/20220106-041848/ I'm GitHub's Director of Platform Policy and Counsel, building and guiding implementation of GitHub’s approach to content moderation. My work focuses on developing GitHub’s policy positions, providing legal support on content policy development and enforcement, and engaging with policymakers to support policy outcomes that empower developers and shape the future of software.<br> https://www.whatsupup.com/blog/sideswiped/tuftily/20220106-041515/ Thu, 06 Jan 2022 04:15:15 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20220106-041515/ Long Links<br> early in each month, recommending long-form pieces that I’d had the time to read, acknowledging that people who aren’t semi-retired wouldn’t have time for all of them but perhaps one or two would add value even for the busy. I fell out of that habit but now it’s 2022 and there are plenty of tabs I meant to write about, some dating back to early 2021. So… Welcome, everyone, to 2022, and let’s go long! <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2022/01/05/Long-Links">…</a> [1 comment]<br> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/12/27/Small-Utopia">Locally Optimal</a> · It’s six months since my second Covid shot (team AZ/Moderna) and thus booster time. Which I found out this morning via SMS from my local (BC, Canada) Centre for Disease Control. The registration process was fast and painless. This is exactly the sort of thing we thought we were building the Internet for, and has lessons to teach <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/12/27/Small-Utopia">…</a> [2 comments]<br> https://www.whatsupup.com/blog/phonic/shopboy/20220106-041251/ Thu, 06 Jan 2022 04:12:51 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220106-041251/ From a friend! <a rel="noreferrer" target="_blank" href="https://t.co/ynSWyXTiBz"><a href="https://t.co/ynSWyXTiBz">https://t.co/ynSWyXTiBz</a></a><br> mckaywrigley.eth <a rel="noreferrer" target="_blank" href="https://twitter.com/mckaywrigley">@mckaywrigley</a><br> @pmarca Blockchain <a rel="noreferrer" target="_blank" href="https://t.co/xx7vE1ii1k"><a href="https://t.co/xx7vE1ii1k">https://t.co/xx7vE1ii1k</a></a><br> From a friend! <a rel="noreferrer" target="_blank" href="https://t.co/r64tOH2HNF"><a href="https://t.co/r64tOH2HNF">https://t.co/r64tOH2HNF</a></a><br> https://www.whatsupup.com/blog/stratification/pride/20220106-001935/ Thu, 06 Jan 2022 00:19:35 +0000 https://www.whatsupup.com/blog/stratification/pride/20220106-001935/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104289739/?p=boingboing&utm_source=boingboing">$1,200 Ken Griffey Jr. Rookie card</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291822/?p=boingboing&utm_source=boingboing">$158 Jackson JS Series Rhoads</a><br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291818/?p=boingboing&utm_source=boingboing">$531 1979 Honda other</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291804/?p=boingboing&utm_source=boingboing">$70,488 2018 Tesla Model S</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220106-001338/ Thu, 06 Jan 2022 00:13:38 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220106-001338/ <a rel="noreferrer" target="_blank" href="https://t.co/TWzE3q6217"><a href="https://t.co/TWzE3q6217">https://t.co/TWzE3q6217</a></a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220105-201814/ Wed, 05 Jan 2022 20:18:13 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220105-201814/ <p>Dec 17, 2021 <a rel="noreferrer" target="_blank" href="javascript:void(0)">10</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-revolt-against-institutions-is/comments">Comment</a><br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com">New</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com">Community</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/about">About</a><br> Nov 24, 2021 <a rel="noreferrer" target="_blank" href="javascript:void(0)">10</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/five-ways-china-is-trying-to-unaddict/comments">Comment 2</a><br> Most popular<br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/where-tech-workers-are-moving-new">Where Tech Workers Are Moving: New LinkedIn Data vs. the Narrative</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-brilliance-of-all-gas-no-brakes">The Brilliance of All Gas No Brakes</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/completely-running-blind-apples-power">“Completely Running Blind.” Apple’s Power Move To Kneecap Facebook Ads Is Working.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-a-slack-backlash-is-inevitable">Why a Slack Backlash Is Inevitable</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/im-disturbed-african-tech-workers">“I’m Disturbed.” African Tech Workers Push Back On US Startup Built To Help Them</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/facebook-removed-the-news-feed-algorithm">Facebook Removed The News Feed Algorithm In An Experiment. Then It Gave Up.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/archive?sort=top">See all popular</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220105-081300/ Wed, 05 Jan 2022 08:13:00 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220105-081300/ <a rel="noreferrer" target="_blank" href="https://t.co/eVJ0Z443QZ"><a href="https://t.co/eVJ0Z443QZ">https://t.co/eVJ0Z443QZ</a></a><br> https://www.whatsupup.com/blog/playacted/rededication/20220105-042052/ Wed, 05 Jan 2022 04:20:52 +0000 https://www.whatsupup.com/blog/playacted/rededication/20220105-042052/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2022/01/04/business/opensea-13-billion-valuation-venture-funding.html">OpenSea valued at $13.3 billion in new round of venture funding. The blockchain start-up, one of the most talked about in Silicon Valley, said on Tuesday that had it raised $300 million in new venture capital. By Mike Isaac</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220105-041340/ Wed, 05 Jan 2022 04:13:39 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220105-041340/ <a rel="noreferrer" target="_blank" href="https://t.co/7zrrnKOAYa"><a href="https://t.co/7zrrnKOAYa">https://t.co/7zrrnKOAYa</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/VSGMrWND2g"><a href="https://t.co/VSGMrWND2g">https://t.co/VSGMrWND2g</a></a><br> Thank you, anonymous contributor! <a rel="noreferrer" target="_blank" href="https://t.co/nyPfAUX6lP"><a href="https://t.co/nyPfAUX6lP">https://t.co/nyPfAUX6lP</a></a><br> <a rel="noreferrer" target="_blank" href="https://t.co/XioGVdDhmc"><a href="https://t.co/XioGVdDhmc">https://t.co/XioGVdDhmc</a></a><br> https://www.whatsupup.com/blog/boxed/modification/20220105-001616/ Wed, 05 Jan 2022 00:16:15 +0000 https://www.whatsupup.com/blog/boxed/modification/20220105-001616/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#constexpr">constexpr</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#implementation-divergence">implementation-divergence</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#metaprogramming">metaprogramming</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#slack">slack</a><br> Via Mark de Wever on the <a rel="noreferrer" target="_blank" href="https://cppalliance.org/slack/">cpplang Slack</a> : Mark demonstrates how to tell whether a snippet of code is constexpr-friendly or not. ( <a rel="noreferrer" target="_blank" href="https://godbolt.org/z/xfcGGed1n">Godbolt.</a> )<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#concepts">concepts</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#implementation-divergence">implementation-divergence</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#library-design">library-design</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#metaprogramming">metaprogramming</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pitfalls">pitfalls</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#ranges">ranges</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#slack">slack</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220105-001329/ Wed, 05 Jan 2022 00:13:28 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220105-001329/ <p><a rel="noreferrer" target="_blank" href="https://t.co/9rupbgf0GG"><a href="https://t.co/9rupbgf0GG">https://t.co/9rupbgf0GG</a></a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://t.co/bxlEsaQJfs">https://t.co/bxlEsaQJfs</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://t.co/3YQB6k0VHz">https://t.co/3YQB6k0VHz</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220104-161301/ Tue, 04 Jan 2022 16:13:01 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220104-161301/ <a rel="noreferrer" target="_blank" href="https://t.co/MEJXhWQEDF"><a href="https://t.co/MEJXhWQEDF">https://t.co/MEJXhWQEDF</a></a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20220104-160914/ Tue, 04 Jan 2022 16:09:14 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20220104-160914/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/retool-customer-success-dashboard/">See why moving from separate tools to a central workflow for customer information was critical to scaling our customer success operations.</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220104-081224/ Tue, 04 Jan 2022 08:12:24 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220104-081224/ <a rel="noreferrer" target="_blank" href="https://t.co/a5RXCAjgxX"><a href="https://t.co/a5RXCAjgxX">https://t.co/a5RXCAjgxX</a></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220104-041258/ Tue, 04 Jan 2022 04:12:58 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220104-041258/ <p><a rel="noreferrer" target="_blank" href="https://t.co/QfCXv4cUFg"><a href="https://t.co/QfCXv4cUFg">https://t.co/QfCXv4cUFg</a></a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://t.co/fpMaO3eo75">https://t.co/fpMaO3eo75</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220103-201400/ Mon, 03 Jan 2022 20:14:00 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220103-201400/ <p><a rel="noreferrer" target="_blank" href="https://t.co/BfKqLoPuK1"><a href="https://t.co/BfKqLoPuK1">https://t.co/BfKqLoPuK1</a></a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://t.co/EWIFiwNhir">https://t.co/EWIFiwNhir</a><br> https://www.whatsupup.com/blog/baldish/wince/20220103-200946/ Mon, 03 Jan 2022 20:09:45 +0000 https://www.whatsupup.com/blog/baldish/wince/20220103-200946/ <p>Jared Nelsen Software Engineering and Computer Science<br> <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/posts/clojure-post-1/">A Clojure Post</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/author/jared-nelsen">Jared Nelsen</a> | Nov 22, 2021 | <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/categories/clojure">Clojure</a><br> Lots of Clojure posts coming soon!<br> <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/posts/clojure-post-1/">read more</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/author/jared-nelsen">Jared Nelsen</a> | Nov 22, 2021 | <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/categories/industry">Industry</a><br> Utilitarianism - “The morally right action or choice is the one that produces the most good.<br> <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/posts/serve-a-flutter-web-app-from-a-docker-container/">How to Serve a Flutter Web App From a Docker Container</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/author/jared-nelsen">Jared Nelsen</a> | Oct 20, 2020 | <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/categories/flutter">Flutter</a><br> What is Flutter? Flutter is a UI toolkit for building natively compiled applications for mobile, web, and desktop platforms with a single codebase.<br> https://www.whatsupup.com/blog/popularization/compilable/20220103-200831/ Mon, 03 Jan 2022 20:08:30 +0000 https://www.whatsupup.com/blog/popularization/compilable/20220103-200831/ <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/best_paper_awards/">Best Paper Awards</a> in Computer Science conferences<br> https://www.whatsupup.com/blog/gonadal/revving/20220102-162259/ Sun, 02 Jan 2022 16:22:59 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220102-162259/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2008/12/21/datalistsplit/">Data.List.Split</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220102-081306/ Sun, 02 Jan 2022 08:13:06 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220102-081306/ <a rel="noreferrer" target="_blank" href="https://t.co/wrrQgmaxLr"><a href="https://t.co/wrrQgmaxLr">https://t.co/wrrQgmaxLr</a></a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220102-001358/ Sun, 02 Jan 2022 00:13:58 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220102-001358/ <a rel="noreferrer" target="_blank" href="https://t.co/stLUvN0K0a"><a href="https://t.co/stLUvN0K0a">https://t.co/stLUvN0K0a</a></a><br> https://www.whatsupup.com/blog/gonadal/revving/20220101-002248/ Sat, 01 Jan 2022 00:22:47 +0000 https://www.whatsupup.com/blog/gonadal/revving/20220101-002248/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2018/10/06/counting-inversions-with-monoidal-sparks/">Counting inversions with monoidal sparks</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20220101-001906/ Sat, 01 Jan 2022 00:19:06 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20220101-001906/ Dec 17, 2021 <a rel="noreferrer" target="_blank" href="javascript:void(0)">10</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-revolt-against-institutions-is/comments">Comment</a> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> Nov 24, 2021 <a rel="noreferrer" target="_blank" href="javascript:void(0)">10</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/five-ways-china-is-trying-to-unaddict/comments">Comment 2</a> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> https://www.whatsupup.com/blog/novice/millrace/20220101-001541/ Sat, 01 Jan 2022 00:15:41 +0000 https://www.whatsupup.com/blog/novice/millrace/20220101-001541/ <a rel="noreferrer" target="_blank" href="https://mooseyanon.medium.com/github-f-ck-your-name-change-de599033bbbe?source=user_profile---------0-------------------------------">Mar 16, 2021</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20220101-001343/ Sat, 01 Jan 2022 00:13:43 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20220101-001343/ <a rel="noreferrer" target="_blank" href="https://t.co/hYSE0SKR92"><a href="https://t.co/hYSE0SKR92">https://t.co/hYSE0SKR92</a></a><br> https://www.whatsupup.com/blog/augur/cussed/20220101-000938/ Sat, 01 Jan 2022 00:09:37 +0000 https://www.whatsupup.com/blog/augur/cussed/20220101-000938/ Sep 15, 2021<br> https://www.whatsupup.com/blog/gaper/whisky/20211231-161954/ Fri, 31 Dec 2021 16:19:54 +0000 https://www.whatsupup.com/blog/gaper/whisky/20211231-161954/ Sara Soueidan is an independent Web UI and design engineer, author, speaker, and trainer from Lebanon. Currently, she’s working on a new course, "Practical Accessibility," meant to teach devs and designers ways to make their products accessible. We chatted with Sara about front-end web development, the importance of design and her appreciation of birds.<br> https://www.whatsupup.com/blog/phonic/shopboy/20211231-081259/ Fri, 31 Dec 2021 08:12:59 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211231-081259/ <a rel="noreferrer" target="_blank" href="https://t.co/DAP9XNxAT0"><a href="https://t.co/DAP9XNxAT0">https://t.co/DAP9XNxAT0</a></a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211231-001802/ Fri, 31 Dec 2021 00:18:01 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211231-001802/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-first-annual-big-technology-book">The First Annual Big Technology Book Awards</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-first-annual-big-technology-book">Happy new year. Here are Big Technology’s best books of 2021.</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211230-162036/ Thu, 30 Dec 2021 16:20:36 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211230-162036/ December 30, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/12/30/Language-design-considerations.html">Breaking down a small language design proposal</a><br> https://www.whatsupup.com/blog/gaper/whisky/20211230-162030/ Thu, 30 Dec 2021 16:20:30 +0000 https://www.whatsupup.com/blog/gaper/whisky/20211230-162030/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/12/hacks-decoded-sara-soueidan-award-winning-ui-design-engineer-and-author/">Hacks Decoded: Sara Soueidan, Award-Winning UI Design Engineer and Author →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/12/hacks-decoded-sara-soueidan-award-winning-ui-design-engineer-and-author/">Hacks Decoded: Sara Soueidan, Award-Winning UI Design Engineer and Author</a><br> <hr> Sara Soueidan is an independent Web UI and design engineer, author, speaker, and trainer from Lebanon. When Sara isn’t offering keynote speeches at conferences (she’s done so a dozen times) she’s writing books like “Codrops CSS Reference” and “Smashing Book 5.” Currently, she’s working on a new course, "Practical Accessibility," meant to teach devs and designers ways to make their products accessible. In 2015, Sara was voted Developer of the Year in the net awards, and shortlisted for the Outstanding Contribution of the Year award. She also won an O’Reilly Web Platform Award for “exceptional leadership, creativity, and collaboration in the development of JavaScript, HTML, CSS, and the supporting Web ecosystem.” <p>We chatted with Sara about front-end web development, the importance of design and her appreciation of birds.<br></p> https://www.whatsupup.com/blog/phonic/shopboy/20211230-121254/ Thu, 30 Dec 2021 12:12:53 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211230-121254/ Call for startup pitches! –> "Block button, but for real life."<br> https://www.whatsupup.com/blog/ideo/fleury/20211230-000713/ Thu, 30 Dec 2021 00:07:12 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211230-000713/ KrebsOnSecurity.com celebrates its 12th anniversary today! Maybe “celebrate” is too indelicate a word for a year wracked by the global pandemics of COVID-19 and ransomware. Especially since stories about both have helped to grow the audience here tremendously in 2021. But this site’s birthday also is a welcome opportunity to thank you all for your continued readership and support, which helps keep the content here free to everyone.<br> More than seven million unique visitors came to KrebsOnSecurity.com in 2021, generating some 12 million+ pageviews and leaving almost 8,000 comments. We also now have nearly 50,000 subscribers to <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/subscribe/">our email newsletter</a> , which is still just a text-based (non-HTML) email that goes out each time a new story is published here (~2-3 times a week).<br> Back when this site first began 12 years ago, I never imagined it would attract such a level of engagement. Before launching KrebsOnSecurity, I was a tech reporter for washingtonpost.com. For many years, The Post’s website was physically, financially and editorially separate from what the dot-com employees affectionately called “The Dead Tree Edition.” When the two newsrooms finally merged in 2009, my position was eliminated.<br> Happily, the blog I authored for four years at washingtonpost.com — Security Fix — had attracted a sizable readership, and it seemed clear that the worldwide appetite for in-depth news about computer security and cybercrime would become practically insatiable in the coming years.<br> Happier still, The Post offered a severance package equal to six months of my salary. Had they not thrown that lifeline, I doubt I’d have had the guts to go it alone. But at the time, my wife basically said I had six months to make this “blog thing” work, or else find a “real job.”<br> God bless her eternal patience with my adopted occupation, because KrebsOnSecurity has helped me avoid finding a real job for a dozen years now. And hopefully they let me keep doing this, because at this point I’m certainly unqualified to do much else.<br> I’d be remiss if I didn’t take this opportunity to remind Dear Readers that advertisers do help keep the content free here to everyone. For security and privacy reasons, KrebsOnSecurity does not host any third-party content on this site — and this includes the ad creatives, which are simply images or GIFs vetted by Yours Truly and served directly from krebsonsecurity.com.<br> That’s a long-winded way of asking: If you regularly visit KrebsOnSecurity.com with an ad blocker, please consider adding an exception for this site.<br> Thanks again, Dear Readers. Please stay safe, healthy and alert in 2022. See you on the other side!<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/12/happy-12th-birthday-krebsonsecurity-com/">Happy 12th Birthday, KrebsOnSecurity.com!</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20211229-041600/ Wed, 29 Dec 2021 04:16:00 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20211229-041600/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/12/27/Small-Utopia">Locally Optimal</a> · It’s six months since my second Covid shot (team AZ/Moderna) and thus booster time. Which I found out this morning via SMS from my local (BC, Canada) Centre for Disease Control. The registration process was fast and painless. This is exactly the sort of thing we thought we were building the Internet for, and has lessons to teach <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/12/27/Small-Utopia">…</a><br> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/12/12/Series-2021">…</a> [3 comments]<br> https://www.whatsupup.com/blog/buckeroo/doubling/20211229-002122/ Wed, 29 Dec 2021 00:21:21 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211229-002122/ December 28, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/12/28/Starship.gmi">Thoughts on the SpaceX Starship program</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> https://www.whatsupup.com/blog/buckeroo/doubling/20211228-122049/ Tue, 28 Dec 2021 12:20:49 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211228-122049/ December 28, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/12/28/Dont-use-Discord-for-FOSS.html">Please don't use Discord for FOSS projects</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20211228-121337/ Tue, 28 Dec 2021 12:13:36 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211228-121337/ Big news! I just discovered you can get around a Twitter block by opening an Incognito browser window. Or just opening a different browser. Or creating a second Twitter account.<br> https://www.whatsupup.com/blog/boxed/modification/20211228-041626/ Tue, 28 Dec 2021 04:16:25 +0000 https://www.whatsupup.com/blog/boxed/modification/20211228-041626/ <p><a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#concepts">concepts</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#implementation-divergence">implementation-divergence</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#library-design">library-design</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#metaprogramming">metaprogramming</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pitfalls">pitfalls</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#ranges">ranges</a><br> Here’s a C++ riddle for you: When does<br> std::invoke<br> not invoke?<br> struct Incomplete; Incomplete&& give(); void take(Incomplete&&);</p> <p>void okay() { take(give()); // OK, valid C++ }</p> <p>void bad() { std::invoke(take, give()); // UB }<br> Given this code ( <a rel="noreferrer" target="_blank" href="https://godbolt.org/z/4rsf98rqM">Godbolt</a> ), libc++ and Microsoft accept the call to<br> invoke<br> , but libstdc++ rejects with a spew of errors:<br> type_traits:3027:7: error: static_assert failed due to requirement 'std::__is_complete_or_unbounded(std::__type_identity<Incomplete>{})' "each argument type must be a complete class or an unbounded array" static_assert((std::__is_complete_or_unbounded( ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br></p> https://www.whatsupup.com/blog/traveling/splay/20211227-121735/ Mon, 27 Dec 2021 12:17:35 +0000 https://www.whatsupup.com/blog/traveling/splay/20211227-121735/ <a rel="noreferrer" target="_blank" href="https://cn.nytimes.com/science/20211227/james-webb-telescope-launch/">阅读简体中文版</a> <a rel="noreferrer" target="_blank" href="https://cn.nytimes.com/science/20211227/james-webb-telescope-launch/zh-hant/">閱讀繁體中文版</a><br> https://www.whatsupup.com/blog/stratification/pride/20211227-121604/ Mon, 27 Dec 2021 12:16:04 +0000 https://www.whatsupup.com/blog/stratification/pride/20211227-121604/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291618/?p=boingboing&utm_source=boingboing">$41,498 2018 Tesla Model 3</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291553/?p=boingboing&utm_source=boingboing">$52,732 2018 Tesla Model 3</a><br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291539/?p=boingboing&utm_source=boingboing">$650 Official SUPER BOWL XLVlll Heavy weather jacket, NEVER WORN</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291207/?p=boingboing&utm_source=boingboing">$600 Canon EOS R 30.3MP Mirrorless Digital Camera - Black (Body O…</a><br> https://www.whatsupup.com/blog/effete/washstand/20211226-201906/ Sun, 26 Dec 2021 20:19:05 +0000 https://www.whatsupup.com/blog/effete/washstand/20211226-201906/ <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-i-accidentally-built-a-podcast-api-business-46/">How I accidentally built a Podcast API business yesterday · In this article, I’ll share with you the journey of building this API business, the technology behind it, and hopefully you can learn one thing or two and build your own API business in the future. Read more…</a><br> https://www.whatsupup.com/blog/gonadal/revving/20211226-041816/ Sun, 26 Dec 2021 04:18:15 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211226-041816/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2016/09/02/deep-work-and-email-habits/">Deep work and email habits</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20211226-041048/ Sun, 26 Dec 2021 04:10:48 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211226-041048/ <p>How to use Twitter in four easy steps:</p> <ol> <li>Follow based on a single tweet</li> <li>Block based on a single tweet</li> <li>Never read notifications</li> <li>Never tweet QED Merry Christmas<br></li> </ol> https://www.whatsupup.com/blog/seer/hemisphere/20211225-201426/ Sat, 25 Dec 2021 20:14:25 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211225-201426/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-03655-4">Webb telescope blasts off successfully — launching a new era in astronomy</a><br></p> <hr> Hundreds of engineering steps must now take place as the observatory unfurls and travels to its new home.<br> https://www.whatsupup.com/blog/gonadal/revving/20211225-161824/ Sat, 25 Dec 2021 16:18:24 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211225-161824/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2017/06/07/the-typeclassopedia-is-now-up-to-date/">The Typeclassopedia is now up-to-date</a><br> https://www.whatsupup.com/blog/traveling/splay/20211225-161715/ Sat, 25 Dec 2021 16:17:15 +0000 https://www.whatsupup.com/blog/traveling/splay/20211225-161715/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/25/science/james-webb-telescope-launch.html">James Webb Space Telescope Launches on Journey to See the Dawn of Starlight Astronomers were jubilant as the spacecraft made it off the launchpad following decades of delays and cost overruns. The Webb is set to offer a new keyhole into the earliest moments of our universe. By Dennis Overbye and Joey Roulette</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/12/25/science/webb-telescope-launch-nasa/scientists-have-new-tools-to-search-for-conditions-of-life-on-exoplanets">Scientists have new tools to search for conditions of life on exoplanets. This was featured in live coverage. By Dennis Overbye</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/12/25/science/webb-telescope-launch-nasa/what-the-webb-may-teach-us-about-black-holes">What the Webb may teach us about black holes. This was featured in live coverage. By Dennis Overbye</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/25/science/hubble-telescope-vs-webb.html">How the Webb telescope compares with the Hubble. The James Webb Space Telescope will advance astronomy far beyond the vaunted Hubble, which has been humanity’s most powerful space observatory for more than 30 years. By Dennis Overbye</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/12/25/science/webb-telescope-launch-nasa/a-christmas-gift-for-astronomers-the-webb-telescope-lifts-off">A Christmas gift for astronomers: The Webb telescope lifts off. This was featured in live coverage. By Dennis Overbye and Joey Roulette</a><br> https://www.whatsupup.com/blog/traveling/splay/20211225-121657/ Sat, 25 Dec 2021 12:16:56 +0000 https://www.whatsupup.com/blog/traveling/splay/20211225-121657/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/25/science/james-webb-homophobia.html">The telescope stumbled over its own name. Choosing to name NASA’s biggest telescope over James Webb, a former administrator of the space agency, has provoked controversy. By Dennis Overbye</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/12/25/science/webb-telescope-launch-nasa/astronomers-have-a-lot-to-be-anxious-about">Astronomers have a lot to be anxious about. This was featured in live coverage. By Dennis Overbye</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/12/25/science/webb-telescope-launch-nasa/the-webbs-big-bang-science">The Webb’s Big Bang science. This was featured in live coverage. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211225-081851/ Sat, 25 Dec 2021 08:18:50 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211225-081851/ December 25, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/12/25/Use-me-as-a-resource.html">Please use me as a resource</a><br> Before reaching out to me, be aware that I get many emails, and my typical response time can be days or weeks. Please keep that in mind before sending me a question that could be answered with a web search, reading a man page, asking an on-topic IRC channel, etc. I do want to read your email, though, so if in doubt, send it!<br> https://www.whatsupup.com/blog/stratification/pride/20211225-081705/ Sat, 25 Dec 2021 08:17:04 +0000 https://www.whatsupup.com/blog/stratification/pride/20211225-081705/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291553/?p=boingboing&utm_source=boingboing">$52,732 2018 Tesla Model 3</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291539/?p=boingboing&utm_source=boingboing">$650 Official SUPER BOWL XLVlll Heavy weather jacket, NEVER WORN</a><br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291207/?p=boingboing&utm_source=boingboing">$600 Canon EOS R 30.3MP Mirrorless Digital Camera - Black (Body O…</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291502/?p=boingboing&utm_source=boingboing">$225 New 6/6 Double Lap Steel Slide Electric Guitar</a><br> https://www.whatsupup.com/blog/traveling/splay/20211224-121812/ Fri, 24 Dec 2021 12:18:11 +0000 https://www.whatsupup.com/blog/traveling/splay/20211224-121812/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/24/science/webb-telescope-launch-date-livestream.html">How to Watch the James Webb Space Telescope Launch Astronomers have been waiting eagerly for the beginning of the powerful space observatory’s mission, and on Christmas morning they may finally get their wish. By Dennis Overbye and Joey Roulette</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20211224-082046/ Fri, 24 Dec 2021 08:20:46 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20211224-082046/ <a rel="noreferrer" target="_blank" href="https://supporters.eff.org/donate/year-end-challenge--SBD">Year-End Challenge Desktop</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20211224-082044/ Fri, 24 Dec 2021 08:20:44 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20211224-082044/ <a rel="noreferrer" target="_blank" href="https://supporters.eff.org/donate/year-end-challenge--SBD">Year-End Challenge Desktop</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211224-081722/ Fri, 24 Dec 2021 08:17:21 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211224-081722/ December 23, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/12/23/Sustainable-creativity-post-copyright.html">Sustainable creativity in a world without copyright</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20211224-081323/ Fri, 24 Dec 2021 08:13:22 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20211224-081323/ Editors Note:<br> The below numbers were calculated based on both log4j-core and log4j-api, as both were listed on the CVE. Since then, the CVE has been updated with the clarification that only log4j-core is affected.<br> The ecosystem impact numbers for just log4j-core, as of 19th December are over 17,000 packages affected, which is roughly 4% of the ecosystem. 25% of affected packages have fixed versions available. The <a rel="noreferrer" target="_blank" href="https://commondatastorage.googleapis.com/log4j_vulnerability/log4j_top_500_dependents.csv">linked list</a> , which continues to be updated, only includes packages which depend on log4j-core. ## More than 35,000 Java packages, amounting to over 8% of the <a rel="noreferrer" target="_blank" href="https://www.maven.org/">Maven Central repository</a> (the most significant Java package repository), have been impacted by the recently disclosed log4j vulnerabilities ( <a rel="noreferrer" target="_blank" href="https://deps.dev/advisory/GHSA/GHSA-jfh8-c2jp-5v3q">1</a> , <a rel="noreferrer" target="_blank" href="https://deps.dev/advisory/GHSA/GHSA-7rjr-3q55-vv33">2</a> ), with widespread fallout across the software industry. The vulnerabilities allow an attacker to perform remote code execution by exploiting the insecure JNDI lookups feature exposed by the logging library log4j. This exploitable feature was enabled by default in many versions of the library.<br> https://www.whatsupup.com/blog/phonic/shopboy/20211224-081116/ Fri, 24 Dec 2021 08:11:16 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211224-081116/ <a rel="noreferrer" target="_blank" href="https://t.co/HchtZ4bRUx"><a href="https://t.co/HchtZ4bRUx">https://t.co/HchtZ4bRUx</a></a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211224-080823/ Fri, 24 Dec 2021 08:08:23 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211224-080823/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/series-c/">Many startups today fundraise with the goal of getting the most money at the highest valuation possible. But at Retool, we decided to take the opposite strategy.</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20211224-080647/ Fri, 24 Dec 2021 08:06:46 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20211224-080647/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/stop-postponing-things-by-embracing-the-mess">Stop postponing things by embracing the mess</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/critical-effort-why-we-reach-a-goal-or-not">Critical effort: why we reach a goal (or not)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/zone-of-action-do-the-possible-to-do-the-impossible">Zone of Action: Do the possible to do the impossible</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/1-simple-technique-to-train-your-focus">1 simple technique to train your focus</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-change-for-the-better">How to change for the better</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-set-goals-that-work">How to set goals that work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-finally-start-doing-something-about-your-dreams">How to finally start doing something about your dreams</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-avoid-i-ll-do-it-tomorrow">How to avoid “I’ll do it tomorrow”</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/play-the-ultimate-game-your-real-life">Play the ultimate game: your real life</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-real-reason-why-you-get-distracted">The real reason why you get distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/today-shouldnt-suck">Today shouldn’t suck</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted">4 most common ways of getting distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211224-080630/ Fri, 24 Dec 2021 08:06:30 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211224-080630/ “Basically the perfect ending to cybersecurity in 2021 is a 90s style Java vulnerability in an open source module, written by two volunteers with no funding, used by large cybersecurity vendors, undetected until Minecraft chat got pwned, where nobody knows how to respond properly.”<br> The Cybersecurity and Infrastructure Security Agency (CISA) has joined with the FBI , National Security Agency (NSA) and partners abroad in publishing <a rel="noreferrer" target="_blank" href="https://www.cisa.gov/uscert/ncas/alerts/aa21-356a">an advisory</a> to help organizations mitigate Log4Shell and other Log4j-related vulnerabilities.<br> https://www.whatsupup.com/blog/gonadal/revving/20211221-042016/ Tue, 21 Dec 2021 04:20:16 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211221-042016/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2020/07/10/competitive-programming-in-haskell-2d-cross-product-part-1/">Competitive programming in Haskell: 2D cross product, part 1</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211220-202032/ Mon, 20 Dec 2021 20:20:32 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211220-202032/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/20/technology/silicon-valley-cryptocurrency-start-ups.html">The New Get-Rich-Faster Job in Silicon Valley: Crypto Start-Ups Tech executives and engineers are quitting Google, Meta, Amazon and other large companies for what they say is a once-in-generation opportunity with crypto. By Daisuke Wakabayashi and Mike Isaac</a><br> https://www.whatsupup.com/blog/jigging/witherer/20211220-201909/ Mon, 20 Dec 2021 20:19:09 +0000 https://www.whatsupup.com/blog/jigging/witherer/20211220-201909/ <p><a rel="noreferrer" target="_blank" href="https://themarkup.org/donate-stripe?utm_source=stripe">Be part of The Markup’s future. Give now!</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/people/julia-angwin#content">Skip navigation</a><br> <hr> Before founding The Markup, she led investigative teams at ProPublica and The Wall Street Journal. She is the author of “Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance” (Times Books, 2014) and “Stealing MySpace: The Battle to Control the Most Popular Website in America” (Random House, March 2009). She has a B.A. in mathematics from The University of Chicago and an MBA from Columbia University.<br> https://www.whatsupup.com/blog/traveling/splay/20211220-121928/ Mon, 20 Dec 2021 12:19:27 +0000 https://www.whatsupup.com/blog/traveling/splay/20211220-121928/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/20/science/webb-telescope-astronomy.html">Out There Webb Telescope Prepares to Ascend, With an Eye Toward Our Origins The biggest space telescope in history aims to answer astronomy’s oldest question: How did we get from the Big Bang to here? By Dennis Overbye</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211218-162125/ Sat, 18 Dec 2021 16:21:24 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211218-162125/ December 18, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/12/18/Commercial-forks-of-FOSS-projects.html">On commercial forks of FOSS projects</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211218-121943/ Sat, 18 Dec 2021 12:19:42 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211218-121943/ December 18, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/12/18/Commercial-forks-of-FOSS-projects.html">On commercial forks FOSS projects</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20211218-041425/ Sat, 18 Dec 2021 04:14:24 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20211218-041425/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html">Apache Log4j Vulnerability</a><br></p> <hr> Like many other companies, we’re closely following the multiple CVEs regarding Apache Log4j 2. Our security teams are investigating any potential impact on Google products and services and are focused on protecting our users and customers. We encourage anyone who manages environments containing Log4j 2 to update to the <a rel="noreferrer" target="_blank" href="https://logging.apache.org/log4j/2.x/download.html">latest version</a> . Based on findings in our ongoing investigations, here is our list of product and service updates as of December 17th ( <a rel="noreferrer" target="_blank" href="https://nvd.nist.gov/vuln/detail/CVE-2021-44228">CVE-2021-44228</a> & <a rel="noreferrer" target="_blank" href="https://nvd.nist.gov/vuln/detail/CVE-2021-45046">CVE-2021-45046</a> ): Android is not aware of any impact to the Android Platform or Enterprise. At this time, no update is required for this specific vulnerability, but we encourage our customers to ensure that the latest security updates are applied to their devices. Chrome OS releases and infrastructure are not using versions of Log4j affected by the vulnerability. Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. Google Cloud has a <a rel="noreferrer" target="_blank" href="https://cloud.google.com/log4j2-security-advisory">specific advisory</a> dedicated to updating customers on the status of GCP and Workspace products and services. Google Marketing Platform, including Google Ads is not using versions of Log4j affected by the vulnerability. This includes Display & Video 360, Search Ads 360, Google Ads, Analytics (360 and free), Optimize 360, Surveys 360 & Tag Manager 360. YouTube is not using versions of Log4j affected by the vulnerability. We will continue to update this advisory with the latest information.<br> https://www.whatsupup.com/blog/stratification/pride/20211217-201710/ Fri, 17 Dec 2021 20:17:10 +0000 https://www.whatsupup.com/blog/stratification/pride/20211217-201710/ <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104281340/?p=boingboing&utm_source=boingboing">$800 Thomas McKnight Signed Limited Edition Serigraph Print, Medi…</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291343/?p=boingboing&utm_source=boingboing">$83,180 2018 Porsche Panamera</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20211217-201458/ Fri, 17 Dec 2021 20:14:57 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20211217-201458/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html">Understanding the Impact of Apache Log4j Vulnerability</a><br></p> <hr> Posted by James Wetter and Nicky Ringland, Open Source Insights Team<br> More than 35,000 Java packages, amounting to over 8% of the <a rel="noreferrer" target="_blank" href="https://www.maven.org/">Maven Central repository</a> (the most significant Java package repository), have been impacted by the recently disclosed log4j vulnerabilities ( <a rel="noreferrer" target="_blank" href="https://deps.dev/advisory/GHSA/GHSA-jfh8-c2jp-5v3q">1</a> , <a rel="noreferrer" target="_blank" href="https://deps.dev/advisory/GHSA/GHSA-7rjr-3q55-vv33">2</a> ), with widespread fallout across the software industry. The vulnerabilities allow an attacker to perform remote code execution by exploiting the insecure JNDI lookups feature exposed by the logging library log4j. This exploitable feature was enabled by default in many versions of the library.<br> This vulnerability has captivated the information security ecosystem since its disclosure on December 9th because of both its severity and widespread impact. As a popular logging tool, log4j is used by tens of thousands of software packages (known as artifacts in the Java ecosystem) and projects across the software industry. User’s lack of visibility into their dependencies and transitive dependencies has made patching difficult; it has also made it difficult to determine the full blast radius of this vulnerability. Using <a rel="noreferrer" target="_blank" href="https://deps.dev/">Open Source Insights</a> , a project to help understand open source dependencies, we surveyed all versions of all artifacts in the <a rel="noreferrer" target="_blank" href="https://www.maven.org/">Maven Central Repository</a> to determine the scope of the issue in the open source ecosystem of JVM based languages, and to track the ongoing efforts to mitigate the affected packages.<br> How widespread is the log4j vulnerability?<br> As of December 16, 2021, we found that 35,863 of the available Java artifacts from Maven Central depend on the affected log4j code. This means that more than 8% of all packages on Maven Central have at least one version that is impacted by this vulnerability. (These numbers do not encompass all Java packages, such as directly distributed binaries, but Maven Central is a strong proxy for the state of the ecosystem.) As far as ecosystem impact goes, 8% is enormous. The average ecosystem impact of advisories affecting Maven Central is 2%, with the median less than 0.1%.<br> Direct dependencies account for around 7,000 of the affected artifacts, meaning that any of its versions depend upon an affected version of log4j-core or log4j-api, as described in the CVEs. The majority of affected artifacts come from indirect dependencies (that is, the dependencies of one’s own dependencies), meaning log4j is not explicitly defined as a dependency of the artifact, but gets pulled in as a transitive dependency.<br> What is the current progress in fixing the open source JVM ecosystem? We counted an artifact as fixed if the artifact had at least one version affected and has released a greater stable version (according to <a rel="noreferrer" target="_blank" href="http://semver.org/">semantic</a> versioning) that is unaffected. An artifact affected by log4j is considered fixed if it has updated to 2.16.0 or removed its dependency on log4j altogether. At the time of writing, nearly five thousand of the affected artifacts have been fixed. This represents a rapid response and mammoth effort both by the log4j maintainers and the wider community of open source consumers. That leaves over 30,000 artifacts affected, many of which are dependent on another artifact to patch (the transitive dependency) and are likely blocked.<br> Why is fixing the JVM ecosystem hard?<br> Most artifacts that depend on log4j do so indirectly. The deeper the vulnerability is in a dependency chain, the more steps are required for it to be fixed. The following diagram shows a histogram of how deeply an affected log4j package (core or api) first appears in consumers dependency graphs. F or greater than 80% of the packages, the vulnerability is more than one level deep, with a majority affected five levels down (and some as many as nine levels down). These packages will require fixes throughout all parts of the tree, starting from the deepest dependencies first.<br> Another difficulty is caused by ecosystem-level choices in the dependency resolution algorithm and requirement specification conventions. In the Java ecosystem, it’s common practice to specify “ <a rel="noreferrer" target="_blank" href="https://maven.apache.org/pom.html#Dependency_Version_Requirement_Specification">soft</a> ” version requirements — exact versions that are used by the resolution algorithm if no other version of the same package appears earlier in the dependency graph. Propagating a fix often requires explicit action by the maintainers to update the dependency requirements to a patched version. This practice is in contrast to other ecosystems, such as npm, where it’s common for developers to specify open ranges for dependency requirements. Open ranges allow the resolution algorithm to select the most recently released version that satisfies dependency requirements, thereby pulling in new fixes. Consumers can get a patched version on the next build after the patch is available, which propagates up the dependencies quickly. (This approach is not without its drawbacks; pulling in new fixes can also pull in new problems.)<br> How long will it take for this vulnerability to be fixed across the entire ecosystem?<br> It’s hard to say. We looked at all publicly disclosed critical advisories affecting Maven packages to get a sense of how quickly other vulnerabilities have been fully addressed. Less than half (48%) of the artifacts affected by a vulnerability have been fixed, so we might be in for a long wait, likely years. But things are looking promising on the log4j front. After less than a week, 4,620 affected artifacts (~13%) have been fixed. This, more than any other stat, speaks to the massive effort by open source maintainers, information security teams and consumers across the globe.<br> Where to focus next?<br> Thanks and congratulations are due to the open source maintainers and consumers who have already upgraded their versions of log4j. As part of our investigation, we pulled together <a rel="noreferrer" target="_blank" href="https://commondatastorage.googleapis.com/log4j_vulnerability/log4j_top_500_dependents.csv">a list</a> of 500 affected packages with some of the highest transitive usage. If you are a maintainer or user helping with the patching effort, prioritizing these packages could maximize your impact and unblock more of the community. We encourage the open source community to continue to strengthen security in these packages by enabling automated dependency updates and adding security mitigations. Improvements such as these could qualify for financial rewards from the <a rel="noreferrer" target="_blank" href="https://sos.dev/">Secure Open Source Rewards program</a> . You can explore your package dependencies and their vulnerabilities by using <a rel="noreferrer" target="_blank" href="https://deps.dev/">Open Source Insights</a> .<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211217-120849/ Fri, 17 Dec 2021 12:08:49 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211217-120849/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/best-laravel-admin-panels/">In this article, we'll compare a few of the popular Laravel admin panel packages, so you can get a better idea of which one is right for your project.</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211217-081831/ Fri, 17 Dec 2021 08:18:31 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211217-081831/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-revolt-against-institutions-is">The Revolt Against Institutions Is 2021’s Defining Story</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-revolt-against-institutions-is">In 2020 we came to terms with the pandemic, in 2021 we responded.</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20211217-001458/ Fri, 17 Dec 2021 00:14:58 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20211217-001458/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/12/improving-oss-fuzz-and-jazzer-to-catch.html">Improving OSS-Fuzz and Jazzer to catch Log4Shell</a><br></p> <hr> The discovery of the <a rel="noreferrer" target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228">Log4Shell vulnerability</a> has set the internet on fire. Similar to <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Shellshock_(software_bug)">shellshock</a> and <a rel="noreferrer" target="_blank" href="https://heartbleed.com/">heartbleed</a> , Log4Shell is just the latest catastrophic vulnerability in <a rel="noreferrer" target="_blank" href="https://github.com/NCSC-NL/log4shell/tree/main/software">software that runs the internet</a> . Our mission as the Google Open Source Security Team is to secure the open source libraries the world depends on, such as Log4j. One of our capabilities in this space is OSS-Fuzz, a free fuzzing service that is used by over 500 critical open source projects and has found more than <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/oss-fuzz/issues/list?q=type%3Dbug-security%20-status%3Aduplicate%2Cwontfix&can=1">7,000 vulnerabilities</a> in its lifetime. We want to empower open source developers to secure their code on their own. Over the next year we will work on better automated detection of non-memory corruption vulnerabilities such as Log4Shell. We have started this work by partnering with the security company <a rel="noreferrer" target="_blank" href="https://www.code-intelligence.com/">Code Intelligence</a> to <a rel="noreferrer" target="_blank" href="https://github.com/google/oss-fuzz/pull/7016">provide continuous fuzzing for Log4j</a> , as part of OSS-Fuzz. Also as part of this partnership, Code-Intelligence improved their <a rel="noreferrer" target="_blank" href="https://github.com/CodeIntelligenceTesting/jazzer">Jazzer fuzzing engine</a> to make it <a rel="noreferrer" target="_blank" href="https://github.com/CodeIntelligenceTesting/jazzer/blob/3fed476bed7c61370e12062b5b97a939e3c5e591/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/NamingContextLookup.kt#L90">capable of detecting remote JNDI lookups</a> . We have awarded Code Intelligence $25,000 for this effort and will continue to work with them on securing the open source ecosystem.<br> Caption: OSS-Fuzz and Jazzer finding the Log4Shell Vulnerability<br> Vulnerabilities like Log4Shell are an eye-opener for the industry in terms of new attack vectors. With OSS-Fuzz and Jazzer, we can now detect this class of vulnerability so that they can be fixed before they become a problem in production code. Over the past year we have made a number of investments to strengthen the security of critical open source projects, and recently announced our $ <a rel="noreferrer" target="_blank" href="https://blog.google/technology/safety-security/why-were-committing-10-billion-to-advance-cybersecurity/">10 billion commitment to cybersecurity</a> defense including $100 million to support third-party foundations that manage open source security priorities and help fix vulnerabilities. We appreciate the maintainers, security engineers and incident responders that are working to mitigate Log4j and make our internet ecosystem safer. Check out <a rel="noreferrer" target="_blank" href="https://google.github.io/oss-fuzz/getting-started/new-project-guide/jvm-lang/">our documentation</a> to get started using OSS-Fuzz.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20211216-201745/ Thu, 16 Dec 2021 20:17:45 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211216-201745/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/usa-cyber-logging/major-tech-companies-struggle-to-plug-holes-in-logging-software-idUSKBN2IV25F">Major tech companies struggle to plug holes in logging software</a><br></p> <hr> SAN FRANCISCO Some of the world’s largest technology companies are still struggling to make their products safe from a gaping vulnerability in common logging software a week after hackers began trying to exploit it.<br> https://www.whatsupup.com/blog/ideo/fleury/20211216-200638/ Thu, 16 Dec 2021 20:06:38 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211216-200638/ A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities.<br> Truglia <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2021/12/trugliaadmission.png">admitted</a> to a New York federal court that he let a friend use his account at crypto-trading platform Binance in 2018 to launder more than $20 million worth of virtual currency stolen from Michael Terpin , a cryptocurrency investor who co-founded the first angel investor group for bitcoin enthusiasts.<br> Following the theft, Terpin filed a civil lawsuit against Truglia with the Los Angeles Superior court. In May 2019, the jury awarded Terpin a $75.8 million judgment against Truglia. In January 2020, a New York grand jury <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2021/12/trugliaIndictment.pdf">criminally indicted Truglia</a> (PDF) for his part in the crypto theft from Terpin.<br> A SIM card is the tiny, removable chip in a mobile device that allows it to connect to the provider’s network. Customers can legitimately request a SIM swap when their mobile device has been damaged or lost, or when they are switching to a different phone that requires a SIM card of another size.<br> Nicholas Truglia, holding bottle. Image: twitter.com/erupts<br> But fraudulent SIM swaps are frequently abused by scam artists who trick mobile providers into tying a target’s service to a new SIM card and mobile phone controlled by the scammers. Unauthorized SIM swaps often are perpetrated by fraudsters who have already stolen or phished a target’s password, as many financial institutions and online services rely on text messages to send users a one-time code for multi-factor authentication.<br> Compounding the threat, many websites let customers reset their passwords merely by clicking a link sent via SMS to the mobile phone number tied to the account, meaning anyone who controls that phone number can reset the passwords for those accounts.<br> Reached for comment, Terpin said his assailant got off easy.<br> “I am outraged that after nearly four years and hundreds of pages of evidence that the best the prosecutors could recommend was a plea bargain for a single, relatively minor count of the unauthorized use of a Binance exchange account, when all the evidence points toward Truglia being one of two masterminds of a wide-ranging criminal conspiracy to steal crypto from me and others,” Terpin told KrebsOnSecurity.<br> Terpin said public court records already show Truglia bragging about stealing his funds and using it to finance a lavish lifestyle.<br> “He at the very least withdrew 100 bitcoin (worth $1.6 million at the time and nearly $5 million today) from my theft into his wallet at a separate, US-based exchange, and then moved or spent it,” Terpin said. “The fact is that the intentional theft of $24 million, whether taken at the point of a gun in a bank or through a SIM card swap, is a major felony. Truglia should be prosecuted to the fullest extent of the law.”<br> Nicholas Truglia, showing off a diamond-studded Piaget watch while aboard a private jet. Image: twitter.com/erupts.<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/12/ny-man-pleads-guilty-in-20-million-sim-swap-theft/">NY Man Pleads Guilty in $20 Million SIM Swap Theft</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211216-081954/ Thu, 16 Dec 2021 08:19:54 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211216-081954/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/15/business/reddit-ipo.html">Reddit takes its first official step toward going public. The company announced it had confidentially filed paperwork for an I.P.O., but without disclosing financial details. By Mike Isaac</a><br> https://www.whatsupup.com/blog/palpable/mulla/20211216-080607/ Thu, 16 Dec 2021 08:06:06 +0000 https://www.whatsupup.com/blog/palpable/mulla/20211216-080607/ <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2021/12/15/eathena-rumour.html">What it was like to play Ragnarok Online as a computer scientist</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211216-042109/ Thu, 16 Dec 2021 04:21:08 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211216-042109/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/15/business/reddit-ipo.html">Reddit takes first official step toward going public. The company announced it had confidentially filed paperwork for an I.P.O., but without disclosing financial details. By Mike Isaac</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20211216-041626/ Thu, 16 Dec 2021 04:16:26 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20211216-041626/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html">A deep dive into an NSO zero-click iMessage exploi…</a> (Dec)<br> https://www.whatsupup.com/blog/seer/hemisphere/20211215-201604/ Wed, 15 Dec 2021 20:16:04 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211215-201604/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-03765-z">Daily briefing: COVID ‘super-immunity’ might wane over time</a><br></p> <hr> Protection against SARS-CoV-2 might decline over time, even in people who have been infected and vaccinated. Plus, home zookeepers breed insects for rewilding, and Sci-Hub’s court battle in India.<br> https://www.whatsupup.com/blog/spectrometry/obol/20211215-201512/ Wed, 15 Dec 2021 20:15:10 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20211215-201512/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html">A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution</a><br></p> <hr> Posted by Ian Beer & Samuel Groß of Google Project Zero<br> We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and Apple’s Security Engineering and Architecture (SEAR) group for collaborating with us on the technical analysis. The editorial opinions reflected below are solely Project Zero’s and do not necessarily reflect those of the organizations we collaborated with during this research.<br> Earlier this year, Citizen Lab managed to capture an NSO iMessage-based zero-click exploit being used to target a Saudi activist. In this two-part blog post series we will describe for the first time how an in-the-wild zero-click iMessage exploit works.<br> Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we've ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.<br> The vulnerability discussed in this blog post was fixed on September 13, 2021 in <a rel="noreferrer" target="_blank" href="https://support.apple.com/en-us/HT212807">iOS 14.8</a> as CVE-2021-30860.<br> NSO<br> <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/NSO_Group">NSO</a> <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/NSO_Group">Group</a> is one of the <a rel="noreferrer" target="_blank" href="https://www.atlanticcouncil.org/in-depth-research-reports/report/countering-cyber-proliferation-zeroing-in-on-access-as-a-service/">highest-profile providers of "access-as-a-service"</a> , selling packaged hacking solutions which <a rel="noreferrer" target="_blank" href="https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/surveillance-technology-at-the-fair/">enable nation state actors without a home-grown offensive cyber capability to "pay-to-play"</a> , vastly expanding the number of nations with such cyber capabilities.<br> For years, groups like Citizen Lab and Amnesty International have been tracking the use of NSO's mobile spyware package "Pegasus". Despite NSO's claims that they " <a rel="noreferrer" target="_blank" href="https://www.nsogroup.com/governance/human-rights-policy/">[evaluate] the potential for adverse human rights impacts arising from the misuse of NSO products</a> " Pegasus has been linked to <a rel="noreferrer" target="_blank" href="https://citizenlab.ca/2020/01/stopping-the-press-new-york-times-journalist-targeted-by-saudi-linked-pegasus-spyware-operator/">the hacking of the New York Times journalist Ben Hubbard by the Saudi regime</a> , <a rel="noreferrer" target="_blank" href="https://www.amnesty.org/en/latest/research/2019/10/morocco-human-rights-defenders-targeted-with-nso-groups-spyware/">hacking of human rights defenders in Morocco</a> and <a rel="noreferrer" target="_blank" href="https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/">Bahrain</a> , <a rel="noreferrer" target="_blank" href="https://www.amnesty.org/en/latest/research/2018/08/amnesty-international-among-targets-of-nso-powered-campaign/">the targeting of Amnesty International staff</a> and dozens of other cases.<br> Last month the United States added NSO to the "Entity List", severely restricting the ability of US companies to do business with NSO and <a rel="noreferrer" target="_blank" href="https://www.commerce.gov/news/press-releases/2021/11/commerce-adds-nso-group-and-other-foreign-companies-entity-list">stating in a press release</a> that "[NSO's tools] enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent."<br> Citizen Lab was able to recover these Pegasus exploits from an iPhone and therefore this analysis covers NSO's capabilities against iPhone. We are aware that NSO sells similar zero-click capabilities which target Android devices; Project Zero does not have samples of these exploits but if you do, please reach out.<br> From One to Zero<br> In previous cases such as the <a rel="noreferrer" target="_blank" href="https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/">Million Dollar Dissident from 2016</a> , targets were sent links in SMS messages:<br> Screenshots of Phishing SMSs reported to Citizen Lab in 2016<br> source: <a rel="noreferrer" target="_blank" href="https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/">https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/</a><br> The target was only hacked when they clicked the link, a technique known as a one-click exploit. Recently, however, it has been documented that NSO is offering their clients zero-click exploitation technology, where even very technically savvy targets who might not click a phishing link are completely unaware they are being targeted. In the zero-click scenario no user interaction is required. Meaning, t he attacker doesn't need to send phishing messages; the exploit just works silently in the background . Short of not using a device, t here is no way to prevent exploitation by a zero-click exploit; it's a weapon against which there is no defense .<br> One weird trick<br> The initial entry point for Pegasus on iPhone is iMessage. This means that a victim can be targeted just using their phone number or AppleID username.<br> iMessage has native support for GIF images, the typically small and low quality animated images popular in meme culture. You can send and receive GIFs in iMessage chats and they show up in the chat window. Apple wanted to make those GIFs loop endlessly rather than only play once, so very early on in the <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html">iMessage parsing and processing pipeline</a> (after a message has been received but well before the message is shown), iMessage calls the following method in the IMTranscoderAgent process (outside the "BlastDoor" sandbox), passing any image file received with the extension .gif :<br> [IMGIFUtils copyGifFromPath:toDestinationPath:error]<br> Looking at the selector name, the intention here was probably to just copy the GIF file before editing the loop count field, but the semantics of this method are different. Under the hood it uses the CoreGraphics APIs to render the source image to a new GIF file at the destination path. And just because the source filename has to end in .gif , that doesn't mean it's really a GIF file.<br> The ImageIO library, <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/04/fuzzing-imageio.html">as detailed in a previous Project Zero blogpost</a> , is used to guess the correct format of the source file and parse it, completely ignoring the file extension. Using this "fake gif" trick, over 20 image codecs are suddenly part of the iMessage zero-click attack surface, including some very obscure and complex formats, remotely exposing probably hundreds of thousands of lines of code.<br> Note: Apple inform us that they have restricted the available ImageIO formats reachable from IMTranscoderAgent starting in iOS 14.8.1 (26 October 2021), and completely removed the GIF code path from IMTranscoderAgent starting in iOS 15.0 (20 September 2021), with GIF decoding taking place entirely within BlastDoor.<br> A PDF in your GIF<br> NSO uses the "fake gif" trick to target a vulnerability in the CoreGraphics PDF parser.<br> PDF was a popular target for exploitation around a decade ago, due to its ubiquity and complexity. Plus, the availability of javascript inside PDFs made development of reliable exploits far easier. The CoreGraphics PDF parser doesn't seem to interpret javascript, but NSO managed to find something equally powerful inside the CoreGraphics PDF parser...<br> Extreme compression<br> In the late 1990's, bandwidth and storage were much more scarce than they are now. It was in that environment that the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/JBIG2">JBIG2</a> standard emerged. JBIG2 is a domain specific image codec designed to compress images where pixels can only be black or white.<br> It was developed to achieve extremely high compression ratios for scans of text documents and was implemented and used in high-end office scanner/printer devices like the XEROX WorkCenter device shown below. If you used the scan to pdf functionality of a device like this a decade ago, your PDF likely had a JBIG2 stream in it.<br> A Xerox WorkCentre 7500 series multifunction printer, which used JBIG2<br> for its scan-to-pdf functionality<br> source: <a rel="noreferrer" target="_blank" href="https://www.office.xerox.com/en-us/multifunction-printers/workcentre-7545-7556/specifications">https://www.office.xerox.com/en-us/multifunction-printers/workcentre-7545-7556/specifications</a><br> The PDFs files produced by those scanners were exceptionally small, perhaps only a few kilobytes. There are two novel techniques which JBIG2 uses to achieve these extreme compression ratios which are relevant to this exploit:<br> Technique 1: Segmentation and substitution<br> Effectively every text document, especially those written in languages with small alphabets like English or German, consists of many repeated letters (also known as glyphs ) on each page. JBIG2 tries to segment each page into glyphs then uses simple pattern matching to match up glyphs which look the same:<br> Simple pattern matching can find all the shapes which look similar on a page,<br> in this case all the 'e's<br> JBIG2 doesn't actually know anything about glyphs and it isn't doing OCR (optical character recognition.) A JBIG encoder is just looking for connected regions of pixels and grouping similar looking regions together. The compression algorithm is to simply substitute all sufficiently-similar looking regions with a copy of just one of them:<br> Replacing all occurrences of similar glyphs with a copy of just one often yields a document which is still quite legible and enables very high compression ratios<br> In this case the output is perfectly readable but the amount of information to be stored is significantly reduced. Rather than needing to store all the original pixel information for the whole page you only need a compressed version of the "reference glyph" for each character and the relative coordinates of all the places where copies should be made. The decompression algorithm then treats the output page like a canvas and "draws" the exact same glyph at all the stored locations.<br> There's a significant issue with such a scheme: it's far too easy for a poor encoder to accidentally swap similar looking characters, and this can happen with interesting consequences. <a rel="noreferrer" target="_blank" href="http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning">D. Kriesel's blog has some motivating examples</a> where PDFs of scanned invoices have different figures or PDFs of scanned construction drawings end up with incorrect measurements. These aren't the issues we're looking at, but they are one significant reason why JBIG2 is not a common compression format anymore.<br> Technique 2: Refinement coding<br> As mentioned above, the substitution based compression output is lossy. After a round of compression and decompression the rendered output doesn't look exactly like the input. But JBIG2 also supports lossless compression as well as an intermediate "less lossy" compression mode.<br> It does this by also storing (and compressing) the difference between the substituted glyph and each original glyph. Here's an example showing a difference mask between a substituted character on the left and the original lossless character in the middle:<br> Using the XOR operator on bitmaps to compute a difference image<br> In this simple example the encoder can store the difference mask shown on the right, then during decompression the difference mask can be XORed with the substituted character to recover the exact pixels making up the original character. There are some more tricks … https://www.whatsupup.com/blog/alamode/heartsore/20211215-201118/ Wed, 15 Dec 2021 20:11:18 +0000 https://www.whatsupup.com/blog/alamode/heartsore/20211215-201118/ <p><a rel="noreferrer" target="_blank" href="https://signal.org/blog/how-to-build-encrypted-group-calls/">How to build large-scale end-to-end encrypted group video calls</a><br></p> <hr> Signal released <a rel="noreferrer" target="_blank" href="https://signal.org/blog/group-calls/">end-to-end encrypted group calls</a> a year ago, and since then we’ve scaled from support for 5 participants all the way to 40. There is no off the shelf software that would allow us to support calls of that size while ensuring that all communication is end-to-end encrypted, so we built our own open source <a rel="noreferrer" target="_blank" href="https://github.com/signalapp/Signal-Calling-Service">Signal Calling Service</a> to do the job. This post will describe how it works in more detail.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20211215-121754/ Wed, 15 Dec 2021 12:17:53 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211215-121754/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/legal-us-usa-cyber-surveillance/u-s-lawmakers-call-for-sanctions-against-israels-nso-other-spyware-firms-idUSKBN2IU0WM">U.S. lawmakers call for sanctions against Israel's NSO, other spyware firms</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211215-081933/ Wed, 15 Dec 2021 08:19:32 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211215-081933/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/usa-cyber-surveillance/exclusive-u-s-lawmakers-call-for-sanctions-against-israels-nso-other-spyware-firms-idUSKBN2IU0C8">Exclusive-U.S. lawmakers call for sanctions against Israel's NSO, other spyware firms</a><br></p> <hr> WASHINGTON A group of U.S. lawmakers is asking the Treasury Department and State Department to sanction Israeli spyware firm NSO Group and three other foreign surveillance companies they say helped authoritarian governments commit human rights abuses.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20211215-041911/ Wed, 15 Dec 2021 04:19:11 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211215-041911/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/usa-cyber-logging/u-s-cybersecurity-officials-see-mainly-low-impact-attacks-from-logging-flaw-so-far-idUSKBN2IU02L">U.S. cybersecurity officials see mainly low-impact attacks from logging flaw, so far</a><br></p> <hr> SAN FRANCISCO The U.S. agency charged with defending the country against hacking said on Tuesday the majority of attacks it has seen using a recently disclosed flaw in widely used open-source software were minor, with many of them seeking to hijack computing power to mine cryptocurrency.<br> https://www.whatsupup.com/blog/seer/hemisphere/20211215-041806/ Wed, 15 Dec 2021 04:18:05 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211215-041806/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-03751-5">NASA spacecraft ‘touches’ the Sun for the first time ever</a><br></p> <hr> The Parker Solar Probe has passed through a boundary and into the Sun’s atmosphere, gathering data that will help scientists better understand stars.<br> https://www.whatsupup.com/blog/ideo/fleury/20211215-040729/ Wed, 15 Dec 2021 04:07:29 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211215-040729/ John Hultquist , vice president of intelligence analysis at Mandiant , said the company has seen Chinese and Iranian state actors leveraging the log4j vulnerability, and that the Iranian actors are particularly aggressive, having taken part in ransomware operations that may be primarily carried out for disruptive purposes rather than financial gain.<br> “We anticipate other state actors are doing so as well, or preparing to,” Hultquist said. “We believe these actors will work quickly to create footholds in desirable networks for follow-on activity, which may last for some time. In some cases, they will work from a wish list of targets that existed long before this vulnerability was public knowledge. In other cases, desirable targets may be selected after broad targeting.”<br> Researcher Kevin Beaumont had a more lighthearted take on Log4Shell <a rel="noreferrer" target="_blank" href="https://twitter.com/GossiTheDog/status/1470787395805192199">via Twitter</a> :<br> “Basically the perfect ending to cybersecurity in 2021 is a 90s style Java vulnerability in an open source module, written by two volunteers with no funding, used by large cybersecurity vendors, undetected until Minecraft chat got pwned, where nobody knows how to respond properly.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/12/microsoft-patch-tuesday-december-2021-edition/#more-57908">Continue reading →</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20211215-002401/ Wed, 15 Dec 2021 00:24:01 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20211215-002401/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/12/podcast-episode-better-future-starts-secret-codes">A better future starts with secret codes</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20211215-002400/ Wed, 15 Dec 2021 00:23:59 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20211215-002400/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/12/podcast-episode-better-future-starts-secret-codes">A better future starts with secret codes</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20211215-001708/ Wed, 15 Dec 2021 00:17:08 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211215-001708/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-03758-y">Giant cracks push imperilled Antarctic glacier closer to collapse</a><br></p> <hr> The demise of part of the huge Thwaites Glacier would hasten sea-level rise.<br> https://www.whatsupup.com/blog/phonic/shopboy/20211215-001243/ Wed, 15 Dec 2021 00:12:43 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211215-001243/ Are the transcriptions auto-generated by Microsoft?<br> https://www.whatsupup.com/blog/ideo/fleury/20211215-000713/ Wed, 15 Dec 2021 00:07:11 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211215-000713/ Microsoft , Adobe , and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. But this month’s Patch Tuesday is overshadowed by the “ Log4Shell ” 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.<br> Log4Shell is the name picked for a critical flaw disclosed Dec. 9 in the popular logging library for Java called “ log4j ,” which is included in a huge number of Java applications. Publicly released exploit code allows an attacker to force a server running a vulnerable log4j library to execute commands, such as downloading malicious software or opening a backdoor connection to the server.<br> According to researchers at Lunasec , many, many services are vulnerable to this exploit.<br> “Cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable,” Lunasec <a rel="noreferrer" target="_blank" href="https://www.lunasec.io/docs/blog/log4j-zero-day/">wrote</a> . “Anybody using Apache Struts is likely vulnerable. We’ve seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach. An extensive list of responses from impacted organizations has been compiled <a rel="noreferrer" target="_blank" href="https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592">here</a> .”<br> “If you run a server built on open-source software, there’s a good chance you are impacted by this vulnerability,” said Dustin Childs of Trend Micro’s Zero Day Initiative. “Check with all the vendors in your enterprise to see if they are impacted and what patches are available.”<br> Part of the difficulty in patching against the Log4Shell attack is identifying all of the vulnerable web applications, said Johannes Ullrich , an incident handler and blogger for the SANS Internet Storm Center . “Log4Shell will continue to haunt us for years to come. Dealing with log4shell will be a marathon,” Ullrich said. “Treat it as such.” SANS has <a rel="noreferrer" target="_blank" href="https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/">a good walk-through</a> of how simple yet powerful the exploit can be.<br> “Basically the perfect ending to cybersecurity in 2021 is a 90s style Java vulnerability in an open source module, written by two volunteers with no funding, used by large cybersecurity vendors, undetected until Minecraft chat got pwned, where nobody knows how to respond properly,” researcher Kevin Beaumont <a rel="noreferrer" target="_blank" href="https://twitter.com/GossiTheDog/status/1470787395805192199">quipped</a> on Twitter. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/12/microsoft-patch-tuesday-december-2021-edition/#more-57908">Continue reading →</a><br> The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware. It also found affected hospitals had tens of thousands of outdated Windows 7 systems, and that the health system’s IT administrators failed to respond to multiple warning signs that a massive attack was imminent.<br> PWC’s timeline of the days leading up to the deployment of Conti ransomware on May 14.<br> Ireland’s Health Service Executive (HSE), which operates the country’s public health system, got hit with <a rel="noreferrer" target="_blank" href="https://www.cisa.gov/uscert/ncas/alerts/aa21-265a">Conti ransomware</a> on May 14, 2021. A timeline in the report (above) says the initial infection of the “patient zero” workstation happened on Mar. 18, 2021, when an employee on a Windows computer opened a booby-trapped Microsoft Excel document in a phishing email that had been sent two days earlier.<br> Less than a week later, the attacker had established a reliable backdoor connection to the employee’s infected workstation. After infecting the system, “the attacker continued to operate in the environment over an eight week period until the detonation of the Conti ransomware on May 14, 2021,” the report states.<br> According to <a rel="noreferrer" target="_blank" href="https://www.hse.ie/eng/services/publications/conti-cyber-attack-on-the-hse-full-report.pdf">PWC’s report</a> (PDF), there were multiple warnings about a serious network intrusion, but those red flags were either misidentified or not acted on quickly enough:<br> On Mar. 31, 2021, the HSE’s antivirus software detected the execution of two software tools commonly used by ransomware groups — <a rel="noreferrer" target="_blank" href="https://www.secureworks.com/blog/detecting-cobalt-strike-cybercrime-attacks">Cobalt Strike</a> and <a rel="noreferrer" target="_blank" href="https://www.secureworks.com/blog/detecting-cobalt-strike-cybercrime-attacks">Mimikatz</a> — on the Patient Zero Workstation. But the antivirus software was set to monitor mode, so it did not block the malicious commands.”<br> On May 7, the attacker compromised the HSE’s servers for the first time, and over the next five days the intruder would compromise six HSE hospitals. On May 10, one of the hospitals detected malicious activity on its Microsoft Windows Domain Controller, a critical “keys to the kingdom” component of any Windows enterprise network that manages user authentication and network access.<br> On 10 May 2021, security auditors first identified evidence of the attacker compromising systems within Hospital C and Hospital L. Hospital C’s antivirus software detected Cobalt Strike on two systems but failed to quarantine the malicious files.<br> On May 13, the HSE’s antivirus security provider emailed the HSE’s security operations team, highlighting unhandled threat events dating back to May 7 on at least 16 systems. The HSE Security Operations team requested that the Server team restart servers.<br> By then it was too late. At just after midnight Ireland time on May 14, the attacker executed the Conti ransomware within the HSE. The attack <a rel="noreferrer" target="_blank" href="https://cyberlaw.ccdcoe.org/wiki/Health_Service_Executive_ransomware_attack_(2021)">disrupted services at several Irish hospitals</a> and resulted in the near complete shutdown of the HSE’s national and local networks, forcing the cancellation of many outpatient clinics and healthcare services. The number of appointments in some areas dropped by up to 80 percent.”<br> Conti initially demanded USD $20 million worth of virtual currency in exchange for a digital key to unlock HSE servers compromised by the group. But perhaps in response to the public outcry over the HSE disruption, Conti reversed course and gave the HSE the decryption keys without requiring payment.<br> Still, the work to restore infected systems would take months. The HSE ultimately enlisted members of the Irish military to bring in laptops and PCs to help restore computer systems by hand. It wasn’t until September 21, 2021 that the HSE declared 100 percent of its servers were decrypted.<br> As bad as the HSE ransomware attack was, the PWC report emphasizes that it could have been far worse. For example, it is unclear how much data would have been unrecoverable if a decryption key had not become available as the HSE’s backup infrastructure was only periodically backed up to offline tape.<br> The attack also could have been worse, the report found:<br> if there had been intent by the Attacker to target specific devices within the HSE environment (e.g. medical devices);<br> if the ransomware took actions to destroy data at scale;<br> if the ransomware had auto-propagation and persistence capabilities, for example by using an exploit to propagate across domains and trust-boundaries to medical devices (e.g. the EternalBlue exploit used by the WannaCry and NotPetya15 attacks);<br> if cloud systems had also been encrypted such as the COVID-19 vaccination system<br> The PWC report contains numerous recommendations, most of which center around hiring new personnel to lead the organization’s redoubled security efforts. But it is clear that the HSE has an enormous amount of work ahead <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2015/04/whats-your-security-maturity-level/">to grow in security maturity</a> . For example, the report notes the HSE’s hospital network had over 30,000 Windows 7 workstations that were deemed end of life by the vendor.<br> “The HSE assessed its cybersecurity maturity rating as low,” PWC wrote. “For example, they do not have a CISO or a Security Operations Center established.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/12/inside-irelands-public-healthcare-ransomware-scare/#more-57854">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/12/inside-irelands-public-healthcare-ransomware-scare/">Inside Ireland’s Public Healthcare Ransomware Scare</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20211214-201504/ Tue, 14 Dec 2021 20:15:03 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20211214-201504/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/12/empowering-next-generation-of-android.html">Empowering the next generation of Android Application Security Researchers</a><br></p> <hr> Posted by Jon Bottarini, Security Program Manager & Lena Katib, Strategic Partnerships Manager<br> The external security researcher community plays an integral role in making the Google Play ecosystem safe and secure. Through this partnership with the community, Google has been able to collaborate with third-party developers to fix thousands of security issues in Android applications before they are exploited and reward security researchers for their hard work and dedication.<br> In order to empower the next generation of Android security researchers, Google has collaborated with industry partners including <a rel="noreferrer" target="_blank" href="https://www.hackerone.com/">HackerOne</a> and PayPal to host a number of Android App Hacking Workshops. These workshops are an effort designed to educate security researchers and cybersecurity students of all skill levels on how to find Android application vulnerabilities through a series of hands-on working sessions, both in-person and virtual.<br> Through these workshops, we’ve seen attendees from groups such as <a rel="noreferrer" target="_blank" href="https://merrittsecurity.com/">Merritt College's cybersecurity program</a> and alumni of <a rel="noreferrer" target="_blank" href="https://www.hackthehood.org/">Hack the Hood</a> go on to report real-world security vulnerabilities to the <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/about/rules/5604090422493184">Google Play Security Rewards program</a> . This reward program is designed to identify and mitigate vulnerabilities in apps on Google Play, and keep Android users, developers and the Google Play ecosystem safe.<br> Today, we are releasing our slide deck and workshop materials, including source code for a custom-built Android application that allows you to test your Android application security skills in a variety of capture the flag style challenges.<br> These materials cover a wide range of techniques for finding vulnerabilities in Android applications. Whether you’re just getting started or have already found many bugs - chances are you’ll learn something new from these challenges! If you get stuck and need a hint on solving a challenge, the solutions for each are available in the Android App Hacking Workshop <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/learn/presentations/5783688075542528">here</a> .<br> As you work through the challenges and learn more about the techniques and tips described in our workshop materials, we’d love to <a rel="noreferrer" target="_blank" href="https://forms.gle/DUA1tNpaLCLR21h87">hear your feedback</a> .<br> Additional Resources:<br> If you want to learn more about how to prepare, launch, and run a Vulnerability Disclosure Program (VDP) or discover how to work with external security researchers, check out our VDP course <a rel="noreferrer" target="_blank" href="https://security.googleblog.com">here</a> .<br> If you’re a developer looking to build more secure applications, check out Android app security best practices <a rel="noreferrer" target="_blank" href="https://developer.android.com/topic/security/best-practices">here</a> .<br> Labels: <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/android">android</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/google%20play">google play</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/hacking">hacking</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/security%20rewards%20program">security rewards program</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/VDP">VDP</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/workshop">workshop</a><br> https://www.whatsupup.com/blog/traveling/splay/20211214-162002/ Tue, 14 Dec 2021 16:20:02 +0000 https://www.whatsupup.com/blog/traveling/splay/20211214-162002/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/14/science/james-webb-telescope-launch.html">Out There Why the World’s Astronomers Are Very, Very Anxious Right Now The James Webb Space Telescope is endowed with the hopes and trepidations of a generation of astronomers. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211214-162001/ Tue, 14 Dec 2021 16:20:01 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211214-162001/ December 14, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/12/14/Linux-Mint-and-elementary-OS.html">Impressions of Linux Mint & elementary OS</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20211214-161709/ Tue, 14 Dec 2021 16:17:08 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211214-161709/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-03705-x">The loss of the world’s frozen places</a><br></p> <hr> Two very different books explore the past, present and future of glaciers.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20211214-001917/ Tue, 14 Dec 2021 00:19:17 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211214-001917/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/usa-cyber-vulnerability/widely-used-software-with-key-vulnerability-sends-cyber-defenders-scrambling-idUKKBN2IS1Y6">Widely used software with key vulnerability sends cyber defenders scrambling</a><br></p> <hr> WASHINGTON A newly discovered vulnerability in a widely used software library is causing mayhem on the internet, forcing cyber defenders to scramble as hackers rush to exploit the weakness.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/usa-cyber-vulnerability/update-1-widely-used-software-with-key-vulnerability-sends-cyber-defenders-scrambling-idUSL1N2SY2PA">UPDATE 1-Widely used software with key vulnerability sends cyber defenders scrambling</a><br> <hr> WASHINGTON, Dec 13 A newly discovered vulnerability in a widely used software library is causing mayhem on the internet, forcing cyber defenders to scramble as hackers rush to exploit the weakness.<br> https://www.whatsupup.com/blog/sideswiped/tuftily/20211213-001653/ Mon, 13 Dec 2021 00:16:52 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20211213-001653/ <p>Broken Earth<br> ,<br> The Expanse<br> Merchant Princes/Empire Games<br> Neapolitan Novels<br> The Sandman<br> Sandman Slim<br> Trickster Trilogy<br> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/12/12/Series-2021">…</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/12/03/Filtering-Lessons">Filtering Lessons</a> · Last week, AWS <a rel="noreferrer" target="_blank" href="https://aws.amazon.com/about-aws/whats-new/2021/11/aws-lambda-event-filtering-amazon-sqs-dynamodb-kinesis-sources/">announced</a> ( <a rel="noreferrer" target="_blank" href="https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html">docs</a> , <a rel="noreferrer" target="_blank" href="https://aws.amazon.com/blogs/compute/filtering-event-sources-for-aws-lambda-functions/">blog</a> ) event filtering for Lambdas reading from SQS, DynamoDB, and Kinesis. Lambda’s new filtering is consistent with <a rel="noreferrer" target="_blank" href="https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns.html">EventBridge’s</a> . Also announced was <a rel="noreferrer" target="_blank" href="https://aws.amazon.com/blogs/aws/new-use-amazon-s3-event-notifications-with-amazon-eventbridge/">faster, slicker, cheaper S3/EventBridge integration</a> . These features rely on software I helped write. The problem turns out to be more interesting than you might expect, by a factor of 10¹² or so. I think it’d be really great if the code were open-sourced <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/12/03/Filtering-Lessons">...</a> [4 comments]<br> https://www.whatsupup.com/blog/tularemic/yahweh/20211212-040812/ Sun, 12 Dec 2021 04:08:12 +0000 https://www.whatsupup.com/blog/tularemic/yahweh/20211212-040812/ <a rel="noreferrer" target="_blank" href="https://zdoom.org/index">GZDoom</a> is the fanciest way to play Doom. Unfortunately, it has also historically been difficult to recommend to newcomers, because its default settings are… questionable .<br> Conspicuously, for over a decade, it defaulted to traditional Doom movement keys (no WASD ) and no mouselook. I am overjoyed to discover that this is no longer the case, and it plays like a god damn FPS out of the box, but there are still a few twiddles that need twiddling. Mostly the texture filtering. Christ, the texture filtering.<br> Anyway GZDoom has a lot of options, so here is a handy list of the important ones. There are fewer than I expected, which is good.<br> <a rel="noreferrer" target="_blank" href="https://eev.ee/blog/2021/12/11/recommended-gzdoom-settings/">Recommended GZDoom settings</a><br> https://www.whatsupup.com/blog/boxed/modification/20211212-001623/ Sun, 12 Dec 2021 00:16:23 +0000 https://www.whatsupup.com/blog/boxed/modification/20211212-001623/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#llvm">llvm</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#sre">sre</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#web">web</a><br> Over the past two weeks, Anton Korobeynikov migrated all of the LLVM project’s issues (both open and closed) from <a rel="noreferrer" target="_blank" href="https://bugs.llvm.org/">the old LLVM Bugzilla</a> to the new <a rel="noreferrer" target="_blank" href="https://github.com/llvm/llvm-project/issues/">llvm/llvm-project GitHub repo</a> . The migration is now <a rel="noreferrer" target="_blank" href="https://docs.google.com/document/d/11_3rgYuv-QO0g1oO6T0MmkFhacqJg6o24eWFFVNSX_o/edit">complete</a> .<br> https://www.whatsupup.com/blog/sited/implore/20211211-121751/ Sat, 11 Dec 2021 12:17:50 +0000 https://www.whatsupup.com/blog/sited/implore/20211211-121751/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/11/business/congress-tech-regulation.html">News Analysis Congress, Far From ‘a Series of Tubes,’ Is Still Nowhere Near Reining In Tech Holding a hearing that humbles the most powerful business executives in the world is much easier than legislating. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20211211-041419/ Sat, 11 Dec 2021 04:14:18 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20211211-041419/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/11/30/AWS-Reinvent-opening">Listening to re:Invent</a> · This is the week that AWS owns the tech news cycle because anyone who cares about it is watching the stories coming out of the re:Invent conference. I watched Adam Selipsky’s keynote this morning and it looks like AWS is moving in a very traditional direction for tech companies: Away from tech-first, towards business-first. Which is inevitable but also dangerous <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/11/30/AWS-Reinvent-opening">…</a> [5 comments]<br> https://www.whatsupup.com/blog/rubicundity/envenomation/20211210-200727/ Fri, 10 Dec 2021 20:07:26 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20211210-200727/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/critical-effort-why-we-reach-a-goal-or-not">Critical effort: why we reach a goal (or not)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/zone-of-action-do-the-possible-to-do-the-impossible">Zone of Action: Do the possible to do the impossible</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/1-simple-technique-to-train-your-focus">1 simple technique to train your focus</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-change-for-the-better">How to change for the better</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-set-goals-that-work">How to set goals that work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-finally-start-doing-something-about-your-dreams">How to finally start doing something about your dreams</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-avoid-i-ll-do-it-tomorrow">How to avoid “I’ll do it tomorrow”</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/play-the-ultimate-game-your-real-life">Play the ultimate game: your real life</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-real-reason-why-you-get-distracted">The real reason why you get distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/today-shouldnt-suck">Today shouldn’t suck</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted">4 most common ways of getting distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/lienholder/alcoholism/20211210-162118/ Fri, 10 Dec 2021 16:21:17 +0000 https://www.whatsupup.com/blog/lienholder/alcoholism/20211210-162118/ Yesterday, <a rel="noreferrer" target="_blank" href="https://adventofcode.com/2021">Advent of Code</a> had <a rel="noreferrer" target="_blank" href="https://adventofcode.com/2021/day/9">an interesting problem</a> : given the heightmap of a lava cave, compute the lowest points and the size of their basins (connected regions).<br> Let’s do this in <a rel="noreferrer" target="_blank" href="https://mlochbaum.github.io/BQN/">BQN</a> again, as this problem teaches some good ways to think in array languages.<br> First, let’s load the input data into a matrix:<br> d ← > '0' -˜ •FLines"day09"<br> We subtract the ASCII lines from the character<br> 0<br> to get numerical rows. The merge function (<br> ) then converts this list-of-lists into a 2-dimensional array. For the sample data, we get:<br> ┌─ ╵ 2 1 9 9 9 4 3 2 1 0 3 9 8 7 8 9 4 9 2 1 9 8 5 6 7 8 9 8 9 2 8 7 6 7 8 9 6 7 8 9 9 8 9 9 9 6 5 6 7 8 ┘<br> A low point is a point that is lower than every orthogonally adjacent point. Thanks to array progamming, we can solve this for the whole matrix at once without any loops!<br> The core idea is to shift the array into each cardinal direction, and then compute the minimum of these arrays. If the original array is smaller then the array of the minimums, it’s a low point.<br> By default, shifting (<br> «<br> »<br> ) in BQN inserts zeroes for numerical arrays. But since we are looking for the minimum, we need to shift in a value that is higher than any. We can simply use<br> ∞<br> So, to shift in<br> from the left, we use:<br> ∞»˘d ┌─ ╵ ∞ 2 1 9 9 9 4 3 2 1 ∞ 3 9 8 7 8 9 4 9 2 ∞ 9 8 5 6 7 8 9 8 9 ∞ 8 7 6 7 8 9 6 7 8 ∞ 9 8 9 9 9 6 5 6 7 ┘<br> Unfortunately, shifting from the top is not so easy:<br> ∞»d Error: shift: =𝕨 must be =𝕩 or ¯1+=𝕩 (0≡=𝕨, 2≡=𝕩) at ∞»d<br> We need would need to make a list of<br> long enough to agree with the array width:<br> (∞¨⊏d)»d ┌─ ╵ ∞ ∞ ∞ ∞ ∞ ∞ ∞ ∞ ∞ ∞ 2 1 9 9 9 4 3 2 1 0 3 9 8 7 8 9 4 9 2 1 9 8 5 6 7 8 9 8 9 2 8 7 6 7 8 9 6 7 8 9 ┘<br> However, since we need to do this on every side, we can also look at the problem differently: we shift in from the left under rotation by 0, 90, 180, 270 degrees.<br> How do we “rotate” a matrix? We reverse the rows (<br> ) and then transpose (<br> ⍉<br> ) it.<br> ⍉⌽d ┌─ ╵ 9 8 9 3 2 8 7 8 9 1 9 6 5 8 9 9 7 6 7 9 9 8 7 8 9 6 9 8 9 4 5 6 9 4 3 6 7 8 9 2 7 8 9 2 1 8 9 2 1 0 ┘<br> By using the repeat modifier (<br> ) we can easily rotate several times.<br> (⍉∘⌽⍟(↕4)) d ┌─ · ┌─ ┌─ ┌─ ┌─ ╵ 2 1 9 9 9 4 3 2 1 0 ╵ 9 8 9 3 2 ╵ 8 7 6 5 6 9 9 9 8 9 ╵ 0 1 2 9 8 3 9 8 7 8 9 4 9 2 1 8 7 8 9 1 9 8 7 6 9 8 7 6 7 8 1 2 9 8 7 9 8 5 6 7 8 9 8 9 2 9 6 5 8 9 2 9 8 9 8 7 6 5 8 9 2 9 8 7 6 8 7 6 7 8 9 6 7 8 9 9 7 6 7 9 1 2 9 4 9 8 7 8 9 3 3 4 9 6 5 9 8 9 9 9 6 5 6 7 8 9 8 7 8 9 0 1 2 3 4 9 9 9 1 2 4 9 8 9 6 ┘ 6 9 8 9 4 ┘ 9 8 7 8 9 5 6 9 4 3 9 7 6 7 9 6 7 8 9 2 9 8 5 6 9 7 8 9 2 1 1 9 8 7 8 8 9 2 1 0 2 3 9 8 9 ┘ ┘ ┘<br> Finally, we perform the shift operation under (<br> ⌾<br> ) the rotation, that is, BQN rotates the array, does the shift, and knows how to undo the rotation!<br> ┌─ · ┌─ ┌─ ┌─ ┌─ ╵ ∞ 2 1 9 9 9 4 3 2 1 ╵ 3 9 8 7 8 9 4 9 2 1 ╵ 1 9 9 9 4 3 2 1 0 ∞ ╵ ∞ ∞ ∞ ∞ ∞ ∞ ∞ ∞ ∞ ∞ ∞ 3 9 8 7 8 9 4 9 2 9 8 5 6 7 8 9 8 9 2 9 8 7 8 9 4 9 2 1 ∞ 2 1 9 9 9 4 3 2 1 0 ∞ 9 8 5 6 7 8 9 8 9 8 7 6 7 8 9 6 7 8 9 8 5 6 7 8 9 8 9 2 ∞ 3 9 8 7 8 9 4 9 2 1 ∞ 8 7 6 7 8 9 6 7 8 9 8 9 9 9 6 5 6 7 8 7 6 7 8 9 6 7 8 9 ∞ 9 8 5 6 7 8 9 8 9 2 ∞ 9 8 9 9 9 6 5 6 7 ∞ ∞ ∞ ∞ ∞ ∞ ∞ ∞ ∞ ∞ 8 9 9 9 6 5 6 7 8 ∞ 8 7 6 7 8 9 6 7 8 9 ┘ ┘ ┘ ┘ ┘<br> Now we insert (<br> ´<br> ) the minimum function (<br> ⌊<br> ) between these arrays and compute the minimum at each position:<br> ⌊´{∞⊸»˘⌾(⍉∘⌽⍟𝕩)d}¨↕4 ┌─ ╵ 1 2 1 7 4 3 2 1 0 1 2 1 5 6 7 4 3 2 1 0 3 5 6 5 6 7 4 7 2 1 7 6 5 6 7 6 5 6 7 2 8 7 6 7 6 5 6 5 6 7 ┘<br> The positions where the original array<br> is still smaller are the low points, and we store them for part 2.<br> l ← d < ⌊´{∞⊸»˘⌾(⍉∘⌽⍟𝕩)d}¨↕4 ┌─ ╵ 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 ┘<br> To finish part 1, we need to compute the risk level for each low point, which is 1 plus the height. So compute that:<br> (1+d)×l ┌─ ╵ 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 ┘<br> Finally, we compute the end result by deshaping (<br> ⥊<br> ) the array into a single long list and summing it up:<br> +´⥊(1+d)×l 15<br> This concludes part 1.<br> Part 2 is less straight forward. We need to compute the basins around every low point, which is the area limited by the points of height 9.<br> Since we need to compute the size for each basin in the end, we need to know which point belongs to which basin. To get started, we first give each low point a unique number. One way to do this is to assign an index to each position and just use those that are used in the low point array.<br> In BQN, the shape (<br> ≢<br> ) of an array is the list of sizes for each axis:<br> ≢d ⟨ 5 10 ⟩<br> We count up to the product of these values and add one (to avoid numbering a basin with 0, which will be used for the basin limits). Then, we multiply this with the array of low points so all ones in it get turned into a unique basin index. We perform the multiplication under deshape, so we keep the shape of the input data:<br> s ← (1+↕×´≢d) ×⌾⥊ l ┌─ ╵ 0 2 0 0 0 0 0 0 0 10 0 0 0 0 0 0 0 0 0 0 0 0 23 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 47 0 0 0 ┘<br> Here’s the main idea how to solve part 2: we incrementally grow these areas by adding their neighbors until the whole array is filled. For one step, we do this with a function<br> Rise<br> Rise ← (d≠9)⊸×(»⌈«⌈«˘⌈»˘⌈⊣)<br> Here, shifting in zeroes is good enough, so we can use the monadic shift functions. The train at the end computes the maximum (<br> ⌈<br> ) of the four shifted versions and the array itself (<br> ⊣<br> ). We multiply it with a matrix that is 0 where the depth is 9, so the basin limits will be constantly zero.<br> Let’s run it once and twice to see how it works:<br> Rise s ┌─ ╵ 2 2 0 0 0 0 0 0 10 10 0 0 23 0 0 0 0 0 0 10 0 23 23 23 0 0 0 0 0 0 0 0 23 0 0 0 47 0 0 0 0 0 0 0 0 47 47 47 0 0 ┘ Rise⍟2 s ┌─ ╵ 2 2 0 0 0 0 0 10 10 10 2 0 23 23 0 0 0 0 10 10 0 23 23 23 23 0 0 0 0 10 0 23 23 23 0 0 47 47 0 0 0 0 0 0 0 47 47 47 47 0 ┘<br> As you can see, row 1 colum 3 does not get filled by basin #2 since it has height 9.<br> Now we could just iterate this step a often enough, or actually only until we reach a fixpoint; that is, applying<br> again doesn’t change the value anymore.<br> A simple way to implement a fixpoint operator is<br> _fix ← { 𝕩 ≡ 𝔽 𝕩 ? 𝕩 ; 𝕊 𝔽 𝕩 }<br> Let’s compute the filled map:<br> Rise _fix s ┌─ ╵ 2 2 0 0 0 10 10 10 10 10 2 0 23 23 23 0 10 0 10 10 0 23 23 23 23 23 0 47 0 10 23 23 23 23 23 0 47 47 47 0 0 23 0 0 0 47 47 47 47 47 ┘<br> Now, we just need to compute the sizes of the basins, which means computing a histogram of the basin numbers. We deshape the array again, and only keep all values bigger than zero:<br> m ← ⥊ Rise _fix s (m>0)/m ⟨ 2 2 10 10 10 10 10 2 23 23 23 10 10 10 23 23 23 23 23 47 10 23 23 23 23 23 47 47 47 23 47 47 47 47 47 ⟩<br> With the nice group indices function (<br> ⊔<br> ), we can count how often each value appears:<br> ≠¨⊔(m>0)/m ⟨ 0 0 3 0 0 0 0 0 0 0 9 0 0 0 0 0 0 0 0 0 0 0 0 14 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 9 ⟩<br> Finally, let’s compute the three largest values by sorting in descending order (<br> ∨<br> ) and taking the first three entries (<br> ↑<br> 3↑∨≠¨⊔(m>0)/m ⟨ 14 9 9 ⟩<br> We then multiply this together and get the result for part 2:<br> ×´3↑∨≠¨⊔(m>0)/m 1134<br> NP: The New Basement Tapes—Quick Like a Flash<br> https://www.whatsupup.com/blog/stratification/pride/20211210-121754/ Fri, 10 Dec 2021 12:17:53 +0000 https://www.whatsupup.com/blog/stratification/pride/20211210-121754/ <p>Interested in items for sale?<br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/?p=boingboing&utm_source=boingboing&utm_content=widget-header">POST FOR FREE, GET FEATURED HERE</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104289182/?p=boingboing&utm_source=boingboing">$21,000 Patek Philippe Calatrava Gray Clous de Paris White Gold Box/...</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104290229/?p=boingboing&utm_source=boingboing">$22,500 1936 Ford Truck</a><br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104290242/?p=boingboing&utm_source=boingboing">$15,000 18K PANTHER</a> <a rel="noreferrer" target="_blank" href="https://sellwild.com/itemDetail/104291098/?p=boingboing&utm_source=boingboing">$1,000 BMW RIMS</a><br> <a rel="noreferrer" target="_blank" href="https://sellwild.com/post?p=boingboing&utm_source=boingboing&utm_content=watermark-popover">These for sale listings + lightweight ads are from the Sellwild Marketplace. Click to sell your own items for FREE (featured here & on other top sites with millions of daily users).</a><br> https://www.whatsupup.com/blog/traveling/splay/20211210-082007/ Fri, 10 Dec 2021 08:20:07 +0000 https://www.whatsupup.com/blog/traveling/splay/20211210-082007/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/12/10/espanol/no-miren-arriba-pelicula.html">Allá afuera Los riesgos de informarle al mundo sobre la posibilidad de un apocalipsis Una nueva película sobre un cometa asesino revive los recuerdos de un debate en la sala de redacción de The New York Times hace dos décadas. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211210-041830/ Fri, 10 Dec 2021 04:18:29 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211210-041830/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/standing-up-for-us-plebs-amazon-leaders">“Standing Up For Us Plebs.” Amazon Leaders Reject Policy To Push Employees Out.</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/standing-up-for-us-plebs-amazon-leaders">Leaked memo shows Amazon Music’s senior leadership didn’t want to go along with Amazon’s plan to manage out the bottom 6% of their workforce.</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211210-040943/ Fri, 10 Dec 2021 04:09:42 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211210-040943/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/prototyping-a-sql-server-front-end-gui/">Learn how to build a prototype application using Retool with SQL Server for your data store, and how to perform CRUD operations against it.</a><br> https://www.whatsupup.com/blog/traveling/splay/20211210-002030/ Fri, 10 Dec 2021 00:20:30 +0000 https://www.whatsupup.com/blog/traveling/splay/20211210-002030/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/09/science/dont-look-up-movie.html">Out There How Do You Tell the World That Doomsday Has Arrived? A new film about a killer comet revives memories of a nail-biting night in The Times newsroom two decades ago. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211210-001903/ Fri, 10 Dec 2021 00:19:02 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211210-001903/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/australia-cyber/ransomware-attack-on-australian-utility-claimed-by-russian-speaking-criminals-idUSKBN2IO00J">Ransomware attack on Australian utility claimed by Russian-speaking criminals</a><br></p> <hr> SAN FRANCISCO One of the most prolific Russian-speaking ransomware gangs has claimed credit for a weekend attack on an Australian electric utility serving millions of people.<br> https://www.whatsupup.com/blog/phonic/shopboy/20211210-001307/ Fri, 10 Dec 2021 00:13:06 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211210-001307/ benahorowitz.eth <a rel="noreferrer" target="_blank" href="https://twitter.com/bhorowitz">@bhorowitz</a><br> I am happy to hear that Bloomberg Business week thinks running a 300 person firm, sitting on 11 boards and working 80 hours/week is light work. Those people must work really hard! <a rel="noreferrer" target="_blank" href="https://t.co/nHDMJmSAnY"><a href="https://t.co/nHDMJmSAnY">https://t.co/nHDMJmSAnY</a></a><br> My work calendar and todo list are startled to hear this. <a rel="noreferrer" target="_blank" href="https://t.co/CdlOUmrk7S"><a href="https://t.co/CdlOUmrk7S">https://t.co/CdlOUmrk7S</a></a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20211209-202357/ Thu, 09 Dec 2021 20:23:57 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20211209-202357/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/12/pay-hacker-save-life">How to Fix the Internet Podcast: Pay a Hacker, Save a Life</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20211209-202355/ Thu, 09 Dec 2021 20:23:55 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20211209-202355/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/12/pay-hacker-save-life">How to Fix the Internet Podcast: Pay a Hacker, Save a Life</a><br> https://www.whatsupup.com/blog/lienholder/alcoholism/20211209-202123/ Thu, 09 Dec 2021 20:21:23 +0000 https://www.whatsupup.com/blog/lienholder/alcoholism/20211209-202123/ Yesterday, <a rel="noreferrer" target="_blank" href="https://adventofcode.com/2021">Advent of Code</a> had <a rel="noreferrer" target="_blank" href="https://adventofcode.com/2021/day/6">an interesting problem</a> : modeling the growth rate of lanternfish. Read the link for the full details, but the core algorithm is this:<br> Each day, a 0 becomes a 6 and adds a new 8 to the end of the list, while each other number decreases by 1 if it was present at the start of the day.<br> For part 1, you need to compute the total number of lanternfish after 80 days, and for part 2 after 256 days. While the first part is possible with a native list based version (around 300k), the second part yields over 1.6 trillion for my input, so storing every lanternfish on its own is infeasible.<br> Luckily, with a bit of thinking we quickly realize that the position and order of the lanternfish is irrelevant and we can thus just count how many at each age we have and sum them up at the end for the answer.<br> I decided to tackle this problem using the array language <a rel="noreferrer" target="_blank" href="https://mlochbaum.github.io/BQN/">BQN</a> and will try to explain how it works.<br> First, let’s convert the sample input data into a histogram: For reasons that will be obvious in a minute, we compare each input element with the list of numbers from 0 to 8 (<br> ↕9<br> input ← ⟨3,4,3,1,2⟩ input =⌜ ↕9 ┌─ ╵ 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 ┘<br> If we sum this table by column now, we have a count which age appears how often (note that ages over 8 never happen):<br> d ← +˝ input =⌜ ↕9 ⟨ 0 1 1 2 1 0 0 0 0 ⟩<br> Next, we need to figure out what happens in a step. We can model one part (number decreases by 1, or becomes 8 when it was 0) by rotating (<br> ⌽<br> ) the array to the left:<br> 1 ⌽ d ⟨ 1 1 2 1 0 0 0 0 0 ⟩ 2 ⌽ d ⟨ 1 2 1 0 0 0 0 0 1 ⟩<br> But we also need to add the first element to column 6, e.g. by adding an appropriately scaled vector. First, the vector, which we get by taking the numbers of 0 to 8 and comparing them to 6:<br> 6=↕9 ⟨ 0 0 0 0 0 0 1 0 0 ⟩<br> Now we can scale this vector by the first element (<br> ⊑<br> (6=↕9) × ⊑ ⟨9,8,7,6,5,4,3,2,1⟩ ⟨ 0 0 0 0 0 0 9 0 0 ⟩<br> Finally, we put both things together. We can use a hook if we bind (<br> ⊸<br> ) the argument of the rotation to the operator:<br> Step ← 1⊸⌽ + (6=↕9)×⊑<br> Now, we simply need to repeat (<br> ⍟<br> ) this step 80 (resp. 256) times and count up the results to solve the puzzle!<br> +´ Step⍟80 d 5934 +´ Step⍟256 d 26984457539<br> This agrees with the provided example.<br> Of course, computing 256 steps is very fast, but we can wonder if there is not a more efficient solution. Let’s say we wanted to compute many lanternfish populations quickly.<br> The key realization is that<br> Step<br> is a linear function, which means:<br> (n × Step v) ≡ (Step n × v) (Step v) + (Step w) ≡ (Step v + w)<br> We can thus compute<br> for every basis vector of our 9-dimensional histogram space; let’s take the unit vectors here:<br> step256 ← {+´Step⍟256 𝕩}˘ =⌜˜↕9 ⟨ 6703087164 6206821033 5617089148 5217223242 4726100874 4368232009 3989468462 3649885552 3369186778 ⟩<br> And now we can solve part 2 for any input by using a dot-product (pairwise multiplication followed by addition):<br> step256 +´∘× d 26984457539<br> This yields the same result as above, but only does 9 multiplications and 9 additions.<br> We can also compute<br> step256<br> faster by using a bit of matrix theory. Since we know the operation of<br> step<br> on the basis vectors, we can compute the matrix<br> m<br> corresponding to this linear operator:<br> m ← Step˘ =⌜˜↕9 ┌─ ╵ 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 ┘<br> Note how we just applied<br> for every column of the identity matrix.<br> We can solve the problem the same way now by computing the 256th power of the matrix and multiplying it to the histogram vector and summing up again.<br> First, we need the matrix product:<br> MP ← +˝∘×⎉1‿∞<br> Naively, we can compute the power like this (we already have<br> to the power of 1!):<br> m256 ← m MP⍟255 m<br> Now multiply<br> d<br> to it, and sum up:<br> +´ m256 +˝∘× d 26984457539<br> Note that<br> is just the sum of rows, so we can precompute that:<br> step256 ≡ +˝˘ m256 1<br> If you paid attention, you may now wonder why we replaced 256 row operations with 255 matrix multiplications and claim it’s faster to compute. We need an additional trick: fast matrix exponentiation. Instead of 255 matrix multiplications we just need 8 matrix squarings with itself to compute the 256th power:<br> m256 ≡ MP˜⍟8 m 1<br> This yields an asymptotically faster algorithm to compute the<br> vector for higher powers. For non-powers of two you need to implement a square-and-multiply algorithm, or <a rel="noreferrer" target="_blank" href="http://wwwhomes.uni-bielefeld.de/achim/addition_chain.html">look up the optimal result</a> . This is left as an exercise to the reader.<br> For day 80 we can use only 7 matrix multiplications:<br> (MP˜⍟4 (m MP MP˜⍟2 m)) ≡ (m MP⍟79 m) 1<br> In theory, you could optimize this even further and compute a closed form from the eigenvectors of<br> , but you’ll end up with nonic roots and I have not found a way to compute them precise enough to be useful. So let’s leave it at that for now.<br> NP: Slade—My Oh My<br> https://www.whatsupup.com/blog/sited/implore/20211209-201757/ Thu, 09 Dec 2021 20:17:56 +0000 https://www.whatsupup.com/blog/sited/implore/20211209-201757/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/08/technology/adam-mosseri-instagram-senate.html">Lawmakers urge the head of Instagram to better protect children. Adam Mosseri, the company’s leader, was asked to appear before a Senate panel after internal research leaked that said the app had a toxic effect on some teenagers. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20211209-201731/ Thu, 09 Dec 2021 20:17:31 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211209-201731/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-03620-1">The $11-billion Webb telescope aims to probe the early Universe</a><br></p> <hr> Three decades after it was conceived, Hubble’s successor is set for launch. Here’s why astronomers around the world can’t wait.<br> https://www.whatsupup.com/blog/boxed/modification/20211209-201534/ Thu, 09 Dec 2021 20:15:34 +0000 https://www.whatsupup.com/blog/boxed/modification/20211209-201534/ namespace __cpo<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#hidden-friend-idiom">hidden-friend-idiom</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#library-design">library-design</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#llvm">llvm</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#ranges">ranges</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#war-stories">war-stories</a><br> Eventually I’ll write up a full “libc++ beginner’s guide to writing niebloids.” For now, this is just a quick note to explain one particular quirk. The shape of a libc++ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2019/08/02/the-tough-guide-to-cpp-acronyms/#cpo">niebloid and/or CPO</a> is:<br> namespace std::ranges { namespace __iter_swap { struct __fn { auto operator()(~~~) const { ~~~ } }; } inline namespace __cpo { inline constexpr auto iter_swap = __iter_swap::__fn{}; } }<br> Why do we have that extra<br> inline namespace __cpo<br> ?<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#argument-dependent-lookup">argument-dependent-lookup</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#hidden-friend-idiom">hidden-friend-idiom</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#c++-style">c++-style</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#operator-spaceship">operator-spaceship</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#stl-classic">stl-classic</a><br> https://www.whatsupup.com/blog/glooming/wrackful/20211209-200833/ Thu, 09 Dec 2021 20:08:31 +0000 https://www.whatsupup.com/blog/glooming/wrackful/20211209-200833/ <a rel="noreferrer" target="_blank" href="https://robertheaton.com/theyll-have-to-do/">I wouldn't call my friends strong male role models but they'll have to do</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211209-200652/ Thu, 09 Dec 2021 20:06:51 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211209-200652/ A 31-year-old Canadian man has been arrested and charged with fraud in connection with numerous ransomware attacks against businesses, government agencies and private citizens throughout Canada and the United States. Canadian authorities describe him as “the most prolific cybercriminal we’ve identified in Canada,” but so far they’ve released few other details about the investigation or the defendant. Helpfully, an email address and nickname apparently connected to the accused offer some additional clues.<br> Matthew Philbert, in 2016.<br> Matthew Philbert of Ottawa, Ontario was charged with fraud and conspiracy in a joint law enforcement action by Canadian and U.S. authorities dubbed “Project CODA.” The Ontario Provincial Police (OPP) on Tuesday <a rel="noreferrer" target="_blank" href="https://twitter.com/OPP_News/status/1468294251867824129">said</a> the investigation began in January 2020 when the U.S. Federal Bureau of Investigation (FBI) contacted them regarding ransomware attacks that were based in Canada.<br> “During the course of this investigation, OPP investigators determined an individual was responsible for numerous ransomware attacks affecting businesses, government agencies and private individuals throughout Canada as well as cyber-related offenses in the United States,” reads an OPP statement.<br> “A quantity of evidentiary materials was seized and held for investigation, including desktop and laptop computers, a tablet, several hard drives, cellphones, a Bitcoin seed phrase and a quantity of blank cards with magnetic stripes,” the statement continues.<br> The <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2021/12/PhilbertIndictment.pdf">U.S. indictment of Philbert</a> (PDF) is unusually sparse, but it does charge him with conspiracy, suggesting the defendant was part of a group. In an interview with KrebsOnSecurity, OPP Detective Inspector Matt Watson declined to say whether other defendants were being sought in connection with the investigation, but said the inquiry is ongoing.<br> “I will say this, Philbert is the most prolific cybercriminal we’ve identified to date in Canada,” Watson said. “We’ve identified in excess of a thousand of his victims. And a lot of these were small businesses that were just holding on by their fingernails during COVID.”<br> A DARK CLOUD<br> There is a now-dormant Myspace account for a Matthew Philbert from Orleans, a suburb of Ottawa, Ontario. The information tied to the Myspace account matches the age and town of the defendant. The Myspace account was registered under the nickname “ Darkcloudowner ,” and to the email address <a href="mailto:dark_cl0ud6@hotmail.com">dark_cl0ud6@hotmail.com</a> .<br> A search in <a rel="noreferrer" target="_blank" href="https://www.domaintools.com">DomainTools</a> on that email address reveals multiple domains registered to a Matthew Philbert and to the Ottawa phone number 6138999251 [DomainTools is a frequent advertiser on this site]. That same phone number is tied to a Facebook account for a 31-year-old Matthew Philbert from Orleans, who describes himself as a self-employed “broke bitcoin baron.”<br> Mr. Philbert did not respond to multiple requests for comment.<br> According to cyber intelligence firm <a rel="noreferrer" target="_blank" href="https://www.intel471.com">Intel 471</a> , that <a href="mailto:dark_cl0ud6@hotmail.com">dark_cl0ud6@hotmail.com</a> address has been used in conjunction with the handle “ DCReavers2 ” to register user accounts on a half-dozen English-language cybercrime forums since 2008, including <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=hackforums">Hackforums</a> , Blackhatworld, and Ghostmarket.<br> Perhaps the earliest and most important cybercrime forum DCReavers2 frequented was Darkode , where he was among the first two-dozen members. Darkode was <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2015/07/the-darkode-cybercrime-forum-up-close/">taken down in 2015 as part of an FBI investigation sting operation</a> , but screenshots of the community saved by this author show that DCReavers2 was already well known to the Darkode founders when his membership to the forum was accepted in May 2009.<br> DCReavers2 was just the 22nd account to register on the Darkode cybercrime forum.<br> Most of DCReavers’s posts on Darkode appear to have been removed by forum administrators early on (likely at DCReavers’ request), but the handful of posts that survived the purge show that more than a decade ago DCReavers2 was involved in running botnets, or large collections of hacked computers.<br> “My exploit pack is hosted there with 0 problems,” DCReaver2 <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2021/12/dcreavers2-dk.png">says</a> of a shady online provider that another member asked about in May 2010. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/12/canada-charges-its-most-prolific-cybercriminal/#more-57819">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/12/canada-charges-its-most-prolific-cybercriminal/">Canada Charges Its “Most Prolific Cybercriminal”</a><br> https://www.whatsupup.com/blog/sited/implore/20211207-121710/ Tue, 07 Dec 2021 12:17:10 +0000 https://www.whatsupup.com/blog/sited/implore/20211207-121710/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/07/technology/instagram-parental-controls.html">Instagram says parental controls will arrive in March. Adam Mosseri, the head of the company, is expected to face questions from lawmakers this week about whether social media harms children. By David McCabe</a><br> https://www.whatsupup.com/blog/sited/implore/20211207-081852/ Tue, 07 Dec 2021 08:18:52 +0000 https://www.whatsupup.com/blog/sited/implore/20211207-081852/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/07/technology/instagram-parental-controls.html">Instagram Says Parental Controls Will Arrive in March Adam Mosseri, the head of the company, is expected to face questions from lawmakers this week about whether social media harms children. By David McCabe</a><br> https://www.whatsupup.com/blog/traveling/splay/20211207-002146/ Tue, 07 Dec 2021 00:21:46 +0000 https://www.whatsupup.com/blog/traveling/splay/20211207-002146/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/11/27/espanol/telescopio-hubble.html">Out There ¿Quieres saber cómo está el clima en otros planetas? El telescopio Hubble lo informa El ojo previsor de la nave espacial vuelve a posar su mirada en Júpiter, Saturno, Urano y Neptuno. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/boxed/modification/20211206-201418/ Mon, 06 Dec 2021 20:14:18 +0000 https://www.whatsupup.com/blog/boxed/modification/20211206-201418/ types are boolean-testable<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#c++-style">c++-style</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#ranges">ranges</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#today-i-learned">today-i-learned</a><br> Today I learned: <a rel="noreferrer" target="_blank" href="https://eel.is/c++draft/view.interface.general">std::ranges::view_interface</a> provides an<br> explicit operator bool<br> . When you have a view type from the Ranges STL (such as<br> std::ranges::subrange<br> ), you can branch on its boolean value: empty ranges are falsey and everything else is truthy.<br> https://www.whatsupup.com/blog/emphysema/mesalliance/20211206-162342/ Mon, 06 Dec 2021 16:23:42 +0000 https://www.whatsupup.com/blog/emphysema/mesalliance/20211206-162342/ 2020-05-21 :: <a rel="noreferrer" target="_blank" href="https://intuitiveexplanations.com/kalyn">Kalyn: a self-hosting compiler for x86-64</a><br> 2021-07-13 :: <a rel="noreferrer" target="_blank" href="https://intuitiveexplanations.com/replit/">How Replit used legal threats to kill my open-source project</a><br> 2021-12-06 :: <a rel="noreferrer" target="_blank" href="https://intuitiveexplanations.com/messenger">Reverse engineering the Facebook Messenger API</a><br> https://www.whatsupup.com/blog/gaper/whisky/20211206-162036/ Mon, 06 Dec 2021 16:20:35 +0000 https://www.whatsupup.com/blog/gaper/whisky/20211206-162036/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/12/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/">WebAssembly and Back Again: Fine-Grained Sandboxing in Firefox 95 →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/12/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/">WebAssembly and Back Again: Fine-Grained Sandboxing in Firefox 95</a><br> <hr> In Firefox 95, we're shipping a novel sandboxing technology called RLBox — developed in collaboration with researchers at the University of California San Diego and the University of Texas — that makes it easy and efficient to isolate subcomponents to make the browser more secure. This technology opens up new opportunities beyond what's been possible with traditional process-based sandboxing, and we look forward to expanding its usage and (hopefully) seeing it adopted in other browsers and software projects.<br> https://www.whatsupup.com/blog/buckeroo/doubling/20211205-161804/ Sun, 05 Dec 2021 16:18:04 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211205-161804/ December 5, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/12/05/How-new-Linux-users-succeed.html">How new Linux users can increase their odds of success</a><br> December 5, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/12/05/What-desktop-Linux-needs.html">What desktop Linux needs to succeed in the mainstream</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211204-041753/ Sat, 04 Dec 2021 04:17:53 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211204-041753/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/cyber-apple-usa-nsogroup-exclusive/u-s-state-department-phones-hacked-with-israeli-company-spyware-sources-idUSKBN2II1OW">U.S. State Department phones hacked with Israeli company spyware - sources</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211204-000701/ Sat, 04 Dec 2021 00:07:00 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211204-000701/ Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “ Babam ,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years.<br> Since the beginning of 2020, Babam has set up numerous auctions on the Russian-language cybercrime forum Exploit , mainly selling virtual private networking (VPN) credentials stolen from various companies. Babam has authored more than 270 posts since joining Exploit in 2015, including dozens of sales threads. However, none of Babam’s posts on Exploit include any personal information or clues about his identity.<br> But in February 2016, Babam joined Verified , another Russian-language crime forum. Verified was hacked at least twice in the past five years, and its user database posted online. That information shows that Babam joined Verified using the email address “ <a href="mailto:operns@gmail.com">operns@gmail.com</a> .” The latest Verified leak also exposed private messages exchanged by forum members, including more than 800 private messages that Babam sent or received on the forum over the years.<br> In early 2017, Babam confided to another Verified user via private message that he is from Lithuania. In virtually all of his forum posts and private messages, Babam can be seen communicating in transliterated Russian rather than by using the Cyrillic alphabet. This is common among cybercriminal actors for whom Russian is not their native tongue.<br> Cyber intelligence platform <a rel="noreferrer" target="_blank" href="https://www.constellaintelligence.com">Constella Intelligence</a> told KrebsOnSecurity that the <a href="mailto:operns@gmail.com">operns@gmail.com</a> address was used in 2016 to register an account at filmai.in , which is a movie streaming service catering to Lithuanian speakers. The username associated with that account was “ bo3dom .”<br> A reverse WHOIS search via <a rel="noreferrer" target="_blank" href="https://www.domaintools.com">DomainTools.com</a> says <a href="mailto:operns@gmail.com">operns@gmail.com</a> was used to register two domain names: bonnjoeder[.]com back in 2011, and sanjulianhotels[.]com (2017). It’s unclear whether these domains ever were online, but the street address on both records was “ 24 Brondeg St. ” in the United Kingdom. [Full disclosure: DomainTools is a frequent advertiser on this website.]<br> A reverse search at DomainTools on “24 Brondeg St.” reveals one other domain: wwwecardone[.]com . The use of domains that begin with “www” is fairly common among phishers, and by passive “ <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2018/04/dot-cm-typosquatting-sites-visited-12m-times-so-far-in-2018/">typosquatting</a> ” sites that seek to siphon credentials from legitimate websites when people mistype a domain, such as accidentally omitting the “.” after typing “www”.<br> A banner from the homepage of the Russian language cybercrime forum Verified.<br> Searching DomainTools for the phone number in the WHOIS records for wwwecardone[.]com  — +44.0774829141 — leads to a handful of similar typosquatting domains, including wwwebuygold[.]com and wwwpexpay[.]com . A different UK phone number in a more recent record for the wwwebuygold[.]com domain — 44.0472882112 — is tied to two more domains – howtounlockiphonefree[.]com , and portalsagepay[.]com . All of these domains date back to between 2012 and 2013.<br> The original registration records for the iPhone, Sagepay and Gold domains share an email address: <a href="mailto:devrian26@gmail.com">devrian26@gmail.com</a> . A search on the username “bo3dom” using Constella’s service reveals an account at ipmart-forum.com , a now-defunct forum concerned with IT products, such as mobile devices, computers and online gaming. That search shows the user bo3dom registered at ipmart-forum.com with the email address <a href="mailto:devrian27@gmail.com">devrian27@gmail.com</a> , and from an Internet address in Vilnius, Lithuania.<br> <a href="mailto:Devrian27@gmail.com">Devrian27@gmail.com</a> was used to register multiple domains, including wwwsuperchange.ru back in 2008 (notice again the suspect “www” as part of the domain name). Gmail’s password recovery function says the backup email address for <a href="mailto:devrian27@gmail.com">devrian27@gmail.com</a> is <a href="mailto:bo3*******@gmail.com">bo3*******@gmail.com</a> . Gmail accepts the address <a href="mailto:bo3domster@gmail.com">bo3domster@gmail.com</a> as the recovery email for that devrian27 account.<br> According to Constella, the <a href="mailto:bo3domster@gmail.com">bo3domster@gmail.com</a> address was exposed in multiple data breaches over the years, and in each case it used one of two passwords: “ lebeda1 ” and “ a123456 “.<br> Searching in Constella for accounts using those passwords reveals a slew of additional “bo3dom” email addresses, including <a href="mailto:bo3dom@gmail.com">bo3dom@gmail.com</a> .  Pivoting on that address in Constella reveals that someone with the name Vytautas Mockus used it to register an account at mindjolt.com, a site featuring dozens of simple puzzle games that visitors can play online.<br> At some point, mindjolt.com apparently also was hacked, because a copy of its database at Constella says the <a href="mailto:bo3dom@gmail.com">bo3dom@gmail.com</a> used two passwords at that site: lebeda1 and a123456.<br> A reverse WHOIS search on “Vytautas Mockus” at DomainTools shows the email address <a href="mailto:devrian25@gmail.com">devrian25@gmail.com</a> was used in 2010 to register the domain name perfectmoney[.]co . This is one character off of <a rel="noreferrer" target="_blank" href="https://en.bitcoin.it/wiki/Perfect_Money">perfectmoney[.]com</a> , which is an early virtual currency that was quite popular with cybercriminals at the time. The phone number tied to that domain registration was “ 86.7273687 “.<br> A Google search for “Vytautas Mockus” says there’s a person by that name who runs a mobile food service company in Lithuania called “ Palvisa .” A <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2021/12/302610044-2559-e71f3.pdf">report on Palvisa</a> (PDF) purchased from Rekvizitai.vz — an official online directory of Lithuanian companies — says Palvisa was established in 2011 by a Vytautaus Mockus, using the phone number 86.7273687 , and the email address <a href="mailto:bo3dom@gmail.com">bo3dom@gmail.com</a>. The report states that Palvisa is active, but has had no employees other than its founder.<br> Reached via the <a href="mailto:bo3dom@gmail.com">bo3dom@gmail.com</a> address, the 36-year-old Mr. Mockus expressed mystification as to how his personal information wound up in so many records. “I am not involved in any crime,” Mockus wrote in reply.<br> A rough mind map of the connections mentioned in this story.<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/12/who-is-the-network-access-broker-babam/">Who Is the Network Access Broker ‘Babam’?</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211203-201812/ Fri, 03 Dec 2021 20:18:12 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211203-201812/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/cyber-apple-usa-nsogroup-exclusive/exclusive-u-s-state-department-phones-hacked-with-israeli-company-spyware-sources-idUSKBN2II1OW">Exclusive-U.S. State Department phones hacked with Israeli company spyware - sources</a><br></p> <hr> 11:45am EST<br> WASHINGTON/SAN FRANCISCO Apple Inc iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter.<br> https://www.whatsupup.com/blog/overgrazing/propellent/20211203-201723/ Fri, 03 Dec 2021 20:17:22 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211203-201723/ By Alex Kantrowitz · Launched 2 years ago<br> https://www.whatsupup.com/blog/effete/washstand/20211203-082209/ Fri, 03 Dec 2021 08:22:09 +0000 https://www.whatsupup.com/blog/effete/washstand/20211203-082209/ <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-evaluate-a-3rd-party-restful-api-47/">How to evaluate a 3rd party RESTful API? Nov. 26, 2021 · 1, To build or to buy? 2, Can this API provide features you need? 3, Is this API both stable and scalable? 4, How easily can you talk to a real human employee of the API vendor? Read more…</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211203-080927/ Fri, 03 Dec 2021 08:09:27 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211203-080927/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/typescript-control-flow-analysis-best-of/">Getting strong types and better type inference in TypeScript doesn’t necessarily require advanced types and <code>as</code> usages everywhere. Here are some simple type construction patterns, code writing habits, and compiler options to improve your application’s type inference without increasing complexity.</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211203-041736/ Fri, 03 Dec 2021 04:17:35 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211203-041736/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-internet-was-once-flat-no-longer">The Internet Was Once Flat. No Longer.</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-internet-was-once-flat-no-longer">Instead of one big community, the web is a community of communities that often don’t overlap.</a><br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/five-ways-china-is-trying-to-unaddict">Five Ways China Is Trying To Unaddict Kids From Social Media</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/five-ways-china-is-trying-to-unaddict">Blackout hours, educational content, time limits, and interspersed pauses. This is how China is attempting to mitigate social media addiction, especial…</a><br> https://www.whatsupup.com/blog/sited/implore/20211203-001755/ Fri, 03 Dec 2021 00:17:55 +0000 https://www.whatsupup.com/blog/sited/implore/20211203-001755/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/12/02/technology/ftc-nvidia-arm-deal.html">F.T.C. Sues to Stop Blockbuster Chip Deal Between Nvidia and Arm The proposed deal would give Nvidia control over computing technology and designs that rival firms rely on. By Cecilia Kang and Don Clark</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20211203-001710/ Fri, 03 Dec 2021 00:17:10 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211203-001710/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-03587-z">This tiny iron-rich world is extraordinarily metal</a><br></p> <hr> The discovery of GJ 367b, which orbits its star in about 8 hours, demonstrates astronomers’ prowess at finding extreme planets.<br> https://www.whatsupup.com/blog/ideo/fleury/20211203-000712/ Fri, 03 Dec 2021 00:07:12 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211203-000712/ In January 2021, technology vendor <a rel="noreferrer" target="_blank" href="https://www.ui.com/">Ubiquiti Inc.</a> [NYSE:UI] disclosed that a breach at a third party cloud provider had exposed customer account credentials. In March, a Ubiquiti employee <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/">warned</a> that the company had drastically understated the scope of the incident, and that the third-party cloud provider claim was a fabrication. On Wednesday, a former Ubiquiti developer was arrested and charged with stealing data and trying to extort his employer while pretending to be a whistleblower.<br> Federal prosecutors say Nickolas Sharp , a senior developer at Ubiquiti, actually caused the “breach” that forced Ubiquiti to disclose a cybersecurity incident in January. They allege that in late December 2020, Sharp applied for a job at another technology company, and then abused his privileged access to Ubiquiti’s systems at Amazon’s AWS cloud service and the company’s GitHub accounts to download large amounts of proprietary data.<br> Sharp’s indictment doesn’t specify how much data he allegedly downloaded, but it says some of the downloads took hours, and that he cloned approximately 155 Ubiquiti data repositories via multiple downloads over nearly two weeks.<br> On Dec. 28, other Ubiquiti employees spotted the unusual downloads, which had leveraged internal company credentials and a Surfshark VPN connection to hide the downloader’s true Internet address. Assuming an external attacker had breached its security, Ubiquiti quickly launched an investigation.<br> But Sharp was a member of the team doing the forensic investigation, the indictment alleges.<br> “At the time the defendant was part of a team working to assess the scope and damage caused by the incident and remediate its effects, all while concealing his role in committing the incident,” wrote prosecutors with the Southern District of New York.<br> According to the indictment, on January 7 a senior Ubiquiti employee received a ransom email. The message was sent through an IP address associated with the same Surfshark VPN. The ransom message warned that internal Ubiquiti data had been stolen, and that the information would not be used or published online as long as Ubiquiti agreed to pay 25 Bitcoin.<br> The ransom email also offered to identify a purportedly still unblocked “backdoor” used by the attacker for the sum of another 25 Bitcoin (the total amount requested was equivalent to approximately $1.9 million at the time). Ubiquiti did not pay the ransom demands.<br> Investigators say they were able to tie the downloads to Sharp and his work-issued laptop because his Internet connection briefly failed on several occasions while he was downloading the Ubiquiti data. Those outages were enough to prevent Sharp’s Surfshark VPN connection from functioning properly — thus exposing his Internet address as the source of the downloads. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/12/ubiquiti-developer-charged-with-extortion-causing-2020-breach/#more-57755">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/12/ubiquiti-developer-charged-with-extortion-causing-2020-breach/">Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20211202-201606/ Thu, 02 Dec 2021 20:16:06 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20211202-201606/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/12/exploring-container-security-storage.html">Exploring Container Security: A Storage Vulnerability Deep Dive</a><br></p> <hr> Posted by Fabricio Voznika and Mauricio Poppe, Google Cloud Kubernetes Security is constantly evolving - keeping pace with enhanced functionality, usability and flexibility while also balancing the security needs of a wide and diverse set of use-cases. Recently, the GKE Security team discovered a <a rel="noreferrer" target="_blank" href="https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2021-018">high severity vulnerability</a> that allowed workloads to have access to parts of the host filesystem outside the mounted volumes boundaries. Although the vulnerability was patched back in September we thought it would be beneficial to write up a more in-depth analysis of the issue to share with the community. We assessed the impact of the vulnerability as described in <a rel="noreferrer" target="_blank" href="https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-vulnerability-management-in-open-source-kubernetes">vulnerability management in open-source Kubernetes</a> and worked closely with the GKE Storage team and <a rel="noreferrer" target="_blank" href="https://github.com/kubernetes/committee-security-response">the Kubernetes Security Response Committee</a> to find a fix. In this post we’ll give some background on how the subpath storage system works, an overview of the vulnerability, the steps to find the root cause and the fix, and finally some recommendations for GKE and Anthos users. Kubernetes Filesystems: Intro to Volume Subpath The vulnerability, <a rel="noreferrer" target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25741">CVE-2021-25741,</a> was caused by a race condition during the creation of a subpath bind mount <a rel="noreferrer" target="_blank" href="https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath">inside a container, and</a> allowed an attacker to gain unauthorized access to the underlying node filesystem and its sensitive files. We’ll describe how that system is supposed to work, and then talk about the vulnerability. The <a rel="noreferrer" target="_blank" href="https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath">volume subpath</a> feature in Kubernetes enables sharing a volume in multiple containers inside a pod. For example, we could create a Pod with an InitContainer that creates directories with pre-populated data in a mounted filesystem volume. These directories can then be used by containers in the same Pod by mounting the same volume and optionally specifying a subpath field to limit what's visible inside the container. While there are some great use cases for this feature, it’s an area that has had vulnerabilities discovered in the past. The kubelet must be extra cautious when handling user-owned subpaths because it operates with privileges in the host. One vulnerability that has been previously discovered involved the creation of a malicious workload where an InitContainer would create a symlink pointing to any location in the host. For example, the InitContainer could mount a volume in /mnt and create a symlink /mnt/attack inside the container pointing to /etc. Later in the Pod lifecycle, another container would attempt to mount the same volume with subpath attack. While preparing the volumes for the container, the kubelet would end up following the symlink to the host’s /etc instead of the container’s /etc, unknowingly exposing the host filesystem to the container. <a rel="noreferrer" target="_blank" href="https://kubernetes.io/blog/2018/04/04/fixing-subpath-volume-vulnerability/">A previous fix</a> made sure that the subpath mount location is resolved and validated to point to a location inside the base volume and that it's not changeable by the user in between the time the path was validated and when the container runtime bind mounts it. This race condition is known as <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use">time of check to time of use (TOCTOU)</a> where the subject being validated changes after it has been validated. These validations and others are summarized in the following container lifecycle sequence diagram. Volume subpath validations before the container startup A New TOCTOU Vulnerability: CVE-2021-25741 The latest vulnerability was discovered by performing a symlink attack similar to the one explained above, with the difference being that it constantly swapped the symlink with a directory in a tight loop, using the RENAME_EXCHANGE option with <a rel="noreferrer" target="_blank" href="https://man7.org/linux/man-pages/man2/rename.2.html">renameat(2)</a> . If the timing is just right, the kubelet will see the path as a directory and pass the validation check. Then the mount utility may find that the path is a symlink pointing to the host and follow it, exposing the host filesystem to the container. This is visualized in the following diagram:<br> The expectation and the attack outcome<br> The GKE Security and Storage teams worked closely to revise the fix done previously to find a solution. The previous fix takes several steps to ensure that the directory being mounted is safely opened and validated. After the file is opened and validated, the kubelet uses the magic-link path under /proc/[pid]/fd directory for all subsequent operations to ensure the file remains unchanged. However, we found out that all of the efforts were undone by the <a rel="noreferrer" target="_blank" href="https://man7.org/linux/man-pages/man8/mount.8.html">mount(8)</a> linux utility which was dereferencing the procfs magic-link by default. Once the problem was understood, the fix involved making sure that the mount utility doesn't dereference the magic-links by using the --no-canonicalize flag in the mount command. The fix is in<br> Once the problem was well understood, we fixed it inside Kubernetes and quickly <a rel="noreferrer" target="_blank" href="https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2021-018">released the fix to GKE and Anthos</a> . If GKE auto-upgrade is enabled in your clusters there's no action on your part for this vulnerability, your nodes have already been patched. We strongly recommend that customers utilize <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-upgrades">auto-upgrades</a> . Auto-upgrade gives peace of mind that your clusters are running with the latest patches. GKE released a <a rel="noreferrer" target="_blank" href="https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2021-018">Google Kubernetes Engine security bulletin</a> on this vulnerability, which detailed what customers can do to immediately remediate this issue across GKE and Anthos. We also provided guidance to customers who manually manage their node versions, ensuring that fixed releases were available in every region for our <a rel="noreferrer" target="_blank" href="https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels">Static and Release Channels</a> . Moving forward Google continues to invest heavily in the security of GKE and Kubernetes. We encourage users interested in finding vulnerabilities to participate in the <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2020/01/securing-open-source-how-google.html">Kubernetes bug bounty program</a> and in the <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2020/05/expanding-our-work-with-open-source.html">Google Vulnerability Rewards Program (VRP)</a> which was recently expanded to cover GKE vulnerabilities. For the latest guidance on security issues, please follow our <a rel="noreferrer" target="_blank" href="https://cloud.google.com/anthos/clusters/docs/security-bulletins">GKE Security Bulletins</a> .<br> https://www.whatsupup.com/blog/seer/hemisphere/20211202-161759/ Thu, 02 Dec 2021 16:17:58 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211202-161759/ We use cookies to make sure that our website works properly, as well as some ‘optional’ cookies to personalise content and advertising, provide social media features and analyse how people use our site. By accepting some or all optional cookies you give consent to the processing of your personal data, including transfer to third parties, some in countries outside of the European Economic Area that do not offer the same data protection standards as the country where you live. You can decide which optional cookies to accept by clicking on ‘Manage Settings’, where you can also find more information about how your personal data is processed. Further information can be found in our <a rel="noreferrer" target="_blank" href="https://www.nature.com/info/privacy">privacy policy</a> .<br> Manage Preferences<br> https://www.whatsupup.com/blog/spectrometry/obol/20211202-081705/ Thu, 02 Dec 2021 08:17:03 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20211202-081705/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html">This shouldn't have happened: A vulnerability post…</a> (Dec)<br> https://www.whatsupup.com/blog/phonic/shopboy/20211202-041304/ Thu, 02 Dec 2021 04:13:03 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211202-041304/ I'm discussing “Unfettered Conversation with Ken Griffin, CEO of Citadel” with @bhorowitz, @arampell, Ken Griffin, and a16z. Today, Dec 1 at 5:00 PM PST in @clubhouse. Join us! <a rel="noreferrer" target="_blank" href="https://t.co/Dd3yI7BKA8"><a href="https://t.co/Dd3yI7BKA8">https://t.co/Dd3yI7BKA8</a></a><br> https://www.whatsupup.com/blog/alamode/heartsore/20211202-001158/ Thu, 02 Dec 2021 00:11:58 +0000 https://www.whatsupup.com/blog/alamode/heartsore/20211202-001158/ <a rel="noreferrer" target="_blank" href="https://signal.org/blog/become-a-signal-sustainer/">Become a Signal Sustainer</a><br></p> <hr> Signal has no data to sell, no advertisers to sell it to, and no shareholders to benefit from such a sale. We’re building a different kind of tech – where your data stays in your hands – but we’re also building a different kind of tech organization . One without investors, quarterly earnings calls, or share price considerations. While the model for conventional tech companies incentivizes them to build products for your data rather than for you , Signal’s nonprofit structure is designed so that the only way value can accrue is in the experience of using the app; the only place it can accrue is in the hands of the people who use it.<br> https://www.whatsupup.com/blog/spectrometry/obol/20211201-201559/ Wed, 01 Dec 2021 20:15:58 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20211201-201559/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html">This shouldn't have happened: A vulnerability postmortem</a><br></p> <hr> Posted by Tavis Ormandy, Project Zero<br> This is an unusual blog post. I normally write posts to highlight some hidden attack surface or interesting complex vulnerability class. This time, I want to talk about a vulnerability that is neither of those things. The striking thing about this vulnerability is just how simple it is. This should have been caught earlier, and I want to explore why that didn’t happen.<br> In 2021, all good bugs need a catchy name, so I’m calling this one “BigSig”.<br> First, let’s take a look at the bug, I’ll explain how I found it and then try to understand why we missed it for so long.<br> Analysis<br> <a rel="noreferrer" target="_blank" href="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Overview">Network Security Services</a> (NSS) is Mozilla's widely used, cross-platform cryptography library. When you verify an ASN.1 encoded digital signature , NSS will create a <a rel="noreferrer" target="_blank" href="https://searchfox.org/mozilla-central/rev/f8576fec48d866c5f988baaf1fa8d2f8cce2a82f/security/nss/lib/cryptohi/secvfy.c#120">VFYContext</a> structure to store the necessary data. This includes things like the public key, the hash algorithm, and the signature itself.<br> struct VFYContextStr {<br> SECOidTag hashAlg; /* the hash algorithm */<br> SECKEYPublicKey *key;<br> union {<br> unsigned char buffer[1];<br> unsigned char dsasig[DSA_MAX_SIGNATURE_LEN];<br> unsigned char ecdsasig[2 * MAX_ECKEY_LEN];<br> unsigned char rsasig[(RSA_MAX_MODULUS_BITS + 7) / 8];<br> } u;<br> unsigned int pkcs1RSADigestInfoLen;<br> unsigned char *pkcs1RSADigestInfo;<br> void *wincx;<br> void *hashcx;<br> const SECHashObject * hashobj ;<br> SECOidTag encAlg; /* enc alg */<br> PRBool hasSignature;<br> SECItem *params;<br> Fig 1 . The VFYContext structure from NSS.<br> The maximum size signature that this structure can handle is whatever the largest union member is, in this case that’s RSA at <a rel="noreferrer" target="_blank" href="https://searchfox.org/mozilla-central/rev/f8576fec48d866c5f988baaf1fa8d2f8cce2a82f/security/nss/lib/freebl/blapit.h#139">2048 bytes</a> . That’s 16384 bits, large enough to accommodate signatures from even the most ridiculously oversized keys.<br> Okay, but what happens if you just....make a signature that’s bigger than that?<br> Well, it turns out the answer is memory corruption. Yes, really.<br> The untrusted signature is simply copied into this fixed-sized buffer, overwriting adjacent members with arbitrary attacker-controlled data.<br> The bug is simple to reproduce and affects multiple algorithms. The easiest to demonstrate is RSA-PSS. In fact, just these three commands work:<br> # We need 16384 bits to fill the buffer, then 32 + 64 + 64 + 64 bits to overflow to hashobj ,<br> # which contains function pointers (bigger would work too, but takes longer to generate).<br> $ openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:$((16384 + 32 + 64 + 64 + 64)) -pkeyopt rsa_keygen_primes:5 -out bigsig.key<br> # Generate a self-signed certificate from that key<br> $ openssl req -x509 -new -key bigsig.key -subj "/CN=BigSig" -sha256 -out bigsig.cer<br> # Verify it with NSS...<br> $ vfychain -a bigsig.cer<br> Segmentation fault<br> Fig 2 . Reproducing the BigSig vulnerability in three easy commands.<br> The actual code that does the corruption varies based on the algorithm; <a rel="noreferrer" target="_blank" href="https://searchfox.org/mozilla-central/rev/f8576fec48d866c5f988baaf1fa8d2f8cce2a82f/security/nss/lib/cryptohi/secvfy.c#477">here is the code</a> for RSA-PSS. The bug is that there is simply no bounds checking at all; sig and key are  arbitrary-length, attacker-controlled blobs, and cx->u is a fixed-size buffer.<br> case rsaPssKey :<br> sigLen = SECKEY_SignatureLen(key);<br> if (sigLen == 0) {<br> /* error set by SECKEY_SignatureLen */<br> rv = SECFailure;<br> if (sig->len != sigLen) {<br> PORT_SetError(SEC_ERROR_BAD_SIGNATURE);<br> PORT_Memcpy(cx->u.buffer, sig->data, sigLen);<br> Fig 3 . The signature size must match the size of the key, but there are no other limitations. cx->u is a fixed-size buffer, and sig is an arbitrary-length, attacker-controlled blob.<br> I think this vulnerability raises a few immediate questions:<br> Was this a recent code change or regression that hadn’t been around long enough to be discovered? No , the original code was <a rel="noreferrer" target="_blank" href="https://hg.mozilla.org/projects/nss/annotate/41f5eb9e5df23951883ba3243f3ae51550663d77/security/nss/lib/cryptohi/secvfy.c#l158">checked in</a> with ECC support on the 17th October 2003, but wasn't exploitable until some <a rel="noreferrer" target="_blank" href="https://hg.mozilla.org/projects/nss/diff/10393/security/nss/lib/cryptohi/seckey.c#l1.63">refactoring</a> in June 2012. In 2017, RSA-PSS support was <a rel="noreferrer" target="_blank" href="https://hg.mozilla.org/projects/nss/rev/84e886ea090e36c69df58a71665a97bd25c62d02">added</a> and made the same error.<br> Does this bug require a long time to generate a key that triggers the bug? No , the example above generates a real key and signature, but it can just be garbage as the overflow happens before the signature check. A few kilobytes of A ’s works just fine.<br> Does reaching the vulnerable code require some complicated state that fuzzers and static analyzers would have difficulty synthesizing, like hashes or checksums? No , it has to be well-formed DER, that’s about it.<br> Is this an uncommon code path? No , Firefox does not use this code path for RSA-PSS signatures, but the default entrypoint for certificate verification in NSS, CERT_VerifyCertificate(), is vulnerable.<br> Is it specific to the RSA-PSS algorithm? No , it also affects DSA signatures.<br> Is it unexploitable, or otherwise limited impact? No , the hashobj member can be clobbered. That object contains <a rel="noreferrer" target="_blank" href="https://searchfox.org/mozilla-central/rev/41a8c58186206985c0d70d3d460c04ac844d11d0/security/nss/lib/util/hasht.h#45">function pointers</a> , which are used immediately.<br> This wasn’t a process failure, the vendor did everything right . Mozilla has a mature, world-class security team. They pioneered <a rel="noreferrer" target="_blank" href="https://www.mozilla.org/en-US/security/bug-bounty/">bug bounties</a> , invest in <a rel="noreferrer" target="_blank" href="https://research.mozilla.org/rust/">memory safety</a> , fuzzing and <a rel="noreferrer" target="_blank" href="https://coverage.moz.tools/">test coverage</a> .<br> NSS was one of the very first projects included with <a rel="noreferrer" target="_blank" href="https://google.github.io/oss-fuzz/">oss-fuzz</a> , it was officially supported since at least <a rel="noreferrer" target="_blank" href="https://github.com/google/oss-fuzz/commit/3d325bf20f0b09961b6c7de34aa4da0d16cfa67d">October 2014</a> . Mozilla also fuzz NSS themselves with <a rel="noreferrer" target="_blank" href="https://llvm.org/docs/LibFuzzer.html">libFuzzer</a> , and have contributed their own <a rel="noreferrer" target="_blank" href="https://searchfox.org/mozilla-central/source/security/nss/fuzz/asn1_mutators.cc">mutator</a> collection and distilled <a rel="noreferrer" target="_blank" href="https://github.com/mozilla/nss-fuzzing-corpus">coverage corpus</a> . There is an extensive testsuite, and nightly <a rel="noreferrer" target="_blank" href="https://firefox-source-docs.mozilla.org/tools/sanitizer/asan.html">ASAN</a> builds.<br> I'm generally skeptical of static analysis, but this seems like a simple missing bounds check that should be easy to find. Coverity has been monitoring NSS since at least <a rel="noreferrer" target="_blank" href="https://scan.coverity.com/projects/nss">December 2008</a> , and also appears to have failed to discover this.<br> Until 2015, Google Chrome <a rel="noreferrer" target="_blank" href="https://chromium.googlesource.com/chromium/third_party/nss/+/refs/heads/master/README.chromium">used</a> NSS, and maintained their own testsuite and fuzzing infrastructure independent of Mozilla. Today, Chrome platforms use <a rel="noreferrer" target="_blank" href="https://boringssl.googlesource.com/boringssl/">BoringSSL</a> , but the NSS port is still maintained.<br> Did Mozilla have good test coverage for the vulnerable areas? <a rel="noreferrer" target="_blank" href="https://coverage.moz.tools/#revision=latest&path=security%2Fnss%2Flib%2Fcryptohi%2Fsecvfy.c&suite=gtest&view=file&line=201">YES</a> .<br> Did Mozilla/chrome/oss-fuzz have relevant inputs in their fuzz corpus? <a rel="noreferrer" target="_blank" href="https://storage.googleapis.com/oss-fuzz-coverage/nss/reports/20211027/linux/src/nss/lib/cryptohi/secvfy.c.html#L201">YES</a> .<br> Is there a mutator capable of extending ASN1_ITEM s? <a rel="noreferrer" target="_blank" href="https://codereview.chromium.org/1677803002/patch/180001/190008">YES</a> .<br> Is this an <a rel="noreferrer" target="_blank" href="https://github.com/google/sanitizers/wiki/AddressSanitizerIntraObjectOverflow">intra-object overflow</a> , or other form of corruption that ASAN would have difficulty detecting? NO, it's a textbook buffer overflow that ASAN can easily detect.<br> How did I find the bug?<br> I've been experimenting with alternative methods for measuring code coverage, to see if any have any practical use in fuzzing. The fuzzer that discovered this vulnerability used a combination of two approaches, stack coverage and object isolation.<br> Stack Coverage<br> The most common method of measuring code coverage is block coverage, or <a rel="noreferrer" target="_blank" href="https://clang.llvm.org/docs/SanitizerCoverage.html#edge-coverage">edge coverage</a> when source code is available. I’ve been curious if that is always sufficient. For example, consider a simple dispatch table with a combination of trusted and untrusted parameters, as in Fig 4 .<br> #include <stdio.h><br> #include <limits.h><br> static char buf [ 128 ] ;<br> void cmd_handler_foo ( int a , size_t b ) { memset ( buf , a , b ) ; }<br> void cmd_handler_bar ( int a , size_t b ) { cmd_handler_foo ( 'A' , sizeof buf ) ; }<br> void cmd_handler_baz ( int a , size_t b ) { cmd_handler_bar ( a , sizeof buf ) ; }<br> typedef void ( * dispatch_t )( int , size_t ) ;<br> dispatch_t handlers [ UCHAR_MAX ] = {<br> cmd_handler_foo ,<br> cmd_handler_bar ,<br> cmd_handler_baz ,<br> } ;<br> int main ( int argc , char ** argv )<br> int cmd ;<br> while (( cmd = getchar ()) != EOF ) {<br> if ( handlers [ cmd ]) {<br> handlers [ cmd ]( getchar () , getchar ()) ;<br> Fig 4. The coverage of command bar is a superset of command foo , so an input containing the latter would be discarded during corpus minimization. There is a vulnerability unreachable via command bar that might never be discovered. Stack coverage would correctly keep both inputs. <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com#ftnt1">[1]</a><br> To solve this problem, I’ve been experimenting with monitoring the call stack during execution.<br> The naive implementation is too slow to be practical, but after a lot of optimization I had come up with a library that was fast enough to be integrated into coverage-guided fuzzing, and was testing how it performed with NSS and other libraries.<br> Object Isolation<br> Many data types are constructed from smaller records. PNG files are made of chunks, PDF files are made of streams, ELF files are made of sections, and X.509 certificates are made of ASN.1 TLV items. If a fuzzer has some understanding of the underlying format, it can isolate these records and extract the one(s) causing some new stack trace to be found.<br> The fuzzer I was using is able to isolate and extract interesting new ASN.1 OIDs, SEQUENCEs, INTEGERs, and so on. Once extracted, it can then randomly combine or insert them into template data. This isn’t really a new idea, but is a new implementation. I'm planning to open source this code in the future.<br> Do these approaches work?<br> I wish that I could say that discovering this bug validates my ideas, but I’m not sure it does. I was doing some moderately novel fuzzing, but I see no reason this bug couldn’t have been found earlier with even rudimentary fuzzing techniques.<br> Lessons Learned<br> How did extensive, customized fuzzing with impressive coverage metrics fail to discover this bug?<br> What went wrong<br> Issue #1 Missing end-to-end testing .<br> NSS is a <a rel="noreferrer" target="_blank" href="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_API_Guidelines">modular</a> library. This layered design is reflected in the <a rel="noreferrer" target="_blank" href="https://searchfox.org/nss/source/fuzz/">fuzzing</a> approach, as each component is fuzzed independently. For example, the <a rel="noreferrer" target="_blank" href="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note1#how_to_use_the_nss_asn.1_and_quickder_decoders">QuickDER</a> decoder is tested <a rel="noreferrer" target="_blank" href="https://searchfox.org/nss/source/fuzz/quickder_target.cc">extensively</a> , but the fuzzer simply <a rel="noreferrer" target="_blank" href="https://searchfox.org/nss/rev/5f2fa238b58c9158a52c0681ca2a67958a353082/fuzz/quickder_target.cc#72">creates and discards</a> objects and never uses them.<br> extern "C" int LLVMFuzzerTestOneInput( const uint8_t *Data, size_t Size) {<br> char *dest[2048];<br> for ( auto tpl : templates) {<br> PORTCheapArenaPool pool;<br> SECItem buf = {siBuffer, const_cast < unsigned char *>(Data),<br> static_cast < unsigned int >(Size)};<br> PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE);<br> ( void )SEC_QuickDERDecodeItem(&pool.arena, dest, tpl, &buf);<br> PORT_DestroyCheapArena(&pool);<br> Fig 5. The QuickDER fuzzer simply creates and discards objects. This verifies the ASN.1 parsing, but not whether other components handle the resulting objects correctly.<br> This fuzzer might have produced a SECKEYPublicKey that could have reached the vulnerable code, but as the result was never used to verify … https://www.whatsupup.com/blog/sideswiped/tuftily/20211201-041518/ Wed, 01 Dec 2021 04:15:17 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20211201-041518/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/11/29/Hug-A-Tree">CL XLII: Picture Hugs</a> · Out on a walk with Lauren, we stopped in a park and I noticed she was holding an evergreen branch with one hand, stroking it with the other. “Sometimes, you just got to hug a tree” she said. No lie. Especially when times are shitty. I can’t put you next to a tree but at least I can take you out in the woods photographically. It’s dark now and we can use all the help we can get <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/11/29/Hug-A-Tree">…</a> [1 comment]<br> https://www.whatsupup.com/blog/playacted/rededication/20211130-202001/ Tue, 30 Nov 2021 20:20:00 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211130-202001/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/11/30/technology/david-marcus-facebook-libra-diem-novi.html">The head of Meta’s cryptocurrency efforts is leaving the company. David Marcus had most recently spearheaded Meta’s push into a global digital currency. By Mike Isaac</a><br> https://www.whatsupup.com/blog/gaper/whisky/20211130-162102/ Tue, 30 Nov 2021 16:21:01 +0000 https://www.whatsupup.com/blog/gaper/whisky/20211130-162102/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/11/hacks-decoded-seyi-akiwowo-founder-of-glitch/">Hacks Decoded: Seyi Akiwowo, Founder of Glitch →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/11/hacks-decoded-seyi-akiwowo-founder-of-glitch/">Hacks Decoded: Seyi Akiwowo, Founder of Glitch</a><br> <hr> Seyi Akiwowo’s reputation precedes her. Akiwowo is the founder of Glitch, an organization that seeks to end online abuse. We spoke with Seyi over video chat to learn about what drives her, why she does what she does and what she’d be doing if not battling trolls online for a living.<br> https://www.whatsupup.com/blog/glooming/wrackful/20211130-160902/ Tue, 30 Nov 2021 16:09:01 +0000 https://www.whatsupup.com/blog/glooming/wrackful/20211130-160902/ <a rel="noreferrer" target="_blank" href="https://robertheaton.com/better-sentences/">How to write better sentences: 6 examples</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20211130-082537/ Tue, 30 Nov 2021 08:25:37 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20211130-082537/ <a rel="noreferrer" target="_blank" href="https://eff.org/r.wj15">Power Up Your Donation Week</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20211130-082535/ Tue, 30 Nov 2021 08:25:34 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20211130-082535/ <a rel="noreferrer" target="_blank" href="https://eff.org/r.wj15">Power Up Your Donation Week</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20211130-041219/ Tue, 30 Nov 2021 04:12:18 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20211130-041219/ Slides for my YOW! talk on <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/yow2021-computing-performance">Computing Performance 2021: What's on the Horizon</a> , covering processors, memory, disks, networking, hypervisors, and more ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/yow2021-computing-performance">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/YOW2021_ComputingPerformance.pdf">PDF</a> ).<br> https://www.whatsupup.com/blog/playacted/rededication/20211130-002220/ Tue, 30 Nov 2021 00:22:20 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211130-002220/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/11/29/technology/parag-agrawal-twitter.html">Who Is Parag Agrawal, Twitter’s New C.E.O.? A longtime Twitter insider and a confidant of co-founder Jack Dorsey, Mr. Agrawal takes over as the social media company confronts various challenges. By Mike Isaac, Kate Conger and Cade Metz</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20211130-001603/ Tue, 30 Nov 2021 00:16:03 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20211130-001603/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/11/27/Overtorqued">Overtorqued</a> · I don’t write much about really personal stuff, but in recent years there have been mild-to-serious mental-health issues affecting my immediate and extended family. As a consequence I have uneducated ideas about evolution and mental health to offer. And with them, for comfort, photographs of a beautiful garden <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/11/27/Overtorqued">…</a> [4 comments]<br> https://www.whatsupup.com/blog/phonic/shopboy/20211130-001341/ Tue, 30 Nov 2021 00:13:41 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211130-001341/ I'm discussing “Unfettered Conversation with Ken Griffin, CEO of Citadel” with @bhorowitz, @arampell, and a16z. Wednesday, Dec 1 at 5:00 PM PST in @clubhouse. Join us! <a rel="noreferrer" target="_blank" href="https://t.co/Dd3yI7BKA8"><a href="https://t.co/Dd3yI7BKA8">https://t.co/Dd3yI7BKA8</a></a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20211130-000831/ Tue, 30 Nov 2021 00:08:30 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20211130-000831/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/zone-of-action-do-the-possible-to-do-the-impossible">Zone of Action: Do the possible to do the impossible</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/1-simple-technique-to-train-your-focus">1 simple technique to train your focus</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-change-for-the-better">How to change for the better</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-set-goals-that-work">How to set goals that work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-finally-start-doing-something-about-your-dreams">How to finally start doing something about your dreams</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-avoid-i-ll-do-it-tomorrow">How to avoid “I’ll do it tomorrow”</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/play-the-ultimate-game-your-real-life">Play the ultimate game: your real life</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-real-reason-why-you-get-distracted">The real reason why you get distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/today-shouldnt-suck">Today shouldn’t suck</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted">4 most common ways of getting distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20211129-202032/ Mon, 29 Nov 2021 20:20:32 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211129-202032/ The DART mission has launched. Next up, it will try out a manoeuvre that could one day deflect killer asteroids from Earth.<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211129-201030/ Mon, 29 Nov 2021 20:10:30 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211129-201030/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/aed-locator-customer-story/">William Fahy, a full-time paramedic, noticed that a lot of people struggled to remember and find nearby defibrillators when they needed one most. So he built a Retool app to fix the problem across Ireland.</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20211128-041813/ Sun, 28 Nov 2021 04:18:12 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20211128-041813/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/11/09/Climate-Crisis-Resistance">Blah, Blah, Blah, Boom</a> · COP26 is winding down, and I think nobody can seriously disagree with <a rel="noreferrer" target="_blank" href="https://www.ndtv.com/world-news/greta-thunberg-on-un-climate-summit-cop26-blah-blah-blah-2610076">Greta Thunberg’s take</a> : “Blah, blah, blah.” And then she continued “The real work continues outside these halls. And we will never give up, ever.” I wonder: What form does that “real work” take? Well, I just finished reading <a rel="noreferrer" target="_blank" href="https://www.versobooks.com/books/3665-how-to-blow-up-a-pipeline">How to Blow Up a Pipeline</a> by Andreas Malm, which doesn’t include instructions for blowing up pipelines but argues that that Real Work should include infrastructure destruction. It’s a good book, and if you (like me) are horrified at the onrushing climate catastrophe and enraged at our leaders’ incapacity and unwillingness to take actions that might seriously mitigate the devastation, you might want to read it <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/11/09/Climate-Crisis-Resistance">…</a> [7 comments]<br> https://www.whatsupup.com/blog/traveling/splay/20211127-122323/ Sat, 27 Nov 2021 12:23:23 +0000 https://www.whatsupup.com/blog/traveling/splay/20211127-122323/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/11/27/espanol/telescopio-hubble.html">Out There ¿Quieres saber cómo está el clima en otros planetas? El telescopio Hubble te lo informa El ojo previsor de la nave espacial vuelve a posar su mirada en Júpiter, Saturno, Urano y Neptuno. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211127-080801/ Sat, 27 Nov 2021 08:08:00 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211127-080801/ “If such an attack were successful, it would result in customer IP address blocks being filtered and dropped, making them unreachable from some or all of the global Internet,” Korab said<br> https://www.whatsupup.com/blog/gonadal/revving/20211127-042339/ Sat, 27 Nov 2021 04:23:39 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211127-042339/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2020/02/23/what-would-dijkstra-do-proving-the-associativity-of-min/">What would Dijkstra do? Proving the associativity of min</a><br> https://www.whatsupup.com/blog/boxed/modification/20211127-041718/ Sat, 27 Nov 2021 04:17:18 +0000 https://www.whatsupup.com/blog/boxed/modification/20211127-041718/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#image-processing">image-processing</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#math">math</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pretty-pictures">pretty-pictures</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#web">web</a><br> Via that same <a rel="noreferrer" target="_blank" href="https://news.ycombinator.com/item?id=29185167">Hacker News</a> piece that generated <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2021/11/13/pixel-rotation/">“Image rotation by shifting pixels”</a> (2021-11-13): Any angular rotation can be expressed as the sum of three shear transformations. Shear right, then down, then right again; the result is an angular rotation!<br> At CppCon this year, <a rel="noreferrer" target="_blank" href="https://cpp.chat/guests/ben_deane/">Ben Deane</a> ’s nametag featured a cryptic crossword clue: Bird chewing a pencil (7). That got us talking about crosswords, which reminded me that a few months earlier I’d learned of Vermont poet <a rel="noreferrer" target="_blank" href="http://www.hollypainter.com/">Holly Painter</a> , who has a book coming out next year titled At last, we listen closely: cryptic crossword poems . The publisher’s blurb <a rel="noreferrer" target="_blank" href="http://www.hollypainter.com/at-last-we-listen-closely-cryptic-crossword-poems/">explains:</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211127-000811/ Sat, 27 Nov 2021 00:08:11 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211127-000811/ All except <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Level_3_Communications">Level 3 Communications</a> , a major Internet backbone provider acquired by Lumen/CenturyLink.<br> “LEVEL 3 is the last IRR operator which allows the use of this method, although they have discouraged its use since at least 2012,” Korab told KrebsOnSecurity. “Other IRR operators have fully deprecated MAIL-FROM.”<br> https://www.whatsupup.com/blog/rubicundity/envenomation/20211126-200806/ Fri, 26 Nov 2021 20:08:06 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20211126-200806/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/black-friday">Black Friday! A limited offer for you</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211126-200746/ Fri, 26 Nov 2021 20:07:44 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211126-200746/ A visualization of the Internet made using network routing data. Image: Barrett Lyon, opte.org.<br> Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the largest Internet backbones.<br> Based in Monroe, La., Lumen Technologies Inc. [ <a rel="noreferrer" target="_blank" href="https://www.google.com/finance/quote/LUMN:NYSE">NYSE: LUMN</a> ] (formerly CenturyLink ) is one of more than two dozen entities that operate what’s known as an <a rel="noreferrer" target="_blank" href="http://www.irr.net/docs/list.html">Internet Routing Registry</a> (IRR). These IRRs maintain routing databases used by network operators to register their assigned network resources — i.e., the Internet addresses that have been allocated to their organization.<br> The data maintained by the IRRs help keep track of which organizations have the right to access what Internet address space in the global routing system. Collectively, the information voluntarily submitted to the IRRs forms a distributed database of Internet routing instructions that helps connect a vast array of individual networks.<br> There are about 70,000 distinct networks on the Internet today, ranging from huge broadband providers like AT&T , Comcast and Verizon to many thousands of enterprises that connect to the edge of the Internet for access. Each of these so-called “Autonomous Systems” (ASes) make their own decisions about how and with whom they will connect to the larger Internet.<br> Regardless of how they get online, each AS uses the same language to specify which Internet IP address ranges they control: It’s called the Border Gateway Protocol , or BGP. Using BGP, an AS tells its directly connected neighbor AS(es) the addresses that it can reach. That neighbor in turn passes the information on to its neighbors, and so on, until the information has propagated everywhere [1].<br> A key function of the BGP data maintained by IRRs is preventing rogue network operators from claiming another network’s addresses and hijacking their traffic. In essence, an organization can use IRRs to declare to the rest of the Internet, “These specific Internet address ranges are ours, should only originate from our network, and you should ignore any other networks trying to lay claim to these address ranges.”<br> In the early days of the Internet, when organizations wanted to update their records with an IRR, the changes usually involved some amount of human interaction — often someone manually editing the new coordinates into an Internet backbone router. But over the years the various IRRs made it easier to automate this process via email.<br> For a long time, any changes to an organization’s routing information with an IRR could be processed via email as long as one of the following authentication methods was successfully used:<br> -CRYPT-PW: A password is added to the text of an email to the IRR containing the record they wish to add, change or delete (the IRR then compares that password to a hash of the password);<br> -PGPKEY: The requestor signs the email containing the update with an encryption key the IRR recognizes;<br> -MAIL-FROM: The requestor sends the record changes in an email to the IRR, and the authentication is based solely on the “From:” header of the email.<br> Of these, MAIL-FROM has long been considered insecure, for the simple reason that it’s not difficult to spoof the return address of an email. And virtually all IRRs have disallowed its use since at least 2012, said Adam Korab , a network engineer and security researcher based in Houston.<br> All except Level3 , a major Internet backbone provider acquired by Lumen/CenturyLink.<br> “LEVEL3 is the last IRR operator which allows the use of this method, although they have discouraged its use since at least 2012,” Korab told KrebsOnSecurity. “Other IRR operators have fully deprecated MAIL-FROM.”<br> Importantly, the name and email address of each Autonomous System’s official contact for making updates with the IRRs is public information.<br> Korab filed a vulnerability report with Lumen demonstrating how a simple spoofed email could be used to disrupt Internet service for banks, telecommunications firms and even government entities.<br> “If such an attack were successful, it would result in customer IP address blocks being filtered and dropped, making them unreachable from some or all of the global Internet,” Korab said , noting that he found more than 2,000 Lumen customers were potentially affected. “This would effectively cut off Internet access for the impacted IP address blocks.”<br> The recent outage that took Facebook , Instagram and WhatsApp offline for the better part of a day was caused by <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp/">an erroneous BGP update submitted by Facebook</a> . That update took away the map telling the world’s computers how to find its various online properties.<br> Now consider the mayhem that would ensue if someone spoofed IRR updates to remove or alter routing entries for multiple e-commerce providers, banks and telecommunications companies at the same time.<br> “Depending on the scope of an attack, this could impact individual customers, geographic market areas, or potentially the [Lumen] backbone,” Korab continued. “This attack is trivial to exploit, and has a difficult recovery. Our conjecture is that any impacted Lumen or customer IP address blocks would be offline for 24-48 hours. In the worst-case scenario, this could extend much longer.”<br> Lumen told KrebsOnSecurity that it continued offering MAIL-FROM: authentication because many of its customers still relied on it due to legacy systems. Nevertheless, after receiving Korab’s report the company decided the wisest course of action was to disable MAIL-FROM: authentication altogether.<br> “We recently received notice of a known insecure configuration with our Route Registry,” reads a statement Lumen shared with KrebsOnSecurity. “We already had mitigating controls in place and to date we have not identified any additional issues. As part of our normal cybersecurity protocol, we carefully considered this notice and took steps to further mitigate any potential risks the vulnerability may have created for our customers or systems.”<br> Level3, now part of Lumen, has long urged customers to avoid using “Mail From” for authentication, but until very recently they still allowed it.<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/the-internet-is-held-together-with-spit-baling-wire/">The Internet is Held Together With Spit & Baling Wire</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211126-162227/ Fri, 26 Nov 2021 16:22:26 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211126-162227/ November 26, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/11/26/postmarketos.html">postmarketOS revolutionizes smartphone hacking</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20211126-160827/ Fri, 26 Nov 2021 16:08:27 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20211126-160827/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/black-friday">Black Friday is here! A limited offer for you</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20211125-120820/ Thu, 25 Nov 2021 12:08:19 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20211125-120820/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/1-simple-technique-to-train-your-focus">1 simple technique to train your focus</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-change-for-the-better">How to change for the better</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-set-goals-that-work">How to set goals that work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-finally-start-doing-something-about-your-dreams">How to finally start doing something about your dreams</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-avoid-i-ll-do-it-tomorrow">How to avoid “I’ll do it tomorrow”</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/play-the-ultimate-game-your-real-life">Play the ultimate game: your real life</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-real-reason-why-you-get-distracted">The real reason why you get distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/today-shouldnt-suck">Today shouldn’t suck</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted">4 most common ways of getting distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211125-001950/ Thu, 25 Nov 2021 00:19:49 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211125-001950/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/five-ways-china-is-trying-to-unaddict">Five Ways China Is Trying To Unaddict Kids From Social Media</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/five-ways-china-is-trying-to-unaddict">Blackout hours, educational content, time limits, and interspersed pauses. This is how China is attempting to mitigate social media addiction, especially among kids.</a><br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/a-xiaomi-phone-mightve-shipped-with">A Xiaomi Phone Might’ve Shipped With A Censorship List In Europe. Now What?</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/a-xiaomi-phone-mightve-shipped-with">European researchers say they found hundreds of terms the phone could block, including “Tiananmen” and “Hong Kong Independence.” There’s no playbook fo…</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20211125-001905/ Thu, 25 Nov 2021 00:19:04 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211125-001905/ DART mission aims to try out a strategy for shielding Earth from killer asteroids.<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211125-001033/ Thu, 25 Nov 2021 00:10:33 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211125-001033/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/what-makes-a-great-admin-portal/">In this article, you’ll learn what admin portals are, why you need them, and, most importantly, what aspects make a good admin portal.</a><br> https://www.whatsupup.com/blog/sited/implore/20211124-201921/ Wed, 24 Nov 2021 20:19:20 +0000 https://www.whatsupup.com/blog/sited/implore/20211124-201921/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/11/24/technology/adam-mosseri-instagram-congress.html">The head of Instagram agrees to testify as Congress probes the app’s effects on young people. This will be the first time Adam Mosseri, a trusted lieutenant to Mark Zuckerberg, will appear before lawmakers under oath. By Ryan Mac and Cecilia Kang</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211124-122226/ Wed, 24 Nov 2021 12:22:26 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211124-122226/ November 24, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/11/24/A-philosophy-for-instant-messaging.html">My philosophy for productive instant messaging</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20211123-202418/ Tue, 23 Nov 2021 20:24:17 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20211123-202418/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/11/podcast-episode-revolution-will-be-open-source">Revolution will be open source</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20211123-202415/ Tue, 23 Nov 2021 20:24:14 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20211123-202415/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/11/podcast-episode-revolution-will-be-open-source">Revolution will be open source</a><br> https://www.whatsupup.com/blog/gonadal/revving/20211123-202134/ Tue, 23 Nov 2021 20:21:33 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211123-202134/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2015/07/10/the-species-of-bracelets/">The Species of Bracelets</a><br> https://www.whatsupup.com/blog/boxed/modification/20211123-161644/ Tue, 23 Nov 2021 16:16:43 +0000 https://www.whatsupup.com/blog/boxed/modification/20211123-161644/ mt19937<br> ; introducing<br> xoshiro256ss<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#antipatterns">antipatterns</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pearls">pearls</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#random-numbers">random-numbers</a><br> TLDR:<br> std::mt19937<br> is half the speed of a good PRNG (and 500 times slower to seed, for what that’s worth). These days I copy-and-paste <a rel="noreferrer" target="_blank" href="https://github.com/Quuxplusone/Xoshiro256ss">xoshiro256ss.h</a> when I need random numbers for a project.<br> https://www.whatsupup.com/blog/traveling/splay/20211123-122104/ Tue, 23 Nov 2021 12:21:04 +0000 https://www.whatsupup.com/blog/traveling/splay/20211123-122104/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/11/23/science/hubble-telescope-jupiter-saturn-uranus-neptune.html">Out There The Hubble Telescope Checks In With the Most Distant Planets The spacecraft’s farseeing eye once again sets its gaze on Jupiter, Saturn, Uranus and Neptune. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20211123-041731/ Tue, 23 Nov 2021 04:17:30 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211123-041731/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-020-03485-w">Meet Joe Biden's 2021 science team: a guide</a><br></p> <hr> As the US president announced his advisers and agency heads after taking office, Nature tracked the appointees who matter most to science.<br> https://www.whatsupup.com/blog/ideo/fleury/20211123-040655/ Tue, 23 Nov 2021 04:06:54 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211123-040655/ On Friday, Nigerian police arrested Medayedupin. The investigator says formal charges will be levied against the defendant sometime this week.<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211123-001011/ Tue, 23 Nov 2021 00:10:11 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211123-001011/ <p>function loadScript(url) { return new Promise(function (resolve) { var script = document.createElement("script"); script.type = "text/javascript"; script.onload = function () { resolve(); }; script.src = url; document.getElementsByTagName("head")[0].appendChild(script); }); }</p> <p>async function loadNotifier() { ko.$("head").append(`</p> <p>`);</p> <p>await loadScript( "https://cdnjs.cloudflare.com/ajax/libs/awesome-notifications/3.1.0/modern.var.js" );</p> <p>return new AWN({ position: "top-right", }); }</p> <p>ko.ready(async function () { let notificationShown = false; const notifier = await loadNotifier();</p> <p>ko.$("nav").on("click", (e) => { const onPricing = ko.page.viewing("/pricing/"); const lookedAtSelfHosted = ko.e.performed("SSOP Toggle Flipped On");</p> <pre><code>if (notificationShown) { return; } if (onPricing && lookedAtSelfHosted) { e.preventDefault(); notificationShown = true; notifier.modal(`<br> </code></pre> <p>👋 Before you go<br> Curious how self-hosting Retool works? Book a demo and we'll show you how to get started.<br> <a rel="noreferrer" target="_blank" href="https://retool.com/blog">Book a demo</a><br></p> <hr> `); } }); });<br> https://www.whatsupup.com/blog/ideo/fleury/20211123-000734/ Tue, 23 Nov 2021 00:07:33 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211123-000734/ In August, KrebsOnSecurity <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/wanted-disgruntled-employees-to-deploy-ransomware/">warned</a> that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme — a young man who said he was trying to save up money to help fund a new social network.<br> The brazen approach targeting disgruntled employees was first spotted by threat intelligence firm Abnormal Security , which <a rel="noreferrer" target="_blank" href="https://abnormalsecurity.com/blog/nigerian-ransomware-soliciting-employees-demonware/">described</a> what happened after they adopted a fake persona and responded to the proposal in the screenshot above.<br> “According to this actor, he had originally intended to send his targets—all senior-level executives—phishing emails to compromise their accounts, but after that was unsuccessful, he pivoted to this ransomware pretext,” Abnormal’s Crane Hassold wrote.<br> Abnormal Security documented how it tied the email back to a Nigerian man who acknowledged he was trying to save up money to help fund a new social network he is building called Sociogram . In June 2021, the Nigerian government officially <a rel="noreferrer" target="_blank" href="https://www.washingtonpost.com/world/2021/06/04/nigeria-suspends-twitter-buhari/">placed an indefinite ban on Twitter</a> , restricting it from operating in Nigeria after the social media platform deleted tweets by the Nigerian president.<br> After he deleted his LinkedIn profile, I received the following message through the “contact this domain holder” link at KrebsOnSecurity’s domain registrar [curiously, the date of that missive reads “Dec. 31, 1969.”]. Apparently, Mr. Krebson is a clout-chasing monger.<br> A love letter from the founder of the ill-fated Sociogram.<br> Mr. Krebson also heard from an investigator representing the Nigeria Finance CERT on behalf of the Central Bank Of Nigeria. While the Sociogram founder’s approach might seem amateurish to some, the financial community in Nigeria did not consider it a laughing matter.<br> On Friday, police in Lagos arrested Medayedupin. The investigator says formal charges will be levied against the defendant sometime this week.<br> The petition for arrest.<br> Medayedupin being booked.<br> Seized laptop.<br> KrebsOnSecurity spoke with a fraud investigator who is performing the forensic analysis of the devices seized from Medayedupin’s home. The investigator spoke on condition of anonymity out of concern for his physical safety.<br> The investigator — we’ll call him “George” — said the 23-year-old Medayedupin lives with his extended family in an extremely impoverished home, and that the young man told investigators he’d just graduated from college but turned to cybercrime at first with ambitions of merely scamming the scammers.<br> George’s team confirmed that Medayedupin had around USD $2,000 to his name, which he’d recently stolen from a group of Nigerian fraudsters who were scamming people for gift cards. Apparently, he admitted to creating a phishing website that tricked a member of this group into providing access to the money they’d made from their scams.<br> Medayedupin reportedly told investigators that for almost a week after he started emailing his ransom-your-employer scheme, nobody took him up on the offer. But after his name appeared in the news media, he received thousands of inquiries from people interested in his idea . <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/arrest-in-ransom-your-employer-email-scheme/#more-57657">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/arrest-in-ransom-your-employer-email-scheme/">Arrest in ‘Ransom Your Employer’ Email Scheme</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211122-120955/ Mon, 22 Nov 2021 12:09:55 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211122-120955/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/pepper-content-customer-story/">Rohit, Pepper Content's Head of Product, replaced a homegrown operations portal with Retool to support the growth of creators.</a><br> https://www.whatsupup.com/blog/boxed/modification/20211122-001654/ Mon, 22 Nov 2021 00:16:53 +0000 https://www.whatsupup.com/blog/boxed/modification/20211122-001654/ path<br> convertible to<br> string_view<br> ?: a war story<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#concepts">concepts</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#llvm">llvm</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#overload-resolution">overload-resolution</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pitfalls">pitfalls</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#template-metaprogramming">template-metaprogramming</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#war-stories">war-stories</a><br> This story comes from <a rel="noreferrer" target="_blank" href="https://reviews.llvm.org/D113161">the libc++ review</a> implementing <a rel="noreferrer" target="_blank" href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2021/p1989r2.pdf">P1989 “Range constructor for std::string_view 2: Constrain Harder”</a> (Corentin Jabot, March 2021). That paper made<br> implicitly convertible-from basically any contiguous range of characters. Which, to be clear, is probably a good thing. But it turned up a really interesting interaction in libc++’s<br> filesystem::path<br> . Somehow, enabling this constructor template in the<br> <string_view><br> header caused libc++’s<br> to stop being a<br> range<br> !<br> https://www.whatsupup.com/blog/overgrazing/propellent/20211121-201759/ Sun, 21 Nov 2021 20:17:58 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211121-201759/ <p><a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/about?utm_source=menu-dropdown">About</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/archive?utm_source=menu-dropdown">Archive</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://support.substack.com/hc/en-us?s=support%2Bbigtechnology%40substack.com">Help</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211121-161754/ Sun, 21 Nov 2021 16:17:53 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211121-161754/ A newsletter about big tech and society by independent journalist Alex Kantrowitz.<br> https://www.whatsupup.com/blog/buckeroo/doubling/20211120-121942/ Sat, 20 Nov 2021 12:19:41 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211120-121942/ November 20, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/11/20/Dark-forest.gmi">An alternative to the Dark Forest hypothesis</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> https://www.whatsupup.com/blog/ideo/fleury/20211120-040705/ Sat, 20 Nov 2021 04:07:04 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211120-040705/ To “verify the identity” of the customer, the fraudster asks for their online banking username, and then tells the customer to read back a passcode sent via text or email. In reality, the fraudster initiates a transaction — such as the “forgot password” feature on the financial institution’s site — which is what generates the authentication passcode delivered to the member.<br> https://www.whatsupup.com/blog/seer/hemisphere/20211120-001726/ Sat, 20 Nov 2021 00:17:25 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211120-001726/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-03471-w">NASA spacecraft will slam into asteroid in first planetary-defence test</a><br></p> <hr> DART mission to try out a strategy for shielding Earth from killer asteroids.<br> https://www.whatsupup.com/blog/boxed/modification/20211120-001555/ Sat, 20 Nov 2021 00:15:55 +0000 https://www.whatsupup.com/blog/boxed/modification/20211120-001555/ by value”<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#library-design">library-design</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#parameter-only-types">parameter-only-types</a><br> Several readers have responded to my recent post <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2021/11/09/pass-string-view-by-value/">“Three reasons to pass std::string_view by value”</a> (2021-11-09), pointing out that (while everything I said is true of the Itanium x86-64 ABI used on Linux and Mac) unfortunately <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/cpp/build/x64-calling-convention#parameter-passing">Microsoft’s x86-64 ABI</a> does not pass<br> in registers, but instead passes it by “hidden pointer,” so that at the machine level, you get basically the same codegen as if you had been passing by reference all along. Except that actually you’re passing a copy by reference, so you get one extra 16-byte copy in addition to all the other stack traffic MSVC is doing.<br> This is a big problem baked into Microsoft’s x86-64 ABI, and nerfs a lot of the performance benefits mentioned in my post. However, my advice remains the same: Even if your primary platform today is Windows, you should habitually pass<br> by value!<br> https://www.whatsupup.com/blog/ideo/fleury/20211120-000730/ Sat, 20 Nov 2021 00:07:29 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211120-000730/ One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/sms-about-bank-fraud-as-a-pretext-for-voice-phishing/">Last week’s story</a> warned that scammers are blasting out text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text. Here’s what one of those scam messages looks like:<br> Anyone who responds “yes,” “no” or at all will very soon after receive a phone call from a scammer pretending to be from the financial institution’s fraud department. The caller’s number will be spoofed so that it appears to be coming from the victim’s bank.<br> To “verify the identity” of the customer, the fraudster asks for their online banking username, and then tells the customer to read back a passcode sent via text or email. In reality, the fraudster initiates a transaction — such as the “forgot password” feature on the financial institution’s site — which is what generates the 2-step authentication passcode delivered to the member.<br> Ken Otsuka is a senior risk consultant at CUNA Mutual Group , an insurance company that provides financial services to credit unions. Otsuka said a phone fraudster typically will say something like, “Before I get into the details, I need to verify that I’m speaking to the right person. What’s your username?”<br> “In the background, they’re using the username with the forgot password feature, and that’s going to generate one of these two-factor authentication passcodes,” Otsuka said. “Then the fraudster will say, ‘I’m going to send you the password and you’re going to read it back to me over the phone.'”<br> The fraudster then uses the code to complete the password reset process, and then changes the victim’s online banking password. The fraudster then uses Zelle to transfer the victim’s funds to others.<br> An important aspect of this scam is that the fraudsters never even need to know or phish the victim’s password . By sharing their username and reading back the one-time code sent to them via email, the victim is allowing the fraudster to reset their online banking password.<br> Otsuka said in far too many account takeover cases, the victim has never even heard of Zelle, nor did they realize they could move money that way.<br> “The thing is, many credit unions offer it by default as part of online banking,” Otsuka said. “Members don’t have to request to use Zelle. It’s just there, and with a lot of members targeted in these scams, although they’d legitimately enrolled in online banking, they’d never used Zelle before.” [Curious if your financial institution uses Zelle? Check out their partner list <a rel="noreferrer" target="_blank" href="https://www.zellepay.com/get-started">here</a> ].<br> Otsuka said credit unions offering other peer-to-peer banking products have also been targeted, but that fraudsters prefer to target Zelle due to the speed of the payments.<br> “The fraud losses can escalate quickly due to the sheer number of members that can be targeted on a single day over the course of consecutive days,” Otsuka said.<br> To combat this scam Zelle introduced out-of-band authentication with transaction details. This involves sending the member a text containing the details of a Zelle transfer – payee and dollar amount – that is initiated by the member. The member must authorize the transfer by replying to the text.<br> Unfortunately, Otsuka said, the scammers are defeating this layered security control as well. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/the-zelle-fraud-scam-how-it-works-how-to-fight-back/#more-57594">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/the-zelle-fraud-scam-how-it-works-how-to-fight-back/">The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211119-200846/ Fri, 19 Nov 2021 20:08:45 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211119-200846/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/app-to-email-your-hackathon-participants/">In this post, we'll walk you through building an email manager that accomplishes sending a bunch of easily customizable emails—fast.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211119-120725/ Fri, 19 Nov 2021 12:07:24 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211119-120725/ In a 2020 interview, Golestan told KrebsOnSecurity that Micfo was at one point responsible for brokering roughly 40 percent of the IP addresses used by the world’s largest VPN providers. Throughout that conversation, Golestan maintained his innocence, even as he explained that the creation of the phony companies was necessary to prevent entities like Spamhaus from interfering with his business going forward.<br> https://www.whatsupup.com/blog/overgrazing/propellent/20211119-041845/ Fri, 19 Nov 2021 04:18:44 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211119-041845/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/a-xiaomi-phone-mightve-shipped-with">A Xiaomi Phone Might’ve Shipped With A Censorship List In Europe. Now What?</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/a-xiaomi-phone-mightve-shipped-with">European researchers say they found hundreds of terms the phone could block, including “Tiananmen” and “Hong Kong Independence.” There’s no playbook for what comes next.</a><br> https://www.whatsupup.com/blog/boxed/modification/20211119-041608/ Fri, 19 Nov 2021 04:16:07 +0000 https://www.whatsupup.com/blog/boxed/modification/20211119-041608/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#blog-roundup">blog-roundup</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#cppcon">cppcon</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#litclub">litclub</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#morality">morality</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#puzzles">puzzles</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#us-politics">us-politics</a><br> At CppCon this year, <a rel="noreferrer" target="_blank" href="https://cpp.chat/guests/ben_deane/">Ben Deane</a> ’s nametag featured a cryptic crossword clue. (I don’t quite remember the wording. “Bird damaged a pencil,” perhaps? I’m sure Twitter will tell me.) That got us talking about crosswords, which reminded me that a few months earlier I’d learned of Vermont poet <a rel="noreferrer" target="_blank" href="http://www.hollypainter.com/">Holly Painter</a> , who has a book coming out next year titled At last, we listen closely: cryptic crossword poems . The publisher’s blurb <a rel="noreferrer" target="_blank" href="http://www.hollypainter.com/at-last-we-listen-closely-cryptic-crossword-poems/">explains:</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211119-002038/ Fri, 19 Nov 2021 00:20:38 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211119-002038/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/11/18/technology/meta-instagram-investigation-teens.html">State attorneys general open an inquiry into Instagram’s impact on teens. The states were examining whether the actions of Facebook, now called Meta, violated state consumer protection laws and put the public at risk. By Cecilia Kang and Mike Isaac</a><br> https://www.whatsupup.com/blog/sited/implore/20211119-001742/ Fri, 19 Nov 2021 00:17:42 +0000 https://www.whatsupup.com/blog/sited/implore/20211119-001742/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/11/18/technology/meta-instagram-investigation-teens.html">State attorneys general open an inquiry into Instagram’s impact on teens. The states were examining whether the actions of Facebook, now called Meta, violated state consumer protection laws and put the public at risk. By Cecilia Kang and Mike Isaac</a><br> https://www.whatsupup.com/blog/gonadal/revving/20211118-202055/ Thu, 18 Nov 2021 20:20:55 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211118-202055/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/bfs/">BFS</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/graph/">graph</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/mutable/">mutable</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/search/">search</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/stuarray/">STUArray</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/11/17/competitive-programming-in-haskell-bfs-part-4-implementation-via-stuarray/#comments">2 Comments</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20211118-200730/ Thu, 18 Nov 2021 20:07:30 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20211118-200730/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/1-simple-technique-to-train-your-focus">1 simple technique to train your focus</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-the-internet-can-cause-you-adhd-like-symptoms">How the Internet can cause ADHD-like symptoms</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-change-for-the-better">How to change for the better</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-set-goals-that-work">How to set goals that work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-finally-start-doing-something-about-your-dreams">How to finally start doing something about your dreams</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-avoid-i-ll-do-it-tomorrow">How to avoid “I’ll do it tomorrow”</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/play-the-ultimate-game-your-real-life">Play the ultimate game: your real life</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-real-reason-why-you-get-distracted">The real reason why you get distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/today-shouldnt-suck">Today shouldn’t suck</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted">4 most common ways of getting distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/jigging/witherer/20211118-161931/ Thu, 18 Nov 2021 16:19:30 +0000 https://www.whatsupup.com/blog/jigging/witherer/20211118-161931/ <p><a rel="noreferrer" target="_blank" href="https://themarkup.org/donate-stripe">Be part of The Markup’s future. Give now!</a> <a rel="noreferrer" target="_blank" href="https://themarkup.org/people/julia-angwin#content">Skip navigation</a><br> <a rel="noreferrer" target="_blank" href="https://themarkup.org/show-your-work/2021/11/18/how-we-investigated-facebooks-most-popular-content">Show Your Work Citizen Browser How We Investigated Facebook’s Most Popular Content We found that Facebook's popularity metric obscures how well ultra-conservative content does on the platform November 18, 2021 08:00 ET</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/11/18/facebook-isnt-telling-you-how-popular-right-wing-content-is-on-the-platform">Citizen Browser Facebook Isn’t Telling You How Popular Right-Wing Content Is on the Platform Facebook insists that mainstream news sites perform the best on its platform. But by other measures, sensationalist, partisan content reigns November 18, 2021 08:00 ET</a><br> https://www.whatsupup.com/blog/gonadal/revving/20211118-122222/ Thu, 18 Nov 2021 12:22:21 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211118-122222/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/bfs/">BFS</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/graph/">graph</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/mutable/">mutable</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/search/">search</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/stuarray/">STUArray</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/11/17/competitive-programming-in-haskell-bfs-part-4-implementation-via-stuarray/#comments">1 Comment</a><br> https://www.whatsupup.com/blog/sited/implore/20211118-081710/ Thu, 18 Nov 2021 08:17:10 +0000 https://www.whatsupup.com/blog/sited/implore/20211118-081710/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/11/16/technology/senate-approves-jonathan-kanter.html">Senate approves Jonathan Kanter, a Big Tech critic, as the top U.S. antitrust official. Mr. Kanter has fought against Google and other tech giants for years. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211118-080845/ Thu, 18 Nov 2021 08:08:45 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211118-080845/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/lbb-customer-story/">This is the story about how different teams at LBB moved their workflows to Retool to give engineering more time to focus on growing the business and improving the product experience—not redundant tasks.</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20211118-042609/ Thu, 18 Nov 2021 04:26:09 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20211118-042609/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/11/effs-how-fix-internet-podcast-offers-optimistic-solutions-tech-dystopias">How to Fix the Internet Podcast</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20211118-042607/ Thu, 18 Nov 2021 04:26:06 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20211118-042607/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/11/effs-how-fix-internet-podcast-offers-optimistic-solutions-tech-dystopias">How to Fix the Internet Podcast</a><br> https://www.whatsupup.com/blog/gonadal/revving/20211118-042318/ Thu, 18 Nov 2021 04:23:18 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211118-042318/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/11/17/competitive-programming-in-haskell-bfs-part-4-implementation-via-stuarray/">Competitive programming in Haskell: BFS, part 4 (implementation via STUArray)</a><br></p> <hr> In <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/29/competitive-programming-in-haskell-bfs-part-3-implementation-via-hashmap/">a previous post</a> , we saw one way to implement our <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/14/competitive-programming-in-haskell-bfs-part-1/">BFS API</a> , but I claimed that it is not fast enough to solve <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/modulosolitaire">Modulo Solitaire</a> . Today, I want to demonstrate a faster implementation. (It’s almost certainly possible to make it faster still; I welcome suggestions!)<br> Once again, the idea is to replace the<br> s from last time with mutable arrays , but in such a way that we get to keep the same pure API—almost. In order to allow arbitrary vertex types, while storing the vertices efficiently in a mutable array, we will require one extra argument to our<br> function, namely, an <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/11/15/competitive-programming-in-haskell-enumeration/">Enumeration</a> specifying a way to map back and forth between vertices and array indices.<br> So why not instead just restrict vertices to some type that can be used as keys of a mutable array? That would work, but would unnecessarily restrict the API. For example, it is very common to see competitive programming problems that are “just” a standard graph algorithm, but on a non-obvious graph where the vertices are conceptually some more complex algebraic type, or on a graph where the vertices are specified as strings. Typically, competitive programmers just implement a mapping between vertices to integers on the fly—using either some math or some lookup data structures on the side—but wouldn’t it be nicer to be able to compositionally construct such a mapping and then have the graph search algorithm automatically handle the conversion back and forth? This is exactly what the<br> abstraction gives us.<br> This post is literate Haskell; you can <a rel="noreferrer" target="_blank" href="https://hub.darcs.net/byorgey/byorgey-wordpress/browse/2019-04-comprog-hs/24-BFS-impl-STUArray.lhs">obtain the source from the darcs repo</a> . The source code (without accompanying blog post) can also be found <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/comprog-hs/blob/master/Graph.hs">in my comprog-hs repo</a> .<br> {-# LANGUAGE FlexibleContexts #-} {-# LANGUAGE RankNTypes #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE ScopedTypeVariables #-} module Graph where import Enumeration import Control.Arrow ( ( >>> ) ) import Control.Monad import Control.Monad.ST import qualified Data.Array.IArray as IA import Data.Array.ST import Data.Array.Unboxed ( UArray ) import qualified Data.Array.Unboxed as U import Data.Array.Unsafe ( unsafeFreeze ) import Data.Sequence ( Seq ( .. ) , ViewL ( .. ) , ( <| ) , ( |> ) ) import qualified Data.Sequence as Seq infixl 0 >$> ( >$> ) :: a -> ( a -> b ) -> b ( >$> ) = flip ( $ ) {-# INLINE (>$>) #-}<br> exhaustM<br> is like<br> from the last post, but in the context of an arbitrary<br> . Each step will now be able to have effects (namely, updating mutable arrays) so needs to be monadic.<br> exhaustM :: Monad m => ( a -> m ( Maybe a ) ) -> a -> m a exhaustM f = go where go a = do ma <- f a maybe ( return a ) go ma<br> type is the same as before.<br> Instead of using<br> s in our<br> as before, we will use<br> STUArray<br> s. <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com#fn1">1</a> These are <a rel="noreferrer" target="_blank" href="https://hackage.haskell.org/package/array-0.5.4.0/docs/Data-Array-ST.html">unboxed, mutable arrays</a> which we can use in the <a rel="noreferrer" target="_blank" href="https://hackage.haskell.org/package/base-4.13.0.0/docs/Control-Monad-ST-Safe.html#t:ST">ST monad</a> . Note we also define<br> V<br> as a synonym for<br> , just as a mnemonic way to remind ourselves which<br> values are supposed to represent vertices.<br> type V = Int data BFSState s = BS { level :: STUArray s V Int , parent :: STUArray s V V , queue :: Seq V }<br> To initialize a BFS state, we allocate new mutable level and parent arrays (initializing them to all values), and fill in the<br> array and queue with the given start vertices. Notice how we need to be explicitly given the size of the arrays we should allocate; we will get this size from the<br> passed to<br> initBFSState :: Int -> [ V ] -> ST s ( BFSState s ) initBFSState n vs = do l <- newArray ( 0 , n - 1 ) ( - 1 ) p <- newArray ( 0 , n - 1 ) ( - 1 ) forM_ vs $ \ v -> writeArray l v 0 return $ BS l p ( Seq.fromList vs )<br> bfs'<br> function implements the BFS algorithm itself. Notice that it is not polymorphic in the vertex type; we will fix that with a wrapper function later. If you squint, the implementation looks very similar to the implementation of<br> from <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/29/competitive-programming-in-haskell-bfs-part-3-implementation-via-hashmap/">my previous post</a> , with the big difference that everything has to be in the<br> monad now.<br> bfs' :: Int -> [ V ] -> ( V -> [ V ] ) -> ( V -> Bool ) -> ST s ( BFSState s ) bfs' n vs next goal = do st <- initBFSState n vs exhaustM bfsStep st where bfsStep st @ BS { .. } = case Seq.viewl queue of EmptyL -> return Nothing v :< q' | goal v -> return Nothing | otherwise -> v >$> next >>> filterM ( fmap not . visited st ) >=> foldM ( upd v ) ( st { queue = q' } ) >>> fmap Just upd p b @ BS { .. } v = do lp <- readArray level p writeArray level v ( lp + 1 ) writeArray parent v p return $ b { queue = queue |> v } visited :: BFSState s -> V -> ST s Bool visited BS { .. } v = ( /= - 1 ) <$> readArray level v {-# INLINE visited #-}<br> function is a wrapper around<br> . It presents the <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/14/competitive-programming-in-haskell-bfs-part-1/">same API as before</a> , with the exception that it requires an extra<br> Enumeration v<br> argument, and uses it to convert vertices to integers for the inner<br> call, and then back to vertices for the final result. It also handles freezing the mutable arrays returned from<br> and constructing level and parent lookup functions that index into them. Note, the use of<br> unsafeFreeze<br> seems unavoidable, since<br> runSTUArray<br> only allows us to work with a single mutable array; in any case, it is safe for the same reason the use of<br> in the implementation of<br> itself is safe: we can see from the type of<br> toResult<br> that the<br> parameter cannot escape, so the type system will not allow any further mutation to the arrays after it completes.<br> bfs :: forall v . Enumeration v -> [ v ] -> ( v -> [ v ] ) -> ( v -> Bool ) -> BFSResult v bfs Enumeration { .. } vs next goal = toResult $ bfs' card ( map locate vs ) ( map locate . next . select ) ( goal . select ) where toResult :: ( forall s . ST s ( BFSState s ) ) -> BFSResult v toResult m = runST $ do st <- m ( level' :: UArray V Int ) <- unsafeFreeze ( level st ) ( parent' :: UArray V V ) <- unsafeFreeze ( parent st ) return $ BFSR ( ( \ l -> guard ( l /= - 1 ) >> Just l ) . ( level' IA .! ) . locate ) ( ( \ p -> guard ( p /= - 1 ) >> Just ( select p ) ) . ( parent' IA .! ) . locate )<br> Incidentally, instead of adding an<br> argument, why don’t we just make a type class<br> Enumerable<br> , like this?<br> class Enumerable v where enumeration :: Enumeration v bfs :: forall v . Enumerable v => [ v ] -> ...<br> This would allow us to keep the same API for BFS, up to only different type class constraints on<br> . We could do this, but it doesn’t particularly seem worth it. It would typically require us to make a<br> for our vertex type (necessitating extra code to map in and out of the<br> ) and to declare an<br> instance; in comparison, the current approach with an extra argument to<br> requires us to do nothing other than constructing the<br> itself.<br> Using this implementation,<br> is finally fast enough to solve <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/modulosolitaire">Modulo Solitaire</a> , like this:<br> main = C.interact $ runScanner tc >>> solve >>> format data Move = Move { a :: ! Int , b :: ! Int } deriving ( Eq , Show ) data TC = TC { m :: Int , s0 :: Int , moves :: [ Move ] } deriving ( Eq , Show ) tc :: Scanner TC tc = do m <- int n <- int TC m <$> int <*> n >< ( Move <$> int <*> int ) type Output = Maybe Int format :: Output -> ByteString format = maybe "-1" showB solve :: TC -> Output solve TC { .. } = getLevel res 0 where res = bfs ( finiteE m ) [ s0 ] ( \ v -> map ( step m v ) moves ) ( == 0 ) step :: Int -> Int -> Move -> Int step m v ( Move a b ) = ( a * v + b ) `mod` m {-# INLINE step #-}<br> It’s pretty much unchanged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/14/competitive-programming-in-haskell-bfs-part-1/">from before</a> , except for the need to pass an<br> (in this case we just use<br> finiteE m<br> , which is the identity on the interval ).<br> Some remaining questions<br> This is definitely not the end of the story.<br> Submitting all this code (BFS,<br> , and the above solution itself) as a single file gives a 2x speedup over submitting them as three separate modules. That’s annoying—why is that?<br> Can we make this even faster? My solution to Modulo Solitaire runs in 0.57s. There are faster Haskell solutions (for example, <a rel="noreferrer" target="_blank" href="https://anurudhp.github.io/blogs/tags/competitive-programming">Anurudh Peduri</a> has a solution that runs in 0.32s), and there are Java solutions as fast as 0.18s, so it seems to me there ought to be ways to make it much faster. If you have an idea for optimizing this code I’d be very interested to hear it! I am far from an expert in Haskell optimization.<br> Can we generalize this nicely to other kinds of graph search algorithms (at a minimum, DFS and Dijkstra)? I definitely plan to explore this question in the future.<br> For next time: Breaking Bad<br> Next time, I want to look at a few other applications of this BFS code (and perhaps see if we can improve it along the way); I challenge you to solve <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/breakingbad">Breaking Bad</a> .<br> Why not use<br> Vector<br> , you ask? It’s probably even a bit faster, but the<br> library is not supported on as many platforms. <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com#fnref1">↩︎</a><br> Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/bfs/">BFS</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/graph/">graph</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/mutable/">mutable</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/search/">search</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/stuarray/">STUArray</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/11/17/competitive-programming-in-haskell-bfs-part-4-implementation-via-stuarray/#respond">Leave a comment</a><br> Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/enumeration/">enumeration</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/index/">index</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/invertible/">invertible</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/11/15/competitive-programming-in-haskell-enumeration/#comments">1 Comment</a><br> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/bfs/">BFS</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/11/17/competitive-programming-in-haskell-bfs-part-4-implementation-via-stuarray/">Competitive programming in Haskell: BFS, part 4 (implementation via STUArray)</a><br> https://www.whatsupup.com/blog/underpeopled/multichannel/20211118-042030/ Thu, 18 Nov 2021 04:20:30 +0000 https://www.whatsupup.com/blog/underpeopled/multichannel/20211118-042030/ <a rel="noreferrer" target="_blank" href="https://github.blog/2021-11-17-githubs-developer-first-approach-to-content-moderation/">GitHub’s developer-first approach to content moderation</a><br></p> <hr> GitHub puts the needs of developers at the core of our content moderation policies. Learn more about our approach and how you can contribute.<br> https://www.whatsupup.com/blog/bilateralistic/jungle/20211118-041232/ Thu, 18 Nov 2021 04:12:31 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20211118-041232/ I made an appearance at IntelON to talk about <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/intelon-2021-processor-benchmarking">Processor Benchmarking</a> ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/intelon-2021-processor-benchmarking">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/IntelON2021_ProcessorBenchmarking.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.intel.com/content/www/us/en/events/on-event-series.html?videoId=6281338772001">video @25:04</a> ). (2021)<br> My video appearance (with pandemic hair) at IntelON about <a rel="noreferrer" target="_blank" href="https://www.intel.com/content/www/us/en/events/on-event-series.html?videoId=6281338772001">Processor Benchmarking</a> is at offset 25:04 ( <a rel="noreferrer" target="_blank" href="https://www.intel.com/content/www/us/en/events/on-event-series.html?videoId=6281338772001">video</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/intelon-2021-processor-benchmarking">slideshare</a> ). (2021)<br> https://www.whatsupup.com/blog/conservatorship/reemphasize/20211118-041145/ Thu, 18 Nov 2021 04:11:44 +0000 https://www.whatsupup.com/blog/conservatorship/reemphasize/20211118-041145/ Chip Measuring Contest<br> The benefits of purpose-built chips.<br> https://www.whatsupup.com/blog/misinform/lossy/20211118-041105/ Thu, 18 Nov 2021 04:11:05 +0000 https://www.whatsupup.com/blog/misinform/lossy/20211118-041105/ Over the past few years, I’ve reviewed lots of resumes for friends and former coworkers. I’ve also reviewed resumes from strangers, like on Twitter, <a rel="noreferrer" target="_blank" href="https://twitter.com/jakevoytko/status/1421953039045480459">where I offered to do resume reviews</a> . I’ve been told that my reviews are helpful, so I’m documenting my approach, which focuses on whether the resume is a good fit for the job that the candidate wants.<br> Software engineers can have their resume reviewed for free in a number of ways, such as by consulting Reddit, Discord and other forums, or by asking friends. From my observation, most online reviewers begin with the assumption that the candidate has provided all the necessary information. They then suggest tactics for strengthening that information. For example, they help candidates to rewrite each bullet point to fit frameworks like “Situation, Task, Action, Outcome.” They fix formatting, suggest rewrites, and highlight formatting inconsistencies. They’re really good at focusing on the tactics of writing a resume.<br> Tactics are fine. Everything I mentioned in the previous paragraph is important. But tactics are best supplemented with a good strategy. How do you know that your resume has the right information? You could describe work experience in an infinite number of ways. Demonstrate how your existing work experience makes you a good candidate for the job that you want.<br> Many reviewers ask, “How can you present this information in the best way possible?” I also ask, “How do you know that you included the right information?”<br> That might sound obvious, but it’s difficult to apply in practice. I know this from my own experience. When I review resumes, I ask candidates for the resume and job postings that interest them. In a vast majority of reviews, I demonstrate how candidates can include extra experience to more effectively show that they meet the criteria mentioned in the job description.<br> Part of a “please tear my resume to shreds” review that I did for a friend<br> Resumes suck, but most jobs require one. Maximize the impact of your resume. Incorporate information from job postings, job descriptions, and any other relevant information, and use it all to produce a targeted resume.<br> A quick note: this is written for software engineers with previous work experience who want a new job in the field. If that doesn’t describe you, you might still find this useful but you should think about what’s different for your situation.<br> Here’s how I’d write my own resume if I had to write one today<br> The TL;DR of my strategy is to iterate from a generic resume to a specific one. Start with a baseline resume that reflects your experience to the best of your ability but is not tailored to a specific job. Then, find information about the jobs that you want. Take notes from the job postings. Rewrite your resume using the information in those notes.<br> And now, in more detail:<br> Step 1: Write a resume the way you normally would<br> Create a resume however you want. Modify an old resume or create a new one. I don’t care which. Don’t overthink it.<br> Personally, I modify my old resumes. They’re always written in LaTeX because when I was in college, I hoped that I would get street cred by ignoring decades of word processor innovations. I don’t know if this worked, but I’m too lazy to change my approach at this point. If I had to make a resume today, I’d dust off this file and modify it to reflect my most recent experience and remove irrelevant information. Then I’d relearn how to run LaTeX in The Year of Our Lord 2021.<br> Anyways, include all of the usual sections in your resume: name, contact information, experience, any relevant schooling, maybe relevant/interesting projects, maybe publication experience if you’re a researcher, maybe other things like security clearance if you have it and it’s relevant.<br> Your resume should resemble other resumes in your field. If resumes in your field tend to be compact, then your resume should be compact.<br> Spell check and proofread it. Be prepared to have a conversation about every fact on your resume. Just like you shouldn’t build a house on an unstable foundation, you shouldn’t mention something on your resume if you can’t back it up.<br> Step 2: Collect three or four relevant job postings that intrigue you<br> Find job postings that appeal to you. If you want to work for a specific company, find the available listings in the “Jobs” or “Careers” section of its website. Otherwise, look for companies offering the role you want.<br> It’s OK if you don’t know what job you want yet. Look for listings that appeal to you. Spend some time researching different companies and fields until you have identified a few job postings that stand out to you.<br> It’s important to collect more than one job posting. If you’re starting with a job posting from a specific company that you’re interested in working for, supplement it with similar postings from that company, or other postings from similar companies. Why? You don’t want to assume that any single job posting is complete. You will be mining these postings for data, and a single posting might omit something relevant to the job. But the more postings that you examine, the less likely that an important qualification will go unmentioned in any of them.<br> Step 3: Create a spreadsheet and aggregate data from the job postings<br> Make a table in a spreadsheet with 3-5 columns. The columns should represent different, and mostly non-overlapping, competency areas. Then, read through the job postings sentence-by-sentence, and add information from the job postings to these columns.<br> I typically create categories like these:<br> TECHNICAL SKILLS: Any hard skills that are explicitly named. Programming languages, operating systems, third-party libraries, applications, etc. “Experience with Python in Unix operating systems a plus” or keyword soup kind of things.<br> DELIVERY: Anything related to execution. The types of projects that you’ve designed, implemented, or delivered. Whether you’re going to be on a pager rotation. The size and scope of the tasks that you’re expected to complete. The types of financial, product, or technical outcomes that you’re expected to achieve (or have already achieved).<br> LEADERSHIP: This can take a lot of different forms. Information in this category might call out specific leadership roles, like tech lead, project lead, or management. They may want you to be proactive about suggesting product or process improvements. They may want you to mentor more junior engineers. If you haven’t been in the industry for long, it’s okay to skip this category, or merge it with COMMUNICATION.<br> COMMUNICATION: Anything related to interacting with other people. There are a wide range of skills that could fit here. It could be project management practices, how you work day-to-day with teams, expected response times for answering support tickets, ability to be a point-person for your team or for external stakeholders.<br> Tailor these categories to your specific field. If you are applying for research jobs, then you’ll probably have a RESEARCH category. The category names don’t matter too much. You only need a few that capture different concepts.<br> Now that you’ve made the categories, the actual work begins. Read through every sentence of each job posting and incorporate each piece of information from the sentence into at least one of the categories. If you encounter a line like “Experience with Go a plus,” then put “Go” under TECHNICAL SKILLS. You don’t need to record duplicate information. If two job postings mention Go, put it once. If two job postings mention working as a tech lead, put it once. Make sure that the information in each sentence is captured in your spreadsheet.<br> This can be time-consuming. It takes a while to process all of the sentences in the job postings. Thankfully, processing each subsequent posting will take less time once the first posting is finished. Job postings will have duplicate information. You only need to record the differences.<br> If something doesn’t fit into one of the categories, try to include it somewhere, even if you need a MISCELLANEOUS category. You don’t want blind spots in your resume. For example, senior+ engineers often overemphasize their technical skills and project experience, and underemphasize their soft skills.<br> Step 4: Modify your resume to address as many of the relevant competencies as possible<br> Look at each item that you recorded in the previous step. Look through your resume and ask yourself, “Does my resume address this? If not, can I add a new bullet point, or can I add relevant information to an existing bullet point?”<br> At this point, your resume might get longer as you add information to address criteria from the previous step. If this makes your resume longer, then rewrite the bullet points for brevity. Avoid making your resume significantly longer than when you started.<br> It’s okay if you don’t address every item in the categories that you produced. Again, you should feel confident in every item on your resume. Don’t add something if you can’t talk about it for 10 minutes in an interview. If a job asks for PHP experience and you’ve only written 50 lines of PHP in your life, leave it off your resume.<br> Step 5: Make the hiring manager want to hire you<br> People will look at each line of your resume and say, “So what?” To counter this, make sure that you explain the impact of your experience.<br> Think about the people making the hiring decision. This will differ per company. At a megacorp, the people hiring you might be a collective of managers or senior (or above) engineers. If you’re applying to work for medium-sized companies, the hiring manager will probably be in your management chain; either your manager or a boss of theirs. At a small startup, the founders might hire you themselves.<br> Make people want to work with you. The people at the megacorp want to prove that they consistently hire high performers. Your manager wants to know that you can function effectively in a team environment. A startup founder wants to know that you can … https://www.whatsupup.com/blog/ideo/fleury/20211118-040713/ Thu, 18 Nov 2021 04:07:12 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211118-040713/ The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America.<br> In 2018, the American Registry for Internet Numbers (ARIN), which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean, notified Charleston, S.C. based Micfo LLC that it intended to revoke 735,000 addresses.<br> ARIN said they wanted the addresses back because the company and its owner — 38-year-old Amir Golestan — had obtained them under false pretenses. A global <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/IPv4_address_exhaustion">shortage of IPv4 addresses</a> has massively driven up the price of these resources over the years: At the time of this dispute, a single IP address could fetch between $15 and $25 on the open market.<br> Micfo responded by suing ARIN to try to stop the IP address seizure. Ultimately, ARIN and Micfo settled the dispute in arbitration, with Micfo returning most of the addresses that it hadn’t already sold.<br> But the legal tussle caught the attention of South Carolina U.S. Attorney Sherri Lydon , who in May 2019 <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2019/05/a-tough-week-for-ip-address-scammers/">filed criminal wire fraud charges against Golestan</a> , alleging he’d orchestrated a network of shell companies and fake identities to prevent ARIN from knowing the addresses were all going to the same buyer.<br> Each of those shell companies involved the production of notarized affidavits in the names of people who didn’t exist. As a result, Lydon was able to charge Golestan with 20 counts of wire fraud — one for each payment made by the phony companies that bought the IP addresses from ARIN.<br> Amir Golestan, CEO of Micfo.<br> On Nov. 16, just two days into his trial, Golestan changed his “not guilty” plea, agreeing to plead guilty to all 20 wire fraud charges. KrebsOnSecurity interviewed Golestan about his case at length last year, but he has not responded to requests for comment on his plea change.<br> By 2013, a number of Micfo’s customers had landed on the radar of Spamhaus , a group that many network operators rely upon to help block junk email. But shortly after Spamhaus began blocking Micfo’s IP address ranges, Micfo shifted gears and began reselling IP addresses mainly to companies marketing “virtual private networking” or VPN services that help customers hide their real IP addresses online.<br> But in a 2020 interview, Golestan told KrebsOnSecurity that Micfo was at one point responsible for brokering roughly 40 percent of the IP addresses used by the world’s largest VPN providers. Throughout that conversation, Golestan maintained his innocence, even as he explained that the creation of the phony companies was necessary to prevent entities like Spamhaus from interfering with his business going forward.<br> Stephen Ryan , an attorney representing ARIN, said Golestan changed his plea after the court heard from a former Micfo employee and public notary who described being instructed by Golestan to knowingly certify false documents.<br> “Her testimony made him appear bullying and unsavory,” Ryan said. “Because it turned out he had also sued her to try to prevent her from disclosing the actions he’d directed.”<br> Golestan’s <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2021/11/golestanplea.pdf">rather sparse plea agreement</a> ( <a rel="noreferrer" target="_blank" href="https://www.wsj.com/articles/executive-pleads-guilty-in-internet-address-fraud-case-11637101781">first reported by The Wall Street Journal</a> ) does not specify any sort of leniency he might gain from prosecutors for agreeing to end the trial prematurely. But it’s worth noting that a conviction on a single act of wire fraud can result in fines and up to 20 years in prison. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/tech-ceo-pleads-to-wire-fraud-in-ip-address-scheme/#more-57598">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/tech-ceo-pleads-to-wire-fraud-in-ip-address-scheme/">Tech CEO Pleads to Wire Fraud in IP Address Scheme</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211116-162108/ Tue, 16 Nov 2021 16:21:07 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211116-162108/ November 16, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/11/16/Cash-for-leftpad.html">I will pay you cash to delete your npm module</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211116-122021/ Tue, 16 Nov 2021 12:20:21 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211116-122021/ November 16, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/11/16/Python-stop-screwing-distros-over.html">Python: Please stop screwing over Linux distros</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211116-121834/ Tue, 16 Nov 2021 12:18:34 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211116-121834/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/account/login?redirect=%2F%3F&email=&with_password=&justTrying=">Login</a> <a rel="noreferrer" target="_blank" href="https://substack.com/privacy">Privacy</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/tos">Terms</a> <a rel="noreferrer" target="_blank" href="https://substack.com/ccpa#personal-data-collected">Information collection notice</a><br> A Substack newsletter by Alex Kantrowitz<br> https://www.whatsupup.com/blog/baldish/wince/20211116-120855/ Tue, 16 Nov 2021 12:08:55 +0000 https://www.whatsupup.com/blog/baldish/wince/20211116-120855/ <p><a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/posts/the-utilitarians">The Utilitarians</a><br></p> <hr> Reflections on Utility<br> <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/posts/welcome-to-future-corp">Welcome to Future Corp</a><br> <hr> A conversation about conversations<br> https://www.whatsupup.com/blog/gonadal/revving/20211116-042020/ Tue, 16 Nov 2021 04:20:20 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211116-042020/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/11/15/competitive-programming-in-haskell-enumeration/">Competitive programming in Haskell: Enumeration</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211116-041855/ Tue, 16 Nov 2021 04:18:55 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211116-041855/ November 15, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/11/15/Reframing-gemini.gmi">Reframing the philosophy of Gemini</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> https://www.whatsupup.com/blog/gonadal/revving/20211116-001934/ Tue, 16 Nov 2021 00:19:33 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211116-001934/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/11/15/competitive-programming-in-haskell-enumeration/">Competitive programming in Haskell: Enumeration</a><br></p> <hr> I’m in the middle of a multi-part series on implementing <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/14/competitive-programming-in-haskell-bfs-part-1/">BFS</a> in Haskell. In <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/29/competitive-programming-in-haskell-bfs-part-3-implementation-via-hashmap/">my last post</a> , we saw one implementation, but I claimed that it is not fast enough to solve <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/modulosolitaire">Modulo Solitaire</a> , and I promised to show off a faster implementation in this post, but I lied; we have to take a small detour first.<br> The main idea to make a faster BFS implementation is to replace the<br> s from last time with mutable arrays , but hopefully in such a way that we get to keep the same pure API. Using mutable arrays introduces a few wrinkles, though.<br> The API we have says we get to use any type<br> for our vertices, as long as it is an instance of<br> . However, this is not going to work so well for mutable arrays. We still want the external API to allow us to use any type for our vertices, but we will need a way to convert vertices to and from<br> values we can use to index the internal mutable array.<br> A data structre like<br> is dynamically sized, but we don’t have this luxury with arrays. We will have to know the size of the array up front.<br> In other words, we need to provide a way to bijectively map vertices to a finite prefix of the natural numbers; that is, we need what I call invertible enumerations . This idea has come up for me multiple times: in 2016, I <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2016/10/25/adventures-in-enumerating-balanced-brackets/">wrote about using such an abstraction to solve another competitive programming problem</a> , and in 2019 I <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2019/07/05/lightweight-invertible-enumerations-in-haskell/">published a library for working with invertible enumerations</a> . I’ve now put together a lightweight version of that library for use in competitive programming. I’ll walk through the code below, and you can also <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/comprog-hs/blob/master/Enumeration.hs">find the source code in my comprog-hs repository</a> .<br> First, some extensions and imports.<br> {-# LANGUAGE ScopedTypeVariables #-} {-# LANGUAGE TypeApplications #-} module Enumeration where import qualified Data.List as L import Data.Hashable import qualified Data.Array as A import qualified Data.HashMap.Strict as HM<br> An<br> Enumeration a<br> consists of a cardinality, and two functions,<br> select<br> locate<br> , which together form a bijection between (some subset of) values of type<br> and a finite prefix of the natural numbers. We can convert an<br> Enumeration<br> into a list just by mapping the<br> function over that finite prefix.<br> data Enumeration a = Enumeration { card :: ! Int , select :: Int -> a , locate :: a -> Int } enumerate :: Enumeration a -> [ a ] enumerate e = map ( select e ) [ 0 .. card e - 1 ]<br> Since<br> occurs both positively and negatively,<br> is not a<br> Functor<br> , but we can map over<br> s as long as we provide both directions of a bijection<br> a <-> b<br> mapE :: ( a -> b ) -> ( b -> a ) -> Enumeration a -> Enumeration b mapE f g ( Enumeration c s l ) = Enumeration c ( f . s ) ( l . g )<br> We have various fundamental ways to build enumerations: empty and unit enumerations, and an identity enumeration on a finite prefix of natural numbers.<br> voidE :: Enumeration a voidE = Enumeration 0 ( error "select void" ) ( error "locate void" ) unitE :: Enumeration () unitE = singletonE () singletonE :: a -> Enumeration a singletonE a = Enumeration 1 ( const a ) ( const 0 ) finiteE :: Int -> Enumeration Int finiteE n = Enumeration n id id<br> We can automatically enumerate all the values of a<br> Bounded<br> Enum<br> instance. This is useful, for example, when we have made a custom enumeration type.<br> boundedEnum :: forall a . ( Enum a , Bounded a ) => Enumeration a boundedEnum = Enumeration { card = hi - lo + 1 , select = toEnum . ( + lo ) , locate = subtract lo . fromEnum } where lo , hi :: Int lo = fromIntegral ( fromEnum ( minBound @ a ) ) hi = fromIntegral ( fromEnum ( maxBound @ a ) )<br> We can also build an enumeration from an explicit list. We want to make sure this is efficient, since it is easy to imagine using this e.g. on a very large list of vertex values given as part of the input of a problem. So we build an array and a hashmap to allow fast lookups in both directions.<br> listE :: forall a . ( Hashable a , Eq a ) => [ a ] -> Enumeration a listE as = Enumeration n ( toA A .! ) ( fromA HM .! ) where n = length as toA :: A.Array Int a toA = A.listArray ( 0 , n - 1 ) as fromA :: HM.HashMap a Int fromA = HM.fromList ( zip as [ 0 :: Int .. ] )<br> Finally, we have a couple ways to combine enumerations into more complex ones, via sum and product.<br> ( >+< ) :: Enumeration a -> Enumeration b -> Enumeration ( Either a b ) a >+< b = Enumeration { card = card a + card b , select = \ k -> if k < card a then Left ( select a k ) else Right ( select b ( k - card a ) ) , locate = either ( locate a ) ( ( + card a ) . locate b ) } ( >*< ) :: Enumeration a -> Enumeration b -> Enumeration ( a , b ) a >*< b = Enumeration { card = card a * card b , select = \ k -> let ( i , j ) = k `divMod` card b in ( select a i , select b j ) , locate = \ ( x , y ) -> card b * locate a x + locate b y }<br> There are a few more combinators <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/comprog-hs/blob/master/Enumeration.hs">in the source code</a> but I don’t know whether I’ll ever use them. You can read about them if you want. For now, let’s try using this to solve a problem!<br> …ah, who am I kidding, I can’t find any problems that can be directly solved using this framework. Invertibility is a double-edged sword—we absolutely need it for creating an efficient BFS with arbitrary vertices, and the combinators will come in quite handy if we want to use some complex type for vertices. However, requiring invertibility also limits the expressiveness of the library. For example, there is no<br> Monad<br> instance. This is why my <a rel="noreferrer" target="_blank" href="https://hackage.haskell.org/package/simple-enumeration">simple-enumeration</a> library has both invertible and non-invertible variants.<br> Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/enumeration/">enumeration</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/index/">index</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/invertible/">invertible</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/11/15/competitive-programming-in-haskell-enumeration/#respond">Leave a comment</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211116-001643/ Tue, 16 Nov 2021 00:16:42 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211116-001643/ By Alex Kantrowitz · Tens of thousands of subscribers<br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/archive?sort=top">Top posts</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/about">About</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/archive">Archive</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/about?sort=people">Authors</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/account/login?redirect=%2F%3F&email=&with_password=&justTrying=">Login</a><br> https://www.whatsupup.com/blog/depository/unfitted/20211116-001354/ Tue, 16 Nov 2021 00:13:53 +0000 https://www.whatsupup.com/blog/depository/unfitted/20211116-001354/ <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/building-things-that-do-just-one-thing/">Building things [ that do just one thing ]</a> : 2020<br> https://www.whatsupup.com/blog/reigned/coffeecake/20211115-160916/ Mon, 15 Nov 2021 16:09:15 +0000 https://www.whatsupup.com/blog/reigned/coffeecake/20211115-160916/ New: <a rel="noreferrer" target="_blank" href="http://paulgraham.com/goodtaste.html">Good Taste</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/smart.html">Beyond Smart</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/weird.html">Weird Languages</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20211114-201350/ Sun, 14 Nov 2021 20:13:50 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20211114-201350/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/10/30/Diablo-Immortal">Diablo Immortal</a> · I tried out <a rel="noreferrer" target="_blank" href="https://diabloimmortal.blizzard.com/en-us/">Diablo Immortal</a> on my <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/06/22/Galaxy-Tab-S7-Plus">Galaxy Tab 7+</a> and, well, it’s pretty convincing off the top. But I wonder if it’s ethical to play anything from Blizzard, these days? Protip: At the moment you can’t get into the closed beta unless you’re on Android in Canada <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/10/30/Diablo-Immortal">…</a> [2 comments]<br> https://www.whatsupup.com/blog/boxed/modification/20211114-041524/ Sun, 14 Nov 2021 04:15:23 +0000 https://www.whatsupup.com/blog/boxed/modification/20211114-041524/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#image-processing">image-processing</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pretty-pictures">pretty-pictures</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#web">web</a><br> Via <a rel="noreferrer" target="_blank" href="https://news.ycombinator.com/item?id=29185167">Hacker News</a> : You may know that you can reverse a string by first reversing the order of the words in the string, then reversing the characters in each word. (So<br> hello world<br> becomes<br> world hello<br> , and then we recursively reverse each word to get<br> dlrow olleh<br> .) Well, it turns out you can do the same kind of thing in two dimensions: to rotate an image by 90 degrees, you can just rotate the order of the quadrants, and then recursively rotate each quadrant.<br> https://www.whatsupup.com/blog/ideo/fleury/20211114-040712/ Sun, 14 Nov 2021 04:07:12 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211114-040712/ Late in the evening on Nov. 12 ET, tens of thousands of emails <a rel="noreferrer" target="_blank" href="https://twitter.com/spamhaus/status/1459450061696417792">began flooding out</a> from the FBI address <a href="mailto:eims@ic.fbi.gov">eims@ic.fbi.gov</a> , warning about fake cyberattacks. Around that time, KrebsOnSecurity received a message from the same email address.<br> “Hi its <a rel="noreferrer" target="_blank" href="https://mobile.twitter.com/pompompur_in">pompompurin</a> ,” read the missive. “Check headers of this email it’s actually coming from FBI server. I am contacting you today because we located a botnet being hosted on your forehead, please take immediate action thanks.”<br> A review of <a rel="noreferrer" target="_blank" href="https://twitter.com/briankrebs/status/1459523630996598790">the email’s message headers</a> indicated it had indeed been sent by the FBI, and from the agency’s own Internet address. The domain in the “from:” portion of the email I received — <a href="mailto:eims@ic.fbi.gov">eims@ic.fbi.gov</a> — corresponds to the FBI’s Criminal Justice Information Services division (CJIS).<br> https://www.whatsupup.com/blog/ideo/fleury/20211114-000747/ Sun, 14 Nov 2021 00:07:46 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211114-000747/ The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.<br> The phony message sent late Thursday evening via the FBI’s email system. Image: Spamhaus.org<br> Late in the evening of Nov. 12 ET, tens of thousands of emails <a rel="noreferrer" target="_blank" href="https://twitter.com/spamhaus/status/1459450061696417792">began flooding out</a> from the FBI address <a href="mailto:eims@ic.fbi.gov">eims@ic.fbi.gov</a> , warning about fake cyberattacks. Around that time, KrebsOnSecurity received an email from the same email address.<br> “Hi its <a rel="noreferrer" target="_blank" href="https://mobile.twitter.com/pompompur_in">pompompurin</a> ,” read the message. “Check headers of this email it’s actually coming from FBI server. I am contacting you today because we located a botnet being hosted on your forehead, please take immediate action thanks.”<br> A review of the email’s message headers indicated it had indeed been sent by the FBI, and from the agency’s own Internet address. The domain in the “from:” portion of the email I received — <a href="mailto:eims@ic.fbi.gov">eims@ic.fbi.gov</a> — corresponds to the FBI’s Criminal Justice Information Services division (CJIS).<br> According to the <a rel="noreferrer" target="_blank" href="https://www.justice.gov/tribal/national-crime-information-systems">Department of Justice</a> , “CJIS manages and operates several national crime information systems used by the public safety community for both criminal and civil purposes. CJIS systems are available to the criminal justice community, including law enforcement, jails, prosecutors, courts, as well as probation and pretrial services.”<br> In response to a request for comment, the FBI confirmed the unauthorized messages, but declined to offer further information.<br> “The FBI and CISA [the <a rel="noreferrer" target="_blank" href="https://www.cisa.gov/">Cybersecurity and Infrastructure Security Agency</a> ] are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,” reads the FBI statement. “This is an ongoing situation and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to <a href="http://www.ic3.gov">www.ic3.gov</a> or <a href="http://www.cisa.gov">www.cisa.gov</a>.”<br> In an interview with KrebsOnSecurity, Pompompurin said the hack was done to point out a glaring vulnerability in the FBI’s system.<br> “I could’ve 1000% used this to send more legit looking emails, trick companies into handing over data etc.,” Pompompurin said. “And this would’ve never been found by anyone who would responsibly disclose, due to the notice the feds have on their website.”<br> Pompompurin says the illicit access to the FBI’s email system began with an exploration of its Law Enforcement Enterprise Portal (LEEP), which the bureau describes as “a gateway providing law enforcement agencies, intelligence groups, and criminal justice entities access to beneficial resources.”<br> The FBI’s Law Enforcement Enterprise Portal (LEEP).<br> “These resources will strengthen case development for investigators, enhance information sharing between agencies, and be accessible in one centralized location!,” the FBI’s site enthuses.<br> Until sometime this morning, the LEEP portal allowed anyone to apply for an account. Helpfully, step-by-step instructions for registering a new account on the LEEP portal also <a rel="noreferrer" target="_blank" href="https://www.justice.gov/tribal/page/file/1260671/download">are available from the DOJ’s website</a> . [It should be noted that “Step 1” in those instructions is to visit the site in Microsoft’s Internet Explorer, an outdated web browser that even Microsoft no longer encourages people to use for security reasons.]<br> Much of that process involves filling out forms with the applicant’s personal and contact information, and that of their organization. A critical step in that process says applicants will receive an email confirmation from <a href="mailto:eims@ic.fbi.gov">eims@ic.fbi.gov</a> with a one-time passcode — ostensibly to validate that the applicant can receive email at the domain in question.<br> But according to Pompompurin, the FBI’s own website leaked that one-time passcode in the HTML code of the web page.<br> A screenshot shared by Pompompurin. Image: KrebOnSecurity.com<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/">Hoax Email Blast Abused Poor Coding in FBI Website</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20211113-002355/ Sat, 13 Nov 2021 00:23:55 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20211113-002355/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/about/in-memoriam">In Memoriam</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20211113-002353/ Sat, 13 Nov 2021 00:23:53 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20211113-002353/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/about/in-memoriam">In Memoriam</a><br> https://www.whatsupup.com/blog/gonadal/revving/20211113-002108/ Sat, 13 Nov 2021 00:21:07 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211113-002108/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2011/04/18/monoids-for-maybe/">Monoids for Maybe</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211113-001706/ Sat, 13 Nov 2021 00:17:06 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211113-001706/ Want the full experience?<br> Just join the free list, for now<br> Learn more<br> https://www.whatsupup.com/blog/boxed/modification/20211113-001458/ Sat, 13 Nov 2021 00:14:58 +0000 https://www.whatsupup.com/blog/boxed/modification/20211113-001458/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#board-games">board-games</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#how-to">how-to</a><br> Many years ago, someone taught me a party game suitable for four to a-whole-bunch-of players. The game is called Contact . It’s a word game. It’s also a “one versus many” game in the vein of <a rel="noreferrer" target="_blank" href="https://boardgamegeek.com/boardgame/6830/zendo">Zendo</a> and <a rel="noreferrer" target="_blank" href="https://boardgamegeek.com/image/4277011/elon-musks-ipod-submarine">Elon Musk’s iPod Submarine</a> . Unlike those games, this one requires no physical components at all. Like them, it’s a lot of fun. Here’s how to play.<br> https://www.whatsupup.com/blog/steeplejack/garrote/20211112-202540/ Fri, 12 Nov 2021 20:25:40 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20211112-202540/ Since August, EFF and others have been <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/08/apples-plan-think-different-about-encryption-opens-backdoor-your-private-life">telling</a> <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/08/if-you-build-it-they-will-come-apple-has-opened-backdoor-increased-surveillance">Apple</a> <a rel="noreferrer" target="_blank" href="https://www.eff.org/event/perspectives-encryption-and-child-safety">to</a> <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/08/how-lgbtq-content-censored-under-guise-sexually-explicit">cancel</a> <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/08/eff-joins-global-coalition-asking-apple-ceo-tim-cook-stop-phone-scanning">its</a> <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/08/apples-plan-scan-photos-messages-turns-young-people-privacy-pawns">new</a> <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/09/delays-arent-good-enough-apple-must-abandon-its-surveillance-plans">child</a> <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/09/dont-stop-now-join-eff-fight-future-apple-protests-nationwide">safety</a> <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2021/09/why-eff-flew-plane-over-apples-headquarters">plans</a> . Apple is now changing its tune about one component of its plans: the Messages app will <a rel="noreferrer" target="_blank" href="https://www.cnet.com/tech/mobile/apple-to-beta-test-imessage-feature-that-warns-kids-about-nude-imagery/">no longer send notifications</a> to parent accounts.That’s good…<br> https://www.whatsupup.com/blog/rubicundity/envenomation/20211112-200723/ Fri, 12 Nov 2021 20:07:23 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20211112-200723/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-the-Internet-can-cause-adhd-like-symptoms">How the Internet can cause ADHD-like symptoms</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-change-for-the-better">How to change for the better</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-set-goals-that-work">How to set goals that work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-finally-start-doing-something-about-your-dreams">How to finally start doing something about your dreams</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-avoid-i-ll-do-it-tomorrow">How to avoid “I’ll do it tomorrow”</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/play-the-ultimate-game-your-real-life">Play the ultimate game: your real life</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-real-reason-why-you-get-distracted">The real reason why you get distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/today-shouldnt-suck">Today shouldn’t suck</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted">4 most common ways of getting distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211112-041634/ Fri, 12 Nov 2021 04:16:34 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211112-041634/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-linkedin-is-the-one-good-social">Why LinkedIn Is The One Good Social Network</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-linkedin-is-the-one-good-social">What the professional social network gets right. And what others can learn from it.</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20211112-041559/ Fri, 12 Nov 2021 04:15:59 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211112-041559/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-03409-2">Diamond delivers long-sought mineral from the deep Earth</a><br></p> <hr> Davemaoite is a vehicle for radioactive isotopes that help to heat the planet’s mantle.<br> https://www.whatsupup.com/blog/ewing/undiscernibly/20211111-201451/ Thu, 11 Nov 2021 20:14:51 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20211111-201451/ To learn more, check out the <a rel="noreferrer" target="_blank" href="https://google.github.io/clusterfuzzlite/">ClusterFuzzLite documentation</a> . ClusterFuzzLite currently supports <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions">GitHub Actions</a> , <a rel="noreferrer" target="_blank" href="https://cloud.google.com/build">Google Cloud Build</a> and <a rel="noreferrer" target="_blank" href="https://github.com/kubernetes/test-infra/tree/master/prow#readme">Prow</a> . We built this with CI system extensibility in mind, and adding support for other CI systems is straightforward. Please <a rel="noreferrer" target="_blank" href="https://github.com/google/clusterfuzzlite/issues/new">contact us</a> if you’re interested in contributing support, or have any questions, feedback or feature requests.<br> https://www.whatsupup.com/blog/evildoer/onionskin/20211111-200859/ Thu, 11 Nov 2021 20:08:59 +0000 https://www.whatsupup.com/blog/evildoer/onionskin/20211111-200859/ Earlier this year the European Commission unveiled its proposed ‘Digital Identity Framework’, a revision to the 2014 eIDAS regulation. While the draft law includes many welcome provisions on the security … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2021/11/04/mozilla-publishes-position-paper-on-the-eu-digital-identity-framework/">Read more</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20211111-200650/ Thu, 11 Nov 2021 20:06:50 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20211111-200650/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-the-internet-can-cause-you-adhd">How the Internet can cause you ADHD</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-change-for-the-better">How to change for the better</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-set-goals-that-work">How to set goals that work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-finally-start-doing-something-about-your-dreams">How to finally start doing something about your dreams</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-avoid-i-ll-do-it-tomorrow">How to avoid “I’ll do it tomorrow”</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/play-the-ultimate-game-your-real-life">Play the ultimate game: your real life</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-real-reason-why-you-get-distracted">The real reason why you get distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/today-shouldnt-suck">Today shouldn’t suck</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted">4 most common ways of getting distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20211111-121632/ Thu, 11 Nov 2021 12:16:32 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20211111-121632/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html">ClusterFuzzLite: Continuous fuzzing for all</a><br></p> <hr> Posted by Jonathan Metzman, Google Open Source Security Team<br> In recent years, <a rel="noreferrer" target="_blank" href="https://github.com/google/fuzzing/blob/master/docs/intro-to-fuzzing.md">continuous fuzzing</a> has become an essential part of the software development lifecycle. By feeding unexpected or random data into a program, fuzzing catches bugs that would otherwise slip through the most thorough manual checks and provides coverage that would take staggering human effort to replicate. <a rel="noreferrer" target="_blank" href="https://www.nist.gov/itl/executive-order-improving-nations-cybersecurity/recommended-minimum-standards-vendor-or">NIST’s guidelines for software verification</a> , recently released in response to the White House <a rel="noreferrer" target="_blank" href="https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/">Executive Order on Improving the Nation’s Cybersecurity</a> , specify fuzzing among the minimum standard requirements for code verification. Today, we are excited to announce <a rel="noreferrer" target="_blank" href="https://github.com/google/clusterfuzzlite">ClusterFuzzLite</a> , a continuous fuzzing solution that runs as part of CI/CD workflows to find vulnerabilities faster than ever before. With just a few lines of code, GitHub users can integrate ClusterFuzzLite into their workflow and fuzz pull requests to catch bugs before they are committed, enhancing the overall security of the software supply chain. Since its release in 2016, over 500 critical open source projects have integrated into Google’s <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html">OSS-Fuzz</a> program, resulting in over <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/oss-fuzz/issues/list?q=Type%3DBug-Security%20status%3AVerified&can=1">6,500</a> vulnerabilities and <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/oss-fuzz/issues/list?q=Type%3DBug%20status%3AVerified%20-Type%3DBug-Security&can=1">21,000</a> functional bugs being fixed. ClusterFuzzLite goes hand-in-hand with OSS-Fuzz, by catching regression bugs much earlier in the development process. Large projects including <a rel="noreferrer" target="_blank" href="https://github.com/systemd/systemd/actions/workflows/cifuzz.yml">systemd</a> and <a rel="noreferrer" target="_blank" href="https://github.com/curl/curl/actions/workflows/fuzz.yml">curl</a> are already using ClusterFuzzLite during code review, with positive results. According to Daniel Stenberg, author of curl, “When the human reviewers nod and have approved the code and your static code analyzers and linters can't detect any more issues, fuzzing is what takes you to the next level of code maturity and robustness. OSS-Fuzz and ClusterFuzzLite help us maintain curl as a quality project, around the clock, every day and every commit.” With the release of ClusterFuzzLite, any project can integrate this essential testing standard and benefit from fuzzing. ClusterFuzzLite offers many of the same features as <a rel="noreferrer" target="_blank" href="https://github.com/google/clusterfuzz">ClusterFuzz</a> , such as continuous fuzzing, sanitizer support, corpus management, and coverage report generation. Most importantly, it’s easy to set up and works with closed source projects, making ClusterFuzzLite a convenient option for any developer who wants to fuzz their software.<br> With ClusterFuzzLite, fuzzing is no longer just an idealized "bonus" round of testing for those who have access to it, but a critical must-have step that everyone can use continuously on every software project. By finding and preventing bugs before they enter the codebase we can build a more secure software ecosystem.<br> To learn more, check out the <a rel="noreferrer" target="_blank" href="https://google.github.io/clusterfuzzlite/">ClusterFuzzLite documentation</a> . ClusterFuzzLite currently supports <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/actions">GitHub Actions</a> and <a rel="noreferrer" target="_blank" href="https://cloud.google.com/build">Google Cloud Build</a> . We built this with CI system extensibility in mind, and adding support for other CI systems is straightforward. Please <a rel="noreferrer" target="_blank" href="https://github.com/google/clusterfuzzlite/issues/new">contact us</a> if you’re interested in contributing support, or have any questions, feedback or feature requests.<br> https://www.whatsupup.com/blog/palpable/mulla/20211111-080624/ Thu, 11 Nov 2021 08:06:24 +0000 https://www.whatsupup.com/blog/palpable/mulla/20211111-080624/ <p><a rel="noreferrer" target="_blank" href="https://wh0.github.io/2021/11/10/glitch-ot-rm.html">The privileged daemon that used shell-quote</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2021/11/10/division2-targeted-set.html">Set item drops in Division 2, Tom Clancy’s The</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211111-041714/ Thu, 11 Nov 2021 04:17:14 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211111-041714/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/account/login?redirect=%2F%3F&email=&with_password=&justTrying=">Sign in</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211111-000654/ Thu, 11 Nov 2021 00:06:54 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211111-000654/ Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.<br> KrebsOnSecurity recently heard from a reader who said his daughter received an SMS that said it was from her bank, and inquired whether she’d authorized a $5,000 payment from her account. The message said she should reply “Yes” or “No,” or 1 to decline future fraud alerts.<br> Since this seemed like a reasonable and simple request — and she indeed had an account at the bank in question — she responded, “NO.”<br> Seconds later, her mobile phone rang.<br> “When she replied ‘no,’ someone called immediately, and the caller ID said ‘JP Morgan Chase’,” reader Kris Stevens told KrebsOnSecurity. “The person on the phone said they were from the fraud department and they needed to help her secure her account but needed information from her to make sure they were talking to the account owner and not the scammer.”<br> Thankfully, Stevens said his daughter had honored the gold rule regarding incoming phone calls about fraud: <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2020/04/when-in-doubt-hang-up-look-up-call-back/">When In Doubt, Hang up, Look up, and Call Back</a> .<br> “She knows the drill so she hung up and called Chase, who confirmed they had not called her,” he said. “What was different about this was it was all very smooth. No foreign accents, the pairing of the call with the text message, and the fact that she does have a Chase account.”<br> The remarkable aspect of these phone-based phishing scams is typically the attackers never even try to log in to the victim’s bank account. The entirety of the scam takes place over the phone.<br> We don’t know what the fraudsters behind this clever hybrid SMS/voice phishing scam intended to do with the information they might have coaxed from Stevens’ daughter. But in previous stories and reporting on voice phishing schemes, the fraudsters used the phished information to set up new financial accounts in the victim’s name, which they then used to receive and forward large wire transfers of stolen funds.<br> Even many security-conscious people tend to focus on protecting their online selves, while perhaps discounting the threat from less technically sophisticated phone-based scams. In 2020 I told the story of “Mitch” — the tech-savvy Silicon Valley executive <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2020/04/when-in-doubt-hang-up-look-up-call-back/">who got voice phished after he thought he’d turned the tables on the scammers</a> .<br> Unlike Stevens’ daughter, Mitch didn’t hang up with the suspected scammers. Rather, he put them on hold. Then Mitch called his bank on the other line and asked if their customer support people were in fact engaged in a separate conversation with him over the phone.<br> The bank replied that they were indeed speaking to the same customer on a different line at that very moment. Feeling better, Mitch got back on the line with the scammers. What Mitch couldn’t have known at that point was that a member of the fraudster’s team simultaneously was impersonating him on the phone with the bank’s customer service people.<br> So don’t be Mitch. Don’t try to outsmart the crooks. Just remember this anti-fraud mantra, and maybe repeat it a few times in front of your friends and family: When in doubt, hang up, look up, and call back. If you believe the call might be legitimate, look up the number of the organization supposedly calling you, and call them back.<br> And I suppose the same time-honored advice about not replying to spam email goes doubly for unsolicited text messages: When in doubt, it’s best not to respond.<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/sms-about-bank-fraud-as-a-pretext-for-voice-phishing/">SMS About Bank Fraud as a Pretext for Voice Phishing</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211110-200914/ Wed, 10 Nov 2021 20:09:14 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211110-200914/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/lbb-customer-story/">Dhruv Mathur is the Co-Founder and Head of Product at LBB, a marketplace for customers to shop Indian brands and discover new products. LBB boasts 2 million monthly active users shopping 200,000+</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211110-000736/ Wed, 10 Nov 2021 00:07:36 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211110-000736/ Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them.<br> Among the zero-day bugs is <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42292">CVE-2021-42292</a> , a “security feature bypass” problem with Microsoft Excel versions 2013-2021 that could allow attackers to install malicious code just by convincing someone to open a booby-trapped Excel file (Microsoft says Mac versions of Office are also affected, but several places are reporting that Office for Mac security updates aren’t available yet).<br> Microsoft’s revised, more sparse security advisories don’t offer much detail on what exactly is being bypassed in Excel with this flaw. But Dustin Childs over at Trend Micro’s Zero Day Initiative <a rel="noreferrer" target="_blank" href="https://www.zerodayinitiative.com/blog/2021/11/9/the-november-2021-security-update-review">says</a> the vulnerability is likely due to loading code that should be limited by a user prompt — such as a warning about external content or scripts — but for whatever reason that prompt does not appear, thus bypassing the security feature.<br> The other critical flaw patched today that’s already being exploited in the wild is <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42321">CVE-2021-42321</a> , yet another zero-day in Microsoft Exchange Server . You may recall that earlier this year a majority of the world’s organizations running Microsoft Exchange Servers were <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/">hit with four zero-day attacks that let thieves install backdoors and siphon email</a> . <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/microsoft-patch-tuesday-november-2021-edition/#more-57502">Continue reading →</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211109-202106/ Tue, 09 Nov 2021 20:21:05 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211109-202106/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/11/09/technology/meta-facebook-ad-targeting.html">Meta plans to remove thousands of sensitive ad-targeting categories. Ad buyers will no longer be able to use topics such as health, race or sexual orientation to target people with unwanted ads on Facebook or other Meta apps. By Mike Isaac and Tiffany Hsu</a><br> https://www.whatsupup.com/blog/boxed/modification/20211109-201554/ Tue, 09 Nov 2021 20:15:53 +0000 https://www.whatsupup.com/blog/boxed/modification/20211109-201554/ by value<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#c++-learner-track">c++-learner-track</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#c++-style">c++-style</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#library-design">library-design</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#parameter-only-types">parameter-only-types</a><br> It is idiomatic to pass<br> by value. Let’s see why.<br> https://www.whatsupup.com/blog/ideo/fleury/20211109-160700/ Tue, 09 Nov 2021 16:06:59 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211109-160700/ Exhibit #1: Yaroslav Vasinskyi , the 22-year-old Ukrainian national accused of being REvil Affiliate #22. Vasinskyi was arrested Oct. 8 in Poland, which maintains an extradition treaty with the United States. Prosecutors say Vasinskyi was involved in a number of REvil ransomware attacks, including the <a rel="noreferrer" target="_blank" href="https://www.washingtonpost.com/national-security/ransomware-fbi-revil-decryption-key/2021/09/21/4a9417d0-f15f-11eb-a452-4da5fe48582d_story.html">July 2021 attack</a> against Kaseya , a Miami-based company whose products help system administrators manage large networks remotely.<br> https://www.whatsupup.com/blog/phonic/shopboy/20211109-041306/ Tue, 09 Nov 2021 04:13:05 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211109-041306/ Aarthi Ramamurthy <a rel="noreferrer" target="_blank" href="https://twitter.com/aarthir">@aarthir</a><br> Replays is here on @Clubhouse and I’m really, really excited! If you’ve been waiting to listen to the @typesfast interview from last week on @GoodTimeShowCH from @sriramk, @pmarca, @stevesi and me, here it is <a rel="noreferrer" target="_blank" href="https://t.co/G95k5iwdIy"><a href="https://t.co/G95k5iwdIy">https://t.co/G95k5iwdIy</a></a> (update app to latest version).<br> https://www.whatsupup.com/blog/ideo/fleury/20211109-040709/ Tue, 09 Nov 2021 04:07:08 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211109-040709/ The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the U.S. Department of State is now offering up to $10 million for the name or location any key REvil leaders, and up to $5 million for information on REvil affiliates.<br> If it sounds unlikely that a normal Internet user could make millions of dollars unmasking the identities of REvil gang members, take heart and consider that the two men indicted as part <a rel="noreferrer" target="_blank" href="https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya">this law enforcement action</a> do not appear to have done much to separate their cybercriminal identities from their real-life selves.<br> Exhibit #1: Yaroslav Vasinskyi , the 22-year-old Ukrainian national accused of being REvil Affiliate #22. Vasinskyi was arrested Oct. 8 in Poland, which maintains an extradition treaty with the United States. Prosecutors say Vasinskyi was involved in a number of REvil ransomware attacks, including the <a rel="noreferrer" target="_blank" href="https://www.washingtonpost.com/national-security/ransomware-fbi-revil-decryption-key/2021/09/21/4a9417d0-f15f-11eb-a452-4da5fe48582d_story.html">July 2021 attack</a> against Kaseya , Miami-based company whose products help system administrators manage large networks remotely.<br> Yaroslav Vasinksyi’s Vkontakte profile reads “If they tell you nasty things about me, believe every word.”<br> According to <a rel="noreferrer" target="_blank" href="https://www.justice.gov/opa/press-release/file/1447126/download">his indictment</a> (PDF), Vasinskyi used a variety of hacker handles, including “Profcomserv” — the nickname behind an online service that floods phone numbers with junk calls for a fee. Prosecutors say Vasinskyi also used the monikers  “ Yarik45 ,” and “ Yaroslav2468 .”<br> These last two nicknames correspond to accounts on several top cybercrime forums way back in 2013, where a user named “Yaroslav2468” registered using the email address <a href="mailto:yarik45@gmail.com">yarik45@gmail.com</a> .<br> That email address was used to register an account at Vkontakte (the Russian version of Facebook/Meta) under the profile name of “Yaroslav ‘sell the blood of css’ Vasinskyi.” Vasinskyi’s Vkontakte profile says his current city as of Oct. 3 was Lublin, Poland. Perhaps tauntingly, Vasinskyi’s profile page also lists the FBI’s 1-800 tip line as his contact phone number. He’s now in custody in Poland, awaiting extradition to the United States.<br> Exhibit #2: Yevgeniy Igorevich Polyanin , the 28-year-old Russian national who is alleged to be REvil Affiliate #23. The DOJ said it seized $6.1 million in funds traceable to alleged ransom payments received by Polyanin, and that the defendant had been involved in REvil ransomware attacks on multiple U.S. victim organizations.<br> The FBI’s wanted poster for Polyanin.<br> <a rel="noreferrer" target="_blank" href="https://www.justice.gov/opa/press-release/file/1447121/download">Polyanin’s indictment</a> (PDF) says he also favored numerous hacker handles, including LK4D4 , Damnating , Damn2life , Noolleds , and Antunpitre . Some of these nicknames go back more than a decade on Russian cybercrime forums, many of which have been hacked and relieved of their user databases over the years.<br> Among those was carder[.]su, and that forum’s database says a user by the name “Damnating” registered with the forum in 2008 using the email address <a href="mailto:damnating@yandex.ru">damnating@yandex.ru</a> . Sure enough, there is a Vkontakte profile tied to that email address under the name “Yevgeniy ‘damn’ Polyanin” from Barnaul, a city in the southern Siberian region of Russia. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/revil-ransom-arrest-6m-seizure-and-10m-reward/#more-57474">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/revil-ransom-arrest-6m-seizure-and-10m-reward/">REvil Ransom Arrest, $6M Seizure, and $10M Reward</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211109-001836/ Tue, 09 Nov 2021 00:18:35 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211109-001836/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/usa-cyber/u-s-charges-ukrainian-and-russian-in-major-ransomware-spree-seizes-6-million-idUSKBN2HT1WC">U.S. charges Ukrainian and Russian in major ransomware spree, seizes $6 million</a><br></p> <hr> 6:02pm EST<br> The U.S. Justice Department charged a Ukraine national and a Russian in one of the worst ransomware attacks against American targets, court filings showed on Monday.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20211107-082028/ Sun, 07 Nov 2021 08:20:28 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211107-082028/ Thousands rally in cold, damp Glasgow for COP26 climate action <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/cop/thousands-rally-rainy-glasgow-cop26-climate-action-2021-11-06/">VIEW MORE</a><br> https://www.whatsupup.com/blog/glooming/wrackful/20211107-080924/ Sun, 07 Nov 2021 08:09:24 +0000 https://www.whatsupup.com/blog/glooming/wrackful/20211107-080924/ <a rel="noreferrer" target="_blank" href="https://robertheaton.com/last-of-us-part-2/">It can’t be for nothing: notes from The Last of Us Part 2</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211106-042134/ Sat, 06 Nov 2021 04:21:33 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211106-042134/ After daylong standoff, Democrats reach a tentative agreement to pass the bipartisan infrastructure bill and climate change bill <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/bidens-sweeping-infrastructure-social-spending-bills-finally-get-vote-2021-11-05/">VIEW MORE</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211106-001950/ Sat, 06 Nov 2021 00:19:50 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211106-001950/ Become a paid subscriber<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211106-001020/ Sat, 06 Nov 2021 00:10:20 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211106-001020/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/build-a-dynamodb-gui/">As a DynamoDB user, you’ve likely encountered the need for a quick and easy way to modify the data. This guide will teach you how to build GUI with CRUD functionality for your DynamoDB instance in about 15 minutes.</a><br> https://www.whatsupup.com/blog/boxed/modification/20211105-201649/ Fri, 05 Nov 2021 20:16:49 +0000 https://www.whatsupup.com/blog/boxed/modification/20211105-201649/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#litclub">litclub</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#math">math</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#old-shit">old-shit</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#paradigm-shift">paradigm-shift</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#web">web</a><br> I just finished reading William A. Granville’s <a rel="noreferrer" target="_blank" href="https://archive.org/details/fourthdimensionb00gran/">The Fourth Dimension and the Bible</a> (1922). It’s quite mind-bending! I don’t mean the Biblical stuff (which is all quite a stretch), but specifically Granville’s mathematical examples, several of which were completely new to me.<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211105-201000/ Fri, 05 Nov 2021 20:10:00 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211105-201000/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/archilogic-customer-story/">Tim, VP of Product and Customer Ops, needed to replace slow, messy spreadsheets with a real-time insights dashboard. He used Retool to make it happen.</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211105-122237/ Fri, 05 Nov 2021 12:22:36 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211105-122237/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/11/05/technology/facebook-stores-meta-metaverse.html">To Build the Metaverse, Meta First Wants to Build Stores The social networking company has discussed opening physical stores to showcase its virtual reality and augmented reality devices. By Mike Isaac</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211105-122150/ Fri, 05 Nov 2021 12:21:50 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211105-122150/ November 5, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/11/05/Apollo-federation-2-gaslighting.html">Breaking down Apollo Federation's anti-FOSS corporate gaslighting</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20211105-120806/ Fri, 05 Nov 2021 12:08:05 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20211105-120806/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-make-quitting-your-addiction-easier">How to make quitting your addiction easier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/pursue-high-quality-leisure">Pursue High-quality Leisure</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-change-for-the-better">How to change for the better</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-set-goals-that-work">How to set goals that work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-finally-start-doing-something-about-your-dreams">How to finally start doing something about your dreams</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-avoid-i-ll-do-it-tomorrow">How to avoid “I’ll do it tomorrow”</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/play-the-ultimate-game-your-real-life">Play the ultimate game: your real life</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-real-reason-why-you-get-distracted">The real reason why you get distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/today-shouldnt-suck">Today shouldn’t suck</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted">4 most common ways of getting distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20211105-081417/ Fri, 05 Nov 2021 08:14:16 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211105-081417/ Talking global supply chain chaos on @Clubhouse — join us right now! <a rel="noreferrer" target="_blank" href="https://t.co/5Skina4Vo5"><a href="https://t.co/5Skina4Vo5">https://t.co/5Skina4Vo5</a></a><br> https://www.whatsupup.com/blog/hardened/twinkled/20211105-042055/ Fri, 05 Nov 2021 04:20:55 +0000 https://www.whatsupup.com/blog/hardened/twinkled/20211105-042055/ <a rel="noreferrer" target="_blank" href="https://github.blog/2021-11-03-thank-you-github/">Thank you, GitHub</a><br></p> <hr> This morning, I sent the following post to the GitHub team. TL;DR: I’m moving on to my next adventure, and Thomas Dohmke (currently Chief Product Officer) will be GitHub’s next CEO.<br> https://www.whatsupup.com/blog/overgrazing/propellent/20211105-030555/ Fri, 05 Nov 2021 03:05:55 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211105-030555/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-case-to-reform-the-share-button">The Case To Reform The Share Button, According To Facebook’s Own Research</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-case-to-reform-the-share-button">New leaked document shows Facebook’s Share button spreads misinformation pervasively after two hops down the chain. Fix the button, fix the platform.</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20211105-023502/ Fri, 05 Nov 2021 02:35:02 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20211105-023502/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/pages/corporate-documents">Corporate Documents</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20211105-023453/ Fri, 05 Nov 2021 02:34:52 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20211105-023453/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/pages/corporate-documents">Corporate Documents</a><br> https://www.whatsupup.com/blog/gonadal/revving/20211105-023212/ Fri, 05 Nov 2021 02:32:11 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211105-023212/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/bfs/">BFS</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/graph/">graph</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/hashmap/">HashMap</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/search/">search</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/29/competitive-programming-in-haskell-bfs-part-3-implementation-via-hashmap/#comments">2 Comments</a><br> https://www.whatsupup.com/blog/traveling/splay/20211105-022947/ Fri, 05 Nov 2021 02:29:47 +0000 https://www.whatsupup.com/blog/traveling/splay/20211105-022947/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/11/04/science/astronomy-decadal-survey-telescope.html">Out There A New 10-Year Plan for the Cosmos On astronomers’ wish list for the next decade: two giant telescopes and a space telescope to search for life and habitable worlds beyond Earth. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20211105-022753/ Fri, 05 Nov 2021 02:27:52 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211105-022753/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-03027-y">US astronomy's 10-year plan is super-ambitious</a><br></p> <hr> Its ‘decadal survey’ pitches big new space observatories, funding for large telescopes and a reckoning over social issues plaguing the field.<br> https://www.whatsupup.com/blog/phonic/shopboy/20211105-022231/ Fri, 05 Nov 2021 02:22:30 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211105-022231/ <p>Sriram Krishnan - sriramk.eth <a rel="noreferrer" target="_blank" href="https://twitter.com/sriramk">@sriramk</a><br> we have @typesfast joining @aarthir, me and @pmarca tomorrow Nov 4th 10pm PT to talk about his deep dive into the supply chain crisis and the "tweet storm that saved Christmas".</p> <p>What do you want us to ask Ryan? Post question here.</p> <p><em>Only on @GoodTimeShowCH on @Clubhouse</em><br></p> https://www.whatsupup.com/blog/sovietizing/ohioan/20211105-021910/ Fri, 05 Nov 2021 02:19:09 +0000 https://www.whatsupup.com/blog/sovietizing/ohioan/20211105-021910/ Earlier this year the European Commission unveiled its proposed ‘Digital Identity Framework’, a revision to the 2014 eIDAS regulation. While the draft law includes many welcome provisions on the security … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2021/11/04/mozilla-publishes-position-paper-on-the-eu-digital-identity-framework/">Read more</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211105-021848/ Fri, 05 Nov 2021 02:18:48 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211105-021848/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/getaround-customer-story/">How an operations analyst built an app so internal teams could connect car hosts with safe, convenient, and affordable parking spots faster and more reliably.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211105-021558/ Fri, 05 Nov 2021 02:15:57 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211105-021558/ <p>The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.<br> One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.<br> Louis Morton , a security professional based in Fort Worth, Texas, forwarded an SMS phishing or “smishing” message sent to his wife’s mobile device that indicated a package couldn’t be delivered.<br> “It is a nearly perfect attack vector at this time of year,” Morton said. “A link was included, implying that the recipient could reschedule delivery.”<br> Attempting to visit the domain in the phishing link — o001cfedeex[.]com — from a desktop web browser redirects the visitor to a harmless page with ads for car insurance quotes. But by loading it in a mobile device (or by mimicking one using <a rel="noreferrer" target="_blank" href="https://developer.mozilla.org/en-US/docs/Learn/Common_questions/What_are_browser_developer_tools">developer tools</a> ), we can see the intended landing page pictured in the screenshot to the right — returns-fedex[.]com .<br> Blocking non-mobile users from visiting the domain can help minimize scrutiny of the site from non-potential victims, such as security researchers, and thus potentially keep the scam site online longer.<br> Clicking “Schedule new delivery” brings up a page that requests your name, address, phone number and date of birth. Those who click “Next Step” after providing that information are asked to add a payment card to cover the $2.20 “redelivery fee.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/tis-the-season-for-the-wayward-package-phish/#more-57437">Continue reading →</a><br> A number of publications in September warned about the emergence of “ Groove ,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists.<br> “An appeal to business brothers!” reads the Oct. 22 post from Groove calling for attacks on the United States government sector.<br> Groove was first announced Aug. 22 on RAMP , a new and fairly exclusive Russian-language darknet cybercrime forum.<br> “GROOVE is first and foremost an aggressive financially motivated criminal organization dealing in industrial espionage for about two years,” wrote RAMP’s administrator “Orange” in a post asking forum members to compete in a contest for designing a website for the new group. “Let’s make it clear that we don’t do anything without a reason, so at the end of the day, it’s us who will benefit most from this contest.”<br> According to <a rel="noreferrer" target="_blank" href="https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/how-groove-gang-is-shaking-up-the-ransomware-as-a-service-market-to-empower-affiliates/">a report</a> published by McAfee , Orange launched RAMP to appeal to ransomware-related threat actors who were were ousted from major cybercrime forums for being too toxic, or to cybercriminals who complained of being short-changed or stiffed altogether by different ransomware affiliate programs.<br> The report said RAMP was the product of a dispute between members of the Babuk ransomware gang, and that its members likely had connections to another ransomware group called BlackMatter .<br> “[McAfee] believes, with high confidence, that the Groove gang is a former affiliate or subgroup of the Babuk gang, who are willing to collaborate with other parties, as long as there is financial gain for them,” the report said. “Thus, an affiliation with the BlackMatter gang is likely.”<br> In the first week of September, Groove posted on its darknet blog nearly 500,000 login credentials for customers of Fortinet VPN products, usernames and passwords that could be used to remotely connect to vulnerable systems. Fortinet <a rel="noreferrer" target="_blank" href="https://www.fortinet.com/blog/psirt-blogs/malicious-actor-discloses-fortigate-ssl-vpn-credentials">said</a> the credentials were collected from systems that hadn’t yet implemented a patch issued in May 2019.<br> Some security experts said the post of the Fortinet VPN usernames and passwords was aimed at drawing new affiliates to Groove. But it seems more likely the credentials were posted to garner the attention of security researchers and journalists.<br> Sometime in the last week, Groove’s darknet blog disappeared. In a post on the Russian cybercrime forum XSS , an established cybercrook using the handle “ Boriselcin ” explained that Groove was little more than a pet project to screw with the media and security industry.<br> “For those who don’t understand what’s going on: I set up a fake Groove Gang and named myself a gang,” Boriselcin wrote. The rest of the post reads:<br> “They ate it up, I dumped 500k old Fortinet [access credentials] that no one needed and they ate it up. I say that I am going to target the U.S. government sector and they eat it up. Few journalists realized that this was all a show, a fake, and a scam! And my respect goes out to those who figured it out. I don’t even know what to do now with this blog with a ton of traffic. Maybe sell it? Now I just need to start writing [the article], but I can’t start writing it without checking everything.”<br> A review of Boriselcin’s recent postings on XSS indicate he has been planning this scheme for several months. On Sept. 13, Boriselcin posted that “several topics are ripening,” and that he intended to publish an article about duping the media and security firms.<br> “Manipulation of large information security companies and the media through a ransom blog,” he wrote. “It’s so funny to read Twitter and the news these days But the result is great so far. Triggering the directors of information security companies. We fuck the supply chain of the information security office.”<br> Image: @nokae8<br> This vulnerability is, as far as I know, the first one to affect almost everything.”<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/tis-the-season-for-the-wayward-package-phish/">‘Tis the Season for the Wayward Package Phish</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/the-groove-ransomware-gang-was-a-hoax/">The ‘Groove’ Ransomware Gang Was a Hoax</a><br> https://www.whatsupup.com/blog/palpable/mulla/20211105-021544/ Fri, 05 Nov 2021 02:15:44 +0000 https://www.whatsupup.com/blog/palpable/mulla/20211105-021544/ <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2021/11/02/multi-account-containers.html">Firefox Multi-Account Containers now needing permission to “Exchange messages with programs other than Firefox”</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211102-040936/ Tue, 02 Nov 2021 04:09:36 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211102-040936/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/import-csv-files-into-a-firestore-db-firebase/">Importing a CSV file into your Firestore database is one of the most common and fundamental ways of getting information into a database. In this post, you'll learn to do it, as well as learn concepts which can help you get all sorts of other data into your Firestore instance.</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211102-002135/ Tue, 02 Nov 2021 00:21:34 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211102-002135/ New York grand jury indicts real estate heir Robert Durst for the 1982 murder of his first wife, Kathleen Durst <a rel="noreferrer" target="_blank" href="https://www.reuters.com/legal/litigation/real-estate-heir-robert-durst-indicted-1982-murder-first-wife-kathie-durst-2021-11-01/">VIEW MORE</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20211102-001836/ Tue, 02 Nov 2021 00:18:35 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20211102-001836/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/11/trick-treat-paying-leets-and-sweets-for.html">Trick & Treat! 🎃 Paying Leets and Sweets for Linux Kernel privescs and k8s escapes</a><br></p> <hr> Posted by Eduardo Vela, Google Bug Hunters Team Starting today and for the next 3 months (until January 31 2022), we will pay 31,337 USD to security researchers that exploit privilege escalation in our lab environment with a patched vulnerability, and 50,337 USD to those that use a previously unpatched vulnerability, or a new exploit technique. We are constantly investing in the security of the Linux Kernel because much of the internet, and Google—from the devices in our pockets, to the services running on <a rel="noreferrer" target="_blank" href="https://kubernetes.io/">Kubernetes</a> in the cloud—depend on the security of it. We <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html">research its vulnerabilities and attacks</a> , as well as <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/08/linux-kernel-security-done-right.html">study and develop its defenses</a> . But we know that there is more work to do. That’s why we have decided to build on top of our <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2020/05/expanding-our-work-with-open-source.html">kCTF VRP</a> from last year and triple our previous reward amounts (for at least the next 3 months). Our base rewards for each publicly patched vulnerability is 31,337 USD (at most one exploit per vulnerability), but the reward can go up to 50,337 USD in two cases:<br> If the vulnerability was otherwise unpatched in the Kernel (0day)<br> If the exploit uses a new attack or technique, as determined by Google<br> We hope the new rewards will encourage the security community to explore new Kernel exploitation techniques to achieve privilege escalation and drive quicker fixes for these vulnerabilities. It is important to note, that the easiest exploitation primitives are not available in our lab environment due to the hardening done on <a rel="noreferrer" target="_blank" href="https://cloud.google.com/container-optimized-os/docs">Container-Optimized OS</a> . Note this program complements Android's VRP rewards, so exploits that work on Android could also be eligible for up to <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/about/rules/6171833274204160">250,000 USD</a> (that's in addition to this program). The mechanics are:<br> Connect to the <a rel="noreferrer" target="_blank" href="https://google.github.io/kctf/vrp">kCTF VRP cluster</a> , obtain root and read the flag (read <a rel="noreferrer" target="_blank" href="https://github.com/google/security-research/blob/master/pocs/linux/cve-2021-22555/writeup.md">this writeup</a> for how it was done before, and <a rel="noreferrer" target="_blank" href="https://google.github.io/kctf/security-threat-model.html">this threat model</a> for inspiration), and then submit your flag and a checksum of your exploit <a rel="noreferrer" target="_blank" href="https://docs.google.com/forms/d/e/1FAIpQLSeQf6aWmIIjtG4sbEKfgOBK0KL3zzeHCrsgA1EcPr-xsFAk7w/viewform">in this form</a> .<br> (If applicable) report vulnerabilities to <a rel="noreferrer" target="_blank" href="https://github.com/google/kctf/blob/v1/SECURITY.md">upstream</a> .<br> We strongly recommend including a patch since that could qualify for an <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/about/patch-rewards">additional reward</a> from our Patch Reward Program, but please report vulnerabilities upstream promptly once you confirm they are exploitable.<br> <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/report/vrp">Report your finding</a> to Google VRP once all patches are publicly available (we don't want to receive details of unpatched vulnerabilities ahead of the public.)<br> Provide the exploit code and the algorithm used to calculate the hash checksum.<br> A rough description of the exploit strategy is welcome.<br> Reports will be triaged on a weekly basis. If anyone has problems with the lab environment (if it's unavailable, technical issues or other questions), contact us on Discord in <a rel="noreferrer" target="_blank" href="https://discord.gg/V8UqnZ6JBG">#kctf</a> . You can read more details about the program <a rel="noreferrer" target="_blank" href="https://google.github.io/kctf/vrp">here</a> . Happy hunting!<br> https://www.whatsupup.com/blog/phonic/shopboy/20211102-001442/ Tue, 02 Nov 2021 00:14:41 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211102-001442/ <a rel="noreferrer" target="_blank" href="https://a16z.com/tag/logistics/">supply chains, logistics, and infrastructure</a><br> https://www.whatsupup.com/blog/alamode/heartsore/20211101-201318/ Mon, 01 Nov 2021 20:13:17 +0000 https://www.whatsupup.com/blog/alamode/heartsore/20211101-201318/ <p><a rel="noreferrer" target="_blank" href="https://signal.org/blog/keeping-spam-off-signal/">Improving first impressions on Signal</a><br></p> <hr> The phenomenon of unsolicited and unwanted messaging dates back to the earliest communication platforms: from <a rel="noreferrer" target="_blank" href="https://www.livescience.com/7028-ancient-cave-art-full-teenage-graffiti.html">prehistoric cave graffiti</a> and postal chain letters to popup ads and robocalls. To prevent spam, most online services rely on large-scale inspection of plaintext conversation content or detailed social-graph analysis to determine who is saying what to whom and whether or not that should be allowed. At Signal, we build on a foundation of privacy and do not have access to that type of data or metadata.<br> We build Signal in the open, with <a rel="noreferrer" target="_blank" href="https://github.com/signalapp">publicly available</a> source code for our applications and servers. To keep Signal a free global communication service without spam, we must depart from our totally-open posture and develop one piece of the server in private: a system for detecting and disrupting spam campaigns. Unlike encryption protocols, which are designed to be provably secure even if everyone knows how they work, spam detection is an ongoing chore for which there is no concrete resolution and for which transparency is a major disadvantage. If we put this code on the Internet alongside everything else, spammers would just read it and adjust their tactics to gain an advantage in the cat-and-mouse game of keeping spam off the network. The Signal protocols, cryptography, and source code are peer reviewed, shared for independent inspection, and provably private by design. We are bound by these security guarantees, so that your conversations and contacts remain as private and protected as ever, even if we keep spam-fighting tools out of sight.<br> https://www.whatsupup.com/blog/ideo/fleury/20211101-120759/ Mon, 01 Nov 2021 12:07:58 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211101-120759/ Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness.<br> Researchers with the University of Cambridge discovered a bug that affects most computer code compilers and many software development environments. At issue is a component of the digital text encoding standard <a rel="noreferrer" target="_blank" href="https://home.unicode.org/">Unicode</a> , which allows computers to exchange information regardless of the language used. Unicode currently defines more than 143,000 characters across 154 different language scripts (in addition to many non-script character sets, such as emojis).<br> Specifically, the weakness involves Unicode’s bi-directional or “ <a rel="noreferrer" target="_blank" href="https://www.w3.org/International/articles/inline-bidi-markup/uba-basics">Bidi” algorithm</a> , which handles displaying text that includes mixed scripts with different display orders, such as Arabic — which is read right to left — and English (left to right).<br> But computer systems need to have a deterministic way of resolving conflicting directionality in text. Enter the “Bidi override,” which can be used to make left-to-right text read right-to-left, and vice versa.<br> “In some scenarios, the default ordering set by the Bidi Algorithm may not be sufficient,” the Cambridge researchers wrote. “For these cases, Bidi override control characters enable switching the display ordering of groups of characters.”<br> Bidi overrides enable even single-script characters to be displayed in an order different from their logical encoding. As the researchers point out, this fact has previously been exploited <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2011/09/right-to-left-override-aids-email-attacks/">to disguise the file extensions of malware disseminated via email</a> .<br> Here’s the problem: Most programming languages let you put these Bidi overrides in comments and strings. This is bad because most programming languages allow comments within which all text — including <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Control_character">control characters</a> — is ignored by compilers and interpreters. Also, it’s bad because most programming languages allow <a rel="noreferrer" target="_blank" href="https://www.ibm.com/docs/en/zos/2.3.0?topic=literals-string">string literals</a> that may contain arbitrary characters, including control characters.<br> “So you can use them in source code that appears innocuous to a human reviewer [that] can actually do something nasty,” said Ross Anderson , a professor of computer security at Cambridge and co-author of the research. “That’s bad news for projects like Linux and Webkit that accept contributions from random people, subject them to manual review, then incorporate them into critical code. This vulnerability is, as far as I know, the first one to affect almost everything.”<br> The research paper, which dubbed the vulnerability “ <a rel="noreferrer" target="_blank" href="https://www.trojansource.codes/">Trojan Source</a> ,” notes that while both comments and strings will have syntax-specific semantics indicating their start and end, these bounds are not respected by Bidi overrides . From the paper:<br> “Therefore, by placing Bidi override characters exclusively within comments and strings, we can smuggle them into source code in a manner that most compilers will accept. Our key insight is that we can reorder source code characters in such a way that the resulting display order also represents syntactically valid source code.”<br> “Bringing all this together, we arrive at a novel supply-chain attack on source code. By injecting Unicode Bidi override characters into comments and strings, an adversary can produce syntactically-valid source code in most modern languages for which the display order of characters presents logic that diverges from the real logic. In effect, we anagram program A into program B.”<br> Anderson said such an attack could be challenging for a human code reviewer to detect, as the rendered source code looks perfectly acceptable.<br> “If the change in logic is subtle enough to go undetected in subsequent testing, an adversary could introduce targeted vulnerabilities without being detected,” he said.<br> Equally concerning is that Bidi override characters persist through the copy-and-paste functions on most modern browsers, editors, and operating systems.<br> “Any developer who copies code from an untrusted source into a protected code base may inadvertently introduce an invisible vulnerability,” Anderson told KrebsOnSecurity. “Such code copying is a significant source of real-world security exploits.”<br> Image: XKCD.com/2347/<br> <a rel="noreferrer" target="_blank" href="https://isi.jhu.edu/~mgreen/">Matthew Green</a> , an associate professor at the Johns Hopkins Information Security Institute , said the Cambridge research clearly shows that most compilers can be tricked with Unicode into processing code in a different way than a reader would expect it to be processed.<br> “Before reading this paper, the idea that Unicode could be exploited in some way wouldn’t have surprised me,” Green told KrebsOnSecurity. “What does surprise me is how many compilers will happily parse Unicode without any defenses, and how effective their right-to-left encoding technique is at sneaking code into codebases. That’s a really clever trick I didn’t even know was possible. Yikes.”<br> Green said the good news is that the researchers conducted a widespread vulnerability scan, but were unable to find evidence that anyone was exploiting this. Yet.<br> “The bad news is that there were no defenses to it, and now that people know about it they might start exploiting it,” Green said. “Hopefully compiler and code editor developers will patch this quickly! But since some people don’t update their development tools regularly there will be some risk for a while at least.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/#more-57367">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/">‘Trojan Source’ Bug Threatens the Security of All Code</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211031-201819/ Sun, 31 Oct 2021 20:18:19 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211031-201819/ Moderna says FDA might take until January to complete review of its COVID-19 shot for adolescents <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/healthcare-pharmaceuticals/moderna-says-fda-needs-more-time-complete-review-its-covid-19-shot-adolescents-2021-10-31/">VIEW MORE</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211031-162013/ Sun, 31 Oct 2021 16:20:13 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211031-162013/ G20 statement urges 'meaningful and effective' action to limit global warming, but offers few concrete commitments <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/environment/g20-leaders-face-tough-climate-talks-second-day-summit-2021-10-30/">VIEW MORE</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20211031-121327/ Sun, 31 Oct 2021 12:13:26 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211031-121327/ <p>Sajith Pai <a rel="noreferrer" target="_blank" href="https://twitter.com/sajithpai">@sajithpai</a><br> First appearance of 'Product/Market Fit' in the Wild.</p> <p>This is 1937!</p> <p>Of course, I dont think they meant what @pmarca meant when he wrote 'The Only Thing That Matters'. <a rel="noreferrer" target="_blank" href="https://t.co/H6TmQ0Rlol"><a href="https://t.co/H6TmQ0Rlol">https://t.co/H6TmQ0Rlol</a></a><br></p> https://www.whatsupup.com/blog/buckeroo/doubling/20211031-082210/ Sun, 31 Oct 2021 08:22:09 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211031-082210/ October 31, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/10/31/Spooky.gmi">On a dark and stormy night…</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> https://www.whatsupup.com/blog/sideswiped/tuftily/20211031-041548/ Sun, 31 Oct 2021 04:15:48 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20211031-041548/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/10/30/Diablo-Immortal">Diablo Immortal</a> · I tried out <a rel="noreferrer" target="_blank" href="https://diabloimmortal.blizzard.com/en-us/">Diablo Immortal</a> on my <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/06/22/Galaxy-Tab-S7-Plus">Galaxy Tab 7+</a> and, well, it’s pretty convincing off the top. But I wonder if it’s ethical to play anything from Blizzard, these days? Protip: At the moment you can’t get into the closed beta unless you’re on Android in Canada <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/10/30/Diablo-Immortal">…</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211031-002051/ Sun, 31 Oct 2021 00:20:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211031-002051/ How an open phone line exposed a 'coup plan' at Canada's Rogers Communications <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/media-telecom/how-an-accidental-phone-answer-exposed-coup-plan-canadas-rogers-communications-2021-10-30/">VIEW MORE</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20211031-001419/ Sun, 31 Oct 2021 00:14:18 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211031-001419/ Here's our actual proposal. Doesn't say anything like that. Highly recommend reading primary sources :) <a rel="noreferrer" target="_blank" href="https://t.co/V4x51PuQmf"><a href="https://t.co/V4x51PuQmf">https://t.co/V4x51PuQmf</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/SRXH6cuEp6"><a href="https://t.co/SRXH6cuEp6">https://t.co/SRXH6cuEp6</a></a><br> https://www.whatsupup.com/blog/popularization/compilable/20211030-200854/ Sat, 30 Oct 2021 20:08:53 +0000 https://www.whatsupup.com/blog/popularization/compilable/20211030-200854/ <a rel="noreferrer" target="_blank" href="https://ieeexplore.ieee.org/document/9354592">Scalable Scalable Vector Graphics: Automatic Translation of Interactive SVGs to a Multithread VDOM for Fast Rendering</a> Michail Schwab, David Saffo, Nicholas Bond, Shash Sinha, Cody Dunne, Jeff Huang, James Tompkin, Michelle Borkin TVCG (Transactions on Visualization and Computer Graphics), to appear <a rel="noreferrer" target="_blank" href="https://ssvg.io/">[website]</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211030-162110/ Sat, 30 Oct 2021 16:21:09 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211030-162110/ U.S., EU expected to announce deal ending steel, aluminum tariff dispute this weekend <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us-eu-expected-announce-deal-ending-steel-aluminum-tariff-dispute-sources-say-2021-10-30/">VIEW MORE</a><br> https://www.whatsupup.com/blog/gonadal/revving/20211030-042231/ Sat, 30 Oct 2021 04:22:29 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211030-042231/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/29/competitive-programming-in-haskell-bfs-part-3-implementation-via-hashmap/">Competitive programming in Haskell: BFS, part 3 (implementation via HashMap)</a><br></p> <hr> In <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/14/competitive-programming-in-haskell-bfs-part-1/">a previous post</a> , I showed how we can solve <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/modulosolitaire">Modulo Solitaire</a> (and hopefully other BFS problems as well) using a certain API for BFS, and we also <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/18/competitive-programming-in-haskell-bfs-part-2-alternative-apis/">explored some alternatives</a> . I had a very interesting discussion with <a rel="noreferrer" target="_blank" href="https://blogs.ncl.ac.uk/andreymokhov/about/">Andrey Mokhov</a> in the comments about potential designs for an even more general API; more on that in a future post, perhaps!<br> For today, though, I want to finally show one way to implement this API efficiently. Spoiler alert: this implementation ultimately won’t be fast enough for us, but it will be a helpful stepping stone on our way to a yet faster implementation (which will of course get its own post in due time).<br> This post is literate Haskell; you can <a rel="noreferrer" target="_blank" href="https://hub.darcs.net/byorgey/byorgey-wordpress/browse/2019-04-comprog-hs/22-BFS-impl-HashMap.lhs">obtain the source from the darcs repo</a> . We begin with a few<br> pragmas and imports.<br> {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE ScopedTypeVariables #-} {-# LANGUAGE TupleSections #-} module BFS where import Control.Arrow ( ( >>> ) ) import Data.Hashable ( Hashable ) import Data.HashMap.Strict ( HashMap , ( ! ) ) import qualified Data.HashMap.Strict as HM import Data.List ( foldl' ) import Data.Sequence ( Seq ( .. ) , ViewL ( .. ) , ( |> ) ) import qualified Data.Sequence as Seq<br> Now a couple utility functions:<br> (>$>)<br> is just flipped function application, and<br> exhaust<br> iterates an<br> (a -> Maybe a)<br> function as many times as possible, returning the last non-<br> Nothing<br> value.<br> infixl 0 >$> ( >$> ) :: a -> ( a -> b ) -> b ( >$> ) = flip ( $ ) {-# INLINE (>$>) #-} exhaust :: ( a -> Maybe a ) -> a -> a exhaust f = go where go a = maybe a go ( f a )<br> Here is the<br> record that we ultimately want to produce; it should be familiar from previous posts.<br> data BFSResult v = BFSR { getLevel :: v -> Maybe Int , getParent :: v -> Maybe v }<br> While running our BFS, we’ll keep track of three things: the level of each vertex that has been encountered; a mapping from each encountered vertex to its parent; and a queue of vertices that have been encountered but yet to be processed. We use a<br> Seq<br> from <a rel="noreferrer" target="_blank" href="https://hackage.haskell.org/package/containers-0.6.5.1/docs/Data-Sequence.html">Data.Sequence</a> to represent the queue, since it supports efficient (amortized constant-time) insertion and removal from either end of the sequence. There are certainly other potential ways to represent a queue in Haskell (and this probably deserves its own blog post) but<br> Data.Sequence<br> seems to give good performance for minimal effort (and in any case, as we’ll see, it’s not the performance bottleneck here). We use a pair of<br> HashMap<br> s to represent the<br> maps.<br> data BFSState v = BS { level :: HashMap v Int , parent :: HashMap v v , queue :: Seq v }<br> Given a list of starting vertices, we can create an initial state, with a queue containing the starting vertices and all of them set to level 0.<br> initBFSState :: ( Eq v , Hashable v ) => [ v ] -> BFSState v initBFSState vs = BS ( HM.fromList ( map ( , 0 ) vs ) ) HM.empty ( Seq.fromList vs )<br> Now, here is our imeplementation of BFS, using the API discussed previously: it takes a list of starting vertices, a function giving the neighbors of each vertex, and a function identifying “target vertices” (so we can stop early), and returns a<br> record. We create an initial state, run<br> bfsStep<br> as much as possible, and convert the end state into a result.<br> bfs :: forall v . ( Eq v , Hashable v ) => [ v ] -> ( v -> [ v ] ) -> ( v -> Bool ) -> BFSResult v bfs vs next goal = toResult $ exhaust bfsStep ( initBFSState vs ) where<br> Converting the final<br> BFSState<br> is easy: just return functions that do a<br> into the relevant map.<br> toResult BS { .. } = BFSR ( `HM.lookup` level ) ( `HM.lookup` parent )<br> To do a single step of BFS, try to remove the next vertex<br> from the queue. If the queue is empty, or the next vertex is a goal vertex, return<br> to signal that we are done.<br> bfsStep st @ BS { .. } = case Seq.viewl queue of EmptyL -> Nothing v :< q' | goal v -> Nothing<br> Otherwise, use the<br> function to find the neighbors of<br> , keep only those we haven’t encountered before ( i.e. those which are not keys in the<br> map), and use each one to update the BFS state (being sure to first set the queue to the new one with<br> removed).<br> | otherwise -> v >$> next >>> filter ( not . ( `HM.member` level ) ) >>> foldl' ( upd v ) ( st { queue = q' } ) >>> Just<br> To update the BFS state based on a newly visited vertex, we record its parent, insert it into the<br> map with a level one greater than its parent, and add it to the end of the queue.<br> upd p BS { .. } v = BS ( HM.insert v l level ) ( HM.insert v p parent ) ( queue |> v ) where l = level ! p + 1<br> And that’s it! This is good enough to solve many BFS problems on Open Kattis, such as <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/breakingbad">Breaking Bad</a> , <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/armpitcomputations">ARMPIT Computations</a> , and <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/foldingacube">Folding a Cube</a> . (I will leave you the pleasure of solving these problems yourself; I am especially fond of my Haskell solution to Folding a Cube.)<br> Unfortunately, it is not fast enough to solve Modulo Solitaire, which I picked specifically because it seems to be one of the most computationally demanding BFS problems I’ve seen. My solution using this<br> -based implementation solves a bunch of initial test cases, but exceeds the 2 second time limit on one of the later test cases. Next time, I’ll show how to adapt this into an even faster implementation which is actually fast enough to solve Modulo Solitaire.<br> Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/bfs/">BFS</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/graph/">graph</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/hashmap/">HashMap</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/search/">search</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/29/competitive-programming-in-haskell-bfs-part-3-implementation-via-hashmap/#respond">Leave a comment</a><br> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/search/">search</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/29/competitive-programming-in-haskell-bfs-part-3-implementation-via-hashmap/">Competitive programming in Haskell: BFS, part 3 (implementation via HashMap)</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211030-020418/ Sat, 30 Oct 2021 02:04:18 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211030-020418/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/28/technology/facebook-meta-name-change.html">Facebook Renames Itself Meta The social network, under fire for spreading misinformation and other issues, said the change was part of its bet on a next digital frontier called the metaverse. By Mike Isaac</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/27/technology/facebook-legal-communications.html">Facebook tells employees to preserve all communications for legal reasons. The move follows intense scrutiny after a whistle-blower provided documents about the social network’s inner workings. By Ryan Mac and Mike Isaac</a><br> https://www.whatsupup.com/blog/barbecuing/persuadably/20211030-020338/ Sat, 30 Oct 2021 02:03:38 +0000 https://www.whatsupup.com/blog/barbecuing/persuadably/20211030-020338/ Fund<br> Investing $10 million a year into early-stage startups. <a rel="noreferrer" target="_blank" href="https://shl.vc/lp">Co-invest with me?</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211030-020129/ Sat, 30 Oct 2021 02:01:28 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211030-020129/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/silicon-valleys-open-culture-era">Silicon Valley’s Open Culture Era Comes To An End</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/silicon-valleys-open-culture-era">The tech giants exported their open work cultures to the world. But now, after the Facebook leaks, the concept is headed to its grave.</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20211030-015855/ Sat, 30 Oct 2021 01:58:55 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20211030-015855/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/10/protecting-your-device-information-with.html">Protecting your device information with Private Set Membership</a><br></p> <hr> Posted by Kevin Yeo and Sarvar Patel, Private Computing Team<br> At Google, keeping you safe online is our top priority, so we continuously build the most advanced privacy-preserving technologies into our products. Over the past few years, we've utilized innovations in cryptographic research to keep your personal information private by design and secure by default. As part of this, we launched <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2019/02/protect-your-accounts-from-data.html">Password Checkup</a> , which protects account credentials by notifying you if an entered username and password are known to have been compromised in a prior data breach. Using cryptographic techniques, Password Checkup can do this without revealing your credentials to anyone, including Google. Today, Password Checkup protects users across many platforms including <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/02/new-password-checkup-feature-coming-to.html">Android</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2019/12/better-password-protections-in-chrome.html">Chrome</a> and <a rel="noreferrer" target="_blank" href="https://blog.google/technology/safety-security/password-checkup/">Google Password Manager</a> . Another example is <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2019/06/helping-organizations-do-more-without-collecting-more-data.html">Private Join and Compute</a> , an open source protocol which enables organizations to work together and draw insights from confidential data sets. Two parties are able to encrypt their data sets, join them, and compute statistics over the joint data. By leveraging secure multi-party computation, Private Join and Compute is designed to ensure that the plaintext data sets are concealed from all parties. In this post, we introduce the next iteration of our research, Private Set Membership, as well as its <a rel="noreferrer" target="_blank" href="https://github.com/google/private-membership">open-source availability</a> . At a high level, Private Set Membership considers the scenario in which Google holds a database of items, and user devices need to contact Google to check whether a specific item is found in the database. As an example, users may want to check membership of a computer program on a block list consisting of known malicious software before executing the program. Often, the set’s contents and the queried items are sensitive, so we designed Private Set Membership to perform this task while preserving the privacy of our users. Protecting your device information during enrollment Beginning in Chrome 94, Private Set Membership will enable Chrome OS devices to complete the enrollment process in a privacy-preserving manner. Device enrollment is an integral part of the out-of-box experience that welcomes you when getting started with a Chrome OS device. The device enrollment process requires checking membership of device information in encrypted Google databases, including checking if a device is enterprise enrolled or determining if a device was pre-packaged with a license. The correct end state of your Chrome OS device is determined using the results of these membership checks. During the enrollment process, we protect your Chrome OS devices by ensuring no information ever leaves the device that may be decrypted by anyone else when using Private Set Membership. Google will never learn any device information and devices will not learn any unnecessary information about other devices. ​​To our knowledge, this is the first instance of advanced cryptographic tools being leveraged to protect device information during the enrollment process. A deeper look at Private Set Membership Private Set Membership is built upon two cryptographic tools:<br> Homomorphic encryption is a powerful cryptographic tool that enables computation over encrypted data without the need for decryption. As an example, given the encryptions of values X and Y, homomorphic encryption enables computing the encryption of the sum of X and Y without ever needing to decrypt. This preserves privacy as the data remains concealed during the computation. Private Set Membership is built upon Google’s <a rel="noreferrer" target="_blank" href="https://github.com/google/shell-encryption">open source</a> homomorphic encryption library.<br> Oblivious hashing is a cryptographic technique that enables two parties to jointly compute a hash, H(K, x), where the sender holds the key, K, and the receiver holds the hash input, x. The receiver will obtain the hash, H(K, x), without learning the key K. At the same time, the input x will be hidden from the sender.<br> Take a look at how Private Set Membership utilizes homomorphic encryption and oblivious hashing to protect data below:<br> For a deeper look into the technology behind Private Set Membership, you can also <a rel="noreferrer" target="_blank" href="https://github.com/google/private-membership">access our open source code</a> . Privacy properties By using Private Set Membership, the following privacy properties are obtained:<br> No data leaves the device when checking membership. We designed Private Set Membership using advanced cryptographic techniques to ensure that data never leaves the device in an unencrypted manner when performing membership checks. As a result, the data on your device will be concealed from everyone, including Google.<br> Devices learn only membership information and nothing else. Private Set Membership was designed to prevent devices from learning any unnecessary information about other devices when querying. For each query, devices learn only the results of the membership check and no other information.<br> Using Private Set Membership to solve more problems Private Set Membership is a powerful tool that solves a fundamental problem in a privacy-preserving manner. This is just the beginning of what’s possible using this technology. Private Set Membership can help preserve user privacy across a wide array of applications. For example:<br> Checking allow or block lists. In this setting, users check membership in an allow or block list to determine whether to proceed with the desired action. Private Set Membership enables this check without any information about the software leaving the device.<br> Control flows with conditional membership checks. Control flows are a common computer science concept that represent arbitrary computer programs with conditional branching. In many cases, the conditional branches require checking membership of sensitive data to determine the next step of the algorithm. By utilizing Private Set Membership, we enable execution of these algorithms while ensuring data never leaves the user’s device.<br> We still have a ways to go before Private Set Membership is used for general membership checks by devices. At Google, we are exploring a number of potential use cases to protect your privacy using Private Set Membership. We are excited to continue advancing the state-of-the-art cryptographic research to keep you safe. Acknowledgements The work in this post is the result of a collaboration between a large group of current and former Google engineers, research scientists and others including: Amr Aboelkher, Asra Ali, Ghous Amjad, Yves Arrouye, Roland Bock, Xi Chen, Maksim Ivanov, Dennis Kalinichenko, Nirdhar Khazanie, Dawon Lee, Tancrède Lepoint, Lawrence Lui, Pavol Marko, Thiemo Nagel, Mariana Raykova, Aaron Segal, Joon Young Seo, Karn Seth, and Jason Wong.<br> <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">Pixel 6: Setting a new standard for mobile security</a><br> <hr> Posted by Dave Kleidermacher, Jesse Seed, Brandon Barbello, and Stephan Somogyi, Android, Pixel & Tensor security teams<br> With Pixel 6 and Pixel 6 Pro, we’re launching our most secure Pixel phone yet, with <a rel="noreferrer" target="_blank" href="https://support.google.com/pixelphone/answer/4457705?p=pixel_android_updates&visit_id=637708689245917155-1925669063&rd=1">5 years of security updates</a> and the most layers of hardware security. These new Pixel smartphones take a layered security approach, with innovations spanning across the <a rel="noreferrer" target="_blank" href="https://blog.google/products/pixel/introducing-google-tensor/">Google Tensor</a> system on a chip (SoC) hardware to new Pixel-first features in the Android operating system, making it the first Pixel phone with Google security from the silicon all the way to the data center. Multiple dedicated security teams have also worked to ensure that Pixel’s security is provable through transparency and external validation.<br> Secure to the Core<br> Google has put user data protection and transparency at the forefront of hardware security with Google Tensor. Google Tensor’s main processors are Arm-based and utilize <a rel="noreferrer" target="_blank" href="https://developer.arm.com/ip-products/security-ip/trustzone">TrustZone</a> ™ technology. TrustZone is a key part of our security architecture for general secure processing, but the security improvements included in Google Tensor go beyond TrustZone.<br> Figure 1. Pixel Secure Environments<br> The Google Tensor security core is a custom designed security subsystem dedicated to the preservation of user privacy. It's distinct from the application processor, not only logically, but physically, and consists of a dedicated CPU, ROM, one-time-programmable (OTP) memory, crypto engine, internal SRAM, and protected DRAM. For Pixel 6 and 6 Pro, the security core’s primary use cases include protecting user data keys at runtime, hardening secure boot, and interfacing with Titan M2 TM .<br> Your secure hardware is only as good as your secure OS, and we are using <a rel="noreferrer" target="_blank" href="https://source.android.com/security/trusty">Trusty</a> , our open source trusted execution environment. Trusty OS is the secure OS used both in TrustZone and the Google Tensor security core.<br> With Pixel 6 and Pixel 6 Pro your security is enhanced by the new Titan M2 TM , our discrete security chip, fully designed and developed by Google. In this next generation chip, we moved to an in-house designed RISC-V processor, with extra speed and memory, and made it even more resilient to advanced attacks. Titan M2 TM has been tested against the most rigorous standard for vulnerability assessment, AVA_VAN.5, by an independent, accredited evaluation lab. Titan M2™ supports <a rel="noreferrer" target="_blank" href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">Android Strongbox</a> , which securely generates and stores keys used to protect your PINs and password, and works hand-in-hand with Google Tensor security core to protect user data keys while in use in the SoC.<br> Moving a step higher in the system, Pixel 6 and Pixel 6 Pro ship with <a rel="noreferrer" target="_blank" href="https://android-developers.googleblog.com/2021/10/android-12-is-live-in-aosp.html">Android 12</a> and a slew of Pixel-first and Pixel-exclusive features.<br> Enhanced Controls<br> We aim to give users better ways to control their data and manage their devices with every release of Android. Starting with Android 12 on Pixel, you can use the new Security hub to manage all your security settings in one place. It helps protect your phone, apps, Google Account, and passwords by giving you a central view of your device’s current configuration. Security hub also provides recommendations to improve your security, helping you decide what settings best meet your needs.<br> For privacy, we are launching Privacy Dashboard, which will give you a … https://www.whatsupup.com/blog/boxed/modification/20211030-015828/ Sat, 30 Oct 2021 01:58:28 +0000 https://www.whatsupup.com/blog/boxed/modification/20211030-015828/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#cppcon">cppcon</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#overload-resolution">overload-resolution</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#puzzles">puzzles</a><br> I contributed some puzzles to the online venue for CppCon 2021. Some of my contributions were just C++ Pub Quiz questions recycled from 2019; but I also contributed a set of logic puzzles that I think are fairly novel. I’m going to call this type of puzzle “overload arrangement.”<br> C++ Pub Quiz at CppCon 2021, Game Two<br> Last night I emceed Game 2 of CppCon 2021’s “C++ Pub Quiz.” This time, five teams participated, and the results were again pretty close: In first place, the ironically named Team Dead Weight with 29.5 points, followed by<br> decltype(<a href=""></a>{})<br> at 28 and the Metaprogrammers at 27. Thanks also to the Leftovers and the Abominable Types.<br> C++ Pub Quiz at CppCon 2021, Game One<br> <a rel="noreferrer" target="_blank" href="https://cppcon.org/program2021/">CppCon 2021</a> is half over already. Tonight I emceed the first game of the third annual CppCon “C++ Pub Quiz.” Herb Sutter offered opening remarks, and then joined one of our seven teams for a few rounds of play. What is C++ Pub Quiz, you ask? It’s a straightforward trivia night — five rounds, ten questions per round, write down your team’s answers on a sheet of paper and turn it in at the end of the round. High score after five rounds wins the game.<br> Seven teams participated in this year’s Pub Quiz. The winning team of the night was Team BYOB, with a score of 33 points, just edging out Team Hufflepuff at 32. Third place went to Rotate! That’s A with 30 points. Thanks also to Symbol Not Found; Unit Tested; the Reference ₩rappers a.k.a. UB Unicorns; and Flying Blind.<br> Don’t reopen<br> namespace std<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#antipatterns">antipatterns</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#c++-style">c++-style</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#cppcon">cppcon</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#sd-8-adjacent">sd-8-adjacent</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#slogans">slogans</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#templates">templates</a><br> Today (in two different contexts) I saw people reopening<br> in order to introduce a specialization of a standard template. For example:<br> https://www.whatsupup.com/blog/sideswiped/tuftily/20211030-015735/ Sat, 30 Oct 2021 01:57:35 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20211030-015735/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/10/08/The-WOrst-Case">Worst Case</a> · Suppose you’re running your organization’s crucial apps in the cloud. Specifically, suppose you’re running them them on AWS, and in particular in the “us-east-1” region? Could us-east-1 go away? What might you do about it? Let’s catastrophize! <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/10/08/The-WOrst-Case">…</a> [19 comments]<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211030-015125/ Sat, 30 Oct 2021 01:51:25 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211030-015125/ <p><a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-i-created-a-coding-font-game-with-low-code/">Our customer Wendy Zhang made a very cool coding font app/gamified experience that helps you find your true love amongst coding fonts. What's also cool is that it's a consumer-facing app built entirely on Retool! Check out what it does, and how Wendy built it.</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/tripplo-customer-story/">How the engineering team at Tripplo replaced 3 separate internal apps—a PHP admin panel, a custom React app, and spreadsheets—with Retool, thus saving 5 hours of eng time a week, and improving collaboration with business teams and agents.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211030-014837/ Sat, 30 Oct 2021 01:48:36 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211030-014837/ In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.<br> Last week, KrebsOnSecurity heard from a reader who was browsing Zales.com and suddenly found they were looking at someone else’s order information on the website, including their name, billing address, shipping address, phone number, email address, items and total amount purchased, delivery date, tracking link, and the last four digits of the customer’s credit card number.<br> The reader noticed that the link for the order information she’d stumbled on included a lengthy numeric combination that — when altered — would produce yet another customer’s order information.<br> When the reader failed to get an immediate response from Signet, KrebsOnSecurity contacted the company. In a written response, Signet said, “A concern was brought to our attention by an IT professional. We addressed it swiftly, and upon review we found no misuse or negative impact to any systems or customer data.”<br> Their statement continues:<br> “As a business principle we make consumer information protection the highest priority, and proactively initiate independent and industry-leading security testing. As a result, we exceed industry benchmarks on data protection maturity. We always appreciate it when consumers reach out to us with feedback, and have committed to further our efforts on data protection maturity.”<br> When Signet <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2018/12/jared-kay-jewelers-parent-fixes-data-leak/">fixed similar weaknesses with its Jared and Kay websites back in 2018</a> , the reader who found and reported that data exposure said his mind quickly turned to the various ways crooks might exploit access to customer order information.<br> “My first thought was they could track a package of jewelry to someone’s door and swipe it off their doorstep,” said Brandon Sheehy , a Dallas-based Web developer. “My second thought was that someone could call Jared’s customers and pretend to be Jared, reading the last four digits of the customer’s card and saying there’d been a problem with the order, and if they could get a different card for the customer they could run it right away and get the order out quickly. That would be a pretty convincing scam. Or just targeted phishing attacks.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/zales-com-leaked-customer-data-just-like-sister-firms-jared-kay-jewelers-did-in-2018/#more-57314">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/zales-com-leaked-customer-data-just-like-sister-firms-jared-kay-jewelers-did-in-2018/">Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018</a><br> https://www.whatsupup.com/blog/palpable/mulla/20211030-014820/ Sat, 30 Oct 2021 01:48:20 +0000 https://www.whatsupup.com/blog/palpable/mulla/20211030-014820/ <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html">Exploiting CVE-2021-4274</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20211027-001837/ Wed, 27 Oct 2021 00:18:36 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211027-001837/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-02931-7">Mysterious ‘alien beacon’ was false alarm</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211026-200915/ Tue, 26 Oct 2021 20:09:15 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211026-200915/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/why-is-oracle-worth-260b/">How did software that most developers at startups have never used get this big? Understanding Oracle starts with understanding the history of relational databases, and digging into their business and competitive practices.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211026-200655/ Tue, 26 Oct 2021 20:06:54 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211026-200655/ U.S. federal investigators today raided the Florida offices of PAX Technology , a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX’s systems may have been involved in cyberattacks on U.S. and E.U. organizations.<br> FBI agents entering PAX Technology offices in Jacksonville today. Source: WOKV.com.<br> Headquartered in Shenzhen, China, <a rel="noreferrer" target="_blank" href="https://www.pax.us/">PAX Technology Inc.</a> has more than 60 million point-of-sale terminals in use throughout 120 countries. Earlier today, Jacksonville, Fla. based WOKV.com <a rel="noreferrer" target="_blank" href="https://www.wokv.com/news/local/fbi-jacksonville-homeland-security-agents-investigating-outside-southside-business/BVFSPMUVUJHWRJTX56PSQDXAZ4/">reported</a> that agents with the FBI and Department of Homeland Security (DHS) had raided a local PAX Technology warehouse.<br> In an official statement, investigators told WOKV only that they were executing a court-authorized search at the warehouse as a part of a federal investigation, and that the inquiry included the Department of Customs and Border Protection and the Naval Criminal Investigative Services (NCIS). The FBI has not responded to requests for comment.<br> Several days ago, KrebsOnSecurity heard from a trusted source that the FBI began investigating PAX after a major U.S. payment processor started asking questions about unusual network packets originating from the company’s payment terminals.<br> According to that source, the payment processor found that the PAX terminals were being used both as a malware “dropper” — a repository for malicious files — and as “command-and-control” locations for staging attacks and collecting information.<br> “FBI and MI5 are conducting an intensive investigation into PAX,” the source said. “A major US payment processor began asking questions about network packets originating from PAX terminals and were not given any good answers.”<br> KrebsOnSecurity reached out to PAX Technology’s CEO on Sunday. The company has not yet responded to requests for comment.<br> The source said two major financial providers — one in the United States and one in the United Kingdom — had already begun pulling PAX terminals from their payment infrastructure, a claim that was verified by two different sources. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/fbi-raids-chinese-point-of-sale-giant-pax-technology/#more-57313">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/fbi-raids-chinese-point-of-sale-giant-pax-technology/">FBI Raids Chinese Point-of-Sale Giant PAX Technology</a><br> https://www.whatsupup.com/blog/sited/implore/20211026-161933/ Tue, 26 Oct 2021 16:19:32 +0000 https://www.whatsupup.com/blog/sited/implore/20211026-161933/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/10/26/espanol/facebook-documentos-desinformacion.html">Las investigaciones internas de Facebook: los documentos muestran señales de alarma sobre la desinformación Documentos de la empresa revelan que en varias ocasiones trabajadores de la red social advirtieron de la difusión de desinformación y teorías de la conspiración antes y después de las elecciones presidenciales de Estados Unidos. By Ryan Mac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211026-122118/ Tue, 26 Oct 2021 12:21:18 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211026-122118/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/10/26/espanol/facebook-documentos-desinformacion.html">Las investigaciones internas de Facebook: los documentos muestran señales de alarma sobre la desinformación Documentos de la empresa revelan que en varias ocasiones trabajadores de la red social advirtieron de la difusión de desinformación y teorías de la conspiración antes y después de las elecciones presidenciales de Estados Unidos. By Ryan Mac and Sheera Frenkel</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/25/technology/facebook-profits-earnings-q3-2021.html">Facebook’s profit jumps 17 percent. The results in the latest quarter are a sign of the company’s financial strength as it faces a public relations crisis. By Mike Isaac</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211026-122041/ Tue, 26 Oct 2021 12:20:41 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211026-122041/ October 26, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/10/26/stalebot.html">GitHub stale bot considered harmful</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211026-082111/ Tue, 26 Oct 2021 08:21:10 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211026-082111/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/26/technology/facebook-sec-complaints.html">The Facebook Papers Facebook Faces a Public Relations Crisis. What About a Legal One? One of the most pressing questions is whether the Securities and Exchange Commission will significantly add to the company’s woes. By Cecilia Kang</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/10/26/espanol/facebook-documentos-desinformacion.html">Las investigaciones internas de Facebook: los documentan muestran señales de alarma sobre la desinformación Documentos de la empresa revelan que en varias ocasiones trabajadores de la red social advirtieron de la difusión de desinformación y teorías de la conspiración antes y después de las elecciones presidenciales de Estados Unidos. By Ryan Mac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/sited/implore/20211026-081827/ Tue, 26 Oct 2021 08:18:27 +0000 https://www.whatsupup.com/blog/sited/implore/20211026-081827/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/26/technology/facebook-sec-complaints.html">The Facebook Papers Facebook Faces a Public Relations Crisis. What About a Legal One? One of the most pressing questions is whether the Securities and Exchange Commission will significantly add to the company’s woes. By Cecilia Kang</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/10/26/espanol/facebook-documentos-desinformacion.html">Las investigaciones internas de Facebook: los documentan muestran señales de alarma sobre la desinformación Documentos de la empresa revelan que en varias ocasiones trabajadores de la red social advirtieron de la difusión de desinformación y teorías de la conspiración antes y después de las elecciones presidenciales de Estados Unidos. By Ryan Mac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211026-002105/ Tue, 26 Oct 2021 00:21:05 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211026-002105/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/25/technology/facebook-profits-earnings-q3-2021.html">Facebook profits jump 17 percent. The results in the latest quarter are a sign of the company’s financial strength as it faces a public relations crisis. By Mike Isaac</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/25/business/frances-haugen-facebook.html">Facebook Whistle-Blower Brings Campaign to Europe After Disclosures Beginning a European tour in Britain, the former Facebook manager was questioned by policymakers drafting tougher tech regulations. By Adam Satariano and Mike Isaac</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211026-001750/ Tue, 26 Oct 2021 00:17:50 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211026-001750/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/facebook-removed-the-news-feed-algorithm">Facebook Removed The News Feed Algorithm In An Experiment. Then It Gave Up.</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/facebook-removed-the-news-feed-algorithm">New leaked Facebook documents show what happened when Facebook tried to remove feed ranking. It didn't go well.</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20211026-001728/ Tue, 26 Oct 2021 00:17:27 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211026-001728/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-02931-7">Mysterious 'alien beacon' was false alarm</a><br></p> <hr> Radio signal seemed to originate from the star Proxima Centauri, and provided a helpful drill for future searches.<br> https://www.whatsupup.com/blog/ideo/fleury/20211025-200635/ Mon, 25 Oct 2021 20:06:35 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211025-200635/ The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti’s malware who refuse to negotiate a ransom payment are added to Conti’s victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.<br> A redacted screenshot of the Conti News victim shaming blog.<br> “We are looking for a buyer to access the network of this organization and sell data from their network,” reads the confusingly worded message inserted into multiple recent victim listings on Conti’s shaming blog.<br> It’s unclear what prompted the changes, or what Conti hopes to gain from the move. It’s also not obvious why they would advertise having hacked into companies if they plan on selling that access to extract sensitive data going forward. Conti did not respond to requests for comment.<br> “I wonder if they are about to close down their operation and want to sell data or access from an in-progress breach before they do,” said Fabian Wosar , chief technology officer at computer security firm Emsisoft . “But it’s somewhat stupid to do it that way as you will alert the companies that they have a breach going on.”<br> The unexplained shift comes as policymakers in the United States and Europe are moving forward on efforts to disrupt some of the top ransomware gangs. Reuters recently <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/">reported</a> that the U.S. government was behind an ongoing hacking operation that penetrated the computer systems of <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=REvil">REvil</a> , a ransomware affiliate group that experts say is about as aggressive and ruthless as Conti in dealing with victims. What’s more, REvil was among the first ransomware groups to start selling its victims’ data.<br> REvil’s darknet victim shaming site remains offline. In response, a representative for the Conti gang posted a long screed on Oct. 22 to a Russian language hacking forum denouncing the attack on REvil as the “unilateral, extraterritorial, and bandit-mugging behavior of the United States in world affairs.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access-to-victims/#more-57318">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access-to-victims/">Conti Ransom Gang Starts Selling Access to Victims</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211025-122035/ Mon, 25 Oct 2021 12:20:34 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211025-122035/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/25/technology/facebook-like-share-buttons.html">The Facebook Papers Facebook Wrestles With the Features It Used to Define Social Networking Likes and shares made the social media site what it is. Now, company documents show, it’s struggling to deal with their effects. By Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211025-001927/ Mon, 25 Oct 2021 00:19:27 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211025-001927/ 'You beat me': Colombia caught its most-wanted drug lord and promised swift extradition to the U.S. <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/americas/colombias-priority-is-extradite-drug-lord-otoniel-united-states-sources-2021-10-24/">VIEW MORE</a><br> https://www.whatsupup.com/blog/palpable/mulla/20211025-000643/ Mon, 25 Oct 2021 00:06:42 +0000 https://www.whatsupup.com/blog/palpable/mulla/20211025-000643/ <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2021/10/24/shell-quote-rce.html">Command injection through shell-quote</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211024-161929/ Sun, 24 Oct 2021 16:19:29 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211024-161929/ Eastern Europe COVID-19 cases pass 20 million, according to a Reuters tally. The region accounts for about 20% of new cases reported globally <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/europe/outbreak-worsens-covid-19-cases-eastern-europe-near-20-million-2021-10-24/">VIEW MORE</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211024-001932/ Sun, 24 Oct 2021 00:19:32 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211024-001932/ There were safety fears on the Rust film set before Alec Baldwin accidentally fired a live round, killing the cinematographer <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/media-telecom/director-gutted-by-death-cinematographer-accidental-shooting-2021-10-23/">VIEW MORE</a><br> https://www.whatsupup.com/blog/sited/implore/20211024-001904/ Sun, 24 Oct 2021 00:19:03 +0000 https://www.whatsupup.com/blog/sited/implore/20211024-001904/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/23/technology/facebook-india-misinformation.html">The Facebook Papers In India, Facebook Grapples With an Amplified Version of Its Problems Internal documents show a struggle with misinformation, hate speech and celebrations of violence in the country, the company’s biggest market. By Sheera Frenkel and Davey Alba</a><br> https://www.whatsupup.com/blog/popularization/compilable/20211024-000857/ Sun, 24 Oct 2021 00:08:56 +0000 https://www.whatsupup.com/blog/popularization/compilable/20211024-000857/ <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/UXFactor_CSCW21.pdf">The UX Factor: Using Comparative Peer Review to Evaluate Designs through User Preferences</a> Sarah Bawabe, Laura Wilson, Tongyu Zhou, Ezra Marks, Jeff Huang CSCW 2021    (Honorable Mention Award, Impact Recognition Award) <a rel="noreferrer" target="_blank" href="https://uxfactor.cs.brown.edu/">[website]</a> <a rel="noreferrer" target="_blank" href="https://docs.google.com/forms/d/e/1FAIpQLSeTCgnwF1gjrc1O8mfJ_5TmT_TLowFQ2DUhsollmqPG84pAFQ/viewform?usp=pp_url&entry.1299571007=UX+Factor:+peer+ux+review&entry.1760653896=uxfactor+homepage">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/TabularDatasets_CSCW21.pdf">Case Studies on the Motivation and Performance of Contributors Who Verify and Maintain In-Flux Tabular Datasets</a> Shaun Wallace, Alexandra Papoutsaki, Neilly H. Tan, Hua Guo, Jeff Huang CSCW 2021 <a rel="noreferrer" target="_blank" href="https://jeffhuang.com">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Portalware_DIS21.pdf">Portalware: Exploring Free-Hand AR Drawing with a Dual-Display Smartphone-Wearable Paradigm</a> Jing Qian, Tongyu Zhou, Meredith Young-Ng, Jiaju Ma, Angel Cheung, Xiangyu Li, Ian Gonsher, Jeff Huang DIS 2021 <a rel="noreferrer" target="_blank" href="https://jeffhuang.com">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/SelfE_CHI21.pdf">Self-E: Smartphone-Supported Guidance for Customizable Self-Experimentation</a> Nediyana Daskalova, Eindra Kyi, Kevin Ouyang, Arthur Borem, Sally Chen, Sung Hyun Park, Nicole Nugent, Jeff Huang CHI 2021 <a rel="noreferrer" target="_blank" href="https://selfe.cs.brown.edu/">[website]</a> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Sochiatrist_CSCW20.pdf">Sochiatrist: Signals of Affect in Messaging Data</a> Talie Massachi, Grant Fong, Varun Mathur, Sachin Pendse, Gabriela Hoefer, Jessica Fu, Chong Wang, Nikita Ramoji, Nicole Nugent, Megan Ranney, Daniel Dickstein, Michael Armey, Ellie Pavlick, Jeff Huang CSCW 2020 <a rel="noreferrer" target="_blank" href="https://sochiatrist.cs.brown.edu/">[website]</a> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Sketchy_CSCW20.pdf">Sketchy: Drawing Inspiration from the Crowd</a> Shaun Wallace, Brendan Le, Luis Leiva, Aman Haq, Ari Kintisch, Gabrielle Bufrem, Linda Chang, Jeff Huang CSCW 2020 <a rel="noreferrer" target="_blank" href="https://sketchy.cs.brown.edu/">[website]</a> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/SleepBandits_CHI20.pdf">SleepBandits: Guided Flexible Self-Experiments for Sleep</a> Nediyana Daskalova, Jina Yoon, Yibing Wang, Cintia Araujo, Guillermo Beltran, Nicole Nugent, John McGeary, Joseph Jay Williams, Jeff Huang CHI 2020 <a rel="noreferrer" target="_blank" href="https://sleepcoacher.cs.brown.edu/">[website]</a> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Portalble_UIST19.pdf">Portal-ble: Intuitive Free-Hand Manipulation in Unbounded Smartphone-based Augmented Reality</a> Jing Qian, Jiaju Ma, Xiangyu Li, Benjamin Attal, Haoming Lai, James Tompkin, John Hughes, Jeff Huang UIST 2019 <a rel="noreferrer" target="_blank" href="https://portalble.cs.brown.edu/">[website]</a> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Remotion_IMWUT18.pdf">Remotion: A Motion-Based Capture and Replay Platform of Mobile Device Interaction for Remote Usability Testing</a> Jing Qian, Arielle Chapin, Alexandra Papoutsaki, Fumeng Yang, Klaas Nelissen, Jeff Huang IMWUT 2018 <a rel="noreferrer" target="_blank" href="https://remotion.cs.brown.edu/">[website]</a> <a rel="noreferrer" target="_blank" href="https://docs.google.com/forms/d/e/1FAIpQLSeTCgnwF1gjrc1O8mfJ_5TmT_TLowFQ2DUhsollmqPG84pAFQ/viewform?usp=pp_url&entry.1299571007=Remotion:+mobile+motion+replay&entry.1760653896=remotion+homepage">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/EyeTyper_ETRA18.pdf">The Eye of the Typer: A Benchmark and Analysis of Gaze Behavior during Typing</a> Alexandra Papoutsaki, Aaron Gokaslan, James Tompkin, Yuze He, Jeff Huang ETRA 2018 <a rel="noreferrer" target="_blank" href="https://webgazer.cs.brown.edu/data/">[website]</a> <a rel="noreferrer" target="_blank" href="https://docs.google.com/forms/d/e/1FAIpQLSeTCgnwF1gjrc1O8mfJ_5TmT_TLowFQ2DUhsollmqPG84pAFQ/viewform?usp=pp_url&entry.1299571007=WebGazer:+webcam+eyetracking&entry.1760653896=webgazer+frontpage">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/SelfExperiments_IMWUT17.pdf">Lessons Learned from Two Cohorts of Personal Informatics Self-Experiments</a> Nediyana Daskalova, Karthik Desingh, Alexandra Papoutsaki, Diane Schulze, Han Sha, Jeff Huang IMWUT 2017 <a rel="noreferrer" target="_blank" href="https://jeffhuang.com">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Drafty_HCOMP17.pdf">Drafty: Enlisting Users to be Editors who Maintain Structured Data</a> Shaun Wallace, Lucy van Kleunen, Marianne Aubin-Le Quere, Abraham Peterkin, Yirui Huang, Jeff Huang HCOMP 2017 <a rel="noreferrer" target="_blank" href="https://drafty.cs.brown.edu/">[website]</a> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/SearchGazer_CHIIR17.pdf">SearchGazer: Webcam Eye Tracking for Remote Studies of Web Search</a> Alexandra Papoutsaki, James Laskey, Jeff Huang CHIIR 2017    (Best Paper Finalist) <a rel="noreferrer" target="_blank" href="https://webgazer.cs.brown.edu/search/">[website]</a> <a rel="noreferrer" target="_blank" href="https://docs.google.com/forms/d/e/1FAIpQLSeTCgnwF1gjrc1O8mfJ_5TmT_TLowFQ2DUhsollmqPG84pAFQ/viewform?usp=pp_url&entry.1299571007=WebGazer:+webcam+eyetracking&entry.1760653896=webgazer+frontpage">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/SleepCoacher_UIST16.pdf">SleepCoacher: A Personalized Automated Self-Experimentation System for Sleep Recommendations</a> Nediyana Daskalova, Danaë Metaxa, Adrienne Tran, Nicole Nugent, Julie Boergers, John McGeary, Jeff Huang UIST 2016 <a rel="noreferrer" target="_blank" href="https://sleepcoacher.cs.brown.edu/">[website]</a> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/WebGazer_IJCAI16.pdf">WebGazer: Scalable Webcam Eye Tracking Using User Interactions</a> Alexandra Papoutsaki, Patsorn Sangkloy, James Laskey, Nediyana Daskalova, Jeff Huang, James Hays IJCAI 2016 <a rel="noreferrer" target="_blank" href="https://webgazer.cs.brown.edu/">[website]</a> <a rel="noreferrer" target="_blank" href="https://docs.google.com/forms/d/e/1FAIpQLSeTCgnwF1gjrc1O8mfJ_5TmT_TLowFQ2DUhsollmqPG84pAFQ/viewform?usp=pp_url&entry.1299571007=WebGazer:+webcam+eyetracking&entry.1760653896=webgazer+frontpage">[subscribe]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/CrowdsourcingNovices_HCOMP15.pdf">Crowdsourcing from Scratch: A Pragmatic Experiment in Data Collection by Novice Requesters</a> Alexandra Papoutsaki, Hua Guo, Danaë Metaxa, Connor Gramazio, Jeff Rasley, Wenting Xie, Guan Wang, Jeff Huang HCOMP 2015    (Best Paper Finalist) <a rel="noreferrer" target="_blank" href="https://jeffhuang.com">[subscribe]</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211023-202304/ Sat, 23 Oct 2021 20:23:04 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211023-202304/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/23/technology/facebook-india-misinformation.html">The Facebook Papers In India, Facebook Grapples With an Amplified Version of Its Problems Internal documents show a struggle with misinformation, hate speech and celebrations of violence in the country, the company’s biggest market. By Sheera Frenkel and Davey Alba</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211023-202031/ Sat, 23 Oct 2021 20:20:30 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211023-202031/ Turkey set to banish U.S., Canadian and other ambassadors for urging a philanthropist’s release from prison <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/middle-east/turkeys-erdogan-orders-10-ambassadors-declared-persona-non-grata-2021-10-23/">VIEW MORE</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211023-002254/ Sat, 23 Oct 2021 00:22:53 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211023-002254/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/22/technology/facebook-election-misinformation.html">Internal Alarm, Public Shrugs: Facebook’s Employees Dissect Its Election Role Company documents show that the social network’s employees repeatedly raised red flags about the spread of misinformation and conspiracies before and after the contested November vote. By Ryan Mac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/sited/implore/20211023-002015/ Sat, 23 Oct 2021 00:20:15 +0000 https://www.whatsupup.com/blog/sited/implore/20211023-002015/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/22/technology/facebook-election-misinformation.html">Internal Alarm, Public Shrugs: Facebook’s Employees Dissect Its Election Role Company documents show that the social network’s employees repeatedly raised red flags about the spread of misinformation and conspiracies before and after the contested November vote. By Ryan Mac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/boxed/modification/20211023-001725/ Sat, 23 Oct 2021 00:17:24 +0000 https://www.whatsupup.com/blog/boxed/modification/20211023-001725/ doesn’t obsolete the hidden friend idiom<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#argument-dependent-lookup">argument-dependent-lookup</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#c++-style">c++-style</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#operator-spaceship">operator-spaceship</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#stl-classic">stl-classic</a><br> C++20 introduces new expression-rewriting rules for comparison operators, such that the compiler can rewrite<br> a < b<br> as either<br> (a <=> b) < 0<br> or<br> 0 < (b <=> a)<br> , and<br> a != b<br> !(a == b)<br> !(b == a)<br> . Today, someone asked whether these new rules decrease the attractiveness of the hidden friend idiom for overloaded operators — at least for<br> , should we just declare it as a member function? The answer is no. Observe ( <a rel="noreferrer" target="_blank" href="https://godbolt.org/z/e3eE39xhW">Godbolt</a> ):<br> https://www.whatsupup.com/blog/buckeroo/doubling/20211022-162007/ Fri, 22 Oct 2021 16:20:06 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211022-162007/ October 22, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/10/22/Smarter-every-day-and-4privacy.html">How SmarterEveryDay's 4privacy can, and cannot, meet its goals</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20211022-081613/ Fri, 22 Oct 2021 08:16:11 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20211022-081613/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html">Windows Exploitation Tricks: Relaying DCOM Authent…</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html">Using Kerberos for Authentication Relay Attacks</a> (Oct)<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211022-080832/ Fri, 22 Oct 2021 08:08:32 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211022-080832/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/top-5-mysql-gui-tools/">This article breaks down the leading MySQL tools and their benefits and potential drawbacks. We look at features, platform compatibility, use cases, and MySQL support.</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211022-041900/ Fri, 22 Oct 2021 04:19:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211022-041900/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/usa-cyber-revil/corrected-exclusive-governments-turn-tables-on-ransomware-gang-revil-by-pushing-it-offline-sources-idUSL1N2RH1PT">CORRECTED-EXCLUSIVE-Governments turn tables on ransomware gang REvil by pushing it offline -sources</a><br></p> <hr> Oct 21 The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official.<br> https://www.whatsupup.com/blog/overgrazing/propellent/20211022-001801/ Fri, 22 Oct 2021 00:18:01 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211022-001801/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/we-need-to-have-this-knife-fight">“We Need to Have This Knife Fight:” Inside Facebook’s Strategy To Bring The War To Apple.</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/we-need-to-have-this-knife-fight">An internal Facebook plan reveals the machinations of a company determined to fend off Apple’s new privacy controls.</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211021-201725/ Thu, 21 Oct 2021 20:17:24 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211021-201725/ Federal Reserve bans individual stock purchases by top officials and unveils other restrictions on their investing activities <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/fed-bans-stock-trading-restricts-other-investing-activities-by-top-officials-2021-10-21/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/usa-cyber-revil/exclusive-governments-turn-tables-on-ransomware-gang-revil-by-pushing-it-offline-sources-idUSKBN2HB2J5">Exclusive: Governments turn tables on ransomware gang REvil by pushing it offline -sources</a><br></p> <hr> The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official.<br> https://www.whatsupup.com/blog/boxed/modification/20211021-201442/ Thu, 21 Oct 2021 20:14:41 +0000 https://www.whatsupup.com/blog/boxed/modification/20211021-201442/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#celebration-of-mind">celebration-of-mind</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#etymology">etymology</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#math">math</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#puzzles">puzzles</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#today-i-learned">today-i-learned</a><br> https://www.whatsupup.com/blog/rat/realty/20211021-201044/ Thu, 21 Oct 2021 20:10:44 +0000 https://www.whatsupup.com/blog/rat/realty/20211021-201044/ <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2021/10/20/cablev2.html">Phones as security keys in Chrome</a> (20 Oct 2021)<br> With Chrome 94, if you have an Android phone with Chrome on it, and it’s syncing to the same Google account as Chrome on a Chrome OS/Windows/macOS device, then you’ll be able to use that phone as a security key. You should be able to try this out on any WebAuthn using website, for example <a rel="noreferrer" target="_blank" href="https://webauthn.io/">here</a> . (But not accounts.google.com, which uses a <a rel="noreferrer" target="_blank" href="https://support.google.com/accounts/answer/9289445?hl=en&co=GENIE.Platform%3DAndroid">different system</a> .)<br> The reason that you are reading about this here and not on an official Google site is that people shouldn’t start registering their phone as a security key unless they have a physical security key as a back up. Just like a regular security key, if you lose the phone then you lose the credentials. So, just like a regular security key, you should have a back up. (You can also lose your credentials if you remove the screen lock, or somehow wipeout Play Services state — e.g. by doing a factory reset.)<br> We have plans for addressing this and making this suitable for regular people, and to allow use in other profiles, but we’re not there yet. We are interested in whether the communications infrastructure is good enough though. (More below.)<br> For signing into Google, it has long been possible to use your phone as a security key. This only worked in Chrome and functioned over BLE GATT between the desktop and phone. We have wanted to expand this to the web in general for years, but the success rate that we measured with BLE was poor. After quite a lot of work trying to improve the BLE success rate, we didn’t achieve much.<br> But the use of BLE is more than just a convenience. The security model demands some proof of physical proximity between the authenticator and the machine that is being authenticated. For a USB security key the authenticator will only respond to something that is making physical contact with it. So when a phone is acting as a security key it needs to prove that the machine it is talking to is physically close by. (Or at least that the attacker is in control of a BLE radio that is physically close.)<br> We looked at other Bluetooth modes in the hopes that they might work better, but classic Bluetooth RFCOMM isn’t supported on iOS and requires a lot of user interaction on android. BLE L2CAP is supported on iOS, but isn’t supported (in user space) on Windows. It’s also flaky in the face of MAC address rotation if the devices aren’t paired.<br> So where we’ve ended up is that all the communication happens over the internet connection, but the phone sends a nonce in a BLE advert and the other end of the channel has to prove receipt. That’s the least amount of Bluetooth we could use while still requiring physical proximity. Needing bilateral internet connectivity is unfortunate though. So you can also connect the phone with a USB cable while the security key operation is running. (But very sadly not on Windows; The USB stack there just isn’t designed in the right way for it.) We might also add L2CAP as an option in the future.<br> This isn’t enabled on Linux at the moment. Historically trying to do the BLE GATT connection would often fail with bluez, and so the phone as a security key infrastructure was disabled on Linux. Now that the desktop only needs to receive a BLE advert it looks like it could work, but we haven’t flipped that switch yet.<br> As I mentioned above, we are interested in whether the underlying infrastructure is plausible. Aggregated anonymous statistics are useful for many things but in this case they suggest that BLE isn’t always working as well as it should, but don’t tell us why not. So if you are especially keen about security keys and want to try this out, I’d be interested in your experiences. I can't promise to respond but I will read everything if you send me an email (agl at chromium dot org) or tweet at me ( <a rel="noreferrer" target="_blank" href="https://twitter.com/agl__">agl__</a> ).<br> Some troubleshooting hints if you're having issues because this will be much faster than asking me!<br> If no phones appear as options : you're using Windows, macOS, or Chrome OS, yes? And it's an Android phone? And the machine has working Bluetooth? And Chrome is up to date everywhere? If you navigate to chrome://sync-internals, is the “Transport state” at the top-left reporting “Active”? If not, enable Sync. On the phone, does Settings say that Sync is on at the top? If not, enable it. Is the account listed in Settings on the phone the same as the “Username” in chrome://sync-internals on the desktop? If all that's good then probably you just need to wait because it can take a couple of days for the registration to propagate. Probably in the “Device Info” section of the “Sync Node Browser” in chrome://sync-internals your phone is listed, but there's no<br> paask_fields<br> section yet. If you want to short-circuit that, you can install Chrome Canary on the phone and enable syncing there. That should register quite quickly.<br> You can select the phone on the desktop, but nothing happens : the phone should be getting a cloud message poke that triggers a notification. Does the phone have internet access? Did you completely disable notifications from Chrome? <code>adb logcat | grep -i cable</code> would be interesting if you're setup for that. Otherwise, if this is a common issue, I might have to add some logging and ask for the tunnel URL from chrome://device-log.<br> You get the notification and tap it, but something else goes wrong : if an error code or error message is displayed then I want to know what it is! If it's hanging then the message at the bottom of the screen changes for each step of the process so that's what'll be useful. Most problems seem to be BLE: is the phone close to the desktop? What other BLE is happening on the devices?<br> https://www.whatsupup.com/blog/spectrometry/obol/20211021-161606/ Thu, 21 Oct 2021 16:16:05 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20211021-161606/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html">Windows Exploitation Tricks: Relaying DCOM Authentication</a><br></p> <hr> Posted by James Forshaw, Project Zero<br> In my <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html">previous blog post</a> I discussed the possibility of relaying Kerberos authentication from a DCOM connection. I was originally going to provide a more in-depth explanation of how that works, but as it's quite involved I thought it was worthy of its own blog post. This is primarily a technique to get relay authentication from another user on the same machine and forward that to a network service such as LDAP. You could use this to escalate privileges on a host using a technique similar to a <a rel="noreferrer" target="_blank" href="https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html#case-study-2-windows-1020162019-lpe">blog post</a> from Shenanigans Labs but removing the requirement for the WebDAV service. Let's get straight to it.<br> Background<br> The technique to locally relay authentication for DCOM was something I originally reported back in 2015 ( <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/detail?id=325">issue 325</a> ). This issue was fixed as CVE-2015-2370, however the underlying authentication relay using DCOM remained. This was repurposed and expanded upon by various others for local and remote privilege escalation in the <a rel="noreferrer" target="_blank" href="https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/">RottenPotato</a> series of exploits, the latest in that line being <a rel="noreferrer" target="_blank" href="https://github.com/antonioCoco/RemotePotato0">RemotePotato</a> which is currently unpatched as of October 2021.<br> The key feature that the exploit abused is standard COM marshaling. Specifically when a COM object is marshaled so that it can be used by a different process or host, the COM runtime generates an <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dcom/fe6c5e46-adf8-4e34-a8de-3f756c875f31">OBJREF structure</a> , most commonly the <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dcom/51312511-36e1-4ab6-993c-523643b11a29">OBJREF_STANDARD</a> form. This structure contains all the information necessary to establish a connection between a COM client and the original object in the COM server.<br> Connecting to the original object from the OBJREF is a two part process:<br> The client extracts the Object Exporter ID (OXID) from the structure and contacts the OXID resolver service specified by the RPC binding information in the OBJREF.<br> The client uses the OXID resolver service to find the RPC binding information of the COM server which hosts the object and establishes a connection to the RPC endpoint to access the object's interfaces.<br> Both of these steps require establishing an MSRPC connection to an endpoint. Commonly this is either locally over ALPC, or remotely via TCP. If a TCP connection is used then the client will also authenticate to the RPC server using NTLM or Kerberos based on the security bindings in the OBJREF.<br> The first key insight I had for <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/detail?id=325">issue 325</a> is that you can construct an OBJREF which will always establish a connection to the OXID resolver service over TCP, even if the service was on the local machine. To do this you specify the hostname as an IP address and an arbitrary TCP port for the client to connect to. This allows you to listen locally and when the RPC connection is made the authentication can be relayed or repurposed.<br> This isn't yet a privilege escalation, since you need to convince a privileged user to unmarshal the OBJREF. This was the second key insight: you could get a privileged service to unmarshal an arbitrary OBJREF easily using the <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/api/objbase/nf-objbase-cogetinstancefromistorage">CoGetInstanceFromIStorage</a> API and activating a privileged COM service. This marshals a COM object, creates the privileged COM server and then unmarshals the object in the server's security context. This results in an RPC call to the fake OXID resolver authenticated using a privileged user's credentials. From there the authentication could be relayed to the local system for privilege escalation.<br> Being able to redirect the OXID resolver RPC connection locally to a different TCP port was not by design and Microsoft eventually fixed this in Windows 10 1809/Server 2019. The underlying issue prior to Windows 10 1809 was the string containing the host returned as part of the OBJREF was directly concatenated into an <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/rpc/string-binding">RPC string binding</a> . Normally the RPC string binding should have been in the form of:<br> ncacn_ip_tcp:ADDRESS[135]<br> Where ncacn_ip_tcp is the protocol sequence for RPC over TCP, ADDRESS is the target address which would come from the string binding, and [135] is the well-known TCP port for the OXID resolver appended by RPCSS. However, as the ADDRESS value is inserted manually into the binding then the OBJREF could specify its own port, resulting in the string binding:<br> ncacn_ip_tcp:ADDRESS[9999][135]<br> The RPC runtime would just pick the first port in the binding string to connect to, in this case 9999, and would ignore the second port 135. This behavior was fixed by calling the <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/nf-rpcdce-rpcstringbindingcomposew">RpcStringBindingCompose</a> API which will correctly escape the additional port number which ensures it's ignored when making the RPC connection.<br> This is where the <a rel="noreferrer" target="_blank" href="https://www.sentinelone.com/labs/relaying-potatoes-another-unexpected-privilege-escalation-vulnerability-in-windows-rpc-protocol/">RemotePotato exploit</a> , developed by <a rel="noreferrer" target="_blank" href="https://twitter.com/splinter_code">Antonio Cocomazzi</a> and <a rel="noreferrer" target="_blank" href="https://twitter.com/decoder_it">Andrea Pierini</a> , comes into the picture. While it was no longer possible to redirect the OXID resolving to a local TCP server, you could redirect the initial connection to an external server. A call is made to the <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dcom/65292e10-ef0c-43ee-bce7-788e271cc794">IObjectExporter::ResolveOxid2</a> method which can return an arbitrary RPC binding string for a fake COM object.<br> Unlike the OXID resolver binding string, the one for the COM object is allowed to contain an arbitrary TCP port. By returning a binding string for the original host on an arbitrary TCP port, the second part of the connection process can be relayed rather than the first. The relayed authentication can then be sent to a domain server, such as LDAP or SMB, as long as they don't enforce signing.<br> This exploit has the clear disadvantage of requiring an external machine to act as the target of the initial OXID resolving. While investigating the Kerberos authentication relay attacks for DCOM, could I find a way to do everything on the same machine?<br> Remote ➜ Local Potato<br> If we're relaying the authentication for the second RPC connection, could we get the local OXID resolver to do the work for us and resolve to a local COM server on a randomly selected port? One of my goals is to write the least amount of code, which is why we'll do everything in C# and .NET.<br> byte [] ba = GetMarshalledObject(new object());<br> var std = COMObjRefStandard.FromArray(ba);<br> Console.WriteLine( "IPID: {0}" , std.Ipid);<br> Console.WriteLine( "OXID: {0:X08}" , std.Oxid);<br> Console.WriteLine( "OID : {0:X08}" , std.Oid);<br> std.StringBindings.Clear();<br> std.StringBindings.Add(RpcTowerId.Tcp, "127.0.0.1" );<br> Console.WriteLine( $"objref: {0} :" , Convert.ToBase64String(std.ToArray());<br> This code creates a basic .NET object and COM marshals it to a standard OBJREF. I've left out the code for the marshalling and parsing of the OBJREF, but much of that is already present in the linked <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/detail?id=325">issue 325</a> . We then modify the list of string bindings to only include a TCP binding for 127.0.0.1, forcing the OXID resolver to use TCP. If you specify a computer's hostname then the OXID resolver will use ALPC instead. Note that the string bindings in the OBJREF are only for binding to the OXID resolver, not the COM server itself.<br> We can then convert the modified OBJREF into an <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/api/objbase/nf-objbase-createobjrefmoniker">objref moniker</a> . This format is useful as it allows us to trivially unmarshal the object in another process by calling the <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/dotnet/api/system.runtime.interopservices.marshal.bindtomoniker">Marshal::BindToMoniker</a> API in .NET and passing the moniker string. For example to bind to the COM object in PowerShell you can run the following command:<br> [ Runtime.InteropServices.Marshal ]:: BindToMoniker( "objref:TUVP...:" )<br> Immediately after binding to the moniker a firewall dialog is likely to appear as shown:<br> This is requesting the user to allow our COM server process access to listen on all network interfaces for incoming connections. This prompt only appears when the client tries to resolve the OXID as DCOM supports dynamic RPC endpoints. Initially when the COM server starts it only listens on ALPC, but the RPCSS service can ask the server to bind to additional endpoints.<br> This request is made through an internal RPC interface that every COM server implements for use by the RPCSS service. One of the functions on this interface is UseProtSeq , which requests that the COM server enables a TCP endpoint. When the COM server receives the UseProtSeq call it tries to bind a TCP server to all interfaces, which subsequently triggers the Windows Defender Firewall to prompt the user for access.<br> Enabling the firewall permission requires administrator privileges. However, as we only need to listen for connections via localhost we shouldn't need to modify the firewall so the dialog can be dismissed safely. However, going back to the COM client we'll see an error reported.<br> Exception calling "BindToMoniker" with "1" argument(s):<br> "The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)"<br> If we allow our COM server executable through the firewall, the client is able to connect over TCP successfully. Clearly the firewall is affecting the behavior of the COM client in some way even though it shouldn't. Tracing through the unmarshalling process in the COM client, the error is being returned from RPCSS when trying to resolve the OXID's binding information. This would imply that no connection attempt is made, and RPCSS is detecting that the COM server wouldn't be allowed through the firewall and refusing to return any binding information for TCP.<br> Further digging into RPCSS led me to the following function:<br> BOOL IsPortOpen ( LPWSTR ImageFileName , int PortNumber ) {<br> INetFwMgr * mgr ;<br> CoCreateInstance ( CLSID_FwMgr , NULL , CLSCTX_INPROC_SERVER ,<br> IID_PPV_ARGS (& mgr ));<br> VARIANT Allowed ;<br> VARIANT Restricted ;<br> mgr -> IsPortAllowed ( ImageFileName , NET_FW_IP_VERSION_ANY ,<br> PortNumber , NULL , NET_FW_IP_PROTOCOL_TCP ,<br> & Allowed , & Restricted );<br> if ( VT_BOOL != Allowed . vt )<br> return FALSE ;<br> return Allowed . boolVal == VARIANT_TRUE ;<br> }<br> This function uses the HNetCfg.FwMgr COM object, and calls <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/api/netfw/nf-netfw-inetfwmgr-isportallowed">INetFwMgr::IsPortAllowed</a> to determine if the process is allowed to listen on the specified TCP port. This function is called for every TCP binding when enumerating the COM server's bindings to return to the client. RPCSS passes the full path to the … https://www.whatsupup.com/blog/boxed/modification/20211021-161528/ Thu, 21 Oct 2021 16:15:27 +0000 https://www.whatsupup.com/blog/boxed/modification/20211021-161528/ Last night Alexandre Muñiz gave a Celebration of Mind talk titled “How to Roll Two Dice.” If you want to roll 2d6, you can do it either the boring way (by rolling two ordinary d6s) or the interesting way — by rolling two distinct d6s, one labeled 1-2-2-3-3-4 and the other labeled 1-3-4-5-6-8. These <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Sicherman_dice">Sicherman dice</a> (invented by George Sicherman and first reported by Martin Gardner in 1978) produce the same distribution of 36 possible results as the ordinary 2d6:<br> Back to Basics at CppCon 2021<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#conferences">conferences</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#cppcon">cppcon</a><br> CppCon 2021 starts in just a few days! As in 2019 and 2020, CppCon 2021 will have a “Back to Basics” track. The Back to Basics track’s mission (in phrasing newly refined for 2021) is: Top trainers clearly explain all the essential topics of modern C++.<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211021-160906/ Thu, 21 Oct 2021 16:09:06 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211021-160906/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/the-power-mba-customer-story/">Gonzalo created a payment gateway to integrate more than 20 payment providers, sending the orders to MongoDB—but he still faced one problem: “I wasn’t able to show visualization of revenue to our team.” For that, he turned to Retool.</a><br> https://www.whatsupup.com/blog/gonadal/revving/20211021-042150/ Thu, 21 Oct 2021 04:21:49 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211021-042150/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/bfs/">BFS</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/graph/">graph</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/search/">search</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/18/competitive-programming-in-haskell-bfs-part-2-alternative-apis/#comments">1 Comment</a><br> https://www.whatsupup.com/blog/traveling/splay/20211021-002103/ Thu, 21 Oct 2021 00:21:02 +0000 https://www.whatsupup.com/blog/traveling/splay/20211021-002103/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/20/science/webb-telescope-astronomy-homophobia.html">Out There The Webb Telescope’s Latest Stumbling Block: Its Name The long-awaited successor to the Hubble Space Telescope is scheduled to launch in December. But the NASA official for whom it is named has been accused of homophobia. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211021-000923/ Thu, 21 Oct 2021 00:09:23 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211021-000923/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/build-a-graphql-admin-panel/">This post will show you how to create an admin panel with GraphQL endpoints using Retool—in less than 10 minutes. With our pre-built components, we'll both build an admin panel UI with less code, and explain how your CRUD queries work with the UI.</a><br> https://www.whatsupup.com/blog/gaper/whisky/20211020-202026/ Wed, 20 Oct 2021 20:20:21 +0000 https://www.whatsupup.com/blog/gaper/whisky/20211020-202026/ Welcome to our Hacks: Decoded Interview series! We spoke with Thomas Park over email about coding, his favourite apps and his past life at Mozilla. Thomas is the founder of Codepip, a platform he created for coding games that helps people learn HTML, CSS, JavaScript, etc. The most popular game is Flexbox Froggy.<br> https://www.whatsupup.com/blog/boxed/modification/20211020-201559/ Wed, 20 Oct 2021 20:15:59 +0000 https://www.whatsupup.com/blog/boxed/modification/20211020-201559/ <p>Here’s a puzzle for you: How do you write a class without a copy constructor?<br> Many thanks to Matheus Izvekov for the implementation, and to Stephan Bergmann for reporting these issues!<br> template<class C> struct Wrap { Wrap(C&); operator C::iterator() const; };</p> <p>template<class C> void f(C&, typename C::const_iterator);</p> <p>int main() { std::list<int> v; f(v, Wrap(v)); }<br></p> https://www.whatsupup.com/blog/gaper/whisky/20211020-162022/ Wed, 20 Oct 2021 16:20:21 +0000 https://www.whatsupup.com/blog/gaper/whisky/20211020-162022/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/10/hacks-decoded-thomas-park-founder-of-codepip/">Hacks Decoded: Thomas Park, Founder of Codepip →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/10/hacks-decoded-thomas-park-founder-of-codepip/">Hacks Decoded: Thomas Park, Founder of Codepip</a><br> <hr> Welcome to our Hacks: Decoded Interview series! We spoke with Thomas Park over email about coding, his favourite apps and his past life at Mozilla. Thomas is the founder of Codepip, a platform he created for coding games that help people learn HTML, CSS, JavaScript, etc. The most popular game is Flexbox Froggy.<br> https://www.whatsupup.com/blog/sited/implore/20211020-121917/ Wed, 20 Oct 2021 12:19:17 +0000 https://www.whatsupup.com/blog/sited/implore/20211020-121917/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/20/technology/mark-zuckerberg-facebook-lawsuit.html">Mark Zuckerberg will be added to a Facebook privacy lawsuit. The District of Columbia case, which grew out of the Cambridge Analytica scandal, could expose the chief executive to financial and other penalties. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20211020-041611/ Wed, 20 Oct 2021 04:16:10 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20211020-041611/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html">How a simple Linux kernel memory corruption bug ca…</a> (Oct)<br> https://www.whatsupup.com/blog/twopenny/ultraism/20211020-001806/ Wed, 20 Oct 2021 00:18:05 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211020-001806/ The U.S. House committee probing the Jan. 6 Capitol attack voted unanimously to approve a contempt report against Steve Bannon<br> https://www.whatsupup.com/blog/boxed/modification/20211019-201524/ Tue, 19 Oct 2021 20:15:23 +0000 https://www.whatsupup.com/blog/boxed/modification/20211019-201524/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#c++-style">c++-style</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#litclub">litclub</a><br> The other day I received a pre-release review copy of Fedor Pikus’s new book, <a rel="noreferrer" target="_blank" href="https://amzn.to/3AZ35pz">The Art of Writing Efficient Programs</a> ( <a rel="noreferrer" target="_blank" href="https://www.packtpub.com/product/the-art-of-writing-efficient-programs/9781800208117">Packt Publishing</a> , 2021). Here’s my review of it. TLDR: it’s very good! I don’t say that about just any book; and for a review copy from Packt, this book definitely exceeded my expectations.<br> https://www.whatsupup.com/blog/spectrometry/obol/20211019-161603/ Tue, 19 Oct 2021 16:16:01 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20211019-161603/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html">How a simple Linux kernel memory corruption bug can lead to complete system compromise</a><br></p> <hr> An analysis of current and potential kernel security mitigations<br> Posted by Jann Horn, Project Zero<br> This blog post describes a straightforward Linux kernel locking bug and how I exploited it against Debian Buster's 4.19.0-13-amd64 kernel. Based on that, it explores options for security mitigations that could prevent or hinder exploitation of issues similar to this one.<br> I hope that stepping through such an exploit and sharing this compiled knowledge with the wider security community can help with reasoning about the relative utility of various mitigation approaches.<br> A lot of the individual exploitation techniques and mitigation options that I am describing here aren't novel. However, I believe that there is value in writing them up together to show how various mitigations interact with a fairly normal use-after-free exploit.<br> Our bugtracker entry for this bug, along with the proof of concept, is at <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/detail?id=2125">https://bugs.chromium.org/p/project-zero/issues/detail?id=2125</a> .<br> Code snippets in this blog post that are relevant to the exploit are taken from the upstream 4.19.160 release, since that is what the targeted Debian kernel is based on; some other code snippets are from mainline Linux.<br> (In case you're wondering why the bug and the targeted Debian kernel are from end of last year: I already wrote most of this blogpost around April, but only recently finished it)<br> I would like to thank <a rel="noreferrer" target="_blank" href="https://twitter.com/lunixbochs">Ryan Hileman</a> for a discussion we had a while back about how static analysis might fit into static prevention of security bugs (but note that Ryan hasn't reviewed this post and doesn't necessarily agree with any of my opinions). I also want to thank <a rel="noreferrer" target="_blank" href="https://twitter.com/kees_cook">Kees Cook</a> for providing feedback on an earlier version of this post (again, without implying that he necessarily agrees with everything), and my Project Zero colleagues for reviewing this post and frequent discussions about exploit mitigations.<br> Background for the bug<br> On Linux, terminal devices (such as a serial console or a <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Virtual_console">virtual console</a> ) are represented by a<br> struct tty_struct<br> . Among other things, this structure contains fields used for the <a rel="noreferrer" target="_blank" href="https://www.gnu.org/software/libc/manual/html_node/Job-Control.html">job control</a> features of terminals, which are usually modified using <a rel="noreferrer" target="_blank" href="https://man7.org/linux/man-pages/man4/tty_ioctl.4.html">a set of ioctls</a> :<br> struct tty_struct { [...] spinlock_t ctrl_lock; [...] struct pid *pgrp; /* Protected by ctrl lock */ struct pid *session; [...] struct tty_struct *link; [...] }[...];<br> The<br> pgrp<br> field points to the foreground process group of the terminal (normally modified from userspace via the<br> TIOCSPGRP<br> ioctl); the<br> session<br> field points to the session associated with the terminal. Both of these fields do not point directly to a process/task, but rather to a<br> struct pid<br> .<br> ties a specific incarnation of a numeric ID to a set of processes that use that ID as their PID (also known in userspace as TID), TGID (also known in userspace as PID), PGID, or SID. You can kind of think of it as a weak reference to a process, although that's not entirely accurate. (There's some extra nuance around<br> when<br> execve()<br> is called by a non-leader thread, but that's irrelevant here.)<br> All processes that are running inside a terminal and are subject to its job control refer to that terminal as their "controlling terminal" (stored in<br> ->signal->tty<br> of the process).<br> A special type of terminal device are <a rel="noreferrer" target="_blank" href="https://man7.org/linux/man-pages/man7/pty.7.html">pseudoterminals</a> , which are used when you, for example, open a terminal application in a graphical environment or connect to a remote machine via SSH. While other terminal devices are connected to some sort of hardware, both ends of a pseudoterminal are controlled by userspace, and pseudoterminals can be freely created by (unprivileged) userspace. Every time <a rel="noreferrer" target="_blank" href="https://man7.org/linux/man-pages/man4/pts.4.html">/dev/ptmx</a> (short for "pseudoterminal multiplexor") is opened, the resulting file descriptor represents the device side (referred to in documentation and kernel sources as " <a rel="noreferrer" target="_blank" href="https://man7.org/linux/man-pages/man7/pty.7.html">the pseudoterminal master</a> ") of a new pseudoterminal . You can read from it to get the data that should be printed on the emulated screen, and write to it to emulate keyboard inputs. The corresponding terminal device (to which you'd usually connect a shell) is automatically created by the kernel under<br> /dev/pts/<number><br> One thing that makes pseudoterminals particularly strange is that both ends of the pseudoterminal have their own<br> , which point to each other using the<br> link<br> member, even though the device side of the pseudoterminal does not have terminal features like job control - so many of its members are unused.<br> Many of the ioctls for terminal management can be used on both ends of the pseudoterminal; but no matter on which end you call them, they affect the same state, sometimes with minor differences in behavior. For example, in the ioctl handler for<br> TIOCGPGRP<br> :<br> /** * tiocgpgrp - get process group * @tty: tty passed by user * @real_tty: tty side of the tty passed by the user if a pty else the tty * @p: returned pid * * Obtain the process group of the tty. If there is no process group * return an error. * * Locking: none. Reference to current->signal->tty is safe. */ static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) { struct pid *pid; int ret; /* * (tty == real_tty) is a cheap way of * testing if the tty is NOT a master pty. */ if (tty == real_tty && current->signal->tty != real_tty) return -ENOTTY; pid = tty_get_pgrp(real_tty); ret = put_user(pid_vnr(pid), p); put_pid(pid); return ret; }<br> As documented in the comment above, these handlers receive a pointer<br> real_tty<br> that points to the normal terminal device; an additional pointer<br> tty<br> is passed in that can be used to figure out on which end of the terminal the ioctl was originally called. As this example illustrates, the<br> pointer is normally only used for things like pointer comparisons. In this case, it is used to prevent<br> from working when called on the terminal side by a process which does not have this terminal as its controlling terminal.<br> Note: If you want to know more about how terminals and job control are intended to work, the book <a rel="noreferrer" target="_blank" href="https://man7.org/tlpi/">"The Linux Programming Interface"</a> provides a nice introduction to how these older parts of the userspace API are supposed to work. It doesn't describe any of the kernel internals though, since it's written as a reference for userspace programming. And it's from 2010, so it doesn't have anything in it about new APIs that have showed up over the last decade.<br> The bug<br> The bug was in the ioctl handler<br> tiocspgrp<br> /** * tiocspgrp - attempt to set process group * @tty: tty passed by user * @real_tty: tty side device matching tty passed by user * @p: pid pointer * * Set the process group of the tty to the session passed. Only * permitted where the tty session is our session. * * Locking: RCU, ctrl lock */ static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) { struct pid *pgrp; pid_t pgrp_nr; [...] if (get_user(pgrp_nr, p)) return -EFAULT; [...] pgrp = find_vpid(pgrp_nr); [...] spin_lock_irq(&tty->ctrl_lock); put_pid(real_tty->pgrp); real_tty->pgrp = get_pid(pgrp); spin_unlock_irq(&tty->ctrl_lock); [...] }<br> member of the terminal side (<br> ) is being modified, and the reference counts of the old and new process group are adjusted accordingly using<br> put_pid<br> and<br> get_pid<br> ; but the lock is taken on<br> , which can be either end of the pseudoterminal pair, depending on which file descriptor we pass to<br> ioctl()<br> . So by simultaneously calling the<br> ioctl on both sides of the pseudoterminal, we can cause data races between concurrent accesses to the<br> member. This can cause reference counts to become skewed through the following races:<br> ioctl(fd1, TIOCSPGRP, pid_A) ioctl(fd2, TIOCSPGRP, pid_B) spin_lock_irq(...) spin_lock_irq(...) put_pid(old_pid) put_pid(old_pid) real_tty->pgrp = get_pid(A) real_tty->pgrp = get_pid(B) spin_unlock_irq(...) spin_unlock_irq(...)<br> ioctl(fd1, TIOCSPGRP, pid_A) ioctl(fd2, TIOCSPGRP, pid_B) spin_lock_irq(...) spin_lock_irq(...) put_pid(old_pid) put_pid(old_pid) real_tty->pgrp = get_pid(B) real_tty->pgrp = get_pid(A) spin_unlock_irq(...) spin_unlock_irq(...)<br> In both cases, the refcount of the old<br> is decremented by 1 too much, and either A's or B's is incremented by 1 too much.<br> Once you understand the issue, <a rel="noreferrer" target="_blank" href="https://git.kernel.org/linus/54ffccbf053b">the fix</a> seems relatively obvious:<br> if (session_of_pgrp(pgrp) != task_session(current)) goto out_unlock; retval = 0; - spin_lock_irq(&tty->ctrl_lock); + spin_lock_irq(&real_tty->ctrl_lock); put_pid(real_tty->pgrp); real_tty->pgrp = get_pid(pgrp); - spin_unlock_irq(&tty->ctrl_lock); + spin_unlock_irq(&real_tty->ctrl_lock); out_unlock: rcu_read_unlock(); return retval;<br> Attack stages<br> In this section, I will first walk through how my exploit works; afterwards I will discuss different defensive techniques that target these attack stages.<br> Attack stage: Freeing the object with multiple dangling references<br> This bug allows us to probabilistically skew the refcount of a<br> down, depending on which way the race happens: We can run colliding<br> calls from two threads repeatedly, and from time to time that will mess up the refcount. But we don't immediately know how many times the refcount skew has actually happened.<br> What … https://www.whatsupup.com/blog/twopenny/ultraism/20211019-121847/ Tue, 19 Oct 2021 12:18:47 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211019-121847/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/china-cyber-telcos/china-linked-hacking-group-accessing-calling-records-worldwide-crowdstrike-says-idUSKBN2H914I">China-linked hacking group accessing calling records worldwide, CrowdStrike says</a><br></p> <hr> SAN FRANCISCO A hacking group with suspected ties to China burrowed into mobile telephone networks around the world and used specialized tools to grab calling records and text messages from telecommunication carriers, a U.S. cybersecurity company said on Tuesday.<br> https://www.whatsupup.com/blog/overinsuring/enzyme/20211019-081640/ Tue, 19 Oct 2021 08:16:39 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20211019-081640/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com">Follow</a><br> https://www.whatsupup.com/blog/gonadal/revving/20211019-002239/ Tue, 19 Oct 2021 00:22:39 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211019-002239/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/18/competitive-programming-in-haskell-bfs-part-2-alternative-apis/">Competitive programming in Haskell: BFS, part 2 (alternative APIs)</a><br> https://www.whatsupup.com/blog/gonadal/revving/20211018-202117/ Mon, 18 Oct 2021 20:21:16 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211018-202117/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/18/competitive-programming-in-haskell-bfs-part-2-alternative-apis/">Competitive programming in Haskell: BFS, part 2 (alternative APIs)</a><br></p> <hr> In <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/14/competitive-programming-in-haskell-bfs-part-1/">my last post</a> , I showed how we can solve <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/modulosolitaire">Modulo Solitaire</a> (and hopefully other BFS problems as well) using a certain API for BFS, which returns two functions: one,<br> level :: v -> Maybe Int<br> , gives the level ( i.e. length of a shortest path to) of each vertex, and<br> parent :: v -> Maybe v<br> gives the parent of each vertex in the BFS forest. Before showing an implementation, I wanted to talk a bit more about this API and why I chose it.<br> In particular, Andrey Mokhov <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/14/competitive-programming-in-haskell-bfs-part-1/#comment-40054">left a comment</a> on my previous post with some alternative APIs:<br> bfsForest :: Ord a => [ a ] -> AdjacencyMap a -> Forest a bfs :: Ord a => [ a ] -> AdjacencyMap a -> [ [ a ] ]<br> Of course, as Andrey notes,<br> AdjacencyMap<br> is actually a reified graph data structure, which we don’t want here, but that’s not essential; presumably the<br> arguments in Andrey’s functions could easily be replaced by an implicit graph description instead. (Note that an API requiring an implicit representation is strictly more powerful, since if you have an explicit representation you can always just pass in a function which does lookups into your explicit representation.) However, Andrey raises a good point. Both these APIs return information which is not immediately available from my API.<br> bfsForest<br> returns an actual forest we can traverse, giving the children of each node. My API only returns a<br> function which gives the parent of each node. These contain equivalent information, however, and we can convert back and forth efficiently (where by “efficiently” in this context I mean “in time or better”) as long as we have a list of all vertices. To convert from a<br> Forest<br> to a parent function, just traverse the forest and remember all the parent-child pairs we see, building e.g. a<br> that can be used for lookup. To convert back, first iterate over the list of all vertices, find the parent of each, and build an inverse mapping from parents to sets of children. If we want to proceed to building an actual<br> data structure, we can unfold one via repeated lookups into our child mapping.<br> However, I would argue that in typical applications, having the<br> function is more useful than having a<br> . For example, the<br> function allows us to efficiently answer common, classic queries such as “Is vertex<br> reachable from vertex<br> ?” and “What is a shortest path from<br> ?” Answering these questions with a<br> would require traversing the entire<br> to look for the target vertex<br> returns a list of levels: that is, the first list is the starting vertices, the next list is all vertices one step away from any starting vertex, the next list is all vertices two steps away, and so on. Again, given a list of all vertices, we can recover a list of levels from the<br> function: just traverse the list of all vertices, looking up the level of each and adding it to an appropriate mapping from levels to sets of vertices. Converting in the other direction is easy as well.<br> A level list lets us efficiently answer a queries such as “how many vertices are exactly 5 steps away from<br> ”?, whereas with the<br> function we can efficiently answer queries such as “What is the length of a shortest path from<br> ?” In practice, the latter form of query seems more common.<br> In the final version of this BFS API, I will probably include some functions to recover forests and level sets as described above. Some benchmarking will be needed to see whether it’s more efficient to recover them after the fact or to actually keep track of them along the way.<br> Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/bfs/">BFS</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/graph/">graph</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/search/">search</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/14/competitive-programming-in-haskell-bfs-part-1/#comments">2 Comments</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211018-201815/ Mon, 18 Oct 2021 20:18:14 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211018-201815/ Biden administration asks Supreme Court to block Texas law banning abortions after six weeks <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/biden-administration-asks-us-supreme-court-block-texas-abortion-law-2021-10-18/">VIEW MORE</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211018-162036/ Mon, 18 Oct 2021 16:20:36 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211018-162036/ October 17, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/10/17/Reliability.html">Software developers have stopped caring about reliability</a><br> https://www.whatsupup.com/blog/boxed/modification/20211018-161536/ Mon, 18 Oct 2021 16:15:36 +0000 https://www.whatsupup.com/blog/boxed/modification/20211018-161536/ means<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#argument-dependent-lookup">argument-dependent-lookup</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#c++-learner-track">c++-learner-track</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#library-design">library-design</a><br> In my C++ training classes, I often explain the meaning of<br> as<br> The library author is saying, “I know what you’re trying to do, and what you’re trying to do is wrong.” …<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#celebration-of-mind">celebration-of-mind</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#conferences">conferences</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#math">math</a><br> Next week, October 18 through 24, the Gathering 4 Gardner is hosting a week-long Celebration of Mind, featuring three brief presentations per day, every day. <a rel="noreferrer" target="_blank" href="https://www.gathering4gardner.org/g4gs-celebration-of-mind-2021-10/">The speaker lineup has just been announced</a> — and with a nicer HTML layout than <a rel="noreferrer" target="_blank" href="https://www.gathering4gardner.org/g4gs-celebration-of-mind-april-2021/">last time</a> , too! The new layout makes this very short summary lineup less necessary than last time, but heck, it’s content.<br> https://www.whatsupup.com/blog/playacted/rededication/20211016-122012/ Sat, 16 Oct 2021 12:20:11 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211016-122012/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/16/technology/instagram-teens.html">Instagram Struggles With Fears of Losing Its ‘Pipeline’: Young Users The app, hailed as Facebook’s growth engine, has privately wrestled with retaining and engaging teenagers, according to internal documents. By Sheera Frenkel, Ryan Mac and Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211016-121759/ Sat, 16 Oct 2021 12:17:59 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211016-121759/ U.S. FDA advisers vote to recommend J&J COVID-19 vaccine booster for people 18 and older at least two months after first dose <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/us-fda-advisers-vote-favor-booster-jj-covid-19-vaccine-2021-10-15/">VIEW MORE</a><br> https://www.whatsupup.com/blog/popularization/compilable/20211016-000752/ Sat, 16 Oct 2021 00:07:52 +0000 https://www.whatsupup.com/blog/popularization/compilable/20211016-000752/ <a rel="noreferrer" target="_blank" href="https://g1isgone.github.io/">Ji Won Chung</a><br> https://www.whatsupup.com/blog/novice/millrace/20211015-201427/ Fri, 15 Oct 2021 20:14:27 +0000 https://www.whatsupup.com/blog/novice/millrace/20211015-201427/ Last summer an(other) unarmed black man was killed by police in Minneapolis, Minnesota. The subsequent 8 minute and 46 second video clip swept across social media and raised widespread condemnation. Hours of discourse and weeks of protests followed. …<br> https://www.whatsupup.com/blog/seer/hemisphere/20211015-041747/ Fri, 15 Oct 2021 04:17:46 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211015-041747/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-02807-w">First mission to Jupiter’s asteroids could reveal Solar System origins</a><br></p> <hr> NASA’s Lucy spacecraft will loop past the never-before-explored ‘Trojan’ asteroids during a 12-year journey.<br> https://www.whatsupup.com/blog/popularization/compilable/20211015-040832/ Fri, 15 Oct 2021 04:08:32 +0000 https://www.whatsupup.com/blog/popularization/compilable/20211015-040832/ <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/UXFactor_CSCW21.pdf">The UX Factor: Using Comparative Peer Review to Evaluate Designs through User Preferences</a> Sarah Bawabe, Laura Wilson, Tongyu Zhou, Ezra Marks, Jeff Huang CSCW 2021    (Honorable Mention Award, Impact Recognition Award) <a rel="noreferrer" target="_blank" href="https://uxfactor.cs.brown.edu/">[website]</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211015-001901/ Fri, 15 Oct 2021 00:19:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211015-001901/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/usa-cyber-water/u-s-authorities-disclose-ransomware-attacks-against-water-facilities-idUSKBN2H42KY">U.S. authorities disclose ransomware attacks against water facilities</a><br></p> <hr> SAN FRANCISCO U.S. authorities said on Thursday that four ransomware attacks had penetrated water and wastewater facilities in the past year, and they warned similar plants to check for signs of intrusions and take other precautions.<br> https://www.whatsupup.com/blog/overgrazing/propellent/20211015-001813/ Fri, 15 Oct 2021 00:18:13 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211015-001813/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-blowhard-curve-when-to-lead-thoughts">The Blowhard Curve: When To Lead Thoughts Or Leave Them.</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-blowhard-curve-when-to-lead-thoughts">Find yourself and your organization on the curve.</a><br> https://www.whatsupup.com/blog/gonadal/revving/20211014-202112/ Thu, 14 Oct 2021 20:21:12 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211014-202112/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/maximum/">maximum</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/subsequence/">subsequence</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/sum/">sum</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/09/competitive-programming-in-haskell-kadanes-algorithm/#comments">1 Comment</a><br> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/14/competitive-programming-in-haskell-bfs-part-1/">Competitive programming in Haskell: BFS, part 1</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211014-201830/ Thu, 14 Oct 2021 20:18:29 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211014-201830/ U.S. FDA advisers vote in favor of Moderna COVID vaccine boosters for those 65 and older and at high risk of severe illness <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/healthcare-pharmaceuticals/us-fda-advisers-weigh-case-covid-19-vaccine-booster-shots-2021-10-14/">VIEW MORE</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211014-200857/ Thu, 14 Oct 2021 20:08:57 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211014-200857/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/new-input-ui-component-library/">Today, we’re excited to roll out 35+ UI components rebuilt and redesigned from the ground up, amounting to one of the most comprehensive and configurable input libraries available.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211014-200636/ Thu, 14 Oct 2021 20:06:36 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211014-200636/ On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication in its “attempt to embarrass the state and sell headlines for their news outlet.”<br> Missouri Gov. Mike Parson (R), vowing to prosecute the St. Louis Post-Dispatch for reporting a security vulnerability that exposed teacher SSNs.<br> The Post-Dispatch <a rel="noreferrer" target="_blank" href="https://www.stltoday.com/news/local/education/missouri-teachers-social-security-numbers-at-risk-on-state-agencys-website/article_f3339700-ece0-54a1-9a45-f300321b7c82.html">says it discovered the vulnerability</a> in a web application that allowed the public to search teacher certifications and credentials, and that more than 100,000 SSNs were available. The Missouri state Department of Elementary and Secondary Education (DESE) reportedly removed the affected pages from its website Tuesday after being notified of the problem by the publication (before the story on the flaw was published).<br> The newspaper said it found that teachers’ Social Security numbers were contained in the HTML source code of the pages involved. In other words, the information was available to anyone with a web browser who happened to also examine the site’s public code using Developer Tools or simply right-clicking on the page and viewing the source code.<br> The Post-Dispatch reported that it wasn’t immediately clear how long the Social Security numbers and other sensitive information had been vulnerable on the DESE website, nor was it known if anyone had exploited the flaw.<br> But in <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com">a press conference Thursday morning</a> , Gov. Parson said he would seek to prosecute and investigate the reporter and the region’s largest newspaper for “unlawfully” accessing teacher data.<br> “This administration is standing up against any and all perpetrators who attempt to steal personal information and harm Missourians,” Parson said. “It is unlawful to access encoded data and systems in order to examine other peoples’ personal information. We are coordinating state resources to respond and utilize all legal methods available. My administration has notified the Cole County prosecutor of this matter, the Missouri State Highway Patrol’s Digital Forensics Unit will also be conducting an investigation of all of those involved. This incident alone may cost Missouri taxpayers as much as $50 million.”<br> While threatening to prosecute the reporters to the fullest extent of the law, Parson sought to downplay the severity of the security weakness, saying the reporter only unmasked three Social Security numbers, and that “there was no option to decode Social Security numbers for all educators in the system all at once.”<br> “The state is committed to bringing to justice anyone who hacked our systems or anyone who aided them to do so,” Parson continued. “A hacker is someone who gains unauthorized access to information or content. This individual did not have permission to do what they did. They had no authorization to convert or decode, so this was clearly a hack.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/#more-57293">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/">Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability</a><br> https://www.whatsupup.com/blog/gonadal/revving/20211014-162150/ Thu, 14 Oct 2021 16:21:49 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211014-162150/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/14/competitive-programming-in-haskell-bfs-part-1/">Competitive programming in Haskell: BFS, part 1</a><br></p> <hr> In <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/09/competitive-programming-in-haskell-kadanes-algorithm/">a previous post</a> , I challenged you to solve <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/modulosolitaire">Modulo Solitaire</a> . In this problem, we are given a starting number and are trying to reach in as few moves as possible. At each move, we may pick one of up to 10 different rules that say we can transform into .<br> In one sense, this is a straightforward search problem. Conceptually, the numbers through form the vertices of a graph, with a directed edge from to whenever there is some allowed such that ; we want to do a breadth first search in this graph to find the length of a shortest path from to . However, can be up to and there can be up to rules, giving a total of up to edges. In the case that is unreachable, we may have to explore every single edge. So we are going to need a pretty fast implementation; we’ll come back to that later.<br> Haskell actually has a nice advantage here. This is exactly the kind of problem in which we want to represent the graph implicitly . There is no reason to actually reify the graph in memory as a data structure; it would only waste memory and time. Instead, we can specify the graph implicitly using a function that gives the neighbors of each vertex, which means BFS itself will be a higher-order function. Higher-order functions are very awkward to represent in a language like Java or C++, so when I solve problems like this in Java, I tend to just write the whole BFS from scratch every single time, and I doubt I’m the only one. However, in Haskell we can easily make an abstract interface to BFS which takes a function as input specifying an implicit graph, allowing us to nicely separate out the graph search logic from the task of specifying the graph itself.<br> What would be my ideal API for BFS in Haskell? I think it might look something like this (but I’m happy to hear suggestions as to how it could be made more useful or general):<br> data BFSResult v = BFSR { level :: v -> Maybe Int , parent :: v -> Maybe v } bfs :: ( Ord v , Hashable v ) => [ v ] -> -- Starting vertices ( v -> [ v ] ) -> -- Neighbors ( v -> Bool ) -> -- Goal predicate BFSResult v<br> bfs<br> takes a list of vertices to search from (which could be a singleton if there is a single specific starting vertex), a function specifying the out-neighbors of each vertex, and a predicate specifying which vertices are “goal” vertices (so we can stop early if we reach one), and returns a<br> BFSResult<br> record, which tells us the level at which each vertex was encountered, if at all (i.e. how many steps were required to reach it), and the parent of each vertex in the search. If we just want to know whether a vertex was reachable at all, we can see if<br> level<br> returns<br> Just<br> ; if we want to know the shortest path to a vertex, we can just iterate<br> parent<br> . Vertices must be<br> Hashable<br> to facilitate storing them in data structures.<br> Using this API, the solution is pretty short.<br> main = C.interact $ runScanner tc >>> solve >>> format data Move = Move { a :: ! Int , b :: ! Int } deriving ( Eq , Show ) data TC = TC { m :: Int , s0 :: Int , moves :: [ Move ] } deriving ( Eq , Show ) tc :: Scanner TC tc = do m <- int n <- int TC m <$> int <*> n >< ( Move <$> int <*> int ) format :: Maybe Int -> ByteString format = maybe "-1" showB solve :: TC -> Maybe Int solve TC { .. } = level res 0 where res = bfs [ s0 ] ( \ v -> map ( step v ) moves ) ( == 0 ) step v ( Move a b ) = ( a * v + b ) `mod` m<br> We run a BFS from , stopping when we reach , and then look up the<br> of 0 to see the minimum number of steps needed to reach it.<br> In part 2, I’ll talk about how to implement this API. There are many viable implementation strategies, but the trick is getting it to run fast enough.<br> Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/bfs/">BFS</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/graph/">graph</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/search/">search</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/14/competitive-programming-in-haskell-bfs-part-1/#respond">Leave a comment</a><br> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/graph/">graph</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20211014-001251/ Thu, 14 Oct 2021 00:12:51 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211014-001251/ I'm discussing “One On One with A & Z” with @bhorowitz and a16z. Today, Oct 13, right now, in @clubhouse. Join us! <a rel="noreferrer" target="_blank" href="https://t.co/0PGgsNoO9f"><a href="https://t.co/0PGgsNoO9f">https://t.co/0PGgsNoO9f</a></a><br> https://www.whatsupup.com/blog/playacted/rededication/20211013-202010/ Wed, 13 Oct 2021 20:20:09 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211013-202010/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/13/technology/facebook-workplace-transparency-leaks.html">Facebook clamps down on its internal message boards. The social network, which has been under increased scrutiny after a former product manager turned into a whistle-blower, is trying to prevent leaks. By Ryan Mac</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211013-200649/ Wed, 13 Oct 2021 20:06:49 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211013-200649/ A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20211013-161721/ Wed, 13 Oct 2021 16:17:21 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211013-161721/ Live: Is your car running on empty? Ask our reporters why a tenth of petrol stations in London and southeast England are dry <a rel="noreferrer" target="_blank" href="https://www.reddit.com/r/ukpolitics/comments/q7anq7/live_from_3pm_bst_were_reuters_journalists/">VIEW MORE</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211013-160636/ Wed, 13 Oct 2021 16:06:36 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211013-160636/ A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.<br> A Google-translated version of the now-defunct Coinbase phishing site, coinbase.com.password-reset[.]com<br> Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. The now-defunct phishing domain at issue — coinbase.com.password-reset[.]com — was targeting Italian Coinbase users (the site’s default language was Italian). And it was fairly successful, according to Alex Holden , founder of Milwaukee-based cybersecurity firm <a rel="noreferrer" target="_blank" href="http://www.holdsecurity.com">Hold Security</a> .<br> Holden’s team managed to peer inside some poorly hidden file directories associated with that phishing site, including its administration page. That panel, pictured in the redacted screenshot below, indicated the phishing attacks netted at least 870 sets of credentials before the site was taken offline.<br> The Coinbase phishing panel.<br> Holden said each time a new victim submitted credentials at the Coinbase phishing site, the administrative panel would make a loud “ding” — presumably to alert whoever was at the keyboard on the other end of this phishing scam that they had a live one on the hook.<br> In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app.<br> “These guys have real-time capabilities of soliciting any input from the victim they need to get into their Coinbase account,” Holden said.<br> Pressing the “Send Info” button prompted visitors to supply additional personal information, including their name, date of birth, and street address. Armed with the target’s mobile number, they could also click “Send verification SMS” with a text message prompting them to text back a one-time code.<br> SIFTING COINBASE FOR ACTIVE USERS<br> Holden said the phishing group appears to have identified Italian Coinbase users by attempting to sign up new accounts under the email addresses of more than 2.5 million Italians. His team also managed to recover the username and password data that victims submitted to the site, and virtually all of the submitted email addresses ended in “.it”.<br> But the phishers in this case likely weren’t interested in registering any accounts. Rather, the bad guys understood that any attempts to sign up using an email address tied to an existing Coinbase account would fail. After doing that several million times, the phishers would then take the email addresses that failed new account signups and target them with Coinbase-themed phishing emails.<br> Holden’s data shows this phishing gang conducted hundreds of thousands of halfhearted account signup attempts daily. For example, on Oct. 10 the scammers checked more than 216,000 email addresses against Coinbase’s systems. The following day, they attempted to register 174,000 new Coinbase accounts. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/how-coinbase-phishers-steal-one-time-passwords/#more-57245">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/how-coinbase-phishers-steal-one-time-passwords/">How Coinbase Phishers Steal One-Time Passwords</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211013-001757/ Wed, 13 Oct 2021 00:17:57 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211013-001757/ U.S. House approves Senate-passed bill to temporarily hike debt limit, delaying the risk of default until early December <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/us-house-expected-pass-bill-hike-debt-ceiling-avert-default-2021-10-12/">VIEW MORE</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211013-000659/ Wed, 13 Oct 2021 00:06:58 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211013-000659/ Firstly, Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability (CVE-2021-30883) that is being leveraged in active attacks targeting iPhone and iPad users. Lawrence Abrams of Bleeping Computer <a rel="noreferrer" target="_blank" href="https://www.bleepingcomputer.com/news/security/emergency-apple-ios-1502-update-fixes-zero-day-used-in-attacks/">writes</a> that the flaw could be used to steal data or install malware, and that soon after Apple patched the bug security researcher <a rel="noreferrer" target="_blank" href="https://twitter.com/AmarSaar">Saar Amar</a> published a <a rel="noreferrer" target="_blank" href="https://saaramar.github.io/IOMFB_integer_overflow_poc/">technical writeup and proof-of-concept exploit</a> derived from reverse engineering Apple’s patch.<br> https://www.whatsupup.com/blog/ideo/fleury/20211012-200634/ Tue, 12 Oct 2021 20:06:33 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211012-200634/ Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system. Separately, Apple has released updates for iOS and iPadOS to address a flaw that is being actively attacked.<br> Firstly, Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability (CVE-2021-30883) that is being leveraged in active attacks targeting iPhone and iPad users. Lawrence Abrams of Bleeping Computer <a rel="noreferrer" target="_blank" href="https://www.bleepingcomputer.com/news/security/emergency-apple-ios-1502-update-fixes-zero-day-used-in-attacks/">writes</a> that the flaw could be used to steal data or install malware, and that soon after Apple patched the bug security researcher <a rel="noreferrer" target="_blank" href="https://twitter.com/AmarSaar">Saar Amar</a> published a <a rel="noreferrer" target="_blank" href="https://saaramar.github.io/IOMFB_integer_overflow_poc/">technical writeup and proof-of-concept exploit</a> that was derived from reverse engineering Apple’s patch.<br> Abrams said the list of impacted Apple devices is quite extensive, affecting older and newer models. If you own an iPad or iPhone — or any other Apple device — please <a rel="noreferrer" target="_blank" href="https://support.apple.com/en-ca/HT204204">make sure it’s up to date with the latest security patches</a> .<br> Three of the weaknesses Microsoft addressed today tackle vulnerabilities rated “ critical ,” meaning that malware or miscreants could exploit them to gain complete, remote control over vulnerable systems — with little or no help from targets.<br> One of the critical bugs concerns <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40486">Microsoft Word</a> , and two others are remote code execution flaws in Windows Hyper-V , the virtualization component built into Windows. <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38672">CVE-2021-38672</a> affects Windows 11 and Windows Server 2022; <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40461">CVE-2021-40461</a> impacts both Windows 11 and Windows 10 systems, as well as Server versions.<br> But as usual, some of the more concerning security weaknesses addressed this month earned Microsoft’s slightly less dire “ important ” designation, which applies to a vulnerability “whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.”<br> The flaw that’s under active assault — <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40449">CVE-2021-40449</a> — is an important “ elevation of privilege ” vulnerability, meaning it can be leveraged in combination with another vulnerability to let attackers run code of their choice as administrator on a vulnerable system.<br> <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36970">CVE-2021-36970</a> is an important spoofing vulnerability in Microsoft’s Windows Print Spooler. The flaw was discovered by the same researchers credited with the discovery of one of two vulnerabilities that became known as PrintNightmare — the widespread exploitation of a critical Print Spooler flaw that forced Microsoft <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/">to issue an emergency security update back in July</a> . Microsoft assesses CVE-2021-36970 as “exploitation more likely.”<br> “While no details have been shared publicly about the flaw, this is definitely one to watch for, as we saw a constant stream of Print Spooler-related vulnerabilities patched over the summer while ransomware groups began incorporating PrintNightmare into their affiliate playbook,” said Satnam Narang , staff research engineer at Tenable . “We strongly encourage organizations to apply these patches as soon as possible.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/patch-tuesday-october-2021-edition/#more-57264">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/patch-tuesday-october-2021-edition/">Patch Tuesday, October 2021 Edition</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20211012-041239/ Tue, 12 Oct 2021 04:12:39 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211012-041239/ Please join @bhorowitz and me on Wed 5PM Pacific on @Clubhouse. Reply to this tweet with questions for us! <a rel="noreferrer" target="_blank" href="https://t.co/x4RHjSjrP5"><a href="https://t.co/x4RHjSjrP5">https://t.co/x4RHjSjrP5</a></a><br> I'm discussing “One On One with A & Z” with @bhorowitz and a16z. Wednesday, Oct 13 at 5:00 PM PDT in @clubhouse. Join us! <a rel="noreferrer" target="_blank" href="https://t.co/0PGgsNoO9f"><a href="https://t.co/0PGgsNoO9f">https://t.co/0PGgsNoO9f</a></a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211011-121849/ Mon, 11 Oct 2021 12:18:49 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211011-121849/ Nobel economics prize goes to David Card, Joshua Angrist and Guido Imbens <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/card-angrist-imbens-win-2021-nobel-economics-prize-2021-10-11/">VIEW MORE</a><br> https://www.whatsupup.com/blog/palpable/mulla/20211011-080629/ Mon, 11 Oct 2021 08:06:29 +0000 https://www.whatsupup.com/blog/palpable/mulla/20211011-080629/ <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2021/10/10/glitch-git-import.html">The elevated daemon that imported Git projects for you and how it went wrong</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211011-041818/ Mon, 11 Oct 2021 04:18:18 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211011-041818/ The U.S. says its first face-to-face talks with Taliban officials were 'candid and professional' <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific/taliban-delegation-ends-discussions-with-us-delegation-doha-2021-10-10/">VIEW MORE</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20211011-001556/ Mon, 11 Oct 2021 00:15:55 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20211011-001556/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/10/02/Amazon-Catharsis">Catharsis</a> · It was just a <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/09/29/technology/amazon-fired-workers-settlement.html">minor story in the business section</a> , nothing front-page. But when I heard (earlier in the day, from an insider), the news was cathartic; I had to stand up and take a walk. Summary: Amazon was about to find itself in court with the US National Labor Relations Board over the firing of Emily Cunningham and Maren Costa; the event that <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2020/04/29/Leaving-Amazon">caused me to walk away</a> from the best job I ever had and a whole lot of money. On September 29 th , Amazon avoided that trial by signing a humiliating out-of-court settlement. Which is to say, that particular firing spree was not only unethical and stupid, it was probably illegal <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/10/02/Amazon-Catharsis">…</a> [2 comments]<br> https://www.whatsupup.com/blog/playacted/rededication/20211010-202211/ Sun, 10 Oct 2021 20:22:10 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211010-202211/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/10/technology/facebook-whistleblower-employees.html">After Whistle-Blower Goes Public, Facebook Tries Calming Employees Employees are divided over Frances Haugen, a former product manager who testified that the company was putting profit before safety. By Mike Isaac, Ryan Mac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211010-201944/ Sun, 10 Oct 2021 20:19:44 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211010-201944/ Islamic State and al Qaeda-linked groups target African village leaders with assassinations <a rel="noreferrer" target="_blank" href="https://www.reuters.com/investigates/special-report/africa-islamists-sahel-leaders/">VIEW MORE</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211010-162324/ Sun, 10 Oct 2021 16:23:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211010-162324/ One America News Network: Meet the tech entrepreneur who founded Trump's go-to news channel <a rel="noreferrer" target="_blank" href="https://www.reuters.com/investigates/special-report/usa-oneamerica-founder/">VIEW MORE</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211010-002247/ Sun, 10 Oct 2021 00:22:47 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211010-002247/ 'Containergeddon': A supply chain crisis is driving big retail stores like Walmart to hire their own ships to move products <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/autos-transportation/containergeddon-supply-crisis-drives-walmart-rivals-hire-their-own-ships-2021-10-07/">VIEW MORE</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211009-202215/ Sat, 09 Oct 2021 20:22:14 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211009-202215/ Austrian Chancellor Sebastian Kurz will step down after being placed under a corruption investigation <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/europe/austrias-kurz-says-stepping-down-chancellor-2021-10-09/">VIEW MORE</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211009-162343/ Sat, 09 Oct 2021 16:23:43 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211009-162343/ One America News, the network at the center of a bitter national divide over politics and truth, was nurtured by AT&T <a rel="noreferrer" target="_blank" href="https://www.reuters.com/investigates/special-report/usa-oneamerica-att/">VIEW MORE</a><br> https://www.whatsupup.com/blog/sited/implore/20211009-162254/ Sat, 09 Oct 2021 16:22:53 +0000 https://www.whatsupup.com/blog/sited/implore/20211009-162254/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/09/technology/facebook-big-tobacco-regulation.html">Lawmakers See Path to Rein In Tech, but It Isn’t Smooth If what faces Big Tech is anything like what happened to Big Tobacco, the road ahead is likely to be a yearslong battle over proposed rules and regulations. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/sited/implore/20211009-122045/ Sat, 09 Oct 2021 12:20:45 +0000 https://www.whatsupup.com/blog/sited/implore/20211009-122045/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/09/technology/facebook-big-tobacco-regulation.html">Lawmakers See Path to Rein in Tech, but It Isn’t Smooth If what faces Big Tech is anything like what happened to Big Tobacco, the road ahead is likely to be a yearslong battle over proposed rules and regulations. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211009-042322/ Sat, 09 Oct 2021 04:23:22 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211009-042322/ Texas wins bid to reinstate abortion law challenged by Biden administration <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/texas-wins-bid-reinstate-abortion-law-challenged-by-biden-administration-2021-10-09/">VIEW MORE</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211009-001119/ Sat, 09 Oct 2021 00:11:19 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211009-001119/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-to-build-a-firebase-admin-panei-in-4-steps/">Build an admin panel to manage Firestore documents in under 10 minutes: build out the UI, create CRUD queries, and link the queries to the UI.</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211008-202719/ Fri, 08 Oct 2021 20:27:19 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211008-202719/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/08/technology/facebook-whatsapp-instagram-down.html">Facebook and its apps suffer another outage. All of Facebook’s main products — Instagram, WhatsApp, Messenger and the “big blue app” of Facebook — were inaccessible to at least some users around 3 p.m. Eastern time. By Mike Isaac</a><br> https://www.whatsupup.com/blog/gaper/whisky/20211008-202606/ Fri, 08 Oct 2021 20:26:05 +0000 https://www.whatsupup.com/blog/gaper/whisky/20211008-202606/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/10/lots-to-see-in-firefox-93/">Lots to see in Firefox 93! →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/10/lots-to-see-in-firefox-93/">Lots to see in Firefox 93!</a><br> <hr> Firefox 93 comes with lots of lovely updates including AVIF image format support, filling of XFA-based forms in its PDF viewer and protection against insecure downloads by blocking downloads relying on insecure connections.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20211008-202427/ Fri, 08 Oct 2021 20:24:27 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211008-202427/ The White House blocked an attempt by Trump to withhold documents from Congress related to the Jan. 6 attack on the Capitol <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/white-house-blocks-trumps-attempt-withhold-documents-related-jan-6-attack-nbc-2021-10-08/">VIEW MORE</a><br> https://www.whatsupup.com/blog/boxed/modification/20211008-202040/ Fri, 08 Oct 2021 20:20:40 +0000 https://www.whatsupup.com/blog/boxed/modification/20211008-202040/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#digital-antiquaria">digital-antiquaria</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#web">web</a><br> I was recently thinking about one of the DOS shareware games of my youth: Evasive Maneuvers (Colin Buckley and Chris Blackwell, 1994). It’s a really polished and addictive VGA side-scroller in which you pilot a little Imperial-Shuttle-ish spacecraft through obstacle-strewn levels, trying to keep up with the implacable scrolling of the screen (á là Flappy Bird (2013)) while shooting and dropping bombs to eliminate hazards and to keep your ship fueled by exploding rooftop fuel tanks. It’s a clone/homage to <a rel="noreferrer" target="_blank" href="https://youtu.be/3Vc-RIkpk40">Scramble</a> (Konami, 1981), which I’ve personally never played but which has clearly spawned a lot of imitators.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20211008-162356/ Fri, 08 Oct 2021 16:23:55 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211008-162356/ U.S. economy adds 194,000 jobs in September, well below expectations; unemployment rate 4.8% <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/us-job-growth-slows-sharply-september-unemployment-rate-falls-48-2021-10-08/">VIEW MORE</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20211008-081413/ Fri, 08 Oct 2021 08:14:12 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211008-081413/ <p>Join us right now! <a rel="noreferrer" target="_blank" href="https://t.co/GKjlrDyHwi"><a href="https://t.co/GKjlrDyHwi">https://t.co/GKjlrDyHwi</a></a><br> “ GTS: Dapper Brud CEOs on DAOs/community content” with @sriramk, @whatdotcd, @rohamg, @aarthir, @pmarca, @cdixon, and Good Time. Today, Oct 7 at 10:00 PM PDT in @clubhouse! <a rel="noreferrer" target="_blank" href="https://t.co/hLus0Fv0sT"><a href="https://t.co/hLus0Fv0sT">https://t.co/hLus0Fv0sT</a></a><br> Web2 boss hates web3? We have hundreds of open job positions.</p> <p>Please email: <a href="mailto:web3-jobs@a16z.com">web3-jobs@a16z.com</a><br></p> https://www.whatsupup.com/blog/twopenny/ultraism/20211008-002208/ Fri, 08 Oct 2021 00:22:08 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211008-002208/ U.S. Senate votes to raise debt ceiling, averting catastrophic default <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/us-senate-votes-raise-debt-ceiling-averting-catastrophic-default-2021-10-08/">VIEW MORE</a><br> SAN FRANCISCO (Reuters) -The suspected Russian hackers who used SolarWinds and Microsoft software to burrow into U.S. federal agencies emerged with information about counter-intelligence investigations, policy on sanctioning Russian individuals and the country’s response to COVID-19, people involved in the investigation told Reuters.<br> SAN FRANCISCO, Oct 7 The suspected Russian hackers who used SolarWinds and Microsoft software to burrow into U.S. federal agencies emerged with information about counter-intelligence investigations, policy on sanctioning Russian individuals and the country’s response to COVID-19, people involved in the investigation told Reuters.<br> https://www.whatsupup.com/blog/overgrazing/propellent/20211008-002058/ Fri, 08 Oct 2021 00:20:57 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211008-002058/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/what-realistically-happens-next-to">What Realistically Happens Next To Facebook</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/what-realistically-happens-next-to">The market, advertisers, and Congress likely won’t challenge Facebook. Some other things might.</a><br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/facebook-after-the-facebook-files">Facebook After The Facebook Files</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/facebook-after-the-facebook-files">Facebook’s existential crisis is that it needs to hook a new generation of kids. “They're trying to do everything possible to understand why people are…</a><br> https://www.whatsupup.com/blog/boxed/modification/20211007-201740/ Thu, 07 Oct 2021 20:17:40 +0000 https://www.whatsupup.com/blog/boxed/modification/20211007-201740/ static operator()<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pearls">pearls</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#preprocessor">preprocessor</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#proposal">proposal</a><br> <a rel="noreferrer" target="_blank" href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2021/p1169r2.html">P1169 “ static operator() ”</a> (Barry Revzin and Casey Carter, August 2021) proposes that we should be able to define<br> operator()<br> as a static member function. This is a very good idea. As of this writing, it also looks likely to get into C++2b. So instead of e.g.<br> https://www.whatsupup.com/blog/gaper/whisky/20211007-162536/ Thu, 07 Oct 2021 16:25:35 +0000 https://www.whatsupup.com/blog/gaper/whisky/20211007-162536/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/10/implementing-form-filling-and-accessibility-in-the-firefox-pdf-viewer/">Implementing form filling and accessibility in the Firefox PDF viewer →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/10/implementing-form-filling-and-accessibility-in-the-firefox-pdf-viewer/">Implementing form filling and accessibility in the Firefox PDF viewer</a><br> <hr> Last year, during lockdown, many discovered the importance of PDF forms when having to deal remotely with administrations and large organizations like banks. Firefox supported displaying PDF forms, but it didn’t support filling them: users had to print them, fill them by hand, and scan them back to digital form. We decided it was time to reinvest in the PDF viewer (PDF.js) and support filling PDF forms within Firefox to make our users' lives easier.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20211007-162411/ Thu, 07 Oct 2021 16:24:11 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211007-162411/ U.S. lawmakers agree to extend the country's debt ceiling by $480 billion through early December <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/us-senate-democrats-republicans-haggle-over-short-term-debt-fix-2021-10-07/">VIEW MORE</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211007-145403/ Thu, 07 Oct 2021 14:54:03 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211007-145403/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/interactive/2021/10/06/technology/facebook-hearing-frances-haugen-takeaways.html">Takeaways From Tuesday’s Facebook Hearing What we learned from Facebook whistleblower Frances Haugen’s Congressional testimony By Sheera Frenkel, Cecilia Kang, Mike Isaac and Kevin Roose</a><br> https://www.whatsupup.com/blog/gaper/whisky/20211007-145318/ Thu, 07 Oct 2021 14:53:18 +0000 https://www.whatsupup.com/blog/gaper/whisky/20211007-145318/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/10/control-your-data-for-good-with-rally/">Control your data for good with Rally →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/10/control-your-data-for-good-with-rally/">Control your data for good with Rally</a><br> <hr> In a world where data and AI are reshaping society, people currently have no tangible way to put their data to work for the causes they believe in. To address this, we built the Rally platform, a first-of-its-kind tool that enables you to contribute your data to specific studies and exercise consent at a granular level. Mozilla Rally puts you in control of your data while building a better Internet and a better society.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20211007-145156/ Thu, 07 Oct 2021 14:51:56 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211007-145156/ Pfizer, BioNTech ask U.S. regulators to approve COVID-19 vaccine for kids <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/pfizer-biontech-ask-us-regulators-ok-covid-19-vaccine-kids-2021-10-07/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/usa-cyber-solarwinds/hackers-in-solarwinds-breach-stole-data-on-u-s-sanctions-policy-intelligence-probes-sources-idUSKBN2GX1DV">Hackers in SolarWinds breach stole data on U.S. sanctions policy, intelligence probes -sources</a><br></p> <hr> SAN FRANCISCO The suspected Russian hackers who used SolarWinds and Microsoft software to burrow into U.S. federal agencies emerged with information about counter-intelligence investigations, policy on sanctioning Russian individuals and the country’s response to COVID-19, people involved in the investigation told Reuters.<br> https://www.whatsupup.com/blog/sited/implore/20211007-145120/ Thu, 07 Oct 2021 14:51:20 +0000 https://www.whatsupup.com/blog/sited/implore/20211007-145120/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/interactive/2021/10/06/technology/facebook-hearing-frances-haugen-takeaways.html">Takeaways From Tuesday’s Facebook Hearing What we learned from Facebook whistleblower Frances Haugen’s Congressional testimony By Sheera Frenkel, Cecilia Kang, Mike Isaac and Kevin Roose</a><br> https://www.whatsupup.com/blog/airbrush/misogynic/20211007-144754/ Thu, 07 Oct 2021 14:47:53 +0000 https://www.whatsupup.com/blog/airbrush/misogynic/20211007-144754/ <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2021/10/ti-calculator-innovation/">The Insane Innovation of TI Calculator Hobbyists</a> Oct 06, 2021 Never underestimate the determination of a kid who is time-rich and cash-poor<br> https://www.whatsupup.com/blog/phonic/shopboy/20211007-144525/ Thu, 07 Oct 2021 14:45:25 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211007-144525/ <p>Golden <a rel="noreferrer" target="_blank" href="https://twitter.com/Golden">@Golden</a><br> Today we’re super stoked to launch Golden Open. We have opened Golden up so that users can: Lodge canonical data requests Access the Query Tool Construct entity-powered Lists & Pipelines Open Lists publicly Import CSVs to Lists</p> <p>Post <a rel="noreferrer" target="_blank" href="https://t.co/XNAfs8fItB"><a href="https://t.co/XNAfs8fItB">https://t.co/XNAfs8fItB</a></a><br> Jude Gomila <a rel="noreferrer" target="_blank" href="https://twitter.com/judegomila">@judegomila</a><br> 9/ So let us know what you think about this entire suite of research tools for Free, Pro and Enterprise and he ability to get the data you want when it comes to entities and topics.</p> <p>We believe these changes accelerate Golden’s core mission to map and open up human knowledge.<br> 8/ Previously only Enterprise had access to many of these features so we are excited to see what you do with it. It is a win-win for everyone to open this up.</p> <p>Enterprise have highest priority, SLAs, higher export limits, API and other features.</p> <p>Pro accounts are new.<br></p> https://www.whatsupup.com/blog/palpable/mulla/20211007-143803/ Thu, 07 Oct 2021 14:38:03 +0000 https://www.whatsupup.com/blog/palpable/mulla/20211007-143803/ <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2021/10/06/glitch-userid.html">User identity leak on Glitch</a><br> https://www.whatsupup.com/blog/veld/paternal/20211006-121754/ Wed, 06 Oct 2021 12:17:54 +0000 https://www.whatsupup.com/blog/veld/paternal/20211006-121754/ <p><a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/coolest-projects-international-2018/">Coolest Projects International 2018</a><br></p> <hr> Eben was wowed by the young makers and their projects at this year's global showcase<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/welcome-lance/">Welcome Lance!</a><br> <hr> As you've probably noticed, Raspberry Pi is a rather unusual organisation.<br> https://www.whatsupup.com/blog/sited/implore/20211006-081751/ Wed, 06 Oct 2021 08:17:51 +0000 https://www.whatsupup.com/blog/sited/implore/20211006-081751/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/06/technology/biden-jonathan-kanter-big-tech.html">A Star Corporate Lawyer Now Set to Take On Corporate America How Jonathan Kanter, the Biden administration’s choice to be the Justice Department’s antitrust chief, became a progressive foe of Big Tech. By Steve Lohr and Cecilia Kang</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211006-002150/ Wed, 06 Oct 2021 00:21:50 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211006-002150/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/05/technology/facebook-whistle-blower-hearing.html">Facebook Whistle-Blower Urges Lawmakers to Regulate the Company Frances Haugen, who left the social network in May and leaked internal documents, gave senators rare insight into its inner workings. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/sited/implore/20211006-001858/ Wed, 06 Oct 2021 00:18:58 +0000 https://www.whatsupup.com/blog/sited/implore/20211006-001858/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/05/technology/facebook-whistle-blower-hearing.html">Facebook Whistle-Blower Urges Lawmakers to Regulate the Company Frances Haugen, who left the social network in May and leaked internal documents, gave senators rare insight into its inner workings. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211005-202133/ Tue, 05 Oct 2021 20:21:32 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211005-202133/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/10/05/technology/facebook-whistleblower-frances-haugen/anger-and-relief-facebook-employees-react-to-whistle-blower-testimony">Anger and relief: Facebook employees react to whistle-blower testimony. This was featured in live coverage. By Mike Isaac</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20211005-202050/ Tue, 05 Oct 2021 20:20:50 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211005-202050/ October 5, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/10/05/Terminal-emulation-legacy.gmi">The distant legacy of terminal emulators</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> https://www.whatsupup.com/blog/gaper/whisky/20211005-202047/ Tue, 05 Oct 2021 20:20:47 +0000 https://www.whatsupup.com/blog/gaper/whisky/20211005-202047/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/10/tab-unloading-in-firefox-93/">Tab Unloading in Firefox 93 →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/10/tab-unloading-in-firefox-93/">Tab Unloading in Firefox 93</a><br> <hr> Starting with Firefox 93, Firefox will monitor available system memory and, should it ever become so critically low that a crash is imminent, Firefox will respond by unloading memory-heavy but not actively used tabs. This feature is currently enabled on Windows and will be deployed later for macOS and Linux as well.<br> https://www.whatsupup.com/blog/sited/implore/20211005-201907/ Tue, 05 Oct 2021 20:19:06 +0000 https://www.whatsupup.com/blog/sited/implore/20211005-201907/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/10/05/technology/facebook-whistleblower-frances-haugen/lawmakers-have-come-a-long-way-from-asking-questions-about-how-facebook-makes-money">Lawmakers have come a long way from asking questions about how Facebook makes money. This was featured in live coverage. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20211005-201726/ Tue, 05 Oct 2021 20:17:25 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20211005-201726/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/10/google-protects-your-accounts-even-when.html">Google Protects Your Accounts – Even When You No Longer Use Them</a><br></p> <hr> Posted by Sam Heft-Luthy, Product Manager, Privacy & Data Protection Office What happens to our digital accounts when we stop using them? It’s a question we should all ask ourselves, because when we are no longer keeping tabs on what’s happening with old accounts, they can become targets for cybercrime. In fact, quite a few recent high-profile breaches targeted inactive accounts. The <a rel="noreferrer" target="_blank" href="https://www.crn.com/news/security/colonial-pipeline-hacked-via-inactive-account-without-mfa">Colonial Pipeline</a> ransomware attack came through an inactive account that didn’t use multifactor authentication, according to a consultant who investigated the incident. And in the case of the recent <a rel="noreferrer" target="_blank" href="https://techcrunch.com/2021/08/18/t-mobile-says-at-least-47m-current-and-former-customers-affected-by-data-breach/">T-Mobile breach</a> this summer, information from inactive prepaid accounts was accessed through old billing files. Inactive accounts can pose a serious security risk. For Google users, <a rel="noreferrer" target="_blank" href="https://support.google.com/accounts/answer/3036546?hl=en">Inactive Account Manager</a> helps with that problem. You can decide when Google should consider your account inactive and whether Google should delete your data or share it with a trusted contact.<br> Here’s How it Works<br> Once you <a rel="noreferrer" target="_blank" href="https://myaccount.google.com/inactive">sign up</a> for Inactive Account Manager, available in My Account settings, you are asked to decide three things:<br> When the account should be considered inactive: You can choose 3, 6, 12 or 18 months of inactivity before Google takes action on your account. Google will notify you a month before the designated time via a message sent to your phone and an email sent to the address you provide.<br> Who to notify and what to share: You can choose up to 10 people for Google to notify once your Google Account becomes inactive (they won’t be notified during setup). You can also give them access to some of your data. If you choose to share data with your trusted contacts, the email will include a list of the selected data you wanted to share with them, and a link they can follow to download that data. This can include things like photos, contacts, emails, documents and other data that you specifically choose to share with your trusted contact. You can also choose to set up a Gmail AutoReply, with a custom subject and message explaining that you’ve ceased using the account.<br> If your inactive Google Account should be deleted: After your account becomes inactive, Google can delete all its content or send it to your designated contacts. If you’ve decided to allow someone to download your content, they’ll be able to do so for 3 months before it gets deleted. If you choose to delete your Google Account, this will include your publicly shared data (for example, your YouTube videos, or blogs on Blogger). You can review the data associated with your account on the <a rel="noreferrer" target="_blank" href="https://myaccount.google.com/dashboard">Google Dashboard</a> . If you use Gmail with your account, you'll no longer be able to access that email once your account becomes inactive. You'll also be unable to reuse that Gmail username.<br> Setting up an Inactive Account plan is a simple step you can take to protect your data, secure your account in case it becomes inactive, and ensure that your digital legacy is shared with your trusted contacts in case you become unable to access your account. Our <a rel="noreferrer" target="_blank" href="https://myaccount.google.com/intro/privacycheckup?hl=en">Privacy Checkup</a> now reminds you to set up a plan for your account, and we’ll send you an occasional reminder about your plan via email. At Google, we are constantly working to keep you safer online. This October, as we celebrate Cybersecurity Awareness Month, we want to remind our users of the security and privacy controls they have at their fingertips. For more ways to enhance your security check out our <a rel="noreferrer" target="_blank" href="https://safety.google/security/security-tips/">top five safety tips</a> and visit our <a rel="noreferrer" target="_blank" href="https://safety.google/?utm_medium=blogpost&utm_source=google&utm_campaign=sid2021">Safety Center</a> to learn all the ways Google helps keep you safer online, every day.<br> https://www.whatsupup.com/blog/buckeroo/doubling/20211005-162040/ Tue, 05 Oct 2021 16:20:40 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20211005-162040/ October 5, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/10/05/Reflection.html">How reflection works in ****</a><br> https://www.whatsupup.com/blog/sited/implore/20211005-161850/ Tue, 05 Oct 2021 16:18:50 +0000 https://www.whatsupup.com/blog/sited/implore/20211005-161850/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/10/05/technology/facebook-whistleblower-frances-haugen/lawmakers-say-something-needs-to-be-done-about-facebook-but-what">Lawmakers say something needs to be done about Facebook. But what? This was featured in live coverage. By Cecilia Kang</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/10/05/technology/facebook-whistleblower-frances-haugen/how-did-we-get-here">How did we get here? This was featured in live coverage. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/ideo/fleury/20211005-160709/ Tue, 05 Oct 2021 16:07:08 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211005-160709/ Several different domain registration companies today listed the domain Facebook.com as up for sale. This happened thanks to automated systems that look for registered domains which appear to be expired, abandoned or recently vacated. There was never any reason to believe Facebook.com would actually be sold as a result, but it’s fun to consider how many billions of dollars it could fetch on the open market.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20211005-122245/ Tue, 05 Oct 2021 12:22:44 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20211005-122245/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133769_2022-lucid-air-price-specs-review-photos-info">First drive review: 2022 Lucid Air entices with the numbers, charms with the driving experience</a> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001004_bengt-halvorson">Bengt Halvorson</a> October 5, 2021<br> As some traditional luxury automakers release electric vehicles amid promises that range, charging, and performance will all improve in a few years, Lucid is launching its brand and already beating…<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133459_audi-grandsphere-concept-ev-rethinks-sedans-from-the-inside-out">Audi Grandsphere concept EV rethinks sedans from the inside out</a><br></p> <hr> The Audi Grandsphere imagines future interiors from the brand with a first-class experience enabled by autonomous driving.<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1128770_audi-q4-sportback-e-tron-electric-crossover-concept-meb-goes-matchmaking">Audi Q4 Sportback E-Tron electric crossover concept: MEB goes matchmaking</a> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001004_bengt-halvorson">Bengt Halvorson</a> July 7, 2020<br> As Audi rolls out electric vehicles to cover much of its model line and fill the gaps between its existing models, it’s preparing to offer just as much flexibility in body styles as...<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1126828_cruise-origin-previews-a-future-that-takes-the-driver-out-of-electric-ride-hailing">Cruise Origin previews a future that takes the driver out of electric ride hailing</a><br> <hr> San Francisco-based Cruise has revealed the electric vehicle that completely removes the driver from a connected, shared experience.<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1124634_2020-porsche-cayenne-turbo-s-e-hybrid-preview-drive">Preview drive: 2020 Porsche Cayenne Turbo S E-Hybrid is a stealth fighter for the family</a> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001004_bengt-halvorson">Bengt Halvorson</a> August 21, 2019<br> The Porsche Cayenne I’d cozied into had bright-green brake calipers, hard-to-miss green e-hybrid badges along both sides, and a charging-port door just ahead of the driver’s door. I made...<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1123694_first-drive-review-2020-ford-explorer-st-dances-with-the-family-and-its-a-ball">First drive review: 2020 Ford Explorer ST dances with the family, and it's a ball</a><br> <hr> The 2020 Ford Explorer lineup has been completely redesigned and gains a 400-hp, performance-oriented ST model. We tested it out.<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1104663_2018-volvo-v90-first-drive-review">2018 Volvo V90 first drive review</a> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001004_bengt-halvorson">Bengt Halvorson</a> June 28, 2016<br> Wagons have been staged for a comeback for more than a decade. Yet time after time, seemingly splendid, sporty wagons have fizzled in the American market.<br> Is Volvo being hopelessly optimistic in...<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1104437_2017-volvo-s90-first-drive-review">2017 Volvo S90 first drive review</a><br> <hr> With Volvo’s most recent products, including the 2017 Volvo S90 sedan and upcoming 2018 V90 wagon, the Swedish automaker is wholly embracing its Scandinavian roots. From the upright concave grille, the prominent brand ironmark, and the elongated hood in front, to the name proudly spelled out...<br> https://www.whatsupup.com/blog/sited/implore/20211005-121834/ Tue, 05 Oct 2021 12:18:33 +0000 https://www.whatsupup.com/blog/sited/implore/20211005-121834/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/05/technology/frances-haugen-hearing-time-video-stream.html">What to watch: Whistle-blower to detail need to regulate Facebook. Frances Haugen, a former product manager for Facebook, will argue to protect consumers from a profits-over-safety culture. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20211005-080838/ Tue, 05 Oct 2021 08:08:38 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20211005-080838/ <p><a rel="noreferrer" target="_blank" href="https://retool.com/blog/state-of-internal-tools-2021/">Developers spend 34% of their time building internal, employee-facing apps. Why? We surveyed 650 developers and builders to find out.</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/retool-raises-50-million-led-by-sequoia/">Since Retool launched two years ago on HN, tens of thousands of companies have come to rely on Retool. It's how Allbirds measures the efficacy of their marketing campaigns; how Brex builds applications</a><br> https://www.whatsupup.com/blog/popularization/compilable/20211005-080741/ Tue, 05 Oct 2021 08:07:40 +0000 https://www.whatsupup.com/blog/popularization/compilable/20211005-080741/ <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/UXFactor_CSCW21.pdf">The UX Factor: Using Comparative Peer Review to Evaluate Designs through User Preferences</a> Sarah Bawabe, Laura Wilson, Tongyu Zhou, Ezra Marks, Jeff Huang CSCW 2021 <a rel="noreferrer" target="_blank" href="https://uxfactor.cs.brown.edu/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/TabularDataset_CSCW21.pdf">Case Studies on the Motivation and Performance of Contributors Who Verify and Maintain In-Flux Tabular Datasets</a> Shaun Wallace, Alexandra Papoutsaki, Neilly H. Tan, Hua Guo, Jeff Huang CSCW 2021<br> https://www.whatsupup.com/blog/playacted/rededication/20211005-042103/ Tue, 05 Oct 2021 04:21:03 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211005-042103/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/10/04/espanol/facebook-whatsapp-funciona.html">Facebook se restablece tras un apagón de impacto global Con la caída de servicios digitales hubo una pausa en la vida cotidiana de millones, las empresas quedaron sin comunicación con sus clientes y algunos empleados de Facebook no pudieron entrar a las oficinas. By Mike Isaac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20211005-041645/ Tue, 05 Oct 2021 04:16:44 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20211005-041645/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/09/fuzzing-closed-source-javascript.html">Fuzzing Closed-Source JavaScript Engines with Cove…</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/08/understanding-network-access-windows-app.html">Understanding Network Access in Windows AppContainers</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html">An EPYC escape: Case-study of a KVM breakout</a> (Jun)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/04/designing-sockfuzzer-network-syscall.html">Designing sockfuzzer, a network syscall fuzzer for…</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html">Policy and Disclosure: 2021 Edition</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html">Who Contains the Containers?</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html">In-the-Wild Series: October 2020 0-day discovery</a> (Mar)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/02/deja-vu-lnerability.html">Déjà vu-lnerability</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html">A Look at iMessage in iOS 14</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/01/windows-exploitation-tricks-trapping.html">Windows Exploitation Tricks: Trapping Virtual Memo…</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html">The State of State Machines</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/01/hunting-for-bugs-in-windows-mini-filter.html">Hunting for Bugs in Windows Mini-Filter Drivers</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html">In-the-Wild Series: Android Post-Exploitation</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html">In-the-Wild Series: Windows Exploits</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html">In-the-Wild Series: Android Exploits</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html">In-the-Wild Series: Chrome Infinity Bug</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html">In-the-Wild Series: Chrome Exploits</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html">Introducing the In-the-Wild Series</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/12/an-ios-hacker-tries-android.html">An iOS hacker tries Android</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html">An iOS zero-click radio proximity exploit odyssey</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/11/oops-i-missed-it-again.html">Oops, I missed it again!</a> (Nov)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html">Enter the Vault: Authentication Issues in HashiCor…</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/10/announcing-fuzzilli-research-grant.html">Announcing the Fuzzilli Research Grant Program</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gpu.html">Attacking the Qualcomm Adreno GPU</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/09/jitsploitation-one.html">JITSploitation I: A JIT Bug</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/09/jitsploitation-two.html">JITSploitation II: Getting Read/Write</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/09/jitsploitation-three.html">JITSploitation III: Subverting Control Flow</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-5-defeating-aslr-getting-rce.html">MMS Exploit Part 5: Defeating Android ASLR, Gettin…</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-3.html">Exploiting Android Messengers with WebRTC: Part 3</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html">MMS Exploit Part 4: MMS Primer, Completing the ASL…</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/07/the-core-of-apple-is-ppl-breaking-xnu.html">The core of Apple is PPL: Breaking the XNU kernel'…</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/07/one-byte-to-rule-them-all.html">One Byte to rule them all</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/07/root-cause-analyses-for-0-day-in-wild.html">Root Cause Analyses for 0-day In-the-Wild Exploits</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html">Detection Deficit: A Year in Review of 0-days Used…</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-constructing-primitives.html">MMS Exploit Part 3: Constructing the Memory Corrup…</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-2-effective-fuzzing-qmage.html">MMS Exploit Part 2: Effective Fuzzing of the Qmage…</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-1-introduction-to-qmage.html">MMS Exploit Part 1: Introduction to the Samsung Qm…</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/07/how-to-unc0ver-0-day-in-4-hours-or-less.html">How to unc0ver a 0-day in 4 hours or less</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/06/ff-sandbox-escape-cve-2020-12388.html">FF Sandbox Escape (CVE-2020-12388)</a> (Jun)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html">A survey of recent iOS kernel exploits</a> (Jun)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/04/fuzzing-imageio.html">Fuzzing ImageIO</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html">You Won't Believe what this One Line Change Did to…</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/04/tfw-you-get-really-excited-you-patch.html">TFW you-get-really-excited-you-patch-diffed-a-0day…</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/02/escaping-chrome-sandbox-with-ridl.html">Escaping the Chrome Sandbox with RIDL</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/02/mitigations-are-attack-surface-too.html">Mitigations are attack surface, too</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/02/several-months-in-life-of-part2.html">A day^W^W Several months in the life of Project Ze…</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/01/part-ii-returning-to-adobe-reader.html">Part II: Returning to Adobe Reader symbols on macOS</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-3.html">Remote iPhone Exploitation Part 3: From Memory Cor…</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-2.html">Remote iPhone Exploitation Part 2: Bringing Light …</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html">Remote iPhone Exploitation Part 1: Poking Memory v…</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/12/calling-local-windows-rpc-servers-from.html">Calling Local Windows RPC Servers from .NET</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/12/sockpuppet-walkthrough-of-kernel.html">SockPuppet: A Walkthrough of a Kernel Exploit for …</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html">Bad Binder: Android In-The-Wild Exploit</a> (Nov)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html">KTRW: The journey to build a debuggable iPhone</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/10/the-story-of-adobe-reader-symbols.html">The story of Adobe Reader symbols</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/09/windows-exploitation-tricks-spoofing.html">Windows‌ ‌Exploitation‌ ‌Tricks:‌ ‌Spoofing‌ ‌Name…</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html">A very deep dive into iOS Exploit chains found in …</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-1.html">In-the-wild iOS Exploit Chain 1</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html">Implant Teardown</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/08/jsc-exploits.html">JSC Exploits</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/08/the-many-possibilities-of-cve-2019-8646.html">The Many Possibilities of CVE-2019-8646</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html">Down the Rabbit-Hole…</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/08/the-fully-remote-attack-surface-of.html">The Fully Remote Attack Surface of the iPhone</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/04/windows-exploitation-tricks-abusing.html">Windows Exploitation Tricks: Abusing the User-Mode…</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/04/virtually-unlimited-memory-escaping.html">Virtually Unlimited Memory: Escaping the Chrome Sa…</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/04/splitting-atoms-in-xnu.html">Splitting atoms in XNU</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/03/windows-kernel-logic-bug-class-access.html">Windows Kernel Logic Bug Class: Access Mode Mismat…</a> (Mar)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/03/android-messaging-few-bugs-short-of.html">Android Messaging: A Few Bugs Short of a Chain</a> (Mar)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html">The Curious Case of Convexity Confusion</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/02/examining-pointer-authentication-on.html">Examining Pointer Authentication on the iPhone XS</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/01/voucherswap-exploiting-mig-reference.html">voucher_swap: Exploiting MIG reference counting in…</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/01/taking-page-from-kernels-book-tlb-issue.html">Taking a page from the kernel's book: A TLB issue …</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/12/on-vbscript.html">On VBScript</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/12/searching-statically-linked-vulnerable.html">Searching statically-linked vulnerable library fun…</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-5.html">Adventures in Video Conferencing Part 5: Where Do …</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-4.html">Adventures in Video Conferencing Part 4: What Didn…</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html">Adventures in Video Conferencing Part 3: The Even …</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-2.html">Adventures in Video Conferencing Part 2: Fun with …</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-1.html">Adventures in Video Conferencing Part 1: The Wild …</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-protected.html">Injecting Code into Windows Protected Processes us…</a> (Nov)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/10/heap-feng-shader-exploiting-swiftshader.html">Heap Feng Shader: Exploiting SwiftShader in Chrome</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/10/deja-xnu.html">Deja-XNU</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/10/365-days-later-finding-and-exploiting.html">365 Days Later: Finding and Exploiting Safari Bugs…</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html">A cache invalidation bug in Linux memory management</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/09/oatmeal-on-universal-cereal-bus.html">OATmeal on the Universal Cereal Bus: Exploiting An…</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/08/the-problems-and-promise-of-webassembly.html">The Problems and Promise of WebAssembly</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/08/windows-exploitation-tricks-exploiting.html">Windows Exploitation Tricks: Exploiting Arbitrary …</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/08/adventures-in-vulnerability-reporting.html">Adventures in vulnerability reporting</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/07/drawing-outside-box-precision-issues-in.html">Drawing Outside the Box: Precision Issues in Graph…</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/06/detecting-kernel-memory-disclosure.html">Detecting Kernel Memory Disclosure – Whitepaper</a> (Jun)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html">Reading privileged memory with a side-channel</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-windows-10-in_18.html">aPAColypse now: Exploiting Windows 10 in a Local N…</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/10/over-air-vol-2-pt-3-exploiting-wi-fi.html">Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi…</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/10/using-binary-diffing-to-discover.html">Using Binary Diffing to Discover Windows Kernel Me…</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/09/the-great-dom-fuzz-off-of-2017.html">The Great DOM Fuzz-off of 2017</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/08/bypassing-virtualbox-process-hardening.html">Bypassing VirtualBox Process Hardening on Windows</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/08/windows-exploitation-tricks-arbitrary.html">Windows Exploitation Tricks: Arbitrary Directory C…</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/07/trust-issues-exploiting-trustzone-tees.html">Trust Issues: Exploiting TrustZone TEEs</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/04/exploiting-net-managed-dcom.html">Exploiting .NET Managed DCOM</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/04/exception-oriented-exploitation-on-ios.html">Exception-oriented exploitation on iOS</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html">Over The Air: Exploiting Broadcom’s Wi-Fi Stack (P…</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/04/notes-on-windows-uniscribe-fuzzing.html">Notes on Windows Uniscribe Fuzzing</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html">Pandavirtualization: Exploiting the Xen hypervisor</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/03/project-zero-prize-conclusion.html">Project Zero Prize Conclusion</a> (Mar)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/02/attacking-windows-nvidia-driver.html">Attacking the Windows NVIDIA Driver</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing-samsungs.html">Lifting the (Hyper) Visor: Bypassing Samsung’s Rea…</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/12/chrome-os-exploit-one-byte-overflow-and.html">Chrome OS exploit: one byte overflow and symlinks</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html">BitUnmap: Attacking Android Ashmem</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/11/breaking-chain.html">Breaking the Chain</a> (Nov)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/10/taskt-considered-harmful.html">task_t considered harmful</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/09/announcing-project-zero-prize.html">Announcing the Project Zero Prize</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/09/return-to-libstagefright-exploiting.html">Return to libstagefright: exploiting libutils on A…</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/08/a-shadow-of-our-former-self.html">A Shadow of our Former Self</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/07/a-year-of-windows-kernel-font-fuzzing-2.html">A year of Windows kernel font fuzzing #2: the tech…</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html">How to Compromise the Enterprise Endpoint</a> (Jun)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/06/a-year-of-windows-kernel-font-fuzzing-1_27.html">A year of Windows kernel font fuzzing #1: the results</a> (Jun)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/06/exploiting-recursion-in-linux-kernel_20.html">Exploiting Recursion in the Linux Kernel</a> (Jun)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/03/life-after-isolated-heap.html">Life After the Isolated Heap</a> (Mar)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/03/race-you-to-kernel.html">Race you to the kernel!</a> (Mar)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/03/exploiting-leaked-thread-handle.html">Exploiting a Leaked Thread Handle</a> (Mar)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/02/the-definitive-guide-on-win32-to-nt.html">The Definitive Guide on Win32 to NT Path Conversion</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/02/racing-midi-messages-in-chrome.html">Racing MIDI messages in Chrome</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2016/01/raising-dead.html">Raising the Dead</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/12/fireeye-exploitation-project-zeros.html">FireEye Exploitation: Project Zero’s Vulnerability…</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/12/between-rock-and-hard-link.html">Between a Rock and a Hard Link</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/11/windows-sandbox-attack-surface-analysis.html">Windows Sandbox Attack Surface Analysis</a> (Nov)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/11/hack-galaxy-hunting-bugs-in-samsung.html">Hack The Galaxy: Hunting Bugs in the Samsung Galax…</a> (Nov)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/10/windows-drivers-are-truely-tricky.html">Windows Drivers are True’ly Tricky</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/09/revisiting-apple-ipc-1-distributed_28.html">Revisiting Apple IPC: (1) Distributed Objects</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/09/kaspersky-mo-unpackers-mo-problems.html">Kaspersky: Mo Unpackers, Mo Problems.</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/09/stagefrightened.html">Stagefrightened?</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/09/enabling-qr-codes-in-internet-explorer.html">Enabling QR codes in Internet Explorer, or a story…</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/08/windows-10hh-symbolic-link-mitigations.html">Windows 10^H^H Symbolic Link Mitigations</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/08/one-font-vulnerability-to-rule-them-all_21.html">One font vulnerability to rule them all #4: Window…</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/08/three-bypasses-and-fix-for-one-of.html">Three bypasses and a fix for one of Flash's Vector…</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/08/attacking-ecmascript-engines-with.html">Attacking ECMAScript Engines with Redefinition</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/08/one-font-vulnerability-to-rule-them-all.html">One font vulnerability to rule them all #2: Adobe …</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/07/one-font-vulnerability-to-rule-them-all.html">One font vulnerability to rule them all #1: Introd…</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/07/one-perfect-bug-exploiting-type_20.html">One Perfect Bug: Exploiting Type Confusion in Flash</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/07/significant-flash-exploit-mitigations_16.html">Significant Flash exploit mitigations are live in …</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/07/from-inter-to-intra-gaining-reliability_10.html">From inter to intra: gaining reliability</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/07/when-int-is-new-short.html">When ‘int’ is the new ‘short’</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/06/what-is-good-memory-corruption.html">What is a "good" memory corruption vulnerability?</a> (Jun)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/06/analysis-and-exploitation-of-eset.html">Analysis and Exploitation of an ESET Vulnerability</a> (Jun)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/06/owning-internet-printing-case-study-in.html">Owning Internet Printing - A Case Study in Modern …</a> (Jun)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/06/dude-wheres-my-heap.html">Dude, where’s my heap?</a> (Jun)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/04/a-tale-of-two-exploits.html">A Tale of Two Exploits</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/03/taming-wild-copy-parallel-thread.html">Taming the wild copy: Parallel Thread Corruption</a> (Mar)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html">Exploiting the DRAM rowhammer bug to gain kernel p…</a> (Mar)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/02/feedback-and-data-driven-updates-to.html">Feedback and data-driven updates to Google’s discl…</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/02/exploitingscve-2015-0318sinsflash.html">(^Exploiting)\s*(CVE-2015-0318)\s*(in)\s*(Flash$)</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/02/a-tokens-tale_9.html">A Token’s Tale</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/01/exploiting-nvmap-to-escape-chrome.html">Exploiting NVMAP to escape the Chrome sandbox - CV…</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html">Finding and exploiting ntpd vulnerabilities</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/12/internet-explorer-epm-sandbox-escape.html">Internet Explorer EPM Sandbox Escape CVE-2014-6350</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/11/pwn4fun-spring-2014-safari-part-ii.html">pwn4fun Spring 2014 - Safari - Part II</a> (Nov)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/11/project-zero-patch-tuesday-roundup.html">Project Zero Patch Tuesday roundup, November 2014</a> (Nov)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/10/did-man-with-no-name-feel-insecure.html">Did the “Man With No Name” Feel Insecure?</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/10/more-mac-os-x-and-iphone-sandbox.html">More Mac OS X and iPhone sandbox escapes and kerne…</a> (Oct)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/09/exploiting-cve-2014-0556-in-flash.html">Exploiting CVE-2014-0556 in Flash</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html">The poisoned NUL byte, 2014 edition</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/08/what-does-pointer-look-like-anyway.html">What does a pointer look like, anyway?</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/07/mac-os-x-and-iphone-sandbox-escapes.html">Mac OS X and iPhone sandbox escapes</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/07/pwn4fun-spring-2014-safari-part-i_24.html">pwn4fun Spring 2014 - Safari - Part I</a> (Jul)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/07/announcing-project-zero.html">Announcing Project Zero</a> (Jul)<br> https://www.whatsupup.com/blog/ideo/fleury/20211005-040724/ Tue, 05 Oct 2021 04:07:24 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211005-040724/ Update, 7:46 p.m. ET: Facebook says its domains are slowly coming back online for most users. In <a rel="noreferrer" target="_blank" href="https://twitter.com/Facebook/status/1445155265360416773">a tweet</a> , the company thanked users for their patience, but it still hasn’t offered any explanation for the outage.<br> Update, 8:05 p.m. ET: <a rel="noreferrer" target="_blank" href="https://news.ycombinator.com/item?id=28750930">This fascinating thread on Hacker News</a> delves into some of the not-so-obvious side effects of today’s outages: Many organizations saw network disruptions and slowness thanks to billions of devices constantly asking for the current coordinates of Facebook.com, Instagram.com and WhatsApp.com. Bill Woodcock , executive director of the <a rel="noreferrer" target="_blank" href="https://ww.pch.net">Packet Clearing House</a> , <a rel="noreferrer" target="_blank" href="https://twitter.com/woodyatpch/status/1445176218236579843">said</a> his organization saw a 40 percent increase globally in wayward DNS traffic throughout the outage.<br> Update, 8:32 p.m. ET: Cloudflare has published <a rel="noreferrer" target="_blank" href="https://blog.cloudflare.com/october-2021-facebook-outage/">a detailed and somewhat technical writeup</a> on the BGP changes that caused today’s outage. Still no word from Facebook on what happened.<br> Update, 11:32 p.m. ET: Facebook published <a rel="noreferrer" target="_blank" href="https://engineering.fb.com/2021/10/04/networking-traffic/outage/">a blog post</a> saying the outage was the result of a faulty configuration change:<br> “Our engineering teams have learned that configuration changes on the backbone routers that coordinate network traffic between our data centers caused issues that interrupted this communication,” Facebook’s Santosh Janardhan wrote. “This disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt.”<br> “We want to make clear at this time we believe the root cause of this outage was a faulty configuration change,” Janardhan continued. “We also have no evidence that user data was compromised as a result of this downtime.”<br> Several different domain registration companies today listed the domain Facebook.com as up for sale. This happened thanks to automated systems that look for registered domains which appear to be expired, abandoned or recently vacated. There’s was never any reason to believe Facebook.com would actually be sold as a result, but it’s fun to consider how many billions of dollars it could fetch on the open market.<br> https://www.whatsupup.com/blog/gonadal/revving/20211005-002231/ Tue, 05 Oct 2021 00:22:31 +0000 https://www.whatsupup.com/blog/gonadal/revving/20211005-002231/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/01/swarm-a-lot-can-happen-in-a-week/">Swarm: a lot can happen in a week</a><br></p> <hr> It’s been about a week since I put out <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/23/swarm-preview-and-call-for-collaboration/">an announcement and call for collaboration</a> on a new game, <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/swarm">Swarm</a> . Since then, the response has been fantastic: lots of people have tried it out, a few have even streamed themselves playing it on Twitch, and there has been lots of development activity.<br> 39 new <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/swarm/issues">issues opened</a><br> 27 <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/swarm/pulls?q=is%3Apr+is%3Aclosed">pull requests merged</a><br> Lots of great discussion on GitHub issues as well as on IRC<br> There’s still a long, long way to go before the game comes anywhere close to the vision for it, but we’ve made great progress! Some notable new features added since the initial announcement include:<br> New<br> scan<br> upload<br> install<br> commands<br> Semicolons are no longer required beetween consecutive<br> def<br> Basic help panel, and panel shortcut keys<br> Dramatically reduced CPU usage when idle<br> An overhaul of parsing and pretty-printing of constants (makes adding new constants easier, and an important prerequisite for saving definitions and games)<br> Better handling of water (you can make curry now)!<br> A couple more exciting things in progress that should land very soon:<br> ASCII art recipes<br> Basic editor integration via LSP, so you can write Swarm programs in your favorite editor with automatically highlighted syntax and type errors.<br> And of course there are many other exciting things planned or in the works. <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/swarm/">Come join us</a> !<br> Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/teaching/">teaching</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/hindley-milner/">Hindley-Milner</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/inference/">inference</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/types/">types</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/unification/">unification</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/08/implementing-hindley-milner-with-the-unification-fd-library/#comments">3 Comments</a><br> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/10/01/swarm-a-lot-can-happen-in-a-week/">Swarm: a lot can happen in a week</a><br> https://www.whatsupup.com/blog/playacted/rededication/20211005-002143/ Tue, 05 Oct 2021 00:21:43 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211005-002143/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/10/04/business/news-business-stock-market/facebook-back-online">Facebook begins coming back online after a lengthy outage. A spokesman cautioned that it would take some time for all of the apps, including Instagram and WhatsApp, to stabilize. By Sheera Frenkel and Mike Isaac</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/04/technology/facebook-down.html">Gone in Minutes, Out for Hours: Outage Shakes Facebook When apps used by billions of people worldwide blinked out, lives were disrupted, businesses were cut off from customers — and some Facebook employees were locked out of their offices. By Mike Isaac and Sheera Frenkel</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/02/technology/whistle-blower-facebook-memo.html">Whistle-Blower to Accuse Facebook of Contributing to Jan. 6 Riot, Memo Says In an internal memo meant to pre-empt a “60 Minutes” interview, Facebook defended itself and said that social media was not a primary cause of polarization. By Mike Isaac</a><br> https://www.whatsupup.com/blog/traveling/splay/20211005-002053/ Tue, 05 Oct 2021 00:20:52 +0000 https://www.whatsupup.com/blog/traveling/splay/20211005-002053/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/04/science/hawking-nobel-black-hole.html">Out There Did Death Cheat Stephen Hawking of a Nobel Prize? A recent study of black holes confirmed a fundamental prediction that the theoretical physicist made nearly five decades ago. But the ultimate award is beyond his reach. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211005-001923/ Tue, 05 Oct 2021 00:19:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211005-001923/ A bill introduced by U.S. Senator Ossoff seeks to expand protections for election workers, citing two Reuters investigations <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/new-us-legislation-seeks-expand-protections-election-workers-2021-10-04/">VIEW MORE</a><br> https://www.whatsupup.com/blog/sited/implore/20211005-001857/ Tue, 05 Oct 2021 00:18:57 +0000 https://www.whatsupup.com/blog/sited/implore/20211005-001857/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/04/technology/facebook-ftc-antitrust-suit.html">Facebook urges court to dismiss latest F.T.C. antitrust suit. “This court gave the agency a second chance to make a valid claim,” Facebook said in its filing. “But the same deficiency that was fatal to the F.T.C.’s initial complaint remains.” By Cecilia Kang</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/03/technology/whistle-blower-facebook-frances-haugen.html">Whistle-Blower Says Facebook ‘Chooses Profits Over Safety’ Frances Haugen, a Facebook product manager who left the company in May, revealed that she had provided internal documents to journalists and others. By Ryan Mac and Cecilia Kang</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211005-001826/ Tue, 05 Oct 2021 00:18:26 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211005-001826/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/facebook-after-the-facebook-files">Facebook After The Facebook Files</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/facebook-after-the-facebook-files">Facebook’s existential crisis is that it needs to hook a new generation of kids. “They're trying to do everything possible to understand why people are leaving,” said one former engineer.</a><br> https://www.whatsupup.com/blog/boxed/modification/20211005-001625/ Tue, 05 Oct 2021 00:16:25 +0000 https://www.whatsupup.com/blog/boxed/modification/20211005-001625/ should have a converting constructor from<br> initializer_list<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#llvm">llvm</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#parameter-only-types">parameter-only-types</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#proposal">proposal</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#wg21">wg21</a><br> C++17 introduced<br> std::string_view<br> as a “parameter-only” drop-in replacement for<br> const std::string&<br> . This allows us to make clean refactorings such as:<br> https://www.whatsupup.com/blog/ideo/fleury/20211005-000733/ Tue, 05 Oct 2021 00:07:32 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211005-000733/ Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages. We don’t yet know why this happened, but the how is clear: Earlier this morning, something inside Facebook caused the company to revoke key digital records that tell computers and other Internet-enabled devices how to find these destinations online.<br> Kentik’s view of the Facebook, Instagram and WhatsApp outage.<br> Doug Madory is director of internet analysis at <a rel="noreferrer" target="_blank" href="https://www.kentik.com/analysis/facebook-suffers-global-outage/">Kentik</a> , a San Francisco-based network monitoring company. Madory said at approximately 11:39 a.m. ET today (15:39 UTC), someone at Facebook caused an update to be made to the company’s Border Gateway Protocol (BGP) records. BGP is a mechanism by which Internet service providers of the world share information about which providers are responsible for routing Internet traffic to which specific groups of Internet addresses.<br> In simpler terms, sometime this morning Facebook took away the map telling the world’s computers how to find its various online properties. As a result, when one types Facebook.com into a web browser, the browser has no idea where to find Facebook.com, and so returns an error page.<br> In addition to stranding billions of users, the Facebook outage also has stranded its employees from communicating with one another using their internal Facebook tools. That’s because Facebook’s email and tools are all managed in house and via the same domains that are now stranded.<br> “Not only are Facebook’s services and apps down for the public, its internal tools and communications platforms, including Workplace, are out as well,” New York Times tech reporter Ryan Mac <a rel="noreferrer" target="_blank" href="https://twitter.com/RMac18/status/1445069187664293895">tweeted</a> . “No one can do any work. Several people I’ve talked to said this is the equivalent of a ‘snow day’ at the company.”<br> The outages come just hours after CBS’s 60 Minutes aired <a rel="noreferrer" target="_blank" href="https://www.cbsnews.com/news/facebook-whistleblower-frances-haugen-misinformation-public-60-minutes-2021-10-03/">a much-anticipated interview</a> with Frances Haugen , the Facebook whistleblower who recently leaked a number of internal Facebook investigations showing the company knew its products were causing mass harm, and that it prioritized profits over taking bolder steps to curtail abuse on its platform — including disinformation and hate speech.<br> We don’t know how or why the outages persist at Facebook and its other properties, but the changes had to have come from inside the company, as Facebook manages those records internally. Whether the changes were made maliciously or by accident is anyone’s guess at this point.<br> Madory said it could be that someone at Facebook just screwed up.<br> “In the past year or so, we’ve seen a lot of these big outages where they had some sort of update to their global network configuration that went awry,” Madory said. “We obviously can’t rule out someone hacking them, but they also could have done this to themselves.”<br> Update, 4:37 p.m. ET: Sheera Frenkel with The New York Times <a rel="noreferrer" target="_blank" href="https://twitter.com/sheeraf/status/1445099150316503057">tweeted</a> that Facebook employees told her they were having trouble accessing Facebook buildings because their employee badges no longer worked. That could be one reason this outage has persisted so long: Facebook engineers may be having trouble physically accessing the computer servers needed to upload new BGP records to the global Internet.<br> Update, 6:16 p.m. ET: A trusted source who spoke with a person on the recovery effort at Facebook was told the outage was caused by a routine BGP update gone wrong. The source explained that the errant update blocked Facebook employees — the majority of whom are working remotely — from reverting the changes. Meanwhile, those with physical access to Facebook’s buildings couldn’t access Facebook’s internal tools because those were all tied to the company’s stranded domains.<br> In the meantime, several different domain registration companies listed the domain Facebook.com as up for sale. This happened thanks to automated systems that look for registered domains which appear to be expired, abandoned or recently vacated. There’s no reason to believe Facebook.com will actually be sold as a result, but it’s fun to consider how many billions of dollars it could fetch on the open market.<br> This is a developing story and will likely be updated throughout the day.<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp/">What Happened to Facebook, Instagram, & WhatsApp?</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20211003-081427/ Sun, 03 Oct 2021 08:14:27 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211003-081427/ From Cloud Wars (pricing, paradox, players) to Company Wars (public, private, M&A, activist investors) – @pmarca @martin_casado @smc90 debate & interview @MichaelDell on his upcoming new book "Play Nice But Win" and much more: <a rel="noreferrer" target="_blank" href="https://t.co/MI72LZaOsp"><a href="https://t.co/MI72LZaOsp">https://t.co/MI72LZaOsp</a></a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20211003-042137/ Sun, 03 Oct 2021 04:21:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20211003-042137/ Texas law sparks hundreds of protests against abortion restrictions <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/abortion-rights-advocates-will-march-across-us-protest-restrictive-laws-2021-10-02/">VIEW MORE</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20211003-041332/ Sun, 03 Oct 2021 04:13:32 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20211003-041332/ Slides for my All Things Open (ATO) talk <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/ato-linux-performance-2018">Linux Performance 2018</a> (it was not videoed) ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/ato-linux-performance-2018">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/ATO2018_Linux_Performance_2018.pdf">PDF</a> ) (2018).<br> https://www.whatsupup.com/blog/playacted/rededication/20211003-002356/ Sun, 03 Oct 2021 00:23:56 +0000 https://www.whatsupup.com/blog/playacted/rededication/20211003-002356/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/02/technology/whistle-blower-facebook-memo.html">Whistle-Blower to Accuse Facebook of Contributing to Jan. 6 Riot, Memo Says In an internal memo, Facebook defended itself and said that social media was not a primary cause of polarization. By Mike Isaac</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/10/01/technology/facebook-instagram-teenagers.html">Facebook Struggles to Quell Uproar Over Instagram’s Effect on Teens The social network has been all hands on deck as it grapples with revelations that it knew the harmful effects its Instagram photo-sharing app was having on teenagers. By Mike Isaac, Sheera Frenkel and Ryan Mac</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20211003-001958/ Sun, 03 Oct 2021 00:19:57 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20211003-001958/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-02678-1">NASA won’t rename James Webb telescope — and astronomers are angry</a><br></p> <hr> The agency found no evidence that the flagship observatory’s namesake was involved in anti-LGBT+ activities, but some say that Webb bears responsibility.<br> https://www.whatsupup.com/blog/phonic/shopboy/20211003-001420/ Sun, 03 Oct 2021 00:14:20 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211003-001420/ <p><a rel="noreferrer" target="_blank" href="https://future.a16z.com/podcasts/cloud-wars-company-wars-play-nice-but-win-michael-dell-book/">a16z Podcast: Cloud Wars & Company Wars</a><br></p> <hr> by <a rel="noreferrer" target="_blank" href="https://a16z.com/author/michael-dell/">Michael Dell</a> , <a rel="noreferrer" target="_blank" href="https://a16z.com/author/marc-andreessen/">Marc Andreessen</a> , <a rel="noreferrer" target="_blank" href="https://a16z.com/author/martin-casado/">Martin Casado</a> , and <a rel="noreferrer" target="_blank" href="https://a16z.com/author/sonal-chokshi/">Sonal Chokshi</a><br> <a rel="noreferrer" target="_blank" href="https://a16z.com/category/machine-learning/">AI, machine & deep learning</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://a16z.com/category/cloud-computing/">cloud computing</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://a16z.com/category/enterprise-b2b-saas/">enterprise & SaaS</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://a16z.com/category/open-source/">open source</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://a16z.com/advice-and-how-to/big-company-innovation/">big company innovation</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://a16z.com/advice-and-how-to/disruption-theory-practice/">disruption theory & practice</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://a16z.com/advice-and-how-to/how-innovation-happens/">how innovation happens</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://a16z.com/tag/cloud-growing-pains/">cloud growing pains</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://a16z.com/tag/cloud-infrastructure/">cloud infrastructure</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://a16z.com/tag/corporate-development/">corporate development</a><br> <hr> Michael Dell <a rel="noreferrer" target="_blank" href="https://twitter.com/MichaelDell">@MichaelDell</a><br> Super thoughtful and fun conversation with @martin_casado @pmarca @smc90. How to #PlayNiceButWin. All things clouds, edge, PC, public to private to public, @TedLasso , transformation, and should you drop out of college? <a rel="noreferrer" target="_blank" href="https://t.co/c0njTpeWp1">https://t.co/c0njTpeWp1</a><br> martin_casado <a rel="noreferrer" target="_blank" href="https://twitter.com/martin_casado">@martin_casado</a><br> So much fun chatting with @MichaelDell, @smc90 and @pmarca . Michael is the infra OG, and in many ways the last standing of the great founders that have seen every transformation since the PC. <p>Cloud Wars & Company Wars: Play Nice, But Win <a rel="noreferrer" target="_blank" href="https://t.co/z5OXXVYYYv"><a href="https://t.co/z5OXXVYYYv">https://t.co/z5OXXVYYYv</a></a><br></p> https://www.whatsupup.com/blog/bilateralistic/jungle/20211003-001315/ Sun, 03 Oct 2021 00:13:14 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20211003-001315/ For PerconaLive 2016, my <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=CbmEDXq7es0">Linux Systems Performance 2016</a> summary of this topic in 50 minutes ( <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=CbmEDXq7es0">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.slideshare.net/brendangregg/linux-systems-performance-2016">slideshare</a> ) (50 mins).<br> My JavaOne 2015 talk on <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=BHA65BqlqSk">Java Mixed-Mode Flame Graphs</a> introducing -XX:+PreserveFramePointer; as it wasn't officially recorded this is a capture from my laptop ( <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=BHA65BqlqSk">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.slideshare.net/brendangregg/javaone-2015-java-mixedmode-flame-graphs">slideshare</a> ) (2015).<br> My FreeBSD dev summit 2014 talk on <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=fMV1upo88Zw">Flame Graphs on FreeBSD</a> . Since this talk wasn't videoed, I captured it using screenflow from my laptop. It's better than nothing, and shows my live demos well. ( <a rel="noreferrer" target="_blank" href="https://www.brendangregg.com/blog/2015-03-10/freebsd-flame-graphs.html">postyoutube</a> ) (53 mins).<br> https://www.whatsupup.com/blog/gaper/whisky/20211001-225325/ Fri, 01 Oct 2021 22:53:24 +0000 https://www.whatsupup.com/blog/gaper/whisky/20211001-225325/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/10/mdn-web-docs-at-write-the-docs-prague-2021/">MDN Web Docs at Write the Docs Prague 2021 →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/10/mdn-web-docs-at-write-the-docs-prague-2021/">MDN Web Docs at Write the Docs Prague 2021</a><br> <hr> The MDN Web Docs team is pleased to sponsor Write the Docs Prague 2021, which is being held remotely this year. We’re excited to join hundreds of documentarians to learn more about collaborating with writers, developers, and readers to make better documentation. We plan to take part in all that the conference has to offer, including the Writing Day, Job Fair, and the virtual hallway track.<br> https://www.whatsupup.com/blog/ewing/undiscernibly/20211001-222733/ Fri, 01 Oct 2021 22:27:32 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20211001-222733/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/10/introducing-secure-open-source-pilot.html">Introducing the Secure Open Source Pilot Program</a><br></p> <hr> Posted by Meder Kydyraliev and Kim Lewandowski, Google Open Source Security Team<br> Over the past year we have made a number of investments to strengthen the security of critical open source projects, and recently announced our <a rel="noreferrer" target="_blank" href="https://blog.google/technology/safety-security/why-were-committing-10-billion-to-advance-cybersecurity/">$10 billion commitment to cybersecurity defense</a> including $100 million to support third-party foundations that manage open source security priorities and help fix vulnerabilities. Today, we are excited to announce our sponsorship for the <a rel="noreferrer" target="_blank" href="https://sos.dev/">Secure Open Source (SOS) pilot program</a> run by the Linux Foundation. This program financially rewards developers for enhancing the security of critical open source projects that we all depend on. We are starting with a $1 million investment and plan to expand the scope of the program based on community feedback.<br> Why SOS?<br> SOS rewards a very broad range of improvements that proactively harden critical open source projects and supporting infrastructure against application and supply chain attacks. To complement existing programs that reward vulnerability management, SOS’s scope is comparatively wider in the type of work it rewards, in order to support project developers.<br> What projects are in scope?<br> Since there is no one definition of what makes an open source project critical, our selection process will be holistic. During submission evaluation we will consider the guidelines established by the <a rel="noreferrer" target="_blank" href="https://www.nist.gov/system/files/documents/2021/06/25/EO%20Critical%20FINAL_1.pdf">National Institute of Standards and Technology’s definition</a> in response to the recent <a rel="noreferrer" target="_blank" href="https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/">Executive Order on Cybersecurity</a> along with criteria listed below:<br> The impact of the project:<br> How many and what types of users will be affected by the security improvements?<br> Will the improvements have a significant impact on infrastructure and user security?<br> If the project were compromised, how serious or wide-reaching would the implications be?<br> The project’s rankings in existing open source criticality research:<br> Is the project included in the <a rel="noreferrer" target="_blank" href="https://www.coreinfrastructure.org/programs/census-program-ii/">Havard 2 Census Study</a> of most-used packages, or does it have a score of 0.6 or above in the <a rel="noreferrer" target="_blank" href="https://github.com/ossf/criticality_score">OpenSSF Critically Score</a> project?<br> What security improvements qualify?<br> The program is initially focused on rewarding the following work:<br> Software supply chain security improvements including hardening CI/CD pipelines and distribution infrastructure. The <a rel="noreferrer" target="_blank" href="http://slsa.dev/">SLSA framework</a> suggests specific requirements to consider, such as basic provenance generation and verification.<br> Adoption of software artifact signing and verification. One option to consider is Sigstore's set of utilities (e.g. <a rel="noreferrer" target="_blank" href="https://github.com/sigstore/cosign">cosign</a> ).<br> Project improvements that produce higher <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard">OpenSSF Scorecard</a> results. For example, a contributor can follow remediation suggestions for the following Scorecard checks:<br> Code-Review<br> Branch-Protection<br> Pinned-Dependencies<br> Dependency-Update-Tool<br> Fuzzing<br> Use of <a rel="noreferrer" target="_blank" href="https://github.com/ossf/allstar">OpenSSF Allstar</a> and remediation of discovered issues.<br> Earning a <a rel="noreferrer" target="_blank" href="https://bestpractices.coreinfrastructure.org/">CII Best Practice Badge</a> (which also improves the Scorecard results).<br> We'll continue adding to the above list, so check our <a rel="noreferrer" target="_blank" href="https://sos.dev/#frequently-asked-questions">FAQ</a> for updates. You may also submit improvements not listed above, if you provide justification and evidence to help us understand the complexity and impact of the work. Only work completed after October 1, 2021 qualifies for SOS rewards. Upfront funding is available on a limited case by case basis for impactful improvements of moderate to high complexity over a longer time span. Such requests should explain why funding is required upfront and provide a detailed plan of how the improvements will be landed.<br> How to participate<br> Review our <a rel="noreferrer" target="_blank" href="https://sos.dev/#frequently-asked-questions">FAQ</a> and fill out <a rel="noreferrer" target="_blank" href="https://docs.google.com/forms/d/e/1FAIpQLSdm8YFKTKHxcYiAyCH8Q9t5mor6jrucYKTp0J9pI60F4zvaqQ/viewform">this form</a> to submit your application. Please include as much data or supporting evidence as possible to help us evaluate the significance of the project and your improvements.<br> Reward amounts<br> Reward amounts are determined based on complexity and impact of work:<br> $10,000 or more for complicated, high-impact and lasting improvements that almost certainly prevent major vulnerabilities in the affected code or supporting infrastructure.<br> $5,000-$10,000 for moderately complex improvements that offer compelling security benefits.<br> $1,000-$5,000 for submissions of modest complexity and impact.<br> $505 for small improvements that nevertheless have merit from a security standpoint.<br> Looking Ahead<br> The SOS program is part of a broader effort to address a growing truth: the world relies on open source software, but widespread support and financial contributions are necessary to keep that software safe and secure. This $1 million investment is just the beginning—we envision the SOS pilot program as the starting point for future efforts that will hopefully bring together other large organizations and turn it into a sustainable, long-term initiative under the OpenSSF. We welcome <a rel="noreferrer" target="_blank" href="mailto:sos-rewards@googlegroups.com">community feedback</a> and interest from others who want to contribute to the SOS program. Together we can pool our support to give back to the open source community that makes the modern internet possible.<br> https://www.whatsupup.com/blog/ideo/fleury/20211001-213005/ Fri, 01 Oct 2021 21:30:05 +0000 https://www.whatsupup.com/blog/ideo/fleury/20211001-213005/ The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/category/sim-swapping/">SIM swapping</a> and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identity.<br> In a long-overdue <a rel="noreferrer" target="_blank" href="https://www.fcc.gov/document/fcc-combating-scams-used-commandeer-consumers-cell-phone-accounts">notice issued Sept. 30</a> , the FCC said it plans to move quickly on requiring the mobile companies to adopt more secure methods of authenticating customers before redirecting their phone number to a new device or carrier.<br> “We have received numerous complaints from consumers who have suffered significant distress, inconvenience, and financial harm as a result of <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/category/sim-swapping/">SIM swapping</a> and port-out fraud,” the FCC wrote. “Because of the serious harms associated with SIM swap fraud, we believe that a speedy implementation is appropriate.”<br> The FCC said the proposal was in response to a flood of complaints to the agency and the U.S. Federal Trade Commission (FTC) about fraudulent SIM swapping and <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2018/02/how-to-fight-mobile-number-port-out-scams/">number port-out fraud</a> . SIM swapping happens when the fraudsters trick or bribe an employee at a mobile phone store into transferring control of a target’s phone number to a device they control.<br> From there, the attackers can reset the password for almost any online account tied to that mobile number, because most online services still allow people to reset their passwords simply by clicking a link sent via SMS to the phone number on file.<br> Scammers commit number port-out fraud by posing as the target and requesting that their number be transferred to a different mobile provider (and to a device the attackers control).<br> The FCC said the carriers have traditionally sought to address both forms of phone number fraud by requiring static data about the customer that is no longer secret and has been exposed in a variety of places already — such as date of birth and Social Security number. By way of example, the commission pointed to <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/t-mobile-breach-exposed-ssn-dob-of-40m-people/">the recent breach at T-Mobile that exposed this data on 40 million current, past and prospective customers</a> .<br> What’s more, victims of SIM swapping and number port-out fraud are often the last to know about their victimization. The FCC said it plans to prohibit wireless carriers from allowing a SIM swap unless the carrier uses a secure method of authenticating its customer. Specifically, the commission proposes that carriers be required to verify a “pre-established password” with customers before making any changes to their accounts.<br> According to the FCC, several examples of pre-established passwords include:<br> -a one-time passcode sent via text message to the account phone number or a pre-registered backup number -a one-time passcode sent via email to the email address associated with the account -a passcode sent using a voice call to the account phone number or pre-registered back-up telephone number.<br> The commission said it was also considering updating its rules to require wireless carriers to develop procedures for responding to failed authentication attempts and to notify customers immediately of any requests for SIM changes. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/fcc-proposal-targets-sim-swapping-port-out-fraud/#more-57174">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/10/fcc-proposal-targets-sim-swapping-port-out-fraud/">FCC Proposal Targets SIM Swapping, Port-Out Fraud</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20211001-081221/ Fri, 01 Oct 2021 08:12:20 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20211001-081221/ Brian Armstrong <a rel="noreferrer" target="_blank" href="https://twitter.com/brian_armstrong">@brian_armstrong</a><br> 13/ I should add: a big thank you to the many employees who stepped in to fill the gaps that were left as our colleagues departed, working nights and weekends to ensure we continued to serve our customers. This was heroic and awesome to see.<br> 12/ It's incredibly difficult to do, but if you stand up and say what you really think, it may turn out better than you thought. Saying this advice for myself as much as anyone else - there will be many more challenges ahead.<br> 11/ For leaders out there, think about any area where you aren't being 100% authentic, and instead are trying to keep the peace, or say what you think people want to hear.<br> https://www.whatsupup.com/blog/stratification/pride/20211001-041905/ Fri, 01 Oct 2021 04:19:05 +0000 https://www.whatsupup.com/blog/stratification/pride/20211001-041905/ Sarah Gailey is one of science fiction's great new talents and their 2019 debut novel <a rel="noreferrer" target="_blank" href="https://boingboing.net/2019/06/04/magic-r-us.html">Magic for Liars</a> was incredibly strong; now they're back with <a rel="noreferrer" target="_blank" href="https://amzn.to/37tiiSl">Upright Women Wanted</a> , a feminist, genderqueer science fiction western novel about gun-toting roving librarians who are secretly the heart of an antifascist resistance. <a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/02/04/unauthorized-materials.html#more-753714">(more…)</a><br> In 1979, construction concluded on the Awhatukee House of the Future, a $1.2m model home in the new Phoenix suburb of Ahwatukee Village, co-built with input from Frank Lloyd Wright's Taliesin Associated Architects and equipped with 10 networked Motorola processors that retailed for $30,000. <a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/01/28/white-cyberelephant.html#more-765576">(more…)</a><br> Burbank librarian Sarah McKinley Oakes ( <a rel="noreferrer" target="_blank" href="https://boingboing.net/?s=%22remains%20of%20la%22">previously</a> ) also nannies for a six year old whose parents are French Stewart — from Third Rock from the Sun — and the actor <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Vanessa_Claire_Stewart">Vanessa Claire Smith</a> . Smith and Oakes have a friendly, normal relationship, but when it comes to French Stewart, things are awesomely weird. <a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/01/28/hotel-california.html#more-765572">(more…)</a><br> In 2019 the Pennsylvania Attorney General published a 900-page grand jury report on sexual predators in the Catholic Church and the coverups the church and its official had undertaken; at the time, the church promised to end the coverup and engage in truth and reconciliation with the parishoners who'd been preyed upon by clergy. <a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/01/28/credibly-accused.html#more-765526">(more…)</a><br> Network administration prof and infrastructure security architect Jan Schaumann has compiled a list of 88 "ops lessons we all learn the hard way" (e.g.: "Any sufficiently successful product launch is indistinguishable from a DDoS; any sufficiently advanced user indistinguishable from an attacker.") <a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/01/28/etc-hosts-solves-nothing.html#more-765501">(more…)</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20211001-041829/ Fri, 01 Oct 2021 04:18:28 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20211001-041829/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/elon-musks-philosophical-musings">Elon Musk’s Philosophical Musings On Space (And Other Observations From Code Conference)</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/elon-musks-philosophical-musings">Musk on space and taxes, Satya Nadella on TikTok, Marc Benioff on the workplace, and more.</a><br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/completely-running-blind-apples-power">“Completely Running Blind.” Apple’s Power Move To Kneecap Facebook Ads Is Working.</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/completely-running-blind-apples-power">Facebook can survive its scandals, but Apple’s anti-tracking initiative is doing meaningful damage to its business, according to the company and its ad…</a><br> https://www.whatsupup.com/blog/nuncle/haw/20211001-041707/ Fri, 01 Oct 2021 04:17:06 +0000 https://www.whatsupup.com/blog/nuncle/haw/20211001-041707/ args : ["-h", “http://localhost:9090/metrics”, “-i”, “10s”, “-s”, “http://veneur-global:8127”]<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210930-201751/ Thu, 30 Sep 2021 20:17:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210930-201751/ U.S. House votes to approve stopgap funding bill to avoid government shutdown Friday, sending bill to Biden <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/us-house-approves-bill-avert-government-shutdown-2021-09-30/">VIEW MORE</a><br> https://www.whatsupup.com/blog/sited/implore/20210930-201722/ Thu, 30 Sep 2021 20:17:21 +0000 https://www.whatsupup.com/blog/sited/implore/20210930-201722/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/09/30/technology/facebook-senate-hearing.html">Facebook Grilled by Senators Over Its Effect on Children The company faces accusations that it hid research showing the mental and emotional harm that Instagram, its photo-sharing app, has on teenagers. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/boxed/modification/20210930-201511/ Thu, 30 Sep 2021 20:15:11 +0000 https://www.whatsupup.com/blog/boxed/modification/20210930-201511/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#jokes">jokes</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#litclub">litclub</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#math">math</a><br> In my CppCon 2015 talk <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=jfDRgnxDe7o">“Futures from Scratch,”</a> I mentioned in passing that <a rel="noreferrer" target="_blank" href="https://en.cppreference.com/w/cpp/experimental/when_any">std::experimental::when_any</a> , when given an empty list of futures, returns a ready future, instead of blocking forever (which would be the mathematically correct result, I said). This morning a YouTube commenter said, well, it isn’t that weird, because the condition “ any single future is ready” is in some sense a “weaker” condition than “ all of the futures are ready.” This reminded me of a Wizard of Id comic from my youth:<br> https://www.whatsupup.com/blog/baldish/wince/20210930-200822/ Thu, 30 Sep 2021 20:08:22 +0000 https://www.whatsupup.com/blog/baldish/wince/20210930-200822/ Software Engineer and Computer Scientist dedicated to creativity and excellence in computing<br> https://www.whatsupup.com/blog/ideo/fleury/20210930-200630/ Thu, 30 Sep 2021 20:06:30 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210930-200630/ In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.<br> An ad for the OTP interception service/bot “SMSRanger.”<br> Many websites now require users to supply both a password and a numeric code/OTP token sent via text message, or one generated by mobile apps like Authy and Google Authenticator . The idea is that even if the user’s password gets stolen, the attacker still can’t access the user’s account without that second factor — i.e. without access to the victim’s mobile device or phone number.<br> The OTP interception service <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/02/u-k-arrest-in-sms-bandits-phishing-service/">featured earlier this year</a> — Otp[.]agency — advertised a web-based bot designed to trick targets into giving up OTP tokens. This service (and all others mentioned in this story) assumes the customer already has the target’s login credentials through some means.<br> OTP Agency customers would enter a target’s phone number and name, and then the service would initiate an automated phone call that alerts that person about unauthorized activity on their account. The call would prompt the target to enter an OTP token generated by their phone’s mobile app (“for authentication purposes”), and that code would then get relayed back to the bad guy customers’ panel at the OTP Agency website.<br> OTP Agency <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2021/09/otp-bye.png">took itself offline</a> within hours of that story. But according to research from cyber intelligence firm <a rel="noreferrer" target="_blank" href="https://www.intel471.com">Intel 471</a> , multiple new OTP interception services have emerged to fill that void. And all of them operate via Telegram , a cloud-based instant messaging system.<br> “Intel 471 has seen an uptick in services on the cybercrime underground that allow attackers to intercept one-time password (OTP) tokens,” the company wrote in <a rel="noreferrer" target="_blank" href="https://intel471.com/blog/otp-password-bots-telegram">a blog post today</a> . “Over the past few months, we’ve seen actors provide access to services that call victims, appear as a legitimate call from a specific bank and deceive victims into typing an OTP or other verification code into a mobile phone in order to capture and deliver the codes to the operator. Some services also target other popular social media platforms or financial services, providing email phishing and SIM swapping capabilities.”<br> Intel471 says one new Telegram OTP bot called “ SMSRanger ” is popular because it’s remarkably easy to use, and probably because of the many testimonials posted by customers who seem happy with its frequent rate of success in extracting OTP tokens when the attacker already has the target’s “fullz,” personal information such as Social Security number and date of birth. From their analysis:<br> “Those who pay for access can use the bot by entering commands similar to how bots are used on popular workforce collaboration tool Slack. A simple slash command allows a user to enable various ‘modes’ — scripts aimed as various services — that can target specific banks, as well as PayPal, Apple Pay, Google Pay, or a wireless carrier.<br> Once a target’s phone number has been entered, the bot does the rest of the work, ultimately granting access to whatever account has been targeted. Users claim that SMSRanger has an efficacy rate of about 80% if the victim answered the call and the full information (fullz) the user provided was accurate and updated.”<br> Another OTP interception service called SMS Buster requires a tad more effort from a customer, Intel 471 explains:<br> “The bot provides options to disguise a call to make it appear as a legitimate contact from a specific bank while letting the attackers choose to dial from any phone number. From there, an attacker could follow a script to trick a victim into providing sensitive details such as an ATM personal identification number (PIN), card verification value (CVV) and OTP, which could then be sent to an individual’s Telegram account. The bot, which was used by attackers targeting Canadian victims, gives users the chance to launch attacks in French and English.”<br> These services are springing up because they work and they’re profitable. And they’re profitable because far too many websites and services funnel users toward multi-factor authentication methods that can be intercepted, spoofed, or misdirected — like SMS-based one-time codes, or even app-generated OTP tokens. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/the-rise-of-one-time-password-interception-bots/#more-57147">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/the-rise-of-one-time-password-interception-bots/">The Rise of One-Time Password Interception Bots</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210929-081805/ Wed, 29 Sep 2021 08:18:05 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210929-081805/ Former foreign minister Fumio Kishida to become Japan's next prime minister after winning ruling party election <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific/japans-ruling-party-votes-new-leader-who-will-almost-certainly-be-next-pm-2021-09-28/">VIEW MORE</a><br> https://www.whatsupup.com/blog/effete/washstand/20210929-042155/ Wed, 29 Sep 2021 04:21:54 +0000 https://www.whatsupup.com/blog/effete/washstand/20210929-042155/ <p><a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-i-accidentally-built-a-podcast-api-business-46/">How I accidentally built a Podcast API business Dec. 6, 2020 · In this article, I’ll share with you the journey of building this API business, the technology behind it, and hopefully you can learn one thing or two and build your own API business in the future. Read more…</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/what-is-listen-notes-why-does-listen-notes-need-45/">What is Listen Notes? Why does Listen Notes need to make money? Oct. 2, 2020 · Essentially, Listen Notes is an independent podcast database that has three UIs (User Interface) to access the data. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-notes-for-chrome-28/">Listen Notes for Chrome Dec. 1, 2019 · We just launched a Chrome extension! You can search podcasts / episodes right from your Chrome browser without opening ListenNotes.com. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-explorer-get-similar-podcasts-40/">Listen Explorer: Get similar podcasts Jan. 22, 2019 · The idea is simple: You pick a few podcasts, and you’ll get recommendations for similar podcasts. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-real-time-like-google-analytics-real-time-37/">Listen Real-Time: Like Google Analytics Real-Time, but for podcast episodes Dec. 30, 2018 · Everyone’s saying “podcast discovery is broken”. Okay, here’s another way to discover podcasts — Check out what other people are listening to right now. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/just-listentm-a-simple-podcast-app-for-the-99-36/">Just Listen™: A simple podcast app for the 99% Dec. 20, 2018 · A very simple & very opinionated podcast app from Listen Notes: Just Listen™!! Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/postmortem-on-apr-22-2018-outage-30/">Postmortem on Apr 22, 2018 outage April 26, 2018 · On Apr 22, 2018, Listen Notes website was down for ~4 hours and I lost 10 hours production data. This is the biggest outage since I launched Listen Notes as a side project last year. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/the-boring-technology-behind-a-one-person-23/">The boring technology behind a one-person Internet company Jan. 24, 2018 · The tech stack of Listen Notes, the best podcast search engine and database. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/my-y-combinator-interview-experience-w18-22/">My Y Combinator interview experience (W18) Jan. 12, 2018 · I want to be transparent on the process of building Listen Notes, as a product and as a company. If eventually I declare failure of this startup thing, these written documents may still benefit people who come from Google search :) Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-later-tm-is-like-instapaper-or-pocket-but-29/">Listen Later ™ is like Instapaper or Pocket, but for podcasts! Dec. 19, 2017 · I just built a simple feature, called Listen Later. You can tell what it is from the name :) Yes, it’s like “Watch Later” on YouTube or “Read Later” on Pocket. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-do-people-use-listen-notes-26/">How do people use Listen Notes? Nov. 12, 2017 · I’ve got a bunch of emails from Listen Notes users. Now I have a better understanding what people use Listen Notes for. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/migrating-listen-notes-servers-to-aws-25/">Migrating Listen Notes servers to AWS Oct. 28, 2017 · Well, Listen Notes was a side project of mine. I run all my side projects on Digital Ocean, because it’s cheap & convenient to set up. I decided to migrate the whole backend infrastructure to AWS. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/podcast-in-2017-is-just-like-web-in-1997-24/">Podcast in 2017 is just like Web in 1997 Oct. 9, 2017 · Podcast in 2017 & web in 1997 are similar in three aspects: number of users, ad spendings, and contents. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-use-listen-notes-from-chrome-address-bar-21/">How to use Listen Notes from Chrome address bar? Oct. 3, 2017 · Click “Add” in the “Other search engines” section. Fill these three things. Read more...</a><br> https://www.whatsupup.com/blog/gigabit/polenta/20210929-042121/ Wed, 29 Sep 2021 04:21:21 +0000 https://www.whatsupup.com/blog/gigabit/polenta/20210929-042121/ Aug 26, 2015<br> https://www.whatsupup.com/blog/playacted/rededication/20210929-042030/ Wed, 29 Sep 2021 04:20:30 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210929-042030/ Aug. 31, 2021<br> https://www.whatsupup.com/blog/traveling/splay/20210929-041944/ Wed, 29 Sep 2021 04:19:43 +0000 https://www.whatsupup.com/blog/traveling/splay/20210929-041944/ Aug. 3, 2021<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210929-041744/ Wed, 29 Sep 2021 04:17:44 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210929-041744/ Sep 23 2021<br> https://www.whatsupup.com/blog/sited/implore/20210929-041739/ Wed, 29 Sep 2021 04:17:39 +0000 https://www.whatsupup.com/blog/sited/implore/20210929-041739/ Aug. 19, 2021<br> https://www.whatsupup.com/blog/seer/hemisphere/20210929-041634/ Wed, 29 Sep 2021 04:16:34 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210929-041634/ Scientists searching for extraterrestrial life should narrow their hunt to stars and planetary systems that have an occasional view of Earth as it passes in front of the Sun.<br> Books & Arts 16 Mar 2021<br> Comments & Opinion 01 Feb 2021<br> https://www.whatsupup.com/blog/veld/paternal/20210929-041550/ Wed, 29 Sep 2021 04:15:50 +0000 https://www.whatsupup.com/blog/veld/paternal/20210929-041550/ Eben Upton - 1st Jun 2021 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/raspberry-pi-rp2040-on-sale/#comments">28 comments</a><br> Eben Upton - 2nd Nov 2020 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/raspberry-pi-400-the-70-desktop-pc/#comments">453 comments</a><br> https://www.whatsupup.com/blog/airbrush/misogynic/20210929-041425/ Wed, 29 Sep 2021 04:14:25 +0000 https://www.whatsupup.com/blog/airbrush/misogynic/20210929-041425/ <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2020/03/mastering-embedded-linux-part-4-adding-features/">Mastering Embedded Linux, Part 4: Adding Features</a> Mar 11, 2020 How to make your embedded system do something useful<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2020/02/trying-the-allwinner-f1c200s/">Trying the Allwinner F1C200s</a> Feb 29, 2020 Continuing experiments with inexpensive Allwinner processors<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2020/01/the-wave-particle-duality-of-git-commits/">The Wave/Particle Duality of Git Commits</a> Jan 20, 2020 Yet another way to think of<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2020/01/mastering-embedded-linux-part-3-buildroot/">Mastering Embedded Linux, Part 3: Buildroot</a> Jan 14, 2020 Compiling a Linux OS from source code with the Buildroot distribution<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2019/12/mastering-embedded-linux-part-2-hardware/">Mastering Embedded Linux, Part 2: Hardware</a> Dec 28, 2019 Diving deeper into the hardware powering cheap embedded Linux systems<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2019/12/designing-my-linux-business-card/">Designing My Linux-Powered Business Card</a> Dec 23, 2019 Behind-the-scenes build log for my Linux-powered business card<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2019/12/my-business-card-runs-linux/">My Business Card Runs Linux</a> Dec 23, 2019 In which I build a Linux computer cheap enough to give away<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2019/08/mastering-embedded-linux-part-1-concepts/">Mastering Embedded Linux, Part 1: Concepts</a> Aug 25, 2019 A high-level introduction to concepts in hacking cheap embedded Linux systems<br> https://www.whatsupup.com/blog/novice/millrace/20210929-041339/ Wed, 29 Sep 2021 04:13:39 +0000 https://www.whatsupup.com/blog/novice/millrace/20210929-041339/ <a rel="noreferrer" target="_blank" href="https://mooseyanon.medium.com/github-f-ck-your-name-change-de599033bbbe?source=user_profile---------0----------------------------">Mar 16</a><br> https://www.whatsupup.com/blog/alamode/heartsore/20210929-041131/ Wed, 29 Sep 2021 04:11:31 +0000 https://www.whatsupup.com/blog/alamode/heartsore/20210929-041131/ <a rel="noreferrer" target="_blank" href="https://github.com/jimio">jimio</a> on 10 Aug 2021<br> <a rel="noreferrer" target="_blank" href="https://github.com/jlund">jlund</a> on 04 Feb 2021<br> <a rel="noreferrer" target="_blank" href="https://github.com/greggcorp">greggcorp</a> on 26 Oct 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/peter-signal">peter-signal</a> on 20 Oct 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/imperiopolis">imperiopolis</a> on 09 Jun 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/alan-signal">alan-signal</a> on 13 Jan 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/scottnonnenberg">scottnonnenberg</a> on 31 Oct 2017<br> <a rel="noreferrer" target="_blank" href="https://github.com/liliakai">liliakai</a> on 07 Apr 2016<br> <a rel="noreferrer" target="_blank" href="https://github.com/riyapenn">riyapenn</a> on 18 Aug 2015<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/greggawatt">greggawatt</a> on 31 Jan 2015<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/lconnolly">lconnolly</a> on 30 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/rhodey">rhodey</a> on 29 Jan 2015<br> on 28 Jan 2015<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/kmonkeyjam">kmonkeyjam</a> on 26 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/joyceyan">joyceyan</a> on 24 Jan 2015<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/jackflips">jackflips</a> on 23 Jan 2015<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/uxyoko">uxyoko</a> on 22 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/rileyjshaw">rileyjshaw</a> on 21 Jan 2015<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/jessysaurusrex">jessysaurusrex</a> on 20 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/trevp">trevp</a> on 18 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/abolishme">abolishme</a> on 17 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/corbett">corbett</a> on 16 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/TheBlueMatt">TheBlueMatt</a> on 15 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/elchao96">elchao96</a> on 14 Jan 2015<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/turtlekiosk">turtlekiosk</a> on 13 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/meskio">meskio</a> on 12 Jan 2014<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/corbett">corbett</a> on 10 Jan 2014<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/mkhandekar">mkhandekar</a> on 09 Jan 2014<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/liliakai">liliakai</a> on 08 Jan 2014<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/mcginty">mcginty</a> on 07 Jan 2014<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/meskio">meskio</a> on 22 Oct 2013<br> <a rel="noreferrer" target="_blank" href="https://github.com/emblem">emblem</a> on 30 Mar 2013<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/abolishme">abolishme</a> on 29 Mar 2013<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/rhodey">rhodey</a> on 26 Mar 2013<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/isislovecruft">isislovecruft</a> on 25 Mar 2013<br> https://www.whatsupup.com/blog/rat/realty/20210929-041110/ Wed, 29 Sep 2021 04:11:10 +0000 https://www.whatsupup.com/blog/rat/realty/20210929-041110/ <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2021/08/26/qrencoding.html">Efficient QR codes</a> (26 Aug 2021)<br> <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2020/12/23/acvp.html">ACVP</a> (23 Dec 2020)<br> <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2020/09/06/20yearsago.html">Letter to 20 years ago</a> (06 Sep 2020)<br> <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2019/10/30/pqsivssl.html">Real-world measurements of structured-lattices and supersingular isogenies in TLS</a> (30 Oct 2019)<br> <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2019/08/10/ctap2features.html">Username (and password) free login with security keys</a> (10 Aug 2019)<br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210929-041101/ Wed, 29 Sep 2021 04:11:01 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210929-041101/ An article for ACMQ, also published by <a rel="noreferrer" target="_blank" href="http://cacm.acm.org/magazines/2010/7/95062-visualizing-system-latency/fulltext">CACM</a> , on <a rel="noreferrer" target="_blank" href="http://queue.acm.org/detail.cfm?id=1809426">Visualizing System latency</a> using latency heat maps (2010). This includes interesting latency heat maps I had found using Sun Storage Analytics, including the <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-03-12/latency-art-rainbow-pterodactyl.html">Rainbow Pterodactyl</a> and the <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-06-12/latency-art-x-marks-the-spot.html">Icy Lake</a> . This was pioneering work, and it took several years for latency heat maps to appear in other performance analysis products.<br> Posts showing new (and interesting) performance visualizations using Sun Storage Analytics, especially latency heat maps: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-03-12/latency-art-rainbow-pterodactyl.html">Latency Art: Rainbow Pterodactyl</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-03-17/heat-map-analytics.html">Heat Map Analytics</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-06-12/latency-art-x-marks-the-spot.html">Latency Art: X marks the spot</a> (2009).<br> Visualizing <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-02-06/dram-latency.html">DRAM Latency</a> using latency heat maps from Sun Storage Analytics (2009).<br> Demonstrating the Kstat/DTrace-based Analytics tool from the Sun Storage 7000 product: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/2008-12-31/jbod-analytics-example.html">JBOD Analytics Example</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-02-23/networking-analytics-example.html">Networking Analytics Example</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-11-17/nfs-analytics-example.html">NFS Analytics example</a> (2008-9).<br> Posts demonstrating the performance limits of the Sun Storage 7000 series of ZFS-based storage appliance I was working on, as well as our Analytics observability tool: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2008-12-02/a-quarter-million-nfs-iops.html">A quarter million NFS IOPS</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2008-12-15/up-to-2gbs-nfs.html">Up to 2 Gbytes/sec NFS</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-01-09/1gbs-nfs-from-disk.html">1 Gbyte/sec NFS, streaming from disk</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-01-09/my-sun-storage-7410-perf-limits.html">My Sun Storage 7410 perf limits</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-03-03/cifs-at-1gbs.html">CIFS at 1 Gbyte/sec</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-05-27/my-sun-storage-7310-perf-limits.html">My Sun Storage 7310 perf limits</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-10-08/hybrid-storage-pool-top-speeds.html">Hybrid Storage Pool: Top Speeds</a> (2008-9).<br> Slides for <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/CEC2008_fishworks_overview.pdf">Fishworks Overview</a> (PDF) at CEC2008 with Cindi McGuire, where we introduced the first ZFS-based storage appliance, the Sun Storage 7000 series. Fishworks was the team that developed it. We worked at a private site, setup to mimic a San Francisco startup.<br> The original <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2008-07-22/zfs-l2arc.html">ZFS L2ARC</a> post (2008) and later <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2009-01-30/l2arc-screenshots.html">L2ARC Screenshots</a> (2009). Since code changes were public each night, my <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Solaris/l2arc_comment.txt">block comment</a> in usr/src/uts/common/fs/zfs/arc.c (added in Nov 2007) disguised the then-secret intent of this technology by listing "short-stroked disks" as the first intended device, instead of SSDs.<br> I wrote the original <a rel="noreferrer" target="_blank" href="https://docs.oracle.com/cd/E22471_01/pdf/820-4167.pdf">Sun ZFS Storage 7000 admin guide</a> and online help, and while doing so created the most advanced content system within Sun Microsystems: A content wiki that could auto-generate Sun-styled PDFs and other formats, allowing versions to be built in seconds instead of the usual 2-week process. This 2010 version has many updates from other staff (I've yet to find my original 2008 PDF) (2008).<br> Slides for the OSCON 2007 talk <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/OSCON2007_Observability_DTrace_Twitter.pdf">Observability Matters: How DTrace Helped Twitter</a> by Adam Leventhal and myself. At the time, Twitter was a one-year old startup running on Solaris with crippling performance issues, and Sun's top engineering team (including Adam and myself) visited the SF headquarters to help. This summaries findings by the team (2007).<br> My <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/zones.html">Solaris 10 Zones</a> page from 2005, where I developed models for configuring Zones with Resource Controls. This was pioneering work for the performance isolation of containers (nowadays the realm of Linux cgroups). I was not a Sun employee at the time. Sun later based their official docs on my work, without attribution (they were not allowed to include my home page URL in the official Sun references).<br> My old and unmaintained Unix and Sun Solaris material is labeled as being in my <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/crypt.html">Crypt</a> , and kept online for historical interest only. The Crypt containers a few extra things not listed above. (circa 2003-2005.)<br> Last updated: 20-Sep-2021 Created: 2001 About this site, and email address: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/email.html">here</a> Copyright 2021 Brendan Gregg, all rights reserved<br> https://www.whatsupup.com/blog/glooming/wrackful/20210929-040806/ Wed, 29 Sep 2021 04:08:06 +0000 https://www.whatsupup.com/blog/glooming/wrackful/20210929-040806/ 14 Sep 2021<br> https://www.whatsupup.com/blog/ideo/fleury/20210929-040636/ Wed, 29 Sep 2021 04:06:35 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210929-040636/ Despite admitting to FBI agents that he ran these booter services (and turning over plenty of incriminating evidence in the process), Gatrel opted to take his case to trial, defended the entire time by public defenders. Facing the prospect of a hefty sentence if found guilty at trial, Martinez pleaded guilty on Aug. 26 to one count of unauthorized impairment of a protected computer.<br> In its Aug. 19 writeup, Cloudflare neglected to assign a name to the botnet behind the attack. But on Thursday DDoS protection firm Qrator Labs <a rel="noreferrer" target="_blank" href="https://blog.qrator.net/en/meris-botnet-climbing-to-the-record_142/">identified the culprit</a> — “Meris” — a new monster that first emerged at the end of June 2021.<br> https://www.whatsupup.com/blog/ideo/fleury/20210928-200615/ Tue, 28 Sep 2021 20:06:14 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210928-200615/ The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website.<br> The AirTag’s “Lost Mode” lets users alert Apple when an AirTag is missing. Setting it to Lost Mode generates a unique URL at <a href="https://found.apple.com">https://found.apple.com</a>, and allows the user to enter a personal message and contact phone number. Anyone who finds the AirTag and scans it with an Apple or Android phone will immediately see that unique Apple URL with the owner’s message.<br> When scanned, an AirTag in Lost Mode will present a short message asking the finder to call the owner at at their specified phone number. This information pops up without asking the finder to log in or provide any personal information. But your average Good Samaritan might not know this.<br> That’s important because Apple’s Lost Mode doesn’t currently stop users from injecting arbitrary computer code into its phone number field — such as code that causes the Good Samaritan’s device to visit a phony Apple iCloud login page.<br> A sample “Lost Mode” message. Image: Medium @bobbyrsec<br> The vulnerability was discovered and reported to Apple by <a rel="noreferrer" target="_blank" href="https://www.linkedin.com/in/bobby-rauch/">Bobby Rauch</a> , a security consultant and penetration tester based in Boston. Rauch told KrebsOnSecurity the AirTag weakness makes the devices cheap and possibly very effective physical trojan horses.<br> “I can’t remember another instance where these sort of small consumer-grade tracking devices at a low cost like this could be weaponized,” Rauch said.<br> Consider the scenario where an attacker drops a malware-laden USB flash drive in the parking lot of a company he wants to hack into. Odds are that sooner or later some employee is going to pick that sucker up and plug it into a computer — just to see what’s on it (the drive might even be labeled something tantalizing, like “Employee Salaries”).<br> If this sounds like a script from a James Bond movie, you’re not far off the mark. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/">A USB stick with malware</a> is very likely how U.S. and Israeli cyber hackers got the infamous <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Stuxnet">Stuxnet worm</a> into the internal, air-gapped network that powered Iran’s nuclear enrichment facilities a decade ago. In 2008, a cyber attack <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/2008_cyberattack_on_United_States">described</a> at the time as “the worst breach of U.S. military computers in history” was traced back to a USB flash drive left in the parking lot of a U.S. Department of Defense facility.<br> In the modern telling of this caper, a weaponized AirTag tracking device could be used to redirect the Good Samaritan to a phishing page, or to a website that tries to foist malicious software onto her device.<br> Rauch contacted Apple about the bug on June 20, but for three months when he inquired about it the company would say only that it was still investigating. Last Thursday, the company sent Rauch a follow-up email stating they planned to address the weakness in an upcoming update, and in the meantime would he mind not talking about it publicly?<br> Rauch said Apple never acknowledged basic questions he asked about the bug, such as if they had a timeline for fixing it, and if so whether they planned to credit him in the accompanying security advisory. Or whether his submission would qualify for Apple’s “bug bounty” program, which promises financial rewards of up to $1 million for security researchers who report security bugs in Apple products.<br> Rauch said he’s reported many software vulnerabilities to other vendors over the years, and that Apple’s lack of communication prompted him <a rel="noreferrer" target="_blank" href="https://medium.com/@bobbyrsec/6997da43a216">to go public with his findings</a> — even though Apple says staying quiet about a bug until it is fixed is how researchers qualify for recognition in security advisories.<br> “I told them, ‘I’m willing to work with you if you can provide some details of when you plan on remediating this, and whether there would be any recognition or bug bounty payout’,” Rauch said, noting that he told Apple he planned to publish his findings within 90 days of notifying them. “Their response was basically, ‘We’d appreciate it if you didn’t leak this.'”<br> Rauch’s experience echoes that of other researchers interviewed in <a rel="noreferrer" target="_blank" href="https://www.washingtonpost.com/technology/2021/09/09/apple-bug-bounty/">a recent Washington Post article</a> about how not fun it can be to report security vulnerabilities to Apple, a notoriously secretive company. The common complaints were that Apple is slow to fix bugs and doesn’t always pay or publicly recognize hackers for their reports, and that researchers often receive little or no feedback from the company. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/apple-airtag-bug-enables-good-samaritan-attack/#more-57118">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/apple-airtag-bug-enables-good-samaritan-attack/">Apple AirTag Bug Enables ‘Good Samaritan’ Attack</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210928-161757/ Tue, 28 Sep 2021 16:17:57 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210928-161757/ Accused Atlanta-area spa shooter pleads not guilty to four counts of murder <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/accused-georgia-spa-shooter-face-judge-four-more-murder-charges-2021-09-28/">VIEW MORE</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210928-161539/ Tue, 28 Sep 2021 16:15:38 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210928-161539/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/09/announcing-new-patch-reward-program-for.html">Announcing New Patch Reward Program for Tsunami Security Scanner</a><br></p> <hr> Posted by Guoli Ma, Sebastian Lekies & Claudio Criscione, Google Vulnerability Management Team One year ago, we <a rel="noreferrer" target="_blank" href="https://opensource.googleblog.com/2020/06/tsunami-extensible-network-scanning.html">published</a> the <a rel="noreferrer" target="_blank" href="https://github.com/google/tsunami-security-scanner">Tsunami security scanner</a> with the goal of detecting high severity, actively exploited vulnerabilities with high confidence. In the last several months, the Tsunami scanner team has been working closely with our vulnerability rewards program, <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/about">Bug Hunters</a> , to further improve Tsunami's security detection capabilities. Today, we are announcing a new experimental Patch Reward Program for the Tsunami project. Participants in the program will receive patch rewards for providing novel Tsunami detection plugins and web application fingerprints. We hope this program will allow us to quickly extend the detection capabilities of the scanner to better benefit our users and uncover more vulnerabilities in their network infrastructure. For this launch, we will accept two types of contributions:<br> Vulnerability detection plugins: In order to expand Tsunami scanner's detection capabilities, we encourage everyone who is interested in making contributions to this project to add new vulnerabilities detection plugins. All plugin contributions will be reviewed by our panel members in Google's Vulnerability Management team and the reward amount will be determined by the severity as well as the time sensitivity of the vulnerability.<br> Web application fingerprints: Several months ago, we added new web application fingerprinting capabilities to Tsunami that detect popular off-the-shelf web applications. It achieves this goal by matching application fingerprints against a database of known web application fingerprints. More fingerprint data is needed for this approach to support more web applications. You will be rewarded with a flat amount for each application added to the database.<br> As with other Security Reward Programs, rewards can be donated to charity—and we'll double your donation if you choose to do so. We'll run this program in iterations so that everyone interested has the opportunity to participate. To learn more about this program, please check out our <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/about/rules/4928084514701312">official rules and guidelines</a> . And if you have any questions or suggestions for the program, feel free to contact us at <a rel="noreferrer" target="_blank" href="mailto:tsunami-patch-rewards@google.com">tsunami-patch-rewards@google.com</a> .<br> https://www.whatsupup.com/blog/nuncle/haw/20210928-121339/ Tue, 28 Sep 2021 12:13:39 +0000 https://www.whatsupup.com/blog/nuncle/haw/20210928-121339/ <p>args : ["-c", "while true; do veneur-emit -hostport udp://localhost:8126 -name 'my.test.timer' -timing '100ms'; sleep 10; done"]<br></p> <ul> <li>containerPort : 8126<br> port : 8127<br> value : " 0.0.0.0:8127 "<br> value : " http://veneur-global:8127 "<br> targetPort : 8126<br></li> </ul> https://www.whatsupup.com/blog/boxed/modification/20210928-121308/ Tue, 28 Sep 2021 12:13:08 +0000 https://www.whatsupup.com/blog/boxed/modification/20210928-121308/ My lovely wife and I have just moved house, and while boxing up the contents of my desk I ran across physical paper copies of two weakly themed crosswords I made in 2011. Might as well immortalize them in the digital realm…<br> Field-testing P2266 “Simpler Implicit Move”<br> A few months ago, Matheus Izvekov implemented my WG21 proposal <a rel="noreferrer" target="_blank" href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2021/p2266r1.html">P2266 “Simpler Implicit Move”</a> in Clang. As of Clang 13, it’s enabled by default under<br> We’ve received some feedback from the field already (leading up to the Clang 13 release). Here are the punch lines as far as I can recall. These examples will all appear in P2266R2, whenever I get around to submitting it.<br> ; see <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">“What is the std::swap two-step?”</a> (2020-07-11). But look at all these wrong things you can try! …<br> In my CppCon 2018 talk <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=CXn02MPkn8Y">“Concepts As She Is Spoke,”</a> I presented some pitfalls in<br> In Bjarne Stroustrup’s paper <a rel="noreferrer" target="_blank" href="https://www.stroustrup.com/good_concepts.pdf">P0557R1 “Concepts: The Future of Generic Programming”</a> (January 2017), section 6 is titled “Concept Overloading,” which Stroustrup distinguishes from the traditional approach “using helper functions and tag dispatch.” More subtly, Stroustrup seems to distinguish between true “overloading” (asking the compiler to resolve among multiple viable overloads) and other means of giving-two-things-the-same-name:<br> A few weeks ago, I read René Daumal’s <a rel="noreferrer" target="_blank" href="https://archive.org/details/nightofseriousd000daum/">A Night of Serious Drinking</a> (published as La grande beuverie 1938; translated by David Coward and E.A. Lovatt 1979). I recommend it; it’s a fun and erudite satire — sort of a less political Gulliver’s Travels or a less bitter <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Jurgen,_A_Comedy_of_Justice">Jurgen</a> . At times it made me think, “This is clearly an allegory… but of what?” and at other times “Is he satirizing bad scientists, bad writers, bad artists? or all scientists, all writers, all artists?”<br> C++ On Sea 2021 schedule announced<br> The schedule for C++ on Sea 2021 has been announced! The “conference day” involves two tracks of five talks each, plus a keynote by Barbara Geller and Ansel Sermersheim. The two “workshop days” offer… well, you should sign up for my own two-day training class, at which point the other offerings are moot. But, just for the record, the two available two-day classes are:<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2021/05/19/after-you-no-after-you/">“A metaprogramming puzzle: Overly interoperable libraries”</a> (2021-05-19)<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2021/05/22/after-you-part-two/">“Overly interoperable libraries, part 2”</a> (2021-05-22)<br> I continue participating in <a rel="noreferrer" target="_blank" href="https://www.meetup.com/theartofcomputerprogramming/">Zartaj Majeed’s book club</a> on Knuth’s The Art of Computer Programming , previously mentioned in <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/12/13/bubblesort-rocksort-shakersort/">“Bubblesort, rocksort, cocktail-shaker sort”</a> (2020-12-13). The past couple of weeks, we’ve been looking at section 5.2.3, “Sorting by selection,” in which the problem of repeatedly selecting the max element leads Knuth to investigate priority queues.<br> https://www.whatsupup.com/blog/beautifying/hagriding/20210928-082045/ Tue, 28 Sep 2021 08:20:45 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20210928-082045/ <p>415-436-9333 ext 175<br></p> <hr> Section 230, a key law protecting free speech online since its passage in 1996, has been the subject of <a rel="noreferrer" target="_blank" href="https://www.eff.org/document/earn-it-act">numerous</a> <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2020/07/pact-act-not-solution-problem-harmful-online-content">legislative</a> <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2020/10/online-content-policy-modernization-act-unconstitutional-mess">assaults</a> over the past few years. The attacks have come from all sides. One of the latest, the SAFE Tech Act, seeks to address real problems...<br> At noon on January 20, 2021, Joseph R. Biden, Jr. was sworn in as the 46th President of the United States, and he and his staff took over the business of running the country.The tradition of a peaceful transfer of power is as old as the United States itself. But...<br> On March 15, 2020, Section 215 of the PATRIOT Act—a surveillance law <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2020/02/reform-or-expire">with a rich history of government overreach and abuse</a> —expired due to its sunset clause. Along with two other PATRIOT Act provisions, Section 215 lapsed after lawmakers failed to reach an agreement on a broader set of reforms...<br> Recently, EFF joined the Center for Democracy and Technology (CDT) and 26 other organizations to send a <a rel="noreferrer" target="_blank" href="https://cdt.org/wp-content/uploads/2020/09/Civil-Society-Coalition-Letter-EARN-IT-Act-9.15.20.pdf">letter</a> to the Senate opposing the EARN IT Act (S. 3398), asking that the Senate oppose fast tracking the bill, and to vote NO on passage of the bill.As we have ...<br> <hr> On March 15, 2020, Section 215 of the PATRIOT Act—a surveillance law <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2020/02/reform-or-expire">with a rich history of government overreach and abuse</a> —expired. Along with two other PATRIOT Act provisions, Section 215 lapsed after lawmakers failed to reach an agreement on a broader set of reforms to the Foreign Intelligence Surveillance...<br> <hr> https://www.whatsupup.com/blog/steeplejack/garrote/20210928-082044/ Tue, 28 Sep 2021 08:20:44 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20210928-082044/ Recent attacks on encryption have diverged. On the one hand, we’ve seen Attorney General William Barr call for “lawful access” to encrypted communications, <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Crypto_Wars">using arguments that have barely changed since the 1990’s</a> . But we’ve also seen <a rel="noreferrer" target="_blank" href="https://www.eff.org/deeplinks/2019/09/carnegie-experts-should-know-defending-encryption-isnt-absolutist-position">suggestions from a different set of actors for more purportedly “reasonable” interventions</a> ,…<br> <a rel="noreferrer" target="_blank" href="https://certbot.eff.org/">Certbot</a> has a brand new website! Today we’ve launched a major update that will help Certbot’s users get started even more quickly and easily.Certbot is a free, open source software tool for enabling HTTPS on manually-administered websites, by automatically deploying Let’s Encrypt certificates. Since we introduced it in 2016,…<br></p> <hr> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210928-081904/ Tue, 28 Sep 2021 08:19:04 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210928-081904/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133459_audi-grandsphere-concept-ev-rethinks-sedans-from-the-inside-out">Audi Grandsphere concept EV rethinks sedans from the inside out</a> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001004_bengt-halvorson">Bengt Halvorson</a> September 2, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001004_bengt-halvorson">Bengt Halvorson</a> April 6, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1129180_hyundai-creates-ioniq-ev-brand-crossover-sedan-and-suv-all-coming-by-2024">Hyundai creates Ioniq EV brand: Crossover, sedan, and SUV all coming by 2024</a><br></p> <hr> The Audi Q4 E-Tron lineup will offer a choice between SUV and Sportback body styles when it goes on sale in 2021.<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1126828_cruise-origin-previews-a-future-that-takes-the-driver-out-of-electric-ride-hailing">Cruise Origin previews a future that takes the driver out of electric ride hailing</a> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001004_bengt-halvorson">Bengt Halvorson</a> January 22, 2020<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1126380_first-drive-review-2020-porsche-taycan-4s-drifts-into-a-thrilling-future">First drive review: 2020 Porsche Taycan 4S drifts into a thrilling future</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1125406_first-drive-review-2020-audi-a8-plug-in-hybrid-reflects-new-priorities">First drive review: 2020 Audi A8 plug-in hybrid reflects new priorities</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1124907_2020-porsche-taycan-electric-car-6-more-tech-tidbits">2020 Porsche Taycan electric car: 6 more tech tidbits</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1124888_2020-porsche-taycan-first-ride-review-high-voltage-power-line">2020 Porsche Taycan first ride: High-voltage power line</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1124634_2020-porsche-cayenne-turbo-s-e-hybrid-preview-drive">Preview drive: 2020 Porsche Cayenne Turbo S E-Hybrid is a stealth fighter for the family</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1123694_first-drive-review-2020-ford-explorer-st-dances-with-the-family-and-its-a-ball">First drive review: 2020 Ford Explorer ST dances with the family, and it's a ball</a> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001004_bengt-halvorson">Bengt Halvorson</a> June 20, 2019<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1120361_2019-audi-e-tron-quattro-first-drive-review-a-new-normal-for-electric-luxury">2019 Audi e-tron quattro first drive review: A new normal for electric luxury</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1104662_4-features-in-the-2017-volvo-s90-v90-that-could-make-you-a-safer-driver">4 features in the 2017 Volvo S90/V90 that could make you a safer driver</a><br> <hr> Volvo’s all-new 2017 S90 sedan and upcoming 2018 V90 wagon, like the XC90 crossover introduced this past year, are packed with safety technology. If you’re familiar with Volvo’s reputation, that’s probably no surprise. Volvo has been at the forefront in occupant safety for...<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1104663_2018-volvo-v90-first-drive-review">2018 Volvo V90 first drive review</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1104437_2017-volvo-s90-first-drive-review">2017 Volvo S90 first drive review</a> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001004_bengt-halvorson">Bengt Halvorson</a> June 13, 2016<br> With Volvo’s most recent products, including the 2017 Volvo S90 sedan and upcoming 2018 V90 wagon, the Swedish automaker is wholly embracing its Scandinavian roots.<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1103739_2016-bmw-x5-xdrive40e-first-drive-review">2016 BMW X5 xDrive40e first drive review</a><br> <hr> The 2016 BMW X5 xDrive40e—that’s the new plug-in hybrid version of the X5 sport-utility vehicle—is going to draw you in with its numbers: 0-60 mph in 6.5 seconds; 14 miles in all-electric mode; 24 mpg combined. The numbers add up to an alluring (and image-greening) idea: that you...<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1103579_2016-bmw-x1-first-drive-review">2016 BMW X1 first drive review</a><br> <hr> The new 2016 BMW X1 is, for the most part, a very good car. Yet there’s a big asterisk to this: It just doesn’t feel much like a BMW. In this age when executives and product planners wax poetic about preserving the “brand DNA”—seemingly to no end—this feels like...<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1103484_2017-mercedes-benz-slc-first-drive-review">2017 Mercedes-Benz SLC first drive review</a><br> <hr> Roadsters like the 2017 Mercedes-Benz SLC aren’t exactly in vogue right now. The Honda S2000 faded away a few years ago. BMW Z4 sales have fizzled to levels far below those of the more expensive 6-Series Convertible. Porsche’s pushed the Boxster upmarket. And the only bright spot on the...<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1103369_2017-mercedes-benz-s-class-cabriolet-first-drive-review">2017 Mercedes-Benz S-Class Cabriolet first drive review</a><br> <hr> Talk up the feel of the wind in your hair and the natural high of sunshine as you will; but in the world of convertibles, there are those that cruise the scene, and there are those that help make the scene. The 2017 S-Class Cabriolet lineup is without question in the latter group. It’s a true...<br> https://www.whatsupup.com/blog/effete/washstand/20210928-081903/ Tue, 28 Sep 2021 08:19:03 +0000 https://www.whatsupup.com/blog/effete/washstand/20210928-081903/ <p><a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-podcasts-are-my-new-wikipedia-the-perfect-41/">Why Podcasts Are My New Wikipedia —the  Perfect Informal Learning Resource Sept. 9, 2021 · In this article, I explain why podcasts replaced a lot of my Wikipedia usage for informal learning. I also talk about how I listen to five-plus hours of podcasts every day! Read more…</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-evaluate-a-3rd-party-restful-api-47/">How to evaluate a 3rd party RESTful API? March 2, 2021 · 1, To build or to buy? 2, Can this API provide features you need? 3, Is this API stable and scalable? 4, How easy can you talk to a real human employee of this API vendor? Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-i-accidentally-built-a-podcast-api-business-46/">How I accidentally built a Podcast API business Dec. 6, 2020 · In this article, I’ll share with you the journey of building this API business, the technology behind it, and hopefully you can learn one thing or two and build your own API business in the future. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/what-is-listen-notes-why-does-listen-notes-need-45/">What is Listen Notes? Why does Listen Notes need to make money? Oct. 2, 2020 · Essentially, Listen Notes is an independent podcast database that has three UIs (User Interface) to access the data. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/numbers-of-tech-companies-when-they-were-small-42/">Numbers of tech companies when they were small May 8, 2020 · This is a blog post that I wish it existed when I started my startup journey. I like collecting numbers (e.g., website traffic, domain name price, revenue…) of tech companies when they were small. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-notes-for-chrome-28/">Listen Notes for Chrome Dec. 1, 2019 · We just launched a Chrome extension! You can search podcasts / episodes right from your Chrome browser without opening ListenNotes.com. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/introducing-llamacorn-33/">Introducing Llamacorn!!! Sept. 21, 2019 · I went to Peru last month and saw Llama… After I came back, I decided to make Llama the mascot of Listen Notes. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/some-api-improvements-34/">Some API improvements May 20, 2019 · Better documentation. Better performance. Bigger thumbnail images. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-submit-a-new-podcast-to-listen-notes-38/">How to submit a new podcast to Listen Notes database April 9, 2019 · If you are a podcaster or you are a podcast hosting service, you may want to submit new podcasts to Listen Notes database. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-api-v2-simple-pricing-same-endpoints-39/">Listen API v2: simple pricing & same endpoints March 27, 2019 · We just launched a new(-ish) version of Listen API. We call it “Listen API v2”. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/good-enough-engineering-to-start-an-internet-27/">Good enough engineering to start an Internet company March 11, 2019 · I gave a guest lecture in an undergraduate software engineering class (CSCE431) at Texas A&M University a few days ago. Now I’ve turned this lecture into a blog post here, and hopefully some people on the Internet will find this useful. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-explorer-get-similar-podcasts-40/">Listen Explorer: Get similar podcasts Jan. 22, 2019 · The idea is simple: You pick a few podcasts, and you’ll get recommendations for similar podcasts. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-real-time-like-google-analytics-real-time-37/">Listen Real-Time: Like Google Analytics Real-Time, but for podcast episodes Dec. 30, 2018 · Everyone’s saying “podcast discovery is broken”. Okay, here’s another way to discover podcasts — Check out what other people are listening to right now. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/just-listentm-a-simple-podcast-app-for-the-99-36/">Just Listen™: A simple podcast app for the 99% Dec. 20, 2018 · A very simple & very opinionated podcast app from Listen Notes: Just Listen™!! Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-import-opml-to-a-podcast-app-on-ios-android-35/">How to import OPML to a podcast app on iOS / Android? Sept. 14, 2018 · An OPML file allows you to transfer your podcast subscriptions between podcast apps without manually subscribing to each podcast. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-a-standalone-podcast-search-engine-website-32/">Why a standalone podcast search engine website? June 29, 2018 · Why Listen Notes is a podcast search engine website? Not an app? Not a podcast player? Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-listen-notes-doesnt-allow-users-to-review-31/">Why Listen Notes doesn’t allow users to review podcasts? May 14, 2018 · There are ideas that sound wonderful, on paper. Allowing users to review podcasts is such an idea. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/postmortem-on-apr-22-2018-outage-30/">Postmortem on Apr 22, 2018 outage April 26, 2018 · On Apr 22, 2018, Listen Notes website was down for ~4 hours and I lost 10 hours production data. This is the biggest outage since I launched Listen Notes as a side project last year. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/the-boring-technology-behind-a-one-person-23/">The boring technology behind a one-person Internet company Jan. 24, 2018 · The tech stack of Listen Notes, the best podcast search engine and database. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/my-y-combinator-interview-experience-w18-22/">My Y Combinator interview experience (W18) Jan. 12, 2018 · I want to be transparent on the process of building Listen Notes, as a product and as a company. If eventually I declare failure of this startup thing, these written documents may still benefit people who come from Google search :) Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-later-tm-is-like-instapaper-or-pocket-but-29/">Listen Later ™ is like Instapaper or Pocket, but for podcasts! Dec. 19, 2017 · I just built a simple feature, called Listen Later. You can tell what it is from the name :) Yes, it’s like “Watch Later” on YouTube or “Read Later” on Pocket. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-do-people-use-listen-notes-26/">How do people use Listen Notes? Nov. 12, 2017 · I’ve got a bunch of emails from Listen Notes users. Now I have a better understanding what people use Listen Notes for. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/migrating-listen-notes-servers-to-aws-25/">Migrating Listen Notes servers to AWS Oct. 28, 2017 · Well, Listen Notes was a side project of mine. I run all my side projects on Digital Ocean, because it’s cheap & convenient to set up. I decided to migrate the whole backend infrastructure to AWS. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/podcast-in-2017-is-just-like-web-in-1997-24/">Podcast in 2017 is just like Web in 1997 Oct. 9, 2017 · Podcast in 2017 & web in 1997 are similar in three aspects: number of users, ad spendings, and contents. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/how-to-use-listen-notes-from-chrome-address-bar-21/">How to use Listen Notes from Chrome address bar? Oct. 3, 2017 · Click “Add” in the “Other search engines” section. Fill these three things. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/listen-notes-20-laying-the-foundation-of-future-20/">Listen Notes 2.0: laying the foundation of future fast iteration Sept. 27, 2017 · Last week was the first time that I got a chance to work on my projects full-time. It was a very productive week. So, here comes Listen Notes 2.0. Read more...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/whats-next-for-listen-notes-19/">What’s next for Listen Notes? Sept. 20, 2017 · The very first official Listen Notes blog post! We used to have a mini-roadmap :) Read more...</a><br> https://www.whatsupup.com/blog/lienholder/alcoholism/20210928-081851/ Tue, 28 Sep 2021 08:18:50 +0000 https://www.whatsupup.com/blog/lienholder/alcoholism/20210928-081851/ <p>2004 / <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2004/03.html">03</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2004/04.html">04</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2004/05.html">05</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2004/06.html">06</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2004/07.html">07</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2004/08.html">08</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2004/09.html">09</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2004/10.html">10</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2004/11.html">11</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2004/12.html">12</a><br> 2005 / <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2005/01.html">01</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2005/02.html">02</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2005/03.html">03</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2005/04.html">04</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2005/05.html">05</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2005/06.html">06</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2005/07.html">07</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2005/08.html">08</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2005/09.html">09</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2005/10.html">10</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2005/11.html">11</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2005/12.html">12</a><br> 2008 / <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2008/01.html">01</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2008/02.html">02</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2008/03.html">03</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2008/04.html">04</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2008/05.html">05</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2008/06.html">06</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2008/07.html">07</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2008/08.html">08</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2008/09.html">09</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2008/11.html">11</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2008/12.html">12</a><br> 2009 / <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2009/01.html">01</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2009/02.html">02</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2009/03.html">03</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2009/04.html">04</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2009/05.html">05</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2009/07.html">07</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2009/08.html">08</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2009/09.html">09</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2009/12.html">12</a><br> 2010 / <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2010/02.html">02</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2010/03.html">03</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2010/08.html">08</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2010/09.html">09</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2010/10.html">10</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2010/11.html">11</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2010/12.html">12</a><br> 2011 / <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2011/01.html">01</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2011/02.html">02</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2011/04.html">04</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2011/12.html">12</a><br> 2012 / <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2012/02.html">02</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2012/08.html">08</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2012/12.html">12</a><br> 2015 / <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2015/02.html">02</a> <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2015/12.html">12</a><br> 2021 / <a rel="noreferrer" target="_blank" href="https://leahneukirchen.org/archive/2021/01.html">01</a><br></p> <hr> 20jan2021 ·<br> <hr> Unfortunately, most of these things are on websites taken down already, so this post will refer to pages on the Internet Archive extensively. [Update 2020-01-16: His son Joe Tilbrook sent me a mail stating that <a rel="noreferrer" target="_blank" href="http://qef.com/">http://qef.com/</a> is up again.]<br> <hr> Around 2016, I swooped a copy of Caltech qed from USENIX tape 80.1 and tried making it work on modern platforms, with moderate success. Thanks to <a rel="noreferrer" target="_blank" href="https://inbox.vuxu.org/tuhs/201810070607.w9767Xrl014901@freefriends.org/">efforts by Arnold Robbins</a> there is now an <a rel="noreferrer" target="_blank" href="https://github.com/arnoldrobbins/qed-archive">QED Archive</a> which also features a copy of 1992 QED from Toronto, which contains contributions by Tom Duff, Robert Pike, Hugh Redelmeier and David Tilbrook. If you want to run it yourself, there is a <a rel="noreferrer" target="_blank" href="https://github.com/phonologus/QED">modernized, UTF-8 aware version</a> available now!<br> <hr> David’s opus magnum was a suite of tools called QEF, quod erat faciendum . Euclid wrote this at the end of geometric constructions, and in a software sense, we want a build system to produce what was to be made . At its time of creation, David was responsible for maintaining a (for the time) large system, essentially a Unix distribution. Tooling was stuck in the era of 1977’s make(1). For the details and basic ideas, see Tilbrook and Place (1986), <a rel="noreferrer" target="_blank" href="https://grosskurth.ca/bib/1986/tilbrook.html">“Tools for the Maintenance and Installation of a Large Software Distribution”</a> (Huge thanks to Alan Grosskurth for making a copy available.) My favorite footnote is the one about their Prolog prototype of a build system: “Is the cray free? I need to reinstall /bin/true!”<br> <hr> The <a rel="noreferrer" target="_blank" href="https://web.archive.org/web/19990418032541/http://www.iptweb.com/tools/stdprod/qef/qefwhite.html">QEF whitepaper</a> from 1996 explains the system at a more developed state.<br> What is intriguing is that the whole toolkit is created in classic Unix manner from <a rel="noreferrer" target="_blank" href="https://web.archive.org/web/20120213160026/http://www.qef.com/html/toolsdesc.html">small tools</a> and <a rel="noreferrer" target="_blank" href="https://web.archive.org/web/20080511194411/http://www.qef.com/sixlangs/sixlangs.html">little languages</a> . I acquired an evaluation copy of QEF in 2015, but sadly it had no copy of QED included. However, I could read the full manpages for many of his tools.<br> <hr> case the same way, but modulo 5.<br> <hr> 24dec2020 ·<br> <hr> — Bo-hohoho-ne (@theonebean) <a rel="noreferrer" target="_blank" href="https://twitter.com/theonebean/status/1340663494304215040?ref_src=twsrc%5Etfw">December 20, 2020</a><br> <hr> 23oct2020 ·<br> <hr> I was mostly familiar with the Incompatible Timesharing System (ITS) of MIT (written for a PDP-6, later on a PDP-10), due to its leakage of concepts and culture into Lisp Machines and the GNU project. And of course, Berkeley is known for developments around Unix in the late seventies which then turned into BSD. However, I had only remotely heard of WAITS, the operating system used at the Stanford Artificial Intelligence Laboratory, which first ran on a PDP-6, and later on a PDP-10. Initial development was a based on the standard DEC monitor (“kernel”). [2020-10-26: Rich Anderson points out that it was not based on TOPS-10, but rather a spinoff.]<br> <hr> I think the record-oriented file system of WAITS was actually key to support editing big files in this environment. Other systems at the time did not support this as well: Unix ed loaded the whole file into memory [2020-10-25: as Eric Fisher points out, ed uses a temporary file to keep blocks if the buffer reaches a certain size] and wrote it out again, and Unix consists of many small files not larger than 1000 lines. On ITS, the only bigger files I could find were assembled from other inputs, or mail archives which were only read or appended to, but not modified inside.<br> <hr> c062c7589<br> <hr> 01jun2020 ·<br> <hr> 11may2020 ·<br> <hr> I have been using Emacs since 2001, any only really learned Vim in 2007. Of course, I did quick admin edit tasks with it before, but in 2007 I had a small job where I had to develop on machines across the ocean, with only<br> <hr> didn’t exist yet), efficient use of Vim was essential. After the summer of 2007, I was fairly familiar with Vim. I still use Emacs for my main editing and programming tasks, but on remote machines and for small edit tasks I primarily use Vim.<br> <hr> For quite some time—as my research will show, March 2016—, I have been annoyed by a directory named<br> <hr> runit,1 `-sh,30996 -c urxvt `-urxvt,30997 `-zsh,30998 `-zsh,31055 `-mkdir,31058 /home/leah/bin/mkdir --help `-pstree,31060 -sap 31058<br> <hr> . I added it in 2013. Even before I added the<br> <hr> flag in 2016.<br> <hr> 26apr2020 ·<br> <hr> I wondered if a Forth with fewer than these 5 words can still be complete, and a bit of research turned up <a rel="noreferrer" target="_blank" href="https://github.com/larsbrinkhoff/forth-documents/blob/master/V%C3%A4gen%20mot%20en%20minimal%20Forth%20arkitektur.pdf">a paper by Mikael Patel</a> from 1990. It’s written in Swedish, but we can figure out the essentials from page 4:<br> <hr> # du --apparent-size -shc /opt/texlive/20* 4.9G /opt/texlive/2017 5.5G /opt/texlive/2018 6.2G /opt/texlive/2019 6.2G /opt/texlive/2020<br> <hr> 6.6G /opt/texlive/2020<br> <hr> 4.2G /opt/texlive/2017 4.7G /opt/texlive/2018 5.3G /opt/texlive/2019 5.3G /opt/texlive/2020 20G total<br> <hr> # jdupes -r -m /opt/texlive/20* Scanning: 729045 files, 53145 items (in 4 specified) 467364 duplicate files (in 208444 sets), occupying 13469 MB<br> <hr> # du -shc /opt/texlive/20{20..17} 5.2G /opt/texlive/2020 672M /opt/texlive/2019 1.5G /opt/texlive/2018 1.1G /opt/texlive/2017 8.4G total<br> So you can keep around TeX Live 2019 at the cost of 12% it’s original size, and even older versions for less than 25%.<br> <hr> 18mar2020 ·<br> <hr> Last Sunday, we had local elections in Bavaria, and somehow I got nerd-sniped into looking at the proportional representation method that is being used now as of 2020, which is the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Webster/Sainte-Lagu%C3%AB_method">Sainte-Laguë method</a> .<br> <hr> v: 10400 3400 6200 s: 15<br> <hr> v % 0.5 20800 6800 12400f v % 1.5 6933.333 2266.667 4133.333 <p>(v%)'.5+!s 20800 6800 12400 6933.333 2266.667 4133.333 4160 1360 2480 2971.429 971.4286 1771.429 2311.111 755.5556 1377.778 1890.909 618.1818 1127.273 1600 523.0769 953.8462 1386.667 453.3333 826.6667 1223.529 400 729.4118 …<br></p> <hr> ,/r 20800 6800 12400 6933.333 2266.667 4133.333 4160 1360 2480 2971.429 ...<br> <hr> ^,/r 234.4828 251.8519 272 295.6522 323.8095 357.8947 400 427.5862 453.3333 ...<br> <hr> |^,/r 20800 12400 6933.333 6800 4160 4133.333 2971.429 2480 2311.111 2266.667 ...<br> <hr> s#|^,/r 20800 12400 6933.333 6800 4160 4133.333 2971.429 2480 2311.111 2266.667 1890.909 1771.429 1600 1386.667 1377.778<br> <hr> x:681 v%x 7.63583 2.496329 4.552129<br> <hr> v: 9983378 11756412 1007445 1559070 8878524 1419438 1597499 1318396 395847 273557 86275 142051 339665 247453 528617 732056 120877 s: 80 +/s>(#v)^<>,/(v%)'.5+!s 20 23 2 3 18 3 3 3 1 1 0 0 1 0 1 1 0<br> <hr> For funsies (and because I’m pretty bored), we can contrast the new election algorithm with the previous ones. At the 2014 election, the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Largest_remainder_method">Hare/Niemeyer method</a> was used. Here’s the code, perhaps you can figure it out:<br> <hr> This yields the same result as Sainte-Laguë for this election. There is still a significant difference between these methods: if we compute how many more votes mut would have needed to get a seat, it’s 6220 additional votes with Sainte-Laguë, but 26105 with Hare/Niemeyer!<br> Until 2010, the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/D%27Hondt_method">d’Hondt method</a> was used. Here, we just have to tweak the<br> <hr> Copyright © 2004–2021 <a rel="noreferrer" target="_blank" href="mailto:leah@vuxu.org">Leah Neukirchen</a><br> <hr> https://www.whatsupup.com/blog/gigabit/polenta/20210928-081836/ Tue, 28 Sep 2021 08:18:36 +0000 https://www.whatsupup.com/blog/gigabit/polenta/20210928-081836/ <p>May 1, 2019<br> Feb 8, 2016<br> Aug 26, 2015<br> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/multiplane-camera">During a recent trip to the Disney Museum in San Francisco, I became immediately fascinated by the multiplane camera that was on display there. The gigantic machine represents so much of what I find inspiring in graphics and technology. It is fun to get lost in thought, imagining what the modern equivalent of the multiplane camera might be and how to foster the intersection of art and technology from which the multiplane camera emerged. The multiplane camera was invented in 1933 by famous Disney animator/director Ub Iwerks. It worked by enabling animators to position their layers of acetate animation cels at varying distances and offsets in a vertical column. They could then shoot a camera downward to compose the cels into a single frame. While animators had been using acetate celluloid frames composited over painted mattes for decades prior, the technical effects that the multiplane…</a><br></p> <hr> Dec 21, 2012<br> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/investors">When I was going through YCombinator in the summer of 2011, I felt like I was the only person in the entire class who knew nothing about taking investment. I remember distinctly when Jessica Livingston announced the $150K we would be getting from SV Angel and Start Fund. When she told us the terms, the room erupted in shouting and applause. I sat there Googling nervously, trying to understand what had just been said and wondering if I really belonged in YC at all. Being surrounded by such a select group of founders, each in varying stages of building their companies, you pick up the knowledge you need very quickly. This is the most valuable part of the 3-month YCombinator session. One piece of knowledge you learn very early on is that investors tend to have a herd mentality. What I would later realize through observation was that founders tend to as well. I remember getting the...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/cruise-ships">In July of 2010, I made the decision to leave YouTube. The first thoughts I had were “How am I going to explain this to anyone? How will I tell mom?” To my family, I had the greatest job in the world and the amount of money I was making was unfathomable. They were certainly not wrong in thinking this. Google is absolutely the best place in the world to work and they do pay very well. It certainly was not an easy decision on my part. About 4 months before, I was backpacking through Europe, stopping off in major cities to present our latest HTML5 work at the local Google offices. It was my first time really exploring a different part of the world. I met fascinating people and experienced many random adventures. I was trapped in Stockholm for 9 days due to the Icelandic ash cloud. I was a successful stowaway on a train from Copenhagen to Hamburg. I had a girlfriend break up with me during...</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210928-081831/ Tue, 28 Sep 2021 08:18:31 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210928-081831/ Posted on <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/23/swarm-preview-and-call-for-collaboration/">September 23, 2021</a> by <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/author/byorgey/">Brent</a><br> The first insight is that we can transform this into the classic problem of finding the maximum sum subarray (also known as the maximum segment sum ; either way I will abbreviate it as MSS) in two steps: first, turn each red cell into a 1, and each blue into -1. The sum of a segment then tells us how many more red than blue cells there are. Now, we actually want the biggest absolute difference between red and blue; but if we have an algorithm to find the MSS we can just run it twice: once to find the maximum excess of red over blue, and again with 1 and -1 flipped to find the maximum excess of blue over red.<br> <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Maximum_subarray_problem#Kadane's_algorithm">Kadane’s algorithm</a> , first proposed by <a rel="noreferrer" target="_blank" href="http://www.stat.cmu.edu/~kadane/">Jay Kadane</a> sometime in the late 1970s, is a linear-time algorithm for solving the MSS problem. It is actually quite simple to implement (the tricky part is understanding why it works!).<br> was first published in 2007!)<br> HM> 2 + 3 2 + 3 : nat 5 HM> \x. x \x. x : forall a0. a0 -> a0 HM> \x.3 \x. 3 : forall a0. a0 -> nat HM> \x. x + 1 \x. x + 1 : nat -> nat HM> (\x. 3) (\y.y) (\x. 3) (\y. y) : nat 3 HM> \x. y Unbound variable y HM> \x. x x Infinite type u0 = u0 -> u1 HM> 3 3 Can't unify nat and nat -> u0 HM> let foo : forall a. a -> a = \x.3 in foo 5 Can't unify s0 and nat HM> \f.\g.\x. f (g x) \f. \g. \x. f (g x) : forall a2 a3 a4. (a3 -> a4) -> (a2 -> a3) -> a2 -> a4 HM> let f : forall a. a -> a = \x.x in let y : forall b. b -> b -> b = \z.\q. f z in y 2 3 let f : forall a. a -> a = \x. x in let y : forall b. b -> b -> b = \z. \q. f z in y 2 3 : nat 2 HM> \y. let x : forall a. a -> a = y in x 3 \y. let x : forall a. a -> a = y in x 3 : forall s1. (s1 -> s1) -> nat HM> (\x. let y = x in y) (\z. \q. z) (\x. let y = x in y) (\z. \q. z) : forall a1 a2. a1 -> a2 -> a1<br> ). Each such person represents a potential time save of 5 minutes, all of which will be realized once the groups are all consecutive. Hence all we have to do is sum these numbers and multiply by 5. It is instructive thinking about why this works. It does not compute the actual time saved by each group, just the potential time save represented by each group. That potential time save might be realized by the group itself (if the last person in the group gets to move up) or by a different group (if someone in the group lets others go ahead of them). Ultimately, though, it does not matter how much time is saved by each group, only the total amount of time saved.<br> inSquare ( V2 x y ) = 0 < x && x < 1000 && 0 < y && y < 1000<br> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/">September 2021</a> (5)<br> https://www.whatsupup.com/blog/playacted/rededication/20210928-081759/ Tue, 28 Sep 2021 08:17:59 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210928-081759/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/09/22/technology/facebook-cto-step-down-mike-schroepfer.html">Facebook’s Chief Technology Officer to Step Down in 2022 Mike Schroepfer, who leads the company’s artificial intelligence and other technical efforts, said he planned to transition into a role as a senior fellow. By Mike Isaac</a><br></p> <hr> Sept. 22, 2021<br> Aug. 31, 2021<br> https://www.whatsupup.com/blog/barbecuing/persuadably/20210928-081731/ Tue, 28 Sep 2021 08:17:31 +0000 https://www.whatsupup.com/blog/barbecuing/persuadably/20210928-081731/ <a rel="noreferrer" target="_blank" href="https://sahillavingia.com/work">No Meetings, No Deadlines, No Full-Time Employees</a> 2021<br> <a rel="noreferrer" target="_blank" href="https://sahillavingia.com/reflecting">Reflecting on My Failure to Build a Billion-Dollar Company</a> 2019<br> <a rel="noreferrer" target="_blank" href="https://sahillavingia.com/bubble">From Bubble to Bubble</a> 2018<br> <a rel="noreferrer" target="_blank" href="https://sahillavingia.com/border">Across the Border</a> Sci-fi, 2018<br> https://www.whatsupup.com/blog/gaper/whisky/20210928-081719/ Tue, 28 Sep 2021 08:17:19 +0000 https://www.whatsupup.com/blog/gaper/whisky/20210928-081719/ September 8, 2021<br> As we’re all aware by now, we made some big platform changes at the end of 2020. Whilst the big move has happened, it’s given us a great opportunity to clear out the cupboards and closets.<br> https://www.whatsupup.com/blog/buckeroo/doubling/20210928-081719/ Tue, 28 Sep 2021 08:17:18 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210928-081719/ September 27, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/09/27/Let-distros-do-their-job.html">Developers: Let distros do their job</a><br> September 23, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/09/23/Nitter-and-other-internet-reclamation-projects.html">Nitter and other Internet reclamation projects</a><br> September 16, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/09/16/Mark-Rober-and-capitalist-manipulation.gmi">Mark Rober and the manipulation of children for profit</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> September 15, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/09/15/Status-update-September-2021.html">Status update, September 2021</a><br> September 11, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/09/11/visurf-announcement.html">visurf, a web browser based on NetSurf</a><br> August 11, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/08/11/Debugging-your-new-PL.html">Tips for debugging your new programming language</a><br> August 10, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/08/10/Apple-CSAM-scanning.html">Police to begin regular, warrant-free searches of homes for child abuse material</a><br> August 6, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/08/06/goproxy-breaks-go.html">proxy.golang.org allows many Go packages to be silently broken</a><br> August 5, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/08/05/In-praise-of-Postgres.html">In praise of PostgreSQL</a><br> July 28, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/07/28/The-next-YAML.html">My wish-list for the next YAML</a><br> July 21, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/07/21/Demon-Slayer-review.gmi">Demon Slayer: The Movie: Mugen Train review</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> July 4, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/07/04/Is-GitHub-a-derivative-work.html">Is GitHub a derivative work of GPL'd software?</a><br> July 3, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/07/03/How-does-IRC-federate.html">How does IRC's federation model compare to ActivityPub?</a><br> June 27, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/06/27/You-cant-capture-the-nuance.html">You can't capture the nuance of my form fields</a><br> June 24, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/06/24/finger-client.html">A finger client</a><br> June 14, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/06/14/Provided-as-is-without-warranty.html">Provided "as is", without warranty of any kind</a><br> June 7, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/06/07/The-Netherlands.html">I will be moving to the Netherlands</a><br> May 30, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/05/30/Come-build-your-project.html">Build your project in our new language</a><br> May 24, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/05/24/io_uring-finger-server.html">Using io_uring to make a high-performance… finger server</a><br> May 20, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/05/20/How-I-choose-a-license.gmi">How I choose a license</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> May 19, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/05/19/How-to-write-release-notes.html">How to write release notes</a><br> May 17, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/05/17/aerc-with-mbsync-postfix.html">aerc, mbsync, and postfix for maximum comfy offline email</a><br> May 14, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/05/14/Pinebook-Pro-review.html">Pinebook Pro review</a><br> May 8, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/05/08/Try-not-to-make-unlikable-software.html">I try not to make unlikable software (and features)</a><br> May 7, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/05/07/godocs.io-six-months-later.html">godocs.io six months later</a><br> May 6, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/05/06/Praise-for-Alpine-Linux.gmi">Praise for Alpine Linux</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> May 3, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/05/03/awk-is-the-coolest-tool-you-dont-know.gmi">awk is the coolest tool you don't know</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> April 26, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/04/26/Cryptocurrency-is-a-disaster.html">Cryptocurrency is an abject disaster</a><br> April 23, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/04/23/Lichess.html">Recommended read: Why Lichess will always be free</a><br> April 22, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/04/22/Our-self-hosted-parser-design.html">Parsers all the way down: writing a self-hosting parser</a><br> April 12, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/04/12/DCO.html">The Developer Certificate of Origin is a great alternative to a CLA</a><br> April 7, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/04/07/The-next-chat-app.html">What should the next chat app look like?</a><br> April 2, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/04/02/Go-is-a-great-language.html">Go is a great programming language</a><br> March 29, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/03/29/The-worlds-dumbest-IRC-bot.html">The world's stupidest IRC bot</a><br> March 23, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/03/23/Open-sourcing-video-games.html">The complete guide for open sourcing video games</a><br> March 19, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/03/19/A-new-systems-language.html">We are building a new systems programming language</a><br> March 17, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/03/17/Anime-recommendation-gatari.gmi">Anime recommendation: *Monogatari</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> March 6, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/03/06/Corporate-surveillance-murder.html">The corporate surveillance machine is killing people</a><br> March 5, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/03/05/Gemreader.gmi">Gemreader, a feed reader for Geminispace</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> March 3, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/03/03/To-make-money-in-FOSS-build-a-business.html">To make money in FOSS, build a business first</a><br> March 1, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/03/01/Celeste.gmi">Celeste</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> February 25, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/02/25/Gmail-is-a-huge-source-of-spam.html">Gmail is a huge source of spam</a><br> February 21, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/02/21/On-the-traits-of-good-replacements.html">A great alternative is rarely fatter than what it aims to replace</a><br> February 20, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/02/20/Free-gemini-hosting.gmi">Free gemini hosting on sourcehut</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> February 9, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/02/09/How-to-make-your-downstreams-happy.html">How to make your downstream users happy</a><br> January 28, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/01/28/Use-open-platforms-or-else.html">Use open platforms — or else</a><br> January 20, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/01/20/FOSS-is-to-surrender-your-monopoly.html">Open source means surrendering your monopoly over commercial exploitation</a><br> January 19, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/01/19/Elasticsearch-does-not-belong-to-Elastic.html">Elasticsearch does not belong to Elastic</a><br> January 19, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/01/19/Spooky-code-at-a-distance.html">Spooky action at a distance</a><br> January 7, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/01/07/History-will-not-remember-us-fondly.html">History will not remember us fondly</a><br> January 6, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/01/06/Invented-or-discovered.html">Was $X invented, or discovered?</a><br> January 4, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/01/04/A-culture-of-stability-and-reliability.html">Fostering a culture that values stability and reliability</a><br> January 2, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/01/02/2021-01-02-Every-commit-should-be-perfect.gmi">Every commit should be a perfect, atomic unit of change</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> January 1, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/01/01/Megacorps-are-not-your-dream-job.html">A megacorp is not your dream job</a><br> December 25, 2020 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2020/12/25/H0-H0-H0.gmi">H0 H0 H0</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> December 25, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/12/25/How-to-design-a-new-programming-language.html">How to design a new programming language from scratch</a><br> December 18, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/12/18/godocs.io.html">godocs.io is now available</a><br> December 12, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/12/12/Shell-literacy.html">Become shell literate</a><br> December 4, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/12/04/Analytics-and-informed-consent.html">Web analytics should at least meet the standards of informed consent</a><br> November 29, 2020 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2020/11/29/skytree.gmi">俺のスカイツリー旅行</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> November 20, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/11/20/A-few-ways-to-make-money-in-FOSS.html">A few ways to make money in FOSS</a><br> November 17, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/11/17/Better-than-DuckDuckGo.html">We can do better than DuckDuckGo</a><br> November 12, 2020 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2020/11/12/Copying-aint-stealing.gmi">Copying ain't stealing</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> November 10, 2020 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2020/11/10/2020-Election-worker.gmi">My experience as a poll worker in Pennsylvania</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> November 6, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/11/06/Utility-vs-usability.html">Utility vs usability</a><br> November 1, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/11/01/What-is-Gemini-anyway.html">What is this Gemini thing anyway, and why am I excited about it?</a><br> October 23, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/10/23/Im-handing-wlroots-and-sway-to-Simon.html">I'm handing over maintenance of wlroots and sway to Simon Ser</a><br> October 22, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/10/22/Firefox-the-embarassment-of-FOSS.html">Firefox: The Jewel^WEmbarassment of Open Source</a><br> October 18, 2020 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2020/10/18/New-workstation.gmi">New workstation</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> October 11, 2020 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2020/10/11/Kineto-a-gemini-proxy.gmi">Kineto: An HTTP to Gemini proxy</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> October 9, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/10/09/Four-principles-of-software-engineering.html">Four principles of software engineering</a><br> October 1, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/10/01/Spamtoberfest.html">Spamtoberfest</a><br> September 27, 2020 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2020/09/27/Gemini-and-Hugo.gmi">Gemini and Hugo</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> September 25, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/09/25/A-story-of-two-libcs.html">A tale of two libcs</a><br> September 21, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/09/21/Gemini-TOFU.html">TOFU recommendations for Gemini</a><br> September 20, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/09/20/The-potential-of-federation.html">The unrealized potential of federation</a><br> September 2, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/09/02/Linux-development-is-profoundly-distributed.html">Linux development is distributed - profoundly so</a><br> August 27, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/08/27/Microsoft-plays-their-hand.html">Embrace, extend, and finally extinguish - Microsoft plays their hand</a><br> August 24, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/08/24/Alice-in-Wonderland.html">Alice in Wonderland and the theft of the public domain</a><br> August 17, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/08/17/Engineers-solve-problems.html">Software engineers solve problems</a><br> August 13, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/08/13/Web-browsers-need-to-stop.html">Web browsers need to stop</a><br> August 10, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/08/10/How-to-contribute-to-FOSS.html">I want to contribute to your project, how do I start?</a><br> August 1, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/08/01/pkg-go-dev-sucks.html">pkg.go.dev is more concerned with Google's interests than good engineering</a><br> July 27, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/07/27/Anti-AGPL-propaganda.html">The falsehoods of anti-AGPL propaganda</a><br> July 14, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/07/14/March-2nd-1943.html">March 2nd, 1943</a><br> June 26, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/06/26/Vendor-purpose-OS.html">General-purpose OS, special-purpose OS, and now: vendor-purpose OS</a><br> June 21, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/06/21/BARE-message-encoding.html">Introducing the BARE message encoding</a><br> June 19, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/06/19/Mail-service-provider-recommendations.html">Email service provider recommendations</a><br> June 12, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/06/12/Can-we-talk-about-client-side-certs.html">Can we talk about client-side certificates?</a><br> June 6, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/06/06/Add-a-contrib-directory.html">Add a "contrib" directory to your projects</a><br> May 5, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/05/05/We-are-complicit-in-our-employers-deeds.html">We are complicit in our employer's deeds</a><br> April 22, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/04/22/How-to-store-data-forever.html">How to store data forever</a><br> April 20, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/04/20/Configuring-aerc-for-git.html">Configuring aerc for git via email</a><br> April 6, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/04/06/My-weird-branchless-git-workflow.html">My unorthodox, branchless git workflow</a><br> March 25, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/03/25/Designing-a-replacement-part-for-my-truck.html">Designing and 3D printing a new part for my truck</a><br> March 18, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/03/18/Reckless-limitless-scope.html">The reckless, infinite scope of web browsers</a><br> March 13, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/03/13/GitHub-notifications.html">GitHub's new notifications: a case of regressive design</a><br> March 7, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/03/07/Open-letter-to-Senator-Casey.html">An open letter to Senator Bob Casey on end-to-end encryption</a><br> March 3, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/03/03/Abiopause.html">The Abiopause</a><br> February 21, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/02/21/Thoughts-on-performance.html">Thoughts on performance & optimization</a><br> February 18, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/02/18/Fucking-laptops.html">Fucking laptops</a><br> February 6, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/02/06/Dependencies-and-maintainers.html">Dependencies and maintainers</a><br> January 27, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/01/27/KnightOS-was-interesting.html">KnightOS was an interesting operating system</a><br> January 21, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/01/21/Stress-and-happiness.html">The happinesses and stresses of full-time FOSS work</a><br> January 17, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/01/17/Effective-project-governance.html">A philosophy of project governance</a><br> January 8, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/01/08/Re-Slow.html">Following up on "Hello world"</a><br> January 4, 2020 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2020/01/04/Slow.html">Hello world</a><br> December 30, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/12/30/dotfiles.html">Managing my dotfiles as a git repository</a><br> December 18, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/12/18/PinePhone-review.html">PinePhone review</a><br> December 9, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/12/09/Developers-shouldnt-distribute.html">Developers shouldn't distribute their own software</a><br> November 29, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/11/29/dotorg.html">Take action to save .org and prosecute those who sold out the internet</a><br> November 26, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/11/26/Avoid-traumatic-changes.html">Software developers should avoid traumatic changes</a><br> November 20, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/11/20/China.html">China</a><br> October 30, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/10/30/Line-printer-shell-hack.html">An old-school shell hack on a line printer</a><br> October 12, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/10/12/how-to-fuck-up-releases.html">How to fuck up software releases</a><br> October 10, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/10/10/RaptorCS-redemption.html">RaptorCS's redemption: the POWER9 machine works</a><br> October 7, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/10/07/HDCP-in-Weston.html">Why Collabora really added Digital Restrictions Management to Weston</a><br> September 23, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/09/23/RaptorCS-Blackbird-a-horror-story.html">RaptorCS POWER9 Blackbird PC review</a><br> September 17, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/09/17/The-wrong-words-but-the-right-ideas.html">Don't sacrifice the right ideas to win the right words</a><br> September 8, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/09/08/Enough-to-decide.html">How I decide between many programming languages</a><br> September 2, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/09/02/Interactive-SSH-programs.html">Building interactive SSH applications</a><br> August 19, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/08/19/Introducing-shell-access-for-builds.html">Shell access for builds.sr.ht CI</a><br> August 9, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/08/09/DRM-leasing-and-VR-for-Wayland.html">DRM leasing: VR for Wayland</a><br> July 29, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/07/29/FOSS-contributor-tracks.html">FOSS contributor tracks</a><br> July 8, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/07/08/Announcing-annotations-for-sourcehut.html">Announcing code annotations for SourceHut</a><br> July 1, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/07/01/Absence-of-features-in-IRC.html">Absence of certain features in IRC considered a feature</a><br> June 13, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/06/13/My-journey-from-MIT-to-GPL.html">My personal journey from MIT to GPL</a><br> June 3, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/06/03/Announcing-aerc-0.1.0.html">Initial pre-release of aerc: an email client for your terminal</a><br> May 24, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/05/24/What-is-a-fork.html">What is a fork, really, and how GitHub changed its meaning</a><br> May 13, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/05/13/Git-email-webcast.html">Webcast: Reviewing git & mercurial patches with email</a><br> May 6, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/05/06/Calculate-your-doation-fees-for-Patreon.html">Calculating your donation's value following Patreon's fee changes</a><br> May 1, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/05/01/Announcing-wio.html">Announcing Wio: A clone of Plan 9's Rio for Wayland</a><br> April 29, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/04/29/Shut-up-and-get-back-to-work-style.html">The "shut up and get back to work" coding style guide</a><br> April 23, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/04/23/Using-cage-for-a-seamless-RDP-Wayland-desktop.html">Using Cage for a seamless remote Wayland session</a><br> April 19, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/04/19/Your-VPN-is-a-serious-choice.html">Choosing a VPN service is a serious decision</a><br> April 15, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/04/15/Announcing-first-class-hg-support-on-sourcehut.html">Announcing first-class Mercurial support on Sourcehut</a><br> April 2, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/04/02/NewPipe-represents-the-best-of-FOSS.html">NewPipe represents the best of FOSS</a><br> March 25, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/03/25/Rust-is-not-a-good-C-replacement.html">Rust is not a good C replacement</a><br> March 11, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/03/11/Sway-1.0-released.html">Announcing the release of sway 1.0</a><br> March 4, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/03/04/sourcehut-design.html">Sourcehut's spartan approach to web design</a><br> February 25, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/02/25/Using-git-with-discipline.html">Tips for a disciplined git workflow</a><br> February 18, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/02/18/Generics-arent-ready-for-Go.html">Generics aren't ready for Go</a><br> February 10, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/02/10/Wayland-misconceptions-debunked.html">Wayland misconceptions debunked</a><br> February 5, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/02/05/FOSDEM-recap.html">My experiences at FOSDEM 2019</a><br> January 30, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/01/30/Why-I-built-sr.ht-with-Flask.html">Why I chose Flask to build sr.ht's mini-services</a><br> January 23, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/01/23/Why-I-use-old-hardware.html">Why I use old hardware</a><br> January 15, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/01/15/Im-doing-FOSS-full-time.html">I'm going to work full-time on free software</a><br> January 13, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/01/13/Backups-and-redundancy-at-sr.ht.html">Backups & redundancy at sr.ht</a><br> January 1, 2019 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2019/01/01/Patches-welcome.html">Patches welcome</a><br> December 28, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/12/28/Anatomy-of-a-shell.html">Anatomy of a shell</a><br> December 20, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/12/20/Porting-Alpine-Linux-to-RISC-V.html">Porting Alpine Linux to RISC-V</a><br> December 4, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/12/04/How-to-abandon-a-FLOSS-project.html">How to abandon a FLOSS project</a><br> November 15, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/11/15/sr.ht-general-availability.html">sr.ht, the hacker's forge, now open for public alpha</a><br> October 30, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/10/30/Its-not-okay-to-pretend-youre-open-source.html">It's not okay to pretend your software is open source</a><br> October 29, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/10/29/How-does-virtual-memory-work.html">How does virtual memory work?</a><br> October 20, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/10/20/Sway-1.0-highlights.html">Sway 1.0-beta.1 release highlights</a><br> October 8, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/10/08/Go-1.11.html">Go 1.11 got me to stop ignoring Go</a><br> October 5, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/10/05/Dont-sign-a-CLA.html">Don't sign a CLA</a><br> September 30, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/09/30/Sway-wlroots-at-XDC-2018.html">Sway & wlroots at XDC 2018</a><br> September 10, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/09/10/Getting-started-with-qemu.html">Getting started with qemu</a><br> September 4, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/09/04/Conservative-web-development.html">Conservative web development</a><br> August 26, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/08/26/Self-hosted-livestreaming.html">How to make a self-hosted video livestream</a><br> August 22, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/08/22/Commons-clause-will-destroy-open-source.html">The Commons Clause will destroy open source</a><br> August 8, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/08/08/Signal.html">I don't trust Signal</a><br> August 5, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/08/05/Local-mail-server.html">Setting up a local dev mail server</a><br> July 29, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/07/29/Wayland-shells.html">Writing a Wayland compositor with wlroots: shells</a><br> July 23, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/07/23/Git-is-already-distributed.html">Git is already federated & decentralized</a><br> July 17, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/07/17/Input-handling-in-wlroots.html">Input handling in wlroots</a><br> July 9, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/07/09/Simple-correct-fast.html">Simple, correct, fast: in that order</a><br> July 2, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/07/02/Email-driven-git.html">The advantages of an email-driven git workflow</a><br> June 27, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/06/27/My-lets-encrypt-setup.html">A quick review of my Let's Encrypt setup</a><br> June 5, 2018 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2018/06/05/Should-you-move-to-sr.ht.html">Should you move …</a> https://www.whatsupup.com/blog/audiometry/cottony/20210928-081719/ Tue, 28 Sep 2021 08:17:18 +0000 https://www.whatsupup.com/blog/audiometry/cottony/20210928-081719/ Saturday, January 16, 2021<br> <a rel="noreferrer" target="_blank" href="https://amzn.to/2LFekQf">Bread knife</a> .  We'll get to the slicing part later, but get yourself an awesome bread knife.  I'm a big fan of the <a rel="noreferrer" target="_blank" href="https://amzn.to/3oQOqrh">Miyabi series</a> , but if that's too pricey ($300), here's a <a rel="noreferrer" target="_blank" href="https://amzn.to/2LFekQf">great knife</a> for $30.<br> The Spring launch of the Apex 20a platform on March 26, 2020, marks the beginning of an exciting, new era of product development at <a rel="noreferrer" target="_blank" href="http://apexclearing.com/">Apex Clearing</a> .  We have adopted a number of product management best practices from the software industry and adapted them to address some of the unique challenges within financial services and software-as-a-service.  In the interest of transparency, I’m pleased to share our new processes, what we’ve learned along the way, and where we’re headed next.<br> Ubuntu, OpenStack, and Kubernetes all share similar, predictable, time-based release cycles.  Ubuntu has released every April and October, since October of 2004 – that's 32 major software platform releases, on time, every time, over 16 years.  Ubuntu has set the bar for velocity, quality, and predictability in the open source world.  OpenStack’s development processes have largely mirrored Ubuntu’s, with many of the early project leaders having been ex-Ubuntu engineers and managers.  OpenStack, too, has utilized a 6-month development cycle, since 2010, now on its 20 th release.  Kubernetes came along in 2014, and sought to increase the pace a bit, with quarterly release cycles.  Kubernetes is a little bit looser with dates than Ubuntu or OpenStack, but has generally cranked out 4 quality releases per year, over the last 6 years.  I’ve been involved in each of these projects at some level, and I’ve thoroughly enjoyed coaching a number of early stage start-ups on how to apply these principles to their product development methodologies.<br> When I arrived at Apex in September 2019 to lead the product organization, I inherited an excellent team of product and project managers, peered with high-quality engineering teams.  Products and projects, however, were managed pretty asynchronously, hence release timelines and new feature commitments were unpredictable.  Of course, I had seen this before at a number of the start-ups that I’ve advised, so the model was quite familiar.<br> Our cycles are named for the year in which it will complete (launch), and with a letter as an iterator.  In 2020, we launch Apex 20a (March), Apex 20b (July), and Apex 20c (November), and looking forward to 2021, we should see Apex 21a (March), Apex 21b (July), and Apex 21c (November).  The “c” cycles are a few extra weeks, to account for the holidays near the end of the year.  These aren’t really “versions”, as Apex is more like “software as a service”, rather than “delivered software”, like Ubuntu, OpenStack, and Kubernetes.  Also, conversationally, we're referring to the cycles with the season – so Apex 20a is our "Spring" launch, 20b will be our "Summer" launch, and 20c will be our "Autumn" launch.<br> The Planning Summit signals the end of the PRD-writing period, during which product managers worked closely with their engineering counterparts, digesting all of those product requests and priorities, and turn those into product requirements written in <a rel="noreferrer" target="_blank" href="https://www.ietf.org/rfc/rfc2119.txt">RFC2119</a> -style language (must, should, may, etc.).  At the end of that process, each Product Manager and their technical counterpart lead an hour-long session with their plan for the next cycle, including fairly detailed commitments as to the major changes we should expect to be delivered.  Our Planning Summit is about a dozen, hour long sessions, spread over three days in the same week.  We exit the Planning Summit with clear product and engineering consensus on work commitments across the product portfolio, for the upcoming cycle.  This marks the beginning of the development portion of the cycle.<br> Apex 20a launched on March 31, 2020, as our first release using the methodologies described above.  Apex clients can find detailed release notes in the <a rel="noreferrer" target="_blank" href="http://developer.apexclearing.com/">Apex Developer Portal</a> .  This cycle began with a Prioritization Summit in October 2019, a Planning Summit in November 2019, and a Mid-cycle Summit in January 2020.   This cycle involved 17-weeks of development.<br> Our work on Apex 20b is already well underway, having held our Prioritization Summit in February 2020, and we’re holding our Planning Summit this week (March 2020).  Our Mid-cycle Summit will be held in May 2020, and we will launch Apex 20b in July 2020.<br> Apex 20a is the first of many coordinated product launch cycles our customers will experience.  We’ve adapted many of the best practices utilized by the open source software industry as well as Silicon Valley, and those practices are helping us work more effectively with our tech-savvy client base.  Apex will have 3 launches in 2020 (20a, 20b, 20c), and at least 3 launches in 2021.  By openly sharing our product stages and delivering a consistent, predictable, and reliable schedule, there are now ample opportunities for both customer input and detailed review and oversight by our leaders, which culminates in secure and stable products for our industry.  We’re delighted at the engagement thus far, and really look forward to more collaboration in the future.<br> <a rel="noreferrer" target="_blank" href="javascript:void(0)">▼</a> <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/2021/">2021</a> (1)<br> <a rel="noreferrer" target="_blank" href="javascript:void(0)">►</a> <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/2020/">2020</a> (3)<br> <a rel="noreferrer" target="_blank" href="https://github.com/dustinkirkland/hollywood/issues/58#issuecomment-902832441">dustinkirkland commented on issue dustinkirkland/hollywood#58</a> - 8/20/2021<br> <a rel="noreferrer" target="_blank" href="https://github.com/dustinkirkland/petname/issues/1#issuecomment-889983462">dustinkirkland commented on issue dustinkirkland/petname#1</a> - 7/30/2021<br> <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Ubuntu">Ubuntu</a> (469) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Ubuntu-Server">Ubuntu-Server</a> (234) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Canonical">Canonical</a> (225) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/gazzang">gazzang</a> (58) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Byobu">Byobu</a> (56) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ubuntu-cloud">ubuntu-cloud</a> (53) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Cloud">Cloud</a> (48) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ecryptfs">ecryptfs</a> (46) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/video">video</a> (34) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/openstack">openstack</a> (28) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/KVM">KVM</a> (24) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Docker">Docker</a> (21) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/LXD">LXD</a> (19) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Ubuntu-Desktop">Ubuntu-Desktop</a> (16) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/LXC">LXC</a> (15) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/maas">maas</a> (15) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Bikeshed">Bikeshed</a> (13) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/google">google</a> (13) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/juju">juju</a> (13) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/security">security</a> (13) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Containers">Containers</a> (12) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/slides">slides</a> (12) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Daemon">Daemon</a> (11) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Linux">Linux</a> (9) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/QEMU">QEMU</a> (9) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/snappy">snappy</a> (9) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Austin">Austin</a> (8) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/GoogleCloud">GoogleCloud</a> (8) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Screen-Profiles">Screen-Profiles</a> (8) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Solar">Solar</a> (8) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/TLF">TLF</a> (8) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/run-one">run-one</a> (8) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Green-Computing">Green-Computing</a> (7) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Intel">Intel</a> (7) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/PowerNap">PowerNap</a> (7) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Testdrive">Testdrive</a> (7) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/aws">aws</a> (7) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/manpages">manpages</a> (7) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ztrustee">ztrustee</a> (7) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/EC2">EC2</a> (6) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Featured">Featured</a> (6) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Kubernetes">Kubernetes</a> (6) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/LCA2010">LCA2010</a> (6) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/LTS">LTS</a> (6) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/NUC">NUC</a> (6) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Travel">Travel</a> (6) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Ubuntu-Core">Ubuntu-Core</a> (6) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/encryption">encryption</a> (6) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/orangebox">orangebox</a> (6) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/orchestra">orchestra</a> (6) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ssh-import-id">ssh-import-id</a> (6) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Go">Go</a> (5) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/IoT">IoT</a> (5) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/UEC">UEC</a> (5) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/amazon">amazon</a> (5) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/arm">arm</a> (5) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ibm">ibm</a> (5) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Android">Android</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/CloudFoundry">CloudFoundry</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Entropy">Entropy</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Hacks">Hacks</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Landscape">Landscape</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/PalmPre">PalmPre</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Pictor">Pictor</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Running">Running</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/SxSW">SxSW</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Virt">Virt</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Windows">Windows</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/bootmail">bootmail</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/bug-zapping">bug-zapping</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ensemble">ensemble</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/hollywood">hollywood</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/linuxfoundation">linuxfoundation</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/microsoft">microsoft</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/power">power</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ssh">ssh</a> (4) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Eucalyptus">Eucalyptus</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/HOWTO">HOWTO</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Hiking">Hiking</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/LinuxCon">LinuxCon</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ReleaseParty">ReleaseParty</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Reviews">Reviews</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/UDS">UDS</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/VMWare">VMWare</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/aubergine">aubergine</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/azure">azure</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/dmcrypt">dmcrypt</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/dotdee">dotdee</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/fingerprints">fingerprints</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/font">font</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/gce">gce</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/gpg">gpg</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/hadoop">hadoop</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/keep-one-running">keep-one-running</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/kernel">kernel</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/keymanagement">keymanagement</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/meetup">meetup</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/overlayroot">overlayroot</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/podcast">podcast</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/s390x">s390x</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/tmux">tmux</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/update-motd">update-motd</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/zescrow">zescrow</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/zfs">zfs</a> (3) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Audacity">Audacity</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Classroom">Classroom</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Debian">Debian</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Family">Family</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/LWN">LWN</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Libvirt">Libvirt</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Netflix">Netflix</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Patents">Patents</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/PetName">PetName</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Pollen">Pollen</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/QEMU-KVM">QEMU-KVM</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Scotland">Scotland</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Screen">Screen</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Smplayer">Smplayer</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Sound">Sound</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Texas">Texas</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Virtualization">Virtualization</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/amt">amt</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/apple">apple</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/apply-patch">apply-patch</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/audio">audio</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/aurora">aurora</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/bigdata">bigdata</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/changelog">changelog</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/cloud-init">cloud-init</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/cloudopen">cloudopen</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/conferences">conferences</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/coreos">coreos</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/edge">edge</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/gazzangbang">gazzangbang</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ge">ge</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/gnupg">gnupg</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/hockeypuck">hockeypuck</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/johnnyfootball">johnnyfootball</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/launchpad">launchpad</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/livepatch">livepatch</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/mencoder">mencoder</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/mondrian">mondrian</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/mongodb">mongodb</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/musica">musica</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/networking">networking</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/privacy">privacy</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/puppet">puppet</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/python">python</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/rant">rant</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/redhat">redhat</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/scale">scale</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/slashdot">slashdot</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/survey">survey</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/txlf">txlf</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/uinstall">uinstall</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/uquick">uquick</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/xps13">xps13</a> (2) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/10gen">10gen</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/AMD">AMD</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Alfresco">Alfresco</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Approx">Approx</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Asus">Asus</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/BSG">BSG</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Banks">Banks</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ChromeOS">ChromeOS</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Community">Community</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Conference">Conference</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/DNS">DNS</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/DevOps">DevOps</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Dosbox">Dosbox</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ESM">ESM</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Fedora">Fedora</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Fraud">Fraud</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/G1">G1</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Gorilla">Gorilla</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/HackerNews">HackerNews</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/IPV6">IPV6</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Images">Images</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Java">Java</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/JeOS">JeOS</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Joyent">Joyent</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/LTS4">LTS4</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/LinuxOne">LinuxOne</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Lost">Lost</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/MWC">MWC</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Membership">Membership</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/MythTV">MythTV</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Nespresso">Nespresso</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/NewZealand">NewZealand</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Oracle">Oracle</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Parable">Parable</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Patriot">Patriot</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Phones">Phones</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Ping">Ping</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/RHEL">RHEL</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Roadmap">Roadmap</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Roomba">Roomba</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/SSD">SSD</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Siteam">Siteam</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Snaps">Snaps</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/StarWars">StarWars</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/TAMU">TAMU</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Tesla">Tesla</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/TheCUBE">TheCUBE</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Throwback">Throwback</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Turnkey">Turnkey</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Ubuntu-HA">Ubuntu-HA</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Unifi">Unifi</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/Unity">Unity</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/WebOS">WebOS</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/acta">acta</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/acug">acug</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/adapt">adapt</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/aggies">aggies</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/agile">agile</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/alpine">alpine</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/amttool">amttool</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/animation">animation</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/apex">apex</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/appliance">appliance</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/art">art</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/atomic">atomic</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/auth">auth</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/avconv">avconv</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/baby">baby</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/base64">base64</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/bazaar">bazaar</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/bbq">bbq</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/bcc">bcc</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/bip">bip</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/blindcafe">blindcafe</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/bpf">bpf</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/brisket">brisket</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/c5%20chevrolet%20corvette%20forsale">c5 chevrolet corvette forsale</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/cadillac">cadillac</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/cassandra">cassandra</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/cdh">cdh</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/charm">charm</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/chromium">chromium</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/cim">cim</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/cirsc">cirsc</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/cloc">cloc</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/clockwork">clockwork</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/cloud-live">cloud-live</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/conjure-up">conjure-up</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/cr-gpg">cr-gpg</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/createous">createous</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/cts-v">cts-v</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/cyanogen">cyanogen</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/dd-wrt">dd-wrt</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/dell">dell</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/dennisritchie">dennisritchie</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/devices">devices</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/dmr">dmr</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/dpkg">dpkg</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/dropcam">dropcam</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/easteregg">easteregg</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/extremeprogramming">extremeprogramming</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ffmpeg">ffmpeg</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/firstbuild">firstbuild</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/football">football</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/fossil">fossil</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/fridge">fridge</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/github">github</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/hackathon">hackathon</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/heisman">heisman</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/hiring">hiring</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/hkp">hkp</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/homebrew">homebrew</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/hpc">hpc</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/html5">html5</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/iphone">iphone</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ipmi">ipmi</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/it">it</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/jobs">jobs</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/kenburns">kenburns</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/keyescrow">keyescrow</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/keymon">keymon</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/lenovo">lenovo</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/linaro">linaro</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/lisa">lisa</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/lunatia">lunatia</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/lyft">lyft</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/lzma">lzma</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/maddog">maddog</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/maker">maker</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/math">math</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/mcollective">mcollective</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/mdadm">mdadm</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/meltdown">meltdown</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/mobile">mobile</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/mozart">mozart</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/mpi">mpi</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/nest">nest</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/nosql">nosql</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/oakridge">oakridge</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/openssl">openssl</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ornl">ornl</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/pairprogramming">pairprogramming</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/paperless">paperless</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/pascal">pascal</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/passwords">passwords</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/pastebinit">pastebinit</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/pbget">pbget</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/pbput">pbput</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/php">php</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/pirate">pirate</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/product">product</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/purge-old-kernels">purge-old-kernels</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/pvoutput">pvoutput</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/qwersive">qwersive</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/random">random</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/rootsign">rootsign</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/run-one-constantly">run-one-constantly</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/run-this-one">run-this-one</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/smoke">smoke</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/snl">snl</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/soc">soc</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/sopa">sopa</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/spectre">spectre</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/sputnik">sputnik</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/storage">storage</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/swype">swype</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/tbt">tbt</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/theft">theft</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/tips">tips</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/tmpfs">tmpfs</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/touch">touch</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/transcode">transcode</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/uber">uber</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ubrewtu">ubrewtu</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ubuntu-allstars">ubuntu-allstars</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/ubuntu-sever">ubuntu-sever</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/udw">udw</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/unix">unix</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/usenix">usenix</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/virt-manager">virt-manager</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/vlan">vlan</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/wbem">wbem</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/wilwheaton">wilwheaton</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/wine">wine</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/wsman">wsman</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/yo">yo</a> (1) <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/search/label/zncrypt">zncrypt</a> (1)<br> https://www.whatsupup.com/blog/traveling/splay/20210928-081715/ Tue, 28 Sep 2021 08:17:15 +0000 https://www.whatsupup.com/blog/traveling/splay/20210928-081715/ Sept. 23, 2021<br> Aug. 3, 2021<br> June 22, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/17/science/betelgeuse-montarges-star-supernova.html">Out There Betelgeuse Merely Burped, Astronomers Conclude The dramatic dimming of the red supergiant in 2019 was the product of dust, not a prelude to destruction, a new study has found. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/jigging/witherer/20210928-081652/ Tue, 28 Sep 2021 08:16:52 +0000 https://www.whatsupup.com/blog/jigging/witherer/20210928-081652/ <p>Before founding The Markup, she led investigative teams at ProPublica and The Wall Street Journal. She is the author of “Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance,” (Times Books, 2014) and “Stealing MySpace: The Battle to Control the Most Popular Website in America” (Random House, March 2009). She has a B.A. in mathematics from The University of Chicago and an MBA from Columbia University.<br> Julia’s OpenPGP key fingerprint is F292 E93A 86B3 1713 05A6  FE9F 85C9 09BB C664 D201.<br> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/09/22/germanys-far-right-political-party-the-afd-is-dominating-facebook-this-election">Citizen Browser Germany’s Far-Right Political Party, the AfD, Is Dominating Facebook This Election Ahead of a national vote this month, Citizen Browser data shows that posts promoting the AfD party appeared more than three times as often as rivals' September 22, 2021 08:00 ET</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/09/21/facebook-rolls-out-news-feed-change-that-blocks-watchdogs-from-gathering-data">Citizen Browser Facebook Rolls Out News Feed Change That Blocks Watchdogs from Gathering Data The tweak, which targets the code in accessibility features for visually impaired users, drew ire from researchers and those who monitor the platform September 21, 2021 08:00 ET</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/08/10/how-the-daily-wire-uses-facebooks-targeted-advertising-to-build-its-brand">Citizen Browser How The Daily Wire Uses Facebook’s Targeted Advertising to Build Its Brand The social media giant's powerful targeting tools appear to be part of Ben Shapiro’s success in growing his audience on the platform August 10, 2021 08:00 ET</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/07/09/facebook-got-rid-of-racial-ad-categories-or-did-it">Citizen Browser Facebook Got Rid of Racial Ad Categories. Or Did It? Our Citizen Browser project found an array of proxies through which advertisers can target Black Facebook users, among other demographics July 9, 2021 08:00 ET</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/06/24/after-repeatedly-promising-not-to-facebook-keeps-recommending-political-groups-to-its-users">Citizen Browser After Repeatedly Promising Not to, Facebook Keeps Recommending Political Groups to Its Users The company announced the policy as a way to stop spreading divisive content June 24, 2021 08:00 ET</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/05/20/facebook-said-it-would-stop-recommending-anti-vaccine-groups-it-didnt">Citizen Browser Facebook Said It Would Stop Recommending Anti-Vaccine Groups. It Didn’t As COVID-19 surged, the social media company pointed users to all sorts of anti-vaccine and anti-mask groups May 20, 2021 08:00 ET</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/05/06/how-big-pharma-finds-sick-users-on-facebook">Citizen Browser How Big Pharma Finds Sick Users on Facebook We found drug ads targeted at users interested in everything from bourbon to therapy May 6, 2021 08:00 ET</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/04/29/credit-card-ads-were-targeted-by-age-violating-facebooks-anti-discrimination-policy">Citizen Browser Credit Card Ads Were Targeted by Age, Violating Facebook’s Anti-Discrimination Policy Such ads, along with other age-targeted financial product ads, may violate civil rights laws, attorneys say April 29, 2021 08:00 ET</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/show-your-work/2021/03/11/how-we-built-a-facebook-feed-viewer">Show Your Work Citizen Browser How We Built a Facebook Feed Viewer Split Screen invites readers to explore how different people experience Facebook March 11, 2021 08:00 ET</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/03/11/introducing-split-screen">Citizen Browser Introducing “Split Screen” A new tool from The Markup’s Citizen Browser project March 11, 2021 08:00 ET</a><br> https://www.whatsupup.com/blog/underpeopled/multichannel/20210928-081605/ Tue, 28 Sep 2021 08:16:05 +0000 https://www.whatsupup.com/blog/underpeopled/multichannel/20210928-081605/ <p><a rel="noreferrer" target="_blank" href="https://github.blog/2021-08-25-2021-transparency-report-january-to-june/">August 25, 2021</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/2021-08-25-2021-transparency-report-january-to-june/">2021 Transparency Report: January to June</a><br> <hr> We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve added more granularity to our 2020 stats.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2021-02-25-2020-transparency-report/">2020 Transparency Report</a><br> <hr> We’re excited to share GitHub’s 2019 Transparency Report, a by-the-numbers look at how we handle requests for user data and moderate content on GitHub.<br> https://www.whatsupup.com/blog/disappear/fussy/20210928-081600/ Tue, 28 Sep 2021 08:16:00 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210928-081600/ <p>Dan Goodin is Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, and hardware hacking. A journalist with more than 15 years experience, he has been chronicling the exploits of white-hat, grey-hat and black-hat hackers since 2005 as a reporter for the Associated Press and later, The Register. He has a Bachelors Degree in English from the University of Massachusetts and a Masters of Journalism from UC Berkeley. In his spare time, he enjoys gardening, cooking, and following the independent music scene.</p> <p>Dan can receive encrypted messages over Signal at +1650-440-4479.<br></p> https://www.whatsupup.com/blog/hardened/twinkled/20210928-081557/ Tue, 28 Sep 2021 08:15:57 +0000 https://www.whatsupup.com/blog/hardened/twinkled/20210928-081557/ <a rel="noreferrer" target="_blank" href="https://github.blog/2021-06-29-introducing-github-copilot-ai-pair-programmer/">June 29, 2021</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210928-081556/ Tue, 28 Sep 2021 08:15:56 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210928-081556/ Singer R. Kelly found guilty by a federal jury of racketeering in his sex-trafficking trial <a rel="noreferrer" target="_blank" href="https://www.reuters.com/legal/government/jurors-resume-deliberations-r-kelly-trial-2021-09-27/">VIEW MORE</a><br> Sep 23 2021<br> Aug 29 2021<br> https://www.whatsupup.com/blog/sited/implore/20210928-081533/ Tue, 28 Sep 2021 08:15:33 +0000 https://www.whatsupup.com/blog/sited/implore/20210928-081533/ Sept. 1, 2021<br> Aug. 19, 2021<br> July 28, 2021<br> https://www.whatsupup.com/blog/overgrazing/propellent/20210928-081525/ Tue, 28 Sep 2021 08:15:25 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210928-081525/ © 2021 Alex Kantrowitz. See <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/privacy">privacy</a> , <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/tos">terms</a> and <a rel="noreferrer" target="_blank" href="https://substack.com/ccpa#personal-data-collected">information collection notice</a><br> https://www.whatsupup.com/blog/trifid/ragwort/20210928-081453/ Tue, 28 Sep 2021 08:14:53 +0000 https://www.whatsupup.com/blog/trifid/ragwort/20210928-081453/ © Smartcar, Inc. 2021<br> https://www.whatsupup.com/blog/seer/hemisphere/20210928-081436/ Tue, 28 Sep 2021 08:14:36 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210928-081436/ <p>News 22 Sept 2021<br> Books & Arts 07 Sept 2021<br> News 20 Aug 2021<br> News 23 Jul 2021<br> News 23 Jun 2021<br> News 07 May 2021<br> News 19 Apr 2021<br> News 19 Mar 2021<br> Books & Arts 16 Mar 2021<br> <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-00641-8">Record number of asteroids seen whizzing past Earth in 2020</a><br></p> <hr> News 22 Feb 2021<br> Comments & Opinion 01 Feb 2021<br> News 28 Jan 2021<br> News 17 Dec 2020<br> <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-020-03438-3">2020 beyond COVID: the other science events that shaped the year</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-020-03437-4">COVID and 2020: An extraordinary year for science</a><br> <hr> News 19 Nov 2020<br> Books & Arts 16 Nov 2020<br> News 29 Oct 2020<br> https://www.whatsupup.com/blog/veld/paternal/20210928-081416/ Tue, 28 Sep 2021 08:14:16 +0000 https://www.whatsupup.com/blog/veld/paternal/20210928-081416/ <p><a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/raspberry-pi-rp2040-on-sale/">Raspberry Silicon update: RP2040 on sale now at $1</a><br></p> <hr> Eben Upton - 1st Jun 2021 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/raspberry-pi-rp2040-on-sale/#comments">28 comments</a><br> Eben Upton - 24th May 2021 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/announcing-the-raspberry-pi-poe-hat/#comments">81 comments</a><br> Eben Upton - 26th Feb 2021 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/pi-day-at-the-raspberry-pi-foundation/#comments">4 comments</a><br> Eben Upton - 1st Dec 2020 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/spread-the-joy-of-learning-through-making/#comments">2 comments</a><br> Eben Upton - 30th Nov 2020 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/new-raspberry-pi-4-case-fan/#comments">81 comments</a><br> Eben Upton - 2nd Nov 2020 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/raspberry-pi-400-the-70-desktop-pc/#comments">453 comments</a><br> Eben Upton - 20th Oct 2020 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/vulkan-update-merged-to-mesa/#comments">37 comments</a><br> Eben Upton - 9th Jun 2020 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/vulkan-update-now-with-added-source-code/#comments">33 comments</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210928-081400/ Tue, 28 Sep 2021 08:14:00 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210928-081400/ <p>— Justin Schuh (@justinschuh) <a rel="noreferrer" target="_blank" href="https://twitter.com/justinschuh/status/1374809351920132096?ref_src=twsrc%5Etfw">March 24, 2021</a><br> (Note that the third case is kind of weird. It might be a subcase of #1 if you have another device that’s active and can send you the data. It might be a subcase of #2. I hate this one and am sending it to live on a farm upstate.)<br> What I learned from my exploration ( and here I pray the documentation is accurate) is that Apple actually does seem to provide end-to-end encryption for browser data. Or more specifically: they provide <a rel="noreferrer" target="_blank" href="https://support.apple.com/en-us/HT202303">end-to-end encryption for browser history data</a> starting as of iOS 13.<br> Until a few years ago, nobody thought much about this. In fact, in the early DKIM configurations were kind of a joke: mail providers chose DKIM signing keys that were trivial for motivated attackers to crack. Back in 2012 a security researcher named Zachary Harris pointed out that <a rel="noreferrer" target="_blank" href="https://www.wired.com/2012/10/dkim-vulnerability-widespread/">Google and several other companies</a> were using using 512-bit RSA to sign DKIM. He showed that these keys could be “cracked” in a matter of hours on rented cloud hardware, and then used these keys to forge emails from Larry and Sergey.<br> Providers like Google reacted to the whole “Larry and Sergey” embarassment in the way you’d expect. Without giving the implications any serious thought, they quickly ramped up their keys to 1024-bit or 2048-bit RSA. This stopped the forgeries, but inadvertently turned a harmless anti-spam protocol into a life-long cryptographic authenticity stamp — one that can be used to verify the provenance of any email dump, regardless of how it reaches the verifier.<br> The most famous example is also one of the most divisive: back in 2016, Wikileaks published a batch of stolen emails stolen from <a rel="noreferrer" target="_blank" href="https://wikileaks.org/podesta-emails/">John Podesta’s Google account</a> . Since the sourcing of these emails was <a rel="noreferrer" target="_blank" href="https://apnews.com/article/dea73efc01594839957c3c9a6c962b8a">murky</a> , WikiLeaks faced a high burden in proving to readers that these messages were actually authentic. DKIM provided an elegant solution: every email presented on Wikileaks’ pages <a rel="noreferrer" target="_blank" href="https://wikileaks.org/podesta-emails/emailid/10667">publicly states the verification status of the attached DKIM signatures</a> , something you can see today. The site also provides a helpful resource <a rel="noreferrer" target="_blank" href="https://wikileaks.org/DKIM-Verification.html">page for journalists, explaining how DKIM proves that the emails are real.</a><br> But the Podesta emails weren’t the end of the DKIM story. In 2017, ProPublica <a rel="noreferrer" target="_blank" href="https://www.propublica.org/nerds/authenticating-email-using-dkim-and-arc-or-how-we-analyzed-the-kasowitz-emails">used DKIM</a> to <a rel="noreferrer" target="_blank" href="https://www.propublica.org/article/marc-kasowitz-trump-lawyer-threat-emails-maddow">verify the authenticity of emails</a> allegedly sent to a critic by President Trump’s personal lawyer Mark Kasowitz. In 2018, the Associated Press used it once again to <a rel="noreferrer" target="_blank" href="https://apnews.com/article/d093a02a3d8a4e1b8dc7f5d19475899b">verify leaked emails tying a Russian lawyer to Donald Trump Jr</a> . And it happened again this year, when the recipients of an alleged “Hunter Biden laptop” provided a <a rel="noreferrer" target="_blank" href="https://www.washingtonexaminer.com/opinion/the-hunter-biden-emails-are-legitimate-and-theyre-not-going-away">single 2015 email to Rob Graham for DKIM verification</a> , in an effort to overcome journalistic skepticism at the sourcing of their information.<br> DKIM was never intended to provide long-lived authenticity for your emails. The security guarantees it provides are important, but need only exist for a period of hours (perhaps days on the outside) from the moment a mail server transmits your email. The fact that DKIM can be used to prove authenticity of stolen email from as long ago as 2015 is basically a screwup: the result of misuse and misconfiguration by mail providers who should know better.<br> Of course, merely replacing DKIM keypairs does nothing by itself: smart people on the Internet routinely archive DKIM public keys. This is, in fact, how a <a rel="noreferrer" target="_blank" href="https://github.com/robertdavidgraham/hunter-dkim">2015 Google email was verified in 2020</a> : the key that Google used for verifying DKIM emails during that long-ago time period (a single key was used from 2012-2016, seriously Google, this is just malpractice!) is no longer in use, but has been cached in various places on the Internet.<br> Google could launch the process right now by releasing its ancient 2016-era private keys. Since the secrecy of these serves literally no security purpose at this point, except for allowing third parties to verify email leaks, there’s no case for keeping these values secret at all. Just dump them.<br> The basis for our modern cellular telephony standards began in Europe back in the 1980s, with a standard known as <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/GSM">Global System for Mobile</a> . GSM was the first major digital cellular telephony standard, and it introduced a number of revolutionary features such as the use of <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/A5/1">encryption</a> to protect phone calls. Early GSM was designed primarily for voice communications, although <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/General_Packet_Radio_Service">data could be sent</a> over the air at some expense.<br> This is bad behavior on its merits, and more critically: it probably doesn’t result in good PIN choices. To make it go away, I chose the simplest PIN that the app would allow me to, which was 9512. I assume many other users simply entered their phone passcodes, which is a nasty security risk all on its own.<br> About eight years ago I set out to write a very informal piece on a specific cryptographic modeling technique called the “ <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Random_oracle">random oracle model”</a> . This was way back in the good old days of 2011, which was a more innocent and gentle era of cryptography. Back then nobody foresaw that all of our <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2017/10/16/falling-through-the-kracks/">standard</a> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2016/03/01/attack-of-week-drown/">cryptography</a> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2015/05/22/attack-of-week-logjam/">would</a> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2015/03/03/attack-of-week-freak-or-factoring-nsa/">turn</a> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2014/04/08/attack-of-the-week-openssl-heartbleed/">out</a> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2017/12/19/the-strange-story-of-extended-random/">to</a> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2016/03/21/attack-of-week-apple-imessage/">be</a> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2017/10/23/attack-of-the-week-duhk/">riddled</a> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2015/12/22/on-juniper-backdoor/">with</a> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2014/10/15/attack-of-week-poodle/">bugs</a> ; you didn’t have to be reminded that “ <a rel="noreferrer" target="_blank" href="https://www.vice.com/en_us/article/43nk9b/cryptocurrency-are-not-crypto-bitcoin">crypto means cryptography</a> “. People even used <a rel="noreferrer" target="_blank" href="https://qz.com/1285209/bitcoin-pizza-day-2018-eight-years-ago-someone-bought-two-pizzas-with-bitcoins-now-worth-82-million/">Bitcoin to actually buy things.</a><br> So we don’t use random functions to implement our hashing. Out in “the real world” we use weird functions developed by Belgians or the National Security Agency, things like like SHA256 and SHA3 and Blake2. These functions come with blazingly fast and tiny algorithms for computing them, most of which occupy <a rel="noreferrer" target="_blank" href="https://github.com/brainhub/SHA3IUF/blob/master/sha3.c">few dozen lines of code</a> or less. They certainly aren’t random, but as best we can tell, the output looks pretty jumbled up.<br></p> <ol> <li>Of course everyone knows random oracle proofs aren’t “real”. Most conscientious protocol designers will admit that proving something secure in the random oracle model does not actually mean it’ll be secure “in the real world”. In other words, the fact that random oracle model proofs are kind of bogus is not some deep secret I’m letting you in on.<br></li> <li>And anyway: ROM proofs are generally considered a useful heuristic. For those who aren’t familiar with the term, “heuristic” is a word that grownups use when they’re about to secure your life’s savings using cryptography they can’t prove anything about.<br></li> <li>ROM-validated schemes have a pretty decent track record in practice. If ROM proofs were kicking out absurdly broken schemes every other day, we would probably have abandoned this technique. Yet we use cryptography that’s proven (only) in the ROM just about ever day — and mostly it works fine.<br></li> <li>For years, many people believed that the ROM could actually be saved. This hope was driven by the fact that ROM schemes generally seemed to work pretty well when implemented with strong hash functions, and so perhaps all we needed to do was to find a hash function that was “good enough” to <a rel="noreferrer" target="_blank" href="https://eprint.iacr.org/1997/007">make ROM proofs meaningful</a> . Some theoreticians hoped that fancy techniques like <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2014/02/21/cryptographic-obfuscation-and/">cryptographic obfuscation</a> could somehow be used to make concrete hashing algorithms that behaved well enough to make (some) ROM proofs instantiable.**<br> So that’s kind of the state of the ROM, or at least — it was the state up until the late 1990s. We knew this model was artificial, and yet it stubbornly refused to explode or produce totally nonsense results.<br> And then, in 1998, everything went south.<br> For theoretical cryptographers, the real breaking point for the random oracle model came in the form of a <a rel="noreferrer" target="_blank" href="https://eprint.iacr.org/1998/011.pdf">1998 STOC paper by Canetti, Goldreich and Halevi</a> (henceforth CGH). I’m going to devote the rest of this (long!) post to explaining the gist of what they found.<br> In this setting, the attacker actually does have access to a short, efficient program P that matches the hash function H . In practice, this function will probably be something like <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/SHA-2">SHA2</a> or <a rel="noreferrer" target="_blank" href="https://blake2.net/">Blake2.</a> But even in a weird case where it’s some crazy obfuscated function, the attacker is still expected to have a program that they can efficiently evaluate. Since the attacker possesses this program, they can easily encode it into a short enough message and send it to the signing oracle.<br></li> </ol> https://www.whatsupup.com/blog/ewing/undiscernibly/20210928-081355/ Tue, 28 Sep 2021 08:13:55 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210928-081355/ September 22, 2021<br> $ cosign verify-attestation -key cosign.pub gcr.io/distroless/base@sha256:4f8aa0aba190e375a5a53bb71a303c89d9734c817714aeaca9bb23b82135ed91<br> Verification for gcr.io/distroless/base@sha256:4f8aa0aba190e375a5a53bb71a303c89d9734c817714aeaca9bb23b82135ed91 –<br> $ rekor-cli search –sha sha256:4f8aa0aba190e375a5a53bb71a303c89d9734c817714aeaca9bb23b82135ed91<br> af7a9687d263504ccdb2759169c9903d8760775045c6e7554e365ec2bf29f6f8<br> $ rekor-cli get –uuid af7a9687d263504ccdb2759169c9903d8760775045c6e7554e365ec2bf29f6f8 –format json | jq -r .Attestation | base64 –decode | jq<br> "sha256": "703a4726aedc9ec7a7e32251087565246db117bb9a141a7993d1c4bb4036660d"<br> "sha256": "d322ed16d530596c37eee3eb57a039677502aa71f0e4739b0272b1ebd8be9bce"<br> "sha256": "2dfdd5bf591d0da3f67a25f3fc96d929b256d5be3e0af084db10952e5da2c661"<br> "sha256": "4f8aa0aba190e375a5a53bb71a303c89d9734c817714aeaca9bb23b82135ed91"<br> "sha256": "dc0a793d83196a239abf3ba035b3d1a0c7a24184856c2649666e84bc82fc5980"<br> "sha256": "c9507268813f235b11e63a7ae01526b180c94858bd718d6b4746c9c0e8425f7a"<br> "sha256": "4af613acf571a1b86b1d3c50682caada0b82024e566c1c4c2fe485a70f3af47d"<br> "sha256": "2c4bb6b7236db0a55ec54ba8845e4031f5db2be957ac61867872bf42e56c4deb"<br> "sha256": "deb41661be772c6256194eb1df6b526cc95a6f60e5f5b740dda2769b20778c51"<br> "sha256": "927dd07e7373e1883469c95f4ecb31fe63c3acd104aac1655e15cfa9ae0899bf"<br> "sha256": "f106757268ab4e650b032e78df0372a35914ed346c219359b58b3d863ad9fb58"<br> "sha256": "aa8a0358b2813e8b48a54c7504316c7dcea59d6ae50daa0228847de852c83878"<br> "sha256": "9acfd1fdf62b26cbd4f3c31422cf1edf3b7b01a9ecee00a499ef8b7e3536914d"<br> "sha256": "e50641dbb871f78831f9aa7ffa59ec8f44d4cc33ae4ee992c9f4b046040e97f2"<br> "CHAINS-GIT_COMMIT={string 976c1c9bc178ac0371d8888d69893145c3df09f0 []}",<br> "event_id": "531c282f-806e-41e4-b3ad-b596c4283381",<br> "image": "docker.io/library/golang@sha256:cb1a7482cb5cfc52527c5cdea5159419292360087d5249e3fe5472f3477be642"<br> "buildStartedOn": "2021-09-16T00:03:04Z",<br> "buildFinishedOn": "2021-09-16T00:04:36Z"<br> "revision": "976c1c9bc178ac0371d8888d69893145c3df09f0"<br> https://www.whatsupup.com/blog/spectrometry/obol/20210928-081352/ Tue, 28 Sep 2021 08:13:52 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20210928-081352/ Tuesday, September 14, 2021<br> tl;dr I combined <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/fuzzilli">Fuzzilli</a> (an open-source JavaScript engine fuzzer), with <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/TinyInst">TinyInst</a> (an open-source dynamic instrumentation library for fuzzing). I also added grammar-based mutation support to <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/Jackalope">Jackalope</a> (my black-box binary fuzzer). So far, these two approaches resulted in finding three security issues in jscript9.dll (default JavaScript engine used by Internet Explorer).<br> It comes somewhat naturally to combine the tooling I’ve been working on with techniques that have been so successful in finding JavaScript bugs, and try to use the resulting tooling to fuzz JavaScript engines for which the source code is not available. Of such engines, I know two: jscript and jscript9 (implemented in jscript.dll and jscript9.dll) on Windows, which are both used by the Internet Explorer web browser. Of these two, jscript9 is probably more interesting in the context of mutational coverage-guided fuzzing since it includes a JIT compiler and more advanced engine features.<br> While you might think that Internet Explorer is a <a rel="noreferrer" target="_blank" href="https://blogs.windows.com/windowsexperience/2021/05/19/the-future-of-internet-explorer-on-windows-10-is-in-microsoft-edge/">thing of the past</a> and it doesn’t make sense to spend energy looking for bugs in it, the fact remains that Internet Explorer is still heavily exploited by real-world attackers. In <a rel="noreferrer" target="_blank" href="https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786">2020</a> there were two Internet Explorer 0days exploited in the wild and three in <a rel="noreferrer" target="_blank" href="https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=2129022708">2021</a> so far . One of these vulnerabilities was in the JIT compiler of jscript9. I’ve personally vowed several times that I’m done looking into Internet Explorer, but each time, more 0days in the wild pop up and I change my mind.<br> Edit 2021-09-20 : The version of Swift for Windows used in this project was from January 2021, when I first started working on it. Since version 5.4, Swift Package Manager is supported on Windows, so building Swift code should be much easier now. Additionally, static linking is supported for C/C++ code.<br> JavaScript grammar was initially constructed by following  the <a rel="noreferrer" target="_blank" href="https://tc39.es/ecma262/#sec-grammar-summary">ECMAScript 2022 specification</a> . However, as always when constructing fuzzing grammars from specifications or in a (semi)automated way, this grammar was only a starting point. More manual work was needed to make the grammar output valid and generate interesting samples more frequently.<br> The following image shows Jackalope running against jscript9.<br> I ran Fuzzilli for several weeks on 100 cores. This resulted in finding two vulnerabilities, <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/detail?id=2157">CVE-2021-26419</a> and <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/detail?id=2168">CVE-2021-31959</a> . Note that the bugs that were analyzed and determined not to have security impact are not counted here. Both of the vulnerabilities found were in the bytecode generator, a part of the JavaScript engine that is typically not very well tested by generation-based fuzzing approaches. Both of these bugs were found relatively early in the fuzzing process and would be findable even by fuzzing on a single machine.<br> Jackalope was run on a similar setup: for several weeks on 100 cores. Interestingly, at least against jscript9, Jackalope with grammar-based mutations behaved quite similarly to Fuzzilli: it was hitting a similar level of coverage and finding similar bugs. It also found CVE-2021-26419 quickly into the fuzzing process. Of course, it’s easy to re-discover bugs once they have already been found with another tool, but neither the grammar engine nor the JavaScript grammar contain anything specifically meant for finding these bugs.<br> About a week and a half into fuzzing with Jackalope, it triggered a bug I hadn't seen before, <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/detail?id=2188">CVE-2021-34480</a> . This time, the bug was in the JIT compiler, which is another component not exercised very well with generation-based approaches. I was quite happy with this find, because it validated the feasibility of a grammar-based approach for finding JIT bugs.<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html">Policy and Disclosure: 2021 Edition</a> (Apr)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html">In-the-Wild Series: October 2020 0-day discovery</a> (Mar)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/06/ff-sandbox-escape-cve-2020-12388.html">FF Sandbox Escape (CVE-2020-12388)</a> (Jun)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html">Policy and Disclosure: 2020 Edition</a> (Jan)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/08/the-many-possibilities-of-cve-2019-8646.html">The Many Possibilities of CVE-2019-8646</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2017/09/the-great-dom-fuzz-off-of-2017.html">The Great DOM Fuzz-off of 2017</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2015/02/exploitingscve-2015-0318sinsflash.html">(^Exploiting)\s*(CVE-2015-0318)\s*(in)\s*(Flash$)</a> (Feb)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/12/internet-explorer-epm-sandbox-escape.html">Internet Explorer EPM Sandbox Escape CVE-2014-6350</a> (Dec)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/11/pwn4fun-spring-2014-safari-part-ii.html">pwn4fun Spring 2014 - Safari - Part II</a> (Nov)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/11/project-zero-patch-tuesday-roundup.html">Project Zero Patch Tuesday roundup, November 2014</a> (Nov)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/09/exploiting-cve-2014-0556-in-flash.html">Exploiting CVE-2014-0556 in Flash</a> (Sep)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html">The poisoned NUL byte, 2014 edition</a> (Aug)<br> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2014/07/pwn4fun-spring-2014-safari-part-i_24.html">pwn4fun Spring 2014 - Safari - Part I</a> (Jul)<br> https://www.whatsupup.com/blog/nuncle/haw/20210928-081339/ Tue, 28 Sep 2021 08:13:39 +0000 https://www.whatsupup.com/blog/nuncle/haw/20210928-081339/ <p>$ echo -n “resp_success:1|c|#method:post” | nc -4u localhost 8126<br> $ veneur-emit -hostport udp://localhost:8126 -count 1 -name "resp_success" -tag "method:post"<br> args : ["-c", "while true; do veneur-emit -hostport udp://localhost:8126 -count 1 -name 'my.test.metric'; sleep 10; done"]<br> That’s the first container in our pod, and if we deploy it as-is, it’ll start faithfully firing off UDP metrics on port 8126. But there’s nothing listening on that port, so it’s just talking into the void. Let’s give it an audience by adding a second container in the same pod:<br> In addition, we listen for UDP packets on port 8126 to receive the metrics, and we also listen for HTTP traffic on port 8127. Port 8127 is used for the healthcheck endpoint. It can also be used to listen for metrics that are emitted over TCP using authenticated TLS instead of UDP, but we won’t cover that here, as it’s not needed for most Kubernetes deployments.<br> <a rel="noreferrer" target="_blank" href="https://www.flickr.com/photos/tmab2003/3241889036">Photo CC-BY TMAB2003.</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="http://www.saucontds.com/%E2%80%8E">Saucon TDS</a> uses OpenDNS for DNS lookups, but they redirect undesired lookups to their block page. I confirmed this by asking my neighbor across the aisle to visit drive.google.com – he happened to be using Safari, which gave him a 404-eque page instead of the big red error message that Chrome gave, but that was enough for me to confirm that the bus was, indeed, hijacking traffic on Port 53.<br> First, Alice flips a coin, but keeps the result of the coin flip secret. Let’s say that ‘H’ is 1, and ’T’ is 0.<br> https://www.whatsupup.com/blog/giuseppe/fibroma/20210928-081332/ Tue, 28 Sep 2021 08:13:32 +0000 https://www.whatsupup.com/blog/giuseppe/fibroma/20210928-081332/ 2021-08-08 <a rel="noreferrer" target="_blank" href="https://internalregister.github.io/2021/08/08/Another-Homebrew-Console.html">Another ‘Homebrew’ Video Game Console</a><br> 2019-09-29 <a rel="noreferrer" target="_blank" href="https://internalregister.github.io/2019/09/29/Console-Video.html">‘HomeBrew’ Video Game Console - Video</a><br> 2019-09-29 <a rel="noreferrer" target="_blank" href="https://internalregister.github.io/2019/09/29/Console-PPU-Simulator.html">‘HomeBrew’ Video Game Console - PPU Simulator</a><br> 2019-07-26 <a rel="noreferrer" target="_blank" href="https://internalregister.github.io/2019/07/26/Console-CPU.html">‘HomeBrew’ Video Game Console - CPU Board</a><br> 2019-03-14 <a rel="noreferrer" target="_blank" href="https://internalregister.github.io/2019/03/14/Homebrew-Console.html">Building a ‘Homebrew’ Video Game Console</a><br> https://www.whatsupup.com/blog/depository/unfitted/20210928-081303/ Tue, 28 Sep 2021 08:13:03 +0000 https://www.whatsupup.com/blog/depository/unfitted/20210928-081303/ <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/going-up-the-hill/">Going up the hill</a> : 2021<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/part-two-i-sell-onions-on-the-internet/">part two, I sell onions on the Internet</a> : 2021<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/building-from-a-place-of-surrender/">Building from a place of surrender</a> : 2021<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/behind-the-scenes-carpet-pad-recycling-business-1997/">Behind the scenes of a carpet pad recycling business in 1997</a> : 2021<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/building-things-that-do-just-one-thing/">Building things that do [ just one thing ]</a> : 2020<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/let-go-then-go/">Let go, then go</a> : 2020<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/must-ride-mule-to-from-work-location/">Must ride mule (to & from) work location</a> : 2020<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/benevolent-uplifting-cuss-words/">Benevolent, uplifting cuss words</a> : 2020<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/give-me-grunt-work/">Give me grunt work</a> : 2020<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/dude-that-built-duderanch-com/">The dude that built DudeRanch.com</a> : 2019<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/i-sell-onions-on-the-internet/">I sell onions on the Internet</a> : 2019<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/slow-down-wander/">Slow down & wander</a> : 2017<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/window-shopping-expired-domain-names/">Window shopping for expired Domain Names</a> : 2017<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/build-a-side-business/">Want to build a side business? Just buy a great Domain Name</a> : 2017<br> https://www.whatsupup.com/blog/airbrush/misogynic/20210928-081248/ Tue, 28 Sep 2021 08:12:48 +0000 https://www.whatsupup.com/blog/airbrush/misogynic/20210928-081248/ <p>© 2020 George Hilliard<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2020/05/hacking-reolink-cameras-for-fun-and-profit/">Hacking Reolink cameras for fun and profit</a> May 16, 2020 Dragging Reolink, kicking and screaming, into the light of the open-standards day<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2020/05/mastering-embedded-linux-part-5-platform-daemons/">Mastering Embedded Linux, Part 5: Platform Daemons</a> May 02, 2020 Writing a custom program that talks to hardware<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2020/03/mastering-embedded-linux-part-4-adding-features/">Mastering Embedded Linux, Part 4: Adding Features</a> Mar 11, 2020 How to make your embedded system do something useful<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2020/02/trying-the-allwinner-f1c200s/">Trying the Allwinner F1C200s</a> Feb 29, 2020 Continuing experiments with inexpensive Allwinner processors<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2020/01/the-wave-particle-duality-of-git-commits/">The Wave/Particle Duality of Git Commits</a> Jan 20, 2020 Yet another way to think of<br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2020/01/mastering-embedded-linux-part-3-buildroot/">Mastering Embedded Linux, Part 3: Buildroot</a> Jan 14, 2020 Compiling a Linux OS from source code with the Buildroot distribution<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2019/12/mastering-embedded-linux-part-2-hardware/">Mastering Embedded Linux, Part 2: Hardware</a> Dec 28, 2019 Diving deeper into the hardware powering cheap embedded Linux systems<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2019/12/designing-my-linux-business-card/">Designing My Linux-Powered Business Card</a> Dec 23, 2019 Behind-the-scenes build log for my Linux-powered business card<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2019/12/my-business-card-runs-linux/">My Business Card Runs Linux</a> Dec 23, 2019 In which I build a Linux computer cheap enough to give away<br> <a rel="noreferrer" target="_blank" href="https://www.thirtythreeforty.net/posts/2019/08/mastering-embedded-linux-part-1-concepts/">Mastering Embedded Linux, Part 1: Concepts</a> Aug 25, 2019 A high-level introduction to concepts in hacking cheap embedded Linux systems<br> <hr> https://www.whatsupup.com/blog/sideswiped/tuftily/20210928-081241/ Tue, 28 Sep 2021 08:12:41 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210928-081241/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/09/26/Rock-and-Roll">Rock Decades</a> · On Saturday September 25 th , 2021, we went to a concert by <a rel="noreferrer" target="_blank" href="http://paulpigat.com/cousin-harley/">Cousin Harley</a> featuring <a rel="noreferrer" target="_blank" href="http://paulpigat.com/paul-pigat/#about">Paul Pigat</a> . The last live indoor music we’d seen was March 8, 2020, which is to say a gap of 566 days. Speaking of gaps, 2021 marks, more or less, both seventy years of Rock ’n’ Roll and 50 years of my loving it <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/09/26/Rock-and-Roll">…</a><br> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/08/05/Western-Electric">Western Electric</a> · At 6:30 PM on Wednesday August 4 th my 15-year-old daughter and I pulled up the Jaguar I-Pace electric car in front of my 91-year-old Mom’s place in Regina, Saskatchewan. I was tired and achey because I’d just finished driving 1,725km (1,072 miles) across two days to see her for the first time since Covid started. I was happy to see Mom, happy about the first road-trip in a long time, and happy to have tested the hypothesis that, in 2021, a fully-electric vehicle can handle long-haul travel <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/08/05/Western-Electric">…</a> [16 comments]<br> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/07/29/Under-and-Over">CL XL: Under and Over</a> · Wow, the last <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/What/The%20World/Cottage%20Life/">Cottage Life</a> piece was in 2019, suggesting there was no such thing in 2020. And, what with Covid, there was less. While this story happened in situ , it’s really about something else: How much residential construction and software are like each other, and share the same really-important rule: Underpromise and overdeliver. [Includes compulsory nature shots.] <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/07/29/Under-and-Over">…</a><br> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/07/17/Music-Notes">Music Notes</a> · Herewith notes on what I’m listening to in 2021, and why that’s a problem. With recommendations both for music and for things we can do to keep it alive <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/07/17/Music-Notes">…</a> [11 comments]<br> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/07/12/Slow-M1">Where’s the Apple M2?</a> · DPReview just published <a rel="noreferrer" target="_blank" href="https://www.dpreview.com/opinion/5834413552/apple-still-hasnt-made-a-truly-pro-m1-mac">Apple still hasn't made a truly “Pro” M1 Mac – so what’s the holdup?</a> Following on the good performance and awesome power efficiency of the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Apple_M1">Apple M1</a> , there’s a hungry background rumble in Mac-land along the lines of “Since the M1 is an entry-level chip, the next CPU is gonna blow everyone’s mind!” But it’s been eight months since the M1 shipped and we haven’t heard from Apple. I have a good guess what’s going on: It’s proving really hard to make a CPU (or <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/System_on_a_chip">SoC</a> ) that’s perceptibly faster than the M1. Here’s why <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/07/12/Slow-M1">…</a> [7 comments]<br> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/06/01/Long-Links">Long Links</a> · Welcome to the June 2021 issue of<br> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/05/22/LP-Victory">LP Victory</a> · Some readers may remember <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/201x/2019/02/23/LP-Log">a February 2019</a> blog post describing how I inherited 900 or so used LPs, mostly classical. As of this week, I’ve listened to all of them (or rejected them out of hand), and kept 220 or so (counting methods were imperfect). Herewith lessons and reconfigurations. Also there’s a <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/05/22/Fourteen-Classics">companion piece</a> on sixteen albums I especially liked <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/05/22/LP-Victory">…</a> [1 comment]<br> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/">When?</a> (5112 fragments) <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/What/">What?</a> (342 categories)<br> https://www.whatsupup.com/blog/alveolar/cozey/20210928-081238/ Tue, 28 Sep 2021 08:12:38 +0000 https://www.whatsupup.com/blog/alveolar/cozey/20210928-081238/ Update 2011-01-27: Recent versions of Mac OS X make these replacements obsolete.<br> https://www.whatsupup.com/blog/kyat/underwrite/20210928-081234/ Tue, 28 Sep 2021 08:12:34 +0000 https://www.whatsupup.com/blog/kyat/underwrite/20210928-081234/ <p><a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/top-posts/">Top Posts</a><br></p> <hr> Posted on <a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/2021/01/21/introducing-astral-codex-ten/">January 21, 2021</a> by <a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/author/admin2/">Scott Alexander</a><br> <hr> [EDIT 2/13/21: This post is originally from June 2020, but there’s been renewed interest in it because the NYT article involved just came out. This post says the NYT was going to write a positive article, which was the impression I got in June 2020. The actual article was very negative; I feel this was as retaliation for writing this post, but I can’t prove it. I feel I was misrepresented by slicing and dicing quotations in a way that made me sound like a far-right nutcase; I am actually a liberal Democrat who voted for Warren in the primary and Biden in the general, and I generally hold pretty standard center-left views in support of race and gender equality. You can read my full statement defending against the Times’ allegations <a rel="noreferrer" target="_blank" href="https://astralcodexten.substack.com/p/statement-on-new-york-times-article">here</a> . To learn more about this blog and read older posts, go to <a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/about/">the About page</a> .]<br> <hr> The Representative For Gerontocracy is supposedly the oldest person in the country who is medically fit and willing to serve, but this has been so hard to sort out that in practice they are selected by the national retirees’ special interest group from the pool of willing candidates above age 90.<br> <hr> Posted on <a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/2020/06/16/open-thread-156-25/">June 16, 2020</a> by <a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/author/bughimamborag/">a reader</a><br> <hr> But every so often, somebody tries to do things the proper way. Go over decades of research into what makes psychiatric drugs work and how they could work better. Figure out the hypothetical properties of the ideal psych drug. Figure out a molecule that matches those properties. Synthesize it and see what happens. This was the vision of vortioxetine and vilazodone, two antidepressants from the early 2010s. They were approved by the FDA, sent to market, and prescribed to millions of people. Now it’s been enough time to look back and give them a fair evaluation. And…<br> <hr> 1. Comment of the week: superkamiokande from the subreddit <a rel="noreferrer" target="_blank" href="https://www.reddit.com/r/slatestarcodex/comments/h7egp3/wordy_wernickes/fumiaix/">explains the structural and computational differences between Wernicke’s and Broca’s areas</a> .<br> 2. There’s another SSC virtual meetup next week, guest speaker Robin Hanson. More information <a rel="noreferrer" target="_blank" href="https://cephalopods.blog/2020/04/12/ssc-lesswrong-meetup/">here</a> .<br> 3. As many areas reopen, local groups will have to decide whether or not to restart in-person meetups. I can’t speak to other countries that may have things more under control, but in the US context, I am against this. Just because it’s legal to hold medium-sized gatherings now doesn’t mean it’s a good idea. I would feel really bad if anyone became sick or spread the pandemic because of my blog. I don’t control local groups, and they can do what they want, but I won’t be advertising meetups on the blogroll until I feel like they’re safe. Exceptions for East Asia, New Zealand, and anyone else who can convince me that their country is in the clear.<br> 4. Some people have noticed that <a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/2014/12/17/the-toxoplasma-of-rage/">my toxoplasma post</a> seems disconfirmed by recent protests, which reached national scale even though the incident was very clear-cut and uncontroversial. I agree this is some negative evidence. The toxoplasma model was meant to be a tendency, not a 100% claim about things always work. Certainly it is still mysterious in general why some outrageous incidents spark protests and other near-identical ones don’t. I think it’s relevant that everyone is in a bad place right now because of coronavirus (remember, just two months ago Marginal Revolution posted <a rel="noreferrer" target="_blank" href="https://marginalrevolution.com/marginalrevolution/2020/04/when-will-the-riots-begin.html">When Will The Riots Begin?</a> ), and that 2020 is the peak of Turchin’s fifty-year <a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/2019/09/02/book-review-ages-of-discord/">cycle of conflict</a> .<br> 5. Speaking of protests, the open threads have been getting pretty intense lately. I realize some awful stuff has been going on, and emotions are really high, but I want everyone to take a deep breath and try to calm down a little bit before saying anything you’ll regret later. I will be enforcing the usually-poorly-enforced ban on culture war topics in this thread with unrecorded deletions. I may or may not suspend the next one or two hidden threads to give everyone a chance to calm down. I hope everybody is staying safe and sane during these difficult times.<br> 6. If you haven’t already taken last week’s nootropics survey, and you are an experienced user of nootropics, you can <a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/2020/06/07/take-the-new-nootropics-survey/">take it now</a> .<br> <hr> I would be failing my brand if I didn’t write something about GPT-3, but I’m not an expert and discussion is still in its early stages. Consider this a summary of some of the interesting questions I’ve heard posed elsewhere, especially comments by <a rel="noreferrer" target="_blank" href="https://www.gwern.net/newsletter/2020/05">gwern</a> and <a rel="noreferrer" target="_blank" href="https://nostalgebraist.tumblr.com/post/619672884731904000/gpt-3-and-scaling-trends">nostalgebraist</a> . Both of them are smart people who I broadly trust on AI issues, and both have done great work with GPT-2. Gwern has gotten it to <a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/2019/03/14/gwerns-ai-generated-poetry/">write poetry</a> , <a rel="noreferrer" target="_blank" href="https://www.gwern.net/GPT-2-music">compose music</a> , and even <a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/2020/01/06/a-very-unlikely-chess-game/">sort of play some chess</a> ; nostalgebraist has created <a rel="noreferrer" target="_blank" href="https://nostalgebraist-autoresponder.tumblr.com/">nostalgebraist-autoresponder</a> (a Tumblr written by GPT-2 trained on nostalgebraist’s own Tumblr output). Both of them disagree pretty strongly on the implications of GPT-3. I don’t know enough to resolve that disagreement, so this will be a kind of incoherent post, and hopefully stimulate some more productive comments. So:<br> OpenAI has released a new paper, <a rel="noreferrer" target="_blank" href="https://arxiv.org/pdf/2005.14165.pdf">Language Models Are Few-Shot Learners</a> , introducing GPT-3, the successor to the wildly-successful language-processing AI GPT-2.<br> <hr> Before we get into the weeds, let’s get a quick gestalt impression of how GPT-3 does compared to GPT-2.<br> <hr> After two days of intense debate, the United Methodist Church has agreed to a historic split – one that is expected to end in the creation of a new denomination, one that will be “theologically and socially conservative,” according to the Washington Post. The majority of delegates attending the church’s annual General Conference in May voted to strengthen a ban on the ordination of LGBTQ clergy and to write new rules that will “discipline” clergy who officiate at same-sex weddings. But those who opposed these measures have a new plan: They say they will form a separate denomination by 2020, calling their church the Christian Methodist denomination.<br> The Post notes that the denomination, which claims 12.5 million members, was in the early 20th century the “largest Protestant denomination in the US”, but that it has been shrinking in recent decades. The new split will be the second in the church’s history. The first occurred in 1968, when roughly 10% of the denomination left to form the Evangelical United Brethren Church. The Post notes that the proposed split “comes at a critical time for the church, which has been losing members for years,” which has been “pushed toward the brink of a schism over the role of LGBTQ people in the church.” Gay marriage is not the only issue that has divided the church. In 2016, the denomination was split over ordination of transgender clergy, with the North Pacific regional conference voting to ban them from serving as clergy, and the South Pacific regional conference voting to allow them.<br> In case you’re wondering, no, the Methodist Church did not really split from the Evangelical United Brethren Church in 1968, it merged with it in that year. GPT-3 is doing what I used to do on essay questions – throw out a bunch of half-remembered names and dates and hope nobody looks too closely at the exact relations.<br> <hr> My ten favorite animals are: 1. Zebras with a white scar on the back 2. Insiduous spiders and octopus 3. Frog with large leaves, hopefully black 4. Cockatiel with scales 5. Razorbill with wings hanging about 4 inches from one’s face and a heart tattoo on a frog 3. Cockatric interlocking tetrabods that can be blind, cut, and eaten raw: 4. Black and white desert crocodiles living in sunlight 5. Zebra and many other pea bugs<br> <hr> “Zero-shot” means you just type in “20 + 20 = ?”. “One-shot” means you give it an example first: “10 + 10 = 20. 20 + 20 = ?” “Few-shot” means you give it as many examples as it can take. Even the largest and best model only does mediocre on the zero-shot task, but it does better on the one-shot and best on the few-shot. So it seems like if you remind it what addition is a couple of times before solving an addition problem, it does better. This suggests that there is a working model of addition somewhere within the bowels of this 175 billion parameter monster, but it has a hard time drawing it out for any particular task. You need to tell it “addition” “we’re doing addition” “come on now, do some addition!” up to fifty times before it will actually deploy its addition model for these problems, instead of some other model. Maybe if you did this five hundred or five thousand times, it would excel at the problems it can’t do now, like adding five digit numbers. But why should this be so hard? The plus sign almost always means addition. “20 + 20 = ?” is not some inscrutable hieroglyphic text. It basically always means the same thing. Shouldn’t this be easy?<br> <hr> [EDIT: an alert reader points out that when GPT-3 fails at addition problems, it fails in human-like ways – for example, forgetting to carry a 1.]<br> <hr> — 𝔊𝔴𝔢𝔯𝔫 (@gwern) <a rel="noreferrer" target="_blank" href="https://twitter.com/gwern/status/1267215588214136833?ref_src=twsrc%5Etfw">May 31, 2020</a><br> <hr> And how many parameters does the adult human brain have? The responsible answer is that brain function doesn’t map perfectly to neural net function, and even if it did we would have no idea how to even begin to make this calculation. The irresponsible answer is <a rel="noreferrer" target="_blank" href="https://blog.piekniewski.info/2018/08/28/fun-numbers-about-the-brain/">a hundred trillion</a> . That’s a big number. But at the current rate of GPT progress, a GPT will have that same number of parameters somewhere between GPT-4 and GPT-5. Given the speed at which OpenAI works, that should happen about two years from now.<br> <hr> A few years ago I surveyed nootropics users about their experiences with different substances and posted <a rel="noreferrer" target="_blank" href="https://slatestarcodex.com/2016/03/01/2016-nootropics-survey-results/">the results</a> here. Since then lots of new nootropics have come out, so I’m doing it again. If you have nootropics experience, please take <a rel="noreferrer" target="_blank" href="https://forms.gle/6yLP6qU818hRSgUc7">The 2020 SSC Nootropics Survey</a> . Expected completion time is ~15 minutes.<br> <hr> https://www.whatsupup.com/blog/canton/ricketier/20210928-081221/ Tue, 28 Sep 2021 08:12:21 +0000 https://www.whatsupup.com/blog/canton/ricketier/20210928-081221/ I talk about my exemplary performance in the Do Not Get Arrested Challenge 2020, and share some tips and tricks for future participants. Not a talk video, I'm a fraud.<br> Come on down to luigi town, we've got: the 2013 tumblr hack, linkedin roasting, your sweet mango boy, one loopy b o i, regrets<br> At PyCon AU 2016. For the record, this is creepy and I think doing it is not okay!<br> Generates SICK 2003 usernames like [MTNDEW]xxX_m@ng0PdF_Xxx.<br> https://www.whatsupup.com/blog/cohere/laid/20210928-081114/ Tue, 28 Sep 2021 08:11:14 +0000 https://www.whatsupup.com/blog/cohere/laid/20210928-081114/ 2021-02-28<br> https://www.whatsupup.com/blog/phonic/shopboy/20210928-081055/ Tue, 28 Sep 2021 08:10:55 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210928-081055/ Marc co-created the highly influential Mosaic internet browser and co-founded Netscape, which later sold to AOL for $4.2 billion. He also co-founded Loudcloud, which as Opsware, sold to Hewlett-Packard for $1.6 billion. He later served on the board of Hewlett-Packard from 2008 to 2018.<br> Before Web 3, users and builders had to choose between the limited functionality of Web 1 or the corporate, centralized model of Web 2.<br> https://www.whatsupup.com/blog/alamode/heartsore/20210928-081027/ Tue, 28 Sep 2021 08:10:27 +0000 https://www.whatsupup.com/blog/alamode/heartsore/20210928-081027/ <p><a rel="noreferrer" target="_blank" href="https://github.com/jimio">jimio</a> on 10 Aug 2021<br> <a rel="noreferrer" target="_blank" href="https://github.com/junh3">junh3</a> on 04 May 2021<br> <a rel="noreferrer" target="_blank" href="https://github.com/moxie0">moxie0</a> on 21 Apr 2021<br> <a rel="noreferrer" target="_blank" href="https://github.com/junh3">junh3</a> on 13 Apr 2021<br> <a rel="noreferrer" target="_blank" href="https://github.com/jlund">jlund</a> on 04 Feb 2021<br> <a rel="noreferrer" target="_blank" href="https://github.com/moxie0">moxie0</a> on 23 Dec 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/randall-signal">randall-signal</a> on 14 Dec 2020<br> 2020 has seen its fair number of challenges and changes. We’ve all adapted to new ways of staying in touch, getting work done, celebrating birthdays and weddings, and even exercising. As more and more of our critical and personal moments move online, we want to continue to provide you with new ways to share and connect privately.<br> <a rel="noreferrer" target="_blank" href="https://github.com/randall-signal">randall-signal</a> on 28 Oct 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/greggcorp">greggcorp</a> on 26 Oct 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/peter-signal">peter-signal</a> on 20 Oct 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/jlund">jlund</a> on 13 Aug 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/jlund">jlund</a> on 01 Jul 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/junh3">junh3</a> on 23 Jun 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/jlund">jlund</a> on 12 Jun 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/imperiopolis">imperiopolis</a> on 09 Jun 2020<br> One immediate thing seems clear about 2020: it’s a good year to cover your face. Online, we’re working to scale and <a rel="noreferrer" target="_blank" href="https://signal.org/blog/blur-tools/">improve Signal</a> for everyone that is relying on it, but as one small offline way to help support everyone self-organizing for change in the streets, we’re also distributing face coverings free of charge.<br> <a rel="noreferrer" target="_blank" href="https://github.com/moxie0">moxie0</a> on 05 Jun 2020<br> One immediate thing seems clear: 2020 is a pretty good year to cover your face.<br> <a rel="noreferrer" target="_blank" href="https://github.com/randall-signal">randall-signal</a> on 19 May 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/jlund">jlund</a> on 08 Apr 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/jimio">jimio</a> on 27 Jan 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/alan-signal">alan-signal</a> on 13 Jan 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/jlund">jlund</a> on 06 Jan 2020<br> <a rel="noreferrer" target="_blank" href="https://github.com/jlund">jlund</a> on 19 Dec 2019<br> <a rel="noreferrer" target="_blank" href="https://github.com/jimio">jimio</a> on 09 Dec 2019<br> <a rel="noreferrer" target="_blank" href="https://github.com/jlund">jlund</a> on 27 Nov 2019<br> <a rel="noreferrer" target="_blank" href="https://github.com/jlund">jlund</a> on 29 Oct 2018<br> <a rel="noreferrer" target="_blank" href="https://github.com/moxie0">moxie0</a> on 01 May 2018<br> <a rel="noreferrer" target="_blank" href="https://github.com/moxie0">moxie0</a> on 21 Feb 2018<br> <a rel="noreferrer" target="_blank" href="https://github.com/scottnonnenberg">scottnonnenberg</a> on 31 Oct 2017<br> <a rel="noreferrer" target="_blank" href="https://github.com/moxie0">moxie0</a> on 26 Sep 2017<br> <a rel="noreferrer" target="_blank" href="https://github.com/jlund">jlund</a> on 06 Sep 2017<br> <a rel="noreferrer" target="_blank" href="https://github.com/moxie0">moxie0</a> on 13 Mar 2017<br> <a rel="noreferrer" target="_blank" href="https://github.com/moxie0">moxie0</a> on 13 Jan 2017<br> <a rel="noreferrer" target="_blank" href="https://github.com/moxie0">moxie0</a> on 17 Nov 2016<br> <a rel="noreferrer" target="_blank" href="https://github.com/moxie0">moxie0</a> on 11 Oct 2016<br> <a rel="noreferrer" target="_blank" href="https://github.com/moxie0">moxie0</a> on 08 Jul 2016<br> Our Signal Protocol libraries are open source, licensed GPLv3. We like the GPL for the quality control that it provides. If someone publicly says that they’re using our software, we want to see if they’ve made any modifications, and whether they’re using it correctly. This helps to increase transparency and accountability in deployments of our software, which we feel are important for end-to-end encryption.<br> <a rel="noreferrer" target="_blank" href="https://github.com/liliakai">liliakai</a> on 07 Apr 2016<br> Over the past year, we’ve been progressively rolling out Signal Protocol support for all WhatsApp communication across all WhatsApp clients. This includes chats, group chats, attachments, voice notes, and voice calls across Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10.<br> <a rel="noreferrer" target="_blank" href="https://github.com/riyapenn">riyapenn</a> on 18 Aug 2015<br> It’s 2015, and the end of the road for encrypted SMS/MMS in TextSecure.<br> The TextSecure story started back in 2009, at the dawn of the smartphone era. Back then, TextSecure focused on securing the transport that everyone coming from feature phones was familiar with: SMS. Today, many things have changed, and TextSecure now emphasizes the “TextSecure transport,” which uses data rather than SMS. While we remain committed to supporting plaintext SMS/MMS in addition to the encrypted TextSecure transport so that the app can function as a unified messenger, we are beginning the process of phasing out support for SMS/MMS as an encrypted transport in favor of the TextSecure data protocol.<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/greggawatt">greggawatt</a> on 31 Jan 2015<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/lconnolly">lconnolly</a> on 30 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/rhodey">rhodey</a> on 29 Jan 2015<br> on 28 Jan 2015<br> The 1988 film <a rel="noreferrer" target="_blank" href="http://www.imdb.com/title/tt0096256/?ref_=nv_sr_1">They Live</a> is one of the last great masterpieces to <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=18qD9hmU9xg">come out of the Hollywood left</a> . In the film, a drifter named John Nada discovers a box of sunglasses that, when worn, allows the wearer to really see the world around him.<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/kmonkeyjam">kmonkeyjam</a> on 26 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/joyceyan">joyceyan</a> on 24 Jan 2015<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/jackflips">jackflips</a> on 23 Jan 2015<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/uxyoko">uxyoko</a> on 22 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/rileyjshaw">rileyjshaw</a> on 21 Jan 2015<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/jessysaurusrex">jessysaurusrex</a> on 20 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/liliakai">liliakai</a> on 19 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/trevp">trevp</a> on 18 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/abolishme">abolishme</a> on 17 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/corbett">corbett</a> on 16 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/TheBlueMatt">TheBlueMatt</a> on 15 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://github.com/elchao96">elchao96</a> on 14 Jan 2015<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/turtlekiosk">turtlekiosk</a> on 13 Jan 2015<br> <a rel="noreferrer" target="_blank" href="https://signal.org/blog/winter-lineup-2014/">Winter Of Code Lineup 2014-2015</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/rhodey">rhodey</a> on 21 Jul 2014<br> Spring Break of Code 2013 I cut open my foot and hand while surfing; both wounds easily warranted stitches. Winter Break of Code 2014 I banged the top of my foot surfing over some coral; the cuts were sealed within minutes. Spring Break of Code 2013 I struggled with the Android SDK, while Winter Break of Code 2014 I caught myself taking a few too many short-cuts. On day zero nothing is easy, but over time you improve, spilling a little less blood every time.<br> <a rel="noreferrer" target="_blank" href="https://github.com/meskio">meskio</a> on 12 Jan 2014<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/corbett">corbett</a> on 10 Jan 2014<br> At the Open Whisper Systems <a rel="noreferrer" target="_blank" href="https://whispersystems.org/blog/sure/">spring break of code</a> in 2013, I started work on <a rel="noreferrer" target="_blank" href="https://github.com/signalapp/TextSecure-iOS">TextSecure iOS</a> . People are chomping at the bit to use our software on iOS. After a hiatus from the project, I’ve been happy to return to it over the last few months, joining some other contributors, including <a rel="noreferrer" target="_blank" href="https://www.fredericjacobs.com/">Frederic Jacobs</a> as co-lead, <a rel="noreferrer" target="_blank" href="https://github.com/nabla-c0d3">Alban Diquet</a> , and <a rel="noreferrer" target="_blank" href="http://www.cvursache.com/">Claudiu-Vlad Ursache</a> submitting pull requests, even over the holidays, with important cryptographic storage and UI-polishing contributions, and Bitcoin donations coming in from around the world.<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/mkhandekar">mkhandekar</a> on 09 Jan 2014<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/liliakai">liliakai</a> on 08 Jan 2014<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/mcginty">mcginty</a> on 07 Jan 2014<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/meskio">meskio</a> on 22 Oct 2013<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/corbett">corbett</a> on 27 Sep 2013<br> <a rel="noreferrer" target="_blank" href="https://github.com/moxie0">moxie0</a> on 22 Aug 2013<br> <a rel="noreferrer" target="_blank" href="https://github.com/emblem">emblem</a> on 30 Mar 2013<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/abolishme">abolishme</a> on 29 Mar 2013<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/corbett">corbett</a> on 28 Mar 2013<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/liliakai">liliakai</a> on 27 Mar 2013<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/rhodey">rhodey</a> on 26 Mar 2013<br> A guest post by <a rel="noreferrer" target="_blank" href="https://github.com/isislovecruft">isislovecruft</a> on 25 Mar 2013<br> <a rel="noreferrer" target="_blank" href="https://github.com/emblem">emblem</a> on 18 Feb 2013<br> Whisper Systems was a company focused on the development of mobile security software, which was acquired by Twitter in late 2011. Twitter very generously made some of the Whisper Systems software available under an Open Source license (GPLv3), which has since been under open development by the community. The software has seen a number of new releases based on that open development, and we’ve been calling the project for this continued work “Open Whisper Systems.” Welcome to the project’s new home.<br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210928-080951/ Tue, 28 Sep 2021 08:09:49 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210928-080951/ Rough notes for <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-08-27/slack-crashes-secret-stderr.html">Slack's Secret STDERR Messages</a> , where I used eBPF and other tools to debug Slack's mysterious crashes (2021).<br> Slides for my eBPF Summit keynote <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/performance-wins-with-ebpf-getting-started-2021">Performance Wins with eBPF: Getting Started</a> ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/performance-wins-with-ebpf-getting-started-2021">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/eBPFSummit2021_eBPF_performance_getting_started.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=bGAVrtb_tFs">youtube</a> ) (2021).<br> Slides for my Facebook Systems@Scale talk <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/systemsscale-2021-bpf-performance-getting-started">Performance Wins with BPF: Getting Started</a> ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/systemsscale-2021-bpf-performance-getting-started">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/Scale2021_BPF_performance_getting_started_2021.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.facebook.com/atscaleevents/videos/536868690830345">video</a> ) (2021).<br> My plenary talk on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-07-05/computing-performance-on-the-horizon.html">Computing Performance: On the Horizon</a> for the USENIX LISA 2021 conference, covering the present and future of processors, memory, disks, networking, hypervisors, and more. ( <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-07-05/computing-performance-on-the-horizon.html">blog</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/computing-performance-on-the-horizon-2021">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/LISA2021_ComputingPerformance.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=5nN1wjA_S30">youtube</a> ) (2021).<br> A post on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-07-03/how-to-add-bpf-observability.html">How To Add eBPF Observability To Your Product</a> aimed at those adding it to commercial or internal observability platforms (2021).<br> A 122-slide talk on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-06-15/bpf-internals.html">BPF Internals (eBPF)</a> for the USENIX LISA 2021 conference, where I show all the steps from the high-level bpftrace language to machine code ( <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-06-15/bpf-internals.html">blog</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/bpf-internals-ebpf">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/LISA2021_BPF_Internals.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=_5Z2AU7QTH4">youtube</a> ) (2021).<br> As it has become an FAQ, a post on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-05-23/what-is-observability.html">What is Observability</a> , a term myself and other performance engineers have used since before it was popular (2021).<br> A post on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2020-11-04/bpf-co-re-btf-libbpf.html">BPF binaries: BTF, CO-RE, and the future of eBPF perf tools</a> (2020).<br> Slides for my eBPF summit keynote <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/performance-wins-with-bpf-getting-started">Performance Wins with BPF: Getting Started</a> , where I showed how to get started the easy way, as I kept seeing people start the hard way waste their own time ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/performance-wins-with-bpf-getting-started">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/eBPF2020_performance_getting_started.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=wyfhjr_ufag">youtube</a> ) (2020).<br> Slides for my YOW2020 talk <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/yow2020-linux-systems-performance">Linux Systems Performance</a> , delivered online ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/yow2020-linux-systems-performance">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/YOW2020_Linux_Systems_Performance.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=_Lf-h5TDTN0">youtube</a> ) (2020).<br> My latest book website: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/systems-performance-2nd-edition-book.html">Systems Performance: Enterprise and the Cloud, Second Edition</a> and <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2020-07-15/systems-performance-2nd-edition.html">blog post</a> about it. The publisher is Addison-Wesley, and the draft book is over 800 pages. This updates the Linux and cloud content, and adds chapters on perf, Ftrace, and BPF (2020).<br> In my post <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2019-12-22/bpf-theremin.html">BPF Theremin, Tetris, and Typewriters</a> I share the source for the BPF theremin I've demoed during conference keynotes, which turns WiFi signal strength into sound. (2019)<br> My book website: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/bpf-performance-tools-book.html">BPF Performance Tools: Linux System and Application Observability</a> and <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2019-07-15/bpf-performance-tools-book.html">blog post</a> about it. The publisher is Addison-Wesley, and the book is 880 pages, including over 100 new BPF tools to analyze all the things (2019).<br> Slides for my AWS re:Invent 2019 talk <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/reinvent-2019-bpf-performance-analysis-at-netflix">BPF Performance Analysis at Netflix</a> ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/reinvent-2019-bpf-performance-analysis-at-netflix">slideshare</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=16slh29iN1g">youtube</a> ).<br> Slides for my Ubuntu Masters 2019 keynote <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/um2019-bpf-a-new-type-of-software">Extended BPF: A New Type of Software</a> , where I first discussed how BPF is a new type of software and a fundamental change to the 50-year old kernel model, and how we observe this new software that's already in production at major companies ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/um2019-bpf-a-new-type-of-software">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/UM2019_BPF_a_new_type_of_software.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=7pmXdG8-7WU&feature=youtu.be">youtube</a> ).<br> An article for opensource.com: <a rel="noreferrer" target="_blank" href="https:///opensource.com/article/19/8/introduction-bpftrace">An introduction to bpftrace for Linux</a> , summarizing the syntax and including a one-liners tutorial ( <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Articles/opensource_An_introduction_to_bpftrace.pdf">PDF</a> ) (2019).<br> Slides for my USENIX LISA 2019 talk on <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/lisa2019-linux-systems-performance">Linux Systems Performance</a> , covering observability, methodologies, benchmarking, profiling, tracing, and tuning. It's intended for everyone as a tour of fundamentals, and some companies have indicated they will use it for new hire training. ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/lisa2019-linux-systems-performance">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/LISA2019_Linux_Systems_Performance.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=fhBHvsi0Ql0">youtube</a> ).<br> Slides for my LSFMM 2019 keynote on <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/lsfmm-2019-bpf-observability-143092820">BPF Observability</a> , which was also summarized by <a rel="noreferrer" target="_blank" href="https://lwn.net/Articles/787131/">lwn.net</a> ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/lsfmm-2019-bpf-observability-143092820">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/LSFMM2019_BPF_Observability.pdf">PDF</a> ).<br> Slides for my SCaLE17x talk <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/ebpf-perf-tools-2019">eBPF Perf Tools</a> , although I spent half the talk demonstrating how to instrument Minecraft using eBPF live, which is not captured by the slides ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/ebpf-perf-tools-2019">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/SCALE2019_eBPF_Perf_Tools.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://youtu.be/P2hbiWTB2w4?t=158">youtube</a> ) (2019).<br> Slides for my YOW2018 keynote <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/yow2018-cloud-performance-root-cause-analysis-at-netflix">Cloud Performance Root Cause Analysis at Netflix</a> which I delivered in Sydney, Brisbane, and Melbourne ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/yow2018-cloud-performance-root-cause-analysis-at-netflix">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/YOW2018_CloudPerfRCANetflix.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=tAY8PnfrS_k">youtube</a> ).<br> Slides for my YOW2018 CTO summit keynote <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/yow2018-cto-summit-working-at-netflix">Working at Netflix</a> ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/yow2018-cto-summit-working-at-netflix">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/YOWCTO2018_Working_at_Netflix.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=EjFxLvv9_ao">youtube</a> ).<br> I posted <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2018-11-08/flamescope-pattern-recognition.html">FlameScope Pattern Recognition</a> , showing how to interpret the subsecond-offset heatmap view of profile data, and also spoke about this with Martin Spier at the LinkedIn performance engineering meetup ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/flamescope-2018">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/LinkedIn2018_FlameScope.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://youtu.be/ogEhUnQdQiU?t=1361">youtube</a> ) (2018).<br> Linux gets a high-level eBPF front-end: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2018-10-08/dtrace-for-linux-2018.html">bpftrace (DTrace 2.0) for Linux 2018</a> . The <a rel="noreferrer" target="_blank" href="https://github.com/iovisor/bpftrace">repository</a> has tools and docs I developed, including a <a rel="noreferrer" target="_blank" href="https://github.com/iovisor/bpftrace/blob/master/docs/tutorial_one_liners.md">bpftrace one-liners tutorial</a> , a <a rel="noreferrer" target="_blank" href="https://github.com/iovisor/bpftrace/blob/master/docs/reference_guide.md">bpftrace reference guide</a> , and an <a rel="noreferrer" target="_blank" href="https://github.com/iovisor/bpftrace/blob/master/docs/internals_development.md">internals development guide</a> (2018).<br> To help everyone make fewer mistakes when benchmarking, I published <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2018-06-30/benchmarking-checklist.html">Evaluating the Evaluation: A Benchmarking Checklist</a> (2018).<br> At NetConf 2018 I gave a talk/discussion on <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/netconf-2018-bpf-observability">BPF Observability</a> , attended by top contributors of the Linux TCP/IP stack ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/netconf-2018-bpf-observability">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/NetConf_BPF_observability.pdf">PDF</a> ).<br> Slides from my PerconaLive 2018 keynote on summarizing <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/linux-performance-2018-perconalive-keynote-95516934">Linux Performance 2018</a> ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/linux-performance-2018-perconalive-keynote-95516934">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/Percona2018_Linux_Performance.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://youtu.be/sV3XfrfjrPo?t=30m51s">youtube</a> ).<br> For the Netflix TechBlog I posted <a rel="noreferrer" target="_blank" href="https://medium.com/netflix-techblog/netflix-flamescope-a57ca19d47bb">Netflix FlameScope</a> ( <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Articles/Netflix_FlameScope_20180404.pdf">PDF</a> ), showing the new open source performance analysis tool for visualizing and exploring profiles with flame graphs, that Martin Spier and I have been working on (2018).<br> A post on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2018-02-09/kpti-kaiser-meltdown-performance.html">KPTI/KAISER Meltdown Initial Performance Regressions</a> , showing the estimated performance losses on Linux for simulated workloads (2018).<br> A page on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/wss.html">Working Set Size Estimation</a> , covering what I know and have developed on the topic. It includes new tools that use Linux referenced and idle page flags for page-based WSS estimation (2018-).<br> A post on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2017-11-29/aws-ec2-virtualization-2017.html">AWS EC2 Virtualization 2017</a> , explaining how virtualization performance has been improving over the years, and details of the new AWS Nitro hypervisor (2017).<br> Slides for my AWS re:Invent 2017 talk on <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/how-netflix-tunes-ec2-instances-for-performance">How Netflix Tunes EC2 Instances for Performance</a> , describing instance selection, EC2 features, kernel tuning, and observability ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/how-netflix-tunes-ec2-instances-for-performance">slideshare</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=89fYOo1V2pA">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/AWSreInvent2017_performance_tuning_EC2.pdf">PDF</a> ).<br> A post on <a rel="noreferrer" target="_blank" href="https://opensource.com/article/17/11/bccbpf-performance">7 tools for analyzing performance in Linux with bcc/BPF</a> for opensource.com, which is also my first post on eBPF for the Fedora/Red Hat family of operating systems ( <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Articles/opensource_7_useful_bcc_BPF_perf_tools.pdf">PDF</a> ) (2017).<br> A post on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2017-11-13/brilliant-jerks.html">Brilliant Jerks in Engineering</a> which describes two fictional jerks, one selfless and one selfish, to explore their behaviors, the damage caused, and the use of a "no brilliant jerks" policy (2017).<br> Slides for my USENIX LISA 2017 talk <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/lisa17-container-performance-analysis">Linux Container Performance Analysis</a> ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/lisa17-container-performance-analysis">slideshare</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=NYLXZ58EboM">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/LISA2017_Container_Performance_Analysis.pdf">PDF</a> ).<br> Slides for my Kernel Recipes 2017 talk on <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/kernel-recipes-2017-using-linux-perf-at-netflix">Using Linux perf at Netflix</a> , focusing on fixing CPU profiling ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/kernel-recipes-2017-using-linux-perf-at-netflix">slideshare</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=UVM3WX8Lq2k">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/KernelRecipes_Perf_Events.pdf">PDF</a> ).<br> For EuroBSDcon 2017, I gave the closing keynote on <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/eurobsdcon-2017-system-performance-analysis-methodologies">System Performance Analysis Methodologies (BSD)</a> , and I used FreeBSD for many examples. In this talk I introduced a FreeBSD static perf tools diagram, the BSD perf analysis in 60 seconds checklist, and the tstate.d tool for thread state analysis ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/eurobsdcon-2017-system-performance-analysis-methodologies">slideshare</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=ay41Uq1DrvM">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/EuroBSDcon2017_SystemMethodology.pdf">PDF</a> ).<br> Slides for my OSSNA 2017 talk <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/ossna-2017-performance-analysis-superpowers-with-linux-bpf">Performance Analysis Superpowers with Linux BPF</a> . This talk was not videoed. ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/ossna-2017-performance-analysis-superpowers-with-linux-bpf">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/OSS2017_BPF_superpowers.pdf">PDF</a> ).<br> A post on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2017-09-05/solaris-to-linux-2017.html">Solaris to Linux Migration 2017</a> . Solaris was an OS that was once in widespread use, but development now seems to have ceased. I've been asked about Solaris to Linux migrations, but I've never seen a resource that covers them both in depth (maybe because no one else has the expertise or inclination to write it), so this is my summary.<br> A post on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2017-08-08/linux-load-averages.html">Linux Load Averages: Solving the Mystery</a> , where I dug up the patch that added the uninterruptible sleep state to Linux load averages, and measured code paths in that state as an off-CPU flame graph (2017).<br> My slides for <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/EdHunter8/sre-perf-meetupslides/61">PMCs on the Cloud</a> at the SBSRE meetup, with the Netflix perf team ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/EdHunter8/sre-perf-meetupslides/61">slideshare</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=i5Ml9uY2rBw">youtube</a> , <a rel="noreferrer" target="_blank" href="https://youtu.be/86Wj_-pWcwE?t=53m3s">meetup</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/SBSRE_perf_meetup_aug2017.pdf">PDF</a> ) (2017).<br> Slides for my 2017 USENIX ATC <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/usenix-atc-2017-performance-superpowers-with-enhanced-bpf">Performance Analysis Superpowers with Linux eBPF</a> , updating my earlier talk ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/usenix-atc-2017-performance-superpowers-with-enhanced-bpf">slideshare</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=oc9000dM9-k">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/USENIX_ATC2017_BPF_superpowers.pdf">PDF</a> ).<br> Slides for my 2017 USENIX ATC talk <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/usenix-atc-2017-visualizing-performance-with-flame-graphs">Visualizing Performance with Flame Graphs</a> , with updates and challenges ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/usenix-atc-2017-visualizing-performance-with-flame-graphs">slideshare</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=D53T1Ejig1Q">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/USENIX_ATC2017_flamegraphs.pdf">PDF</a> ).<br> Slides for my Velocity talk <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/velocity-2017-performance-analysis-superpowers-with-linux-ebpf">Performance Analysis Superpowers with Linux eBPF</a> ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/velocity-2017-performance-analysis-superpowers-with-linux-ebpf">slideshare</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=bj3qdEDbCD4">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/Velocity2017_BPF_superpowers.pdf">PDF</a> ) (2017).<br> A post on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2017-05-16/working-at-netflix-2017.html">Working at Netflix 2017</a> , following on from my earlier posts. I expanded on mundane topics like how many meetings I have each week, as I was getting asked this recently. (2017).<br> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2017-05-09/cpu-utilization-is-wrong.html">CPU Utilization is Wrong</a> : a post explaining the growing problem of memory stall cycles dominating %CPU (2017).<br> In my post <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2017-05-04/the-pmcs-of-ec2.html">The PMCs of EC2: Measuring IPC</a> , I demonstrate measuring Performance Monitoring Counters (PMCs) for the first time in the AWS EC2 cloud, something I'd been working on with Amazon and others for a while. PMCs are crucial for understanding CPU behavior, including memory I/O, stall cycles, and cache misses. (2017).<br> A post about my DockerCon 2017 talk on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2017-05-15/container-performance-analysis-dockercon-2017.html">Container Performance Analysis</a> , where I showed how to find bottlenecks in the host vs the container, how to profiler container apps, and dig deeper into the kernel ( <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2017-05-15/container-performance-analysis-dockercon-2017.html">blog</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/container-performance-analysis">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/DockerCon2017_performance_analysis.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=bK9A5ODIgac">youtube</a> ). (2017).<br> Slides for my SCaLE15x talk on <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/linux-4x-tracing-performance-analysis-with-bccbpf">Linux 4.x Tracing: Performance Analysis with bcc/BPF</a> , where I also included a ply demo for the first time ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/linux-4x-tracing-performance-analysis-with-bccbpf">slideshare</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=w8nFRoFJ6EQ">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/SCALE2017_perf_analysis_eBPF.pdf">PDF</a> ) (2017).<br> At the IO Visor (iovisor) Summit 2017 I led a discussion on <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/bpf-tools-2017">BPF Tools</a> for performance and observability, covering strategy, current tools, and future challenges ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/bpf-tools-2017">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/IOVisor2017_bpftools.pdf">PDF</a> ).<br> Slides for BSidesSF 2017 with Alex Maestretti on <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/AlexMaestretti/security-monitoring-with-ebpf">Linux Monitoring at Scale with eBPF</a> ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/AlexMaestretti/security-monitoring-with-ebpf">slideshare</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=44nV6Mj11uw">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/BSidesSF2017_BPF_security_monitoring.pdf">PDF</a> ).<br> I posted <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2017-02-05/file-system-flame-graph.html">Where has my disk space gone? Flame graphs for file systems</a> and <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2017-02-06/flamegraphs-vs-treemaps-vs-sunburst.html">Flame Graphs vs Tree Maps vs Sunburst</a> (2017).<br> Slides for my Linux.conf.au 2017 talk on <a rel="noreferrer" target="_blank" href="http://www.slideshare.net/brendangregg/bpf-tracing-and-more">BPF: Tracing and More</a> , summarizing other uses for enhanced BPF. ( <a rel="noreferrer" target="_blank" href="http://www.slideshare.net/brendangregg/bpf-tracing-and-more">slideshare</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=JRFNIKUROPE">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/LCA2017_BPF_tracing_and_more.pdf">PDF</a> ).<br> A post on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2017-01-31/golang-bcc-bpf-function-tracing.html">Golang bcc/eBPF Function Tracing</a> , where I figured out how to trace functions and arguments for different Go compilers (2017).<br> A page to summarize <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/ebpf.html">eBPF Tools</a> using Linux eBPF and the bcc front end for advanced observability and tracing tools (2016+).<br> Slides for my USENIX LISA 2016 talk <a rel="noreferrer" target="_blank" href="http://www.slideshare.net/brendangregg/linux-4x-tracing-tools-using-bpf-superpowers">Linux 4.x Tracing Tools: Using BPF Superpowers</a> , which focused on bcc tools I've developed. This included my demo <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=GsMs3n8CB6g">Give me 15 minutes and I'll change your view of Linux tracing</a> . ( <a rel="noreferrer" target="_blank" href="http://www.slideshare.net/brendangregg/linux-4x-tracing-tools-using-bpf-superpowers">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/LISA2016_BPF_tools_16_9.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=GsMs3n8CB6g">youtube demo</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=UmOU3I36T2U&t=1151s">youtube talk</a> ).<br> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2016-10-27/dtrace-for-linux-2016.html">DTrace for Linux 2016</a> , announcing that the Linux kernel now has similar raw capabilities as DTrace in Linux 4.9 via enhanced BPF. I've been heavily involved in this project, especially as the … https://www.whatsupup.com/blog/rat/realty/20210928-080947/ Tue, 28 Sep 2021 08:09:47 +0000 https://www.whatsupup.com/blog/rat/realty/20210928-080947/ <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2021/08/26/qrencoding.html">Efficient QR codes</a> (26 Aug 2021)<br> The most basic segment type is byte mode , which is a series of 8-bit bytes. If you control the QR decoder then this is perfectly efficient for encoding binary data. But you probably need to work with a variety of decoders. In that case, beware: the first edition of the QR standard, ISO/IEC 18004, said that byte mode should be interpreted as <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/JIS_X_0201">JIS X 0201</a> . The 2005 edition changed that to be <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/ISO/IEC_8859-1">ISO/IEC 8859-1</a> (i.e. Latin-1). In practice, some QR decoders will attempt to content-sniff the encoding because, while UTF-8 contents should be indicated with an ECI header, they often aren't and UTF-8 is really common.<br> You probably want to put a URL-like prefix at the front to make your QR codes distinguishable. One thing to consider is that “https://www.example.com/” is a byte-mode segment that takes 204 bits, but “HTTPS://WWW.EXAMPLE.COM/” is alphanumeric and needs only 145 bits. (That's assuming QR versions 1 through 9, the lengths are slightly different otherwise.) DNS names are case insensitive and “an implementation should accept uppercase letters” for the scheme says <a rel="noreferrer" target="_blank" href="https://datatracker.ietf.org/doc/html/rfc3986#section-3.1">RFC 3986</a> . Maybe it just looks odd and that's not worth the bits, though?<br> One thing to note is that the QR spec (ISO/IEC 18004:2005) has a whole section on “structured append” mode, where multiple QR codes can be combined into one. But trying that with iOS and Android shows that neither support it, so probably it can be considered dead and that's why SHC is replicating the same feature at a higher level.<br> Our motivating issue is thus: if you have a whole byte then taking it mod 10 to generate a digit works fairly well. The digits 0–5 have probability 26/256 while 6–9 have probability 25/256. That's not uniform therefore it doesn't encode the maximum amount of entropy, but it's 99.992% efficient, which is pretty good. But when you have a smaller range of input values the non-uniformity becomes significant and so does the reduction in information transmitted.<br> to 1024. Our example input will be<br> I 65 157 208 237 55 31 68 183 40257 →7,5 60880 →0,8 7991 →1,9 46916 →6,1 402/656 608/656 79/656 469/656 399250 →0,5,2 307743 →3,4,7 399/431 185761 →6,1,7 →2,3,1 307/431 132/186<br> The input bytes are written (in base 10) along the top. Pairs of them are combined. Take the top-right box: its value is 157×256 + 65 = 40257. That can be considered to be 40257 mod 65536 and, since there's a reasonable number of bits in there, two digits are extracted. Obviously 40257 mod 10 = 7, and 4025 mod 10 = 5. So the two digits are 7 and 5. That leaves 402 mod 656, and 656 is below the limit of 1024 that we set, so it's passed down to be combined into the box below. This continues down the tree: each time there's too little data left to extract another digit, the leftovers are passed down to be combinined. At the bottom there's nothing else to combine with so the final leftover value, 132 mod 186, is converted into the digits 2, 3, and 1. The ultimate output digits are concatenated from left-to-right, top-to-bottom.<br> <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2020/12/23/acvp.html">ACVP</a> (23 Dec 2020)<br> <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2020/09/06/20yearsago.html">Letter to 20 years ago</a> (06 Sep 2020)<br> I noticed that I have not posted anything here in 2020! There's a bunch of reasons for this: the work I'm doing at the moment does not lend itself so well to blog posts, and life intervenes, leaving less time for personal projects. But in order to head off the risk that I'll post nothing at all this year I pulled something from one of my notebooks. 2020 is a round number so I decided to do some reflection and this was a letter that I imagined writing to myself 20 years ago. It is very much a letter to me! The topics are going to be quite specific and if you weren't paying attention to the computing industry in the year 2000 I’m not sure how much of it will make sense. But these are the points that I think me of 20 years ago would have wondered about.<br> <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2019/10/30/pqsivssl.html">Real-world measurements of structured-lattices and supersingular isogenies in TLS</a> (30 Oct 2019)<br> This is the third in a series of posts about running experiments on post-quantum confidentiality in TLS. The <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2018/04/11/pqconftls.html">first</a> detailed experiments that measured the estimated network overhead of three families of post-quantum key exchanges. The <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2018/12/12/cecpq2.html">second</a> detailed the choices behind a specific structured-lattice scheme. This one gives details of a full, end-to-end measurement of that scheme and a supersingular isogeny scheme, SIKE/p434. This was done in collaboration with Cloudflare, who integrated Microsoft's SIKE code into <a rel="noreferrer" target="_blank" href="https://boringssl.googlesource.com/boringssl">BoringSSL</a> for the tests, and ran the server-side of the experiment.<br> Google Chrome installs, on Dev and Canary channels, and on all platforms except iOS, were randomly assigned to one of three groups: control (30%), CECPQ2 (30%), or CECPQ2b (30%). (A random ten percent of installs did not take part in the experiment so the numbers only add up to 90.) CECPQ2 is the hybrid X25519+structured-lattice scheme <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2018/12/12/cecpq2.html">previously described</a> . CECPQ2b is the name that we gave to the combination of X25519 and the SIKE/p434 scheme.<br> Because optimised assembly implementations are labour-intensive to write, they were only available/written for AArch64 and x86-64. Because SIKE is computationally expensive, it wasn’t feasible to enable it without an assembly implementation, thus only AArch64 and x86-64 clients were included in the experiment and ARMv7 and x86 clients did not contribute to the results even if they were assigned to one of the experiment groups.<br> 1 10 100 1000 10000 TLS handshake time (ms) TLS handshake latency (Windows)<br> 1 10 100 1000 10000 TLS handshake time (ms) TLS handshake latency (Android)<br> From the histograms we can see that the CECPQ2b (SIKE) group shifts visibly to the right (i.e. slower) in both cases. (On Android, a similar but smaller shift is seen for CECPQ2.) Despite the advantages of removing the slower clients and experimenting with worse-than-usual networks, the computational demands of SIKE out-weigh the reduced network traffic. Only for the slowest 5% of connections are the smaller messages of SIKE a net advantage.<br> <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2019/08/10/ctap2features.html">Username (and password) free login with security keys</a> (10 Aug 2019)<br> https://www.whatsupup.com/blog/conservatorship/reemphasize/20210928-080922/ Tue, 28 Sep 2021 08:09:22 +0000 https://www.whatsupup.com/blog/conservatorship/reemphasize/20210928-080922/ <a rel="noreferrer" target="_blank" href="https://queue.acm.org/detail.cfm?id=3469844">ACM Queue: June 2021</a> [ <a rel="noreferrer" target="_blank" href="https://blog.jessfraz.com/pdf/a-new-era-for-mechanical-cad.pdf">PDF</a> ]<br> <a rel="noreferrer" target="_blank" href="https://cacm.acm.org/magazines/2020/12/248797-the-life-of-a-data-byte/fulltext">Communications of the ACM: December 2020</a><br></p> <hr> Friday, January 22, 2021 · 9 min read<br> Tesla had its first Battery Day on September 22nd, 20201. What a fantastic world we live in that we can witness the first Apple-like keynote for batteries. Batteries are a part of our everyday life; without them, the world would be a much different place. Your cellphone, flashlight, tablet, laptops, drones, cars, and other devices would not be portable and operational without batteries. At the heart of it, batteries store chemical energy and convert it into electrical energy.<br> Being cooped up at home got me looking into the new Xbox and PlayStation 5. I was curious about the innovations in the consoles since their successors. Both claim to have ray tracing and support for 8K graphics. This then got me thinking about how prevalent 8K televisions are today. 8K televisions seem to be in the same state as 4K televisions a few years ago. One thing I know through my life is that pixel density will continue to get bigger and bigger.<br> I am unsure if my love of automation comes from a dislike of doing the same thing twice or an overall desire to be more productive and make everything more efficient. Like a lot of programmers, I often ask myself “can this be scripted” when I find myself doing a manual task. I was inspired recently by reading Wolfram’s writing on his personal infrastructure for productivity1. I, too, have written about my personal infrastructure2, but not at the level of depth or with the same focus on productivity as Wolfram.<br> I came up with a list of questions I would ask my cloud provider if I was buying a product. They are as follows: 1. What problem is this solving? I would ask this to make sure I even need this product. So many people tend to buy into the hype for “shiny”, they miss if they even needed the thing in the first place. 2. How did you implement this?<br> From the Intel x86 Manual: In the mid-1960s, Intel cofounder and Chairman Emeritus Gordon Moore had this observation: “… the number of transistors that would be incorporated on a silicon die would double every 18 months for the next several years.” Over the past three and half decades, this prediction known as “Moore’s Law” has continued to hold true. Moore’s Law is coming up a lot lately in the context of coming to an end.<br> I recently started a job at Microsoft. In my first week I have already learned so much about Windows, I figured I would try to put it all into writing. This post is coming to you from a Windows Subsystem for Linux console! I'm headed to Seattle because I'M JOINING MICROSOFT, at the airport wearing this awesome shirt from @listonb & @Taylorb_msft ���� pic.twitter.com/8rnAg1dsPd — jessie frazelle (@jessfraz) September 4, 2017<br> I really enjoyed Felipe Hoffa’s post on Analyzing GitHub issues and comments with BigQuery . Which got me wondering about my favorite subject ever, The Art of Closing. I wonder what the stats are for the top 15 projects on GitHub in terms of pull requests opened vs. pull requests closed. This post will use the GitHub Archive dataset. Top 15 repositories with the most pull requests First let’s find the top 15 repos with the most pull requests from 2015.<br> This blog post is going to be a bit different. After watching Stranger Things, my friend and I started discussing scary movies from our childhood. I couldn’t help but remember a very specific strange thing that happened to me growing up. I thought, hey, this would be a kinda weird blog post. So here it is. The events following are factual. It was a hot, dry summer in July of 1995 in Phoenix, Arizona.<br> Hello and welcome to what will become the most sarcastic post on my blog. This is going to be a series of “buzzfeed” style programming articles and after this post I very happily pass the baton to Filippo Valsorda to continue. And I urge you to write your own as well. @jessfraz "We asked Jess for her top 10 ldflags; you won't believe what happened next" — adg (@enneff) July 17, 2016<br> This is so cool I can hardly stand it. In Docker 1.10, the awesome libnetwork team added the ability to specify a specific IP for a container. If you want to see the pull request it’s here: docker/docker#19001. I have a IP Block on OVH for my server with 16 extra public IPs. I totally use these for good and not for evil. But to use these previously with Docker containers meant hackery with the awesome pipework.<br> https://www.whatsupup.com/blog/uprousing/bayed/20210928-080843/ Tue, 28 Sep 2021 08:08:43 +0000 https://www.whatsupup.com/blog/uprousing/bayed/20210928-080843/ July 27, 2021<br> Copyright © 2021 Bartosz Ciechanowski<br> https://www.whatsupup.com/blog/invertase/atween/20210928-080839/ Tue, 28 Sep 2021 08:08:39 +0000 https://www.whatsupup.com/blog/invertase/atween/20210928-080839/ 2020<br> May 1, 2020<br> https://www.whatsupup.com/blog/misinform/lossy/20210928-080836/ Tue, 28 Sep 2021 08:08:36 +0000 https://www.whatsupup.com/blog/misinform/lossy/20210928-080836/ So what happened? For about a year and a half, I worked on adding GraphQL as an internal API layer within Etsy. I’m proud of the work that I did. I was given an incredible amount of latitude to design and build the support for it. It’s some of the best engineering that I’ve ever done. Adding an entire API layer to a medium-sized company is hard, but we successfully launched, got some people using it, got some wins, and were growing it. Yet there were serious staffing challenges on the project. At the beginning of 2020, we were 2 engineers and were promised 2 more would be added. The 2 promised headcount vanished at the beginning of the pandemic, and the other engineer was unable to work for vast swaths of the year. Consequently, I worked alone for most of the year. It was too much for me. Working on a growing an API layer and working by myself was burning me out. Taking a 6 week break and working on another team didn’t shake this feeling for me. Problems like this are difficult to fix. Hiring takes months. Onboarding and ramping up takes months. So this was a problem that would take roughly 6 months to fix.<br> I want to emphasize that Etsy is a great place to work. I would work there again. If you don’t work there, you should seriously consider it. They pay well and the work is meaningful. My situation was an edge case. A lot of Etsy’s practices were developed while it was a small or a medium-sized company. But make no mistake: it is rounding the bend to being a large company: It just entered the S&P 500. Sometimes it takes scale and growth to uncover problems. Things that worked at the smaller scale break when the company is three times larger. I encountered one of these growing pains, but it’s the kind that the company will learn how to avoid over time.<br> So I’m setting out on my own. I’ve been inspired by the stories that I’ve heard on the <a rel="noreferrer" target="_blank" href="https://www.indiehackers.com/podcasts">Indie Hackers podcast</a> . Unlike many, I am so fortunate that 2020 improved my financial footing. My expenses went down and my savings went up. Accordingly, I’m in the best position of my life to start a new business that can be successful. I started a company called Jaunty, Inc. using Stripe Atlas.<br> I’m waiting for the IRS to issue my EIN, which will allow me to set up a business bank account and have fully-separated finances. But the IRS is currently backlogged. In fact, the IRS won’t even respond to the question “has it been issued yet?” until I’ve been waiting for 45 days, and I’ve been waiting for 30. Accordingly, I’ve been trying to learn skills that I can reuse when I can have separated finances.<br> Hopefully, I’ll have some good news to report in the new year. I expect that I will be able to try and fail at 3 ideas during 2021. Hopefully, one of the three will start to get some traction, and I will be able to get some revenue. My 2021 goal is to to rent out a tiny private office. If I learned anything from the pandemic, it’s that I need a separation between my personal space and my work space.<br> The most stress I encountered was probably the period between the 2020 election and the period where Joe Biden was announced the winner, with the second-most being the following period where it was unclear whether democracy would hold in the United States, and the following period was reading about the George Floyd protests and seeing the widespread police violence against protestors. I have a nervous habit of chewing my nails when I’m thinking or nervous, and this evolved into literally chewing open sores into my fingers. Thankfully these have mostly healed. At this point, I can handle lemons and limes again without fear. In 2020, I donated a lot of money to causes (Biden’s campaign, organizations like Black Girls Code that bolster education for underrepresented minorities in tech, and organizations that seek to selectively replace policing with policies targeted to specific problems), but I didn’t donate much time this year. I don’t know how to feel about this.<br> My girlfriend is a professional translator and précis writer. She is extremely concerned with the precise definitions of words. This means that I had the misfortune of learning the difference between the terms coronavirus (a class of viruses), novel coronavirus (a placeholder name before a significant coronavirus strain is named), SARS-CoV-2 (the official name of the virus causing the current pandemic), and COVID-19 (the human disease caused by SARS-CoV-2). Why misfortune? Because I watched people use them interchangeably and incorrectly all year, while also knowing that it wasn’t worth correcting them. This was my small 2020 cross to bear.<br> 2021<br> My biggest focus for 2021 is getting Jaunty, Inc. on a sustainable course. I would like to end the year by paying myself enough of a salary to cover all of my monthly expenses, and also to be able to rent an office somewhere. $10k-15k in monthly revenue is the line where many people can start doing this. This would put me close to hiring my first employee, but that’s getting ahead of myself.<br> I’m only going to permanently switch away from Gmail once. I won’t be switching to the 2020 version of HEY. I hope that they continue to evolve the email client in a thoughtful way. I can imagine myself switching to a future iteration of HEY based on its privacy stance and its speed.<br> Please consider donating to Black Girls Code. When I was growing up, I had access to high school classes about programming and a computer in my bedroom which allowed me to hone these skills. I'd like everyone to have this kind of access to opportunities. <a rel="noreferrer" target="_blank" href="https://www.blackgirlscode.com/"><a href="https://www.blackgirlscode.com/">https://www.blackgirlscode.com/</a></a> I donated $500, but please consider donating even if it's $5.<br> <a rel="noreferrer" target="_blank" href="https://www.bitlog.com/2020/12/31/2020-year-in-review-living-in-interesting-times/">2020 year in review: living in interesting times</a><br> https://www.whatsupup.com/blog/sovietizing/ohioan/20210928-080817/ Tue, 28 Sep 2021 08:08:17 +0000 https://www.whatsupup.com/blog/sovietizing/ohioan/20210928-080817/ In 2018, we started pioneering work on securing one of the oldest parts of the Internet, one that had till then remained largely untouched by efforts to make the web … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2021/06/10/working-in-the-open-enhancing-privacy-and-security-in-the-dns/">Read more</a><br> Since its founding in 1998, Mozilla has championed human-rights-compliant innovation as well as choice, control, and privacy for people on the Internet. We have worked hard to actualise this belief … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2020/10/08/the-eus-current-approach-to-qwacs-qualified-website-authentication-certificates-will-undermine-security-on-the-open-web/">Read more</a><br> Australia’s Independent National Security Legislation Monitor (INSLM) earlier this month released a 316-page report calling for significant, and much needed, reforms to the nation’s 2018 Telecommunications and Other Legislation Amendment … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2020/07/27/australian-watchdog-recommends-major-changes-to-exceptional-access-law-tola/">Read more</a><br> ATUALIZAÇÃO: no dia 30 de junho de 2020, o senado brasileiro aprovou o “PL 2630/2020” (Lei das Fake News) com algumas emendas importantes que tornaram opcional a verificação de identidade … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2020/06/29/analise-da-mozilla-a-proposta-de-lei-sobre-noticias-falsas-do-brasil-prejudica-a-privacidade-a-seguranca-e-a-liberdade-de-expressao/">Read more</a><br> UPDATE: On 30 June 2020, the Brazilian Senate passed “PLS 2630/2020” (the fake news law) with some key amendments that made government identity verification for accounts optional, excluded social media … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2020/06/29/brazils-fake-news-law-harms-privacy-security-and-free-expression/">Read more</a><br> https://www.whatsupup.com/blog/evildoer/onionskin/20210928-080810/ Tue, 28 Sep 2021 08:08:10 +0000 https://www.whatsupup.com/blog/evildoer/onionskin/20210928-080810/ After almost a year’s worth of deliberation, the Kris Gopalakrishnan Committee released its draft report on non-personal data regulation in India in July 2020. The report is one of the … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2020/09/12/indias-ambitious-non-personal-data-report-should-put-privacy-first-mozilla/">Read more</a><br> Australia’s Independent National Security Legislation Monitor (INSLM) earlier this month released a 316-page report calling for significant, and much needed, reforms to the nation’s 2018 Telecommunications and Other Legislation Amendment … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2020/07/27/australian-watchdog-recommends-major-changes-to-exceptional-access-law-tola/">Read more</a><br> 2019 saw a spike of activity to protect online privacy as governments around the globe grappled with new revelations of data breaches and privacy violations. While much of the privacy … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2019/12/31/bringing-californias-privacy-law-to-all-firefox-users-in-2020/">Read more</a><br> The Kenyan Data Protection and Privacy Act 2019, was signed into law last week. This GDPR-like law is the first data protection law in Kenyan history, and marks a major … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2019/11/12/mozilla-plays-role-in-kenyas-adoption-of-crucial-data-protection-law/">Read more</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210928-080809/ Tue, 28 Sep 2021 08:08:09 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210928-080809/ <p><a rel="noreferrer" target="_blank" href="https://retool.com/blog/what-is-low-code/">Low code and no code have equal amounts of hype and skepticism. On the one hand, it’s clear low code has market traction: in April 2021, a provider of low code automation</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/admin-panel-roundup/">There are a few off the shelf options for building admin interfaces: 1. Database GUI Clients 2. Frontend admin libraries 3. Backend admin frameworks 4. 3rd-party admin tools They’re all good at specific things. Let’s see how you can decide between them:</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/nacho-iacovino-on-the-future-of-internal-tools/">A guest post from Nacho Iacovino, developer advocate at Clerk, who recently chatted with us about the findings from our 2021 State of Internal Tools report and where he thinks internal tool development is going.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/pizza-to-the-polls-story/">With this year’s record voter turnout, Pizza to the Polls had an even greater impact than in 2016 and they did it with the power of Retool. They raised over $1.4 million to send 66,089 pizzas to 3,267 polling places in 48 states—blowing their 2016 and 2018 numbers out of the water.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/whats-accenture/">Accenture made $43B in 2019 - you've probably heard of them, but you might not be sure what they actually do. This post will help.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/top-react-component-libraries-for-2020/">A React component library is a collection of styled React components that you can use in your React applications to save time, add functionality, increase efficiency, and make the app look great. Here are six of our favorites for 2020.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-to-build-great-internal-tools-jeremy-edberg-ebay-netflix-reddit/">Jeremy Edberg has been working as an engineer in the Bay Area since 1998. He’s worked on great internal tools at eBay, as the first engineering hire at Reddit, and as the first reliability engineer at Netflix.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-retool-helped-run-a-presidential-campaign/">Sunil Sadasivan ran tech for Cory Booker's 2020 presidential campaign, and talked to us about the challenges of quickly scaling a team to match.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-to-build-great-internal-tools-chad-rosen-twitter-wealthfront/">Chad Rosen has been working as a software engineer and engineering manager in the Bay Area since 2001. He has helped contribute to both the product and internal tools at companies like Good Technology, ClickShift, Twitter, and Wealthfront.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/air-travel-software/">A lot has changed about air travel since it went mainstream in the 1930s. On-board smoking, free-flowing booze, and five-star meals have given way to baggage fees, cramped seats, and mystery meat. Through all this change, one thing has stayed the same — the software that manages it all.</a><br> https://www.whatsupup.com/blog/augur/cussed/20210928-080753/ Tue, 28 Sep 2021 08:07:53 +0000 https://www.whatsupup.com/blog/augur/cussed/20210928-080753/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/meet-the-discord-users-who-imagined-a-place-657325b75fa6?source=collection_home---4------8-----------------------">Meet the Discord Users Who Imagined a Place Let’s talk about you, the community who inspired the entire Imagine a Place project and Discord — The Movie (2021).</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/how-trust-safety-addresses-violent-extremism-on-discord-c15613dae03a?source=collection_home---4------17-----------------------">How Trust & Safety Addresses Violent Extremism on Discord We dive into our history with violent extremists on the platform and how our response has improved since the 2017 Charlottesville incident.</a><br> https://www.whatsupup.com/blog/flea/unthought/20210928-080753/ Tue, 28 Sep 2021 08:07:52 +0000 https://www.whatsupup.com/blog/flea/unthought/20210928-080753/ <p><a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pandemic-and-health">Pandemic, Teams, Health, and Self-Care ( June 29, 2020 )</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/50-product-lessons">50 Short Product Lessons ( June 29, 2020 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/some-tweets">Book Pre-Order ( May 16, 2020 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/mvp-and-experiment-tips">Some MVP and Experiment Tips ( February 25, 2020 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/breaking-the-rules">Great Teams Break the "Rules" All the Time ( December 17, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/promises-kept">Small Promises Regularly Kept ( December 16, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/shape-up-review">Review Notes: Shape Up ( December 13, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-product-managers-lose-trust">How Product Managers Lose Trust ( September 14, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/what-is-an-mvp">What Is an MVP? ( September 07, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-you-want-to-fix-something">So You Want to Fix Something? ( August 19, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/measure-to-learn-not-to-control">Measuring to Control vs. Measuring to Learn and Improve ( August 16, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/small-teams-may-not-fix-the-mess">Small Teams May Not Fix The Mess ( July 06, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-system-bites-back">The System Bites Back ( June 18, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/making-okrs-easier">Making OKRs Easier… ( June 16, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/working-fast-and-slow">Working Fast and Slow ( June 11, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/meta-advocacy">“Meta” Advocacy ( June 10, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-youre-hiring-a-product-manager">So You’re Hiring a Product Manager? ( May 04, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/by-default-ship-nothing">By Default, Ship Nothing ( April 28, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-messy-shift-to-starting-together">The (Messy) Shift to Starting Together ( April 17, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/hot-mess">Hot Mess ( April 03, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scaling-product-development-for-startups">Scaling Product Development (for Startups) ( March 20, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-big-leaps">The Big Leaps ( March 18, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/prioritizing-without-level-of-effort">Prioritizing Without Level of Effort? ( March 15, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/should-we-have-deadlines">Should We Have Deadlines? ( March 13, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/do-this-now-8-ways-to-focus-your-product-team-on-impact-not-features">Do This Now: 8 Ways to Focus your Product Team on Impact, Not Features ( February 16, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-spirit-of-sprints">(The Spirit Of…) Sprints ( February 09, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/make-the-time-if-it-is-important">Make the Time (If It Is Important) ( February 02, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-things-you-should-know-about-product-managers">15 Things You Should Know About Product Managers ( January 27, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/visualize-flow-at-a-higher-level">Visualize Flow at a Higher Level ( January 22, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/organizational-debt">Organizational Debt ( January 14, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/going-agile">“Going Agile” ( January 12, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-models">Continuous Improvement Models ( January 04, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/hybrid-boards-for-roadmapping">Hybrid Boards For Roadmapping ( January 03, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/10-product-development-traps">10 Product Development Traps ( January 02, 2019 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/resilience-the-fork-in-the-road">Resilience: The Fork in the Road ( December 30, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/learning-or-just-delivering">Learning? Or Just Delivering? ( December 24, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-posts-about-change-agency-and-continuous-improvement">15 Posts About Change Agency and Continuous Improvement ( December 22, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/15-posts-on-roadmaps-prioritization-and-visualizing-the-work">15 Posts on Roadmaps, Prioritization, and Visualizing The Work ( December 20, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/do-this-now">Do This Now! ( December 20, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-outcomes-over-outputs">Why Outcomes Over Outputs? ( December 18, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/decision-quality-decision-velocity">Decision Quality. Decision Velocity. ( December 11, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-cold-start-problem">The Cold Start Problem ( December 11, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/great-one-pagers">Great One-Pagers ( December 10, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/certainty-theater">Certainty Theater ( December 09, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-experiment">Why Experiment? ( December 02, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/from-decision-maker-to-decision-supporter">From Decision Maker to Decision Supporter ( December 01, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/16-individual-warning-signals">16 Individual Warning Signals ( November 23, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-tribe">The [?] Tribe ( November 20, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-dont-they-trust-us">Why Don’t They Trust Us? ( November 16, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/self-inflicted-chaos">Self-Inflicted Chaos ( November 13, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/practice-best-practices">Practice > Best Practices ( November 02, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-do-we-do-ux-with-agile">How Do We Do UX With Agile? ( October 23, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-drift-into-technical-bankruptcy">The Drift Into Technical Bankruptcy ( October 04, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-person-assigned-to-each-story">One Person Assigned To Each Story? ( September 28, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-tools-vs-project-management-tools">Continuous Improvement Tools vs. Project Management Tools ( September 24, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-mvp-bait-and-switch">The MVP Bait-and-Switch ( September 23, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/continuous-improvement-is-real-work">Continuous Improvement is Real Work ( September 17, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/messy-middle">Messy Middle ( September 13, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/amplitude">Amplitude ( September 05, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/less-herding-more-doing">Less Herding. More Doing. ( August 30, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/thatll-never-work-here-heretics-head-noddies-and-the-drift-into-mediocrity">That’ll Never Work Here: Heretics, Head Noddies, and the Drift Into Mediocrity ( August 28, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pm-tip-30-seconds-answers-to-common-questions">PM Tip: 30 Seconds Answers (to Common Questions) ( August 26, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-quarterly-okrs">Why Quarterly OKRs? ( August 24, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/4-prioritization-lessons-using-cost-of-delay-and-cd3">4 Prioritization Lessons (using Cost of Delay and CD3) ( August 23, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/not-leadership-material">Not Leadership “Material” ( August 22, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/70-books-and-other-resources-for-internal-change-agents">70 Books (and Other Resources) for Internal Change Agents ( August 22, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/feels-like-faster-vs-is-actually-faster">Feels Like Faster vs. Is Actually Faster ( August 18, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/make-scrum-scrumptious">Make Scrum Scrumptious! ( August 13, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-patient-change-agent">The Patient Change Agent ( August 12, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-manager-and-the-change-agent">The Manager and the Change Agent ( August 07, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/your-org-problems-are-not-unique">Your Org Problems Are Not Unique ( August 02, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/is-agile-the-enemy-of-good-design">Is Agile the Enemy (of Good Design)? ( July 28, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/whyestimates">#WhyEstimates ( July 26, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ripple-effects-no-and-chips-on-shoulders">Ripple Effects, No, and Chips On Shoulders… ( July 25, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/better-outcomes-less-drag">Better Outcomes. Less Drag ( July 23, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-canary-dies">The Canary Dies ( July 22, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-some-tool">#Why[Some Tool] ( July 15, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/slack-vs-blocked">Slack vs. Blocked ( July 13, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/invest-energy-and-focus-not-time">Invest Energy and Focus, Not Time ( July 10, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/team-why-cant-we-go-faster">Team! Why Can’t We Go Faster?! ( July 09, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/instant-results-guaranteed">Instant Results! Guaranteed!* ( July 08, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/just-one-more-sprint">Just One More Sprint!? ( July 07, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/quick-meeting-tips">Quick Meeting Tips ( July 06, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/pms-share-outcomes-with-your-team">PMs: Share Outcomes With Your Team ( July 02, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/opportunity-vs-intervention">Opportunity vs. Intervention ( June 29, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agile-makes-no-sense">Agile Makes No Sense ( June 28, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/start-with-naive-pragmatism">Start With Naive Pragmatism ( June 26, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/its-products-fault-right">It’s Product’s Fault! Right? ( June 25, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/a-single-prioritized-list-a-story">A Single Prioritized List (a Story) ( June 22, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/focused-advocacy-and-improvement">Focused Advocacy and Improvement ( June 21, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/when-you-hear-pay-attention">When You Hear _______, Pay Attention ( June 20, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/before-adding-process">Before Adding Process ( June 17, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/platitudes-and-brass-tacks">Platitudes and Brass Tacks ( June 15, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-random-ticket-game">The Random Ticket Game ( June 12, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/value-and-sequencing">Value and Sequencing ( June 07, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-spokesperson-trap">The Spokesperson Trap ( June 05, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/prioritizing-non-feature-work-and-continuous-improvement">Prioritizing “Non-Feature” Work and Continuous Improvement ( June 04, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-need-quick-wins">We Need Quick Wins… ( June 04, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/unsuck-days">Unsuck Days ( June 02, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/they-just-want-to-code-or-design-all-day">“They Just Want To Code (or Design) All Day” ( May 30, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/three-deep-breaths">Three Deep Breaths ( May 22, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/systems-and-people-behaving-badly">Systems and People Behaving Badly ( May 17, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/good-process-vs-bad-process">Good Process vs. Bad Process ( May 16, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/show-dont-tell">Show Don’t Tell ( May 15, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/how-does-your-company-approach-continuous-improvement">How Does Your Company Approach Continuous Improvement? ( May 12, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-all-care-about-congruence-right">We All Care About Congruence. Right? ( May 10, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beyond-outcomes-over-outputs">Beyond “Outcomes Over Outputs” ( May 08, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/better-decisions-by-forecasting-cycle-time-as-a-team">Better Decisions (By Forecasting Cycle Time as a Team) ( May 05, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/problem-vs-solution">Problem vs. Solution ( April 20, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/working-with-software-developers-9-tips-for-product-managers">Working With Software Developers (9 Tips for Product Managers) ( April 15, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/cost-per-reasonable-decision-cprd">Cost Per Reasonable Decision (CPRD) ( April 01, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/task-story-bigger-story-bets-foundational-beliefs-drawing">Task, Story, Bigger Story, Bets, Foundational Beliefs (Drawing) ( March 27, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/starting-without-a-solution">Starting Without A Solution ( March 16, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/40-roadmap-item-questions">40 Roadmap Item Questions ( March 02, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/so-that-prioritization-spreadsheet">So That Prioritization Spreadsheet… ( February 25, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/look-before-leaping">Look Before Leaping ( February 22, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/yes-but">Yes, But… ( February 19, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/wip-it-real-good">WIP It Real Good ( February 14, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/round-and-round">Round and Round ( February 12, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/awesome-meh-awesome-but">Awesome, Meh, Awesome But… ( February 03, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/start-together-finish-together">Start Together. Finish Together ( January 31, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-need-fewer-product-managers">We Need Fewer Product Managers ( January 29, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/lets-run-an-experiment">“Let’s Run an Experiment!” ( January 28, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/we-cant-do-that-in-one-sprint">We Can’t Do That In One Sprint ( January 24, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/my-idea-ism">My-idea-ism ( January 23, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/measurement-malpractice">Measurement Malpractice ( January 22, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/give-and-take">Give and Take ( January 21, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agile-done-right-is-continuous-design">Agile (Done Right) Is Continuous Design ( January 13, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/customer-facing-product-thinking-multi-product-and-other-shenanigans">Customer-Facing, Product Thinking, “Multi-Product”, and Other Shenanigans ( January 11, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/inventory-and-integration">Inventory and Integration ( January 11, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-hard-thing-about-not-so-hard-things">The Hard Thing About (Not So) Hard Things ( January 10, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/story-epilogues">Story Epilogues ( January 06, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-story-per-sprint">One Story Per “Sprint” ( January 05, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/of-course-psychological-safety-but-how">Of Course Psychological Safety…But How? ( January 04, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/some-totally-cliche-career-advice">Some Totally Cliche Career Advice… ( January 03, 2018 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/our-intuition-says-instead-try">Our Intuition Says… Instead, Try… ( December 23, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/flow-decoupling-cadences-and-fixed-length-sprints">Flow, Decoupling Cadences, and Fixed-Length Sprints ( December 21, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/trying-something">“Trying Something” ( December 19, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scrum-is-the-best-thing-in-the-whole-wide-world">Scrum is the Best Thing in the Whole Wide World ( December 19, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/100-wikipedia-articles-on-software-product-development-and-related-disciplines">100 Wikipedia Articles on Software Product Development (and Related Disciplines) ( December 17, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/agiles-three-leaps-of-faith">Agile’s Three Leaps of Faith ( December 16, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/fixed-length-sprints">Fixed-Length Sprints ( December 12, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/stop-playing-tetris-with-teams-sprints-projects-and-individuals">Stop Playing Tetris (With Teams, Sprints, Projects, and Individuals) ( December 10, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/10-ways-the-c-suite-can-support-agility">10 Ways the C-Suite Can Support Agility ( December 08, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/unlearning-and-relearning-agile">Unlearning and Relearning Agile ( December 07, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/18-things-your-okrs-shouldnt-do">18 Things Your OKRs Shouldn’t Do… ( December 06, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/responding-to-a-failed-sprint">Responding to a “Failed” Sprint ( December 05, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-way-of-ways">The Way of Ways ( December 04, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/work-smaller-even-if-it-makes-no-sense">Work Smaller (Even If It Makes No Sense) ( December 04, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/sensor-responder-or-in-between">Sensor? Responder? Or In Between? ( December 03, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scrum-prerequisites-from-the-scrum-guide">Scrum Prerequisites (From the Scrum Guide) ( December 02, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/stop-obsessing-over-the-teams">Stop Obsessing Over “The Teams” ( November 29, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/product-nerding-with-annie-dunham">Product Nerding with Annie Dunham ( November 28, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/25-hints-youre-working-on-a-high-performing-team">25 Hints You’re Working on a High Performing Team ( November 26, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/respect-expertise-and-work-together-dont-institutionalize-handoffs">Respect Expertise and Work Together — Don’t Institutionalize Handoffs ( November 26, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/kanban-boards-are-a-design-challenge">Kanban Boards are a Design Challenge ( November 25, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beat-the-feature-factory-video">Beat the Feature Factory (Video) ( November 23, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/experiment-together-improve-together-win-together">Experiment Together. Improve Together. Win Together ( November 23, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/for-meaningful-change-look-beyond-front-line-teams">For Meaningful Change…Look Beyond Front-Line Teams ( November 23, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/interview-jared-spool-on-center-centre-real-projects-and-the-future-of-ux-education">Interview: Jared Spool on Center Centre, Real Projects, and the Future of UX Education ( November 22, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-modern-agile-is-worth-checking-out">Why Modern Agile is Worth Checking Out ( November 21, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/an-apple-a-day">An Apple a Day ( November 19, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/maker-angst-job-flippers-and-do-gooders">Maker Angst — Job Flippers and Do Gooders ( November 18, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ask-alexa-to-better-understand-your-users">Ask Alexa (To Better Understand Your Users) ( November 17, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/backlog-roadmap-hygiene-tips">Backlog/Roadmap Hygiene Tips ( November 17, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-trouble-with-scrum">The Trouble With Scrum ( November 16, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/30-thoughts-on-change-org-health-and-change-agency">30 Thoughts On Change, Org Health, and Change Agency ( November 14, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/let-teams-figure-it-out">Let Teams Figure It Out ( November 11, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-product-system">The Product “System” ( November 09, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-battle-for-change">The Battle For Change ( November 02, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/question-given-this-scenario-what-does-the-product-manager-do">Question: Given This Scenario, What Does The Product Manager Do? ( October 30, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-one-week-product-management-challenge">The One Week Product Management Challenge ( October 30, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/ways">Ways ( October 29, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/faster-faster-faster">Faster. Faster. Faster. ( October 27, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-work-is-never-done">The Work Is Never Done ( October 21, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-backlog-aka-wishing-well">The Backlog (aka Wishing Well) ( October 20, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/now-that-would-be-bad">Now That Would Be Bad… ( October 19, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/the-psychological-safety-dance">The (Psychological) Safety Dance ( October 18, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/why-isnt-agile-working">Why Isn’t Agile Working? ( October 05, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/scaling-without-imploding">Scaling Without Imploding ( October 03, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/beyond-features-and-projects-it-arena-2017-lviv-ukraine">Beyond Features and Projects (IT Arena 2017— Lviv, Ukraine) ( September 30, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/one-day-sprints">One Day Sprints ( September 25, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/play-it-again-sam">Play It Again Sam! ( September 25, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/forcing-functions-and-continuous-improvement">Forcing Functions and Continuous Improvement ( September 24, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/kanban-cantban-and-risky-visualizations">Kanban, Can’tban, and Risky Visualizations ( September 22, 2017 )</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cutle.fish/blog/competition-fitness-change-and-front-line-angst">Competition, Fitness, …</a> https://www.whatsupup.com/blog/glooming/wrackful/20210928-080734/ Tue, 28 Sep 2021 08:07:34 +0000 https://www.whatsupup.com/blog/glooming/wrackful/20210928-080734/ 14 Sep 2021<br> 25 Aug 2021<br> 20 Apr 2021<br> 16 Feb 2021<br> https://www.whatsupup.com/blog/baldish/wince/20210928-080731/ Tue, 28 Sep 2021 08:07:31 +0000 https://www.whatsupup.com/blog/baldish/wince/20210928-080731/ October 2020 <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/category/tutorials/">Tutorials</a><br> February 2020 <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/category/industry/">Industry</a><br> https://www.whatsupup.com/blog/incremental/comte/20210928-080723/ Tue, 28 Sep 2021 08:07:23 +0000 https://www.whatsupup.com/blog/incremental/comte/20210928-080723/ May 10, 2021<br> Dec 26, 2020<br> Feb 12, 2020<br> Oct 26, 2019<br> Jun 30, 2019<br> Jan 31, 2019<br> Nov 9, 2017<br> https://www.whatsupup.com/blog/popularization/compilable/20210928-080709/ Tue, 28 Sep 2021 08:07:09 +0000 https://www.whatsupup.com/blog/popularization/compilable/20210928-080709/ <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Portalware_DIS21.pdf">Portalware: Exploring Free-Hand AR Drawing with a Dual-Display Smartphone-Wearable Paradigm</a> Jing Qian, Tongyu Zhou, Meredith Young-Ng, Jiaju Ma, Angel Cheung, Xiangyu Li, Ian Gonsher, Jeff Huang DIS 2021<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/SelfE_CHI21.pdf">Self-E: Smartphone-Supported Guidance for Customizable Self-Experimentation</a> Nediyana Daskalova, Eindra Kyi, Kevin Ouyang, Arthur Borem, Sally Chen, Sung Hyun Park, Nicole Nugent, Jeff Huang CHI 2021 <a rel="noreferrer" target="_blank" href="https://selfe.cs.brown.edu/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Sochiatrist_CSCW20.pdf">Sochiatrist: Signals of Affect in Messaging Data</a> Talie Massachi, Grant Fong, Varun Mathur, Sachin Pendse, Gabriela Hoefer, Jessica Fu, Chong Wang, Nikita Ramoji, Nicole Nugent, Megan Ranney, Daniel Dickstein, Michael Armey, Ellie Pavlick, Jeff Huang CSCW 2020 <a rel="noreferrer" target="_blank" href="https://sochiatrist.cs.brown.edu/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Sketchy_CSCW20.pdf">Sketchy: Drawing Inspiration from the Crowd</a> Shaun Wallace, Brendan Le, Luis Leiva, Aman Haq, Ari Kintisch, Gabrielle Bufrem, Linda Chang, Jeff Huang CSCW 2020 <a rel="noreferrer" target="_blank" href="https://sketchy.cs.brown.edu/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/SleepBandits_CHI20.pdf">SleepBandits: Guided Flexible Self-Experiments for Sleep</a> Nediyana Daskalova, Jina Yoon, Yibing Wang, Cintia Araujo, Guillermo Beltran, Nicole Nugent, John McGeary, Joseph Jay Williams, Jeff Huang CHI 2020 <a rel="noreferrer" target="_blank" href="https://sleepcoacher.cs.brown.edu/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Portalble_UIST19.pdf">Portal-ble: Intuitive Free-Hand Manipulation in Unbounded Smartphone-based Augmented Reality</a> Jing Qian, Jiaju Ma, Xiangyu Li, Benjamin Attal, Haoming Lai, James Tompkin, John Hughes, Jeff Huang UIST 2019 <a rel="noreferrer" target="_blank" href="https://portalble.cs.brown.edu/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Rewind_IMWUT18.pdf">Rewind: Automatically Reconstructing Everyday Memories with First-Person Perspectives</a> Neille-Ann Tan, Han Sha, Eda Celen, Phucanh Tran, Kelly Wang, Gifford Cheung, Philip Hinch, Jeff Huang IMWUT 2018<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Remotion_IMWUT18.pdf">Remotion: A Motion-Based Capture and Replay Platform of Mobile Device Interaction for Remote Usability Testing</a> Jing Qian, Arielle Chapin, Alexandra Papoutsaki, Fumeng Yang, Klaas Nelissen, Jeff Huang IMWUT 2018 <a rel="noreferrer" target="_blank" href="https://remotion.cs.brown.edu/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/EyeTyper_ETRA18.pdf">The Eye of the Typer: A Benchmark and Analysis of Gaze Behavior during Typing</a> Alexandra Papoutsaki, Aaron Gokaslan, James Tompkin, Yuze He, Jeff Huang ETRA 2018 <a rel="noreferrer" target="_blank" href="https://webgazer.cs.brown.edu/data/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/SelfExperiments_IMWUT17.pdf">Lessons Learned from Two Cohorts of Personal Informatics Self-Experiments</a> Nediyana Daskalova, Karthik Desingh, Alexandra Papoutsaki, Diane Schulze, Han Sha, Jeff Huang IMWUT 2017<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Drafty_HCOMP17.pdf">Drafty: Enlisting Users to be Editors who Maintain Structured Data</a> Shaun Wallace, Lucy van Kleunen, Marianne Aubin-Le Quere, Abraham Peterkin, Yirui Huang, Jeff Huang HCOMP 2017 <a rel="noreferrer" target="_blank" href="https://drafty.cs.brown.edu/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/SearchGazer_CHIIR17.pdf">SearchGazer: Webcam Eye Tracking for Remote Studies of Web Search</a> Alexandra Papoutsaki, James Laskey, Jeff Huang CHIIR 2017    (Best Paper Finalist) <a rel="noreferrer" target="_blank" href="https://webgazer.cs.brown.edu/search/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/MasterMaker_TOPICS17.pdf">Master Maker: Understanding Gaming Skill through Practice and Habit from Gameplay Behavior</a> Jeff Huang, Eddie Yan, Gifford Leung, Nachiappan Nagappan, Thomas Zimmermann topiCS (Topics in Cognitive Science), 9(2), 2017<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/SleepCoacher_UIST16.pdf">SleepCoacher: A Personalized Automated Self-Experimentation System for Sleep Recommendations</a> Nediyana Daskalova, Danaë Metaxa, Adrienne Tran, Nicole Nugent, Julie Boergers, John McGeary, Jeff Huang UIST 2016 <a rel="noreferrer" target="_blank" href="https://sleepcoacher.cs.brown.edu/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/WebGazer_IJCAI16.pdf">WebGazer: Scalable Webcam Eye Tracking Using User Interactions</a> Alexandra Papoutsaki, Patsorn Sangkloy, James Laskey, Nediyana Daskalova, Jeff Huang, James Hays IJCAI 2016 <a rel="noreferrer" target="_blank" href="https://webgazer.cs.brown.edu/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/CrowdsourcingNovices_HCOMP15.pdf">Crowdsourcing from Scratch: A Pragmatic Experiment in Data Collection by Novice Requesters</a> Alexandra Papoutsaki, Hua Guo, Danaë Metaxa, Connor Gramazio, Jeff Rasley, Wenting Xie, Guan Wang, Jeff Huang HCOMP 2015    (Best Paper Finalist)<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/MastersOfControl_CHI15.pdf">Masters of Control: Behavioral Patterns of Simultaneous Unit Group Manipulation in StarCraft 2</a> Eddie Yan, Jeff Huang, Gifford Cheung CHI 2015<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/HaloLearning_CHI13.pdf">Mastering the Art of War: How Patterns of Gameplay Influence Skill in Halo</a> Jeff Huang, Thomas Zimmermann, Nachiappan Nagappan, Charles Harrison, Bruce Phillips CHI 2013    (Best Paper Finalist)<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/RevMiner_UIST12.pdf">RevMiner: An Extractive Interface for Navigating Reviews on a Smartphone</a> Jeff Huang, Oren Etzioni, Luke Zettlemoyer, Kevin Clark, Christian Lee UIST 2012<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/CursorModel_SIGIR12.pdf">Improving Searcher Models Using Mouse Cursor Activity</a> Jeff Huang, Ryen White, Georg Buscher, Kuansan Wang SIGIR 2012<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/GazeCursor_CHI12.pdf">User See, User Point: Gaze and Cursor Alignment in Web Search</a> Jeff Huang, Ryen White, Georg Buscher CHI 2012<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Branching_WSDM12.pdf">No Search Result Left Behind: Branching Behavior with Browser Tabs</a> Jeff Huang, Thomas Lin, Ryen White WSDM 2012<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/InteractionDifferences_WSDM12.pdf">Large-Scale Analysis of Individual and Task Differences in Search Result Page Examination Strategies</a> Georg Buscher, Ryen White, Susan Dumais, Jeff Huang WSDM 2012<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/RuleVariants_CSCW12.pdf">Remix and Play: Lessons from Rule Variants in Texas Hold'em and Halo 2</a> Gifford Cheung and Jeff Huang CSCW 2012<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/DifficultQueries_ECIR12.pdf">Interactive Search Support for Difficult Web Queries</a> Abdigani Diriye, Giridhar Kumaran, Jeff Huang ECIR 2012<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/CursorBehavior_CHI11.pdf">No Clicks, No Problem: Using Cursor Movements to Understand and Improve Search</a> Jeff Huang, Ryen White, and Susan Dumais CHI 2011    (Best Paper Finalist)<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/StarcraftSpectator_CHI11.pdf">Starcraft from the Stands: Understanding the Game Spectator</a> Gifford Cheung and Jeff Huang CHI 2011<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/ReviewingSearchResults_AAAI10.pdf">Optimal Strategies for Reviewing Search Results</a> Jeff Huang and Anna Kazeykina AAAI 2010<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/EvaluatingTrails_SIGIR10.pdf">Assessing the Scenic Route: Measuring the Value of Search Trails in Web Logs</a> Ryen White and Jeff Huang SIGIR 2010    (Best Paper Award)<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Trailfinding_SIGIR10.pdf">Studying Trailfinding Algorithms for Enhanced Web Search</a> Adish Singla, Ryen White, and Jeff Huang SIGIR 2010<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/TwitterTagging_HT10.pdf">Conversational Tagging in Twitter</a> Jeff Huang, Katherine Thornton, and Efthimis Efthimiadis Hypertext 2010 short paper<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/ParallelBrowsing_HT10.pdf">Parallel Browsing Behavior on the Web</a> Jeff Huang and Ryen White Hypertext 2010 short paper<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Reformulation_CIKM09.pdf">Analyzing and Evaluating Query Reformulation Strategies in Web Search Logs</a> Jeff Huang and Efthimis Efthimiadis CIKM 2009    (Best Student Paper Finalist)<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Graphstract_UIST07.pdf">Graphstract: Minimal Graphical Help for Computers</a> Jeff Huang and Michael Twidale UIST 2007<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/PanZoom_CHI19.pdf">Evaluating Pan and Zoom Timelines and Sliders</a> Michail Schwab, Sicheng Hao, Olga Vitek, James Tompkin, Jeff Huang, Michelle Borkin CHI 2019 <a rel="noreferrer" target="_blank" href="https://multiscale-timelines.ccs.neu.edu/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/EasyPZ_VIS2019.pdf">EasyPZ.js: Interaction Binding For Pan and Zoom Visualizations</a> Michail Schwab, James Tompkin, Jeff Huang, Michelle Borkin VIS 2019 short paper <a rel="noreferrer" target="_blank" href="https://easypz.io/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/SleepCohorts_IMWUT18.pdf">Investigating the Effectiveness of Cohort-Based Sleep Recommendations</a> Nediyana Daskalova, Bongshin Lee, Jeff Huang, Chester Ni, Jessica Lundin IMWUT 2018<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/SEEDE_ASE18.pdf">SEEDE: Simultaneous Execution and Editing in a Development Environment</a> Steven Reiss, Qi Xin, Jeff Huang ASE 2018<br> <a rel="noreferrer" target="_blank" href="https://doi.org/10.1109/TVCG.2017.2734659">An Analysis of Automated Visual Analysis Classification: Interactive Visualization Task Inference of Cancer Genomics Domain Experts</a> Connor Gramazio, Jeff Huang, David Laidlaw TVCG (Transactions on Visualization and Computer Graphics), 24(8), 2017<br> <a rel="noreferrer" target="_blank" href="https://dx.doi.org/10.1016/j.ipm.2016.04.005">Strokes of Insight: User Intent Detection and Kinematic Compression of Mouse Cursor Trails</a> Daniel Martín-Albo, Luis Leiva, Jeff Huang, Réjean Plamondond IPM (Information Processing & Management), 52(6), 2016<br> <a rel="noreferrer" target="_blank" href="https://link.springer.com/article/10.1007/s10458-015-9283-7">Learning Behaviors via Human-Delivered Discrete Feedback</a> Robert Loftin, Bei Peng, James MacGlashan, Michael Littman, Matthew Taylor, Jeff Huang, David Roberts JAAMAS (Autonomous Agents and Multi-Agent Systems), 30(1), 2016<br> <a rel="noreferrer" target="_blank" href="https://dx.doi.org/10.1109/TVCG.2015.2424872">Representing Uncertainty in Graph Edges: An Evaluation of Paired Visual Variables</a> Hua Guo, Jeff Huang, David Laidlaw TVCG (Transactions on Visualization and Computer Graphics), 21(10), 2015<br> <a rel="noreferrer" target="_blank" href="https://dx.doi.org/10.1016/j.ipm.2014.10.005">Building a Better Mousetrap: Compressing Mouse Cursor Activity for Web Analytics</a> Luis Leiva, Jeff Huang IPM (Information Processing & Management), 51(2), 2015 <a rel="noreferrer" target="_blank" href="https://hci.brown.edu/mousetrap/">[website]</a><br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/StrategyAwareLearning_AAAI14.pdf">A Strategy-Aware Technique for Learning Behaviors from Discrete Human Feedback</a> Robert Loftin, James MacGlashan, Bei Peng, Matthew Taylor, Michael Littman, Jeff Huang, David Roberts AAAI 2014<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/HumanFeedback_ROMAN14.pdf">Learning Something from Nothing: Leveraging Implicit Human Feedback Strategies</a> Robert Loftin, Bei Peng, James MacGlashan, Michael Littman, Matthew Taylor, Jeff Huang, David Roberts RO-MAN 2014<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/HaloSkill_CHIGUR13.pdf">Influence of Gameplay on Skill in Halo Reach</a> Jeff Huang, Thomas Zimmermann, Nachiappan Nagappan, Charles Harrison, Bruce Phillips CHI Games User Research Workshop 2013<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/TouchTracking_HCIR12.pdf">Web User Interaction Mining from Touch-Enabled Mobile Devices</a> Jeff Huang and Abdigani Diriye HCIR Workshop 2012<br> <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/PageLevelInteractions_HCIR11.pdf">On the Value of Page-Level Interactions in Web Search</a> <a rel="noreferrer" target="_blank" href="https://jeffhuang.org">Jeff Huang</a> HCIR Workshop 2011<br> 245 CIT 115 Waterman Street Providence RI 02912 401-863-5808 <a href="mailto:home@jeffhuang.com">home@jeffhuang.com</a><br> <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci1300/">User Interfaces</a> <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci1950i/">Fall 2013</a> , <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci1300/fall2014/">Fall 2014</a> , <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci1300/fall2015/">Fall 2015</a> , <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci1300/fall2016/">Fall 2016</a> , <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci1300/fall2017/">Fall 2017</a> , <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci1300/fall2018/">Fall 2018</a> , <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci1300/fall2019/">Fall 2019</a> , <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci1300/">Fall 2020</a><br> <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci2300/">HCI Seminar</a> <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci2951-l/">Spring 2014</a> , <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci2300/spring2015/">Spring 2015</a> , <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci2300/spring2018/">Spring 2018</a> , <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci2300/">Spring 2020</a><br> <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci1301/">Livestreaming Reimagined</a> <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci1301/">Spring 2021</a><br> Computer Science Research Methods Spring 2019<br> <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci2951-r/">Personal Informatics Seminar</a> <a rel="noreferrer" target="_blank" href="https://cs.brown.edu/courses/csci2951-r/">Spring 2016</a><br> <a rel="noreferrer" target="_blank" href="https://courses.washington.edu/ir2010/">Information Retrieval</a> <a rel="noreferrer" target="_blank" href="https://courses.washington.edu/ir2010/">Fall 2010 (University of Washington)</a><br> <a rel="noreferrer" target="_blank" href="https://cs.pomona.edu/~apapoutsaki/">Dr. Alexandra Papoutsaki</a> (2017) <a rel="noreferrer" target="_blank" href="http://blog.cs.brown.edu/2017/03/13/alexandra-papoutsaki-lands-dream-job-pomona-college/">landed her dream position</a> as Assistant Professor at Pomona College<br> <a rel="noreferrer" target="_blank" href="https://nediyana.github.io/">Dr. Nediyana Daskalova</a> (2020) was a pioneer for flexible self-experimentation systems, and became a research scientist at Spotify<br> https://www.whatsupup.com/blog/tularemic/yahweh/20210928-080702/ Tue, 28 Sep 2021 08:07:01 +0000 https://www.whatsupup.com/blog/tularemic/yahweh/20210928-080702/ Welcome to part 1 of this narrative series about writing a complete video game from scratch, using the PICO -8. This is actually the second part, because in this house (unlike Lua) we index from 0, so if you’re new here you may want to consult the introductory stuff and table of contents in <a rel="noreferrer" target="_blank" href="https://eev.ee/blog/2020/11/30/gamedev-from-scratch-0-groundwork/">part zero</a> .<br> GitHub has <a rel="noreferrer" target="_blank" href="https://github.com/eevee/anise-cheezball-rising/releases">intermittent prebuilt ROMs</a> , or you can get them a week early <a rel="noreferrer" target="_blank" href="https://www.patreon.com/eevee/posts?tag=cheezball%20rising">on Patreon</a> if you pledge $4. More details in the <a rel="noreferrer" target="_blank" href="https://github.com/eevee/anise-cheezball-rising">README</a> !<br> <a rel="noreferrer" target="_blank" href="https://eev.ee/blog/2021/01/24/eevee-gained-3367-experience-points/">Eevee gained 3367 experience points</a><br> https://www.whatsupup.com/blog/nonspecific/thinkably/20210928-080657/ Tue, 28 Sep 2021 08:06:57 +0000 https://www.whatsupup.com/blog/nonspecific/thinkably/20210928-080657/ Let’s consider what advanced analytics and advanced data management are, how they are related to business digitalization, and why Gartner research bureau included these technologies in the TOP 10 of the most promising trends of 2020. What is advanced Analytics <a rel="noreferrer" target="_blank" href="https://parsers.me/why-you-need-advanced-big-data-analytics-and-how-to-get-it/">Read more…</a><br> <a rel="noreferrer" target="_blank" href="https://parsers.me/2020/09/">September 2020</a><br></p> <hr> Parsers, Inc. 220 East 23rd Street, Suite 400, New York, NY, 10010 support@parsers.me Operation mode: Monday to Friday 12:00PM - 6:00PM (US Pacific Time Zone)<br> https://www.whatsupup.com/blog/lynch/tiddly/20210928-080637/ Tue, 28 Sep 2021 08:06:37 +0000 https://www.whatsupup.com/blog/lynch/tiddly/20210928-080637/ <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2021/08/18/guest-writer-my-thoughts-on-afghanistan-as-a-member-of-the-us-military/">[Guest Writer] My Thoughts On Afghanistan As A Member Of The US Military</a> August 18, 2021<br> <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2020/07/29/stop-politicizing-medicine/">STOP POLITICIZING MEDICINE: Facts vs. Myths of the Frontline Doctors Video</a> July 29, 2020<br> <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2020/07/15/facebook-sucks/">Facebook is a disease.</a> July 15, 2020<br> https://www.whatsupup.com/blog/cashbox/snarler/20210928-080618/ Tue, 28 Sep 2021 08:06:18 +0000 https://www.whatsupup.com/blog/cashbox/snarler/20210928-080618/ <a rel="noreferrer" target="_blank" href="http://www.danga.com/">Danga</a> : 1998-2005, company I started, developed a lot of software: <a rel="noreferrer" target="_blank" href="http://memcached.org/">memcached</a> , MogileFS, Perlbal, etc.<br> <a rel="noreferrer" target="_blank" href="http://www.livejournal.com/">LiveJournal</a> : 1999-2007, blogging, social networking, forums, feed aggregator. Sold to Six Apart, later sold to <a rel="noreferrer" target="_blank" href="http://sup.ru">SUP</a> .<br> <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Six_Apart">Six Apart</a> : 2005-2007, "Chief Architect" (for backend infrastructure), <a rel="noreferrer" target="_blank" href="https://plus.google.com/u/0/115863474911002159675/posts/5jVttEPvjKD">created</a> <a rel="noreferrer" target="_blank" href="http://openid.net/">OpenID</a> , <a rel="noreferrer" target="_blank" href="http://gearman.org/">Gearman</a> , djabberd, ..<br> <a rel="noreferrer" target="_blank" href="http://www.google.com/">Google</a> : 2007 - <a rel="noreferrer" target="_blank" href="https://bradfitz.com/2020/01/27/leaving-google">2020</a> . Public stuff includes:<br> <a rel="noreferrer" target="_blank" href="https://webfinger.net/">WebFinger</a> , with tons of Internet people, since ~2006. Added gmail support. Not finished.<br> <a rel="noreferrer" target="_blank" href="http://golang.org/">Go Programming Language</a> , 2010-2020; so refreshingly simple and productive. makes me giddy about writing code again after years of hating the major trade-offs between different languages.<br> https://www.whatsupup.com/blog/eastward/homogenized/20210928-080617/ Tue, 28 Sep 2021 08:06:17 +0000 https://www.whatsupup.com/blog/eastward/homogenized/20210928-080617/ <p>October 16, 2020<br></p> <hr> On December 18, 2009[1](a<br> <hr> <a rel="noreferrer" target="_blank" href="https://steveklabnik.com/writing/thoughts-on-rust-in-2019">Thoughts on Rust in 2019</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://steveklabnik.com/writing/2-sup-5">0b100000</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://steveklabnik.com/writing/looking-back-at-rust-in-2018">Looking back at Rust in 2018</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://steveklabnik.com/writing/2013--year-in-review">2013: year in review</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://steveklabnik.com/writing/resque-1-25-0-pre-has-been-released">Resque 1.25.0.pre has been released</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://steveklabnik.com/writing/draper-1-0-0-beta2-release">Draper 1.0.0.beta2 release</a><br> <hr> My [last blog post](/2011<br> <hr> <a rel="noreferrer" target="_blank" href="https://steveklabnik.com/writing/goals-for-2011">Goals for 2011</a><br> <hr> https://www.whatsupup.com/blog/ideo/fleury/20210928-080610/ Tue, 28 Sep 2021 08:06:09 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210928-080610/ <p>In October 2016, media outlets reported that data collected by some of the world’s most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank , one of Russia’s largest financial institutions. Those publications set off speculation about a possible secret back-channel of communications, as well as a series of lawsuits and investigations that culminated last week with the indictment of the same former federal cybercrime prosecutor who brought the data to the attention of the FBI five years ago.<br> The first page of Alfa Bank’s 2020 complaint.<br> Since 2018, access to an exhaustive report commissioned by the U.S. Senate Armed Services Committee on data that prompted those experts to seek out the FBI has been limited to a handful of Senate committee leaders, Alfa Bank, and special prosecutors appointed to look into the origins of the FBI investigation on alleged ties between Trump and Russia.<br> That report is now public, ironically thanks to <a rel="noreferrer" target="_blank" href="https://www.justsecurity.org/72262/the-trump-alfa-bank-server-mystery-resurfaces/">a pair of lawsuits filed by Alfa Bank</a> , which doesn’t directly dispute the information collected by the researchers. Rather, it <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2021/09/alfacomplaint.png">claims</a> that the data they found was the result of a “highly sophisticated cyberattacks against it in 2016 and 2017” intended “to fabricate apparent communications” between Alfa Bank and the Trump Organization.<br> The DNS strangeness was first identified in 2016 by a group of security experts who told reporters they were alarmed at the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Democratic_National_Committee_cyber_attacks">hacking of the Democratic National Committee</a> , and grew concerned that the same attackers might also target Republican leaders and institutions.<br> Scrutinizing the Trump Organization’s online footprint, the researchers determined that for several months during the spring and summer of 2016, Internet servers at Alfa Bank in Russia, Spectrum Health in Michigan, and Heartland Payment Systems in New Jersey accounted for nearly all of the several thousand DNS lookups for a specific Trump Organization server (mail1.trump-email.com).<br> This chart from a court filing Sept. 14, 2021 shows the top sources of traffic to the Trump Organization email server over a four month period in the spring and summer of 2016. DNS lookups from Alfa Bank constituted the majority of those requests.<br> As recounted in <a rel="noreferrer" target="_blank" href="https://www.newyorker.com/magazine/2018/10/15/was-there-a-connection-between-a-russian-bank-and-the-trump-campaign">this 2018 New Yorker story</a> , New York Times journalist Eric Lichtblau met with FBI officials in late September 2016 to discuss the researchers’ findings. The bureau asked him to hold the story because publishing might disrupt an ongoing investigation. On Sept. 21, 2016, Lichtblau reportedly shared the DNS data with <a rel="noreferrer" target="_blank" href="https://bgrdc.com/">B.G.R.</a> , a Washington lobbying firm that worked with Alfa Bank.<br> Lichtblau’s reporting on the DNS findings ended up buried in an October 31, 2016 story titled “ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2016/11/01/us/politics/fbi-russia-election-donald-trump.html">Investigating Donald Trump, F.B.I. Sees No Clear Link to Russia</a> ,” which stated that the FBI “ultimately concluded that there could be an innocuous explanation, like marketing email or spam,” that might explain the unusual DNS connections.<br> Foer wrote that The Times hadn’t yet been in touch with the Trump campaign about the DNS data when the Trump email domain suddenly went offline.  Odder still, four days later the Trump Organization created a new host — trump1.contact-client.com — and the very first DNS lookup to that new domain came from servers at Alfa Bank.<br> A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.<br> On Sept. 14, KrebsOnSecurity heard from a reader who passed on an internal message apparently sent by TTEC to certain employees regarding the status of a widespread system outage that began on Sunday, Sept. 12.<br> TTEC has not responded to requests for comment. A phone call placed to the media contact number listed on an August 2021 TTEC earnings release produced a message saying it was a non-working number.<br> Top of the critical heap is <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444">CVE-2021-40444</a> , which affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. In <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/microsoft-attackers-exploiting-windows-zero-day-flaw/">a security advisory last week</a> , Microsoft warned attackers already are exploiting the flaw through Microsoft Office applications as well as IE.<br> The critical bug <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36965">CVE-2021-36965</a> is interesting, as it involves a remote code execution flaw in “WLAN AutoConfig,” the component in Windows 10 and many Server versions that handles auto-connections to Wi-Fi networks. One mitigating factor here is that the attacker and target would have to be on the same network, although many systems are configured to auto-connect to Wi-Fi network names with which they have previously connected.<br> Allan Liska , senior security architect at <a rel="noreferrer" target="_blank" href="https://www.recordedfuture.com">Recorded Future</a> , said a similar vulnerability — <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28316">CVE-2021-28316</a> — was announced in April.<br> “CVE-2021-28316 was a security bypass vulnerability, not remote code execution, and it has never been reported as publicly exploited,” Liska said. “That being said, the ubiquity of systems deployed with WLAN AutoConfig enabled could make it an attractive target for exploitation.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/microsoft-patch-tuesday-september-2021-edition/#more-56909">Continue reading →</a><br> In its Aug. 19 writeup, Cloudflare neglected to assign a name to the botnet behind the attack. But on Thursday DDoS protection firm Qrator Labs <a rel="noreferrer" target="_blank" href="https://blog.qrator.net/en/meris-botnet-climbing-to-the-record_142/">identified the culprit</a> — “Meris” — a new monster that first emerged at the end of June 2021.<br> While last night’s Meris attack on this site was far smaller than the recent Cloudflare DDoS, it was far larger than <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/">the Mirai DDoS attack</a> in 2016 that <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/">held KrebsOnSecurity offline for nearly four days</a> . The traffic deluge from Thursday’s attack on this site was more than four times what Mirai threw at this site five years ago. This latest attack involved more than two million requests-per-second. By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.<br> According to <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444">a security advisory</a> from Redmond, the security hole <a rel="noreferrer" target="_blank" href="https://us-cert.cisa.gov/ncas/current-activity/2021/09/07/microsoft-releases-mitigations-and-workarounds-cve-2021-40444">CVE-2021-40444</a> affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. IE been slowly abandoned for more recent Windows browsers like Edge , but the same vulnerable component also is used by Microsoft Office applications for rendering web-based content.<br> Microsoft has not yet released a patch for CVE-2021-40444, but says users can mitigate the threat from this flaw by disabling the installation of all ActiveX controls in IE. Microsoft says the vulnerability is currently being used in targeted attacks, although its advisory credits three different entities with reporting the flaw.<br> On of the researchers credited — EXPMON — <a rel="noreferrer" target="_blank" href="https://twitter.com/EXPMON_/status/1435310341689331721">said on Twitter</a> that it had reproduced the attack on the latest Office 2019 / Office 365 on Windows 10.<br> In May 2015, KrebsOnSecurity briefly <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2015/05/phishing-gang-is-audacious-manipulator/">profiled</a> “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities behind a software development firm in Lahore that has secretly enabled an entire generation of spammers and scammers.<br> The Web site in 2015 for the “Manipulaters Team,” a group of Pakistani hackers behind the dark web identity “Saim Raza,” who sells spam and malware tools and services.<br> For years leading up to 2015, “ <a href="mailto:admin@manipulaters.com">admin@manipulaters.com</a> ” was the name on the registration records for thousands of scam domains that spoofed some of the world’s top banks and brand names, but particularly Apple and Microsoft. When confronted about this, The Manipulaters founder Madih-ullah Riaz replied, “We do not deliberately host or allow any phishing or any other abusive website. Regarding phishing, whenever we receive complaint, we remove the services immediately. Also we are running business since 2006.”<br> The IT network of The Manipulaters, circa 2013. Image: Facebook<br> Two years later, KrebsOnSecurity received an email from Riaz asking to have his name and that of his business partner removed from the 2015 story, saying it had hurt his company’s ability to maintain stable hosting for their stable of domains.<br> “We run web hosting business and due to your post we got very serious problems especially no data center was accepting us,” Riaz wrote in a May 2017 email. “I can see you post on hard time criminals we are not criminals, at least it was not in our knowledge.”<br> Phishing domain names registered to The Manipulaters included an address in Karachi, with the phone number 923218912562 . That same phone number is shared in the WHOIS records for 4,000+ domains registered through domainprovider[.]work , a domain controlled by The Manipulaters that appears to be a reseller of another domain name provider.<br> As I noted in 2015, The Manipulaters Team used domain name service (DNS) settings from another blatantly fraudulent service called ‘ FreshSpamTools[.]eu ,’ which was offered by a fellow Pakistani who also conveniently sold phishing toolkits targeting a number of big banks.<br> “A number of health insurance companies have wellness programs to encourage employees to exercise more, where if you sign up and pledge to 30 push-ups a day for the next few months or something you’ll get five wellness points towards a $10 Starbucks gift card, which requires 1000 wellness points,” Bill explained. “They’re actually automating the process of replying saying you completed this activity so they can bump up your point balance and get your gift card.”<br> The domain Vip72[.]org was originally registered in 2006 to “ Corpse ,” the handle adopted by a Russian-speaking hacker who gained infamy several years prior for creating and selling an extremely sophisticated online banking trojan …</p> https://www.whatsupup.com/blog/palpable/mulla/20210928-080548/ Tue, 28 Sep 2021 08:05:48 +0000 https://www.whatsupup.com/blog/palpable/mulla/20210928-080548/ <p>2021/07/30<br> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2021/02/22/cloud-services.html">Cloud services, winter 2021</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2019/11/02/eoa.html">The essence of anticipation (2016)</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2016/07/02/cloud-services.html">Cloud services, summer 2016</a><br> https://www.whatsupup.com/blog/zipping/kathartic/20210928-080546/ Tue, 28 Sep 2021 08:05:46 +0000 https://www.whatsupup.com/blog/zipping/kathartic/20210928-080546/ <p><a rel="noreferrer" target="_blank" href="http://antirez.com/news/126">An update about Redis developments in 2019</a><br></p> <hr> Yesterday a concerned Redis user wrote the following on Hacker News: <p>— <a rel="noreferrer" target="_blank" href="https://news.ycombinator.com/item?id=19204436"><a href="https://news.ycombinator.com/item?id=19204436">https://news.ycombinator.com/item?id=19204436</a></a> — I love Redis, but I'm a bit skeptical of some of the changes that are currently in development. The respv3 protocol has some features that, while they sound neat, also could significantly complicate client library code. There's also a lot of work going into a granular acl. I can't imagine why this would be necessary, or a higher priority than other changes like multi-thread support, better persistence model, data-types, etc.<br> [EDIT! I'm reconsidering all this because Marc Gravell from Stack Overflow suggested that we could just switch protocol for backward compatibility per-connection, sending a command to enable RESP3. That means no longer need for a global configuration that switches the behavior of the server. Put in that way it is a lot more acceptable for me, and I'm reconsidering the essence of the blog post]</p> <p>A few weeks after the release of Redis 5, I’m here starting to implement RESP3, and after a few days of work it feels very well to see this finally happening. RESP3 is the new client-server protocol that Redis will use starting from Redis 6. The specification at <a rel="noreferrer" target="_blank" href="https://github.com/antirez/resp3"><a href="https://github.com/antirez/resp3">https://github.com/antirez/resp3</a></a> should explain in clear terms how this evolution of our old protocol, RESP2, should improve the Redis ecosystem. But let’s say that the most important thing is that RESP3 is more “semantic” than RESP2. For instance it has the concept of maps, sets (unordered lists of elements), attributes of the returned data, that may augment the reply with auxiliary information, and so forth. The final goal is to make new Redis clients have less work to do for us, that is, just deciding a set of fixed rules in order to convert every reply type from RESP3 to a given appropriate type of the client library programming language.<br> [This blog post is also experimentally available on Medium: <a rel="noreferrer" target="_blank" href="https://medium.com/antirez/a-short-tale-of-a-read-overflow-b9210d339cff">https://medium.com/antirez/a-short-tale-of-a-read-overflow-b9210d339cff</a> ]</p> <p>When a long running process crashes, it is pretty uncool. More so if the process happens to take a lot of state in memory. This is why I love web programming frameworks that are able, without major performance overhead, to create a new interpreter and a new state for each page view, and deallocate every resource used at the end of the page generation. It is an inherently more reliable programming paradigm, where memory leaks, descriptor leaks, and even random crashes from time to time do not constitute a serious issue. However system software like Redis is at the other side of the spectrum, a side populated by things that should never crash.<br> <a rel="noreferrer" target="_blank" href="http://antirez.com/news/108">Writing an editor in less than 1000 lines of code, just for fun</a><br></p> <hr> WARNING: Long pretty useless blog post. TLDR is that I wrote, just for fun, a text editor in less than 1000 lines of code that does not depend on ncurses and has support for syntax highlight and search feature. The code is here: <a rel="noreferrer" target="_blank" href="http://github.com/antirez/kilo">http://github.com/antirez/kilo</a> . <p>Screencast here: <a rel="noreferrer" target="_blank" href="https://asciinema.org/a/90r2i9bq8po03nazhqtsifksb"><a href="https://asciinema.org/a/90r2i9bq8po03nazhqtsifksb">https://asciinema.org/a/90r2i9bq8po03nazhqtsifksb</a></a> For the sentimentalists, keep reading…</p> <p>A couple weeks ago there was this news about the Nano editor no longer being part of the GNU project. My first reaction was, wow people still really care about an old editor which is a clone of an editor originally part of a terminal based EMAIL CLIENT. Let’s say this again, “email client”. The notion of email client itself is gone at this point, everything changed. And yet I read, on Hacker News, a number of people writing how they were often saved by the availability of nano on random systems, doing system administrator tasks, for example. Nano is also how my son wrote his first program in C. It’s an acceptable experience that does not require past experience editing files.<br> Yesterday night I was re-reading Redlock analysis Martin Kleppmann wrote ( <a rel="noreferrer" target="_blank" href="http://martin.kleppmann.com/2016/02/08/how-to-do-distributed-locking.html"><a href="http://martin.kleppmann.com/2016/02/08/how-to-do-distributed-locking.html">http://martin.kleppmann.com/2016/02/08/how-to-do-distributed-locking.html</a></a> ). At some point Martin wonders if there is some good way to generate monotonically increasing IDs with Redis.</p> <p>This apparently simple problem can be more complex than it looks at a first glance, considering that it must ensure that, in all the conditions, there is a safety property which is always guaranteed: the ID generated is always greater than all the past IDs generated, and the same ID cannot be generated multiple times. This must hold during network partitions and other failures. The system may just become unavailable if there are less than the majority of nodes that can be reached, but never provide the wrong answer (note: as we'll see this algorithm has another liveness issue that happens during high load of requests).<br> Martin Kleppmann, a distributed systems researcher, yesterday published an analysis of Redlock ( <a rel="noreferrer" target="_blank" href="http://redis.io/topics/distlock"><a href="http://redis.io/topics/distlock">http://redis.io/topics/distlock</a></a> ), that you can find here: <a rel="noreferrer" target="_blank" href="http://martin.kleppmann.com/2016/02/08/how-to-do-distributed-locking.html"><a href="http://martin.kleppmann.com/2016/02/08/how-to-do-distributed-locking.html">http://martin.kleppmann.com/2016/02/08/how-to-do-distributed-locking.html</a></a> Redlock is a client side distributed locking algorithm I designed to be used with Redis, but the algorithm orchestrates, client side, a set of nodes that implement a data store with certain capabilities, in order to create a multi-master fault tolerant, and hopefully safe, distributed lock with auto release capabilities.<br> Lua scripting is probably the most successful Redis feature, among the ones introduced when Redis was already pretty popular: no surprise that a few of the things users really want are about scripting. The following two features were suggested multiple times over the last two years, and many people tried to focus my attention into one or the other during the Redis developers meeting, a few weeks ago.</p> <ol> <li>A proper debugger for Redis Lua scripts.</li> <li>Replication, and storage on the AOF, of Lua scripts as a set of write commands materializing the <em>effects</em> of the script, instead of replicating the script itself as we normally do.<br> I’m just back from the Redis Dev meeting 2015. We spent two incredible days talking about Redis internals in many different ways. However while I’m waiting to receive private notes from other attenders, in order to summarize in a blog post what happened and what were the most important ideas exposed during the meetings, I’m going to touch a different topic here. I took the non trivial decision to move the Redis mailing list, consisting of 6700 members, to Reddit.</li> </ol> <p>This looks like a crazy ideas probably in some way, and “to move” is probably not the right verb, since the ML will still exist. However it will only be used in order to receive announcements of new releases, critical informations like security related ones, and from time to time, links to very important discussions that are happening on Reddit.<br> If you know me, you know I’m not the kind of guy that considers competing products a bad thing. I actually love the users to have choices, so I rarely do anything like comparing Redis with other technologies. However it is also true that in order to pick the right solution users must be correctly informed.</p> <p>This post was triggered by reading a blog post published by Mike Perham, that you may know as the author of a popular library called Sidekiq, that happens to use Redis as backend. So I would not consider Mike a person which is “against” Redis at all. Yet in his blog post that you can find at the URL <a rel="noreferrer" target="_blank" href="http://www.mikeperham.com/2015/09/24/storing-data-with-redis/"><a href="http://www.mikeperham.com/2015/09/24/storing-data-with-redis/">http://www.mikeperham.com/2015/09/24/storing-data-with-redis/</a></a> he states that, for caching, “you should probably use Memcached instead [of Redis]”. So Mike simply really believes Redis is not good for caching, and he arguments his thesis in this way:<br> Everybody knows Redis is single threaded. The best informed ones will tell you that, actually, Redis is <em>kinda</em> single threaded, since there are threads in order to perform certain slow operations on disk. So far threaded operations were so focused on I/O that our small library to perform asynchronous tasks on a different thread was called bio.c: Background I/O, basically.</p> <p>However some time ago I opened an issue where I promised a new Redis feature that many wanted, me included, called “lazy free”. The original issue is here: <a rel="noreferrer" target="_blank" href="https://github.com/antirez/redis/issues/1748"><a href="https://github.com/antirez/redis/issues/1748">https://github.com/antirez/redis/issues/1748</a></a> .<br> Yesterday Amplitude published an article about scaling analytics, in the context of using the Set data type. The blog post is here: <a rel="noreferrer" target="_blank" href="https://amplitude.com/blog/2015/08/25/scaling-analytics-at-amplitude/"><a href="https://amplitude.com/blog/2015/08/25/scaling-analytics-at-amplitude/">https://amplitude.com/blog/2015/08/25/scaling-analytics-at-amplitude/</a></a> On Hacker News people asked why not using Redis instead: <a rel="noreferrer" target="_blank" href="https://news.ycombinator.com/item?id=10118413"><a href="https://news.ycombinator.com/item?id=10118413">https://news.ycombinator.com/item?id=10118413</a></a> Amplitude developers have their set of reasons for not using Redis, and in general if you have a very specific problem and want to scale it in the best possible way, it makes sense to implement your vertical solution. I’m not adverse to reinventing the wheel, you want your very specific wheel sometimes, that a general purpose system may not be able to provide. Moreover creating your solution gives you control on what you did, boosts your creativity and your confidence in what you, as a developer can do, makes you able to debug whatever bug may arise in the future without external help.<br> I’m back from Paris, DotScale 2015 was a very interesting conference. Before leaving I was working on Sentinel in the context of the unstable branch: the work was mainly about connection sharing. In short, it is the ability of a few Sentinels to scale, monitoring many masters. Before to leave, and now that I’m back, I tried to “secure” a set of features that will be the basis for Redis 3.2. In the next weeks I’ll be focusing developing these features, so I thought it’s worth to share the list with you ASAP.<br> <a rel="noreferrer" target="_blank" href="http://antirez.com/news/87">Redis Conference 2015</a><br></p> <hr> I’m back home, after a non easy trip, since to travel from San Francisco to Sicily is kinda NP complete: there are no solutions involving less than three flights. However it was definitely worth it, because the Redis Conference 2015 was very good, SF was wonderful as usually and I was able to meet with many interesting people. Here I’ll limit myself to writing a short account of the conference, but the trip was also an incredible … https://www.whatsupup.com/blog/buckeroo/doubling/20210927-192225/ Mon, 27 Sep 2021 19:22:25 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210927-192225/ September 27, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/09/27/Let-distros-do-their-job.html">Developers: Let distros do their job</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210927-082029/ Mon, 27 Sep 2021 08:20:29 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210927-082029/ German conservatives, Social Democrats tied in vote to decide Angela Merkel's successor as chancellor <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/europe/germans-vote-close-election-decide-merkel-successor-2021-09-25/">VIEW MORE</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20210927-081625/ Mon, 27 Sep 2021 08:16:24 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210927-081625/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/09/19/Blueskid-demo">Blueskid Demo</a> · I’ve been in the conversation around Twitter’s <a rel="noreferrer" target="_blank" href="https://twitter.com/bluesky">@bluesky</a> project, and last December I posted <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2020/12/01/Bluesky-Identity">@bluesky Identity</a> , a proposal for mapping between social-media identities based on public keys and signatures. Recently @bluesky announced the <a rel="noreferrer" target="_blank" href="https://blueskyweb.org/satellite">Satellite</a> contest, whose goal is to take identities on three or more online properties and “Link them in a way that anyone can verify you are the author/owner of all.” Which is more or less what @bluesky Identity is all about. So I pulled together a <a rel="noreferrer" target="_blank" href="https://github.com/timbray/blueskidgo">working demo called “Blueskid” (GitHub)</a> . This is a quick walk-through of Blueskid <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/09/19/Blueskid-demo">…</a> [1 comment]<br> https://www.whatsupup.com/blog/phonic/shopboy/20210927-081412/ Mon, 27 Sep 2021 08:14:12 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210927-081412/ Threader <a rel="noreferrer" target="_blank" href="https://twitter.com/threader_app">@threader_app</a><br> @mcnalg Hey, the thread is ready and compiled. You can read the whole version here: <a rel="noreferrer" target="_blank" href="https://t.co/kDzD2KzMgv"><a href="https://t.co/kDzD2KzMgv">https://t.co/kDzD2KzMgv</a></a><br> Chris Dixon <a rel="noreferrer" target="_blank" href="https://twitter.com/cdixon">@cdixon</a><br> Web 3 offers a new way that combines the best aspects of the previous eras. It’s very early in this movement and a great time to get involved.<br> Before Web 3, users and builders had to choose between the limited functionality of Web 1 or the corporate, centralized model of Web 2.<br> https://www.whatsupup.com/blog/gonadal/revving/20210925-201741/ Sat, 25 Sep 2021 20:17:40 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210925-201741/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/codeforces/">Codeforces</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/solutions/">solutions</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/21/competitive-programming-in-haskell-codeforces-educational-round-114/#comments">2 Comments</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210925-201531/ Sat, 25 Sep 2021 20:15:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210925-201531/ 'I felt like my voice wasn't important': Mother seeks justice for Navajo daughter after Petito case gains global attention <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/amid-attention-petito-case-native-mother-seeks-justice-2021-09-25/">VIEW MORE</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210925-121747/ Sat, 25 Sep 2021 12:17:46 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210925-121747/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/codeforces/">Codeforces</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/solutions/">solutions</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/21/competitive-programming-in-haskell-codeforces-educational-round-114/#comments">1 Comment</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210925-121540/ Sat, 25 Sep 2021 12:15:39 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210925-121540/ Exclusive: Under U.S. sanctions, Iran and Venezuela strike oil export deal <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/energy/exclusive-under-us-sanctions-iran-venezuela-strike-oil-export-deal-sources-2021-09-25/">VIEW MORE</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210924-201756/ Fri, 24 Sep 2021 20:17:56 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210924-201756/ Exclusive: The White House will announce that millions of federal contractors must be vaccinated against COVID-19 by Dec. 8 <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/exclusive-white-house-wants-millions-government-contractors-vaccinated-by-dec-8-2021-09-24/?utm_source=banner&utm_medium=mobile">VIEW MORE</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210924-162012/ Fri, 24 Sep 2021 16:20:11 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210924-162012/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/projects/">projects</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/game/">game</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/programming/">programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/resource/">resource</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/robot/">robot</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/swarm/">Swarm</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/23/swarm-preview-and-call-for-collaboration/#comments">2 Comments</a><br> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2009/01/12/abstraction-intuition-and-the-monad-tutorial-fallacy/">Abstraction, intuition, and the "monad tutorial fallacy"</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210924-161738/ Fri, 24 Sep 2021 16:17:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210924-161738/ U.S. House approves bill protecting abortion rights in response to new state restrictions <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/us-house-passes-abortion-rights-bill-expected-fail-senate-2021-09-24/?utm_source=banner&utm_medium=mobile">VIEW MORE</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210924-082024/ Fri, 24 Sep 2021 08:20:24 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210924-082024/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/23/swarm-preview-and-call-for-collaboration/">Swarm: preview and call for collaboration</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210924-042044/ Fri, 24 Sep 2021 04:20:43 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210924-042044/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/23/swarm-preview-and-call-for-collaboration/">Swarm: preview and call for collaboration</a><br></p> <hr> For about a month now I have been working on building a game <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com#fn1">1</a> , tentatively titled <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/swarm">Swarm</a> . It’s nowhere near finished, but it has at least reached a point where I’m not embarrassed to show it off. I would love to hear feedback, and I would especially love to have others contribute! Read on for more details.<br> Swarm is a 2D tile-based resource gathering game, but with a twist: the only way you can interact with the world is by building and programming robots. And there’s another twist: the kinds of commands your robots can execute, and the kinds of programming language features they can interpret, depends on what devices they have installed; and you can create new devices only by gathering resources. So you start out with only very basic capabilities and have to bootstrap your way into more sophisticated forms of exploration and resource collection.<br> I guess you could say it’s kind of like a cross between Minecraft, Factorio, and <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Karel_(programming_language)">Karel the Robot</a> , but with a much cooler programming language (lambda calculus + polymorphism + recursion + exceptions + a command monad for first-class imperative programs + a bunch of other stuff).<br> The game is far from complete, and especially needs a lot more depth in terms of the kinds of devices and levels of abstraction you can build. But for me at least, it has already crossed the line into something that is actually somewhat fun to play.<br> If it sounds interesting to you, give it a spin! Take a look at the <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/swarm/blob/main/README.md">README</a> and the <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/swarm/blob/main/TUTORIAL.md">tutorial</a> . If you’re interested in contributing to development, check out the <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/swarm/blob/main/CONTRIBUTING.md">CONTRIBUTING</a> file and the <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/swarm/issues">GitHub issue tracker</a> , which I have populated with a plethora of tasks of varying difficulty. This could be a great project to contribute to especially if you’re relatively new to Haskell; I try to keep everything well-organized and well-commented, and am happy to help guide new contributors.<br> Can you tell I am on sabbatical?<br> Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/projects/">projects</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/game/">game</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/programming/">programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/resource/">resource</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/robot/">robot</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/swarm/">Swarm</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/23/swarm-preview-and-call-for-collaboration/#respond">Leave a comment</a><br> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/game/">game</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210924-001818/ Fri, 24 Sep 2021 00:18:18 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210924-001818/ U.S. House Select Committee probing Jan. 6 Capitol riot subpoenas ex-Trump advisers including Mark Meadows and Steve Bannon <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/congressional-probe-us-capitol-riot-subpoenas-bannon-meadows-2021-09-23/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/usa-cyber-expressvpn/expressvpn-employees-complain-about-ex-spys-top-role-at-company-idUSKBN2GJ1V9">ExpressVPN employees complain about ex-spy's top role at company</a><br></p> <hr> SAN FRANCISCO (Reuters) -When a senior executive at virtual private network company ExpressVPN admitted to working on behalf of a foreign intelligence service to hack American machines last week, it stunned employees at his new company, according to interviews and electronic records.<br> SAN FRANCISCO, Sept 23 When a senior executive at virtual private network company ExpressVPN admitted to working on behalf of a foreign intelligence service to hack American machines last week, it stunned employees at his new company, according to interviews and electronic records.<br> https://www.whatsupup.com/blog/overgrazing/propellent/20210924-001747/ Fri, 24 Sep 2021 00:17:47 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210924-001747/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/completely-running-blind-apples-power">“Completely Running Blind.” Apple’s Power Move To Kneecap Facebook Ads Is Working.</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/completely-running-blind-apples-power">Facebook can survive its scandals, but Apple’s anti-tracking initiative is doing meaningful damage to its business, according to the company and its advertisers.</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210923-200947/ Thu, 23 Sep 2021 20:09:47 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210923-200947/ <p><a rel="noreferrer" target="_blank" href="https://retool.com/blog/introducing-modules/">Today, we’re excited to introduce Modules, a new way for Retool customers to reuse groups of components and queries between applications.</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/introducing-our-new-chart-component/">We’re excited to announce our new chart component is generally available for all customers. Now you can bring custom and interactive visualizations to every Retool app.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/when-bi-tools-fall-short-our-own-marketing-dashboards/">If you’ve ever had to wrangle a maze of marketing, sales, and BI tools—just to end up plugging it all into a spreadsheet—this article is for you. We’ll go over the three core dashboards and explain why we treat our analytics as a product rather than a static dashboard.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210923-200715/ Thu, 23 Sep 2021 20:07:14 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210923-200715/ As recounted in <a rel="noreferrer" target="_blank" href="https://www.newyorker.com/magazine/2018/10/15/was-there-a-connection-between-a-russian-bank-and-the-trump-campaign">this 2018 New Yorker story</a> , New York Times journalist Eric Lichtblau met with FBI officials in late September 2016 to discuss the researchers’ findings. The bureau asked him to hold the story because publishing might disrupt an ongoing investigation. On Sept. 21, 2016, Lichtblau reportedly shared the DNS data with <a rel="noreferrer" target="_blank" href="https://bgrdc.com/">B.G.R.</a> , a Washington lobbying firm that worked with Alfa Bank.<br> https://www.whatsupup.com/blog/buckeroo/doubling/20210923-162139/ Thu, 23 Sep 2021 16:21:38 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210923-162139/ September 23, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/09/23/Nitter-and-other-internet-reclamation-projects.html">Nitter and other Internet reclamation projects</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210923-160737/ Thu, 23 Sep 2021 16:07:36 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210923-160737/ In October 2016, media outlets reported that data collected by some of the world’s most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank , one of Russia’s largest financial institutions. Those publications set off speculation about a possible secret back-channel of communications, as well as a series of lawsuits and investigations that culminated last week with the indictment of the same former federal cybercrime prosecutor who brought the data to the attention of the FBI five years ago.<br> The first page of Alfa Bank’s 2020 complaint.<br> Since 2018, access to an exhaustive report commissioned by the U.S. Senate Armed Services Committee on data that prompted those experts to seek out the FBI has been limited to a handful of Senate committee leaders, Alfa Bank, and special prosecutors appointed to look into the origins of the FBI investigation on alleged ties between Trump and Russia.<br> That report is now public, ironically thanks to <a rel="noreferrer" target="_blank" href="https://www.justsecurity.org/72262/the-trump-alfa-bank-server-mystery-resurfaces/">a pair of lawsuits filed by Alfa Bank</a> , which doesn’t directly dispute the information collected by the researchers. Rather, it <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2021/09/alfacomplaint.png">claims</a> that the data they found was the result of a “highly sophisticated cyberattacks against it in 2016 and 2017” intended “to fabricate apparent communications” between Alfa Bank and the Trump Organization.<br> The data at issue refers to communications traversing the Domain Name System (DNS), a global database that maps computer-friendly coordinates like Internet addresses (e.g., 8.8.8.8) to more human-friendly domain names (example.com). Whenever an Internet user gets online to visit a website or send an email, the user’s device sends a query through the Domain Name System.<br> Many different entities capture and record this DNS data as it traverses the public Internet, allowing researchers to go back later and see which Internet addresses resolved to what domain names, when, and for how long. Sometimes the metadata generated by these lookups can be used to identify or infer persistent network connections between different Internet hosts.<br> The DNS strangeness was first identified in 2016 by a group of security experts who told reporters they were alarmed at the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Democratic_National_Committee_cyber_attacks">hacking of the Democratic National Committee</a> , and grew concerned that the same attackers might also target Republican leaders and institutions.<br> Scrutinizing the Trump Organization’s online footprint, the researchers determined that for several months during the spring and summer of 2016, Internet servers at Alfa Bank in Russia, Spectrum Health in Michigan, and Heartland Payment Systems in New Jersey accounted for nearly all of the several thousand DNS lookups for a specific Trump Organization server (mail1.trump-email.com).<br> This chart from a court filing Sept. 14, 2021 shows the top sources of traffic to the Trump Organization email server over a four month period in the spring and summer of 2016. DNS lookups from Alfa Bank constituted the majority of those requests.<br> The researchers said they couldn’t be sure what kind of communications between those servers had caused the DNS lookups, but concluded that the data would be extremely difficult to fabricate.<br> As recounted in <a rel="noreferrer" target="_blank" href="https://www.newyorker.com/magazine/2018/10/15/was-there-a-connection-between-a-russian-bank-and-the-trump-campaign">this 2018 New Yorker story</a> , New York Times journalist Eric Lichtblau met with FBI officials in late September 2016 to discuss the researchers’ findings, and that the bureau asked him to hold the story because publishing might disrupt an ongoing investigation. On Sept. 21, 2016, Lichtblau reportedly shared the DNS data with <a rel="noreferrer" target="_blank" href="https://bgrdc.com/">B.G.R.</a> , a Washington lobbying firm that worked with Alfa Bank.<br> Lichtblau’s reporting on the DNS findings ended up buried in an October 31, 2016 story titled “ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2016/11/01/us/politics/fbi-russia-election-donald-trump.html">Investigating Donald Trump, F.B.I. Sees No Clear Link to Russia</a> ,” which stated that the FBI “ultimately concluded that there could be an innocuous explanation, like marketing email or spam,” that might explain the unusual DNS connections.<br> But that same day, Slate’s Franklin Foer <a rel="noreferrer" target="_blank" href="http://www.slate.com/articles/news_and_politics/cover_story/2016/10/was_a_server_registered_to_the_trump_organization_communicating_with_russia.html">published a story</a> based on his interactions with the researchers. Foer noted that roughly two days after Lichtblau shared the DNS data with B.G.R., the Trump Organization email server domain vanished from the Internet — its domain effectively decoupled from its Internet address.<br> Foer wrote that The Times hadn’t yet been in touch with the Trump campaign about the DNS data when the Trump email domain suddenly went offline.  Odder still, four days later the Trump Organization created a new host — trump1.contact-client.com — and the very first DNS lookup to that new domain came from servers at Alfa Bank.<br> The researchers concluded that the new domain enabled communication to the very same server via a different route.<br> “When a new host name is created, the first communication with it is never random,” Foer wrote. “To reach the server after the resetting of the host name, the sender of the first inbound mail has to first learn of the name somehow. It’s simply impossible to randomly reach a renamed server.”<br> “That party had to have some kind of outbound message through SMS, phone, or some noninternet channel they used to communicate [the new configuration],” DNS expert Paul Vixie told Foer. “The first attempt to look up the revised host name came from Alfa Bank. If this was a public server, we would have seen other traces. The only look-ups came from this particular source.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/lawsuits-indictments-revive-trump-alfa-bank-story/#more-57039">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/lawsuits-indictments-revive-trump-alfa-bank-story/">Indictment, Lawsuits Revive Trump-Alfa Bank Story</a><br> https://www.whatsupup.com/blog/traveling/splay/20210923-122114/ Thu, 23 Sep 2021 12:21:14 +0000 https://www.whatsupup.com/blog/traveling/splay/20210923-122114/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/09/23/espanol/hongo-pilobolus-espacio.html">Allá afuera Lo que un hongo revela sobre el programa espacial El Pilobolus crece mayormente en el excremento y parece saber cuándo debe buscar nuevos territorios. Su comportamiento sirve como metáfora de la exploración humana en el espacio. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210923-082221/ Thu, 23 Sep 2021 08:22:20 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210923-082221/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/by/mike-isaac#after-top">Continue reading the main story</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20210923-041915/ Thu, 23 Sep 2021 04:19:14 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210923-041915/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-02578-4">Will NASA’s Moon rover find enough of the ice it seeks?</a><br></p> <hr> News of VIPER’s future landing site sparks concern about its exploration plan.<br> https://www.whatsupup.com/blog/playacted/rededication/20210923-002335/ Thu, 23 Sep 2021 00:23:34 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210923-002335/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/09/22/technology/facebook-cto-step-down-mike-schroepfer.html">Facebook’s Chief Technology Officer to Step Down in 2022 Mike Schroepfer, who leads the company’s artificial intelligence and other technical efforts, said he planned to transition into a role as a senior fellow. By Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210923-002102/ Thu, 23 Sep 2021 00:21:02 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210923-002102/ The U.S. FDA authorizes booster shots of the Pfizer COVID-19 vaccine for those aged 65 and older and adults at high risk <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/healthcare-pharmaceuticals/us-fda-authorize-third-dose-pfizer-covid-19-vaccine-older-americans-bloomberg-2021-09-22/">VIEW MORE</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20210923-002031/ Thu, 23 Sep 2021 00:20:30 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210923-002031/ Big Technology is on <a rel="noreferrer" target="_blank" href="https://substack.com">Substack</a> – the place for independent writing<br> https://www.whatsupup.com/blog/phonic/shopboy/20210923-001411/ Thu, 23 Sep 2021 00:14:10 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210923-001411/ I'm discussing “One On One with A & Z” with @bhorowitz and a16z. Today, Sep 22 RIGHT NOW in @clubhouse. Join us! <a rel="noreferrer" target="_blank" href="https://t.co/kiTdAiuf7P"><a href="https://t.co/kiTdAiuf7P">https://t.co/kiTdAiuf7P</a></a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210922-201955/ Wed, 22 Sep 2021 20:19:55 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210922-201955/ Federal Reserve looks toward reducing monthly bond purchases 'soon,' signals possible rate hike in 2022 <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/finance/fed-likely-open-bond-buying-taper-door-hedge-outlook-2021-09-22/">VIEW MORE</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20210922-201549/ Wed, 22 Sep 2021 20:15:48 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210922-201549/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/09/09/Savannah-Hunter-Thorn">Saving þ</a> · Herewith a lost-pet story with (spoiler) a happy ending, starring a real bloodhound. Soon to be a major motion picture, I bet <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/09/09/Savannah-Hunter-Thorn">…</a> [1 comment]<br> https://www.whatsupup.com/blog/phonic/shopboy/20210922-201320/ Wed, 22 Sep 2021 20:13:19 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210922-201320/ Hugo Barra <a rel="noreferrer" target="_blank" href="https://twitter.com/hbarra">@hbarra</a><br> Here are the Top 10 most fascinating stats about LatAm Tech in 2021 from Atlantico founding partner @JulioV and our team at @AtlanticoPart <a rel="noreferrer" target="_blank" href="https://t.co/Q4WOMcZGZq"><a href="https://t.co/Q4WOMcZGZq">https://t.co/Q4WOMcZGZq</a></a><br> https://www.whatsupup.com/blog/gonadal/revving/20210922-162422/ Wed, 22 Sep 2021 16:24:21 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210922-162422/ Yesterday morning I competed in <a rel="noreferrer" target="_blank" href="https://codeforces.com/contest/1574">Educational Round 114</a> on <a rel="noreferrer" target="_blank" href="http://codeforces.com/">codeforces.com</a> , using only Haskell. It is somewhat annoying since it does not support as many Haskell libraries as <a rel="noreferrer" target="_blank" href="http://open.kattis.com">Open Kattis</a> ( e.g. no<br> solve :: Set [ Int ] -> [ [ Int ] ] -> [ Int ] solve forbidden = head . filter ( <code>S.notMember</code> forbidden ) . sortOn ( Down . sum ) . sequence<br> We can think of the tuples as forming a lattice, where the children of a tuple are all the tuples obtained by downgrading exactly one slot of to the next smaller choice. Then the intended solution is to realize that the largest non-forbidden tuple must either be the top element of the lattice (the tuple with the maximum possible value for every slot), OR a child of one of the forbidden tuples (it is easy to see this by contradiction—any tuple which is not the child of a forbidden tuple has at least one parent which has a greater total value). So we can just iterate over all the forbidden tuples (there are at most ), generate all possible children (at most 10) for each one, and take the maximum.<br> sortOn (Down . sum) . sequence<br> more efficiently, by interleaving the sorting and the generation. If it can be done lazily enough, then we could just search through the beginning of the generated ordered list of tuples for the first non-forbidden one, without having to actually generate the entire list. Indeed, this reminded me very much of <a rel="noreferrer" target="_blank" href="https://www.cs.hmc.edu/~oneill/papers/Sieve-JFP.pdf">Richard Bird’s implementation of the Sieve of Eratosthenes</a> (see p. 11 of that PDF). The basic idea is to make a function which takes a list of choices for a slot, and a (recursively generated) list of tuples sorted by decreasing sum, and combines each choice with every tuple, merging the results so they are still sorted. However, the key is that when combining the best possible choice for the slot with the largest tuple in the list, we can just immediately return the resulting tuple as the first (best) tuple in the output list, without needing to involve it in any merging operation. This affords just enough laziness to get the whole thing off the ground. I’m not going to explain it in more detail than that; you can study the code below if you like.<br> I’m quite pleased that this worked, though it’s definitely an instance of me making things more complicated than necessary.<br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210922-161817/ Wed, 22 Sep 2021 16:18:16 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210922-161817/ <p>Posted by Priya Wadhwa and Appu Goundan, Google Open Source Security Team<br> A few months ago we announced that we started <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/05/making-internet-more-secure-one-signed.html">signing all distroless images with cosign</a> , which allows users to verify that they have the correct image before starting the build process. Signing our images was our first step towards fully securing the distroless supply chain. Since then, we’ve implemented even more accountability in our supply chain and are excited to announce that distroless builds have achieved <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa/blob/main/docs/levels.md#level-requirements">SLSA 2</a> . SLSA is a <a rel="noreferrer" target="_blank" href="https://slsa.dev/">security framework</a> for increasing supply chain security, and Level 2 ensures that the build service is tamper resistant. This means that in addition to a signature, each distroless image now has an associated signed provenance. This provenance is an in-toto attestation and includes information around how each image was built, what command was run, and what build system was used. It also includes any special parameters that were passed in, the exact commit the images were built at, and more. This provenance is a useful tool for builds that need to be audited in the future.<br> SLSA 2 Requirement<br> Distroless<br> Source - <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa/blob/main/docs/requirements.md#version-controlled">Version controlled</a><br> Source code in Github<br> Build - <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa/blob/main/docs/requirements.md#scripted-build">Scripted build</a><br> Build script exists as a Tekton Pipeline, invoked as a Google Cloud Build step<br> Build - <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa/blob/main/docs/requirements.md#build-service">Build service</a><br> All steps run on Kubernetes with Tekton<br> Provenance - <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa/blob/main/docs/requirements.md#available">Available</a><br> Provenance is available in the rekor transparency log as an in-toto attestation<br> Provenance - <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa/blob/main/docs/requirements.md#authenticated">Authenticated</a><br> Provenance is signed with the distroless GCP KMS key<br> Provenance - <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa/blob/main/docs/requirements.md#service-generated">Service generated</a><br> Provenance is generated by Tekton Chains from a Tekton TaskRun<br> Achieving SLSA 2 required some changes to the distroless build pipeline: we set up Tekton Pipelines and <a rel="noreferrer" target="_blank" href="https://github.com/tektoncd/chains">Tekton Chains</a> in a GKE cluster to automate building images and generating provenance. Every time a pull request is merged to the distroless Github repo, a Tekton Pipeline is triggered. This Pipeline builds the distroless images, and Tekton Chains is responsible for generating signed provenance for each image. Tekton Chains stores the signed provenance alongside the image in an OCI registry and also stores a record of the provenance in the <a rel="noreferrer" target="_blank" href="https://github.com/sigstore/rekor">rekor</a> transparency log. Don't trust us? You can try the build yourself. Because distroless builds are reproducible, all the information to replicate the build is in the provenance, and you or a trusted third party can build the image yourselves and verify the build is correct by matching image digests. You can verify an attestation for a distroless image with <a rel="noreferrer" target="_blank" href="https://github.com/sigstore/cosign">cosign</a> and the distroless <a rel="noreferrer" target="_blank" href="https://raw.githubusercontent.com/GoogleContainerTools/distroless/main/cosign.pub">public key</a> :<br> $ cosign verify-attestation -key cosign.pub gcr.io/distroless/base@sha256:4f8aa0aba190e375a5a53bb71a303c89d9734c817714aeaca9bb23b82135ed91<br> Verification for gcr.io/distroless/base@sha256:4f8aa0aba190e375a5a53bb71a303c89d9734c817714aeaca9bb23b82135ed91 –<br> The following checks were performed on each of these signatures:<br></p> <ul> <li>The cosign claims were validated<br></li> <li>The signatures were verified against the specified public key<br></li> <li>Any certificates were verified against the Fulcio roots.<br> …<br> And you can find the provenance for the image in the rekor transparency log with the <a rel="noreferrer" target="_blank" href="https://github.com/sigstore/rekor/releases/">rekor-cli</a> tool. For example, you could find the provenance for the above image by using the image’s digest and running:<br> $ rekor-cli search –sha sha256:4f8aa0aba190e375a5a53bb71a303c89d9734c817714aeaca9bb23b82135ed91<br> af7a9687d263504ccdb2759169c9903d8760775045c6e7554e365ec2bf29f6f8<br> $ rekor-cli get –uuid af7a9687d263504ccdb2759169c9903d8760775045c6e7554e365ec2bf29f6f8 –format json | jq -r .Attestation | base64 –decode | jq<br> "_type": "distroless-provenance",<br> "predicateType": "https://tekton.dev/chains/provenance",<br> "subject": [<br> "name": "gcr.io/distroless/base",<br> "digest": {<br> "sha256": "703a4726aedc9ec7a7e32251087565246db117bb9a141a7993d1c4bb4036660d"<br> "sha256": "d322ed16d530596c37eee3eb57a039677502aa71f0e4739b0272b1ebd8be9bce"<br> "sha256": "2dfdd5bf591d0da3f67a25f3fc96d929b256d5be3e0af084db10952e5da2c661"<br> "sha256": "4f8aa0aba190e375a5a53bb71a303c89d9734c817714aeaca9bb23b82135ed91"<br> "sha256": "dc0a793d83196a239abf3ba035b3d1a0c7a24184856c2649666e84bc82fc5980"<br> "name": "gcr.io/distroless/base-debian10",<br> "sha256": "c9507268813f235b11e63a7ae01526b180c94858bd718d6b4746c9c0e8425f7a"<br> "name": "gcr.io/distroless/cc",<br> "sha256": "4af613acf571a1b86b1d3c50682caada0b82024e566c1c4c2fe485a70f3af47d"<br> "sha256": "2c4bb6b7236db0a55ec54ba8845e4031f5db2be957ac61867872bf42e56c4deb"<br> "name": "gcr.io/distroless/cc-debian10",<br> "name": "gcr.io/distroless/java",<br> "sha256": "deb41661be772c6256194eb1df6b526cc95a6f60e5f5b740dda2769b20778c51"<br> "name": "gcr.io/distroless/nodejs",<br> "sha256": "927dd07e7373e1883469c95f4ecb31fe63c3acd104aac1655e15cfa9ae0899bf"<br> "sha256": "f106757268ab4e650b032e78df0372a35914ed346c219359b58b3d863ad9fb58"<br> "name": "gcr.io/distroless/nodejs-debian10",<br> "name": "gcr.io/distroless/python3",<br> "sha256": "aa8a0358b2813e8b48a54c7504316c7dcea59d6ae50daa0228847de852c83878"<br> "name": "gcr.io/distroless/python3-debian10",<br> "name": "gcr.io/distroless/static",<br> "sha256": "9acfd1fdf62b26cbd4f3c31422cf1edf3b7b01a9ecee00a499ef8b7e3536914d"<br> "sha256": "e50641dbb871f78831f9aa7ffa59ec8f44d4cc33ae4ee992c9f4b046040e97f2"<br> "name": "gcr.io/distroless/static-debian10",<br> ],<br> "predicate": {<br> "invocation": {<br> "parameters": [<br> "MANIFEST_SUBSECTION={string 0 []}",<br> "CHAINS-GIT_COMMIT={string 976c1c9bc178ac0371d8888d69893145c3df09f0 []}",<br> "CHAINS-GIT_URL={string https://github.com/GoogleContainerTools/distroless []}"<br> "recipe_uri": "task://distroless-provenance",<br> "event_id": "531c282f-806e-41e4-b3ad-b596c4283381",<br> "builder.id": "tekton-chains"<br> "recipe": {<br> "steps": [<br> "entryPoint": "#!/bin/sh\nset -ex\n\n# get the digests for a subset of images built, and store in the IMAGES result\ngo run provenance/provenance.go images $(params.MANIFEST_SUBSECTION) > $(results.IMAGES.path)\n",<br> "arguments": null,<br> "environment": {<br> "container": "provenance",<br> "image": "docker.io/library/golang@sha256:cb1a7482cb5cfc52527c5cdea5159419292360087d5249e3fe5472f3477be642"<br> "annotations": null<br> ]<br> "metadata": {<br> "buildStartedOn": "2021-09-16T00:03:04Z",<br> "buildFinishedOn": "2021-09-16T00:04:36Z"<br> "materials": [<br> "uri": "https://github.com/GoogleContainerTools/distroless",<br> "revision": "976c1c9bc178ac0371d8888d69893145c3df09f0"<br> As you might guess, our next step is getting distroless to SLSA 3, which will require adding non-falsifiable provenance and isolated builds to the distroless supply chain. Stay tuned for more!<br> Labels: <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/Open%20Source">Open Source</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/Security">Security</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/supply%20chain">supply chain</a><br></li> </ul> https://www.whatsupup.com/blog/twopenny/ultraism/20210922-122059/ Wed, 22 Sep 2021 12:20:59 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210922-122059/ Backers of Trump's false fraud claims seek to control next election <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/backers-trumps-false-fraud-claims-seek-control-next-us-elections-2021-09-22/">VIEW MORE</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210922-042359/ Wed, 22 Sep 2021 04:23:56 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210922-042359/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/21/competitive-programming-in-haskell-codeforces-educational-round-114/">Competitive programming in Haskell: Codeforces Educational Round 114</a><br></p> <hr> Yesterday morning I competed in <a rel="noreferrer" target="_blank" href="https://codeforces.com/contest/1574">Educational Round 114</a> on <a rel="noreferrer" target="_blank" href="http://codeforces.com/">codeforces.com</a> , using only Haskell. It is a somewhat annoying since it does not support as many Haskell libraries as <a rel="noreferrer" target="_blank" href="http://open.kattis.com">Open Kattis</a> ( e.g. no<br> unordered-containers<br> split<br> , or<br> vector<br> ); but on the other hand, a lot of really top competitive programmers are active there, and I enjoy occasionally participating in a timed contest like this when I am able.<br> WARNING : here be spoilers! Stop reading now if you’d like to try solving the contest problems yourself. (However, Codeforces has an <a rel="noreferrer" target="_blank" href="https://codeforces.com/blog/entry/95188">editorial with explanations and solutions</a> already posted, so I’m not giving anything away that isn’t already public.) I’m going to post my (unedited) code for each problem, but without all the imports and<br> extensions and whatnot; hopefully that stuff should be easy to infer.<br> Problem A – Regular Bracket Sequences<br> In <a rel="noreferrer" target="_blank" href="https://codeforces.com/contest/1574/problem/A">this problem</a> , we are given a number and asked to produce any distinct balanced bracket sequences of length . I immediately just coded up a simple recursive function to generate all possible bracket sequences of length , and then called<br> take n<br> on it. Thanks to laziness this works great. I missed that there is an even simpler solution: just generate the list<br> ()()()()...<br> (())()()...<br> ((()))()...<br> , i.e. where the th bracket sequence starts with nested pairs of brackets followed by singleton pairs. However, I solved it in only four minutes anyway so it didn’t really matter!<br> readB = C.unpack >>> read main = C.interact $ C.lines >>> drop 1 >>> concatMap ( readB >>> solve ) >>> C.unlines bracketSeqs 0 = [ "" ] bracketSeqs n = [ "(" ++ s1 ++ ")" ++ s2 | k <- [ 0 .. n - 1 ] , s1 <- bracketSeqs k , s2 <- bracketSeqs ( n - k - 1 ) ] solve n = map C.pack . take n $ bracketSeqs n<br> Problem B – Combinatorics Homework<br> In <a rel="noreferrer" target="_blank" href="https://codeforces.com/contest/1574/problem/B">this problem</a> , we are given numbers , , , and , and asked whether it is possible to create a string of<br> A<br> ’s,<br> B<br> ’s, and<br> C<br> ’s, such that there are exactly adjacent pairs of equal letters. This problem requires doing a little bit of combinatorial analysis to come up with a simple Boolean expression in terms of , , , and ; there’s not much to say about it from a Haskell point of view. You can refer to the <a rel="noreferrer" target="_blank" href="https://codeforces.com/blog/entry/95188">editorial posted on Codeforces</a> if you want to understand the solution.<br> readB = C.unpack >>> read main = C.interact $ C.lines >>> drop 1 >>> map ( C.words >>> map readB >>> solve >>> bool "NO" "YES" ) >>> C.unlines solve :: [ Int ] -> Bool solve [ a , b , c , m ] = a + b + c - m >= 3 && m >= z - ( x + y ) - 1 where [ x , y , z ] = sort [ a , b , c ]<br> Problem C – Slay the Dragon<br> <a rel="noreferrer" target="_blank" href="https://codeforces.com/contest/1574/problem/C">This problem</a> was super annoying and I still haven’t solved it. The idea is that you have a bunch of “heroes”, each with a numeric strength, and there is a dragon described by two numbers: its attack level and its defense level. You have to pick one hero to fight the dragon, whose strength must be greater than or equal to the dragon’s defense; all the rest of the heroes will stay behind to defend your castle, and their combined strength must be greater than the dragon’s attack. This might not be possible, of course, so you can first spend money to level up any of your heroes, at a rate of one coin per strength point; the task is to find the minimum amount of money you must spend.<br> The problem hinges on doing some case analysis. It took me a good while to come up with something that I think is correct. I spent too long trying to solve it just by thinking hard; I really should have tried <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Bird%E2%80%93Meertens_formalism">formal program derivation</a> much earlier. It’s easy to write down a formal specification of the correct answer which involves looping over every hero and taking a minimum, and this can be manipulated into a form that doesn’t need to do any looping.<br> In the end it comes down to (for example) finding the hero with the smallest strength greater than or equal to the dragon’s defense, and the hero with the largest strength less than or equal to it (though one of these may not exist). The intended way to solve the problem is to sort the heroes by strength and use binary search; instead, I put all the heroes in an<br> IntSet<br> and used the <a rel="noreferrer" target="_blank" href="https://hackage.haskell.org/package/containers-0.6.5.1/docs/Data-IntSet.html#v:lookupGE">lookupGE and lookupLE functions</a> .<br> However, besides my floundering around getting the case analysis wrong at first, I got tripped up by two other things: first, it turns out that on the Codeforces judging hardware,<br> is only 32 bits, which is not big enough for this problem! I know this because my code was failing on the third test case, and when I changed it to use<br> Int64<br> (which means I also had to switch to<br> Data.Set<br> Data.IntSet<br> ), it failed on the sixth test case instead. The other problem is that my code was too slow: in fact, it timed out on the sixth test case rather than getting it wrong per se. I guess<br> just have too much overhead.<br> Anyway, here is my code, which I think is correct, but is too slow.<br> data TC = TC { heroes :: ! [ Int64 ] , dragons :: ! [ Dragon ] } data Dragon = Dragon { defense :: ! Int64 , attack :: ! Int64 } main = C.interact $ runScanner tc >>> solve >>> map ( show >>> C.pack ) >>> C.unlines tc :: Scanner TC tc = do hs <- numberOf int64 ds <- numberOf ( Dragon <$> int64 <*> int64 ) return $ TC hs ds solve :: TC -> [ Int64 ] solve ( TC hs ds ) = map fight ds where heroSet = S.fromList hs total = foldl' ( + ) 0 hs fight ( Dragon df atk ) = minimum $ [ max 0 ( atk - ( total - hero ) ) | Just hero <- [ mheroGE ] ] ++ [ df - hero + max 0 ( atk - ( total - hero ) ) | Just hero <- [ mheroLE ] ] where mheroGE = S.lookupGE df heroSet mheroLE = S.lookupLE df heroSet<br> I’d like to come back to this later. Using something like<br> to sort and then do binary search on the heroes would probably be faster, but<br> is not supported on Codeforces. I’ll probably end up manually implementing binary search on top of something like<br> Data.Array.Unboxed<br> . Doing a binary search on an array also means we can get away with doing only a single search, since the two heroes we are looking for must be right next to each other in the array.<br> Edited to add : I tried creating an unboxed array and implementing my own binary search over it; however, my solution is still too slow. At this point I think the problem is the sorting. Instead of calling<br> sort<br> on the list of heroes, we probably need to implement our own quicksort or something like that over a mutable array. That doesn’t really sound like much fun so I’m probably going to forget about it for now.<br> Problem D – The Strongest Build<br> In <a rel="noreferrer" target="_blank" href="https://codeforces.com/contest/1574/problem/D">this problem</a> , we consider a set of -tuples, where the value for each slot in a tuple is chosen from among a list of possible values unique to that slot (the values for a slot are given to us in sorted order). For example, perhaps the first slot has the possible values , the second slot has possible values , and the third slot has possible values . In this case there would be possible tuples, ranging from up to . We are also given a list of forbidden tuples, and then asked to find a non-forbidden tuple with the largest possible sum.<br> If the list of slot options is represented as a list of lists, with the first list representing the choices for the first slot, and so on, then we could use<br> sequence<br> to turn this into the list of all possible tuples. Hence, a naive solution could look like this:<br> solve :: Set [ Int ] -> [ [ Int ] ] -> [ Int ] solve forbidden = head . filter ( `S.notMember` forbidden ) . sortOn sum . sequence<br> Of course, this is much too slow. The problem is that although (the size of the tuples) is limited to at most , there can be up to choices for each slot (the choices themselves can be up to ). The list of all possible tuples could thus be truly enormous; in theory, there could be up to ), and generating then sorting them all is out of the question.<br> We can think of the tuples as forming a lattice, where the children of a tuple are all the tuples obtained by downgrading exactly one slot of to the next smaller choice. Then the intended solution is to realize that the solution must either be the top element of the lattice (the tuple with the maximum possible value for every slot), OR the child of one of the forbidden tuples (it is easy to see this by contradiction—any tuple which is not the child of a banned tuple has at least one parent which has a greater total value). So we can just iterate over all the forbidden tuples (there are at most ), generate all possible children for each one, and take the maximum.<br> However, that’s not how I solved it! I started thinking from the naive solution above, and wondered whether there is a way to do<br> sortOn sum . sequence<br> more efficiently, by interleaving the sorting and the generation. If it can be done lazily enough, then we could just search through the beginning of the generated ordered list of tuples for the first non-forbidden one, without having to actually generate the entire list. Indeed, this reminded me very much of <a rel="noreferrer" target="_blank" href="https://www.cs.hmc.edu/~oneill/papers/Sieve-JFP.pdf">Richard Bird’s implementation of the Sieve of Eratosthenes</a> (see p. 11). The basic idea is to make a function which takes a list of choices for a slot, and a (recursively generated) list of tuples sorted by decreasing sum, and combines each choice with every tuple, merging the results so they are still sorted. However, the key is that when combining the best possible choice for the slot with the largest tuple in the list, we can just immediately return the resulting tuple as the first (best) tuple in the output list, without needing to involve it in any merging operation. This affords just enough laziness to get the whole thing off the ground. I’m not going to explain it in more detail than that; you can study the code below if you really want.<br> I’m quite pleased that this worked, though it’s probably an instance of me making things too complicated.<br> data TC = TC { … https://www.whatsupup.com/blog/augur/cussed/20210922-041000/ Wed, 22 Sep 2021 04:09:59 +0000 https://www.whatsupup.com/blog/augur/cussed/20210922-041000/ <p><a rel="noreferrer" target="_blank" href="https://medium.com/">Homepage</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com">Open in app</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://medium.com/m/signin?redirect=https%3A%2F%2Fblog.discord.com%2F&source=--------------------------nav_reg&operation=login">Sign in</a> <a rel="noreferrer" target="_blank" href="https://blog.discord.com">Get started</a><br> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/@discordnelly">Nelly</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/@jasoncitron">Jason Citron</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210922-002323/ Wed, 22 Sep 2021 00:23:23 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210922-002323/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/09/21/technology/zuckerberg-facebook-project-amplify.html">No More Apologies: Inside Facebook’s Push to Defend Its Image Mark Zuckerberg, the chief executive, has signed off on an effort to show users pro-Facebook stories and to distance himself from scandals. By Ryan Mac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/augur/cussed/20210922-000945/ Wed, 22 Sep 2021 00:09:44 +0000 https://www.whatsupup.com/blog/augur/cussed/20210922-000945/ Please wait…<br> We are checking your browser… medium.com<br> Why do I have to complete a CAPTCHA?<br> Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.<br> What can I do to prevent this in the future?<br> If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.<br> If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.<br> Another way to prevent getting this page in the future is to use Privacy Pass. You may need to download version 2.0 now from the <a rel="noreferrer" target="_blank" href="https://chrome.google.com/webstore/detail/privacy-pass/ajhmfdgkijocedmfjonnpjfojldioehi">Chrome Web Store</a> .<br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210921-201627/ Tue, 21 Sep 2021 20:16:26 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210921-201627/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/09/an-update-on-memory-safety-in-chrome.html">An update on Memory Safety in Chrome</a><br></p> <hr> Adrian Taylor, Andrew Whalley, Dana Jansens and Nasko Oskov, Chrome security team<br> Security is a cat-and-mouse game. As attackers innovate, browsers always have to mount new defenses to stay ahead, and Chrome has invested in ever-stronger multi-process architecture built on <a rel="noreferrer" target="_blank" href="https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/design/sandbox.md">sandboxing</a> and <a rel="noreferrer" target="_blank" href="https://www.chromium.org/Home/chromium-security/site-isolation">site isolation</a> . Combined with <a rel="noreferrer" target="_blank" href="https://chromium.googlesource.com/chromium/src/+/HEAD/testing/libfuzzer/README.md">fuzzing</a> , these are still our primary lines of defense, but they <a rel="noreferrer" target="_blank" href="https://www.usenix.org/conference/enigma2021/presentation/palmer">are reaching their limits</a> , and we can no longer solely rely on this strategy to defeat <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/p/0day.html">in-the-wild attacks</a> .<br> Last year, we showed that <a rel="noreferrer" target="_blank" href="https://www.chromium.org/Home/chromium-security/memory-safety">more than 70% of our severe security bugs are memory safety problems</a> . That is, mistakes with pointers in the C or C++ languages which cause memory to be misinterpreted.<br> This sounds like a problem! And, certainly, memory safety is an issue which needs to be taken seriously by the global software engineering community. Yet it’s also an opportunity because many bugs have the same sorts of root-causes, meaning we may be able to squash a high proportion of our bugs in one step.<br> Chrome has been exploring three broad avenues to seize this opportunity:<br> Make C++ safer through compile-time checks that pointers are correct.<br> Make C++ safer through runtime checks that pointers are correct.<br> Investigating use of a memory safe language for parts of our codebase.<br> “Compile-time checks” mean that safety is guaranteed during the Chrome build process, before Chrome even gets to your device. “Runtime” means we do checks whilst Chrome is running on your device.<br> Runtime checks have a performance cost. Checking the correctness of a pointer is an infinitesimal cost in memory and CPU time. But with millions of pointers, <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=rHIkrotSwcc">it adds up</a> . And since Chrome performance is important to billions of users, many of whom are using low-power mobile devices without much memory, an increase in these checks would result in a slower web.<br> Ideally we’d choose option 1 - make C++ safer, at compile time. Unfortunately, the language just isn’t designed that way. You can learn more about the investigation we've done in this area in <a rel="noreferrer" target="_blank" href="https://docs.google.com/document/d/e/2PACX-1vSt2VB1zQAJ6JDMaIA9PlmEgBxz2K5Tx6w2JqJNeYCy0gU4aoubdTxlENSKNSrQ2TXqPWcuwtXe6PlO/pub">Borrowing Trouble: The Difficulties Of A C++ Borrow-Checker</a> that we're also publishing today.<br> So, we’re mostly left with options 2 and 3 - <a rel="noreferrer" target="_blank" href="https://docs.google.com/document/d/e/2PACX-1vRZr-HJcYmf2Y76DhewaiJOhRNpjGHCxliAQTBhFxzv1QTae9o8mhBmDl32CRIuaWZLt5kVeH9e9jXv/pub">make C++ safer</a> (but slower!) or start to use a different language. Chrome Security is experimenting with both of these approaches.<br> You’ll see major investments in C++ safety solutions - such as <a rel="noreferrer" target="_blank" href="https://chromium.googlesource.com/chromium/src/+/ddc017f9569973a731a574be4199d8400616f5a5/base/memory/raw_ptr.md">MiraclePtr</a> and <a rel="noreferrer" target="_blank" href="https://crbug.com/1072380">ABSL/STL hardened modes</a> . In each case, we hope to eliminate a sizable fraction of our exploitable security bugs, but we also expect some performance penalty. For example, MiraclePtr prevents use-after-free bugs by quarantining memory that may still be referenced. On many mobile devices, memory is very precious and it’s hard to spare some for a quarantine. Nevertheless, MiraclePtr stands a chance of eliminating over 50% of the use-after-free bugs in the browser process - an enormous win for Chrome security, right now.<br> In parallel, we’ll be exploring whether we can use a memory safe language for parts of Chrome in the future. The leading contender is <a rel="noreferrer" target="_blank" href="https://www.rust-lang.org/">Rust</a> , invented by our friends at Mozilla. This is (largely) compile-time safe; that is, the Rust compiler spots mistakes with pointers before the code even gets to your device, and thus there’s no performance penalty. Yet there are <a rel="noreferrer" target="_blank" href="https://www.chromium.org/Home/chromium-security/memory-safety/rust-and-c-interoperability">open questions about whether we can make C++ and Rust work well enough together</a> . Even if we started writing new large components in Rust tomorrow, we’d be unlikely to eliminate a significant proportion of security vulnerabilities for many years. And can we make the language boundary clean enough that we can write parts of existing components in Rust? We don’t know yet. We’ve started to land limited, non-user-facing Rust experiments in the <a rel="noreferrer" target="_blank" href="https://source.chromium.org/chromium/chromium/src/+/main:build/config/rust.gni">Chromium source code tree</a> , but we’re not yet using it in production versions of Chrome - we remain in an experimental phase.<br> That’s why we’re pursuing both strategies in parallel. Watch this space for updates on our adventures in making C++ safer, and efforts to experiment with a new language in Chrome.<br> Labels: <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/C%2B%2B">C++</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/chrome">chrome</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/chrome%20security">chrome security</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210921-201324/ Tue, 21 Sep 2021 20:13:24 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210921-201324/ Looking for the inside story on COVID? This is the book: <a rel="noreferrer" target="_blank" href="https://t.co/0plS2EAF3P"><a href="https://t.co/0plS2EAF3P">https://t.co/0plS2EAF3P</a></a> by @ScottGottliebMD – also listen to our interview with Scott – <a rel="noreferrer" target="_blank" href="https://t.co/OL2Mzl7WAv"><a href="https://t.co/OL2Mzl7WAv">https://t.co/OL2Mzl7WAv</a></a><br> https://www.whatsupup.com/blog/jigging/witherer/20210921-122001/ Tue, 21 Sep 2021 12:20:00 +0000 https://www.whatsupup.com/blog/jigging/witherer/20210921-122001/ <a rel="noreferrer" target="_blank" href="https://forms.themarkup.org/summer-2021/">We need your input: Consider our survey</a> <a rel="noreferrer" target="_blank" href="https://themarkup.org/people/julia-angwin#content">Skip navigation</a><br> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/09/21/facebook-rolls-out-news-feed-change-that-blocks-watchdogs-from-gathering-data">Citizen Browser Facebook Rolls Out News Feed Change That Blocks Watchdogs from Gathering Data The tweak, which targets the code in accessibility features for visually impaired users, drew ire from researchers and those who monitor the platform September 21, 2021 08:00 ET</a><br> https://www.whatsupup.com/blog/traveling/splay/20210921-082105/ Tue, 21 Sep 2021 08:21:04 +0000 https://www.whatsupup.com/blog/traveling/splay/20210921-082105/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/09/21/science/fungus-pilobolus-space-astronauts.html">Out There What a Fungus Reveals About the Space Program One thing’s for sure: Escaping the dung heap doesn’t come cheap. By Dennis Overbye</a><br></p> <hr> Sept. 21, 2021<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210921-041952/ Tue, 21 Sep 2021 04:19:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210921-041952/ Prime Minister Justin Trudeau's Liberals on track to win the Canadian election, according to TV networks <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/americas/canadas-trudeau-may-cling-power-election-looks-unlikely-secure-majority-2021-09-20/">VIEW MORE</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210921-002255/ Tue, 21 Sep 2021 00:22:54 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210921-002255/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/09/19/espanol/lentes-ray-ban-facebook.html">Lentes inteligentes: Facebook le da una oportunidad a la tecnología que hizo quedar mal a Google Nuestro reportero probó unas gafas hechas en colaboración con Ray-Ban capaces de hacer fotos, grabar videos, responder a llamadas telefónicas y reproducir pódcast. By Mike Isaac</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210921-001343/ Tue, 21 Sep 2021 00:13:43 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210921-001343/ I'm discussing “One On One with A & Z” with @bhorowitz and a16z. Wednesday, Sep 22 at 5:00 PM PDT in @clubhouse. Join us! <a rel="noreferrer" target="_blank" href="https://t.co/kiTdAiuf7P"><a href="https://t.co/kiTdAiuf7P">https://t.co/kiTdAiuf7P</a></a><br> Ben Horowitz @bhorowitz and I will be back with our Clubhouse @Clubhouse show, "One On One with A & Z", Wednesday, September 22 at 5:00 PM PST. Please note new day and time. Please suggest great questions for us to answer by replying to this tweet!<br> https://www.whatsupup.com/blog/augur/cussed/20210921-000950/ Tue, 21 Sep 2021 00:09:49 +0000 https://www.whatsupup.com/blog/augur/cussed/20210921-000950/ <a rel="noreferrer" target="_blank" href="https://blog.discord.com/discover-the-next-great-community-in-stage-discovery-8ad0b95fca46?source=collection_home---4------14-----------------------">Discover the Next Great Community in Stage Discovery Our blog has moved to our main website! Check us out on discord.com/blog to stay in the loop about future posts.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210921-000754/ Tue, 21 Sep 2021 00:07:53 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210921-000754/ It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn’t entirely clear who should get the report when remote access to an organization’s internal network is being sold in the cybercrime underground.<br> In a bid to minimize these scenarios, a growing number of major companies are adopting “ <a rel="noreferrer" target="_blank" href="https://securitytxt.org/">Security.txt</a> ,” a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences.<br> An example of a security.txt file. Image: Securitytxt.org.<br> The idea behind Security.txt is straightforward: The organization places a file called security.txt in a predictable place — such as example.com/security.txt, or example.com/.well-known/security.txt. What’s in the security.txt file varies somewhat, but most include links to information about the entity’s vulnerability disclosure policies and a contact email address.<br> The <a rel="noreferrer" target="_blank" href="https://www.usaa.com/.well-known/security.txt">security.txt file</a> made available by USAA , for example, includes links to its bug bounty program; an email address for disclosing security related matters; its public encryption key and vulnerability disclosure policy; and even a link to a page where USAA thanks researchers who have reported important cybersecurity issues.<br> Other security.txt disclosures are less verbose, as in the case of HCA Healthcare , which <a rel="noreferrer" target="_blank" href="https://gotsecuritytxt.com/query/hcahealthcare.com">lists</a> a contact email address, and a link to HCA’s “responsible disclosure” policies. Like USAA and many other organizations that have published security.txt files, HCA Healthcare also includes a link to information about IT security job openings at the company.<br> Having a security.txt file can make it easier for organizations to respond to active security threats. For example, just this morning a trusted source forwarded me the VPN credentials for a major clothing retailer that were stolen by malware and made available to cybercriminals. Finding no security.txt file at the retailer’s site using <a rel="noreferrer" target="_blank" href="https://gotsecuritytxt.com/query/amazon.com">gotsecuritytxt.com</a> (which checks a domain for the presence of this contact file), KrebsonSecurity sent an alert to its “security@” email address for the retailer’s domain.<br> Many organizations have long unofficially used (if not advertised) the email address security@[companydomain] to accept reports about security incidents or vulnerabilities. Perhaps this particular retailer also did so at one point, however my message was returned with a note saying the email had been blocked. KrebsOnSecurity also sent a message to the retailer’s chief information officer (CIO) — the only person in a C-level position at the retailer who was in my immediate LinkedIn network. I still have no idea if anyone has read it.<br> Although security.txt is not yet an official Internet standard as approved by the Internet Engineering Task Force (IETF), its basic principles have so far been adopted by at least eight percent of the Fortune 100 companies. According to a review of the domain names for the latest Fortune 100 firms via gotsecuritytxt.com, those include <a rel="noreferrer" target="_blank" href="https://www.google.com/.well-known/security.txt">Alphabet</a> , <a rel="noreferrer" target="_blank" href="https://www.amazon.com/security.txt">Amazon</a> , <a rel="noreferrer" target="_blank" href="https://www.facebook.com/.well-known/security.txt">Facebook</a> , <a rel="noreferrer" target="_blank" href="https://hcahealthcare.com/.well-known/security.txt">HCA Healthcare</a> , <a rel="noreferrer" target="_blank" href="http://www.kroger.com/.well-known/security.txt">Kroger</a> , <a rel="noreferrer" target="_blank" href="https://www.pg.com/.well-known/security.txt">Procter & Gamble</a> , <a rel="noreferrer" target="_blank" href="https://www.usaa.com/.well-known/security.txt">USAA</a> and <a rel="noreferrer" target="_blank" href="https://www.walmart.com/.well-known/security.txt">Walmart</a> .<br> There may be another good reason for consolidating security contact and vulnerability reporting information in one, predictable place. Alex Holden , founder of the Milwaukee-based consulting firm <a rel="noreferrer" target="_blank" href="https://www.holdsecurity.com">Hold Security</a> , said it’s not uncommon for malicious hackers to experience problems getting the attention of the proper people within the very same organization they have just hacked.<br> “In cases of ransom, the bad guys try to contact the company with their demands,” Holden said. “You have no idea how often their messages get caught in filters, get deleted, blocked or ignored.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/does-your-organization-have-a-security-txt-file/#more-56912">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/does-your-organization-have-a-security-txt-file/">Does Your Organization Have a Security.txt File?</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210920-202123/ Mon, 20 Sep 2021 20:21:22 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210920-202123/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/09/19/espanol/lentes-ray-ban-facebook.html">Lentes inteligentes: Facebook le da una oportunidad a la tecnología que hizo quedar mal a Google Nuestro reportero probó unas gafas hechas en colaboración con Ray-Ban capaces de hacer fotos, grabar videos, responder a llamadas telefónicas y reproducir pódcasts. By Mike Isaac</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20210920-201654/ Mon, 20 Sep 2021 20:16:53 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20210920-201654/ Edit 2021-09-20 : The version of Swift for Windows used in this project was from January 2021, when I first started working on it. Since version 5.4, Swift Package Manager is supported on Windows, so building Swift code should be much easier now. Additionally, static linking is supported for C/C++ code.<br> https://www.whatsupup.com/blog/phonic/shopboy/20210920-163347/ Mon, 20 Sep 2021 16:33:47 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210920-163347/ <p><a rel="noreferrer" target="_blank" href="https://a16z.com/tag/logistics/">logistics and infrastructure</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://a16z.com/tag/vaccines/">vaccines</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210920-163131/ Mon, 20 Sep 2021 16:31:30 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210920-163131/ The story of <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-09-06/zfs-is-mysteriously-eating-my-cpu.html">ZFS Is Mysteriously Eating My CPU</a> including a hard-to-believe flame graph.<br> Rough notes for <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-08-30/high-rate-of-paging.html">Analyzing a High Rate of Paging</a> , using a mix of traditional, Ftrace, and BPF performance tools.<br> Rough notes for <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-08-27/slack-crashes-secret-stderr.html">Slack's Secret STDERR Messages</a> , where I used eBPF and other tools to debug Slack's mysterious crashes (2021).<br> Slides for my eBPF Summit keynote <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/performance-wins-with-ebpf-getting-started-2021">Performance Wins with eBPF: Getting Started</a> ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/performance-wins-with-ebpf-getting-started-2021">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/eBPFSummit2021_eBPF_performance_getting_started.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=bGAVrtb_tFs">youtube</a> ) (2021).<br> The story of the most surprising software demo I've been given: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-06-04/an-unbelievable-demo.html">An Unbelievable Demo</a> .<br> Video for my eBPF Summit keynote <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=bGAVrtb_tFs">Performance Wins with eBPF: Getting Started</a> ( <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=bGAVrtb_tFs">youtube</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/performance-wins-with-ebpf-getting-started-2021">slideshare</a> ) (17 mins) (2021).<br> Last updated: 20-Sep-2021 Created: 2001 About this site, and email address: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/email.html">here</a> Copyright 2021 Brendan Gregg, all rights reserved<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210920-081904/ Mon, 20 Sep 2021 08:19:04 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210920-081904/ One desperate moment: Migrants collecting food try to evade law enforcement at U.S.-Mexico border <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/trapped-migrants-collecting-food-try-evade-law-enforcement-us-mexico-border-2021-09-20/">VIEW MORE</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210920-041306/ Mon, 20 Sep 2021 04:13:06 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210920-041306/ <p><a rel="noreferrer" target="_blank" href="https://future.a16z.com/podcasts/uncontrolled-spread-gottlieb-book-science-policy-institutions-technology-infrastructure-public-private-pandemic-emergency-beyond">a16z Podcast: Uncontrolled Spread: Science, Policy, Institutions, Infrastructure</a><br></p> <hr> by <a rel="noreferrer" target="_blank" href="https://a16z.com/author/scott-gottlieb/">Scott Gottlieb</a> , <a rel="noreferrer" target="_blank" href="https://a16z.com/author/vineeta-agarwala/">Vineeta Agarwala</a> , <a rel="noreferrer" target="_blank" href="https://a16z.com/author/marc-andreessen/">Marc Andreessen</a> , and <a rel="noreferrer" target="_blank" href="https://a16z.com/author/vijay-pande/">Vijay Pande</a><br> <a rel="noreferrer" target="_blank" href="https://a16z.com/category/policy/">policy & regulation</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://a16z.com/tag/book-launches/">book launches (and book pods)</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://a16z.com/tag/coronavirus/">coronavirus & the COVID-19 pandemic</a><br> <hr> We were/are at an inflection point with COVID: between old & new tech, science, institutions, public health, policy, regulations. @ScottGottliebMD reveals behind scenes stories in his new book & debates probing, tricky Qs w @pmarca @vintweeta @vijaypande: <a rel="noreferrer" target="_blank" href="https://t.co/nbb5ioHZRb">https://t.co/nbb5ioHZRb</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210920-040928/ Mon, 20 Sep 2021 04:09:28 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210920-040928/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/building-an-email-sender-app-with-retool-and-sendgrid/">This tutorial is going to walk through how to build a Retool app that uses the SendGrid API to send emails to your customers – in just under an hour (yes, one hour).</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210920-001928/ Mon, 20 Sep 2021 00:19:27 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210920-001928/ Exclusive: U.S. opens probe into 30 million vehicles over air bag inflators <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/autos-transportation/exclusive-us-opens-probe-into-30-million-vehicles-over-air-bag-inflators-2021-09-19/">VIEW MORE</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210919-161859/ Sun, 19 Sep 2021 16:18:59 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210919-161859/ A volcano erupted on La Palma in the Canary Islands, sending lava fountains and a plume of smoke and ash into the air <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/europe/people-evacuated-spanish-island-la-palma-after-volcano-eruption-warning-2021-09-19/">VIEW MORE</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210919-122238/ Sun, 19 Sep 2021 12:22:38 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210919-122238/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/09/19/espanol/lentes-ray-ban-facebook.html">¿Lentes inteligentes? Facebook le da una oportunidad a la tecnología que hizo quedar mal a Google Nuestro reportero probó unas gafas hechas en colaboración con Ray-Ban capaces de hacer fotos, grabar videos, responder a llamadas telefónicas y reproducir pódcasts. By Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210919-042007/ Sun, 19 Sep 2021 04:20:07 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210919-042007/ SpaceX capsule safely splashes down off Florida coast with first all-civilian crew ever in orbit <a rel="noreferrer" target="_blank" href="https://www.reuters.com/lifestyle/science/spacex-capsule-with-worlds-first-all-civilian-orbital-crew-set-splashdown-2021-09-18/">VIEW MORE</a><br> https://www.whatsupup.com/blog/popularization/compilable/20210919-040844/ Sun, 19 Sep 2021 04:08:43 +0000 https://www.whatsupup.com/blog/popularization/compilable/20210919-040844/ <a rel="noreferrer" target="_blank" href="https://sites.google.com/view/zainabiftikhar/home">Zainab Iftikhar</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210918-121754/ Sat, 18 Sep 2021 12:17:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210918-121754/ Not gone yet: Why Angela Merkel still has a large role to play despite not seeking re-election as Germany's chancellor <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/europe/not-gone-yet-merkel-hang-active-caretaker-2021-09-16/">VIEW MORE</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210918-082044/ Sat, 18 Sep 2021 08:20:43 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210918-082044/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/cache/">cache</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/lens/">lens</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/record/">record</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/view/">view</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/17/automatically-updated-cached-views-with-lens/#comments">2 Comments</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210918-081709/ Sat, 18 Sep 2021 08:17:09 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210918-081709/ Real estate heir Robert Durst convicted in murder of his best friend Susan Berman in Beverly Hills, California in 2000 <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/real-estate-heir-robert-durst-convicted-murder-california-2021-09-17/">VIEW MORE</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210918-001942/ Sat, 18 Sep 2021 00:19:42 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210918-001942/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/cache/">cache</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/lens/">lens</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/record/">record</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/view/">view</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/17/automatically-updated-cached-views-with-lens/#comments">1 Comment</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210917-202019/ Fri, 17 Sep 2021 20:20:18 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210917-202019/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/teaching/">teaching</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/hindley-milner/">Hindley-Milner</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/inference/">inference</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/types/">types</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/unification/">unification</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/08/implementing-hindley-milner-with-the-unification-fd-library/#comments">1 Comment</a><br> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/17/automatically-updated-cached-views-with-lens/">Automatically updated, cached views with lens</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210917-201740/ Fri, 17 Sep 2021 20:17:39 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210917-201740/ U.S. FDA advisory committee votes against approving Pfizer booster shots for people 16 and older <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/fda-advisers-vote-oppose-pfizerbiontech-covid-19-vaccine-booster-2021-09-17/">VIEW MORE</a><br> https://www.whatsupup.com/blog/boxed/modification/20210917-201447/ Fri, 17 Sep 2021 20:14:47 +0000 https://www.whatsupup.com/blog/boxed/modification/20210917-201447/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#concepts">concepts</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#implementation-divergence">implementation-divergence</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#implicit-move">implicit-move</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#slack">slack</a><br> Here’s a puzzle for you: How do you write a class without a copy constructor? …<br> , part 2<br> https://www.whatsupup.com/blog/gonadal/revving/20210917-162043/ Fri, 17 Sep 2021 16:20:42 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210917-162043/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/17/automatically-updated-cached-views-with-lens/">Automatically updated, cached views with lens</a><br></p> <hr> Recently I discovered a nice way to deal with records where certain fields of the record cache some expensive function of other fields, using the <a rel="noreferrer" target="_blank" href="https://hackage.haskell.org/package/lens">lens library</a> . I very highly doubt I am the first person to ever think of this, but I don’t think I’ve seen it written down anywhere. I’d be very happy to be learn of similar approaches elsewhere.<br> The problem<br> Suppose we have some kind of record data structure, and an expensive-to-calculate function which computes some kind of “view”, or summary value, for the record. Like this:<br> data Record = Record { field1 :: A , field2 :: B , field3 :: C } expensiveView :: A -> B -> C -> D expensiveView = ...<br> (Incidentally, I went back and forth on whether to put real code or only pseudocode in this post; in the end, I decided on pseudocode. Hopefully it should be easy to apply in real situations.)<br> If we need to refer to the summary value often, we might like to cache the result of the expensive function in the record:<br> data Record = Record { field1 :: A , field2 :: B , field3 :: C , cachedView :: D } expensiveView :: A -> B -> C -> D expensiveView = ...<br> However, this has several drawbacks:<br> Every time we produce a new<br> Record<br> value by updating one or more fields, we have to remember to also update the cached view. This is easy to miss, especially in a large codebase, and will most likely result in bugs that are very difficult to track down.<br> Actually, it gets worse: what if we already have a large codebase that is creating updated<br> values in various places? We now have to comb through the codebase looking for such places and modifying them to update the<br> cachedExpensive<br> field too. Then we cross our fingers and hope we didn’t miss any.<br> Finally, there is nothing besides comments and naming conventions to prevent us from accidentally modifying the<br> field directly.<br> The point is that our<br> type now has an associated invariant, and invariants which are not automatically enforced by the API and/or type system are Bad ™ .<br> Lens to the rescue<br> If you don’t want to use<br> lens<br> , you can stop reading now. (Honestly, given the title, I’m not even sure why you read this far.) In my case, I was already using it heavily, and I had a lightbulb moment when I realized how I could leverage it to add a safe cached view to a data type without modifying the rest of my codebase at all!<br> The basic idea is this:<br> Add a field to hold the cached value as before.<br> Don’t use<br> ’s TemplateHaskell utilites to automatically derive lenses for all the fields. Instead, declare them manually, such that they automatically update the cached field on every<br> set<br> operation.<br> For the field with the cached value itself, declare a<br> Getter<br> , not a<br> Lens<br> Do not export the constructor or field projections for your data type; export only the type and the lenses.<br> In pseudocode, it looks something like this:<br> module Data.Record ( Record , field1 , field2 , field3 , cachedView ) where import Control.Lens data Record = Record { _field1 :: A , _field2 :: B , _field3 :: C , _cachedView :: D } expensiveView :: A -> B -> C -> D expensiveView = ... recache :: Record -> Record recache r = r { _cachedView = expensiveView ( _field1 r ) ( _field2 r ) ( _field3 r ) } cachingLens :: ( Record -> a ) -> ( Record -> a -> Record ) -> Lens' Record a cachingLens get set = lens get ( \ r a -> recache $ set r a ) field1 :: Lens' Record A field1 = cachingLens _field1 ( \ r x -> r { _field1 = x } ) field2 :: Lens' Record B field2 = cachingLens _field2 ( \ r x -> r { _field2 = x } ) field3 :: Lens' Record C field3 = cachingLens _field3 ( \ r x -> r { _field3 = x } ) cachedView :: Getter Record D cachedView = to _cachedView<br> This solves all the problems! (1) We never have to remember to update the cached field; using a lens to modify the value of another field will automatically cause the cached view to be recomputed as well. (3) We can’t accidentally set the cached field, since it only has a<br> . In fact, this even solves (2), the problem of having to update the rest of our codebase: if we are already using<br> to access fields in the record (as I was), then the rest of the codebase doesn’t have to change at all! And if we aren’t using<br> already, then the typechecker will infallibly guide us to all the places we have to fix; once our code typechecks again, we know we have caught every single access to the record in the codebase.<br> Variant for only a few fields<br> What if we have a large record, and the cached summary value only depends on a few of the fields? In that case, we can save a bit of work for ourselves by getting<br> to auto-generate lenses for the other fields, and only handcraft lenses for the fields that are actually involved. Like this:<br> {-# LANGUAGE TemplateHaskell #-} data Record = Record { _field1 :: A , _field2 :: B , _cachedView :: C , ... } expensiveView :: A -> B -> C expensiveView = ... let exclude = [ ' _field1 , ' _field2 , ' _cachedView ] in makeLensesWith ( lensRules & lensField . mapped . mapped %~ \ fn n -> if n `elem` exclude then [] else fn n ) ' ' Record field1 :: Lens' Record A field1 = ... similar to before ... field2 :: Lens' Record B field2 = ... cachedView :: Getter Record C cachedView = to _cachedView<br> But what about the lens laws?<br> You might worry that having a lens for one field automatically update the value of another field might break <a rel="noreferrer" target="_blank" href="https://hackage.haskell.org/package/lens-5.0.1/docs/Control-Lens-Combinators.html#t:Lens">the lens laws</a> somehow, but it’s perfectly legal, as we can check.<br> view l (set l v s) ≡ v<br> clearly holds: setting the<br> cachedView<br> on the side doesn’t change the fact that we get back out whatever we put into, say,<br> field1<br> set l v' (set l v s) ≡ set l v' s<br> also clearly holds. On the left-hand side, the cached summary value will simply get overwritten in the same way that the other field does.<br> set l (view l s) s ≡ s<br> is actually a bit more subtle. If we view the value of<br> , then<br> it with the same value again, how do we know the value of the overall record<br> doesn’t change? In particular, could we end up with a different<br> even though<br> is the same? But in fact, in this specific scenario (putting the same value back into a field that we just read), the value of the<br> won’t change. This depends on two facts: first, that the<br> expensiveView<br> is a deterministic function which always returns the same summary value for the same input record. Of course this is guaranteed by the fact that it’s a pure function. Second, we must maintain the invariant that the<br> is always up-to-date, so that recomputing the summary value after setting a field to the same value it already had will simply produce the same summary value again, because we know the summary value was correct to begin with. And of course, maintaining this invariant is the whole point; it’s guaranteed by the way we only export the lenses (and only a<br> for the<br> ) and not the record constructor.<br> And that’s it! I’ve been using this approach very successfully in a current project (the <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/08/implementing-hindley-milner-with-the-unification-fd-library/">same project that got me to implement Hindley-Milner with unification-fd</a> —watch this space for an announcement soon!). If you know of similar approaches that have been written about elsewhere, or if you end up using this technique in your own project, I’d love to hear about it.<br> Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/cache/">cache</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/lens/">lens</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/record/">record</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/view/">view</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/17/automatically-updated-cached-views-with-lens/#respond">Leave a comment</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20210917-041852/ Fri, 17 Sep 2021 04:18:51 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210917-041852/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/facebooks-survival-dilemma">Facebook’s Survival Dilemma</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/facebooks-survival-dilemma">Facebook is the most vulnerable of all Big Tech companies. What does it take to survive?</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210917-040711/ Fri, 17 Sep 2021 04:07:10 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210917-040711/ A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.<br> The user interface for Downthem[.]org.<br> Prosecutors for the Central District of California charged Gatrel, 32, and his business partner Juan “Severon” Martinez of Pasadena, Calif. with operating two DDoS-for-hire or “booter” services — downthem[.]org and ampnode[.]com .<br> Despite admitting to FBI agents that he ran these booter services (and turning over plenty of incriminating evidence in the process), Gatrel opted to take his case to trial, defended the entire time by public defenders. Facing the prospect of a hefty sentence if found guilty at trial, Martinez pleaded guilty on Aug. 26 to one count of unauthorized impairment of a protected computer.<br> Gatrel was <a rel="noreferrer" target="_blank" href="https://www.justice.gov/usao-cdca/pr/illinois-man-convicted-federal-criminal-charges-operating-subscription-based-computer">convicted</a> on all three charges of violating the Computer Fraud and Abuse Act, including conspiracy to commit unauthorized impairment of a protected computer, conspiracy to commit wire fraud, and unauthorized impairment of a protected computer.<br> Investigators say Downthem helped some 2,000 customers launch debilitating digital assaults at more than 200,000 targets, including many government, banking, university and gaming Web sites.<br> Prosecutors alleged that in addition to running and marketing Downthem, the defendants sold huge, continuously updated lists of Internet addresses tied to devices that could be used by other booter services to make attacks far more powerful and effective. In addition, other booter services also drew firepower and other resources from Ampnode. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/trial-ends-in-guilty-verdict-for-ddos-for-hire-boss/#more-57016">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/trial-ends-in-guilty-verdict-for-ddos-for-hire-boss/">Trial Ends in Guilty Verdict for DDoS-for-Hire Boss</a><br> https://www.whatsupup.com/blog/effete/washstand/20210916-202131/ Thu, 16 Sep 2021 20:21:30 +0000 https://www.whatsupup.com/blog/effete/washstand/20210916-202131/ <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-podcasts-are-my-new-wikipedia-the-perfect-41/">Why Podcasts Are My New Wikipedia —the  Perfect Informal Learning Resource Sept. 9, 2021 · In this article, I explain why podcasts replaced a lot of my Wikipedia usage for informal learning. I also talk about how I listen to five-plus hours of podcasts every day! Read more…</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20210916-201908/ Thu, 16 Sep 2021 20:19:07 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210916-201908/ September 16, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/09/16/Mark-Rober-and-capitalist-manipulation.gmi">Mark Rober and the manipulation of children for profit</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> https://www.whatsupup.com/blog/phonic/shopboy/20210916-201220/ Thu, 16 Sep 2021 20:12:20 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210916-201220/ <p>.@pmarca compares the theory of how Empires rise and fall to the life-cycle of companies today.</p> <p>A financial history themed conversation on barbarians, pirates, railroad tycoons, venture capital and so much more…</p> <p>What else could one want?! <a rel="noreferrer" target="_blank" href="https://t.co/OOqSDjzY1v"><a href="https://t.co/OOqSDjzY1v">https://t.co/OOqSDjzY1v</a></a><br></p> https://www.whatsupup.com/blog/twopenny/ultraism/20210916-161721/ Thu, 16 Sep 2021 16:17:21 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210916-161721/ Facebook says it is targeting users who coordinate on harmful activities with the same strategy it uses on fake accounts <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-facebook-target-harmful-coordination-by-real-accounts-using-playbook-2021-09-16/">VIEW MORE</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20210916-121425/ Thu, 16 Sep 2021 12:14:25 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20210916-121425/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/09/fuzzing-closed-source-javascript.html">Fuzzing Closed-Source JavaScript Engines with Cove…</a> (Sep)<br> https://www.whatsupup.com/blog/lynch/tiddly/20210916-120638/ Thu, 16 Sep 2021 12:06:37 +0000 https://www.whatsupup.com/blog/lynch/tiddly/20210916-120638/ <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com">Follow</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210916-082004/ Thu, 16 Sep 2021 08:20:03 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210916-082004/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2007/08/16/mapping-over-a-nested-functor/">Mapping over a nested functor?</a><br> https://www.whatsupup.com/blog/canton/ricketier/20210916-081314/ Thu, 16 Sep 2021 08:13:13 +0000 https://www.whatsupup.com/blog/canton/ricketier/20210916-081314/ <a rel="noreferrer" target="_blank" href="https://darknetdiaries.com/episode/84/">Darknet Diaries episode 84: Jet-setters</a><br></p> <hr> I talk about my exemplary performance in the Do Not Get Arrested Challenge 2020, and share some tips and tricks for future participants. Not a talk video, I'm a fraud.<br> https://www.whatsupup.com/blog/phonic/shopboy/20210916-041146/ Thu, 16 Sep 2021 04:11:46 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210916-041146/ <p>In my conversation with @pmarca , he demonstrates how the "Golden Age of Piracy" has parallels to the world of venture capital and startups.</p> <p>"I'm a venture capitalist now, and my day job is basically to fund the pirates." <a rel="noreferrer" target="_blank" href="https://t.co/WOW4hj1WXm"><a href="https://t.co/WOW4hj1WXm">https://t.co/WOW4hj1WXm</a></a><br></p> https://www.whatsupup.com/blog/bilateralistic/jungle/20210916-041105/ Thu, 16 Sep 2021 04:11:05 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210916-041105/ An article for opensource.com: <a rel="noreferrer" target="_blank" href="https:///opensource.com/article/19/8/introduction-bpftrace">An introduction to bpftrace for Linux</a> , summarizing the syntax and including a one-liners tutorial ( <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Articles/opensource_An_introduction_to_bpftrace.pdf">PDF</a> ) (2019).<br> A post on <a rel="noreferrer" target="_blank" href="https://opensource.com/article/17/11/bccbpf-performance">7 tools for analyzing performance in Linux with bcc/BPF</a> for opensource.com, which is also my first post on eBPF for the Fedora/Red Hat family of operating systems ( <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Articles/opensource_7_useful_bcc_BPF_perf_tools.pdf">PDF</a> ) (2017).<br> Contributed documentation on the <a rel="noreferrer" target="_blank" href="https://wiki.freebsd.org/DTrace">DTrace on FreeBSD</a> wiki page: the initial <a rel="noreferrer" target="_blank" href="https://wiki.freebsd.org/DTrace/One-Liners">one-liners</a> list ( <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Articles/FreeBSDwiki_DTrace_One-Liners_2014.pdf">PDF</a> ) and a 12 part <a rel="noreferrer" target="_blank" href="https://wiki.freebsd.org/DTrace/Tutorial">tutorial</a> ( <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Articles/FreeBSDwiki_DTrace_Tutorial_2014.pdf">PDF</a> ).<br> My post <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2014-09-15/the-msrs-of-ec2.html">The MSRs of EC2</a> was the first to show that CPU Model Specific Registers were available in the cloud and could be used to measure interesting details such as the real CPU clock rate and temperature of instances (Xen guests). Weeks after my post (and possibly inspired by it) a security researcher found an MSR vulnerability in EC2 that required a <a rel="noreferrer" target="_blank" href="https://www.theregister.com/2014/09/25/amazon_readies_global_glory_reboot/">cloud-wide reboot</a> (2014).<br> My <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/zones.html">Solaris 10 Zones</a> page from 2005, where I developed models for configuring Zones with Resource Controls. This was pioneering work for the performance isolation of containers (nowadays the realm of Linux cgroups). I was not a Sun employee at the time. Sun later based their official docs on my work, without attribution (they were not allowed to include my home page URL in the official Sun references).<br> I've also developed software as a professional kernel engineer, which isn't listed below (e.g., the <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2008-07-22/zfs-l2arc.html">ZFS L2ARC</a> ).<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210916-001740/ Thu, 16 Sep 2021 00:17:40 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210916-001740/ LIVE: SpaceX launches all-civilian spaceflight, the first attempt at orbit around the Earth without professional astronauts <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=2RiiIh2ZwwY">VIEW MORE</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20210916-001725/ Thu, 16 Sep 2021 00:17:24 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210916-001725/ Sep 9 <a rel="noreferrer" target="_blank" href="javascript:void(0)">9</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-newsletter-network-effect/comments">Comment 1</a> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210916-001154/ Thu, 16 Sep 2021 00:11:53 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210916-001154/ <p>Launch Day Thrilled to share the second Investor Amnesia Course:</p> <p>'Imperial Finance: A History of Empires'</p> <p>8+ hours of content taught by legendary investors, history experts, and bestselling authors.</p> <p>Learn more and preview the course: <a rel="noreferrer" target="_blank" href="https://t.co/Lezvvbdxvs"><a href="https://t.co/Lezvvbdxvs">https://t.co/Lezvvbdxvs</a></a><br> Catch @pmarca in a wide-ranging series of interviews on the history of empires, finance, production, and lots more in the latest @InvestorAmnesia course launching today <a rel="noreferrer" target="_blank" href="https://t.co/N0Tkr79vd2"><a href="https://t.co/N0Tkr79vd2">https://t.co/N0Tkr79vd2</a></a><br></p> https://www.whatsupup.com/blog/bilateralistic/jungle/20210916-001108/ Thu, 16 Sep 2021 00:11:08 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210916-001108/ This page lists everything: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com#Documentation">Documentation</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com#Videos">Videos</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com#Software">Software</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com#Misc">Misc</a> . For a short selection of most popular content, see my <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/overview.html">Overview</a> page.<br> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/dtrace.html">DTrace</a> where I shared the first publicly available DTrace tools and later my <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/dtracetoolkit.html">DTraceToolkit</a> . I created this page in 2004 and it was also the first public website on DTrace.<br> I had two prior professional blogs (see my <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/archive.html">blog archive</a> for archived posts): <a rel="noreferrer" target="_blank" href="http://blogs.oracle.com/brendan">blogs.oracle.com/brendan</a> (formally <a rel="noreferrer" target="_blank" href="http://web.archive.org/web/*/blogs.sun.com/brendan">blogs.sun.com/brendan</a> ), where I discussed performance, DTrace, and the ZFS storage appliance (2006-2010); and <a rel="noreferrer" target="_blank" href="http://dtrace.org/blogs/brendan">dtrace.org/blogs/brendan</a> , where I continued posting about cloud performance and DTrace (2010-2014). Posts from my prior personal blog at <a rel="noreferrer" target="_blank" href="http://bdgregg.blogspot.com">bdgregg.blogspot.com</a> is also in the archive.<br> My old and unmaintained Unix and Sun Solaris material is labeled as being in my <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/crypt.html">Crypt</a> , and kept online for historical interest only. The Crypt containers a few extra things not listed above. (circa 2003-2005.)<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210916-000854/ Thu, 16 Sep 2021 00:08:54 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210916-000854/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/build-a-mongodb-gui-in-minutes/">Here is how to build a simple yet powerful admin panel for your MongoDB instance. We’ll demonstrate how to query data, build tables and components, and use inline JavaScript to customize them.</a><br> https://www.whatsupup.com/blog/augur/cussed/20210916-000833/ Thu, 16 Sep 2021 00:08:32 +0000 https://www.whatsupup.com/blog/augur/cussed/20210916-000833/ <a rel="noreferrer" target="_blank" href="https://blog.discord.com/weve-moved-visit-our-new-blog-home-at-discord-com-blog-dab8e173e577?source=collection_home---4------0-----------------------">We’ve Moved! Visit Our New Blog Home at discord.com/blog We’ve got some exciting plans for the future of our blog. Follow us at discord.com/blog to stay in the loop about future posts.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210916-000648/ Thu, 16 Sep 2021 00:06:48 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210916-000648/ TTEC , [ <a rel="noreferrer" target="_blank" href="https://www.google.com/finance/quote/TTEC:NASDAQ?sa=X&ved=2ahUKEwjXwqSy4oHzAhWdElkFHTMhCVQQ3ecFegQIDBAS">NASDAQ: TTEC</a> ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.<br> While many companies have been laying off or furloughing workers in response to the Coronavirus pandemic, TTEC has been <a rel="noreferrer" target="_blank" href="https://www.wsj.com/articles/millions-of-jobs-have-been-lost-but-hiring-is-booming-at-these-companies-11602768600">massively hiring</a> . Formerly TeleTech Holdings Inc., Englewood, Co.-based TTEC now has nearly 60,000 employees, most of whom work from home and answer customer support calls on behalf of a large number of name-brand companies, like Bank of America , Best Buy , Credit Karma , Dish Network , Kaiser Permanente , USAA and Verizon .<br> On Sept. 14, KrebsOnSecurity heard from a reader who passed on an internal message apparently sent by TTEC to certain employees regarding the status of a widespread system outage that began on Sunday, Sept. 12.<br> “We’re continuing to address the system outage impacting access to the network, applications and customer support,” reads an internal message sent by TTEC to certain employees.<br> TTEC has not responded to requests for comment. A phone call placed to the media contact number listed on an August 2021 TTEC earnings release produced a message saying it was a non-working number.<br> [ Update, 6:20 p.m. ET: TTEC confirmed a ransomware attack. See the update at the end of this piece for their statement]<br> TTEC’s own message to employees suggests the company’s network may have been hit by the ransomware group “Ragnar Locker,” (or else by <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/">a rival ransomware gang pretending to be Ragnar</a> ). The message urged employees to avoid clicking on a file that suddenly may have appeared in their Windows start menu called “!RA!G!N!A!R!”<br> “DO NOT click on this file,” the notice read. “It’s a nuisance message file and we’re working on removing it from our systems.”<br> Ragnar Locker is an aggressive ransomware group that typically demands millions of dollars worth of cryptocurrency in ransom payments. In <a rel="noreferrer" target="_blank" href="https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-leak-data-if-victim-contacts-fbi-police/">an announcement published on the group’s darknet leak site this week</a> , the group threatened to publish the full data of victims who seek help from law enforcement and investigative agencies following a ransomware attack.<br> One of the messages texted to TTEC employees included a link to a Zoom videoconference line at ttec.zoom.us . Clicking that link opened a Zoom session in which multiple TTEC employees who were sharing their screens took turns using the company’s Global Service Desk, an internal TTEC system for tracking customer support tickets.<br> The TTEC employees appear to be using the Zoom conference line to report the status of various customer support teams, most of which are reporting “unable to work” at the moment.<br> For example, TTEC’s Service Desk reports that hundreds of TTEC employees assigned to work with Bank of America’s prepaid services are unable to work because they can’t remotely connect to TTEC’s customer service tools. More than 1,000 TTEC employees are currently unable to do their normal customer support work for Verizon, according to the Service Desk data. Hundreds of employees assigned to handle calls for Kaiser Permanente also are unable to work.<br> “They’ve been radio silent all week except to notify employees to take another day off,” said the source who passed on the TTEC messages, who spoke to KrebsOnSecurity on condition of anonymity. “As far as I know, all low-level employees have another day off today.”<br> The extent and severity of the incident at TTEC remains unknown. It is common for companies to disconnect critical systems in the event of a network intrusion, as part of a larger effort to stop the badness from spreading elsewhere. Sometimes disconnecting everything actually does help, or at least helps to keep the attack from spreading to partner networks. But it is those same connections to partner companies that raises concern in the case of TTEC’s ongoing outage.<br> In the meantime, if you’re unlucky enough to need to make a customer service call today, there’s a better-than-even chance you will experience….wait for it…longer-than-usual hold times.<br> This is a developing story. Further details or updates will be noted here with a date and time stamp.<br> Update, 5:37 p.m. ET: TTEC responded with the following statement:<br> TTEC is committed to cyber security, and to protecting the integrity of our clients’ systems and data. We recently became aware of a cybersecurity incident that has affected certain TTEC systems.  Although as a result of the  incident, some of our data was encrypted and business activities at several facilities have been temporarily disrupted, the company continuous to serve its global clients. TTEC immediately activated its information security incident response business continuity protocols, isolated the systems involved, and took other appropriate measures to contain the incident. We are now in the process of  carefully and deliberately restoring the systems that have been involved.<br> We also launched an investigation, typical under the circumstances, to determine the potential impacts.  In serving our clients TTEC, generally, does not maintain our clients’ data, and the investigation to date has not identified compromise to clients’ data. That investigation is on-going and we will take additional action, as appropriate, based on the investigation’s results. This is all the information we have to share until our investigation is complete.<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/customer-care-giant-ttec-hit-by-ransomware/">Customer Care Giant TTEC Hit By Ransomware</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210915-201745/ Wed, 15 Sep 2021 20:17:45 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210915-201745/ Olympians Biles, Raisman, Nichols and Maroney blast FBI, USA Gymnastics for enabling Nassar sex abuse <a rel="noreferrer" target="_blank" href="https://www.reuters.com/lifestyle/sports/gymnasts-simone-biles-aly-raisman-testify-us-senate-sex-abuse-probe-2021-09-15/">VIEW MORE</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210915-201455/ Wed, 15 Sep 2021 20:14:54 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210915-201455/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/09/google-supports-open-source-technology.html">Google Supports Open Source Technology Improvement Fund</a><br></p> <hr> Posted by Kaylin Trychon, Google Open Source Security Team<br> We <a rel="noreferrer" target="_blank" href="https://blog.google/technology/safety-security/why-were-committing-10-billion-to-advance-cybersecurity/">recently pledged</a> to provide $100 million to support third-party foundations that manage open source security priorities and help fix vulnerabilities. As part of this commitment, we are excited to <a rel="noreferrer" target="_blank" href="https://ostif.org/google-is-partnering-with-open-source-technology-improvement-fund-inc-to-sponsor-security-reviews-of-critical-open-source-software/">announce</a> our support of the Open Source Technology Improvement Fund (OSTIF) to improve security of eight open-source projects. Google’s support will allow OSTIF to launch the Managed Audit Program (MAP), which will expand in-depth security reviews to critical projects vital to the open source ecosystem. The eight libraries, frameworks and apps that were selected for this round are those that would benefit the most from security improvements and make the largest impact on the open-source ecosystem that relies on them. The projects include:<br> Git - de facto version control software used in modern DevOps.<br> Lodash - a modern JavaScript utility library with over 200 functions to facilitate web development, can be found in most environments that support JavaScript, which is most of the world wide web.<br> Laravel - a php web application framework that is used by many modern, full-stack web applications, including integrations with Google Cloud.<br> Slf4j - a logging facade for various Java logging frameworks.<br> Jackson-core & Jackson-databind - a JSON for Java, Streaming API, and extra shared components and the base for <a rel="noreferrer" target="_blank" href="https://github.com/FasterXML/jackson-databind">Jackson data-bind</a> package.<br> Httpcomponents-core & Httpcomponents-client - these projects are responsible for creating and maintaining a toolset of low-level Java components focused on HTTP and associated protocols.<br> We are excited to help OSTIF build a safer open source environment for everyone. If you are interested in getting involved or learning more <a rel="noreferrer" target="_blank" href="https://ostif.org/google-is-partnering-with-open-source-technology-improvement-fund-inc-to-sponsor-security-reviews-of-critical-open-source-software/">please visit the OSTIF blog</a> .<br> Labels: <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/Open%20Source">Open Source</a><br> https://www.whatsupup.com/blog/augur/cussed/20210915-200818/ Wed, 15 Sep 2021 20:08:18 +0000 https://www.whatsupup.com/blog/augur/cussed/20210915-200818/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/weve-moved-visit-our-new-blog-home-at-discord-com-blog-dab8e173e577?source=collection_home---4------0-----------------------">We’ve Moved! Visit Our New Blog Home at discord.com/blog</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/weve-moved-visit-our-new-blog-home-at-discord-com-blog-dab8e173e577?source=collection_home---4------0-----------------------">We’ve Moved! Visit Our New Blog Home at discord.com/blog We’ve got some exciting plans for the future of our blog. Follow us at https://discord.com/blog to stay in the loop about future posts.</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20210915-200717/ Wed, 15 Sep 2021 20:07:17 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20210915-200717/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/use-the-swiss-cheese-method-to-defeat-procrastination">Use the Swiss Cheese Method to defeat procrastination</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-change-for-the-better">How to change for the better</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-set-goals-that-work">How to set goals that work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-finally-start-doing-something-about-your-dreams">How to finally start doing something about your dreams</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-avoid-i-ll-do-it-tomorrow">How to avoid “I’ll do it tomorrow”</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/play-the-ultimate-game-your-real-life">Play the ultimate game: your real life</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-real-reason-why-you-get-distracted">The real reason why you get distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/today-shouldnt-suck">Today shouldn’t suck</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted">4 most common ways of getting distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210915-081149/ Wed, 15 Sep 2021 08:11:48 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210915-081149/ Norm Macdonald <a rel="noreferrer" target="_blank" href="https://twitter.com/normmacdonald">@normmacdonald</a><br> At times, the joy that life attacks me with is unbearable and leads to gasping hysterical laughter. I find myself completely out of control and wonder how could life could surprise me again and again and again, so completely. How could a man be a cynic? It is a sin.<br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210915-041106/ Wed, 15 Sep 2021 04:11:05 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210915-041106/ My <a rel="noreferrer" target="_blank" href="http://www.slideshare.net/brendangregg/analyzing-os-x-systems-performance-with-the-use-method">Analyzing OS X Systems Performance with the USE Method</a> talk at MacIT 2014 ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/analyzing-os-x-systems-performance-with-the-use-method">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/MacIT2014_Analyzing_OSX_Perf_USE_Method.pdf">PDF</a> ).<br> Slides for the OSCON 2007 talk <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/OSCON2007_Observability_DTrace_Twitter.pdf">Observability Matters: How DTrace Helped Twitter</a> by Adam Leventhal and myself. At the time, Twitter was a one-year old startup running on Solaris with crippling performance issues, and Sun's top engineering team (including Adam and myself) visited the SF headquarters to help. This summaries findings by the team (2007).<br> A 233-slide deck for a <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/dtrace_workshop01_slides.pdf">DTrace workshop</a> that I developed and delivered in London, that summarized Solaris performance and DTrace analysis. As part of this workshop I created performance labs for the students to solve (not included in the slides) (2006).<br> https://www.whatsupup.com/blog/phonic/shopboy/20210915-001232/ Wed, 15 Sep 2021 00:12:32 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210915-001232/ <p>Jamie Catherwood <a rel="noreferrer" target="_blank" href="https://twitter.com/InvestorAmnesia">@InvestorAmnesia</a><br> Launching September 15th. The second Investor Amnesia Course:</p> <p>'Imperial Finance: A History of Empires'</p> <p>World Wars, The Bolshevik Revolution, Weimar Inflation, Cycles of Empire, The Crusades and <em>much</em> more.</p> <p>Stay tuned. <a rel="noreferrer" target="_blank" href="https://t.co/fRAhjsb6d1"><a href="https://t.co/fRAhjsb6d1">https://t.co/fRAhjsb6d1</a></a><br></p> https://www.whatsupup.com/blog/ideo/fleury/20210915-000652/ Wed, 15 Sep 2021 00:06:52 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210915-000652/ Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google ‘s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat , Reader and a slew of other software.<br> Four of the flaws fixed in this patch batch earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by miscreants or malware to remotely compromise a Windows PC with little or no help from the user.<br> Top of the critical heap is <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444">CVE-2021-40444</a> , which affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. In <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/microsoft-attackers-exploiting-windows-zero-day-flaw/">a security advisory last week</a> , Microsoft warned attackers already are exploiting the flaw through Microsoft Office applications as well as IE.<br> The critical bug <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36965">CVE-2021-36965</a> is interesting, as it involves a remote code execution flaw in “WLAN AutoConfig,” the component in Windows 10 and many Server versions that handles auto-connections to Wi-Fi networks. One mitigating factor here is that the attacker and target would have to be on the same network, although many systems are configured to auto-connect to Wi-Fi network names with which they have previously connected.<br> Allan Liska , senior security architect at <a rel="noreferrer" target="_blank" href="https://www.recordedfuture.com">Recorded Future</a> , said a similar vulnerability — <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28316">CVE-2021-28316</a> — was announced in April.<br> “CVE-2021-28316 was a security bypass vulnerability, not remote code execution, and it has never been reported as publicly exploited,” Liska said. “That being said, the ubiquity of systems deployed with WLAN AutoConfig enabled could make it an attractive target for exploitation.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/microsoft-patch-tuesday-september-2021-edition/#more-56909">Continue reading →</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20210914-201457/ Tue, 14 Sep 2021 20:14:57 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20210914-201457/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/09/fuzzing-closed-source-javascript.html">Fuzzing Closed-Source JavaScript Engines with Coverage Feedback</a><br></p> <hr> Posted by Ivan Fratric, Project Zero<br> tl;dr I combined <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/fuzzilli">Fuzzilli</a> (an open-source JavaScript engine fuzzer), with <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/TinyInst">TinyInst</a> (an open-source dynamic instrumentation library for fuzzing). I also added grammar-based mutation support to <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/Jackalope">Jackalope</a> (my black-box binary fuzzer). So far, these two approaches resulted in finding three security issues in jscript9.dll (default JavaScript engine used by Internet Explorer).<br> Introduction or “when you can’t beat them, join them”<br> In the past, I’ve invested a lot of time in generation-based fuzzing, which was a successful way to find vulnerabilities in various targets, especially those that take some form of language as input. For example, Domato, my grammar-based generational fuzzer, found <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/list?q=ifratric%20webkit&can=1">over 40 vulnerabilities in WebKit</a> and <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/list?q=ifratric%20jscript&can=1">numerous bugs in Jscript</a> .<br> While generation-based fuzzing is still a good way to fuzz many complex targets, it was demonstrated that, for finding vulnerabilities in modern JavaScript engines, especially engines with JIT compilers, better results can be achieved with mutational, coverage-guided approaches. My colleague Samuel Groß gives a compelling case on why that is in his <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=OHjq9Y66yfc">OffensiveCon talk</a> . Samuel is also the author of <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/fuzzilli">Fuzzilli</a> , an open-source JavaScript engine fuzzer based on mutating a custom intermediate language. Fuzzilli has found a large number of bugs in various JavaScript engines.<br> While there has been a lot of development on coverage-guided fuzzers over the last few years, most of the public tooling focuses on open-source targets or software running on the Linux operating system. Meanwhile, I focused on developing tooling for fuzzing of closed-source binaries on operating systems where such software is more prevalent (currently Windows and macOS). Some years back, I published <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/winafl">WinAFL</a> , the first performant AFL-based fuzzer for Windows. About a year and a half ago, however, I started working on a brand new toolset for black-box coverage-guided fuzzing. <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/TinyInst">TinyInst</a> and <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/Jackalope">Jackalope</a> are the two outcomes of this effort.<br> It comes somewhat naturally to combine the tooling I’ve been working on with techniques that have been so successful in finding JavaScript bugs, and try to use the resulting tooling to fuzz JavaScript engines for which the source code is not available. Of such engines, I know two: jscript and jscript9 (implemented in jscript.dll and jscript9.dll) on Windows, which are both used by the Internet Explorer web browser. Of these two, jscript9 is probably more interesting in the context of mutational coverage-guided fuzzing since it includes a JIT compiler and more advanced engine features.<br> While you might think that Internet Explorer is a <a rel="noreferrer" target="_blank" href="https://blogs.windows.com/windowsexperience/2021/05/19/the-future-of-internet-explorer-on-windows-10-is-in-microsoft-edge/">thing of the past</a> and it doesn’t make sense to spend energy looking for bugs in it, the fact remains that Internet Explorer is still heavily exploited by real-world attackers. In <a rel="noreferrer" target="_blank" href="https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786">2020</a> there were two Internet Explorer 0days exploited in the wild and three in <a rel="noreferrer" target="_blank" href="https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=2129022708">2021</a> so far . One of these vulnerabilities was in the JIT compiler of jscript9. I’ve personally vowed several times that I’m done looking into Internet Explorer, but each time, more 0days in the wild pop up and I change my mind.<br> Additionally, the techniques described here could be applied to any closed-source or even open-source software, not just Internet Explorer. In particular, grammar-based mutational fuzzing described two sections down can be applied to targets other than JavaScript engines by simply changing the input grammar.<br> Approach 1: Fuzzilli + TinyInst<br> <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/fuzzilli">Fuzzilli</a> , as said above , is a state-of-the-art JavaScript engine fuzzer and <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/TinyInst">TinyInst</a> is a dynamic instrumentation library. Although TinyInst is general-purpose and could be used in other applications, it comes with various features useful for fuzzing, such as out-of-the-box support for persistent fuzzing, various types of coverage instrumentations etc. TinyInst is meant to be simple to integrate with other software, in particular fuzzers, and has already been integrated with some.<br> So, integrating with Fuzzilli was meant to be simple. However, there were still various challenges to overcome for different reasons:<br> Challenge 1: Getting Fuzzilli to build on Windows where our targets are.<br> Fuzzilli was written in Swift and the support for Swift on Windows is currently not great. While <a rel="noreferrer" target="_blank" href="https://github.com/compnerd/swift-build">Swift on Windows</a> builds exist (I’m linking to the builds by Saleem Abdulrasool instead of the official ones because the latter didn’t work for me), not all features that you would find on Linux and macOS are there. For example, one does not simply run swift build on Windows, as the build system is one of the features that didn’t get ported (yet). Fortunately, CMake and Ninja  support Swift, so the solution to this problem is to switch to the CMake build system. There are <a rel="noreferrer" target="_blank" href="https://github.com/compnerd/swift-cmake-examples">helpful examples</a> on how to do this, once again from Saleem Abdulrasool.<br> Another feature that didn’t make it to Swift for Windows is statically linking libraries. This means that all libraries (such as those written in C and C++ that the user wants to include in their Swift project) need to be dynamically linked. This goes for libraries already included in the Fuzzilli project, but also for TinyInst. Since TinyInst also uses the CMake build system, my first attempt at integrating TinyInst was to include it via the Fuzzilli CMake project, and simply have it built as a shared library. However, the same tooling that was successful in building Fuzzilli would fail to build TinyInst (probably due to various platform libraries TinyInst uses). That’s why, in the end, TinyInst was being built separately into a .dll and this .dll loaded “manually” into Fuzzilli via the <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya">LoadLibrary</a> API. This turned out not to be so bad - Swift build tooling for Windows was quite slow, and so it was much faster to only build TinyInst when needed, rather than build the entire Fuzzilli project (even when the changes made were minor).<br> The Linux/macOS parts of Fuzzilli, of course, also needed to be rewritten. Fortunately, it turned out that the parts that needed to be rewritten were the parts written in C, and the parts written in Swift worked as-is (other than a couple of exceptions, mostly related to networking). As someone with no previous experience with Swift, this was quite a relief. The main parts that needed to be rewritten were the networking library (libsocket), the library used to run and monitor the child process (libreprl) and the library for collecting coverage (libcoverage). The latter two were changed to use TinyInst. Since these are separate libraries in Fuzzilli, but TinyInst handles both of these tasks, some plumbing through Swift code was needed to make sure both of these libraries talk to the same TinyInst instance for a given target.<br> Challenge 2: Threading woes<br> Another feature that made the integration less straightforward than hoped for was the use of threading in Swift. TinyInst is built on a custom debugger and, on Windows, it uses the Windows debugging API. One specific feature of the Windows debugging API, for example <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/api/debugapi/nf-debugapi-waitfordebugevent">WaitForDebugEvent</a> , is that it does not take a debugee pid or a process handle as an argument. So then, the question is, if you have multiple debugees, to which of them does the API call refer? The answer to that is, when a debugger on Windows attaches to a debugee (or starts a debugee process), the thread that started/attached it is the debugger. Any subsequent calls for that particular debugee need to be issued on that same thread.<br> In contrast, the preferred Swift coding style (that Fuzzilli also uses) is to take advantage of threading primitives such as <a rel="noreferrer" target="_blank" href="https://developer.apple.com/documentation/dispatch/dispatchqueue">DispatchQueue</a> . When tasks get posted on a DispatchQueue, they can run in parallel on “background” threads. However, with the background threads, there is no guarantee that a certain task is always going to run on the same thread. So it would happen that calls to the same TinyInst instance happened from different threads, thus breaking the Windows debugging model. This is why, for the purposes of this project, TinyInst was modified to create its own thread (one for each target process) and ensure that any debugger calls for a particular child process always happen on that thread.<br> Various minor changes<br> Some examples of features Fuzzilli requires that needed to be added to TinyInst are stdin/stdout redirection and a channel for reading out the “status” of JavaScript execution (specifically, to be able to tell if JavaScript code was throwing an exception or executing successfully). Some of these features were already integrated into the “mainline” TinyInst or will be integrated in the future.<br> After all of that was completed though, the Fuzzilli/Tinyinst hybrid was running in a stable manner:<br> Note that coverage percentage reported by Fuzzilli is incorrect. Because TinyInst is a dynamic instrumentation library, it cannot know the number of basic blocks/edges in advance.<br> Primarily because of the current Swift on Windows issues, this closed-source mode of Fuzzilli is not something we want to officially support. However, the sources and the build we used can be downloaded <a rel="noreferrer" target="_blank" href="https://drive.google.com/file/d/10q4bIZHYAxQRkEVSk27Z7NPjKNnB6dKq/view">here</a> .<br> Approach 2: Grammar-based mutation fuzzing with Jackalope<br> <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/Jackalope">Jackalope</a> is a coverage-guided fuzzer I developed for fuzzing black-box binaries on Windows and, recently, macOS. Jackalope initially included mutators suitable for fuzzing of binary formats. However, a key feature of Jackalope is modularity: it is meant to be easy to plug in or replace individual components, including, but not limited to, sample mutators.<br> After observing how Fuzzilli works more closely during Approach 1, as well as observing samples it generated and the bugs it found, the idea was to extend Jackalope to allow mutational JavaScript fuzzing, but also in the future, mutational fuzzing of other targets whose samples can be described by a context-free grammar.<br> Jackalope uses a grammar syntax similar to that of <a rel="noreferrer" target="_blank" href="https://github.com/googleprojectzero/domato">Domato</a> , but somewhat simplified (with some features not supported at this time). … https://www.whatsupup.com/blog/phonic/shopboy/20210914-201149/ Tue, 14 Sep 2021 20:11:48 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210914-201149/ RIP Norm Macdonald, all-time comedy legend. <a rel="noreferrer" target="_blank" href="https://t.co/tTNIyKwHBN"><a href="https://t.co/tTNIyKwHBN">https://t.co/tTNIyKwHBN</a></a><br> https://www.whatsupup.com/blog/glooming/wrackful/20210914-120722/ Tue, 14 Sep 2021 12:07:22 +0000 https://www.whatsupup.com/blog/glooming/wrackful/20210914-120722/ <p><a rel="noreferrer" target="_blank" href="https://robertheaton.com/height-2-10-occupation-baby/">Height: 2ft 10 inches. Occupation: baby</a><br></p> <hr> 14 Sep 2021<br> <a rel="noreferrer" target="_blank" href="https://robertheaton.com#parenthood">Parenthood</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://robertheaton.com/married-with-kids/">I got married and had kids so you don't have to</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210914-081752/ Tue, 14 Sep 2021 08:17:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210914-081752/ (Reuters) -A cyber surveillance company based in Israel developed a tool to break into Apple iPhones with a never-before-seen technique that has been in use since at least February, internet security watchdog group Citizen Lab said on Monday. | <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/09/14/new-iphone-hack-exposed-in-israeli-spywa?videoId=735412176&newsChannel=">Video</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210914-041737/ Tue, 14 Sep 2021 04:17:36 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210914-041737/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/usa-cyber-apple/cyber-arms-dealer-exploits-new-iphone-software-vulnerability-affecting-most-versions-say-researchers-idUSKBN2G91W2">Cyber arms dealer exploits new iPhone software vulnerability, affecting most versions, say researchers</a><br></p> <hr> (Reuters) -A cyber surveillance company based in Israel developed a tool to break into Apple iPhones with a never-before-seen technique that has been in use since at least February, internet security watchdog group Citizen Lab said on Monday.<br> https://www.whatsupup.com/blog/rubicundity/envenomation/20210914-040655/ Tue, 14 Sep 2021 04:06:55 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20210914-040655/ <a rel="noreferrer" target="_blank" href="https://twitter.com/intent/tweet">Share</a> <a rel="noreferrer" target="_blank" href="https://twitter.com/deprocrastinate?ref_src=twsrc%5Etfw">Follow @deprocrastinate</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/twitter-threads">Check out our most recent threads!</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210914-000659/ Tue, 14 Sep 2021 00:06:59 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210914-000659/ While last night’s Meris attack on this site was far smaller than the recent Cloudflare DDoS, it was far larger than <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/">the Mirai DDoS attack</a> in 2016 that <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/">held KrebsOnSecurity offline for nearly four days</a> . The traffic deluge from Thursday’s attack on this site was more than four times what Mirai threw at this site five years ago. This latest attack involved more than two million requests-per-second. By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.<br> https://www.whatsupup.com/blog/gonadal/revving/20210913-202233/ Mon, 13 Sep 2021 20:22:32 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210913-202233/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com">Follow</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210913-201930/ Mon, 13 Sep 2021 20:19:30 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210913-201930/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/usa-cyber-apple/cyber-arms-dealer-exploits-new-apple-iphone-software-vulnerability-affects-most-versions-researchers-idUSKBN2G91W2">Cyber arms dealer exploits new Apple iPhone software vulnerability; affects most versions - researchers</a><br></p> <hr> (Reuters) -A cyber surveillance company based in Israel developed a tool to break into Apple iPhones with a never-before-seen technique that has been in use since February, internet security watchdog group Citizen Lab said on Monday.<br> https://www.whatsupup.com/blog/gonadal/revving/20210913-162138/ Mon, 13 Sep 2021 16:21:37 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210913-162138/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/math/">math</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/absolute-value/">absolute value</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/average/">average</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/derivative/">derivative</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/median/">median</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/optimization/">optimization</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/08/average-and-median-via-optimization/#comments">1 Comment</a><br> https://www.whatsupup.com/blog/canton/ricketier/20210913-121345/ Mon, 13 Sep 2021 12:13:44 +0000 https://www.whatsupup.com/blog/canton/ricketier/20210913-121345/ conference talk videos<br> Once, an article referred to me as <a rel="noreferrer" target="_blank" href="https://www.vice.com/en_us/article/9a3dkv/tinder-social-lets-you-stalk-your-friends-dating-habits-hack-last-active">a hacker who goes by the name "Alex"</a> , so that's my hacker handle now and there's nothing I can do about it.<br> Sure, <a rel="noreferrer" target="_blank" href="https://mango.pdf.zone/mango.pdf">here you go</a> . It's got a password on it though. The password is hidden somewhere in this page. Have fun!<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210911-121652/ Sat, 11 Sep 2021 12:16:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210911-121652/ 'A message of resilience': Americans reflect on the 20th anniversary of the Sept. 11 attacks <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/a-message-resilience-americans-reflect-20th-anniversary-sept-11-2021-09-11">VIEW MORE</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20210911-081905/ Sat, 11 Sep 2021 08:19:05 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210911-081905/ September 11, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/09/11/visurf-announcement.html">visurf, a web browser based on NetSurf</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210911-041610/ Sat, 11 Sep 2021 04:16:09 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210911-041610/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/solarwinds-cyber-sec-exclusive/exclusive-wide-ranging-solarwinds-probe-sparks-fear-in-corporate-america-idUSKBN2G60C6">Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America</a><br></p> <hr> A U.S. Securities and Exchange Commission investigation into the SolarWinds Russian hacking operation has dozens of corporate executives fearful information unearthed in the expanding probe will expose them to liability, according to six people familiar with the inquiry.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/solarwinds-cyber-sec/exclusive-wide-ranging-solarwinds-probe-sparks-fear-in-corporate-america-idUSL1N2QC124">EXCLUSIVE -Wide-ranging SolarWinds probe sparks fear in Corporate America</a><br> <hr> Sept 10 A U.S. Securities and Exchange Commission investigation into the SolarWinds Russian hacking operation has dozens of corporate executives fearful information unearthed in the expanding probe will expose them to liability, according to six people familiar with the inquiry.<br> https://www.whatsupup.com/blog/overgrazing/propellent/20210911-041511/ Sat, 11 Sep 2021 04:15:11 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210911-041511/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/six-things-you-should-know-about">Six things you should know about the Epic v. Apple ruling</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/six-things-you-should-know-about">A note about the Fortnite maker’s case against the iPhone maker</a><br> Sep 9 <a rel="noreferrer" target="_blank" href="javascript:void(0)">7</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-newsletter-network-effect/comments">Comment</a> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210911-041024/ Sat, 11 Sep 2021 04:10:24 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210911-041024/ Scott Kupor <a rel="noreferrer" target="_blank" href="https://twitter.com/skupor">@skupor</a><br> Everything you need to know – or at least I what I thought was interesting – in <100 tweets about the Apple/Epic lawsuit verdict today.<br> https://www.whatsupup.com/blog/ideo/fleury/20210911-040610/ Sat, 11 Sep 2021 04:06:09 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210911-040610/ On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from “ Meris ,” the same new botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.<br> Cloudflare recently <a rel="noreferrer" target="_blank" href="https://blog.cloudflare.com/cloudflare-thwarts-17-2m-rps-ddos-attack-the-largest-ever-reported/">wrote about its attack</a> , which clocked in at 17.2 million bogus requests-per-second. To put that in perspective, Cloudflare serves over 25 million HTTP requests per second on average.<br> In its Aug. 19 writeup, Cloudflare neglected to assign a name to the botnet behind the attack. But on Thursday DDoS protection firm Qrator Labs <a rel="noreferrer" target="_blank" href="https://blog.qrator.net/en/meris-botnet-climbing-to-the-record_142/">identified the culprit</a> — “Meris” — a new monster that first emerged at the end of June 2021.<br> Qrator says Meris has launched even bigger attacks since: A titanic and ongoing DDoS that hit Russian Internet search giant Yandex last week is estimated to have been launched by roughly 250,000 malware-infected devices globally, sending 21.8 million bogus requests-per-second.<br> While last night’s Meris attack on this site was far smaller than the recent Cloudflare DDoS, it was far larger than <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/">the Mirai DDoS attack</a> in 2016 that <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/">held KrebsOnSecurity offline for nearly four days</a> . The traffic deluge from Thursday’s attack on this site was was more than four times what Mirai threw at this site five years ago. This latest attack involved more than two million requests-per-second. By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.<br> According to Qrator, which is working with Yandex on combating the attack, Meris appears to be made up of Internet routers produced by <a rel="noreferrer" target="_blank" href="https://mikrotik.com/">MikroTik</a> . Qrator says the United States is home to the most number of MikroTik routers that are potentially vulnerable to compromise by Meris — with more than 42 percent of the world’s MikroTik systems connected to the Internet (followed by China — 18.9 percent– and a long tail of one- and two-percent countries).<br> The darker areas indicate larger concentrations of potentially vulnerable MikroTik routers. Qrator says there are about 328,000 MikroTik devices currently responding to requests from the Internet. Image: Qrator.<br> It’s not immediately clear which security vulnerabilities led to these estimated 250,000 MikroTik routers getting hacked by Meris.<br> “The spectrum of RouterOS versions we see across this botnet varies from years old to recent,” the company wrote. “The largest share belongs to the version of firmware previous to the current stable one.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/krebsonsecurity-hit-by-huge-new-iot-botnet-meris/#more-56565">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/krebsonsecurity-hit-by-huge-new-iot-botnet-meris/">KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20210910-122047/ Fri, 10 Sep 2021 12:20:46 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210910-122047/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/09/06/LG-C1">LG C1</a> · What happened was, our TV is ten years old and (following on some renovations) we could use one at the cabin for rainy winter evenings. So I bought a <a rel="noreferrer" target="_blank" href="https://www.lg.com/us/tvs/lg-oled48c1pub-oled-4k-tv">48" LG C1</a> 4K OLED screen (48" is the smallest in the C1 line), which is kind of this year’s hot TV. It’s not a life-changer, but the world of TV has shifted some in a decade, so here’s a dispatch from the front. Includes a pointer to a truly great TV stand <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/09/06/LG-C1">…</a> [5 comments]<br> https://www.whatsupup.com/blog/overgrazing/propellent/20210910-001504/ Fri, 10 Sep 2021 00:15:03 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210910-001504/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-newsletter-network-effect">The Newsletter Network Effect</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-newsletter-network-effect">Instead of ‘subscription fatigue,’ we’re probably seeing the opposite.</a><br> https://www.whatsupup.com/blog/effete/washstand/20210909-201847/ Thu, 09 Sep 2021 20:18:47 +0000 https://www.whatsupup.com/blog/effete/washstand/20210909-201847/ <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/why-podcasts-are-my-new-wikipedia-the-perfect-41/">Why Podcasts Are My New Wikipedia —the  Perfect Informal Learning Resource today · In this article, I explain why podcasts replaced a lot of my Wikipedia usage for informal learning. I also talk about how I listen to five-plus hours of podcasts every day! Read more…</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210909-201313/ Thu, 09 Sep 2021 20:13:13 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210909-201313/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/09/introducing-androids-private-compute.html">Introducing Android’s Private Compute Services</a><br></p> <hr> Posted by Suzanne Frey, VP, Product, Android & Play Security and Privacy<br> We introduced <a rel="noreferrer" target="_blank" href="https://blog.google/products/android/android-12-beta/">Android’s Private Compute Core</a> in Android 12 Beta. Today, we're excited to announce a new suite of services that provide a privacy-preserving bridge between Private Compute Core and the cloud.<br> Recap: What is Private Compute Core ?<br> Android’s Private Compute Core is an open source, secure environment that is isolated from the rest of the operating system and apps. With each new Android release we’ll add more privacy-preserving features to the Private Compute Core. Today, these include:<br> <a rel="noreferrer" target="_blank" href="https://blog.google/products/android/live-caption/">Live Caption</a> , which adds captions to any media using Google’s on-device speech recognition<br> Now Playing, which recognizes music playing nearby and displays the song title and artist name on your device’s lock screen<br> Smart Reply, which suggests relevant responses based on the conversation you’re having in messaging apps<br> For these features to be private, they must:<br> Keep the information on your device private. Android ensures that the sensitive data processed in the Private Compute Core is not shared to any apps without you taking an action. For instance, until you tap a Smart Reply, the OS keeps your reply hidden from both your keyboard and the app you’re typing into.<br> Let your device use the cloud (to download new song catalogs or speech-recognition models) without compromising your privacy. This is where Private Compute Services comes in.<br> Introducing Android’s Private Compute Services<br> Machine learning features often improve by updating models, and Private Compute Services helps features get these updates over a private path. Android prevents any feature inside the Private Compute Core from having direct access to the network. Instead, features communicate over a small set of purposeful open-source APIs to Private Compute Services, which strips out identifying information and uses a set of privacy technologies, including <a rel="noreferrer" target="_blank" href="https://ai.googleblog.com/2017/04/federated-learning-collaborative.html">Federated Learning</a> , <a rel="noreferrer" target="_blank" href="https://ai.googleblog.com/2020/05/federated-analytics-collaborative-data.html">Federated Analytics</a> , and <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Private_information_retrieval">Private information retrieval</a> .<br> We will publicly publish the source code for Private Compute Services, so it can be audited by security researchers and other teams outside of Google. This means it can go through the same rigorous security <a rel="noreferrer" target="_blank" href="https://www.google.com/about/appsecurity/android-rewards/">programs</a> that ensure the safety of the Android platform.<br> We’re enthusiastic about the potential for machine learning to power more helpful features inside Android, and Android’s Private Compute Core will help users benefit from these features while strengthening privacy protections via the new Private Compute Services. Android is the first open source mobile OS to include this kind of externally verifiable privacy; Private Compute Services helps the Android OS continue to innovate in machine learning, while also maintaining the highest standards of privacy and security.<br> Labels: <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/android">android</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/android%20security">android security</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/private%20compute%20core">private compute core</a><br> https://www.whatsupup.com/blog/augur/cussed/20210909-200732/ Thu, 09 Sep 2021 20:07:31 +0000 https://www.whatsupup.com/blog/augur/cussed/20210909-200732/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/ten-tips-to-help-your-college-club-bloom-on-discord-f231dd462d87?source=collection_home---4------0-----------------------">Ten Tips to Help Your College Club Bloom on Discord</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/ten-tips-to-help-your-college-club-bloom-on-discord-f231dd462d87?source=collection_home---4------0-----------------------">Ten Tips to Help Your College Club Bloom on Discord Whether your club lives on Discord, you use Discord as a supporting tool for an IRL club, here are ten tips to help your server succeed.</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210909-161751/ Thu, 09 Sep 2021 16:17:50 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210909-161751/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/09/competitive-programming-in-haskell-kadanes-algorithm/">Competitive programming in Haskell: Kadane’s algorithm</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210909-161730/ Thu, 09 Sep 2021 16:17:29 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210909-161730/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/09/09/technology/facebook-wayfarer-stories-smart-glasses.html">Smart Glasses Made Google Look Dumb. Now Facebook Is Giving Them a Try. The company has teamed up with Ray-Ban to create glasses that can take photos, record video, answer phone calls and play podcasts. By Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210909-161539/ Thu, 09 Sep 2021 16:15:39 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210909-161539/ Biden to require all federal workers to be vaccinated against COVID <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/biden-require-all-federal-workers-be-vaccinated-source-2021-09-09/">VIEW MORE</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210909-121836/ Thu, 09 Sep 2021 12:18:34 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210909-121836/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/09/competitive-programming-in-haskell-kadanes-algorithm/">Competitive programming in Haskell: Kadane’s algorithm</a><br></p> <hr> I will be giving a talk on competitive programming in Haskell tomorrow, September 10, at <a rel="noreferrer" target="_blank" href="https://haskell.love/">Haskell Love</a> . You should attend! It’s free!<br> In <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/08/11/competitive-programming-in-haskell-monoidal-accumulation/">my last competitive programming post</a> , I challenged you to solve <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/purplerain">Purple Rain</a> . We are presented with a linear sequence of cells, each colored either red or blue, and we are supposed to find the (contiguous) segment of cells with the maximal absolute difference between the number of red and blue. For example, below is shown one of the sample inputs, with the solution highlighted: the segment from cell 3 to cell 7 (the cells are numbered from 1) has four red cells compared to only one blue, for an absolute difference of three. You can verify that no other segment does better.<br> Transforming the problem<br> The obvious way to do this is to generate a list of all segments, compute the absolute difference between the number of red and blue cells for each, and take the maximum. However, that approach is doomed to exceed the time limit in any programming language: it would take time ( possible segments times to sum each one), and the problem states that can be up to . With operations per second as a good rule of thumb, with is clearly too slow. (In fact, any time you see an input size of , it is a dead giveaway that you are expected to find an or solution. is big enough to make an solution prohibitively slow, but not so big that I/O itself becomes the bottleneck.)<br> The first insight is that we can transform this into the classic problem of finding the maximum sum subarray (also known as the maximum segment sum ; either way I will abbreviate it as MSS) in two steps: first, turn each red cell into a 1, and each blue into -1. The sum of a segment then tells us how many more red than blue cells there are. Now, we actually want the biggest absolute difference between red and blue; but if we have an algorithm to find the MSS we can just run it twice: once to find the maximum excess of red over blue, and again with 1 and -1 flipped to find the maximum excess of blue over red.<br> The MSS problem has a long history in the functional programming community, being one of the flagship problems to demonstrate the techniques of program derivation in the style of the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Bird%E2%80%93Meertens_formalism">Bird-Meertens Formalism, aka Squiggol</a> and <a rel="noreferrer" target="_blank" href="https://www.goodreads.com/book/show/2727190-algebra-of-programming">The Algebra of Programming</a> . It is possible to start out with a naive-but-obviously-correct implementation, and do a series of equational transformations to turn it into an efficient algorithm! If you’ve never seen that kind of thing before, I highly recommend checking it out; the Wikipedia page on the Bird-Meertens Formalism, linked above, is a good place to start. Certainly getting good at such derivations can be a handy skill when doing competitive programming in Haskell. But in any case, today I want to approach the problem from a different point of view, namely, coming up with a good functional equivalent to an existing imperative algorithm.<br> Kadane’s algorithm<br> <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Maximum_subarray_problem#Kadane's_algorithm">Kadane’s algorithm</a> , first proposed by <a rel="noreferrer" target="_blank" href="http://www.stat.cmu.edu/~kadane/">Jay Kadane</a> sometime in the late 1970s, is a linear-time algorithm for solving the MSS problem. It is actually quite simple to implement (the tricky part is understanding why it works!).<br> The idea is to loop through an array while keeping track of two things: a current value<br> cur<br> , and a<br> best<br> value. The<br> value is just the greatest value<br> has ever taken on, so keeping it updated is easy: on every loop, we compare<br> , and save the value of<br> into<br> if it is higher. To keep<br> updated, we simply add each new array value to it—but if it ever falls below zero, we just reset<br> to zero. Here is some Java code:<br> public static int kadane ( int [] a) { int best = 0 , cur = 0 ; for ( int i = 0 ; i < a. length ; i++) { cur += a[i]; if (cur < 0 ) cur = 0 ; if (cur > best) best = cur; } return best; }<br> Again, it is not at all obvious why this works, though putting in the effort to understand a proof is well worth the time. That is not the purpose of this blog post, however, so I’ll leave you to read about it on your own!<br> Translating Kadane’s algorithm to Haskell<br> In the imperative version, we iterate through a list, keep track of a current value, and also keep track of the best value we have seen so far. It is possible to translate this directly to Haskell: create a record with two fields, one for the current thing and one for the best thing, then iterate through the list with<br> foldl'<br> , doing the appropriate update at each step:<br> data State s = State { curThing :: s , bestThing :: s } -- Given a way to update the current s value with the next list -- element of type a, update a State s value which keeps track of the -- current s value as well as the best s value seen so far. step :: Ord s => ( s -> a -> s ) -> ( State s -> a -> State s ) step update ( State cur best ) a = State next ( max best next ) where next = update cur a bestIntermediate :: Ord s => ( s -> a -> s ) -> s -> [ a ] -> s bestIntermediate update init = bestThing . foldl' ( step update ) ( State init init )<br> But there’s a much better way! Note that the<br> update<br> function has the right type to be used with<br> . But if we just computed<br> foldl' update init<br> directly, we would get only the single<br> s<br> value at the very end. But our goal is to get the best out of all the intermediate values. No problem: a scan is just a fold that returns all the intermediate values instead of only the final one! So instead of all this complicated and quasi-imperative<br> stuff, we just do a<br> scanl'<br> followed by taking the<br> bestIntermediate :: Ord s => ( s -> a -> s ) -> s -> [ a ] -> s bestIntermediate update init = maximum . scanl' update init<br> Ah, much better! Using<br> bestIntermediate<br> , we can now translate Kadane’s algorithm as follows:<br> kadane1 :: [ Int ] -> Int kadane1 = bestIntermediate next 0 where next s a = max 0 ( s + a )<br> Whenever I write down an algorithm like this in Haskell— especially if I have “translated” it from an existing, imperative algorithm—I like to figure out how I can generalize it as much as possible. What structure is assumed of the inputs that makes the algorithm work? Can we replace some concrete monomorphic types with polymorphic ones? What type class constraints are needed? Often these sorts of generalizations make for supposedly tricky competitive programming problems. For example, if you have only ever seen Dijkstra’s algorithm presented in terms of finding shortest paths by summing edge weights, it takes quite a bit of insight to realize that the algorithm really just finds the “best” path with respect to operations that play nicely with each other in certain ways. For example, if we use the operations<br> in place of<br> (+)<br> , Dijkstra’s algorithm finds the path with the maximum bottleneck. (This will probably end up being its own blog post at some point…)<br> Anyway, how can we generalize<br> kadane1<br> ? The obvious starting point is that if we just let GHC infer a type for<br> , we would get something more general:<br> kadane2 :: ( Num a , Ord a ) => [ a ] -> a kadane2 = bestIntermediate next 0 where next s a = max 0 ( s + a )<br> The only thing we do with the input list elements is add them and compare them; we also need<br> to have the same type as the input list elements. So the algorithm works for anything that has<br> instances.<br> But wait—do we really need<br> if all we are using is<br> +<br> ? Really we are using the monoid of integers under addition. So we can generalize again, to any ordered monoid:<br> kadane :: ( Monoid a , Ord a ) => [ a ] -> a kadane = bestIntermediate next mempty where next s a = max mempty ( s <> a )<br> In fact, if you study the proof of Kadane’s algorithm, you will see that this works just so long as the monoid operation interacts nicely with the ordering, that is, if implies and for all (this is what is usually meant by an “ordered monoid”).<br> Finding the best segment<br> So far, our code finds the best segment sum, but it doesn’t tell us which segment it was that was best—and for this problem we are actually supposed to output the starting and ending indices of the best segment, not the maximum red-blue difference itself.<br> If I were doing this in Java, I would probably just add several more variables: one to record where the segment currently being considered starts (which gets reset to<br> i+1<br> when<br> is reset to<br> ), and two to record the start and end indices of the<br> segment so far. This gets kind of ugly. Conceptually, the values actually belong in triples representing a segment: the start and end index together with the sum. In Java, it would be too heavyweight to construct a<br> class<br> to store these three values together, so in practice I would just do it with a mess of individual variables as described above. Fortunately, in Haskell, this is very lightweight, and we should of course create a data type to represent a segment.<br> It’s also worth noting that in Haskell, we were naturally led to make a polymorphic<br> function, which will work just as well with a segment type as it does<br> . Only our<br> kadane<br> function itself will have to change. We will make a data type to represent segments, with an appropriate<br> instance to specify when one segment is better than another, and we will update the<br> next<br> helper function to update a segment instead of just updating a sum.<br> So let’s get started! First, some<br> pragmas and imports we will need, and a basic solution framework.<br> {-# LANGUAGE DerivingStrategies #-} {-# LANGUAGE DerivingVia #-} {-# LANGUAGE GeneralizedNewtypeDeriving #-} {-# LANGUAGE LambdaCase #-} {-# LANGUAGE ViewPatterns #-} import Control.Arrow ( ( >>> ) ) import Data.ByteString.Char8 ( ByteString ) import qualified Data.ByteString.Char8 as C import Data.List ( scanl' ) import Data.Semigroup showB :: Show a => a -> C.ByteString showB = show >>> C.pack main = C.interact $ solve >>> format<br> Next, a data type to represent a segment, along with an<br> instance, and a function to … https://www.whatsupup.com/blog/seer/hemisphere/20210909-121446/ Thu, 09 Sep 2021 12:14:45 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210909-121446/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-02464-z">Daily briefing: Made-up words communicate across cultures</a><br></p> <hr> Nonsense sounds can convey concepts to people around the world. Plus, Mars rover finally collects its first rock core and how science is supporting climate lawsuits.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210909-041556/ Thu, 09 Sep 2021 04:15:56 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210909-041556/ Sep 08 2021<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210909-001725/ Thu, 09 Sep 2021 00:17:24 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210909-001725/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/microsoft-security/microsoft-warns-azure-customers-of-flaw-that-could-have-permitted-hackers-access-to-data-idUSKBN2G42EK">Microsoft warns Azure customers of flaw that could have permitted hackers access to data</a><br></p> <hr> SAN FRANCISCO (Reuters) -Microsoft warned some of its Azure cloud computing customers that a flaw discovered by security researchers could have allowed hackers access to their data.<br> SAN FRANCISCO (Reuters) -A misinformation campaign on social media in support of Chinese government interests has expanded to new languages and platforms, and it even tried to get people to show up to protests in the United States, researchers said on Wednesday.<br> https://www.whatsupup.com/blog/sideswiped/tuftily/20210909-001346/ Thu, 09 Sep 2021 00:13:45 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210909-001346/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/09/01/How-Much-Range">How Much Range?</a> · When someone wants to talk to me about <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/What/The%20World/Jaguar%20Diary/">my car</a> , invariably the first question is some variation on “How far can you go on a charge?” The next is “How long does it take to charge?” Ladies, gentlemen, and other flavors, please take note. These questions are wrong. I’m here today to explain why, and suggest what the right ones are <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/09/01/How-Much-Range">…</a> [2 comments]<br> https://www.whatsupup.com/blog/gonadal/revving/20210908-202010/ Wed, 08 Sep 2021 20:20:04 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210908-202010/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/09/08/implementing-hindley-milner-with-the-unification-fd-library/">Implementing Hindley-Milner with the unification-fd library</a><br></p> <hr> For a current project, I needed to implement type inference for a <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Hindley%E2%80%93Milner_type_system">Hindley-Milner</a> -based type system. (More about that project in an upcoming post!) If you don’t know, Hindley-Milner is what you get when you add polymorphism to the simply typed lambda calculus, but only allow to show up at the very outermost layer of a type. This is the fundamental basis for many real-world type systems ( e.g. OCaml or Haskell without<br> RankNTypes<br> enabled).<br> One of the core operations in any Hindley-Milner type inference algorithm is unification , where we take two types that might contain unification variables (think “named holes”) and try to make them equal, which might fail, or might provide more information about the values that the unification variables should take. For example, if we try to unify<br> a -> Int<br> Char -> b<br> , we will learn that<br> a = Char<br> b = Int<br> ; on the other hand, trying to unify<br> (b, Char)<br> will fail, because there is no way to make those two types equal (the first is a function type whereas the second is a pair).<br> I’ve implemented this from scratch before, and it was a great learning experience, but I wasn’t looking forward to implementing it again. But then I remembered the <a rel="noreferrer" target="_blank" href="https://hackage.haskell.org/package/unification-fd">unification-fd library</a> and wondered whether I could use it to simplify the implementation. Long story short, although the documentation for<br> unification-fd<br> claims it can be used to implement Hindley-Milner, I couldn’t find any examples online, and apparently <a rel="noreferrer" target="_blank" href="https://github.com/wrengr/unification-fd/issues/17">neither could anyone else</a> . So I set out to make my own example, and you’re reading it. It turns out that<br> is incredibly powerful, but using it can be a bit finicky, so I hope this example can be helpful to others who wish to use it. Along the way, resources I found especially helpful include <a rel="noreferrer" target="_blank" href="https://winterkoninkje.dreamwidth.org/100478.html">this basic unification-fd tutorial</a> by the author, Wren Romano, as well as a <a rel="noreferrer" target="_blank" href="https://ro-che.info/articles/2017-06-17-generic-unification">blog post by Roman Cheplyaka</a> , and the <a rel="noreferrer" target="_blank" href="https://hackage.haskell.org/package/unification-fd">unification-fd Haddock documentation</a> itself. I also referred to the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Hindley%E2%80%93Milner_type_system">Wikipedia page on Hindley-Milner</a> , which is extremely thorough.<br> This blog post is rendered automatically from a literate Haskell file; you can <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/hm-unification-fd">find the complete working source code and blog post on GitHub</a> . I’m always happy to receive comments, fixes, or suggestions for improvement.<br> Prelude: A Bunch of Extensions and Imports<br> We will make GHC and other people’s libraries work very hard for us. You know the drill.<br> > {-# LANGUAGE DeriveAnyClass #-} > {-# LANGUAGE DeriveFoldable #-} > {-# LANGUAGE DeriveFunctor #-} > {-# LANGUAGE DeriveGeneric #-} > {-# LANGUAGE DeriveTraversable #-} > {-# LANGUAGE FlexibleContexts #-} > {-# LANGUAGE FlexibleInstances #-} > {-# LANGUAGE GADTs #-} > {-# LANGUAGE LambdaCase #-} > {-# LANGUAGE MultiParamTypeClasses #-} > {-# LANGUAGE PatternSynonyms #-} > {-# LANGUAGE StandaloneDeriving #-} > {-# LANGUAGE UndecidableInstances #-} > > import Control.Category ( ( >>> ) ) > import Control.Monad.Except > import Control.Monad.Reader > import Data.Foldable ( fold ) > import Data.Functor.Identity > import Data.List ( intercalate ) > import Data.Map ( Map ) > import qualified Data.Map as M > import Data.Maybe > import Data.Set ( Set , ( \\ ) ) > import qualified Data.Set as S > import Prelude hiding ( lookup ) > import Text.Printf > > import Text.Parsec > import Text.Parsec.Expr > import Text.Parsec.Language ( emptyDef ) > import Text.Parsec.String > import qualified Text.Parsec.Token as L > > import Control.Unification hiding ( ( =:= ) , applyBindings ) > import qualified Control.Unification as U > import Control.Unification.IntVar > import Data.Functor.Fixedpoint > > import GHC.Generics ( Generic1 ) > > import System.Console.Repline<br> Representing our types<br> We’ll be implementing a language with lambas, application, and let-expressions—as well as natural numbers with an addition operation, just to give us a base type and something to do with it. So we will have a natural number type and function types, along with polymorphism, i.e. type variables and<br> forall<br> . (Adding more features like sum and product types, additional base types, recursion, etc. is left as an exercise for the reader!)<br> So notionally, we want something like this:<br> type Var = String data Type = TyVar Var | TyNat | TyFun Type Type<br> However, when using<br> , we have to encode our<br> Type<br> data type ( i.e. the thing we want to do unification on) using a “two-level type” (see <a rel="noreferrer" target="_blank" href="http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.83.500">Tim Sheard’s original paper</a> ).<br> > type Var = String > data TypeF a = TyVarF Var | TyNatF | TyFunF a a > deriving ( Show , Eq , Functor , Foldable , Traversable , Generic1 , Unifiable ) > > type Type = Fix TypeF<br> TypeF<br> is a “structure functor” that just defines a single level of structure; notice<br> is not recursive at all, but uses the type parameter<br> to mark the places where a recursive instance would usually be.<br> provides a<br> Fix<br> type to “tie the knot” and make it recursive. (I’m not sure why<br> defines its own<br> type instead of using the one from<br> Data.Fix<br> , but perhaps the reason is that it was written before<br> existed—<br> was first published in 2007!)<br> We have to derive a whole bunch of instances for<br> which fortunately we get for free. Note in particular<br> Generic1<br> Unifiable<br> is a type class from<br> which describes how to match up values of our type. Thanks to the <a rel="noreferrer" target="_blank" href="https://ro-che.info/articles/2017-06-17-generic-unification">work of Roman Cheplyaka</a> , there is a default implementation for<br> based on a<br> instance—which GHC derives for us in turn—and the default implementation works great for our purposes.<br> also provides a second type for tying the knot, called<br> UTerm<br> , defined like so:<br> data UTerm t v = UVar ! v -- ^ A unification variable. | UTerm ! ( t ( UTerm t v ) ) -- ^ Some structure containing subterms.<br> It’s similar to<br> , except it also adds unification variables of some type<br> v<br> . (If it means anything to you, note that<br> is actually the free monad over<br> t<br> .) We also define a version of<br> , which we will use during type inference:<br> > type UType = UTerm TypeF IntVar<br> IntVar<br> is a type provided by<br> representing variables as<br> values, with a mapping from variables to bindings stored in an<br> IntMap<br> also provies an<br> STVar<br> type which implements variables via<br> STRef<br> s; I presume using<br> s would be faster (since no intermediate lookups in an<br> are required) but forces us to work in the<br> monad. For now I will just stick with<br> , which makes things simpler.<br> At this point you might wonder: why do we have type variables in our definition of<br> , but also use<br> to add unification variables? Can’t we just get rid of the<br> TyVarF<br> constructor, and let<br> provide the variables? Well, type variables and unification variables are subtly different, though intimately related. A type variable is actually part of a type, whereas a unification variable is not itself a type, but only stands for some type which is (as yet) unknown. After we are completely done with type inference, we won’t have a<br> any more, but we might have a type like<br> forall a. a -> a<br> which still contains type variables, so we need a way to represent them. We could only get rid of the<br> constructor if we were doing type inference for a language without polymorphism (and yes, unification could still be helpful in such a situation—for example, to do full type reconstruction for the simply typed lambda calculus, where lambdas do not have type annotations).<br> Polytype<br> represents a polymorphic type, with a<br> at the front and a list of bound type variables (note that regular monomorphic types can be represented as<br> Forall [] ty<br> ). We don’t need to make an instance of<br> for<br> , since we never unify polytypes, only (mono)types. However, we can have polytypes with unification variables in them, so we need two versions, one containing a<br> and one containing a<br> UType<br> > data Poly t = Forall [ Var ] t > deriving ( Eq , Show , Functor ) > type Polytype = Poly Type > type UPolytype = Poly UType<br> Finally, for convenience, we can make a bunch of pattern synonyms that let us work with<br> just as if they were directly recursive types. This isn’t required; I just like not having to write<br> everywhere.<br> > pattern TyVar :: Var -> Type > pattern TyVar v = Fix ( TyVarF v ) > > pattern TyNat :: Type > pattern TyNat = Fix TyNatF > > pattern TyFun :: Type -> Type -> Type > pattern TyFun t1 t2 = Fix ( TyFunF t1 t2 ) > > pattern UTyNat :: UType > pattern UTyNat = UTerm TyNatF > > pattern UTyFun :: UType -> UType -> UType > pattern UTyFun t1 t2 = UTerm ( TyFunF t1 t2 ) > > pattern UTyVar :: Var -> UType > pattern UTyVar v = UTerm ( TyVarF v )<br> Expressions<br> Here’s a data type to represent expressions. There’s nothing much interesting to see here, since we don’t need to do anything fancy with expressions. Note that lambdas don’t have type annotations, but<br> let<br> -expressions can have an optional polytype annotation, which will let us talk about checking polymorphic types in addition to inferring them (a lot of presentations of Hindley-Milner don’t talk about this).<br> > data Expr where > EVar :: Var -> Expr > EInt :: Integer -> Expr > EPlus :: Expr -> Expr -> Expr > ELam :: Var -> Expr -> Expr > EApp :: Expr -> Expr -> Expr > ELet :: Var -> Maybe Polytype -> Expr -> Expr -> Expr<br> Normally at this point we would write parsers and pretty-printers for types and expressions, but that’s boring and has very little to do with<br> , so I’ve left those to the end. Let’s get on with the interesting bits!<br> Type inference infrastructure<br> Before we get to the type inference algorithm proper, we’ll need to develop a bunch of infrastructure. First, here’s the concrete monad we will be using for type inference. The<br> ReaderT Ctx<br> will keep track of variables and their types;<br> ExceptT TypeError<br> of course allows us to fail with type errors; and<br> IntBindingT<br> is a monad transformer provided by<br> which supports various … https://www.whatsupup.com/blog/twopenny/ultraism/20210908-201700/ Wed, 08 Sep 2021 20:17:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210908-201700/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/china-cyber-usa/refile-pro-china-social-media-campaign-expands-to-new-countries-blames-u-s-for-covid-idUSL1N2Q91EU">REFILE-Pro-China social media campaign expands to new countries, blames U.S. for COVID</a><br> https://www.whatsupup.com/blog/gaper/whisky/20210908-161822/ Wed, 08 Sep 2021 16:18:22 +0000 https://www.whatsupup.com/blog/gaper/whisky/20210908-161822/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/09/time-for-a-review-of-firefox-92/">Time for a review of Firefox 92 →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/09/time-for-a-review-of-firefox-92/">Time for a review of Firefox 92</a><br> <hr> Release time comes around so quickly! This month we have quite a few CSS updates, along with the new Object.hasOwn() static method for JavaScript.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210908-161708/ Wed, 08 Sep 2021 16:17:08 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210908-161708/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/china-cyber-usa/pro-china-social-media-campaign-expands-to-new-countries-blames-u-s-for-covid-idUSL1N2Q91EU">Pro-China social media campaign expands to new countries, blames U.S. for COVID</a><br></p> <hr> SAN FRANCISCO, Sept 8 A misinformation campaign on social media in support of Chinese government interests has expanded to new languages and platforms, and it even tried to get people to show up to protests in the United States, researchers said on Wednesday.<br> https://www.whatsupup.com/blog/ideo/fleury/20210908-160628/ Wed, 08 Sep 2021 16:06:27 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210908-160628/ Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.<br> According to <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444">a security advisory</a> from Redmond, the security hole <a rel="noreferrer" target="_blank" href="https://us-cert.cisa.gov/ncas/current-activity/2021/09/07/microsoft-releases-mitigations-and-workarounds-cve-2021-40444">CVE-2021-40444</a> affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. IE been slowly abandoned for more recent Windows browsers like Edge , but the same vulnerable component also is used by Microsoft Office applications for rendering web-based content.<br> “An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,” Microsoft wrote. “The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”<br> Microsoft has not yet released a patch for CVE-2021-40444, but says users can mitigate the threat from this flaw by disabling the installation of all ActiveX controls in IE. Microsoft says the vulnerability is currently being used in targeted attacks, although its advisory credits three different entities with reporting the flaw.<br> On of the researchers credited — EXPMON — <a rel="noreferrer" target="_blank" href="https://twitter.com/EXPMON_/status/1435310341689331721">said on Twitter</a> that it had reproduced the attack on the latest Office 2019 / Office 365 on Windows 10.<br> “The exploit uses logical flaws so the exploitation is perfectly reliable (& dangerous),” EXPMON tweeted.<br> Windows users could see an official fix for the bug as soon as September 14, when Microsoft is slated to release its monthly “Patch Tuesday” bundle of security updates. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/microsoft-attackers-exploiting-windows-zero-day-flaw/#more-56914">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/microsoft-attackers-exploiting-windows-zero-day-flaw/">Microsoft: Attackers Exploiting Windows Zero-Day Flaw</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210908-121611/ Wed, 08 Sep 2021 12:16:11 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210908-121611/ U.S. election workers get little help from law enforcement as terror threats mount <a rel="noreferrer" target="_blank" href="https://www.reuters.com/investigates/special-report/usa-election-threats-law-enforcement">VIEW MORE</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20210907-201609/ Tue, 07 Sep 2021 20:16:08 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210907-201609/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-02394-w">Success! Mars rover finally collects its first rock core</a><br></p> <hr> NASA’s Perseverance rover lives up to its name, drilling and storing Martian rock after a misstep in August.<br> https://www.whatsupup.com/blog/phonic/shopboy/20210907-201146/ Tue, 07 Sep 2021 20:11:45 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210907-201146/ <p>Morning all! Today's pod is part 2 of our Silicon Valley mini-series with @pmarca.</p> <p>We focus on social media and it's link with populist politics and the 'Americanisation' of culture, alongside much more. <a rel="noreferrer" target="_blank" href="https://t.co/IwL5furi28"><a href="https://t.co/IwL5furi28">https://t.co/IwL5furi28</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/jX0cMdYo2J"><a href="https://t.co/jX0cMdYo2J">https://t.co/jX0cMdYo2J</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/0Rn5IFsnvR"><a href="https://t.co/0Rn5IFsnvR">https://t.co/0Rn5IFsnvR</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/TtziGtxwjU"><a href="https://t.co/TtziGtxwjU">https://t.co/TtziGtxwjU</a></a><br> Some lunchtime listening for you - best enjoyed while navigating the blurred, fragmented mandala of cyberspace <a rel="noreferrer" target="_blank" href="https://t.co/PwZFsb4djp"><a href="https://t.co/PwZFsb4djp">https://t.co/PwZFsb4djp</a></a><br></p> https://www.whatsupup.com/blog/seer/hemisphere/20210907-161618/ Tue, 07 Sep 2021 16:16:17 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210907-161618/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-02426-5">Dispatches from a world aflame</a><br></p> <hr> From California’s deadliest blaze to a new planetary fire regime, how wildfires are reshaping our climate-changed planet.<br> Books & Arts 07 Sept 2021<br> https://www.whatsupup.com/blog/phonic/shopboy/20210907-081133/ Tue, 07 Sep 2021 08:11:32 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210907-081133/ <p>Morning. On today's @TheRestHistory: part 2 of our SILICON VALLEY special.</p> <p>Tech colossus Marc Andreessen (@pmarca) explores the history of social media, digital populism and the future of technology … <a rel="noreferrer" target="_blank" href="https://t.co/oTRuD9IHFw"><a href="https://t.co/oTRuD9IHFw">https://t.co/oTRuD9IHFw</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/3rDW82VVr3"><a href="https://t.co/3rDW82VVr3">https://t.co/3rDW82VVr3</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/MDhtro1D4K"><a href="https://t.co/MDhtro1D4K">https://t.co/MDhtro1D4K</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/yJGCXMDA9j"><a href="https://t.co/yJGCXMDA9j">https://t.co/yJGCXMDA9j</a></a><br> Today on @TheRestHistory, part 2 of @pmarca on Silicon Valley: how software is eating the world. From social media to cyber-war, a history of the recent past - from a man who is shaping the future. <a rel="noreferrer" target="_blank" href="https://t.co/AwWufkURv4"><a href="https://t.co/AwWufkURv4">https://t.co/AwWufkURv4</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/dYYuE4UXDM"><a href="https://t.co/dYYuE4UXDM">https://t.co/dYYuE4UXDM</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/qvzEdxf8GJ"><a href="https://t.co/qvzEdxf8GJ">https://t.co/qvzEdxf8GJ</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/0XPSkN3Kaq"><a href="https://t.co/0XPSkN3Kaq">https://t.co/0XPSkN3Kaq</a></a><br></p> https://www.whatsupup.com/blog/gonadal/revving/20210907-041939/ Tue, 07 Sep 2021 04:19:39 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210907-041939/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2019/07/05/lightweight-invertible-enumerations-in-haskell/">Lightweight invertible enumerations in Haskell</a><br> https://www.whatsupup.com/blog/doable/warrantable/20210907-041304/ Tue, 07 Sep 2021 04:13:04 +0000 https://www.whatsupup.com/blog/doable/warrantable/20210907-041304/ <p><a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/three-ways-to-trace-end-to-end-f61181d6db63?source=user_profile---------0----------------------------">Jul 7</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/three-ways-to-trace-end-to-end-f61181d6db63?source=user_profile---------0----------------------------">Three Ways to Trace End-to-end</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210907-040636/ Tue, 07 Sep 2021 04:06:35 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210907-040636/ In May 2015, KrebsOnSecurity briefly <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2015/05/phishing-gang-is-audacious-manipulator/">profiled</a> “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities behind a software development firm in Lahore that has secretly enabled an entire generation of spammers and scammers.<br> The Web site in 2015 for the “Manipulaters Team,” a group of Pakistani hackers behind the dark web identity “Saim Raza,” who sells spam and malware tools and services.<br> The Manipulaters’ core brand in the underground is a shared cybercriminal identity named “ Saim Raza ,” who for the past decade across dozens of cybercrime sites and forums has peddled a popular spamming and phishing service variously called “ Fudtools ,” “ Fudpage ,” “ Fudsender ,” etc.<br> The common acronym in nearly all of Saim Raza’s domains over the years — “FUD” — stands for “ F ully U n- D etectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances.<br> One of several current Fudtools sites run by The Manipulaters.<br> The current website for Saim Raza’s Fud Tools (above) offers phishing templates or “scam pages” for a variety of popular online sites like Office365 and Dropbox . They also sell “Doc Exploit” products that bundle malicious software with innocuous Microsoft Office documents; “scampage hosting” for phishing sites; a variety of spam blasting tools like HeartSender; and software designed to help spammers route their malicious email through compromised sites, accounts and services in the cloud.<br> For years leading up to 2015, “ <a href="mailto:admin@manipulaters.com">admin@manipulaters.com</a> ” was the name on the registration records for thousands of scam domains that spoofed some of the world’s top banks and brand names, but particularly Apple and Microsoft. When confronted about this, The Manipulaters founder Madih-ullah Riaz replied, “We do not deliberately host or allow any phishing or any other abusive website. Regarding phishing, whenever we receive complaint, we remove the services immediately. Also we are running business since 2006.”<br> The IT network of The Manipulaters, circa 2013. Image: Facebook<br> Two years later, KrebsOnSecurity received an email from Riaz asking to have his name and that of his business partner removed from the 2015 story, saying it had hurt his company’s ability to maintain stable hosting for their stable of domains.<br> “We run web hosting business and due to your post we got very serious problems especially no data center was accepting us,” Riaz wrote in a May 2017 email. “I can see you post on hard time criminals we are not criminals, at least it was not in our knowledge.”<br> Riaz said the problem was his company’s billing system erroneously used The Manipulators’ name and contact information instead of its clients in WHOIS registration records. That oversight, he said, caused many researchers to erroneously attribute to them activity that was coming from just a few bad customers.<br> “We work hard to earn money and it is my request, 2 years of my name in your wonderful article is enough punishment and we learned from our mistakes,” he concluded.<br> The Manipulaters have indeed learned a few new tricks, but keeping their underground operations air-gapped from their real-life identities is mercifully not one of them.<br> ZERO OPERATIONAL SECURITY<br> Phishing domain names registered to The Manipulaters included an address in Karachi, with the phone number 923218912562 . That same phone number is shared in the WHOIS records for 4,000+ domains registered through domainprovider[.]work , a domain controlled by The Manipulaters that appears to be a reseller of another domain name provider.<br> One of Saim Raza’s many ads in the cybercrime underground for his Fudtools service promotes the domain fudpage[.]com , and the WHOIS records for that domain share the same Karachi phone number. Fudpage’s WHOIS records list the contact as “ <a href="mailto:admin@apexgrand.com">admin@apexgrand.com</a> ,” which is another email address used by The Manipulaters to register domains.<br> As I noted in 2015, The Manipulaters Team used domain name service (DNS) settings from another blatantly fraudulent service called ‘ FreshSpamTools[.]eu ,’ which was offered by a fellow Pakistani who also conveniently sold phishing toolkits targeting a number of big banks.<br> The WHOIS records for FreshSpamTools briefly list the email address <a href="mailto:bilal.waddaich@gmail.com">bilal.waddaich@gmail.com</a> , which corresponds to the email address for a Facebook account of a Bilal “Sunny” Ahmad Warraich (a.k.a. Bilal Waddaich).<br> Bilal Waddaich’s current Facebook profile photo includes many current and former employees of We Code Solutions.<br> Warraich’s Facebook profile says he works as an IT support specialist at a software development company in Lahore called We Code Solutions .<br> The We Code Solutions website.<br> A review of the hosting records for the company’s website wecodesolutions[.]pk show that over the past three years it has shared a server with just a handful of other domains, including:<br> -saimraza[.]tools -fud[.]tools -heartsender[.]net -fudspampage[.]com -fudteam[.]com -autoshopscript[.]com -wecodebilling[.]com -antibotspanel[.]com -sellonline[.]tools<br> FUD CO<br> The profile image atop Warraich’s Facebook page is a group photo of current and former We Code Solutions employees. Helpfully, many of the faces in that photo have been tagged and associated with their respective Facebook profiles.<br> For example, the Facebook profile of Burhan Ul Haq , a.k.a. “ Burhan Shaxx ” says he works in human relations and IT support for We Code Solutions. Scanning through Ul Haq’s endless selfies on Facebook, it’s impossible to ignore a series of photos featuring various birthday cakes and the words “Fud Co” written in icing on top.<br> Burhan Ul Haq’s photos show many Fud Co-themed cakes the We Code Solutions employees enjoyed on the anniversary of the Manipulaters Team.<br> Yes, from a review of the Facebook postings of We Code Solutions employees, it appears that for at least the last five years this group has celebrated an anniversary every May with a Fud Co cake, non-alcoholic sparkling wine, and a Fud Co party or group dinner. Let’s take a closer look at that delicious cake:<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/fudco-spam-empire-tied-to-pakistani-software-firm/">“FudCo” Spam Empire Tied to Pakistani Software Firm</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210906-121154/ Mon, 06 Sep 2021 12:11:53 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210906-121154/ <p>Dominic Sandbrook <a rel="noreferrer" target="_blank" href="https://twitter.com/dcsandbrook">@dcsandbrook</a><br> Morning. On today's @TheRestHistory: SILICON VALLEY & THE DIGITAL REVOLUTION.</p> <p>Tech titan Marc Andreesen (@pmarca) explains how it all began and where it ranks among the great cultural shifts of history. <a rel="noreferrer" target="_blank" href="https://t.co/tCnd1pIcT8"><a href="https://t.co/tCnd1pIcT8">https://t.co/tCnd1pIcT8</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/QJHB1YgDOx"><a href="https://t.co/QJHB1YgDOx">https://t.co/QJHB1YgDOx</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/tCnd1pIcT8"><a href="https://t.co/tCnd1pIcT8">https://t.co/tCnd1pIcT8</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/MZiX8g5tAS"><a href="https://t.co/MZiX8g5tAS">https://t.co/MZiX8g5tAS</a></a><br> Tom Holland <a rel="noreferrer" target="_blank" href="https://twitter.com/holland_tom">@holland_tom</a><br> Morning (or night if you're in California).</p> <p>Today in @TheRestHistory, we have the 1st of 2 episodes on the history of Silicon Valley. @pmarca takes us from its origins to the emergence of social media. <a rel="noreferrer" target="_blank" href="https://t.co/aqOV8cGP7Y"><a href="https://t.co/aqOV8cGP7Y">https://t.co/aqOV8cGP7Y</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/WY5BzQt1mO"><a href="https://t.co/WY5BzQt1mO">https://t.co/WY5BzQt1mO</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/qPn8RJqD5h"><a href="https://t.co/qPn8RJqD5h">https://t.co/qPn8RJqD5h</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/KGZDxVGOR4"><a href="https://t.co/KGZDxVGOR4">https://t.co/KGZDxVGOR4</a></a><br> The Rest Is History Podcast <a rel="noreferrer" target="_blank" href="https://twitter.com/TheRestHistory">@TheRestHistory</a><br> Today's The Rest is History is the first episode of a two-parter on Silicon Valley. Joined by @pmarca, we discuss its origins in military technology, and how it began to change the world <a rel="noreferrer" target="_blank" href="https://t.co/pNUVRRphEs"><a href="https://t.co/pNUVRRphEs">https://t.co/pNUVRRphEs</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/RAFD5EJARX"><a href="https://t.co/RAFD5EJARX">https://t.co/RAFD5EJARX</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/pNUVRRphEs"><a href="https://t.co/pNUVRRphEs">https://t.co/pNUVRRphEs</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/fYqAA9SkJX"><a href="https://t.co/fYqAA9SkJX">https://t.co/fYqAA9SkJX</a></a><br></p> https://www.whatsupup.com/blog/boxed/modification/20210906-041505/ Mon, 06 Sep 2021 04:15:05 +0000 https://www.whatsupup.com/blog/boxed/modification/20210906-041505/ float<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#how-to">how-to</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#math">math</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#operator-spaceship">operator-spaceship</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pretty-pictures">pretty-pictures</a><br> I’ve spent too many hours repeatedly trying to find this information on the Web. Time to write it down.<br> https://www.whatsupup.com/blog/rat/realty/20210905-161112/ Sun, 05 Sep 2021 16:11:12 +0000 https://www.whatsupup.com/blog/rat/realty/20210905-161112/ The third option is to chunk the input and convert each chunk independently. Ideal input chunks would be 8 bytes or fewer, because nearly all environments will support a uint64 type and nearly all hardware can do a divmod on them. If you're using base-10 then there's going to be a function that can “print” a uint64 to digits for you, so let's take digits as an example. With a chunk size of two bytes you would get five digits. Each digit takes 3⅓ bits of space, so 16 input bits takes 16⅔ bits: 96% efficient. Less than the 99.66% we can get with digits for sure. But if you consider all chunk sizes from one to eight bytes, turning 7-byte chunks into 17 digits is 98.82% efficient. That's pretty good for the complexity savings.<br> https://www.whatsupup.com/blog/rat/realty/20210905-001039/ Sun, 05 Sep 2021 00:10:39 +0000 https://www.whatsupup.com/blog/rat/realty/20210905-001039/ <p>If you've picked base-10 (digits), base-38, or even base-45 for your data then you need to get it into that form. Base-64 is easy because that's exactly 6 bits per character; you work on 3 bytes of input at a time and produce exactly 4 characters of output. But 10, 38, and 45 aren't powers of two. You've got three options here. The obvious conversion would be to treat the input as a bigint and repeatedly divmod by 10 (or 38, etc) to generate the encoding. If you have a bigint library to hand then it almost certainly has the functions for that, but it's a rather obnoxious (and quadratic) amount of computation and a significant dependency. So you might be willing to waste a few bits to make things easier.<br> Next option is an encoding <a rel="noreferrer" target="_blank" href="https://twitter.com/hashbreaker/status/1432061744277426183">noted by djb</a> that achieves similar efficiency but with less computation and no long-division. I updated this post to include it, so it's covered in a section below.<br> Third third option is to chunk the input and convert each chunk independently. Ideal input chunks would be 8 bytes or fewer, because nearly all environments will support a uint64 type and nearly all hardware can do a divmod on them. If you're using base-10 then there's going to be a function that can “print” a uint64 to digits for you, so let's take digits as an example. With a chunk size of two bytes you would get five digits. Each digit takes 3⅓ bits of space, so 16 input bits takes 16⅔ bits: 96% efficient. Less than the 99.66% we can get with digits for sure. But if you consider all chunk sizes from one to eight bytes, turning 7-byte chunks into 17 digits is 98.82% efficient. That's pretty good for the complexity savings.<br></p> <hr> The NTRU Prime encoding<br> Above, I referenced an encoding that gets nearly all the space efficiency of the bigint-and-divmod method, but without the computational costs. This section is about that. It's taken from page 18 of <a rel="noreferrer" target="_blank" href="https://ntruprime.cr.yp.to/nist/ntruprime-20201007.pdf">the NTRU Prime NIST submission</a> .<br> Our motivating issue is thus: if you have a whole byte then taking it mod 10 to generate a digit works fairly well. The digits 0–5 have probability 26/256 while 6–9 have probability 25/256. That's not uniform therefore it doesn't encode the maximum amount of entropy, but it's 99.992% efficient, which is pretty good. But when you have a smaller range of input values the non-uniformity becomes significant and so does the reduction in information transmitted.<br> The encoding in NTRU Prime takes input values (which can be larger than bytes) and combines pairs of them. It produces some output values from each pair but, once the non-uniformity gets unconfortable, it pairs up the leftovers to increase the range. This repeats in a binary-tree.<br> As a concrete example we'll use the Python code from page 18 and set M = [256…] (because our inputs are bytes), change the 256 and 255 to 10 and 9 (to extract digits, not bytes), and set<br> limit<br> to 1024. Our example input will be<br> 419dd0ed371f44b7<br> I 65 157 208 237 55 31 68 183 40257 →7,5 60880 →0,8 7991 →1,9 46916 →6,1 402/656 608/656 79/656 469/656 399250 →0,5,2 307743 →3,4,7 399/431 185761 →6,1,7 →2,3,1 307/431 132/186<br> The input bytes are written (in base 10) along the top. Pairs of them are combined. Take the top-right box: its value is 157×256 + 65 = 40257. That can be considered to be 40257 mod 65536 and, since there's a reasonable number of bits in there, two digits are extracted. Obviously 40257 mod 10 = 7, and 4025 mod 10 = 5. So the two digits are 7 and 5. That leaves 402 mod 656, and 656 is below the limit of 1024 that we set, so it's passed down to be combined into the box below. This continues down the tree: each time there's too little data left to extract another digit, the leftovers are passed down to be combinined. At the bottom there's nothing else to combine with so the final leftover value, 132 mod 186, is converted into the digits 2, 3, and 1. The ultimate output digits are concatenated from left-to-right, top-to-bottom.<br> This achieves good encoding efficiency without repeated long-division, and can be parallelised.<br> https://www.whatsupup.com/blog/boxed/modification/20210904-201339/ Sat, 04 Sep 2021 20:13:38 +0000 https://www.whatsupup.com/blog/boxed/modification/20210904-201339/ and<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#concepts">concepts</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#llvm">llvm</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#metaprogramming">metaprogramming</a><br> A lot of templates in the C++ standard library are specified with Constraints: elements, which means that the library vendor must ensure that they drop out of overload resolution when their constraints are not met — but the Standard does not mandate any particular mechanism by which the vendor must implement that dropping-out. Two possible mechanisms are SFINAE using<br> std::enable_if<br> , and adding C++20 constraints using the<br> keyword.<br> https://www.whatsupup.com/blog/traveling/splay/20210904-001838/ Sat, 04 Sep 2021 00:18:38 +0000 https://www.whatsupup.com/blog/traveling/splay/20210904-001838/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/by/dennis-overbye#after-top">Continue reading the main story</a><br> https://www.whatsupup.com/blog/sited/implore/20210904-001645/ Sat, 04 Sep 2021 00:16:45 +0000 https://www.whatsupup.com/blog/sited/implore/20210904-001645/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/by/cecilia-kang#after-top">Continue reading the main story</a><br> https://www.whatsupup.com/blog/beautifying/hagriding/20210903-202157/ Fri, 03 Sep 2021 20:21:57 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20210903-202157/ [Nothing new, only with content removed] https://www.whatsupup.com/blog/steeplejack/garrote/20210903-202153/ Fri, 03 Sep 2021 20:21:53 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20210903-202153/ [Nothing new, only with content removed] https://www.whatsupup.com/blog/effete/washstand/20210903-202001/ Fri, 03 Sep 2021 20:20:01 +0000 https://www.whatsupup.com/blog/effete/washstand/20210903-202001/ <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/listen/">Listen Later</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210903-201853/ Fri, 03 Sep 2021 20:18:53 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210903-201853/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/by/mike-isaac#stream-panel">Search</a><br> https://www.whatsupup.com/blog/audiometry/cottony/20210903-201819/ Fri, 03 Sep 2021 20:18:19 +0000 https://www.whatsupup.com/blog/audiometry/cottony/20210903-201819/ Posted by <a rel="noreferrer" target="_blank" href="https://www.blogger.com/profile/12464590128908584782">Dustin Kirkland</a> at <a rel="noreferrer" target="_blank" href="https://blog.dustinkirkland.com/2020/04/coordinated-launch-cycles-at-apex.html">12:07 AM</a><br> <a rel="noreferrer" target="_blank" href="https://github.com/dustinkirkland/petname/issues/1#issuecomment-889983462">dustinkirkland commented on issue dustinkirkland/petname#1</a> - 7/30/2021<br> https://www.whatsupup.com/blog/traveling/splay/20210903-201815/ Fri, 03 Sep 2021 20:18:14 +0000 https://www.whatsupup.com/blog/traveling/splay/20210903-201815/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/by/dennis-overbye#stream-panel">Search</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210903-201644/ Fri, 03 Sep 2021 20:16:44 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210903-201644/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/journalists/joseph-menn?view=page&page=2&pageSize=10">Next Page »</a><br> https://www.whatsupup.com/blog/sited/implore/20210903-201630/ Fri, 03 Sep 2021 20:16:30 +0000 https://www.whatsupup.com/blog/sited/implore/20210903-201630/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/by/cecilia-kang#stream-panel">Search</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20210903-201609/ Fri, 03 Sep 2021 20:16:09 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210903-201609/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com">New</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com">Top</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com">Community</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/about">What is Big Technology?</a><br> https://www.whatsupup.com/blog/veld/paternal/20210903-201453/ Fri, 03 Sep 2021 20:14:53 +0000 https://www.whatsupup.com/blog/veld/paternal/20210903-201453/ We use cookies to ensure that we give you the best experience on our websites. By continuing to visit this site you agree to our use of cookies. <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/cookies">Cookie policy</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20210903-201453/ Fri, 03 Sep 2021 20:14:53 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20210903-201453/ Posted by <a rel="noreferrer" target="_blank" href="https://www.blogger.com/profile/17011901605865574886">Ryan</a> at <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/08/understanding-network-access-windows-app.html">9:37 AM</a> <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/08/understanding-network-access-windows-app.html#comment-form">No comments:</a><br> https://www.whatsupup.com/blog/airbrush/misogynic/20210903-201337/ Fri, 03 Sep 2021 20:13:37 +0000 https://www.whatsupup.com/blog/airbrush/misogynic/20210903-201337/ [Nothing new, only with content removed] https://www.whatsupup.com/blog/alveolar/cozey/20210903-201323/ Fri, 03 Sep 2021 20:13:23 +0000 https://www.whatsupup.com/blog/alveolar/cozey/20210903-201323/ <p><a rel="noreferrer" target="_blank" href="https://sigpipe.macromates.com">Previous</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://sigpipe.macromates.com/page/2/">Next</a><br> https://www.whatsupup.com/blog/augur/cussed/20210903-200756/ Fri, 03 Sep 2021 20:07:56 +0000 https://www.whatsupup.com/blog/augur/cussed/20210903-200756/ Follow<br> https://www.whatsupup.com/blog/nonspecific/thinkably/20210903-200702/ Fri, 03 Sep 2021 20:07:01 +0000 https://www.whatsupup.com/blog/nonspecific/thinkably/20210903-200702/ By <a rel="noreferrer" target="_blank" href="https://parsers.me/author/parserssiteuser/">admin</a> , <a rel="noreferrer" target="_blank" href="https://parsers.me/sexual-wellbeing-startup-emjoy-raises-3m-seed-funding/">11 months ago</a><br> 1 <a rel="noreferrer" target="_blank" href="https://parsers.me/blog/page/2/">2</a> <a rel="noreferrer" target="_blank" href="https://parsers.me/blog/page/7/">7</a> <a rel="noreferrer" target="_blank" href="https://parsers.me/blog/page/2/">Next</a><br> https://www.whatsupup.com/blog/tularemic/yahweh/20210903-200700/ Fri, 03 Sep 2021 20:07:00 +0000 https://www.whatsupup.com/blog/tularemic/yahweh/20210903-200700/ <p><a rel="noreferrer" target="_blank" href="https://eev.ee/dev/">dev</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://eev.ee/release/">release</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/">everything</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://eev.ee/everything/archives/">archives</a><br> <hr> <a rel="noreferrer" target="_blank" href="mailto:eevee.fuzzynotepad@veekun.com">email</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://twitter.com/eevee">twitter</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mastodon.social/@eevee">mastodon</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.patreon.com/eevee">patreon</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cash.me/$eevee">square</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.paypal.me/lexyeevee">paypal</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/eevee">github</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://lexyeevee.tumblr.com/">art tumblr</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://eevee.itch.io/">itch.io</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://twitch.tv/lexyeevee">twitch</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.youtube.com/user/lexyeevee">youtube</a><br> <hr> https://www.whatsupup.com/blog/twopenny/ultraism/20210903-161731/ Fri, 03 Sep 2021 16:17:30 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210903-161731/ U.S. job growth fell well short of expectations amid a shortage of workers as COVID-19 infections soared <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/us-job-growth-slows-sharply-august-unemployment-rate-falls-52-2021-09-03/">VIEW MORE</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210903-121952/ Fri, 03 Sep 2021 12:19:52 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210903-121952/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/09/03/espanol/el-socio-silencioso-que-hace-la-limpieza-de-facebook-por-500-millones-al-ano.html">El socio silencioso que hace la limpieza de Facebook por 500 millones al año La red social construyó una vasta infraestructura para acabar con las publicaciones tóxicas en su plataforma. Accenture, la gran firma consultora, es crucial en la estrategia. By Adam Satariano and Mike Isaac</a><br></p> <hr> Sept. 3, 2021<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210903-041734/ Fri, 03 Sep 2021 04:17:33 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210903-041734/ Japan PM Yoshihide Suga to drop out of party leadership election, setting stage for new prime minister <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific/japans-ruling-party-execs-meet-pm-suga-struggles-ahead-election-2021-09-03/">VIEW MORE</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210903-000647/ Fri, 03 Sep 2021 00:06:47 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210903-000647/ Bill’s data also shows that this gang is so aggressively going after gift card data that it will routinely seek new gift card benefits on behalf of victims, when that option is available.  For example, many companies now offer employees a “wellness benefit” if they can demonstrate they’re keeping up with some kind of healthy new habit, such as daily gym visits, yoga, or quitting smoking.<br> https://www.whatsupup.com/blog/beautifying/hagriding/20210902-202241/ Thu, 02 Sep 2021 20:22:41 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/20210902-202241/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/fr/deeplinks/2021/08/apples-plan-think-different-about-encryption-opens-backdoor-your-private-life">Français</a><br> https://www.whatsupup.com/blog/steeplejack/garrote/20210902-202241/ Thu, 02 Sep 2021 20:22:40 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/20210902-202241/ <a rel="noreferrer" target="_blank" href="https://www.eff.org/fr/deeplinks/2021/08/apples-plan-think-different-about-encryption-opens-backdoor-your-private-life">Français</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210902-202119/ Thu, 02 Sep 2021 20:21:19 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210902-202119/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133459_audi-grandsphere-concept-ev-rethinks-sedans-from-the-inside-out">Audi Grandsphere concept EV rethinks sedans from the inside out</a> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001004_bengt-halvorson">Bengt Halvorson</a> September 2, 2021<br> Audi on Thursday revealed the Grandsphere concept to provide a glimpse of what electric luxury sedans from the brand might look like later in the decade. It's the second of three…<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131821_gmc-hummer-ev-chief-engineer-talks-motor-torque-wheelies-and-watts-to-freedom">GMC Hummer EV chief engineer talks motor torque, wheelies, and Watts To Freedom</a><br></p> <hr> Engineer Al Oppenheiser says the GMC Hummer EV's supertruck performance includes a bit of theater, wheelies for the prototype, and 1,100 lb-ft of torque.<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1126828_cruise-origin-previews-a-future-that-takes-the-driver-out-of-electric-ride-hailing">Cruise Origin previews a future that takes the driver out of electric ride hailing</a> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001004_bengt-halvorson">Bengt Halvorson</a> January 22, 2020<br> As rainy weather and rush-hour congestion tested drivers’ patience and attention outside, Cruise revealed its fourth-generation driverless vehicle inside, near its San Francisco headquarters.<br> ...<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1126380_first-drive-review-2020-porsche-taycan-4s-drifts-into-a-thrilling-future">First drive review: 2020 Porsche Taycan 4S drifts into a thrilling future</a><br> <hr> From LA hills to a Scandinavian flick, I sample the most affordable electric car from Porsche and don’t want to give it back.<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1123694_first-drive-review-2020-ford-explorer-st-dances-with-the-family-and-its-a-ball">First drive review: 2020 Ford Explorer ST dances with the family, and it's a ball</a> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001004_bengt-halvorson">Bengt Halvorson</a> June 20, 2019<br> The idea of an Explorer bearing Ford’s two speedy red letters seemed like a stretch.<br> Not long ago, the ST stamp was reserved for some of Ford’s brashest European concoctions. Not...<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1121372_why-mazda-is-purging-touchscreens-from-its-vehicles">Why Mazda is purging touchscreens from its vehicles</a><br> <hr> Tablet-like touchscreens have become the ubiquitous interfaces of choice, and they’re seemingly everywhere in daily life, on everything from thermostats to coffee makers and refrigerators. But Mazda really doesn’t think they belong in cars—or at least anywhere near the...<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1104437_2017-volvo-s90-first-drive-review">2017 Volvo S90 first drive review</a> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001004_bengt-halvorson">Bengt Halvorson</a> June 13, 2016<br> With Volvo’s most recent products, including the 2017 Volvo S90 sedan and upcoming 2018 V90 wagon, the Swedish automaker is wholly embracing its Scandinavian roots.<br> From the upright concave...<br> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1103739_2016-bmw-x5-xdrive40e-first-drive-review">2016 BMW X5 xDrive40e first drive review</a><br> <hr> The 2016 BMW X5 xDrive40e—that’s the new plug-in hybrid version of the X5 sport-utility vehicle—is going to draw you in with its numbers: 0-60 mph in 6.5 seconds; 14 miles in all-electric mode; 24 mpg combined. The numbers add up to an alluring (and image-greening) idea: that you...<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210902-201735/ Thu, 02 Sep 2021 20:17:34 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210902-201735/ Exclusive: Amazon to remove more content that violates rules from cloud service, sources say <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-amazon-proactively-remove-more-content-that-violates-rules-cloud-2021-09-02/">VIEW MORE</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210902-200635/ Thu, 02 Sep 2021 20:06:35 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210902-200635/ Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online.<br> The data in this story come from a trusted source in the security industry who has visibility into a network of hacked machines that fraudsters in just about every corner of the Internet are using to anonymize their malicious Web traffic. For the past three years, the source — we’ll call him “Bill” to preserve his requested anonymity — has been watching one group of threat actors that is mass-testing millions of usernames and passwords against the world’s major email providers each day.<br> Bill said he’s not sure where the passwords are coming from, but he assumes they are tied to <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/the-life-cycle-of-a-breached-database/">various databases for compromised websites that get posted to password cracking and hacking forums on a regular basis</a> . Bill said this criminal group averages between five and ten million email authentication attempts daily, and comes away with anywhere from 50,000 to 100,000 of working inbox credentials.<br> In about half the cases the credentials are being checked via “ <a rel="noreferrer" target="_blank" href="https://www.nylas.com/blog/nylas-imap-therefore-i-am/">IMAP</a> ,” which is an email standard used by email software clients like Mozilla’s Thunderbird and Microsoft Outlook . With his visibility into the proxy network, Bill can see whether or not an authentication attempt succeeds based on the network response from the email provider (e.g. mail server responds “OK” = successful access).<br> You might think that whoever is behind such a sprawling crime machine would use their access <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/">to blast out spam, or conduct targeted phishing attacks against each victim’s contacts</a> . But based on interactions that Bill has had with several large email providers so far, this crime gang merely uses custom, automated scripts that periodically log in and search each inbox for digital items of value that can easily be resold.<br> And they seem particularly focused on stealing gift card data.<br> “Sometimes they’ll log in as much as two to three times a week for months at a time,” Bill said. “These guys are looking for low-hanging fruit — basically cash in your inbox. Whether it’s related to hotel or airline rewards or just Amazon gift cards, after they successfully log in to the account their scripts start pilfering inboxes looking for things that could be of value.”<br> A sample of some of the most frequent search queries made in a single day by the gift card gang against more than 50,000 hacked inboxes.<br> According to Bill, the fraudsters aren’t downloading all of their victims’ emails: That would quickly add up to a monstrous amount of data. Rather, they’re using automated systems to log in to each inbox and search for a variety of domains and other terms related to companies that maintain loyalty and points programs, and/or issue gift cards and handle their fulfillment.<br> Why go after hotel or airline rewards? Because these accounts can all be cleaned out and deposited onto a gift card number that can be resold quickly online for 80 percent of its value.<br> “These guys want that hard digital asset — the cash that is sitting there in your inbox,” Bill said. “You literally just pull cash out of peoples’ inboxes, and then you have all these secondary markets where you can sell this stuff.”<br> Bill’s data also shows that this gang is so aggressively going after gift card data that it will routinely seek new gift card benefits on behalf victims, when that option is available.  For example, many companies now offer employees a “wellness benefit” if they can demonstrate they’re keeping up with some kind of healthy new habit, such as daily gym visits, yoga, or quitting smoking.<br> Bill said these crooks have figured out a way to tap into those benefits as well.<br> “A number of health insurance companies have wellness programs to encourage employees to exercise more, where if you sign up and pledge to 30 push-ups a day for the next few months or something you’ll get five wellness points towards a $10 Starbucks gift card, which requires 1000 wellness points,” Bill explained. “They’re actually automating the process of replying saying you completed this activity so they can bump up your point balance and get your gift card.”<br> The Gift Card Gang’s Footprint<br> How do the compromised email credentials break down in terms of ISPs and email providers? There are victims on nearly all major email networks, but Bill said several large Internet service providers (ISPs) in Germany and France are heavily represented in the compromised email account data.<br> “With some of these international email providers we’re seeing something like 25,000 to 50,000 email accounts a day get hacked,” Bill said.  “I don’t know why they’re getting popped so heavily.”<br> That may sound like a lot of hacked inboxes, but Bill said some of the bigger ISPs represented in his data have tens or hundreds of millions of customers. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/gift-card-gang-extracts-cash-from-100k-inboxes-daily/#more-55319">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/gift-card-gang-extracts-cash-from-100k-inboxes-daily/">Gift Card Gang Extracts Cash From 100k Inboxes Daily</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210902-081741/ Thu, 02 Sep 2021 08:17:41 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210902-081741/ New York City Mayor Bill de Blasio declares state of emergency after record-breaking rain <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/new-york-city-mayor-declares-state-emergency-after-record-breaking-rain-2021-09-02/">VIEW MORE</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210902-041955/ Thu, 02 Sep 2021 04:19:55 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210902-041955/ U.S. Supreme Court refuses to block Texas law banning abortion after six weeks of pregnancy <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/us-supreme-court-declines-block-texas-abortion-ban-2021-09-02/">VIEW MORE</a><br> https://www.whatsupup.com/blog/sited/implore/20210902-002055/ Thu, 02 Sep 2021 00:20:54 +0000 https://www.whatsupup.com/blog/sited/implore/20210902-002055/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/09/01/technology/google-antitrust-advertising-doj.html">Justice Dept. Is Said to Accelerate Google Advertising Inquiry The moves may result in a second antitrust lawsuit against Google before the end of the year. By Cecilia Kang</a><br></p> <hr> Sept. 1, 2021<br> https://www.whatsupup.com/blog/ideo/fleury/20210902-000744/ Thu, 02 Sep 2021 00:07:43 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210902-000744/ Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. But roughly two weeks ago, VIP72’s online storefront — which ironically enough has remained at the same U.S.-based Internet address for more than a decade — simply vanished.<br> Like other anonymity networks marketed largely on cybercrime forums online, VIP72 routes its customers’ traffic through computers that have been hacked and seeded with malicious software. Using services like VIP72, customers can select network nodes in virtually any country, and relay their traffic while hiding behind some unwitting victim’s Internet address.<br> The domain Vip72[.]org was originally registered in 2006 to “ Corpse ,” the handle adopted by a Russian-speaking hacker who gained infamy several years prior for creating and selling an extremely sophisticated online banking trojan called A311 Death , a.k.a. “ Haxdoor ,” and “ Nuclear Grabber .” Haxdoor was way ahead of its time in many respects, and it was <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2007/01/25/technology/25hack.html">used in multiple million-dollar cyberheists</a> long before multi million-dollar cyberheists became daily front page news.<br> An ad circa 2005 for A311 Death, a powerful banking trojan authored by “Corpse,” the administrator of the early Russian hacking clique Prodexteam. Image: Google Translate via Archive.org.<br> Between 2003 and 2006, Corpse focused on selling and supporting his Haxdoor malware. Emerging in 2006, VIP72 was clearly one of his side hustles that turned into a reliable moneymaker for many years to come. And it stands to reason that VIP72 was launched with the help of systems already infected with Corpse’s trojan malware.<br> The first mention of VIP72 in the cybercrime underground came in 2006 when someone using the handle “ Revive ” advertised the service on Exploit, a Russian language hacking forum. Revive established a sales presence for VIP72 on multiple other forums, and the contact details and messages shared privately by that user with other forum members show Corpse and Revive are one and the same.<br> When asked in 2006 whether the software that powered VIP72 was based on his Corpse software, Revive replied that “it works on the new Corpse software, specially written for our service.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/15-year-old-malware-proxy-network-vip72-goes-dark/#more-56712">Continue reading →</a><br> Reached via LinkedIn, Sociogram founder <a rel="noreferrer" target="_blank" href="https://www.linkedin.com/in/oluwameda/">Oluwaseun Medayedupin</a> asked to have his startup’s name removed from the story, although he did not respond to questions about whether there were any inaccuracies in Hassold’s report.<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/09/15-year-old-malware-proxy-network-vip72-goes-dark/">15-Year-Old Malware Proxy Network VIP72 Goes Dark</a><br> https://www.whatsupup.com/blog/augur/cussed/20210901-201009/ Wed, 01 Sep 2021 20:10:08 +0000 https://www.whatsupup.com/blog/augur/cussed/20210901-201009/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/discover-your-next-favorite-campus-club-in-student-hubs-3b5d1c65800f?source=collection_home---4------0-----------------------">Discover Your Next Favorite Campus Club in Student Hubs</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/discover-your-next-favorite-campus-club-in-student-hubs-3b5d1c65800f?source=collection_home---4------0-----------------------">Discover Your Next Favorite Campus Club in Student Hubs With so many ways students are using Discord, it can be hard to find servers for your campus. Student Hubs are here to help.</a><br> <hr> Sep 1<br> https://www.whatsupup.com/blog/beautifying/hagriding/000000-000000/ Wed, 01 Sep 2021 08:25:07 +0000 https://www.whatsupup.com/blog/beautifying/hagriding/000000-000000/ [Marking site as being monitored from now on] https://www.whatsupup.com/blog/steeplejack/garrote/000000-000000/ Wed, 01 Sep 2021 08:24:59 +0000 https://www.whatsupup.com/blog/steeplejack/garrote/000000-000000/ [Marking site as being monitored from now on] https://www.whatsupup.com/blog/bilateralistic/jungle/20210901-001408/ Wed, 01 Sep 2021 00:14:07 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210901-001408/ Save 45% on Systems Perf 2nd edition until Sep 13, 2021 with the Publisher's <a rel="noreferrer" target="_blank" href="http://informit.com/sale/backtolearn">back to learn</a> sale: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/systems-performance-2nd-edition-book.html">Systems Performance 2nd Ed.</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/bpf-performance-tools-book.html">BPF Performance Tools book</a> Recent posts:<br> https://www.whatsupup.com/blog/playacted/rededication/20210831-202353/ Tue, 31 Aug 2021 20:23:53 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210831-202353/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/08/31/technology/facebook-accenture-content-moderation.html">The Silent Partner Cleaning Up Facebook for $500 Million a Year The social network has constructed a vast infrastructure to keep toxic material off its platform. At the center of it is Accenture, the blue-chip consulting firm. By Adam Satariano and Mike Isaac</a><br> https://www.whatsupup.com/blog/nonspecific/thinkably/20210831-160854/ Tue, 31 Aug 2021 16:08:54 +0000 https://www.whatsupup.com/blog/nonspecific/thinkably/20210831-160854/ By <a rel="noreferrer" target="_blank" href="https://parsers.me/author/parserssiteuser/">admin</a> , <a rel="noreferrer" target="_blank" href="https://parsers.me/comparison-of-vc-fund-aggregators-crunchbase-pitchbook-with-parsers-vc/">1 year 54 mins ago</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210831-002154/ Tue, 31 Aug 2021 00:21:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210831-002154/ U.S. completes withdrawal of its troops from Afghanistan, officials say, nearly 20 years after it invaded the country <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/last-us-forces-leave-afghanistan-after-nearly-20-years-2021-08-30/">VIEW MORE</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210830-201641/ Mon, 30 Aug 2021 20:16:40 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210830-201641/ 30 Aug 2021 » <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-08-30/high-rate-of-paging.html">Analyzing a High Rate of Paging</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210829-001644/ Sun, 29 Aug 2021 00:16:44 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210829-001644/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-microsoft-security/researchers-cybersecurity-agency-urge-action-by-microsoft-cloud-database-users-idUSKBN2FT0K8">Researchers, cybersecurity agency urge action by Microsoft cloud database users</a><br></p> <hr> Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp's Azure cloud platform on Saturday urged all users to change their digital access keys, not just the 3,300 it notified this week.<br> https://www.whatsupup.com/blog/ideo/fleury/20210829-000627/ Sun, 29 Aug 2021 00:06:25 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210829-000627/ Error: Server Error<br> The server encountered a temporary error and could not complete your request.<br> Please try again in 30 seconds.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210828-201823/ Sat, 28 Aug 2021 20:18:22 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210828-201823/ Biden says military commanders have informed him a new attack is highly likely in Kabul in the next 24-36 hours <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific/us-launches-drone-strike-islamic-state-after-afghan-airport-blast-2021-08-28/">VIEW MORE</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210828-200859/ Sat, 28 Aug 2021 20:08:58 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210828-200859/ <p><a rel="noreferrer" target="_blank" href="https://retool.com/blog/retool-for-startups/">Focus on building your core product, not custom internal tools. Early-stage startups now get a free year of Retool.</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/solera-health-customer-story/">Solera Health chose to build custom apps in Retool instead of using React. Learn how those CRUD apps reduced friction and sped up workflows for customer support agents.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/build-a-mongodb-gui-in-minutes/">In this post, we’ll show you how to build a simple yet powerful admin panel for your MongoDB instance. Using MongoDB’s sample data, we’ll demonstrate how to query data, build</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/saltpay-customer-story/">This is the story of how SaltPay was able to bring together critical user data and support workflows into one Retool app to replace a disjointed and slow customer support process.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/build-document-workflow-automation-with-revv-retool/">Drafting, reviewing, tracking, signing, and storing business documents is essential—and can be painful, especially if you are still in the pen and paper era. Revv, a complete document management system, specializes in</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/building-a-modern-on-prem-software-business/">How we decided to build both a cloud and on-prem option for Retool, the challenges, and why it's becoming more common to offer both.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/self-hosted-retool-plans/">We’re excited to announce that you can deploy our Free and Startup plan on your own infra, behind your own VPN, and in your own VPC.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/join-the-retool-developer-community/">The Retool community is the best place to get help, share what you're building, and level up your Retool skills.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/plaid-customer-story/">This is the story of how Plaid empowered customer support to adapt (and re-adapt) workflows at a huge inflection point in their growth, and how a small engineering team played a critical role in making it happen.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/text-v2-app-documentation/">We’ve recently shipped two updates that help make Markdown a first-class citizen in Retool: a completely redesigned Text component and a new App Documentation feature.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/earnin-customer-story/">This is the story how Paula built a new service dashboard in Retool to help the customer service team prepare for the launch of their new product, WeWin.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/google-sheets/">While spreadsheet software has evolved over the years—first VisiCalc, then Lotus, Excel and now Google Sheets—the core abstractions have remained the same.They’re flexible, intuitive, and accessible. But these abstractions</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/segment-customer-story/">As Segment prepared to launch their second product, Personas, a PM realized that their customer support team needed a new level of visibility into product data.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-to-build-a-super-subscription-center-in-retool-using-stripe-and-sync-inc/">This tutorial walks how to build a subscription management center using Retool, Stripe, and Sync Inc.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/what-is-low-code/">Low code and no code have equal amounts of hype and skepticism. On the one hand, it’s clear low code has market traction: in April 2021, a provider of low code automation</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/retool-user-license-app/">An inside look at why and how we built a custom app for account managers to generate user license keys, manage trials, map account data with Salesforce, and manage feature flags.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/react-map-library/">We're breaking down the strengths and drawbacks of the top React map libraries, as well as highlight the types of projects each library excels at so you can determine what's best for you.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/react-autocomplete-libraries/">We’ve researched and compared React autocomplete libraries to suss out the best React autocomplete library, and then created this simple guide to aggregate all the top options in one place.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/on-prem-vs-cloud/">The debate between on-premise vs cloud is nothing new. We've collected deeper context and frameworks to make evaluating your options easier.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/react-native-datepicker-libraries/">We researched and tried a handful of popular React-Native date picker libraries. In this post, we’ll walk you through our favorites and the reasoning behind each selection.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-oddbox-sped-up-customer-support/">When you ship tens of thousands of boxes of produce a week, issues happen. This is the story of how the PM team helped customer service deliver better user experiences using Retool.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/react-component-libraries/">Get an overview of the top React component libraries looking at several factors like popularity, use cases, documentation, resources, support, etc.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/jetfuel-customer-story/">This is the story of how a co-founder and CRO built internal tools that helped every team bring insights and action into the same place.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/nacho-iacovino-on-the-future-of-internal-tools/">A guest post from Nacho Iacovino, developer advocate at Clerk, who recently chatted with us about the findings from our 2021 State of Internal Tools report and where he thinks internal tool development is going.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-sentropy-used-internal-apps-to-speed-up-the-sales-process-and-reduce-friction-between-teams/">As a small team tackling a complex issue, Sentropy needs to move fast and help every teammate operate at their best. Here's a look at how they built internal tools using Retool to unblock critical GTM functions.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/5-fast-growing-startups-that-used-internal-tools-to-enable-speed/">With the right internal tools, high-growth startups move faster and more efficiently, enabling them to outpace the competition and succeed in tough markets. Here's how five category-leading startups—Avo, LeadGenius, Doordash, Neo4j, and Descript–used internal tools to accelerate growth.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/choosing-the-right-react-checkbox-component-for-your-application/">We researched, identified, and evaluated, checkbox components to help you make the right choice to solve common use cases.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-3-financial-services-companies-use-internal-tools-to-save-engineering-resources/">Internal tools, with the right strategy, can help you save on a huge amount of engineering resources. With resources saved, you can reallocate engineers to customer-facing features. To learn more, we turned to three financial services companies to see how they use internal tools.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/choosing-a-react-form-library/">In this post, we’ve compiled three popular React form libraries—Formik, react-hook-form, and react-final-form—and actionable guidance to choose the right React form library for your next project.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/3-experts-on-building-vs-buying-internal-tools/">Our experts reveal that, especially with low-code platforms, your internal tool development should be context-dependent and should, at different times, include built and bought components.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-we-use-retool-to-manage-our-startup-credits/">This is a behind-the-scenes look at how we built the process to offer startup credits and then automated it all with Retool.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-botkeeper-streamlines-and-automates-internal-information-and-workflows-using-retool/">This is the story of how a VP of Innovation used Retool to help her team work the way they want, and connect disparate systems beneath the surface.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/building-a-file-uploader-app-with-digital-ocean-spaces/">This tutorial walks through how to build a basic file uploader and viewer app in under an hour using Retool and the DigitalOcean Spaces API.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-remitly-gets-to-market-faster-by-empowering-their-customer-success-team/">Here’s a look at how a software engineer built the internal tools to help get Remitly for Developers to market faster and allowed customer success to support users as they navigate the new product line.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/the-best-react-native-map-libraries-for-time-strapped-developers/">In this guide, we’ll take you through the reasoning behind our favorite map libraries by comparing react-native-maps to the other top libraries.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/using-the-react-native-push-notification-library-for-your-react-native-notification-needs/">There are a number of React Native notification libraries to choose from, and this post will spotlight one of the leading options: react-native-push-notification.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-bwh-hotel-group-scandinavia-built-tools-for-revenue-services-5x-faster-than-the-competition/">An inside look at how an analytics manager tackled revenue forecasting with Retool—and gave BWH Hotel Group Scandinavia a competitive advantage they didn’t expect.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/new-developments-ken-liu-cockroach-labs/">We talked to Ken about what internal tools look like at a database company, measuring build times, and when to build vs. buy.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/new-developments-sole-pano-auth0/">We talked to Sole about how her team at Auth0 approaches building internal tools, their stack, and differences with how they think about customer facing builds.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/new-developments-curtis-cummings-on-deck/">We talked to Curtis about how On Deck approaches internal tools, from scaling cohort operations to building quick MVPs in low-code tools.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/new-developments-soroush-pour-vow/">We talked to Soroush about how his team at Vow works on internal tools, from microscopes to lab notebooks and admin panels.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/retool-sdr-workflow-on-salesforce/">This is the story of how 2 Retool apps automated away the messy parts of our SDR workflow and helped our entire sales team be more customer-centric.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/running-safe-database-migrations-using-postgres/">Our team at Retool has navigated and fixed major issues related to migrations in Postgres. This post will highlight key lessons learned and what you can do to avoid making the same mistakes.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/new-developments-andrew-homeyer-halp/">We talked to Andrew Homeyer about how his teams at Halp build and maintain their internal tools.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/build-together-in-retool-with-cord-comments-and-annotations/">In this post, we’ll walk through how to use Retool with Cord. Cord lets you add comments, annotations, and guides directly in your favorite apps.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/commonbond-loan-disbursal/">Commonbond’s goal is to provide a better loan experience for customers. But loan disbursement is one of the processes that can involve a heavy lift on the backend. See how one engineer made it happen.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/commonbond-forbearance-process/">The operations team at Commonbond struggled to get prioritized on the engineering roadmap. So they took matters into their own hands, and created a new career path for their team.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/ramp-financial-operations/">Ramp is a fast-growing financial company. Here’s an inside look at how the financial operations and product teams changed how they work using Retool.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/avo-story/">“After Retool,” Solvi said, “anyone in the company could start managing these things without having to request changes from the engineering team.” What used to take the non-technical teams hours to complete can now be accomplished in a matter of seconds using their Retool-built tool.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/pizza-to-the-polls-story/">With this year’s record voter turnout, Pizza to the Polls had an even greater impact than in 2016 and they did it with the power of Retool. They raised over $1.4 million to send 66,089 pizzas to 3,267 polling places in 48 states—blowing their 2016 and 2018 numbers out of the water.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-brex-used-retool-to-scale-10x-in-three-years/">Brex has a killer philosophy of internal tools. Find out how Retool, on top of this strong foundation, has helped Engineering Manager Derek Stavis scale 10x in three years.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/ramp-story/">Many companies in the fintech industry struggle with data management because of the complex stack of tools needed to manage operations. Retool can help. Here's how Ramp used Retool to make operations 20% more efficient.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/cost-benefit-analysis-of-internal-tools/">The decision to invest in internal tools is all about striking the right balance. In most cases, that balance lies between the engineering overhead to develop (and maintain) internal tools and the workforce productivity those tools deliver once they’re up and running.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/noble-schools-used-retool-to-support-over-12-500-students-during-a-pandemic/">The COVID-19 pandemic has fundamentally changed how education works. Learn how Retool helped Noble Schools adapt to distance learning.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/neo4j-story/">The story behind how Mike Brophy (VP of Global Renewals at Neo4J) reduced churn by built a custom internal tool to manage renewals outside of Salesforce.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/descript-story/">The story behind how Andrew Mason (CEO and Founder of Descript) lifted the load off engineering teams building internal tools by moving to Retool.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/leadgenius-story/">The story behind how Adam Louie (Senior Director of Business Operations at LeadGenius) built 3 internal applications that ended up saving LeadGenius $1M.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/crud-with-cloud-firestore-using-the-nodejs-sdk/">This post walks through how to use Firestore's Node.js SDK to do …</a> https://www.whatsupup.com/blog/reigned/coffeecake/20210828-200852/ Sat, 28 Aug 2021 20:08:52 +0000 https://www.whatsupup.com/blog/reigned/coffeecake/20210828-200852/ New: <a rel="noreferrer" target="_blank" href="http://paulgraham.com/weird.html">Weird Languages</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/hwh.html">Hard</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/own.html">Project</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/fn.html">Fierce</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/newideas.html">Crazy</a><br> https://www.whatsupup.com/blog/glooming/wrackful/20210828-161014/ Sat, 28 Aug 2021 16:10:13 +0000 https://www.whatsupup.com/blog/glooming/wrackful/20210828-161014/ Bug bounty write-ups<br> <a rel="noreferrer" target="_blank" href="https://robertheaton.com/another-rce-in-kensingtonworks">Another RCE vulnerability in KensingtonWorks</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210828-122655/ Sat, 28 Aug 2021 12:26:55 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210828-122655/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133386_2023-chevy-camaro-reportedly-in-line-for-ct5-v-blackwing-s-v-8">2023 Chevy Camaro reportedly in line for CT5-V Blackwing's V-8</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210828-122311/ Sat, 28 Aug 2021 12:23:11 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210828-122311/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa/u-s-attacks-islamic-state-after-afghan-airport-blast-idUSKBN2FT01K">U.S. attacks Islamic State after Afghan airport blast</a><br></p> <hr> (Reuters) -The United States attacked an Islamic State "planner" in Afghanistan in retaliation for a deadly bombing outside Kabul airport and said there was a high risk of further blasts as it nears the end of a mission to evacuate civilians and withdraw troops.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-italy/we-did-our-best-on-kabul-evacuation-nato-representative-says-idUSKBN2FT07I">"We did our best" on Kabul evacuation, NATO representative says</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210828-122055/ Sat, 28 Aug 2021 12:20:55 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210828-122055/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2016/08/13/is-apples-cloud-key-vault-crypto/">Is Apple's Cloud Key Vault a crypto backdoor?</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210828-082220/ Sat, 28 Aug 2021 08:22:19 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210828-082220/ (Reuters) -Western forces running the Afghan airlift braced on Saturday for more attacks after the United States launched a drone strike, apparently killing an Islamic State "planner", two days after the group claimed a deadly bombing outside Kabul airport.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-israel-iran/top-iran-security-official-says-biden-illegally-threatened-tehran-idUSKBN2FT04S">Top Iran security official says Biden illegally threatened Tehran</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210828-042231/ Sat, 28 Aug 2021 04:22:30 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210828-042231/ <p>The U.S. launched a drone strike targeting Islamic State in eastern Afghanistan one day after a deadly attack in Kabul <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific/us-drone-strike-targets-islamic-state-planner-afghanistan-2021-08-28/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa/u-s-launches-drone-strike-on-islamic-state-after-afghan-airport-blast-idUSKBN2FT01K">U.S. launches drone strike on Islamic State after Afghan airport blast</a><br></p> <hr> Western forces running the Afghan airlift braced on Saturday for more attacks after the United States launched a drone strike, apparently killing an Islamic State "planner", two days after the group claimed a deadly bombing outside Kabul airport.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-pentagon/didnt-need-to-happen-pentagon-seeks-answers-for-deadly-attack-idUSKBN2FT02W">'Didn't need to happen': Pentagon seeks answers for deadly attack</a><br> https://www.whatsupup.com/blog/vernalize/massed/20210828-040820/ Sat, 28 Aug 2021 04:08:20 +0000 https://www.whatsupup.com/blog/vernalize/massed/20210828-040820/ [Nothing new, only with content removed] https://www.whatsupup.com/blog/twopenny/ultraism/20210828-001721/ Sat, 28 Aug 2021 00:17:20 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210828-001721/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/legal-us-microsoft-security/microsoft-warns-thousands-of-cloud-customers-of-exposed-databases-idUSKBN2FS27W">Microsoft warns thousands of cloud customers of exposed databases</a><br></p> <hr> SAN FRANCISCO Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/u-s-on-alert-for-further-kabul-attacks-in-race-to-complete-evacuations-idUSKBN2FS052">U.S. on alert for further Kabul attacks in race to complete evacuations</a><br> <hr> U.S. forces helping evacuate Afghans desperate to flee Taliban rule were on alert for more attacks on Friday after an Islamic State suicide bombing outside Kabul airport killed at least 92 people, including 13 U.S. service members.<br> https://www.whatsupup.com/blog/sideswiped/tuftily/20210828-001357/ Sat, 28 Aug 2021 00:13:57 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210828-001357/ The Green Knight<br> movie <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/08/24/Woods-Walk">…</a> [4 comments]<br> https://www.whatsupup.com/blog/jigging/witherer/20210827-201759/ Fri, 27 Aug 2021 20:17:59 +0000 https://www.whatsupup.com/blog/jigging/witherer/20210827-201759/ <p><a rel="noreferrer" target="_blank" href="https://themarkup.org/series/denied">Denied</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/08/10/how-the-daily-wire-uses-facebooks-targeted-advertising-to-build-its-brand">Citizen Browser How The Daily Wire Uses Facebook’s Targeted Advertising to Build Its Brand The social media giant's powerful targeting tools appear to be part of Ben Shapiro’s success in growing his audience on the platform August 10, 2021 08:00 ET</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210827-201720/ Fri, 27 Aug 2021 20:17:20 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210827-201720/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/u-s-on-alert-for-more-kabul-attacks-says-next-few-days-will-be-most-dangerous-idUSKBN2FS052">U.S. on alert for more Kabul attacks, says next few days will be most dangerous</a><br></p> <hr> (Reuters) -U.S. forces helping to evacuate Afghans desperate to flee Taliban rule were on alert for more attacks on Friday after an Islamic State suicide bombing killed at least 92 people, including 13 U.S. service members, just outside Kabul airport.<br> https://www.whatsupup.com/blog/rat/realty/20210827-201038/ Fri, 27 Aug 2021 20:10:37 +0000 https://www.whatsupup.com/blog/rat/realty/20210827-201038/ <a rel="noreferrer" target="_blank" href="https://www.imperialviolet.org/2021/08/26/qrencoding.html">Efficient QR codes</a> (26 Aug 2021)<br> QR codes seem to have won the battle for 2D barcodes, but they're not just a bag of bits inside. Their payload is a series of segments , each of which can have a different encoding. Segments are bitstrings, concatenated without any byte-alignment, and terminated with an empty segment of type zero. If you want to squeeze the maximum amount of data into a QR code without it turning into a gray square, understanding segmentation helps.<br> The most basic segment type is byte mode , which is a series of 8-bit bytes. If you control the QR decoder then this is perfectly efficient for encoding binary data. But you probably need to work with a variety of decoders. In that case, beware: the first edition of the QR standard, ISO/IEC 18004, said that byte mode should be interpreted as <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/JIS_X_0201">JIS X 0201</a> . The 2005 edition changed that to be <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/ISO/IEC_8859-1">ISO/IEC 8859-1</a> (i.e. Latin-1). In practice, some QR decoders will attempt to content-sniff the encoding because, while UTF-8 contents should be indicated with an ECI header, they often aren't and UTF-8 is really common.<br> So if you put binary data into a QR code, you are probably going to hit these edge cases. The contents are likely going to be passed to a general operating system API for handling URLs — do you think the full pipeline will handle NUL bytes in the string, and UTF-8 non-characters and invalid surrogate pairs when interpreted as UTF-8? Also, you probably want your QR contents to be a printable string: bits of it might be shown in the scanner's UI; users might need to copy and paste them.<br> So let's assume that you want something printable and consider an obvious answer: base64url. It's very common, printable, and doesn't contain any characters that are special in URLs for maximum compatibility. It'll be encoded in a byte-mode segment: each base64url character contains 6 bits of information and takes 8 bits in the QR code for an efficiency of 75%. That's our baseline.<br> The next segment type to consider is digit mode . This only encodes the digits, 0–9, by packing triples of digits into 10 bits. If there are two digits left over at the end then they take 7 bits, and a singleton takes 4 bits. Ignoring the potential digits at the end, this lets you store 3×log 2 (10) = 3×3.322 = 9.966 bits of information in 10 bits of space. That's 99.66% efficient! So you can clearly do better than base64url.<br> The last segment type for these purposes is alphanumeric mode . These segments can encode A–Z, 0–9, and nine special characters: $, %, *, +, -, ., /, :, and space. Pairs of these characters are encoded in 11 bits. (If there's an odd number then the last takes 6 bits.) If you consider this to be “base-45” encoding then it stores 2×log 2 (45) = 10.98 bits in 11 bits of space, for 99.85% efficiency. Even better than digit mode, although only just.<br> So maybe you should base-45 encode your data using that alphabet. But, of the special characters supported in alphanumeric mode, only two (minus and period) are <a rel="noreferrer" target="_blank" href="https://datatracker.ietf.org/doc/html/rfc3986#section-2.3">unreserved</a> (i.e. safe) in URLs. So you might be reduced to base-38, which cuts the efficiency to 95.42%. But having textually smaller QR contents might be valuable and worth a few percent efficiency in your context.<br> If you've picked base-10 (digits), base-38, or even base-45 for your data then you need to get it into that form. Base-64 is easy because that's exactly 6 bits per character; you work on 3 bytes of input at a time and produce exactly 4 characters of output. But 10, 38, and 45 aren't powers of two. The most efficient conversion would be to treat the input as a bigint and repeatedly divmod by 10 (or 38, etc) to generate the encoding. If you have a bigint library to hand then it almost certainly has the functions for that, but it's a rather obnoxious (and quadratic) amount of computation and a significant dependency. So you might be willing to waste a few bits to make things easier.<br> Ideal input chunks would be 8 bytes or fewer, because nearly all environments will support a uint64 type and nearly all hardware can do a divmod on them. If you're using base-10 then there's going to be a function that can “print” a uint64 to digits for you, so let's take digits as an example. With a chunk size of two bytes you would get five digits. Each digit takes 3⅓ bits of space, so 16 input bits takes 16⅔ bits: 96% efficient. Less than the 99.66% we can get with digits for sure. But if you consider all chunk sizes from one to eight bytes, turning 7-byte chunks into 17 digits is 98.82% efficient. That's pretty good for the complexity savings.<br> For base-38, 7-byte chunks are the best again, producing 11 characters for 92.56% efficiency. For base-45, two-byte chunks produce 3 characters for 96.97% efficiency. (Four- and eight-byte chunks do the same if you want fewer loop iterations.)<br> (And you should use little-endian chunks because little-endian has won, even if the IETF hasn't caught up to that yet.)<br> Now you've got your payload encoding sorted … probably. A wrinkle is that it's difficult to know how your QR encoder will segment what you give it. You might have crafted a wonderful base-38 input and it might stuff it all into a byte -mode segment! (68.65% efficient, worse than base64url.) I'm sadly not aware of a good QR “debugger” that shows all the details of a QR code. ZXing's <a rel="noreferrer" target="_blank" href="https://zxing.org/w/decode.jspx">online service</a> will give a hex-dump of the raw contents, but that assumes that you can decode the segment headers. ( <a rel="noreferrer" target="_blank" href="https://qrlogo.kaarposoft.dk/qrdecode.html">QR-Logo</a> promises better debugging output but doesn't work for me.) My best advice is to use ZXing on a sample QR code, ignore the 0xec, 0x11 padding pattern at the end, and calculate whether the number of bytes used roughly makes sense.<br> You probably want to put a URL-like prefix at the front to make your QR codes distinguishable. One thing to consider is that “https://www.example.com/” is a byte-mode segment that takes 204 bits, but “HTTPS://WWW.EXAMPLE.COM/” is alphanumeric and needs only 145 bits. (That's assuming QR versions 1 through 9, the lengths are slightly different otherwise.) DNS names are case insensitive and “an implementation should accept uppercase letters” for the scheme says <a rel="noreferrer" target="_blank" href="https://datatracker.ietf.org/doc/html/rfc3986#section-3.1">RFC 3986</a> . Maybe it just looks odd and that's not worth the bits, though?<br> We'll finish up with a quick look at an example, which is the thing that started me on this path in the first place: <a rel="noreferrer" target="_blank" href="https://spec.smarthealth.cards/">SMART Health Cards</a> . (Thank you to the person who pointed me at them, who likely wants to remain anonymous.)<br> SHC's are trying to squeeze a lot of data into a QR code: they <a rel="noreferrer" target="_blank" href="https://spec.smarthealth.cards/#health-cards-are-small">minify</a> their JSON structure and compress it but, even then, they sometimes <a rel="noreferrer" target="_blank" href="https://spec.smarthealth.cards/#creating-a-qr-code-or-a-set-of-qr-codes-from-a-health-card-jws">span</a> multiple QR codes and the user has to scan them all. As such their contents are a) a binary segment containing “shc:/” (and maybe sequence numbers if using multiple QR codes), and then b) a digits segment containing the payload. So they didn't use “SHC:/” to save bits, but the difference is small.<br> One thing to note is that the QR spec (ISO/IEC 18004:2005) has a whole section on “structured append” mode, where multiple QR codes can be combined into one. But trying that with iOS and Android shows that neither support it, so probably it can be considered dead and that's why SHC is replicating the same feature at a higher level.<br> Another thing to note is that SHC is using digits for better efficiency, which is great, but the way that they do it is not. They're using JWT, <a rel="noreferrer" target="_blank" href="https://fly.io/blog/api-tokens-a-tedious-survey/#jwt">which is bad</a> but not today's topic, so they have three base64-encoded strings. They then take each base64 character, subtract 45, and turn that into two base-10 digits! All that work minifying JSON and compressing it, and then they throw away 10% of their bits on such a trivial thing!<br> So SHC did pretty well, but missed an easy win. Having read this, you can do better.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210827-162048/ Fri, 27 Aug 2021 16:20:47 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210827-162048/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133391_gmc-explores-overlanding-with-canyon-at4-based-concept">GMC explores overlanding with Canyon AT4-based concept</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133387_new-high-end-bmw-to-be-built-in-us-is-likely-x8-crossover">New “high-end” BMW to be built in US is likely X8 crossover</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210827-161737/ Fri, 27 Aug 2021 16:17:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210827-161737/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-pentagon/pentagon-says-kabul-attack-carried-out-by-one-suicide-bomber-idUSKBN2FS1IU">Pentagon says Kabul attack carried out by one suicide bomber</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210827-161055/ Fri, 27 Aug 2021 16:10:54 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210827-161055/ 27 Aug 2021 » <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-08-27/slack-crashes-secret-stderr.html">Slack's Secret STDERR Messages</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210827-121647/ Fri, 27 Aug 2021 12:16:47 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210827-121647/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/u-s-on-alert-for-more-isis-attacks-after-85-killed-in-kabul-airport-carnage-idUSKBN2FS052">U.S. on alert for more ISIS attacks after 85 killed in Kabul airport carnage</a><br></p> <hr> (Refiles to correct spelling of bin Laden's first name in paragraph 19)<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-taliban-west-ana/analysis-islamic-state-attack-signals-wests-least-bad-option-for-afghanistan-the-taliban-idUSKBN2FS0ZX">Analysis: Islamic State attack signals West's least bad option for Afghanistan - the Taliban</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflect-turkey-airport/turkey-wont-help-at-kabul-airport-without-its-own-security-officials-idUSKBN2FS0LH">Turkey won't help at Kabul airport without its own security -officials</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210827-081934/ Fri, 27 Aug 2021 08:19:34 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210827-081934/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133384_2023-aston-martin-dbx-hybrid-spy-shots-mild-hybrid-first">2023 Aston Martin DBX hybrid spy shots: Mild-hybrid first</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210827-081632/ Fri, 27 Aug 2021 08:16:32 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210827-081632/ <p>SAN FRANCISCO (Reuters) -Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. | <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/08/27/microsoft-warns-cloud-customers-of-expos?videoId=734676064&newsChannel=">Video</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/u-s-braces-for-more-isis-attacks-after-85-killed-in-kabul-airport-carnage-idUSKBN2FS052">U.S. braces for more ISIS attacks after 85 killed in Kabul airport carnage</a><br></p> <hr> (Reuters) -U.S. forces helping to evacuate Afghans desperate to flee Taliban rule braced for more attacks on Friday after an Islamic State suicide bomber killed 85 people, including 13 U.S. soldiers outside the gates of Kabul airport.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-myanmar-politics-deaths/they-challenged-myanmars-junta-it-cost-them-their-lives-idUSKBN2FS0ED">They challenged Myanmar's junta. It cost them their lives</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-malaysia-politics/malaysias-new-pm-retains-finance-minister-senior-figures-in-cabinet-idUSKBN2FS09L">Malaysia's new PM retains finance minister, senior figures in cabinet</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210827-041631/ Fri, 27 Aug 2021 04:16:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210827-041631/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/microsoft-security/exclusive-microsoft-warns-thousands-of-cloud-customers-of-exposed-databases-idUSL1N2PX302">EXCLUSIVE-Microsoft warns thousands of cloud customers of exposed databases</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/u-s-braces-for-more-isis-attacks-after-carnage-at-kabul-airport-idUSKBN2FS052">U.S. braces for more ISIS attacks after carnage at Kabul airport</a><br> <hr> (Reuters) -U.S. forces helping to evacuate Afghans desperate to flee Taliban rule braced for more attacks on Friday after an Islamic State suicide bomber killed scores of civilians and 13 U.S. soldiers outside the gates of Kabul airport.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/sydney-cases-dip-as-australia-debates-covid-19-reopening-plans-idUSKBN2FS01H">Sydney cases dip as Australia debates COVID-19 reopening plans</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-newzealand/new-zealand-eases-nationwide-lockdown-but-auckland-shut-off-idUSKBN2FS05J">New Zealand eases nationwide lockdown but Auckland shut off</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210827-001743/ Fri, 27 Aug 2021 00:17:43 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210827-001743/ <p>Exclusive: Microsoft warns thousands of its cloud computing customers of exposed databases <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-microsoft-security-exclusive/exclusive-microsoft-warns-thousands-of-cloud-customers-of-exposed-databases-idUSKBN2FR29O">Exclusive-Microsoft warns thousands of cloud customers of exposed databases</a><br></p> <hr> SAN FRANCISCO (Reuters) -Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/microsoft-security/exclusive-microsoft-warns-thousands-of-cloud-customers-of-exposed-databases-emails-idUSL1N2PX2W7">EXCLUSIVE-Microsoft warns thousands of cloud customers of exposed databases -emails</a><br> <hr> SAN FRANCISCO, Aug 26 Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-explosion/pentagon-bracing-for-more-attacks-after-troops-killed-at-kabul-airport-idUSKBN2FR1CS">Pentagon bracing for more attacks after troops killed at Kabul airport</a><br> <hr> WASHINGTON (Reuters) -American forces in Kabul were bracing for more Islamic State attacks while winding up their evacuation mission, U.S. officials said, as the number of U.S. troops killed in Thursday's suicide bomb attack rose to 13.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/dozens-of-civilians-at-least-13-u-s-troops-killed-in-kabul-airport-attack-idUSKBN2FQ07S">Dozens of civilians, at least 13 U.S. troops killed in Kabul airport attack</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-attacks-islamic/kabul-attacks-put-bitter-adversary-islamic-state-back-into-u-s-sights-idUSKBN2FR1ZF">Kabul attacks put bitter adversary Islamic State back into U.S. sights</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210826-201958/ Thu, 26 Aug 2021 20:19:58 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210826-201958/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133358_2014-mercedes-benz-c63-dtm-race-car-for-sale">2014 Mercedes-Benz C63 DTM race car for sale</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210826-201652/ Thu, 26 Aug 2021 20:16:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210826-201652/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-explosion/suicide-bombings-at-kabul-airport-kill-12-u-s-troops-threat-persists-pentagon-says-idUSKBN2FR1CS">Suicide bombings at Kabul airport kill 12 U.S. troops; threat persists, Pentagon says</a><br></p> <hr> WASHINGTON (Reuters) -An attack in Kabul claimed by Islamic State killed 12 U.S. troops on Thursday and wounded 15 others, a top U.S. general said, adding U.S. forces were prepared for more attacks even as the evacuation continued.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/dozens-of-civilians-12-u-s-troops-killed-in-bloodbath-at-kabul-airport-idUSKBN2FQ07S">Dozens of civilians, 12 U.S. troops killed in bloodbath at Kabul airport</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-attacks-islamic/islamic-state-claims-responsibility-for-deadly-kabul-airport-attack-idUSKBN2FR1ZF">Islamic State claims responsibility for deadly Kabul airport attack</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210826-201424/ Thu, 26 Aug 2021 20:14:23 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210826-201424/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/08/updates-on-our-continued-collaboration.html">Updates on our continued collaboration with NIST to secure the Software Supply Chain</a><br></p> <hr> Posted by Eric Brewer and Dan Lorenc Yesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where we <a rel="noreferrer" target="_blank" href="https://blog.google/technology/safety-security/why-were-committing-10-billion-to-advance-cybersecurity/">shared</a> recommendations to advance the administration’s cybersecurity agenda. This included our commitment to invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security. <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/08/updates-on-our-continued-collaboration.html">Read More</a><br> Posted by Eric Brewer and Dan Lorenc<br> Yesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where we <a rel="noreferrer" target="_blank" href="https://blog.google/technology/safety-security/why-were-committing-10-billion-to-advance-cybersecurity/">shared</a> recommendations to advance the administration’s cybersecurity agenda. This included our commitment to invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security. At Google, we’ve long advocated for securing the <a rel="noreferrer" target="_blank" href="https://cloud.google.com/blog/products/identity-security/how-were-helping-reshape-software-supply-chain-ecosystem-securely">software supply chain</a> both through our <a rel="noreferrer" target="_blank" href="https://cloud.google.com/blog/products/identity-security/applying-zero-trust-to-user-access-and-production-services">internal best practices</a> and industry efforts that enhance the integrity and security of software. That’s why we're thrilled to collaborate with the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) to support and develop a new <a rel="noreferrer" target="_blank" href="https://www.whitehouse.gov/briefing-room/statements-releases/2021/08/25/fact-sheet-biden-administration-and-private-sector-leaders-announce-ambitious-initiatives-to-bolster-the-nations-cybersecurity/">framework</a> that will help to improve the security and integrity of the technology supply chain. This builds on our previous work in June of this year, where we submitted four statements in response to the National Telecommunications and Information Administration (NTIA) and NIST’s <a rel="noreferrer" target="_blank" href="https://www.nist.gov/itl/executive-order-improving-nations-cybersecurity/workshop-and-call-position-papers">call for position papers</a> to help guide adoption of new software supply chain security standards and guidelines that fulfill components of the <a rel="noreferrer" target="_blank" href="https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/">Executive Order on Improving the Nation’s Cybersecurity</a> . The papers lay out concrete ways to increase the nation’s cybersecurity, based on Google’s experience building secure by design systems for our users and enterprise customers. Each of the suggestions are enactable solutions for software supply chain security, and were drawn from Google’s research and innovations in engineering away entire classes of vulnerabilities. NIST and NTIA also released their guidelines in July for several of the Executive Order’s target areas ( <a rel="noreferrer" target="_blank" href="https://www.ntia.gov/files/ntia/publications/sbom_minimum_elements_report.pdf">SBOM Minimum Elements</a> , <a rel="noreferrer" target="_blank" href="https://www.nist.gov/system/files/documents/2021/07/09/Critical%20Software%20Use%20Security%20Measures%20Guidance.pdf">Critical Software Guidelines</a> , <a rel="noreferrer" target="_blank" href="https://www.nist.gov/system/files/documents/2021/07/13/Developer%20Verification%20of%20Software.pdf">Developer Verification of Software</a> ), incorporating specific recommendations from Google. Below are summaries of each of Google’s position papers, and background on our contributions and impact in each area.<br> <a rel="noreferrer" target="_blank" href="https://www.nist.gov/system/files/documents/noindex/2021/06/08/Google%20NIST%20statement%20on%20%282%29%20development.pdf">High-Confidence, Scalable Secure Development</a> Instead of being reactive to vulnerabilities, we should eliminate them proactively with secure languages, platforms, and frameworks that stop entire classes of bugs. Preventing problems before they leave the developer’s keyboard is safer and more cost effective than trying to fix vulnerabilities and their fallout. (Consider the enormous impact of the SolarWinds attack, which is predicted to take <a rel="noreferrer" target="_blank" href="https://www.rpc.senate.gov/policy-papers/the-solarwinds-cyberattack">$100 billion to remediate</a> .) Google promotes designs that are secure by default and impervious to simple errors that can lead to security vulnerabilities. We want to see secure systems used as widely as possible, so we have invested in initiatives such as getting <a rel="noreferrer" target="_blank" href="https://www.linuxfoundation.org/en/press-release/google-funds-linux-kernel-developers-to-focus-exclusively-on-security/">Rust into the Linux Kernel</a> , published <a rel="noreferrer" target="_blank" href="https://research.google/pubs/pub42934/">research papers</a> , and shared <a rel="noreferrer" target="_blank" href="https://queue.acm.org/detail.cfm?id=3447806&doi=10.1145%2F3442632.3447806">guidance on secure frameworks</a> .<br> <a rel="noreferrer" target="_blank" href="https://www.nist.gov/system/files/documents/noindex/2021/06/08/Google%20NIST%20statement%20on%20%283%29%20security%20measures.pdf">Security Measures for Critical Software</a> Critical software does not exist in a vacuum; we must also harden the broader systems and run environments. Our paper outlines a list of actionable steps for critical software's configuration, the privileges with which it runs, and the network(s) to which it is connected. Our suggestions are based on practices that have withstood the tests of time and scale, such as in our Google Cloud Products, built on <a rel="noreferrer" target="_blank" href="https://cloud.google.com/blog/products/identity-security/delivering-the-industrys-most-trusted-cloud">one of the industry’s most trusted clouds</a> . Google contributes to open-source tools that help maintainers adopt these practices, such as <a rel="noreferrer" target="_blank" href="https://cloud.google.com/blog/products/containers-kubernetes/how-gvisor-protects-google-cloud-services-from-cve-2020-14386">gVisor</a> for sandboxing, and <a rel="noreferrer" target="_blank" href="https://github.com/google/glome">GLOME</a> for authentication and authorization. Additionally, to share the knowledge we have gained securing systems that serve billions of users, we released our book <a rel="noreferrer" target="_blank" href="https://sre.google/books/building-secure-reliable-systems/">Building Secure and Reliable Systems</a> , a resource for any organization that wants to design systems that are fundamentally secure, reliable, and scalable.<br> <a rel="noreferrer" target="_blank" href="https://www.nist.gov/system/files/documents/noindex/2021/06/08/Google%20NIST%20statement%20on%20%284%29%20testing.pdf">Software Source Code Testing</a> <a rel="noreferrer" target="_blank" href="https://opensource.googleblog.com/2019/02/open-sourcing-clusterfuzz.html">Continuous fuzzing</a> is indispensable for identifying bugs and catching vulnerabilities before attackers do. We also suggest securing dependencies using automated tools such as <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard">Scorecards</a> , <a rel="noreferrer" target="_blank" href="https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/">Dependabot</a> , and <a rel="noreferrer" target="_blank" href="https://osv.dev/">OSV</a> . Google has made huge contributions to the field of fuzzing, and has found tens of thousands of bugs with tools like <a rel="noreferrer" target="_blank" href="https://llvm.org/docs/LibFuzzer.html">libFuzzer</a> and <a rel="noreferrer" target="_blank" href="https://opensource.googleblog.com/2019/02/open-sourcing-clusterfuzz.html">ClusterFuzz</a> . We have made continuous fuzzing available to all developers through <a rel="noreferrer" target="_blank" href="https://google.github.io/oss-fuzz/getting-started/continuous-integration/">OSS-Fuzz</a> , and are <a rel="noreferrer" target="_blank" href="https://google.github.io/oss-fuzz/getting-started/integration-rewards/">funding integration costs</a> and <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2020/10/fuzzing-internships-for-open-source.html">fuzzing internships</a> . We are leading a shift in industry support: on top of <a rel="noreferrer" target="_blank" href="https://www.google.com/about/appsecurity/reward-program/index.html">bug bounties</a> , which are rewards programs for finding bugs, we have also added <a rel="noreferrer" target="_blank" href="https://www.google.com/about/appsecurity/patch-rewards/">patch rewards</a> , money that can help fund maintainers remediate uncovered bugs.<br> <a rel="noreferrer" target="_blank" href="https://www.nist.gov/system/files/documents/noindex/2021/06/08/Google%20NIST%20statement%20on%20%285%29%20integrity.pdf">Software Supply Chain Integrity</a> Google strongly encourages adoption of <a rel="noreferrer" target="_blank" href="http://slsa.dev/">SLSA</a> , an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain. Four “SLSA Levels” provide incrementally adoptable guidelines that each raise the bar on security standards for open-source software. SLSA is based on Google’s <a rel="noreferrer" target="_blank" href="https://cloud.google.com/security/binary-authorization-for-borg">internal framework</a> Binary Authorization for Borg (BAB) that ensures that all software packages used by the company meet high integrity standards. Given BAB’s success, we have adapted the framework to work for systems beyond Google and released it as SLSA to help protect other organizations and platforms. We have shared many of Google’s practices for security and reliability in our <a rel="noreferrer" target="_blank" href="https://sre.google/books/">Site Reliability Engineering</a> book. Following our recent <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html">introduction of SLSA</a> to the wider public, we are looking forward to making improvements in response to community feedback.<br> <a rel="noreferrer" target="_blank" href="https://www.ntia.doc.gov/files/ntia/publications/google_-_2021.06.17.pdf">Minimum Requirements for SBOMs</a> Google submitted an additional paper in response to the NTIA’s <a rel="noreferrer" target="_blank" href="https://www.ntia.gov/federal-register-notice/2021/notice-rfc-software-bill-materials-elements-considerations">request for comments</a> on creating SBOMs, which will give users information about a software package’s contents. Modern development requires different approaches than classic packaged software, which means SBOMs must also deal with intermediate artifacts like containers and library dependencies. SBOMs need a reasonable signal-to-noise ratio: if they contain too much information, they won’t be useful, so we urge the NTIA to establish both minimum and maximum requirements on granularity and depth for specific use-cases. We also recommend considerations for the creation of trustworthy SBOMs, such as using verifiable data generation methods to capture metadata, and preparing for the automation and tooling technologies that will be key for widespread SBOM adoption.<br> Improving Everyone’s Security We are committed to <a rel="noreferrer" target="_blank" href="https://blog.google/technology/safety-security/how-google-supports-todays-critical-cybersecurity-efforts/">helping advance collective cybersecurity</a> . We also realize that too many guidelines and lists of best practices can become overwhelming, but any incremental changes in the right direction make a real difference. We encourage companies and maintainers to start evaluating today where they stand on the most important security postures, and to make improvements with the guidance of these papers in the areas of greatest risk. No single entity can fix the problems we all face in this area, but by being open about our practices and sharing our research and tools, we can all help raise the standards for our collective security.<br> Labels: <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/%23supplychain%20%23security%20%23opensource">#supplychain #security #opensource</a><br> <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/%23supplychain%20%23security%20%23opensource">#supplychain #security #opensource</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210826-162023/ Thu, 26 Aug 2021 16:20:23 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210826-162023/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133375_callaway-readies-first-take-on-the-c8-chevy-corvette">Callaway readies first take on the C8 Chevy Corvette</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133372_toyota-to-build-fuel-cells-at-kentucky-plant">Toyota to build fuel cells at Kentucky plant</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1123368_mercedes-benz-amg-gt-4-door-coupe-plug-in-hybrid-flagship-teased-ahead-of-sept-1-reveal">Mercedes-Benz AMG GT 4-Door Coupe plug-in hybrid flagship teased ahead of Sept. 1 reveal</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210826-161647/ Thu, 26 Aug 2021 16:16:46 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210826-161647/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/attack-on-kabul-airport-kills-at-least-13-airlift-thrust-into-chaos-idUSKBN2FQ07S">Attack on Kabul airport kills at least 13; airlift thrust into chaos</a><br></p> <hr> Suspected suicide bombers struck the crowded gates of Kabul airport with at least two explosions on Thursday, causing a bloodbath among desperate civilians hoping to flee and casting the final days of the Western airlift of its allies into chaos.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-robotics-qatar/dont-abandon-afghanistan-pleads-member-of-afghan-all-female-robotics-team-idUSKBN2FR1JO">Don't abandon Afghanistan, pleads member of Afghan all-female robotics team</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-explosion/u-s-says-two-explosions-near-kabul-airport-islamic-state-suspected-idUSKBN2FR1CS">U.S. says two explosions near Kabul airport; Islamic State suspected</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210826-160628/ Thu, 26 Aug 2021 16:06:27 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210826-160628/ In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware to siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210826-121957/ Thu, 26 Aug 2021 12:19:57 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210826-121957/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133371_tiny-citroen-ami-electric-car-to-be-sold-by-opel-as-the-rocks-e">Tiny Citroen Ami electric car to be sold by Opel as the Rocks-e</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133370_2022-mercedes-benz-citan-compact-commercial-van-gets-redesign-electric-option">2022 Mercedes-Benz Citan compact commercial van gets redesign, electric option</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133339_jay-leno-tests-a-jeep-6x6-built-by-florida-s-apocalypse">Jay Leno tests a Jeep 6x6 built by Florida's Apocalypse</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210826-121611/ Thu, 26 Aug 2021 12:16:11 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210826-121611/ (Reuters) -The United States and allies urged Afghans to leave Kabul airport on Thursday, citing the threat of an attack by Islamic State (IS) militants, as Western troops hurry to evacuate as many people as possible before an Aug. 31 deadline.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/08/25/no-goodbye-all-girl-afghan-robotics-team?videoId=734600883&videoChannel=118169">No goodbye: All-girl Afghan robotics team flee home</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210826-081627/ Thu, 26 Aug 2021 08:16:27 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210826-081627/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/afghans-told-to-leave-kabul-airport-over-very-credible-islamic-state-threat-idUSKBN2FQ07S">Afghans told to leave Kabul airport over 'very credible' Islamic State threat</a><br></p> <hr> (Reuters) -The United States and allies urged people to move away from Kabul airport on Thursday due to the threat of a terror attack by Islamic State (IS) militants as Western troops hurry to evacuate as many people as possible before an Aug. 31 deadline.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-israel/biden-israeli-pm-seek-to-reset-relations-narrow-differences-on-iran-idUSKBN2FR0BY">Biden, Israeli PM seek to reset relations, narrow differences on Iran</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-japan-politics/japans-suga-faces-challengers-in-ruling-party-leadership-race-idUSKBN2FR074">Japan's Suga faces challengers in ruling party leadership race</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210826-041652/ Thu, 26 Aug 2021 04:16:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210826-041652/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/afghans-told-to-avoid-kabul-airport-as-islamic-state-threat-emerges-idUSKBN2FQ07S">Afghans told to avoid Kabul airport as Islamic State threat emerges</a><br></p> <hr> (Reuters) -The United States and allies urged people to move away from Kabul airport on Thursday due to the threat of an Islamic State terror attack as Western troops hurry to evacuate as many Afghans as possible before an Aug. 31 deadline.<br> https://www.whatsupup.com/blog/ideo/fleury/20210826-040614/ Thu, 26 Aug 2021 04:06:13 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210826-040614/ In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.<br> In a lawsuit filed in Colorado, Schober said the sudden disappearance of his funds in January 2018 prompted him to spend more than $10,000 hiring experts in the field of tracing cryptocurrency transactions. After months of sleuthing, his investigators identified the likely culprits: Two young men in Britain who were both minors at the time of the crime (both are currently studying computer science at U.K. universities).<br> A forensic investigation of Schober’s computer found he’d inadvertently downloaded malicious software after clicking a link posted on Reddit for a purported cryptocurrency wallet application called “Electrum Atom.” Investigators determined that the malware was bundled with the benign program, and was <a rel="noreferrer" target="_blank" href="https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-monitors-23-million-bitcoin-addresses/">designed to lie in wait for users to copy a cryptocurrency address to their computer’s temporary clipboard</a> .<br> “It seems your son has been using malware to steal money from people online,” reads the opening paragraph of the letter Schober emailed to the families. “Losing that money has been financially and emotionally devastating. He might have thought he was playing a harmless joke, but it has had serious consequences for my life.”<br> Neither of the defendants’ families are disputing the basic claim that their kids stole from Mr. Schober. Rather, they’re asserting that time has run out on Schober’s legal ability to claim a cause of action against them. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/man-robbed-of-16-bitcoin-sues-young-thieves-parents/#more-56713">Continue reading →</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210826-001841/ Thu, 26 Aug 2021 00:18:40 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210826-001841/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/08/25/technology/facebook-election-commission.html">Facebook Said to Consider Forming an Election Commission The social network has contacted academics to create a group to advise it on thorny election-related decisions, said people with knowledge of the matter. By Ryan Mac, Mike Isaac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210826-001643/ Thu, 26 Aug 2021 00:16:43 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210826-001643/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/western-nations-rush-to-complete-afghan-evacuation-before-troops-leave-idUSKBN2FQ07S">Western nations rush to complete Afghan evacuation before troops leave</a><br></p> <hr> (Reuters) -Western nations scrambled to evacuate people from Afghanistan on Wednesday but acknowledged that many Afghans who helped during two decades of war would be left behind to face an uncertain fate under the Taliban when foreign troops leave next week.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-un-staff-exclusi/exclusive-internal-u-n-document-says-taliban-threatened-beat-staff-idUSKBN2FQ1LE">Exclusive: Internal U.N. document says Taliban threatened, beat staff</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-israel/biden-to-tell-israel-pm-he-shares-alarm-over-iran-but-sticking-to-nuclear-diplomacy-idUSKBN2FQ1YP">Biden to tell Israel PM he shares alarm over Iran but sticking to nuclear diplomacy</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210826-000643/ Thu, 26 Aug 2021 00:06:42 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210826-000643/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/man-robbed-of-16-bitcoin-sues-young-thieves-parents/">Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents</a><br></p> <hr> In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for developing a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.<br> In a lawsuit filed in Colorado, Schober said the sudden disappearance of his funds in January 2018 prompted him to spend more than $10,000 hiring experts in the field of tracing cryptocurrency transactions. After months of sleuthing, his investigators identified the likely culprits: Two young men in Britain who were both minors at the time of the crime.<br> A forensic investigation of Schober’s computer found he’d inadvertently downloaded malicious software after clicking a link posted on Reddit for a purported cryptocurrency wallet application called “Electrum Atom.” Investigators determined that the malware was bundled with the benign program, and was designed to lie in wait for users to copy a cryptocurrency address to their computer’s temporary clipboard.<br> When Schober went to move approximately 16.4 bitcoins from one account to another — by pasting the lengthy payment address he’d just copied — the malware replaced his bitcoin payment address with a different address controlled by the young men.<br> Schober’s lawsuit lays out how his investigators traced the stolen funds through cryptocurrency exchanges and on to the two youths in the United Kingdom. In addition, they found one of the defendants — just hours after Schober’s bitcoin was stolen — had posted a message to GitHub asking for help accessing the private key corresponding to the public key of the bitcoin address used by the clipboard-stealing malware.<br> Investigators found the other defendant had the malware code that was bundled with the Electrum Atom application in his Github code library.<br> Initially, Schober hoped that the parents of the thieving teens would listen to reason, and simply return the money. So he wrote a letter to the parents of both boys:<br> “It seems your son has been using malware to steal money from people online,” reads the opening paragraph of the letter Schober emailed to the parents of the boys, both of whom are studying computer science at U.K. universities. “Losing that money has been financially and emotionally devastating. He might have thought he was playing a harmless joke, but it has had serious consequences for my life.”<br> A portion of the letter than Schober sent to two of the defendants in 2018, after investigators determined their sons were responsible for stealing nearly $1 million in cryptocurrency from Schober.<br> Met with continued silence from the parents for many months, Schober filed suit against the kids and their parents in a Colorado court. A copy of the May 2021 complaint is <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2021/08/schobervthompson.pdf">here</a> (PDF).<br> Now they are responding. One of the defendants — Hazel D. Wells — just <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2021/08/pro-se-wells.pdf">filed a motion</a> with the court to represent herself and her son in lieu of hiring an attorney. In a filing on Aug. 9, Wells helpfully included the letter in the screenshot above, and volunteered that her son had been questioned by U.K. authorities in connection with the bitcoin theft.<br> Neither of the defendants’ families are disputing the basic claim that their kids stole from Mr. Schober. Rather, they’re claiming that time has run out on Schober’s legal ability to claim a cause of action against them. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/man-robbed-of-16-bitcoin-sues-young-thieves-parents/#more-56713">Continue reading →</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210825-201623/ Wed, 25 Aug 2021 20:16:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210825-201623/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/western-nations-race-to-complete-afghan-evacuation-just-days-before-deadline-idUSKBN2FQ07S">Western nations race to complete Afghan evacuation just days before deadline</a><br></p> <hr> (Reuters) -Western nations rushed to evacuate people from Afghanistan on Wednesday with less than a week left until all foreign troops leave, acknowledging that many Afghans who helped them will be left behind to an uncertain fate under the Taliban.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-china/china-criticises-u-s-scapegoating-as-covid-origin-report-to-be-released-idUSKBN2FQ0SO">China criticises U.S. 'scapegoating' as COVID origin report to be released</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210825-161944/ Wed, 25 Aug 2021 16:19:44 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210825-161944/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133356_2023-bmw-alpina-b4-gran-coupe-spy-shots">2023 BMW Alpina B4 Gran Coupe spy shots</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133354_flagship-lucid-air-dream-edition-will-offer-performance-grade-with-1-111-hp">Flagship Lucid Air Dream Edition will offer Performance grade with 1,111 hp</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131813_2022-toyota-gr86-2023-chevrolet-corvette-z06-hennessey-venom-f5-this-week-s-top-photos">2022 Toyota GR86, 2023 Chevrolet Corvette Z06, Hennessey Venom F5: This Week's Top Photos</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210825-161817/ Wed, 25 Aug 2021 16:18:16 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210825-161817/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/08/25/style/onlyfans-ban-reversed.html">OnlyFans Reverses Its Decision to Ban Explicit Content Many of the platform’s stars felt the sting of being turned away by a business they helped build. By Jacob Bernstein</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210825-161621/ Wed, 25 Aug 2021 16:16:21 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210825-161621/ Delta to add $200 monthly health insurance charge for unvaccinated staff <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/aerospace-defense/delta-add-200-monthly-health-insurance-charge-unvaccinated-staff-2021-08-25/">VIEW MORE</a><br> Western nations rushed to evacuate people from Afghanistan on Wednesday as the Aug. 31 deadline for the withdrawal of foreign troops drew closer and fears grew that many could be left behind to an uncertain fate under the country's new Taliban rulers.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-appointments/taliban-appoint-senior-veterans-to-key-ministerial-posts-idUSKBN2FQ145">Taliban appoint senior veterans to key ministerial posts</a><br> https://www.whatsupup.com/blog/underpeopled/multichannel/20210825-161619/ Wed, 25 Aug 2021 16:16:19 +0000 https://www.whatsupup.com/blog/underpeopled/multichannel/20210825-161619/ <a rel="noreferrer" target="_blank" href="https://github.blog/2021-08-25-2021-transparency-report-january-to-june/">2021 Transparency Report: January to June</a><br></p> <hr> We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve added more granularity to our 2020 stats.<br> https://www.whatsupup.com/blog/glooming/wrackful/20210825-160705/ Wed, 25 Aug 2021 16:07:05 +0000 https://www.whatsupup.com/blog/glooming/wrackful/20210825-160705/ <a rel="noreferrer" target="_blank" href="https://robertheaton.com/bumble-vulnerability/">Vulnerability in Bumble dating app reveals any user's exact location</a><br></p> <hr> 25 Aug 2021<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210825-122007/ Wed, 25 Aug 2021 12:20:07 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210825-122007/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132752_2022-subaru-wrx-to-debut-sept-10">2022 Subaru WRX to debut Sept. 10</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210825-121621/ Wed, 25 Aug 2021 12:16:21 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210825-121621/ <p>Toshiba in talks with four investment firms for strategic ideas: sources <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology/exclusive-toshiba-talks-with-four-investment-firms-strategic-ideas-sources-2021-08-25/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/western-nations-race-to-complete-afghan-evacuation-as-deadline-looms-idUSKBN2FQ07S">Western nations race to complete Afghan evacuation as deadline looms</a><br></p> <hr> Western nations rushed to complete the evacuation of thousands of people from Afghanistan on Wednesday as the Aug. 31 deadline for the withdrawal of foreign troops drew closer with no sign that the country's new Taliban rulers might allow an extension.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-harris-china/u-s-china-accuse-each-other-of-bullying-nations-idUSKBN2FQ07G">U.S., China accuse each other of 'bullying' nations</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-counterterro/after-taliban-takeover-concerns-mount-over-u-s-counterterrorism-ability-idUSKBN2FQ0XU">After Taliban takeover, concerns mount over U.S. counterterrorism ability</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210825-041656/ Wed, 25 Aug 2021 04:16:56 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210825-041656/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/afghanistan-faces-humanitarian-crisis-as-airlift-deadline-looms-idUSKBN2FQ07S">Afghanistan faces humanitarian crisis as airlift deadline looms</a><br></p> <hr> Afghanistan's neighbours should open their land borders to allow more people to leave, a NATO country diplomat said on Wednesday, as aid agencies warned of a looming humanitarian crisis under the new Taliban rulers.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-harris-china/china-state-media-says-u-s-vp-harris-seeking-to-divide-asia-idUSKBN2FQ07G">China state media says U.S. VP Harris seeking to divide Asia</a><br> https://www.whatsupup.com/blog/boxed/modification/20210825-041417/ Wed, 25 Aug 2021 04:14:17 +0000 https://www.whatsupup.com/blog/boxed/modification/20210825-041417/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#knuth">knuth</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#puzzles">puzzles</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#typography">typography</a><br> My lovely wife and I have just moved house, and while boxing up the contents of my desk I ran across physical paper copies of two weakly themed crosswords I made in 2011. Might as well immortalize them in the digital realm…<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210825-002056/ Wed, 25 Aug 2021 00:20:56 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210825-002056/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133344_2022-porsche-taycan-price-specs-review-photos-info">Preview: 2022 Porsche Taycan brings more tech, personalization</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210825-001715/ Wed, 25 Aug 2021 00:17:14 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210825-001715/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/biden-pushes-for-aug-31-afghanistan-pullout-as-threat-of-attacks-rise-idUSKBN2FP06G">Biden pushes for Aug. 31 Afghanistan pullout as threat of attacks rise</a><br></p> <hr> (Reuters) -U.S. President Joe Biden said on Tuesday the United States is on pace to finish evacuations from Afghanistan by Aug. 31, but left open the chance of the deadline being extended, saying reaching that goal is dependent on continued cooperation from the country's new Taliban rulers.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-evacuation-e/explainer-what-happens-after-bidens-evacuation-force-leaves-afghanistan-idUSKBN2FP23B">Explainer-What happens after Biden's evacuation force leaves Afghanistan?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-harris-vietnam/u-s-vp-harris-forges-on-with-vietnam-trip-despite-mystery-health-incident-idUSKBN2FP141">U.S. VP Harris forges on with Vietnam trip despite mystery 'health incident'</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210824-202010/ Tue, 24 Aug 2021 20:20:09 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210824-202010/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133259_2024-land-rover-range-rover-sport-svr-spy-shots-video">2024 Land Rover Range Rover Sport SVR spy shots and video: High-performance crossover takes shape</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210824-201641/ Tue, 24 Aug 2021 20:16:41 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210824-201641/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/biden-aims-for-aug-31-afghanistan-pullout-as-risk-of-attacks-rises-idUSKBN2FP06G">Biden aims for Aug. 31 Afghanistan pullout as risk of attacks rises</a><br></p> <hr> (Reuters) -Afghanistan's new Taliban rulers said on Tuesday all foreign evacuations from the country must be completed by Aug. 31, and the White House said U.S. President Joe Biden is aiming to stick to the date due to the mounting threat of militant attacks.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-pentagon/u-s-on-pace-to-complete-afghan-pullout-by-aug-31-biden-told-g7-idUSKBN2FP1CO">U.S. on pace to complete Afghan pullout by Aug 31, Biden told G7</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-harris-vietnam/u-s-vp-harris-pushes-ahead-with-vietnam-trip-despite-mystery-health-incident-idUSKBN2FP141">U.S. VP Harris pushes ahead with Vietnam trip despite mystery 'health incident'</a><br> https://www.whatsupup.com/blog/augur/cussed/20210824-200800/ Tue, 24 Aug 2021 20:08:00 +0000 https://www.whatsupup.com/blog/augur/cussed/20210824-200800/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/eight-educational-communities-to-further-your-field-of-study-7839d0ca8dea?source=collection_home---4------0-----------------------">Eight Educational Communities To Further Your Field of Study</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/eight-educational-communities-to-further-your-field-of-study-7839d0ca8dea?source=collection_home---4------0-----------------------">Eight Educational Communities To Further Your Field of Study Whether you’re looking to ace a class or dive into a new hobby, these eight communities can help you master your field of interest.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210824-161956/ Tue, 24 Aug 2021 16:19:56 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210824-161956/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1023683_2023-aston-martin-vantage-v12-rs-spy-shots">2023 Aston Martin Vantage V12 RS spy shots: Hardcore variant to top updated range</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210824-161613/ Tue, 24 Aug 2021 16:16:13 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210824-161613/ <p>Reuters photographer was killed after being left behind in retreat, Afghan general says <a rel="noreferrer" target="_blank" href="https://www.reuters.com/investigates/special-report/afghanistan-conflict-reuters-siddiqui/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-says-no-evacuation-extension-as-g7-meets-on-afghan-crisis-idUSKBN2FP06G">Taliban says no evacuation extension as G7 meets on Afghan crisis</a><br></p> <hr> Afghanistan's new Taliban rulers said on Tuesday they wanted all foreign evacuations from the country completed by an Aug. 31 deadline and they would not agree to an extension.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-deadline/biden-agrees-with-pentagon-recommendation-to-stick-to-aug-31-afghan-pullout-deadline-source-idUSKBN2FP1F8">Biden agrees with Pentagon recommendation to stick to Aug 31 Afghan pullout deadline – source</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-cia/cia-director-met-taliban-leader-in-afghanistan-on-monday-sources-idUSKBN2FP0S4">CIA director met Taliban leader in Afghanistan on Monday -sources</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210824-160738/ Tue, 24 Aug 2021 16:07:38 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210824-160738/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/retool-for-startups/">Retool for Startups: Early-stage startups can now build internal tools for free Focus on building your core product, not custom internal tools. Early-stage startups now get a free year of Retool.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210824-121849/ Tue, 24 Aug 2021 12:18:49 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210824-121849/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1125663_2022-mazda-mx-30-price-specs-review-photos-info">Preview: 2022 Mazda MX-30 electric crossover priced from $34,645, limited to California</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133173_lamborghini-miura-originally-owned-by-a-19-year-old-student-sells-for-almost-2-1m">Lamborghini Miura originally owned by a 19-year-old student sells for almost $2.1M</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133337_land-rover-range-rover-sport-svr-ultimate-edition-bows-with-bespoke-touches">Land Rover Range Rover Sport SVR Ultimate Edition bows with bespoke touches</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133269_jay-leno-drives-a-talbot-lago-that-was-lost-for-nearly-60-years">Jay Leno drives a Talbot-Lago that was lost for nearly 60 years</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210824-121529/ Tue, 24 Aug 2021 12:15:29 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210824-121529/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/afghan-evacuation-on-war-footing-as-g7-meets-on-pullout-deadline-idUSKBN2FP06G">Afghan evacuation on 'war footing' as G7 meets on pullout deadline</a><br></p> <hr> Western forces at Kabul airport worked frantically on Tuesday to get people out of Afghanistan before an Aug. 31 deadline, as U.S. President Joe Biden faced growing pressure to negotiate more time for the airlift of thousands trying to flee.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-china-fentanyl-exclusive/exclusive-limited-chinese-cooperation-hindering-u-s-fentanyl-fight-congress-report-idUSKBN2FP0QM">Exclusive: Limited Chinese cooperation hindering U.S. fentanyl fight -congress report</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-cia/cia-director-met-taliban-leader-in-afghanistan-on-monday-reports-idUSKBN2FP0S4">CIA director met Taliban leader in Afghanistan on Monday - reports</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210824-081546/ Tue, 24 Aug 2021 08:15:46 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210824-081546/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/afghan-evacuation-on-war-footing-as-g7-meets-on-taliban-deadline-idUSKBN2FP06G">Afghan evacuation on 'war footing' as G7 meets on Taliban deadline</a><br></p> <hr> Western countries worked at a "war-footing pace" on Tuesday to get people out of Afghanistan, a NATO country diplomat said, as U.S. President Joe Biden looked set to come under pressure from other G7 leaders to seek more time to complete the airlift.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-harris-singapore/u-s-vp-harris-says-china-intimidates-to-back-south-china-sea-claims-idUSKBN2FP053">U.S. VP Harris says China intimidates to back South China Sea claims</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-engagement/taliban-rule-presents-aid-agencies-with-moral-fiscal-dilemma-idUSKBN2FP09C">Taliban rule presents aid agencies with moral, fiscal dilemma</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210824-041642/ Tue, 24 Aug 2021 04:16:41 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210824-041642/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/g7-to-meet-on-afghanistan-deadline-taliban-recognition-idUSKBN2FP06G">G7 to meet on Afghanistan deadline, Taliban recognition</a><br></p> <hr> Leaders of the Group of Seven countries were set to discuss on Tuesday whether to seek an extension to a Aug. 31 deadline for the evacuation of thousands of people trying to flee Afghanistan and whether to recognise or sanction a Taliban government.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-g7-leaders/g7-leaders-plan-to-pledge-unity-on-taliban-recognition-sanctions-sources-idUSKBN2FO1S8">G7 leaders plan to pledge unity on Taliban recognition, sanctions -sources</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-japan-politics/japan-ldp-executive-nikai-says-he-backs-pm-suga-for-party-chief-idUSKBN2FP049">Japan LDP executive Nikai says he backs PM Suga for party chief</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210824-001827/ Tue, 24 Aug 2021 00:18:27 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210824-001827/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/08/23/espanol/facebook-workrooms-realidad-virtual.html">La nueva apuesta de Facebook por la realidad virtual: salas de conferencias La pandemia renovó el interés por la realidad virtual. Facebook intenta sacar provecho con un nuevo servicio de salas de reuniones. By Mike Isaac</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/08/19/technology/facebooks-new-bet-on-virtual-reality-conference-rooms.html">Read in English</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/08/23/espanol/facebook-workrooms-realidad-virtual.html">Leer en español</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210824-001627/ Tue, 24 Aug 2021 00:16:26 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210824-001627/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/biden-expected-to-decide-within-24-hours-on-afghan-evacuation-deadline-idUSKBN2FO0CM">Biden expected to decide within 24 hours on Afghan evacuation deadline</a><br></p> <hr> KABUL/WASHINGTON (Reuters) -With thousands of desperate Afghans and foreigners massed at Kabul's airport in the hope of fleeing Afghanistan's new Taliban rulers, U.S. President Joe Biden is expected to decide as soon as Tuesday on whether to extend an Aug. 31 deadline to airlift Americans and their allies to safety.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-g7/other-g7-leaders-to-press-biden-to-extend-kabul-evacuation-deadline-idUSKBN2FO1Y6">Other G7 leaders to press Biden to extend Kabul evacuation deadline</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210823-201535/ Mon, 23 Aug 2021 20:15:35 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210823-201535/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/allies-step-up-pressure-on-biden-amid-kabul-evacuation-chaos-idUSKBN2FO0CM">Allies step up pressure on Biden amid Kabul evacuation chaos</a><br></p> <hr> KABUL/WASHINGTON (Reuters) -With thousands of desperate Afghans and foreigners crowding into Kabul airport in the hope of fleeing Afghanistan's new Taliban rulers, pressure grew on U.S. President Joe Biden on Monday to extend the deadline for the evacuation operation.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/they-are-hungry-haiti-quake-survivors-fear-for-childrens-future-idUSKBN2FO138">'They are hungry': Haiti quake survivors fear for children's future</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210823-161907/ Mon, 23 Aug 2021 16:19:07 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210823-161907/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133325_2022-volkswagen-jetta-gli-price-specs-review-photos-info">Preview: 2022 Volkswagen Jetta GLI receives minor refresh</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210823-161555/ Mon, 23 Aug 2021 16:15:55 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210823-161555/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/amid-kabul-evacuation-chaos-biden-under-pressure-to-extend-deadline-idUSKBN2FO0CM">Amid Kabul evacuation chaos, Biden under pressure to extend deadline</a><br></p> <hr> With thousands of desperate Afghans and foreigners crowding into Kabul's airport in the hope of fleeing Afghanistan's new Taliban rulers, pressure grew on U.S. President Joe Biden on Monday to extend the deadline for the evacuation operation.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-belarus-politics-lawyers-insight/belarus-tightens-grip-on-lawyers-idUSKBN2FO0RZ">Belarus tightens grip on lawyers</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-greatgame-analys/analysis-china-pakistan-india-jockey-for-position-in-afghanistans-new-great-game-idUSKBN2FO0VC">Analysis: China, Pakistan, India jockey for position in Afghanistan's new Great Game</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210823-121912/ Mon, 23 Aug 2021 12:19:12 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210823-121912/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133321_2021-24-hours-of-le-mans-results-toyota">Toyota secures 4th-straight Le Mans victory</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132522_can-synthetic-fuels-save-the-combustion-engine">Can synthetic fuels save the combustion engine?</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210823-121745/ Mon, 23 Aug 2021 12:17:45 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210823-121745/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/subscription/games?campaignId=79FKF">Get Games for $40/year</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/by/mike-isaac">Log In</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/subscription/games?campaignId=79FKF">Get Games for $40/year</a><br> https://www.whatsupup.com/blog/glooming/wrackful/20210823-120702/ Mon, 23 Aug 2021 12:07:02 +0000 https://www.whatsupup.com/blog/glooming/wrackful/20210823-120702/ <a rel="noreferrer" target="_blank" href="https://robertheaton.com/archive">View full archive</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210823-081552/ Mon, 23 Aug 2021 08:15:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210823-081552/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/germany-says-firefight-involving-western-forces-erupts-at-kabul-airport-idUSKBN2FO0CM">Germany says firefight involving Western forces erupts at Kabul Airport</a><br></p> <hr> A firefight broke out between unidentified gunmen, Western security forces and Afghan guards at Kabul airport on Monday, Germany's armed forces said, as thousands of Afghans and foreigners thronged the airport, seeking to flee Taliban rule.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-harris-singapore/kamala-harris-says-u-s-focus-on-afghan-evacuations-pledges-open-south-china-sea-idUSKBN2FN0JS">Kamala Harris says U.S. focus on Afghan evacuations, pledges open South China Sea</a><br> https://www.whatsupup.com/blog/canton/ricketier/20210823-081200/ Mon, 23 Aug 2021 08:11:59 +0000 https://www.whatsupup.com/blog/canton/ricketier/20210823-081200/ <a rel="noreferrer" target="_blank" href="https://mango.pdf.zone/i-give-you-feedback-on-your-blog-post-draft-but-you-dont-send-it-to-me">I give you feedback on your blog post draft but you don't send it to me</a><br></p> <hr> That simply will not be necessary.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210823-041632/ Mon, 23 Aug 2021 04:16:32 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210823-041632/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-japan-politics-suga-analysis/analysis-risks-of-party-revolt-grow-for-japans-pm-suga-after-local-poll-loss-idUSKBN2FO07M">Analysis-Risks of party revolt grow for Japan's PM Suga after local poll loss</a><br></p> <hr> Unpopular Japanese Prime Minister Yoshihide Suga looks increasingly vulnerable to a challenge from within his party for the nation's top job after an ally's defeat in a local election on Sunday seen as a referendum on Suga's COVID-19 response.<br> https://www.whatsupup.com/blog/phonic/shopboy/20210823-041109/ Mon, 23 Aug 2021 04:11:08 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210823-041109/ Correction, no show tomorrow 8/23, but we'll be back soon and will use the questions from this round then! <a rel="noreferrer" target="_blank" href="https://t.co/gRt5jMIYlS"><a href="https://t.co/gRt5jMIYlS">https://t.co/gRt5jMIYlS</a></a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210823-001602/ Mon, 23 Aug 2021 00:16:02 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210823-001602/ <p>U.S. has 'unwavering commitment' to get its citizens and at-risk Afghans out of Afghanistan, President Biden says <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific/taliban-fire-air-control-crowd-kabul-airport-2021-08-22/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-harris-singapore/kamala-harris-visits-singapore-to-deepen-ties-counter-chinas-influence-idUSKBN2FN0JS">Kamala Harris visits Singapore to deepen ties, counter China's influence</a><br></p> <hr> U.S. Vice President Kamala Harris will meet Singapore's leaders on Monday on the first working day of a trip to Southeast Asia aimed at bolstering ties as part of Washington's efforts to counter China's growing influence.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/everyone-was-crying-grieving-haitians-bury-their-dead-a-week-after-quake-idUSKBN2FN05D">'Everyone was crying': Grieving Haitians bury their dead a week after quake</a><br> https://www.whatsupup.com/blog/sited/implore/20210823-001546/ Mon, 23 Aug 2021 00:15:45 +0000 https://www.whatsupup.com/blog/sited/implore/20210823-001546/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/subscription/cooking?campaignId=79FKF">Get NYT Cooking for $1.25/week</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/by/cecilia-kang">Log In</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/subscription/cooking?campaignId=79FKF">Get NYT Cooking for $1.25/week</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210822-201611/ Sun, 22 Aug 2021 20:16:10 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210822-201611/ <p>MARCELINE, Haiti (Reuters) -Families gathered in villages in southwestern Haiti this weekend to hold church and funeral services a week after an earthquake battered the region, killing more than 2,200 people and destroying tens of thousands of buildings.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-spain-basketball/in-spain-afghan-basketball-star-fears-for-the-country-she-has-left-idUSKBN2FN0F8">In Spain, Afghan basketball star fears for the country she has left</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-shortage/rising-prices-shuttered-banks-add-to-misery-for-kabul-idUSKBN2FN0FS">Rising prices, shuttered banks add to misery for Kabul</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210822-161615/ Sun, 22 Aug 2021 16:16:14 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210822-161615/ <p>Biden administration to use commercial airlines to carry Afghan evacuees <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/biden-administration-use-commercial-airlines-carry-afghan-evacuees-2021-08-22/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-beat-back-crowd-at-kabul-airport-after-seven-killed-in-crush-idUSKBN2FN02D">Taliban beat back crowd at Kabul airport after seven killed in crush</a><br></p> <hr> KABUL (Reuters) -The Taliban fired in the air and used batons to force people desperate to flee Afghanistan to form orderly queues outside Kabul airport on Sunday, witnesses said, a day after seven people were killed in a crush at the gates.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/everyone-was-crying-grieving-haitians-bury-their-dead-a-week-after-quake-idUSKBN2FN05D">'Everyone was crying': grieving Haitians bury their dead a week after quake</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/he-never-stood-a-chance-the-fateful-downfall-of-haitis-president-idUSKBN2FN06J">'He never stood a chance': the fateful downfall of Haiti's president</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210822-121525/ Sun, 22 Aug 2021 12:15:24 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210822-121525/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-fire-in-the-air-to-control-crowd-at-kabul-airport-idUSKBN2FN02D">Taliban fire in the air to control crowd at Kabul airport</a><br></p> <hr> KABUL (Reuters) -The Taliban fired in the air and used batons to make people line up in orderly queues outside Kabul airport on Sunday, witnesses said, a day after seven people were killed in a crush at the gates.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/im-distraught-grieving-haitians-bury-their-dead-a-week-after-quake-idUSKBN2FN05D">"I'm distraught": grieving Haitians bury their dead a week after quake</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210822-081610/ Sun, 22 Aug 2021 08:16:10 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210822-081610/ KABUL (Reuters) -Afghanistan's new Taliban rulers imposed some order around chaotic Kabul airport on Sunday, firing in the air and using batons to make sure people formed orderly queues outside the main gates and did not gather at the perimeter, witnesses said.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-japan-olympics/tokyo-weighs-use-of-olympic-venues-as-temporary-medical-facilities-paper-idUSKBN2FN046">Tokyo weighs use of Olympic venues as temporary medical facilities -paper</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210822-041628/ Sun, 22 Aug 2021 04:16:28 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210822-041628/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-impose-some-order-around-kabul-airport-witnesses-idUSKBN2FN02D">Taliban impose some order around Kabul airport - witnesses</a><br></p> <hr> Afghanistan's new Taliban rulers imposed some order around chaotic Kabul airport on Sunday, making sure people formed orderly queues outside the main gates and not allowing crowds to gather at the perimeter, witnesses said.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/australian-pm-morrison-defends-lockdown-strategy-as-daily-cases-hit-record-idUSKBN2FN00F">Australian PM Morrison defends lockdown strategy as daily cases hit record</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210822-001639/ Sun, 22 Aug 2021 00:16:39 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210822-001639/ <p>Afghans speak of despair, uncertainty after evacuation to Qatar <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/afghans-speak-despair-uncertainty-after-evacuation-qatar-2021-08-21/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-qatar/afghans-speak-of-despair-uncertainty-after-evacuation-to-qatar-idUSKBN2FM0FT">Afghans speak of despair, uncertainty after evacuation to Qatar</a><br></p> <hr> Afghans who fled their country this week have spoken about their despair at leaving loved ones behind and the uncertain future ahead of them after the Taliban's rapid takeover.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-palestinians-gaza/israeli-aircraft-strike-hamas-sites-in-gaza-after-border-clashes-idUSKBN2FM0F9">Israeli aircraft strike Hamas sites in Gaza after border clashes</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210821-201607/ Sat, 21 Aug 2021 20:16:07 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210821-201607/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-palestinians-gaza/two-palestinians-israeli-soldier-seriously-injured-in-gaza-crossfire-idUSKBN2FM0F9">Two Palestinians, Israeli soldier seriously injured in Gaza crossfire</a><br></p> <hr> An Israeli soldier and two Palestinians, including a 13-year-old boy, were seriously injured in cross-border fire along the Gaza border on Saturday that wounded 39 other Palestinians, officials said.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/u-s-germany-advise-against-travel-to-kabul-airport-amid-evacuation-chaos-idUSKBN2FM02V">U.S., Germany advise against travel to Kabul airport amid evacuation chaos</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210821-161543/ Sat, 21 Aug 2021 16:15:42 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210821-161543/ <p>'How confident are you?': Taliban PR offensive falters as Kabul turmoil mounts <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific/kabul-turmoil-mounts-talibans-pr-offensive-falters-2021-08-21/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/u-s-urges-americans-to-keep-clear-of-kabul-airport-as-crowd-chaos-grows-idUSKBN2FM02V">U.S. urges Americans to keep clear of Kabul airport as crowd chaos grows</a><br></p> <hr> KABUL (Reuters) -The United States advised Americans in Afghanistan to avoid travelling to Kabul airport on Saturday as thousands gathered trying to flee the country almost a week after the Islamist militants took control.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-taliban-communic/as-kabul-turmoil-mounts-talibans-pr-offensive-falters-idUSKBN2FM097">As Kabul turmoil mounts, Taliban's PR offensive falters</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/haiti-faces-anger-and-despair-a-week-after-quake-fanning-security-fears-idUSKBN2FM06R">Haiti faces anger and despair a week after quake, fanning security fears</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210821-121858/ Sat, 21 Aug 2021 12:18:58 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210821-121858/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133306_eluminator-is-ford-s-electric-crate-motor">Eluminator is Ford's electric crate motor</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210821-121516/ Sat, 21 Aug 2021 12:15:16 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210821-121516/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/anger-and-despair-rise-in-haiti-one-week-after-devastating-quake-idUSKBN2FM06R">Anger and despair rise in Haiti, one week after devastating quake</a><br></p> <hr> Tensions in Haiti were rising on Saturday, one week after a devastating earthquake that killed more than 2,000 people, as scant aid has arrived in the remote regions of the impoverished Caribbean nation that were hit hardest.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-co-founder-arrives-in-kabul-to-hammer-out-new-government-as-airport-chaos-grows-idUSKBN2FM02V">Taliban co-founder arrives in Kabul to hammer out new government as airport chaos grows</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210821-081538/ Sat, 21 Aug 2021 08:15:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210821-081538/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-vow-to-be-accountable-probe-reports-of-afghanistan-reprisals-idUSKBN2FM02V">Taliban vow to be accountable, probe reports of Afghanistan reprisals</a><br></p> <hr> KABUL (Reuters) -The Taliban will be accountable for its actions and will investigate reports of reprisals and atrocities carried out by members, an official of the Islamist militant group told Reuters on Saturday.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/police-arrest-hundreds-of-protesters-as-australia-reports-record-covid-19-cases-idUSKBN2FM00Q">Police arrest hundreds of protesters as Australia reports record COVID-19 cases</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-malaysia-politics/malaysias-new-pm-takes-office-amid-mounting-health-crisis-idUSKBN2FM055">Malaysia's new PM takes office amid mounting health crisis</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210821-041611/ Sat, 21 Aug 2021 04:16:11 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210821-041611/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-china-ambassador/in-shift-biden-taps-career-diplomat-not-politician-for-ambassador-to-china-idUSKBN2FL23M">In shift, Biden taps career diplomat, not politician, for ambassador to China</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/australia-reports-record-covid-19-cases-as-police-block-sydney-protest-idUSKBN2FM00Q">Australia reports record COVID-19 cases as police block Sydney protest</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20210821-041446/ Sat, 21 Aug 2021 04:14:45 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210821-041446/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-02279-y">Home seismometers provide crucial data on Haiti’s quake</a><br></p> <hr> A volunteer network helps to monitor aftershocks and illuminate the country’s earthquake hazards.<br> https://www.whatsupup.com/blog/playacted/rededication/20210821-001745/ Sat, 21 Aug 2021 00:17:44 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210821-001745/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/08/20/technology/facebook-popular-posts.html">Facebook, Fearing Public Outcry, Shelved Earlier Report on Popular Posts The company praised itself this week for being “the most transparent platform on the internet.” By Davey Alba and Ryan Mac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210821-001607/ Sat, 21 Aug 2021 00:16:07 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210821-001607/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/west-struggles-with-afghanistan-chaos-biden-again-defends-withdrawal-idUSKBN2FL0CL">West struggles with Afghanistan chaos, Biden again defends withdrawal</a><br></p> <hr> KABUL/WASHINGTON (Reuters) -Chaos around the Kabul airport was so bad this week that the U.S. military was forced to use three helicopters to transport 169 Americans into the complex from a building just 200 meters (656 feet) away, the Pentagon said on Friday.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-crisis-usa-europe-flights/u-s-says-a-dozen-countries-to-let-kabul-evacuation-flights-transit-idUSKBN2FL1OF">U.S. says a dozen countries to let Kabul evacuation flights transit</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210821-001041/ Sat, 21 Aug 2021 00:10:41 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210821-001041/ Ben Horowitz @bhorowitz and I will be back with our Clubhouse @Clubhouse show, "One On One with A & Z", Monday, August 23 at 7:00 PM PST. Brought to you by the Lambda Variant. Please suggest great questions for us to answer by replying to this tweet!<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210820-201847/ Fri, 20 Aug 2021 20:18:47 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210820-201847/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133309_2022-ford-explorer-st-aims-for-enthusiasts-with-rear-wheel-drive-option">2022 Ford Explorer ST aims for enthusiasts with rear-wheel-drive option</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133248_mercedes-benz-cancels-v-8-models-in-us-for-2022-except-s-class">Mercedes-Benz cancels V-8 models in US for 2022 except S-Class</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210820-201534/ Fri, 20 Aug 2021 20:15:33 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210820-201534/ <p>Cowering in the bathroom: Some Afghans dread the Taliban knock at the door <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific/cowering-bathroom-some-afghans-dread-taliban-knock-door-2021-08-20/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/biden-again-defends-u-s-pullout-as-world-powers-struggle-with-afghanistan-evacuations-idUSKBN2FL0CL">Biden again defends U.S. pullout as world powers struggle with Afghanistan evacuations</a><br></p> <hr> KABUL/WASHINGTON (Reuters) -World powers struggled on Friday to hasten evacuations from Afghanistan after reports of Taliban reprisals, as U.S. President Joe Biden insisted that the chaos following the American troop withdrawal had not diminished Washington's international credibility.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-crisis-usa-europe-flights/exclusive-u-s-set-to-expand-evacuation-from-kabul-to-europe-officials-idUSKBN2FL1OF">Exclusive-U.S. set to expand evacuation from Kabul to Europe- officials</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-backlash/cowering-in-the-bathroom-some-afghans-dread-the-taliban-knock-at-the-door-idUSKBN2FL1ZL">Cowering in the bathroom: Some Afghans dread the Taliban knock at the door</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/08/20/greta-thunberg-celebrates-protest-annive?videoId=734403922&videoChannel=118169">Greta Thunberg celebrates protest anniversary</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210820-161933/ Fri, 20 Aug 2021 16:19:33 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210820-161933/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133308_2022-ford-mustang-and-mustang-mach-e-get-white-on-white-styling-packs">2022 Ford Mustang and Mustang Mach-E get white-on-white styling packs</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131251_2022-genesis-g90-spy-shots-video">2022 Genesis G90 spy shots and video: Redesigned flagship sedan in the works</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210820-161605/ Fri, 20 Aug 2021 16:16:04 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210820-161605/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/facing-backlash-over-chaos-foreign-powers-try-to-speed-afghanistan-exodus-idUSKBN2FL0CL">Facing backlash over chaos, foreign powers try to speed Afghanistan exodus</a><br></p> <hr> KABUL (Reuters) -Foreign powers sought to hasten evacuations from Afghanistan on Friday after reports of Taliban reprisals, including against people who had worked with U.S.-led forces or the previous Western-backed government.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-crisis-usa-europe-flights/exclusive-u-s-set-to-expand-evacuation-flights-from-kabul-to-europe-officials-idUSKBN2FL1OF">Exclusive-U.S. set to expand evacuation flights from Kabul to Europe- officials</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/aid-struggles-to-reach-remote-areas-of-haiti-quake-zone-idUSKBN2FL1FT">Aid struggles to reach remote areas of Haiti quake zone</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210820-121933/ Fri, 20 Aug 2021 12:19:33 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210820-121933/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133302_2022-infiniti-qx80-price-specs-review-photos-info">Preview: 2022 Infiniti QX80 arrives with new infotainment screen</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133107_2022-subaru-forester-wilderness-teased-debuts-sept-9">2022 Subaru Forester Wilderness teased, debuts Sept. 9</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133198_tom-cruise-s-old-1986-porsche-911-targa-is-for-sale">Tom Cruise's old 1986 Porsche 911 Targa sells for $86,000</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1101279_2023-land-rover-defender-130-spy-shots">2023 Land Rover Defender 130 spy shots: 8-seater SUV on the way</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1125819_2023-nissan-z-2022-lincoln-navigator-2022-mercedes-benz-c-class-all-terrain-today-s-car-news">2023 Nissan Z, 2022 Lincoln Navigator, 2022 Mercedes-Benz C-Class All-Terrain: Today's Car News</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210820-121604/ Fri, 20 Aug 2021 12:16:03 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210820-121604/ <p>Exclusive: FBI finds scant evidence U.S. Capitol attack was coordinated <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/exclusive-fbi-finds-scant-evidence-us-capitol-attack-was-coordinated-sources-2021-08-20/">VIEW MORE</a><br> KABUL (Reuters) -More than 18,000 people have been flown out of Kabul since the Taliban took over Afghanistan's capital, a NATO official said on Friday, pledging to redouble evacuation efforts as criticism of the West's handling of the crisis intensified.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-britain-raab/uks-raab-defends-afghanistan-crisis-response-after-criticism-idUSKBN2FL16J">UK's Raab defends Afghanistan crisis response after criticism</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-immigration-deportations/migrants-left-high-and-dry-at-guatemala-border-after-deportations-from-mexico-u-s-idUSKBN2FL15P">Migrants left high and dry at Guatemala border after deportations from Mexico, U.S</a><br> https://www.whatsupup.com/blog/stratification/pride/20210820-121546/ Fri, 20 Aug 2021 12:15:45 +0000 https://www.whatsupup.com/blog/stratification/pride/20210820-121546/ Why are you reporting this ad?<br> Please make a selection.<br> Plays sound<br> Contains adult content<br> Covers the page<br> Other<br> Additional Information<br> Please help us by describing the ad.<br> Only 500 characters are allowed.<br> Report ad<br> Thank you for letting us know.<br> Powered by<br> ×<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210820-081846/ Fri, 20 Aug 2021 08:18:46 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210820-081846/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133301_tesla-bot-ai-controlled-humanoid-robot-revealed">Tesla Bot: AI-controlled humanoid robot revealed</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133220_lamborghini-countach-2022-toyota-tundra-2022-acura-nsx-type-s-the-week-in-reverse">Lamborghini Countach, 2022 Toyota Tundra, 2022 Acura NSX Type-S: The Week In Reverse</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133237_2022-cadillac-ct5-v-blackwing-2022-ford-gt-2023-alfa-romeo-tonale-this-week-s-top-photos">2022 Cadillac CT5-V Blackwing, 2022 Ford GT, 2023 Alfa Romeo Tonale: This Week's Top Photos</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210820-081546/ Fri, 20 Aug 2021 08:15:46 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210820-081546/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/nato-pledges-to-speed-evacuations-from-afghanistan-as-criticism-mounts-idUSKBN2FL0CL">NATO pledges to speed evacuations from Afghanistan as criticism mounts</a><br></p> <hr> KABUL (Reuters) -More than 18,000 people have been flown out of Kabul since the Taliban took over Afghanistan's capital, a NATO official said on Friday, pledging to redouble evacuation efforts as criticism of the West's handling of the crisis mounted.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-sanctions/beijing-delays-vote-on-extending-anti-sanctions-law-to-hong-kong-scmp-idUSKBN2FL0BY">Beijing delays vote on extending anti-sanctions law to Hong Kong -SCMP</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20210820-081342/ Fri, 20 Aug 2021 08:13:42 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20210820-081342/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/08/understanding-network-access-windows-app.html">Understanding Network Access in Windows AppContainers</a> (Aug)<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210820-001601/ Fri, 20 Aug 2021 00:16:01 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210820-001601/ <p>KABUL (Reuters) -The Taliban called on Afghanistan's imams to urge unity when they hold their first Friday prayers since the Islamist group seized control of the country, as protests against the takeover spread to more cities on Thursday, including the capital, Kabul.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-china/contrary-to-intent-bidens-afghan-pullout-could-undermine-asia-shift-idUSKBN2FK2HG">Contrary to intent, Biden's Afghan pullout could undermine Asia shift</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/foreign-aid-trickles-in-to-rural-haiti-amid-struggle-to-count-victims-idUSKBN2FK0YN">Foreign aid trickles in to rural Haiti amid struggle to count victims</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210819-201818/ Thu, 19 Aug 2021 20:18:18 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210819-201818/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1130899_2022-hyundai-kona-n-price-specs-review-photos-info-video">Preview: 2022 Hyundai Kona N brings hot hatch attitude to the compact crossover</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1129768_2022-hyundai-elantra-n-price-specs-review-photos-info">Preview: 2022 Hyundai Elantra N packs 276 hp, 8-speed DCT</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210819-201711/ Thu, 19 Aug 2021 20:17:11 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210819-201711/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/08/19/technology/facebooks-new-bet-on-virtual-reality-conference-rooms.html">Facebook’s New Bet on Virtual Reality: Conference Rooms The pandemic has renewed interest in virtual reality. Facebook is trying to capitalize with a new virtual meeting room service. By Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210819-201527/ Thu, 19 Aug 2021 20:15:27 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210819-201527/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-urge-afghan-unity-as-protests-spread-to-kabul-idUSKBN2FK0GM">Taliban urge Afghan unity as protests spread to Kabul</a><br></p> <hr> KABUL (Reuters) -The Taliban called on Afghanistan's imams to urge unity when they hold their first Friday prayers since the Islamist group seized control of the country, as protests against the takeover spread to more cities on Thursday, including the capital Kabul.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-blacklist/taliban-are-rounding-up-afghans-on-blacklist-private-intel-report-idUSKBN2FK23J">Taliban are rounding up Afghans on blacklist - private intel report</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/aid-trickles-in-as-haitians-struggle-to-count-lives-lost-in-quake-idUSKBN2FK0YN">Aid trickles in as Haitians struggle to count lives lost in quake</a><br> https://www.whatsupup.com/blog/sited/implore/20210819-201511/ Thu, 19 Aug 2021 20:15:11 +0000 https://www.whatsupup.com/blog/sited/implore/20210819-201511/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/08/19/technology/ftc-facebook-antitrust.html">U.S. Revives Facebook Suit, Adding Details to Back Claim of a Monopoly After a judge slammed the F.T.C.’s original lawsuit, regulators returned with a more detailed case accusing the platform of being a monopoly. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20210819-201335/ Thu, 19 Aug 2021 20:13:34 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20210819-201335/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/08/understanding-network-access-windows-app.html">Understanding Network Access in Windows AppContainers</a><br></p> <hr> Posted by James Forshaw, Project Zero Recently I've been delving into the inner workings of the Windows Firewall. This is interesting to me as it's used to enforce various restrictions such as whether AppContainer sandboxed applications can access the network. Being able to bypass network restrictions in AppContainer sandboxes is interesting as it expands the attack surface available to the application, such as being able to access services on localhost, as well as granting access to intranet resources in an Enterprise.<br> I recently discovered a <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/detail?id=2207">configuration issue</a> with the Windows Firewall which allowed the restrictions to be bypassed and allowed an AppContainer process to access the network. Unfortunately Microsoft decided it didn't meet the bar for a security bulletin so it's marked as WontFix.<br> As the mechanism that the Windows Firewall uses to restrict access to the network from an AppContainer isn't officially documented as far as I know, I'll provide the details on how the restrictions are implemented. This will provide the background to understanding why my configuration issue allowed for network access.<br> I'll also take the opportunity to give an overview of how the Windows Firewall functions and how you can use some of my tooling to inspect the current firewall configuration. This will provide security researchers with the information they need to better understand the firewall and assess its configuration to find other security issues similar to the one I reported. At the same time I'll note some interesting quirks in the implementation which you might find useful.<br> Windows Firewall Architecture Primer<br> Before we can understand how network access is controlled in an AppContainer we need to understand how the built-in Windows firewall functions. Prior to XP SP2 Windows didn't have a built-in firewall, and you would typically install a third-party firewall such as ZoneAlarm. These firewalls were implemented by hooking into <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows-hardware/drivers/network/">Network Driver Interface Specification (NDIS)</a> drivers or implementing user-mode <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/winsock/about-the-winsock-spi">Winsock Service Providers</a> but this was complex and error prone.<br> While XP SP2 introduced the built-in firewall, the basis for the one used in modern versions of Windows was introduced in Vista as the <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/fwp/windows-filtering-platform-start-page">Windows Filtering Platform (WFP)</a> . However, as a user you wouldn't typically interact directly with WFP. Instead you'd use a firewall product which exposes a user interface, and then configures WFP to do the actual firewalling. On a default installation of Windows this would be the Windows Defender Firewall. If you installed a third-party firewall this would replace the Defender component but the actual firewall would still be implemented through configuring WFP.<br> The diagram gives an overview of how various components in the OS are connected together to implement the firewall. A user would interact with the Windows Defender firewall using the GUI, or a command line interface such as PowerShell's <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/powershell/module/netsecurity/">NetSecurity</a> module. This interface communicates with the Windows Defender Firewall Service (MPSSVC) over RPC to query and modify the firewall rules.<br> MPSSVC converts its ruleset to the lower-level WFP firewall filters and sends them over RPC to the Base Filtering Engine (BFE) service. These filters are then uploaded to the TCP/IP driver (TCPIP.SYS) in the kernel which is where the firewall processing is handled. The device objects (such as \Device\WFP ) which the TCP/IP driver exposes are secured so that only the BFE service can access them. This means all access to the kernel firewall needs to be mediated through the service.<br> When an application, such as a Web Browser, creates a new network socket the AFD driver responsible for managing sockets will communicate with the TCP/IP driver to configure the socket for IP. At this point the TCP/IP driver will capture the security context of the creating process and store that for later use by the firewall. When an operation is performed on the socket, such as making or accepting a new connection, the firewall filters will be evaluated.<br> The evaluation is handled primarily by the NETIO driver as well as registered callout drivers. These callout drivers allow for more complex firewall rules to be implemented as well as inspecting and modifying network traffic. The drivers can also forward checks to user-mode services. As an example, the ability to forward checks to user mode allows the Windows Defender Firewall to display a UI when an unknown application listens on a wildcard address, as shown below.<br> The end result of the evaluation is whether the operation is permitted or blocked. The behavior of a block depends on the operation. If an outbound connection is blocked the caller is notified. If an inbound connection is blocked the firewall will drop the packets and provide no notification to the peer, such as a TCP Reset or ICMP response. This default drop behavior can be changed through a <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-gpfas/e0e681d3-0468-4796-b541-c5f9945041d8">system wide configuration change</a> . Let's dig into more detail on how the rules are configured for evaluation.<br> Layers, Sublayers and Filters<br> The firewall rules are configured using three types of object: layers, sublayers and filters as shown in the following diagram.<br> The firewall layer is used to categorize the network operation to be evaluated. For example there are separate layers for inbound and outbound packets. This is typically further differentiated by IP version, so there are separate IPv4 and IPv6 layers for inbound and outbound packets. While the firewall is primarily focussed on IP traffic there does exist limited MAC and Virtual Switch layers to perform specialist firewalling operations. You can find the list of pre-defined layers on MSDN <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/fwp/management-filtering-layer-identifiers-">here</a> . As the WFP needs to know what layer handles which operation there's no way for additional layers to be added to the system by a third-party application.<br> When a packet is evaluated by a layer the WFP performs <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/fwp/filter-arbitration">Filter Arbitration</a> . This is a set of rules which determine the order of evaluation of the filters. First WFP enumerates all registered filters which are associated with the layer's unique GUID. Next, WFP groups the filters by their sublayer's GUID and orders the filter groupings by a weight value which was specified when the sublayer was registered. Finally, WFP evaluates each filter according to the order based on a weight value specified when the filter was registered.<br> For every filter, WFP checks if the list of conditions match the packet and its associated meta-data. If the conditions match then the filter performs a specified action, which can be one of the following:<br> Permit<br> Block<br> Callout Terminating<br> Callout Unknown<br> Callout Inspection<br> If the action is Permit or Block then the filter evaluation for the current sublayer is terminated with that action as the result. If the action is a callout then WFP will invoke the filter's registered callout driver's <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/fwpsk/nc-fwpsk-fwps_callout_classify_fn0">classify function</a> to perform additional checks. The classify function can evaluate the packet and its meta-data and specify a final result of Permit , Block or additionally Continue which indicates the filter should be ignored. In general if the action is Callout Terminating then it should only set Permit and Block , and if it's Callout Inspection then it should only set Continue . The Callout Unknown action is for callouts which might terminate or might not depending on the result of the classification.<br> Once a terminating filter has been evaluated WFP stops processing that sublayer. However, WFP will continue to process the remaining sublayers in the same way regardless of the final result. In general if any sublayer returns a Block result then the packet will be blocked, otherwise it'll be permitted. This means that if a higher priority sublayer's result is Permit , it can still be blocked by a lower-priority sublayer.<br> A filter can be configured with the FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT flag which indicates that the result should be considered “hard” allowing a higher priority filter to permit a packet which can't be overridden by a lower-priority blocking filter. The rules for the final result are even more complex than I make out including soft blocks and vetos, refer to the <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/fwp/filter-arbitration">page in MSDN</a> for more information.<br> To simplify the classification of network traffic, WFP provides a set of stateful layers which correspond to major network events such as TCP connection and port binding. The stateful filtering is referred to as <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/fwp/application-layer-enforcement--ale-">Application Layer Enforcement (ALE)</a> . For example the FWPM_LAYER_ALE_AUTH_CONNECT_V4 layer will be evaluated when a TCP connection using IPv4 is being made.<br> For any given connection it will only be evaluated once, not for every packet associated with the TCP connection handshake. In general these <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/fwp/ale-layers">ALE layers</a> are the ones we'll focus on when inspecting the firewall configuration, as they're the most commonly used. The three main ALE layers you're going to need to inspect are the following:<br> Name<br> Description<br> FWPM_LAYER_ALE_AUTH_CONNECT_V4/6<br> Processed when TCP connect() called.<br> FWPM_LAYER_ALE_AUTH_LISTEN_V4/6<br> Processed when TCP listen() called.<br> FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4/6<br> Processed when a packet/connection is received.<br> What layers are used and in what order they are evaluated depend on the specific operation being performed. You can find the list of the layers for TCP packets <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/fwp/tcp-packet-flows">here</a> and UDP packets <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows/win32/fwp/udp-packet-flows">here</a> . Now, let's dig into how filter conditions are defined and what information they can check.<br> Filter Conditions<br> Each filter contains an optional list of conditions which are used to match a packet. If no list is specified then the filter will always match any incoming packet and perform its defined action. If more than one condition is specified then the filter is only matched if all of the conditions match. If you have multiple conditions of the same type they're OR'ed together, which allows a single filter … https://www.whatsupup.com/blog/rubicundity/envenomation/20210819-200625/ Thu, 19 Aug 2021 20:06:24 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20210819-200625/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/what-is-addiction">What is addiction (series)</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-change-for-the-better">How to change for the better</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-set-goals-that-work">How to set goals that work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-finally-start-doing-something-about-your-dreams">How to finally start doing something about your dreams</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-avoid-i-ll-do-it-tomorrow">How to avoid “I’ll do it tomorrow”</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/play-the-ultimate-game-your-real-life">Play the ultimate game: your real life</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-real-reason-why-you-get-distracted">The real reason why you get distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/today-shouldnt-suck">Today shouldn’t suck</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted">4 most common ways of getting distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210819-200612/ Thu, 19 Aug 2021 20:06:11 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210819-200612/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/wanted-disgruntled-employees-to-deploy-ransomware/">Wanted: Disgruntled Employees to Deploy Ransomware</a><br></p> <hr> Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.<br> Image: Abnormal Security.<br> Crane Hassold , director of threat intelligence at Abnormal Security , <a rel="noreferrer" target="_blank" href="https://abnormalsecurity.com/blog/nigerian-ransomware-soliciting-employees-demonware/">described</a> what happened after he adopted a fake persona and responded to the proposal in the screenshot above. It offered to pay him 40 percent of a million-dollar ransom demand if he agreed to launch their malware inside his employer’s network.<br> This particular scammer was fairly chatty, and over the course of five days it emerged that Hassold’s correspondent was forced to change up his initial approach in planning to deploy the <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/03/ransomware-operators-are-piling-on-already-hacked-exchange-servers/">DemonWare ransomware strain</a> , which is freely available on GitHub .<br> “According to this actor, he had originally intended to send his targets—all senior-level executives—phishing emails to compromise their accounts, but after that was unsuccessful, he pivoted to this ransomware pretext,” Hassold wrote.<br> Abnormal Security documented how it tied the email back to a young man in Nigeria who acknowledged he was trying to save up money to help fund a new social network he is building called Sociogram .<br> Reached via LinkedIn, Sociogram founder <a rel="noreferrer" target="_blank" href="https://www.linkedin.com/in/oluwameda/">Oluwaseun Medayedupin</a> asked to have his startup’s name removed from the story, although he did not respond to questions about whether there were an inaccuracies in Hassold’s report.<br> “Please don’t harm Sociogram’s reputation,” Medayedupin pleaded. “I beg you as a promising young man.”<br> This attacker’s approach may seem fairly amateur, but it would be a mistake to dismiss the threat from West African cybercriminals dabbling in ransomware. While multi-million dollar ransomware payments are hogging the headlines, by far the biggest financial losses tied to cybercrime each year stem from so-called <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/tag/business-email-compromise/">Business Email Compromise (BEC) or CEO Scams</a> , in which crooks mainly based in Africa and Southeast Asia will spoof communications from executives at the target firm in a bid to initiate unauthorized international wire transfers.<br> According to <a rel="noreferrer" target="_blank" href="https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf">the latest figures</a> (PDF) released by the <a rel="noreferrer" target="_blank" href="https://www.ic3.gov">FBI Internet Crime Complaint Center</a> (IC3), the reported losses from BEC scams continue to dwarf other cybercrime loss categories, increasing to $1.86 billion in 2020.<br> Image: FBI<br> “Knowing the actor is Nigerian really brings the entire story full circle and provides some notable context to the tactics used in the initial email we identified,” Hassold wrote. “For decades, West African scammers, primarily located in Nigeria, have perfected the use of social engineering in cybercrime activity.”<br> “While the most common cyber attack we see from Nigerian actors (and most damaging attack globally) is business email compromise (BEC), it makes sense that a Nigerian actor would fall back on using similar social engineering techniques, even when attempting to successfully deploy a more technically sophisticated attack like ransomware,” Hassold concluded.<br> DON’T QUIT YOUR DAY JOB<br> Cybercriminals trolling for disgruntled employees is hardly a new development. Big companies have long been worried about the very real threat of disgruntled employees creating identities on darknet sites and then offering to trash their employer’s network for a fee (for more on that, see my 2016 story, <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2016/06/rise-of-darknet-stokes-fear-of-the-insider/">Rise of the Darknet Stokes Fear of the Insider</a> ). <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/wanted-disgruntled-employees-to-deploy-ransomware/#more-56667">Continue reading →</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210819-161543/ Thu, 19 Aug 2021 16:15:43 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210819-161543/ Planes, guns, night-vision goggles: The Taliban's new U.S.-made war chest <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/aerospace-defense/planes-guns-night-vision-goggles-talibans-new-us-made-war-chest-2021-08-19/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/afghan-protests-spread-to-kabul-in-early-challenge-to-taliban-idUSKBN2FK0GM">Afghan protests spread to Kabul in early challenge to Taliban</a><br></p> <hr> Protests against the Taliban's takeover in Afghanistan spread to more cities on Thursday, including the capital Kabul, and a witness said several people were killed when the militants fired on a crowd in Asadabad in the eastern province of Kunar.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210819-121812/ Thu, 19 Aug 2021 12:18:12 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210819-121812/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1118149_hennessey-venom-f5-hypercar-sells-out-following-monterey-car-week-showing">Hennessey Venom F5 hypercar sells out following Monterey Car Week showing</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1123680_2022-bmw-2-series-active-tourer-spy-shots-video">2022 BMW 2-Series Active Tourer spy shots: Sportier look for compact minivan</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133262_nissan-z-reveal-livestream">Watch the Nissan Z reveal live, here</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210819-121633/ Thu, 19 Aug 2021 12:16:33 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210819-121633/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/08/19/technology/can-facebook-make-virtual-reality-happen-for-real-this-time.html">Can Facebook Make Virtual Reality Happen for Real This Time? The pandemic has renewed interest in virtual reality. Facebook is trying to capitalize with a new virtual meeting room service. By Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210819-121452/ Thu, 19 Aug 2021 12:14:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210819-121452/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/legal-us-apple-privacy/exclusive-policy-groups-ask-apple-to-drop-plans-to-inspect-imessages-scan-for-abuse-images-idUSKBN2FK0T2">Exclusive: Policy groups ask Apple to drop plans to inspect iMessages, scan for abuse images</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/protests-against-afghan-taliban-spread-in-early-signs-of-resistance-idUSKBN2FK0GM">Protests against Afghan Taliban spread in early signs of resistance</a><br> <hr> KABUL (Reuters) -Flag-waving protesters took to the streets of more Afghan cities on Thursday as popular opposition to the Taliban spread, and a witness said several people were killed when the militants fired on a crowd in Asadabad in the east.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-biden/biden-says-taliban-must-decide-if-it-wants-international-recognition-interview-idUSKBN2FK17E">Biden says Taliban must decide if it wants international recognition - interview</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/painful-days-ahead-as-haitians-struggle-to-count-lives-lost-in-quake-idUSKBN2FK0YN">'Painful days ahead' as Haitians struggle to count lives lost in quake</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210819-081855/ Thu, 19 Aug 2021 08:18:55 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210819-081855/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133288_genesis-gv60-electric-compact-crossover-coming-in-2022">Genesis GV60 electric compact crossover coming in 2022</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210819-081541/ Thu, 19 Aug 2021 08:15:41 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210819-081541/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/uk-apple-privacy/policy-groups-ask-apple-to-drop-plans-to-inspect-imessages-scan-for-abuse-images-idUSKBN2FK09P">Policy groups ask Apple to drop plans to inspect iMessages, scan for abuse images</a><br></p> <hr> More than 90 policy and rights groups around the world published an open letter on Thursday urging Apple to abandon plans for scanning children’s messages for nudity and the phones of adults for images of child sex abuse.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/apple-privacy/exclusive-policy-groups-ask-apple-to-drop-plans-to-inspect-imessages-scan-for-abuse-images-idUSL1N2PQ03V">EXCLUSIVE-Policy groups ask Apple to drop plans to inspect iMessages, scan for abuse images</a><br> <hr> Aug 18 More than 90 policy and rights groups around the world will publish an open letter on Thursday urging Apple to abandon plans for scanning children’s messages for nudity and the phones of adults for images of child sex abuse.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-urge-afghans-to-leave-kabul-airport-after-days-of-deadly-chaos-idUSKBN2FK0GM">Taliban urge Afghans to leave Kabul airport after days of deadly chaos</a><br> <hr> KABUL (Reuters) -The Taliban on Thursday urged crowds of Afghans waiting outside Kabul airport in the hope of fleeing the country to go home, saying they did not want to hurt anyone, a day after Taliban fighters fired at protesters, killing three, witnesses said.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/hong-kong-activist-returned-from-chinese-prison-found-guilty-in-national-security-case-idUSKBN2FK0B5">Hong Kong activist returned from Chinese prison found guilty in national security case</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210819-041548/ Thu, 19 Aug 2021 04:15:48 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210819-041548/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/uk-apple-privacy/exclusive-policy-groups-ask-apple-to-drop-plans-to-inspect-imessages-scan-for-abuse-images-idUSKBN2FK09P">Exclusive-Policy groups ask Apple to drop plans to inspect iMessages, scan for abuse images</a><br></p> <hr> More than 90 policy and rights groups around the world will publish an open letter on Thursday urging Apple to abandon plans for scanning children’s messages for nudity and the phones of adults for images of child sex abuse.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/quake-leaves-haiti-on-its-knees-as-impatience-grows-over-lack-of-aid-idUSKBN2FJ0OB">Quake leaves Haiti 'on its knees' as impatience grows over lack of aid</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210819-001920/ Thu, 19 Aug 2021 00:19:20 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210819-001920/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1129234_preview-2023-cadillac-lyriq-starts-brand-s-electric-slide-from-59-990">Preview: 2023 Cadillac Lyriq shines brightly and starts brand's electric slide from $59,990</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131482_2023-honda-cr-v-2022-polestar-2-pininfarina-battista-today-s-car-news">2023 Honda CR-V, 2022 Polestar 2, Pininfarina Battista: Today's Car News</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210819-001614/ Thu, 19 Aug 2021 00:16:14 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210819-001614/ <p>Haitians grow angry at slow pace of quake aid after spending fifth night in the open, many without clean water and food <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/americas/haitians-sheltering-tents-grow-impatient-aid-after-devastating-quake-2021-08-18/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-keep-some-evacuees-from-reaching-kabul-airport-as-u-s-vows-to-finish-airlift-idUSKBN2FJ0EA">Taliban keep some evacuees from reaching Kabul airport, as U.S. vows to finish airlift</a><br></p> <hr> KABUL (Reuters) -Armed members of the Taliban kept people desperate to flee Afghanistan from reaching Kabul's airport on Wednesday, witnesses said, while President Joe Biden vowed to keep U.S. troops in the country until all Americans are evacuated.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-pentagon/biden-says-aug-31-deadline-in-afghanistan-might-have-to-be-extended-idUSKBN2FJ1KD">Biden says Aug. 31 deadline in Afghanistan might have to be extended</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/haitians-grow-impatient-for-quake-aid-as-hungry-crowd-gathers-idUSKBN2FJ0OB">Haitians grow impatient for quake aid as hungry crowd gathers</a><br> https://www.whatsupup.com/blog/trifid/ragwort/20210819-001514/ Thu, 19 Aug 2021 00:15:13 +0000 https://www.whatsupup.com/blog/trifid/ragwort/20210819-001514/ This website stores data such as cookies to enable essential site functionality, as well as marketing, personalization, and analytics. By remaining on this website you indicate your consent. <a rel="noreferrer" target="_blank" href="https://smartcar.com/privacy#cookies">Cookie Policy</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210818-202029/ Wed, 18 Aug 2021 20:20:29 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210818-202029/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133278_the-nissan-z-was-dead-then-reborn-as-an-under-the-table-skunkworks-project">The Nissan Z was dead, then reborn as an "under the table" skunkworks project</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210818-201710/ Wed, 18 Aug 2021 20:17:09 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210818-201710/ <p>KABUL (Reuters) -At least three people were killed in anti-Taliban protests in the Afghan city of Jalalabad on Wednesday, witnesses said, as the Islamist group moved to consolidate power and Western countries ramped up evacuations from a chaotic Kabul airport.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-scene/taliban-go-door-to-door-telling-fearful-afghans-to-work-idUSKBN2FJ1RC">Taliban go door-to-door telling fearful Afghans to work</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/08/18/arrival-takes-low-cost-road-to-mass-prod?videoId=734311562&videoChannel=118169">Arrival takes low-cost road to mass production</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210818-201645/ Wed, 18 Aug 2021 20:16:44 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210818-201645/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/08/hackers-who-breached-t-mobile-stole-personal-data-for-49-million-accounts/">Hackers who breached T-Mobile stole personal data for ~49 million accounts</a><br></p> <hr> PII includes first and last names, dates of birth, SSNs, and driver’s license numbers.<br> https://www.whatsupup.com/blog/trifid/ragwort/20210818-201602/ Wed, 18 Aug 2021 20:16:01 +0000 https://www.whatsupup.com/blog/trifid/ragwort/20210818-201602/ Request a demo<br> https://www.whatsupup.com/blog/ideo/fleury/20210818-200631/ Wed, 18 Aug 2021 20:06:30 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210818-200631/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/t-mobile-breach-exposed-ssn-dob-of-40m-people/">T-Mobile: Breach Exposed SSN/DOB of 40M+ People</a><br></p> <hr> T-Mobile is warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. The acknowledgment came less than 48 hours after millions of the stolen T-Mobile customer records went up for sale in the cybercrime underground.<br> In a statement Tuesday evening, T-Mobile said a “highly sophisticated” attack against its network led to the breach of data on millions of customers.<br> “Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile,” the company wrote in <a rel="noreferrer" target="_blank" href="https://www.t-mobile.com/news/network/additional-information-regarding-2021-cyberattack-investigation">a blog post</a> . “Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.”<br> Nevertheless, T-Mobile is urging all T-Mobile postpaid customers to proactively change their account PINs by going online into their T-Mobile account or calling customer care at 611. “This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised,” the advisory reads.<br> It is not clear how many people total may be impacted by this breach. T-Mobile hasn’t yet responded to requests for clarification regarding how many of the 7.8 million current customers may also have been affected by the credit application breach. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/t-mobile-breach-exposed-ssn-dob-of-40m-people/#more-56638">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210818-161847/ Wed, 18 Aug 2021 16:18:47 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210818-161847/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133279_2022-jeep-commander-compass-based-3-row-crossover-debuts-in-brazil">2022 Jeep Commander: Compass-based 3-row crossover debuts in Brazil</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133276_bmw-ix5-hydrogen-revealed-ahead-of-2022-start-of-production">BMW iX5 Hydrogen revealed ahead of 2022 start of production</a><br> https://www.whatsupup.com/blog/gaper/whisky/20210818-161649/ Wed, 18 Aug 2021 16:16:48 +0000 https://www.whatsupup.com/blog/gaper/whisky/20210818-161649/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/08/spring-cleaning-mdn-part-2/">Spring cleaning MDN: Part 2 →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/08/spring-cleaning-mdn-part-2/">Spring cleaning MDN: Part 2</a><br> <hr> Last month we removed a bunch of content from MDN. MDN is 16 years old (and yes it can drink in some countries), all that time ago it was a great place for all of Mozilla to document all of their things. As MDN evolved and the web reference became our core content, other areas became less relevant to the overall site. We have ~11k active pages on MDN, so keeping them up to date is a big task and we feel our focus should be there.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210818-161601/ Wed, 18 Aug 2021 16:16:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210818-161601/ <p>Exclusive: Taliban to reach out to former soldiers and pilots to join its ranks, country may be governed by a ruling council <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific/exclusive-council-may-rule-afghanistan-taliban-reach-out-soldiers-pilots-senior-2021-08-18/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/three-killed-as-afghan-protests-test-talibans-promise-of-peaceful-rule-idUSKBN2FJ0EA">Three killed as Afghan protests test Taliban's promise of peaceful rule</a><br></p> <hr> KABUL (Reuters) -At least three people were killed in anti-Taliban protests in the Afghan city of Jalalabad on Wednesday, witnesses said, as the militant group moved to create a government and Western countries ramped up evacuations from a chaotic Kabul airport.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-future-exclusive/exclusive-council-may-rule-afghanistan-taliban-to-reach-out-to-soldiers-pilots-senior-member-idUSKBN2FJ1LA">Exclusive-Council may rule Afghanistan, Taliban to reach out to soldiers, pilots-senior member</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-tajikistan-diplo/afghan-envoy-says-hold-out-panjshir-province-can-resist-taliban-rule-idUSKBN2FJ1LW">Afghan envoy says hold-out Panjshir province can resist Taliban rule</a><br> https://www.whatsupup.com/blog/uprousing/bayed/20210818-160814/ Wed, 18 Aug 2021 16:08:13 +0000 https://www.whatsupup.com/blog/uprousing/bayed/20210818-160814/ You’ve probably seen a syringe before. When its plunger is pressed, the contents of the syringe come out on the other end. In the demonstration below we have a syringe connected through a thin hose to another container that has a spring in it. The entire system is filled with water . As you increase the force on the plunger observe the little spring being compressed at the other end of the hose:<br> If the cargo is placed <a rel="noreferrer" target="_blank" href="https://ciechanow.ski">relatively low</a> , it can actually significantly increase the stability of the ship. However, for <a rel="noreferrer" target="_blank" href="https://ciechanow.ski">some positions</a> of cargo, the ship’s stable position is tilted to one side or the other, even though the geometry of the hull and carried load are perfectly symmetrical – that angle is known as <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Angle_of_loll">angle of loll</a> . When the cargo is placed <a rel="noreferrer" target="_blank" href="https://ciechanow.ski">very high</a> this ship becomes completely unstable.<br> https://www.whatsupup.com/blog/lynch/tiddly/20210818-160611/ Wed, 18 Aug 2021 16:06:11 +0000 https://www.whatsupup.com/blog/lynch/tiddly/20210818-160611/ <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2021/08/18/guest-writer-my-thoughts-on-afghanistan-as-a-member-of-the-us-military/">[Guest Writer] My Thoughts On Afghanistan As A Member Of The US Military</a> August 18, 2021<br> I’ve decided that in light of the current atrocities happening across Afghanistan, I need to write this informal blog to get some things off my chest about the American Experience … <a rel="noreferrer" target="_blank" href="https://ryanandrewlangdon.wordpress.com/2021/08/18/guest-writer-my-thoughts-on-afghanistan-as-a-member-of-the-us-military/">Continue reading [Guest Writer] My Thoughts On Afghanistan As A Member Of The US Military</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210818-121910/ Wed, 18 Aug 2021 12:19:10 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210818-121910/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133275_2022-mercedes-benz-c-class-wagon-spawns-all-terrain-soft-roader">2022 Mercedes-Benz C-Class Wagon spawns All-Terrain soft-roader</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133266_2022-lincoln-navigator-price-specs-review-photos-info">Preview: 2022 Lincoln Navigator reads the road ahead and adds highway hands-free driver-assist system</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210818-121601/ Wed, 18 Aug 2021 12:16:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210818-121601/ <p>Apple Inc on Tuesday appealed a copyright case it lost against security startup Corellium, which helps researchers examine programs like Apple's planned new method for detecting child sex abuse images <a href="https://www.reuters.com/technology/after-criticism-apple-only-seek-abuse-images-flagged-multiple-nations-2021-08-13">https://www.reuters.com/technology/after-criticism-apple-only-seek-abuse-images-flagged-multiple-nations-2021-08-13</a>.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/evacuations-from-afghanistan-gain-momentum-as-taliban-promise-peace-idUSKBN2FJ0EA">Evacuations from Afghanistan gain momentum as Taliban promise peace</a><br></p> <hr> KABUL (Reuters) -More than 2,200 diplomats and civilians have been evacuated from Afghanistan on military flights, a Western security official said on Wednesday, as the Taliban made first efforts to set up a government after their lightning sweep into the capital.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-germany-evacuees/afghans-evacuated-to-germany-describe-terrifying-scenes-at-kabul-airport-idUSKBN2FJ0VP">Afghans evacuated to Germany describe terrifying scenes at Kabul airport</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/haitians-sheltering-in-tents-grow-impatient-for-aid-after-devastating-quake-idUSKBN2FJ0OB">Haitians sheltering in tents grow impatient for aid after devastating quake</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210818-081849/ Wed, 18 Aug 2021 08:18:49 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210818-081849/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1128713_2022-audi-e-tron-s-review-price-photos-specs-info">2022 Audi E-Tron S electric crossover revealed with 3-motor powertrain, $85,895 price tag</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210818-081600/ Wed, 18 Aug 2021 08:16:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210818-081600/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/evacuations-from-afghanistan-gather-momentum-as-taliban-promise-peace-idUSKBN2FJ0EA">Evacuations from Afghanistan gather momentum as Taliban promise peace</a><br></p> <hr> KABUL (Reuters) -More than 2,200 diplomats and other civilians have been evacuated from Afghanistan on military flights, a Western security official told Reuters on Wednesday, as efforts gathered pace to get people out after the Taliban seized the capital.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-germany-election/german-spd-overtakes-greens-close-in-on-conservatives-before-election-idUSKBN2FJ0LC">German SPD overtakes Greens, close in on conservatives before election</a><br> https://www.whatsupup.com/blog/glooming/wrackful/20210818-080704/ Wed, 18 Aug 2021 08:07:03 +0000 https://www.whatsupup.com/blog/glooming/wrackful/20210818-080704/ <a rel="noreferrer" target="_blank" href="https://advancedbeginners.substack.com">Programming Feedback for Advanced Beginners</a><br></p> <hr> https://www.whatsupup.com/blog/twopenny/ultraism/20210818-041720/ Wed, 18 Aug 2021 04:17:19 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210818-041720/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-apple-corellium/apple-appeals-against-security-research-firm-while-touting-researchers-idUSKBN2FI24O">Apple appeals against security research firm while touting researchers</a><br></p> <hr> Apple Inc on Tuesday appealed a copyright case it lost against security startup Corellium, which helps researchers examine programs like Apple's planned new method for detecting child sex abuse images.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210818-002029/ Wed, 18 Aug 2021 00:20:29 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210818-002029/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133257_2023-nissan-z-price-specs-review-info-photos">2023 Nissan Z arrives with 400 hp, retro styling, optional blue or red interiors</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210818-001647/ Wed, 18 Aug 2021 00:16:47 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210818-001647/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-pledge-peace-and-womens-rights-under-islam-as-they-strike-conciliatory-tone-idUSKBN2FI0AT">Taliban pledge peace and women's rights under Islam as they strike conciliatory tone</a><br></p> <hr> KABUL (Reuters) -The Taliban said on Tuesday they wanted peaceful relations with other countries and would respect the rights of women within the framework of Islamic law, as they held their first official news briefing since their lightning seizure of Kabul.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210817-201957/ Tue, 17 Aug 2021 20:19:57 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210817-201957/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133259_2024-land-rover-range-rover-sport-svr-spy-shots">2024 Land Rover Range Rover Sport SVR spy shots: High-performance crossover takes shape</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210817-201621/ Tue, 17 Aug 2021 20:16:21 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210817-201621/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-striking-dovish-tone-pledge-peace-and-womens-rights-under-islam-idUSKBN2FI0AT">Taliban, striking dovish tone, pledge peace and women's rights under Islam</a><br></p> <hr> The Afghan Taliban said on Tuesday they wanted peaceful relations with other countries and would respect the rights of women within the framework of Islamic law, as they held their first official news briefing since their shock seizure of Kabul.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-eu-taliban/eu-says-it-will-work-with-taliban-only-if-human-rights-respected-idUSKBN2FI1VJ">EU says it will work with Taliban only if human rights respected</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-refugees/bidens-vow-to-airlift-afghan-allies-meets-ticking-clock-risky-rescue-idUSKBN2FI241">Biden's vow to airlift Afghan allies meets ticking clock, risky rescue</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210817-161954/ Tue, 17 Aug 2021 16:19:53 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210817-161954/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133261_2021-shelby-f-150-super-snake-bites-with-775-hp-0-60-mph-in-3-45-seconds">2021 Shelby F-150 Super Snake bites with 775 hp, 0-60 mph in 3.45 seconds</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1128713_2022-audi-e-tron-s-review-price-photos-specs-info">2022 Audi E-Tron S electric SUV revealed with 3-motor powertrain for $85,895</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210817-161634/ Tue, 17 Aug 2021 16:16:33 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210817-161634/ <p>How the Taliban engineered a political collapse of Afghanistan <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific/how-taliban-engineered-political-collapse-afghanistan-2021-08-17/%20">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-say-they-want-peace-will-respect-womens-rights-under-islamic-law-idUSKBN2FI0AT">Taliban say they want peace, will respect women's rights under Islamic law</a><br></p> <hr> KABUL (Reuters) -The Taliban held their first official news conference in Kabul on Tuesday since the shock seizure of the city, declaring they wanted peaceful relations with other countries and would respect the rights of women within the framework of Islamic law.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-vice-president/afghan-vice-president-saleh-says-on-twitter-he-is-legitimate-caretaker-president-idUSKBN2FI1GK">Afghan vice president Saleh says on Twitter he is legitimate caretaker president</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/we-need-food-heavy-rains-lash-haiti-quake-survivors-idUSKBN2FI0RP">'We need food': heavy rains lash Haiti quake survivors</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210817-161619/ Tue, 17 Aug 2021 16:16:18 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210817-161619/ Data reportedly includes SSNs, driver's license numbers, and more for 100 million people.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210817-121944/ Tue, 17 Aug 2021 12:19:44 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210817-121944/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133255_2023-chevrolet-corvette-e-ray-spy-shots-hybrid-corvette-coming">2023 Chevrolet Corvette E-Ray spy shots: Hybrid Corvette coming</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131809_2022-toyota-86-price-specs-review-photos-info">First drive review: 2022 Toyota GR86 teaches the old-school performance-driving basics</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133256_surf-s-up-ford-previews-beach-inspired-bronco-accessories-with-riptide-concept">Surf's up: Ford previews beach-inspired Bronco accessories with Riptide concept</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210817-121615/ Tue, 17 Aug 2021 12:16:15 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210817-121615/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/evacuation-flights-restart-from-kabul-after-afghans-desperate-to-flee-cleared-from-airfield-idUSKBN2FI0AT">Evacuation flights restart from Kabul after Afghans desperate to flee cleared from airfield</a><br></p> <hr> KABUL (Reuters) -U.S. military flights evacuating diplomats and civilians from Afghanistan restarted on Tuesday after the runway at Kabul airport was cleared of thousands desperate to flee following the Taliban's sudden takeover of the capital.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-germany-aircraft/afghan-turmoil-shames-the-west-says-german-president-idUSKBN2FI0F9">Afghan turmoil 'shames' the West, says German president</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/hopes-for-quake-survivors-dwindle-as-storm-lashes-haiti-idUSKBN2FI0RP">Hopes for quake survivors dwindle as storm lashes Haiti</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210817-081606/ Tue, 17 Aug 2021 08:16:06 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210817-081606/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/evacuation-flights-resume-at-kabul-airport-as-biden-defends-u-s-withdrawal-idUSKBN2FI0AT">Evacuation flights resume at Kabul airport as Biden defends U.S. withdrawal</a><br></p> <hr> KABUL (Reuters) -Military flights evacuating diplomats and civilians from Afghanistan resumed early on Tuesday after the runway at Kabul airport was cleared of thousands of people desperate to flee after the Taliban seized the capital.<br> https://www.whatsupup.com/blog/phonic/shopboy/20210817-081052/ Tue, 17 Aug 2021 08:10:51 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210817-081052/ The Bob Noyce Esquire profile by Tom Wolfe that @pmarca and @bhorowitz mentioned today. Fantastic read on multiple levels. <a rel="noreferrer" target="_blank" href="https://t.co/atol9YUv0a"><a href="https://t.co/atol9YUv0a">https://t.co/atol9YUv0a</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/SM2dcfM4wp"><a href="https://t.co/SM2dcfM4wp">https://t.co/SM2dcfM4wp</a></a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210817-041600/ Tue, 17 Aug 2021 04:16:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210817-041600/ <p>Military evacuation flights start taking off from Kabul airport <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific/military-evacuation-flights-taking-off-kabul-western-official-2021-08-17/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/chaos-desperation-at-kabul-airport-as-biden-defends-withdrawal-from-afghanistan-idUSKBN2FG01T">Chaos, desperation at Kabul airport as Biden defends withdrawal from Afghanistan</a><br></p> <hr> KABUL (Reuters) -Thousands of people desperate to flee Afghanistan thronged Kabul's airport on Monday after the Taliban seized the capital, prompting the United States to pause evacuations, as President Joe Biden confronted mounting criticism over the U.S. withdrawal.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/hong-kongs-lam-tells-solicitors-group-to-stay-out-of-politics-idUSKBN2FI05K">Hong Kong's Lam tells solicitors' group to stay out of politics</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210817-041545/ Tue, 17 Aug 2021 04:15:45 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210817-041545/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/08/t-mobile-has-been-hacked-yet-again-but-still-doesnt-know-what-was-taken/">T-Mobile has been hacked yet again—but still doesn’t know what was taken</a><br></p> <hr> Data reportedly includes SSNs, driver license numbers, and more for 100 million people.<br> https://www.whatsupup.com/blog/ideo/fleury/20210817-040557/ Tue, 17 Aug 2021 04:05:56 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210817-040557/ Communications giant T-Mobile said today it is investigating the extent of a breach that hackers claim has exposed sensitive personal data on 100 million T-Mobile USA customers, in many cases including the name, Social Security number, address, date of birth, phone number, security PINs and details that uniquely identify each customer’s mobile device.<br> On Sunday, Vice.com <a rel="noreferrer" target="_blank" href="https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million">broke the news</a> that someone was selling data on 100 million people, and that the data came from T-Mobile. In <a rel="noreferrer" target="_blank" href="https://www.t-mobile.com/news/network/cybersecurity-incident-update-august-2021">a statement</a> published on its website today, the company confirmed it had suffered an intrusion involving “some T-Mobile data,” but said it was too soon in its investigation to know what was stolen and how many customers might be affected.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210817-001618/ Tue, 17 Aug 2021 00:16:18 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210817-001618/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/chaos-death-at-kabul-airport-as-biden-defends-withdrawal-from-afghanistan-idUSKBN2FG01T">Chaos, death at Kabul airport as Biden defends withdrawal from Afghanistan</a><br></p> <hr> KABUL (Reuters) -Thousands of people desperate to flee Afghanistan thronged Kabul's airport on Monday after the Taliban seized the capital, prompting the United States to pause evacuations much of the day as President Joe Biden confronted mounting criticism over the U.S. withdrawal.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-biden-afghanistan/biden-defends-afghanistan-decision-blames-afghan-armys-unwillingness-to-fight-idUSKBN2FH27J">Biden defends Afghanistan decision, blames Afghan army's unwillingness to fight</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-russia/russia-says-kabul-seems-safer-under-taliban-than-it-was-under-ghani-idUSKBN2FH2AB">Russia says Kabul seems safer under Taliban than it was under Ghani</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210817-001059/ Tue, 17 Aug 2021 00:10:59 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210817-001059/ I'm discussing “One on One with A & Z” with @bhorowitz and a16z. Today, Aug 16 at 7:00 PM PDT in @clubhouse. Join us! <a rel="noreferrer" target="_blank" href="https://t.co/4RrK1b887J"><a href="https://t.co/4RrK1b887J">https://t.co/4RrK1b887J</a></a><br> https://www.whatsupup.com/blog/ideo/fleury/20210817-000618/ Tue, 17 Aug 2021 00:06:18 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210817-000618/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/t-mobile-investigating-claims-of-massive-data-breach/">T-Mobile Investigating Claims of Massive Data Breach</a><br></p> <hr> Communications giant T-Mobile said today it is investigating the extent of a data breach that hackers claim has exposed sensitive personal data on 100 million T-Mobile USA customers, in many cases including the name, Social Security number, address, date of birth, phone number, security PINs and details that uniquely identify each customer’s mobile device.<br> On Sunday, Vice.com <a rel="noreferrer" target="_blank" href="https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million">broke the news</a> that someone was selling data on 100 million people, and that the data came from T-Mobile. In <a rel="noreferrer" target="_blank" href="https://www.t-mobile.com/news/network/cybersecurity-incident-update-august-2021">a statement</a> published on its website today, T-Mobile confirmed it had suffered an intrusion involving customer data, but said it was too soon in its investigation to know what was stolen and how many customers may be affected.<br> A sales thread tied to the allegedly stolen T-Mobile customer data.<br> “We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved,” T-Mobile wrote.<br> “We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” the statement continued. “This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.”<br> The intrusion came to light on Twitter when the account <a rel="noreferrer" target="_blank" href="https://twitter.com/und0xxed">@und0xxed</a> started tweeting the details. Reached via direct message, Und0xxed said they were not involved in stealing the databases but was instead in charge of finding buyers for the stolen T-Mobile customer data.<br> Und0xxed said the hackers found an opening in T-Mobile’s wireless data network that allowed access to two of T-Mobile’s customer data centers. From there, the intruders were able to dump a number of customer databases totaling more than 100 gigabytes.<br> They claim one of those databases holds the name, date of birth, SSN, drivers license information, plaintext security PIN, address and phone number of 36 million T-Mobile customers in the United States — all going back to the mid-1990s.<br> The hacker(s) claim the purloined data also includes <a rel="noreferrer" target="_blank" href="https://www.guidingtech.com/imei-vs-imsi-number/">IMSI and IMEI data</a> for 36 million customers. These are unique numbers embedded in customer mobile devices that identify the device and the SIM card that ties that customer’s device to a telephone number.<br> “If you want to verify that I have access to the data/the data is real, just give me a T-Mobile number and I’ll run a lookup for you and return the IMEI and IMSI of the phone currently attached to the number and any other details,” @und0xxed said. “All T-Mobile USA prepaid and postpaid customers are affected; Sprint and the other telecoms that T-Mobile owns are unaffected.”<br> Other databases allegedly accessed by the intruders included one for prepaid accounts, which had far fewer details about customers.<br> “Prepaid customers usually are just phone number and IMEI and IMSI,” Und0xxed said. “Also, the collection of databases includes historical entries, and many phone numbers have 10 or 20 IMEIs attached to them over the years, and the service dates are provided. There’s also a database that includes credit card numbers with six digits of the cards obfuscated.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/t-mobile-investigating-claims-of-massive-data-breach/#more-56613">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210816-202009/ Mon, 16 Aug 2021 20:20:09 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210816-202009/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133252_travis-pastrana-shatters-mt-washington-hillclimb-record-in-862-hp-subaru-wrx-sti">Travis Pastrana shatters Mt. Washington Hillclimb record in 862-hp Subaru WRX STI</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133246_genesis-hints-at-move-into-motorsport-with-trio-of-race-car-concepts">Genesis hints at move into motorsport with trio of race car concepts</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210816-201644/ Mon, 16 Aug 2021 20:16:44 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210816-201644/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/08/hospitals-hamstrung-by-ransomware-are-turning-away-patients/">Hospitals hamstrung by ransomware are turning away patients</a><br></p> <hr> The ransomware epidemic continues to grow.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210816-201637/ Mon, 16 Aug 2021 20:16:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210816-201637/ <p>Chaos reigns at Kabul airport, where several people were killed and thousands of Afghans thronged hoping to escape <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific/talibans-rapid-advance-across-afghanistan-2021-08-10/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/kabul-evacuations-stall-amid-runway-chaos-as-u-s-denounced-for-pullout-idUSKBN2FG01T">Kabul evacuations stall amid runway chaos as U.S. denounced for pullout</a><br></p> <hr> KABUL (Reuters) -Thousands of civilians desperate to flee Afghanistan thronged Kabul airport's single runway on Monday after the Taliban seized the capital, prompting the United States to suspend evacuations as it came under mounting criticism at home over its pullout.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-women/afghans-will-not-tolerate-womens-removal-from-society-mp-says-idUSKBN2FH20Z">Afghans will not tolerate women's removal from society, MP says</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-jalali/former-afghan-minister-says-he-was-not-considered-as-transitional-president-idUSKBN2FH23K">Former Afghan minister says he was not considered as transitional president</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210816-201127/ Mon, 16 Aug 2021 20:11:27 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210816-201127/ One On One with A & Z is back tonight at 7pm PST on @Clubhouse! <a rel="noreferrer" target="_blank" href="https://t.co/63srZPjEHr"><a href="https://t.co/63srZPjEHr">https://t.co/63srZPjEHr</a></a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210816-162031/ Mon, 16 Aug 2021 16:20:31 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210816-162031/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133242_artcenter-college-of-design-students-imagine-the-lincoln-of-the-future">ArtCenter College of Design students imagine the Lincoln of the future</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132571_ford-shelby-cobra-concept-fetches-2-64m-at-monterey-auction">Ford Shelby Cobra concept fetches $2.64M at Monterey auction</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210816-161645/ Mon, 16 Aug 2021 16:16:44 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210816-161645/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/kabul-airport-chaos-stalls-evacuations-amid-criticism-of-u-s-pullout-idUSKBN2FG01T">Kabul airport chaos stalls evacuations amid criticism of U.S. pullout</a><br></p> <hr> KABUL (Reuters) -Thousands of civilians desperate to flee Afghanistan thronged Kabul airport on Monday after the Taliban seized the capital, prompting the U.S. military to suspend evacuations as the United States came under mounting criticism at home over its pullout.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/as-storm-looms-medics-rush-to-hospitals-overrun-by-haiti-quake-idUSKBN2FH1FY">As storm looms, medics rush to hospitals overrun by Haiti quake</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210816-121951/ Mon, 16 Aug 2021 12:19:51 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210816-121951/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133240_gunther-werks-shows-off-993-speedster-in-monterey">Gunther Werks shows off 993 Speedster in Monterey</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133118_rights-to-first-2022-acura-nsx-type-s-receives-1m-final-bid">Rights to first 2022 Acura NSX Type S receives $1M final bid</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133239_1938-mercedes-benz-540k-best-of-show-2021-pebble-beach-concours">1938 Mercedes-Benz 540K wins Best of Show at 2021 Pebble Beach Concours</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210816-121818/ Mon, 16 Aug 2021 12:18:18 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210816-121818/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/08/16/technology/twitter-culture-change-conflict.html">Culture Change and Conflict at Twitter Two years ago, the company brought in a blunt executive to make things move faster and to promote diversity. Then the problems began. By Kate Conger</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210816-121626/ Mon, 16 Aug 2021 12:16:26 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210816-121626/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/five-killed-at-chaotic-afghan-airport-as-taliban-proclaim-peace-idUSKBN2FG01T">Five killed at chaotic Afghan airport as Taliban proclaim peace</a><br></p> <hr> KABUL (Reuters) -Five people were killed in chaos at Kabul airport on Monday, witnesses said, as people tried to flee a day after Taliban insurgents seized the Afghan capital and declared the war against foreign and local forces over.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-mood/kabuls-former-green-zone-abandoned-as-diplomats-flee-afghan-capital-idUSKBN2FH0E0">Kabul's former 'Green Zone' abandoned as diplomats flee Afghan capital</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210816-081919/ Mon, 16 Aug 2021 08:19:19 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210816-081919/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132865_time-capsule-1995-mclaren-f1-with-242-miles-headed-to-auction">Time capsule 1995 McLaren F1 with 243 miles sells for more than $20M</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210816-081611/ Mon, 16 Aug 2021 08:16:11 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210816-081611/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/afghanistan-is-peaceful-taliban-say-chaos-engulfs-airport-idUSKBN2FG01T">Afghanistan is peaceful, Taliban say, chaos engulfs airport</a><br></p> <hr> KABUL (Reuters) -Peace prevailed across Afghanistan on Monday, Taliban officials said, as the militants declared the war over a day after seizing the capital, while Western nations scrambled to evacuate their citizens from an increasingly chaotic Kabul airport.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-malaysia-politics/malaysias-king-keeps-muhyiddin-as-interim-pm-after-resignation-idUSKBN2FH01U">Malaysia's king keeps Muhyiddin as interim PM after resignation</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210816-042017/ Mon, 16 Aug 2021 04:20:17 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210816-042017/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1129473_2022-jeep-wagoneer-price-specs-review-photos-info">First drive review: 2022 Jeep Wagoneer sets new standards for American luxury and capability</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210816-041651/ Mon, 16 Aug 2021 04:16:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210816-041651/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-declares-war-is-over-as-president-and-diplomats-flee-kabul-idUSKBN2FG01T">Taliban declares 'war is over' as president and diplomats flee Kabul</a><br></p> <hr> The Taliban declared the war in Afghanistan was over after insurgents took control of the presidential palace in Kabul as U.S.-led forces departed and Western nations scrambled on Monday to evacuate their citizens.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/haiti-hospitals-overwhelmed-by-quake-victims-as-death-toll-hits-1297-idUSKBN2FG046">Haiti hospitals overwhelmed by quake victims as death toll hits 1,297</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-malaysia-politics/malaysian-pm-expected-to-resign-after-months-of-political-turmoil-idUSKBN2FH01U">Malaysian PM expected to resign after months of political turmoil</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210816-001710/ Mon, 16 Aug 2021 00:17:09 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210816-001710/ <p>More than 1,200 dead, 5,700 injured after Haiti quake as rescuers search for survivors before tropical storm hits <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/americas/haitians-scramble-rescue-survivors-ruins-major-quake-2021-08-15/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-return-to-power-as-president-and-diplomats-flee-kabul-idUSKBN2FG01T">Taliban return to power as president and diplomats flee Kabul</a><br></p> <hr> KABUL (Reuters) -Taliban insurgents were returning to power in Kabul on Monday after a military advance across Afghanistan as U.S-led forces departed, and Western nations stepped up efforts to evacuate their citizens from the capital.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/rescuers-race-to-find-haiti-quake-survivors-as-death-toll-hits-1297-idUSKBN2FG046">Rescuers race to find Haiti quake survivors as death toll hits 1,297</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-taliban/taliban-spokesman-says-war-is-over-in-afghanistan-al-jazeera-idUSKBN2FG0N5">Taliban spokesman says "war is over in Afghanistan" - Al Jazeera</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210815-201752/ Sun, 15 Aug 2021 20:17:51 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210815-201752/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/08/11/competitive-programming-in-haskell-monoidal-accumulation/#comments">4 Comments</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210815-201557/ Sun, 15 Aug 2021 20:15:57 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210815-201557/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-enter-afghan-capital-president-and-diplomats-flee-idUSKBN2FG01T">Taliban enter Afghan capital, president and diplomats flee</a><br></p> <hr> KABUL (Reuters) -Taliban insurgents entered Kabul on Sunday and President Ashraf Ghani left Afghanistan saying he wanted to avoid bloodshed, bringing the Islamist militants close to taking over the country two decades after they were overthrown by a U.S.-led invasion.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-advances-timelin/timeline-the-talibans-rapid-advance-across-afghanistan-idUSKBN2FG03Q">Timeline: The Taliban's rapid advance across Afghanistan</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-zambia-election/zambian-opposition-leader-hichilema-heads-closer-to-victory-in-presidential-vote-idUSKBN2FG0JS">Zambian opposition leader Hichilema heads closer to victory in presidential vote</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210815-161643/ Sun, 15 Aug 2021 16:16:42 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210815-161643/ <p>More than 700 dead after Haiti earthquake as tropical storm looms <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/americas/haitians-scramble-rescue-survivors-ruins-major-quake-2021-08-15/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-want-full-power-after-return-to-afghanistan-capital-idUSKBN2FG01T">Taliban want full power after return to Afghanistan capital</a><br></p> <hr> KABUL (Reuters) -Afghanistan's Taliban entered the capital Kabul on Sunday and Western-backed President Ashraf Ghani left the country, with the insurgents saying they were seeking complete power.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-ghani-profile/ashraf-ghani-departing-afghan-president-who-failed-to-make-peace-with-taliban-idUSKBN2FG0F3">Ashraf Ghani: departing Afghan president who failed to make peace with Taliban</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-blinken/u-s-moves-kabul-embassy-staff-to-airport-as-taliban-enter-afghan-capital-idUSKBN2FG0D7">U.S. moves Kabul embassy staff to airport as Taliban enter Afghan capital</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210815-122013/ Sun, 15 Aug 2021 12:20:13 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210815-122013/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133229_volkswagen-gti-bbs-concept-channels-classic-vw-tuner-builds">Volkswagen GTI BBS concept channels classic VW tuner builds</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210815-121641/ Sun, 15 Aug 2021 12:16:41 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210815-121641/ <p>Taliban enter Afghan capital Kabul as U.S. diplomats evacuate by chopper <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific/us-troops-arrive-afghan-capital-assist-evacuations-2021-08-14/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-enter-afghan-capital-as-us-diplomats-evacuate-by-chopper-idUSKBN2FG01T">Taliban enter Afghan capital as US diplomats evacuate by chopper</a><br></p> <hr> KABUL (Reuters) -Taliban insurgents entered Afghanistan's capital Kabul on Sunday as the United States evacuated diplomats from its embassy by helicopter and a government minister said power would be handed over to an interim administration.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-immigration-mexico-flights/pressed-by-u-s-mexico-hastens-migrant-expulsions-with-flights-south-idUSKBN2FG0B1">Pressed by U.S., Mexico hastens migrant expulsions with flights south</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210815-081715/ Sun, 15 Aug 2021 08:17:14 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210815-081715/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/haitians-scramble-to-rescue-survivors-from-ruins-of-major-quake-idUSKBN2FG046">Haitians scramble to rescue survivors from ruins of major quake</a><br></p> <hr> Haitians labored overnight to pick through shattered buildings in search of friends and relatives trapped in the rubble after a devastating earthquake struck the Caribbean country on Saturday, killing more than 300 people and injuring many more.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-at-door-of-afghan-capital-after-eastern-city-falls-us-starts-evacuating-embassy-idUSKBN2FG01T">Taliban at door of Afghan capital after eastern city falls, US starts evacuating embassy</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-malaysia-politics/malaysia-pm-muhyiddin-to-resign-on-monday-report-idUSKBN2FG040">Malaysia PM Muhyiddin to resign on Monday - report</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210815-041757/ Sun, 15 Aug 2021 04:17:56 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210815-041757/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/afghan-government-seeks-to-hold-capital-as-taliban-takes-jalalabad-idUSKBN2FG01T">Afghan government seeks to hold capital as Taliban takes Jalalabad</a><br></p> <hr> Taliban insurgents took control of the key eastern Afghanistan city of Jalalabad without a fight on Sunday, leaving the territory controlled by the crumbling government to little more than the capital Kabul.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-lebanon-crisis-fuel-explosion/at-least-20-killed-in-lebanon-fuel-tank-explosion-red-cross-idUSKBN2FG00Z">At least 20 killed in Lebanon fuel tank explosion -Red Cross</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210815-001839/ Sun, 15 Aug 2021 00:18:39 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210815-001839/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/afghan-government-seeks-to-hold-last-strongholds-as-taliban-extend-capture-of-cities-idUSKBN2FF03M">Afghan government seeks to hold last strongholds as Taliban extend capture of cities</a><br></p> <hr> KABUL (Reuters) -Taliban fighters captured the major city of Mazar-i-Sharif in northern Afghanistan on Saturday, sending Afghan forces fleeing, and drew closer to Kabul as Western countries scrambled to evacuate their citizens from the capital.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/quake-kills-hundreds-in-haiti-worsening-caribbean-nations-plight-idUSKBN2FF08X">Quake kills hundreds in Haiti, worsening Caribbean nation's plight</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210814-201950/ Sat, 14 Aug 2021 20:19:50 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210814-201950/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133216_acura-integra-nameplate-returns-in-2022">Acura Integra nameplate returns in 2022</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210814-201625/ Sat, 14 Aug 2021 20:16:25 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210814-201625/ <p>At least 227 people dead in Haiti earthquake, hundreds injured or missing <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/environment/magnitude-7-quake-strikes-western-haiti-usgs-2021-08-14/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-capture-major-city-in-northern-afghanistan-draw-closer-to-kabul-idUSKBN2FF03M">Taliban capture major city in northern Afghanistan, draw closer to Kabul</a><br></p> <hr> KABUL (Reuters) -Taliban forces captured a major city in northern Afghanistan on Saturday, sending Afghan forces fleeing, and drew closer to Kabul, where Western countries scrambled to evacuate their citizens from the capital.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/hundreds-killed-in-magnitude-7-2-quake-in-haiti-idUSKBN2FF08X">Hundreds killed in magnitude 7.2 quake in Haiti</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210814-200608/ Sat, 14 Aug 2021 20:06:07 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210814-200608/ “Worried about dirty funds in your BTC address? Come check out Antinalysis, the new address risk analyzer,” reads the service’s announcement, pointing to a link only accessible via <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Tor_(network)">Tor</a> . “This service is dedicated to individuals that have the need to possess complete privacy on the blockchain, offering a perspective from the opponent’s point of view in order for the user to comprehend the possibility of his/her funds getting flagged down under autocratic illegal charges.”<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210814-163320/ Sat, 14 Aug 2021 16:33:19 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210814-163320/ <p>Major earthquake in Haiti felt across Caribbean, U.S. issues tsunami warning <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/environment/magnitude-7-quake-strikes-western-haiti-usgs-2021-08-14/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/afghan-president-in-urgent-talks-as-taliban-take-key-town-near-kabul-idUSKBN2FF03M">Afghan president in urgent talks as Taliban take key town near Kabul</a><br></p> <hr> KABUL (Reuters) -Afghanistan's President Ashraf Ghani held urgent talks with local leaders and international partners on Saturday as Taliban rebels pushed closer to Kabul, capturing a town south of the capital that is one of the gateways to the city.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-investors-analys/analysis-taliban-gains-give-investors-cause-for-concern-beyond-afghanistan-idUSKBN2FF0BN">Analysis-Taliban gains give investors cause for concern beyond Afghanistan</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-quake/major-quake-in-haiti-kills-several-people-reduces-buildings-to-rubble-idUSKBN2FF08X">Major quake in Haiti kills several people, reduces buildings to rubble</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210814-081725/ Sat, 14 Aug 2021 08:17:24 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210814-081725/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/u-s-troops-arrive-in-afghan-capital-to-assist-evacuations-idUSKBN2FF03M">U.S. troops arrive in Afghan capital to assist evacuations</a><br></p> <hr> American troops have flown into Kabul to help evacuate embassy personnel and other civilians in the Afghan capital, a U.S. official said on Saturday, a day after Taliban insurgents seized the country's second- and third-biggest cities.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-china-analysis/analysis-as-taliban-advances-china-lays-groundwork-to-accept-an-awkward-reality-idUSKBN2FF03D">Analysis-As Taliban advances, China lays groundwork to accept an awkward reality</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/sydney-lockdown-extended-statewide-fines-hiked-as-australia-faces-worst-covid-episode-idUSKBN2FE24K">Sydney lockdown extended statewide, fines hiked as Australia faces 'worst' COVID episode</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210814-041749/ Sat, 14 Aug 2021 04:17:48 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210814-041749/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-japan-floods/one-dead-two-missing-as-torrential-rains-slam-japan-risk-alerts-broadened-idUSKBN2FF02I">One dead, two missing as torrential rains slam Japan, risk alerts broadened</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-malaysia-politics/malaysias-opposition-key-ally-reject-pms-offer-for-bipartisan-support-idUSKBN2FF02R">Malaysia's opposition, key ally reject PM's offer for bipartisan support</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210814-041619/ Sat, 14 Aug 2021 04:16:18 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210814-041619/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2020/04/03/does-zoom-use-end-to-end-encryption/">Does Zoom use end-to-end encryption?</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210814-001802/ Sat, 14 Aug 2021 00:18:01 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210814-001802/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-apple-privacy/after-criticism-apple-to-only-seek-abuse-images-flagged-in-multiple-nations-idUSKBN2FE21K">After criticism, Apple to only seek abuse images flagged in multiple nations</a><br></p> <hr> After a week of criticism over a its planned new system for detecting images of child sex abuse, Apple Inc said on Friday that it will hunt only for pictures that have been flagged by clearinghouses in multiple countries.<br> https://www.whatsupup.com/blog/phonic/shopboy/20210814-001212/ Sat, 14 Aug 2021 00:12:11 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210814-001212/ Marc Andreessen <a rel="noreferrer" target="_blank" href="https://twitter.com/pmarca">@pmarca</a><br> Ben Horowitz @bhorowitz and I will be back with our Clubhouse @joinClubhouse show, "One On One with A & Z", Monday, August 16 at 7:00 PM PST. Brought to you by the Delta Variant. Please suggest great questions for us to answer by replying to this tweet!<br> https://www.whatsupup.com/blog/ideo/fleury/20210814-000713/ Sat, 14 Aug 2021 00:07:13 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210814-000713/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/new-anti-anti-money-laundering-services-for-crooks/">New Anti Anti-Money Laundering Services for Crooks</a><br></p> <hr> A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed “ Antinalysis,” the service purports to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people.<br> Sample provided by Antinalysis.<br> “Worried about dirty funds in your BTC address? Come check out Antinalysis, the new address risk analyzer,” reads the service’s announcement, pointing to a link only accessible via ToR. “This service is dedicated to individuals that have the need to possess complete privacy on the blockchain, offering a perspective from the opponent’s point of view in order for the user to comprehend the possibility of his/her funds getting flagged down under autocratic illegal charges.”<br> The ad continues:<br> Some people might ask, why go into all that? Just cash out in XMR and be done with it. The problem is, cashing out in Monero raises eyebrows on exchanges and mail by cash method is sometimes risky as well. If you use BTC->XMR->BTC method, you’ll still get flagged down by our services labelled as high risk exchange (not to mention LE and exchanges). Our service provides you with a view from LE/exchange’s perspective of things (with similar accuracy, but quite different approach) that provides you with basic knowledge of how “clean” your address is.”<br> Tom Robinson , co-founder of blockchain intelligence firm <a rel="noreferrer" target="_blank" href="https://www.eliptic.co">Elliptic</a> , said Antinalysis is designed to help crypto money launderers test whether their funds will be identified as proceeds of crime by regulated financial exchanges.<br> “Cryptoassets have become an important tool for cybercriminals,” Robinson <a rel="noreferrer" target="_blank" href="https://www.elliptic.co/blog/cybercriminals-have-built-their-own-blockchain-analytics-tool">wrote</a> . “The likes of ransomware and darknet markets rely on payments being made in Bitcoin and other cryptocurrencies. However, laundering and cashing-out these proceeds is a major challenge.”<br> Cryptocurrency exchanges make use of blockchain analytics tools, he said, to check customer deposits for links to illicit activity. By tracing a transaction back through the blockchain, these tools can identify whether the funds originated from a wallet associated with ransomware or any other criminal activity.<br> “The launderer therefore risks being identified as a criminal and being reported to law enforcement whenever they send funds to a business using such a tool,” Robinson said. “Antinalysis seeks to help crypto launderers to avoid this, by giving them a preview of what a blockchain analytics tool will make of their bitcoin wallet and the funds it contains.”<br> Each lookup at Antinalysis costs roughly USD $3, with a minimum $30 purchase. Other plans go as high as $6,000 for 5,000 requests.<br> Robinson says the creator of Antinalysis is also one of the developers of Incognito Market , a darknet marketplace specializing in the sale of narcotics.<br> “Incognito was launched in late 2020, and accepts payments in both Bitcoin and <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Monero">Monero</a> , a cryptoasset offering heightened anonymity,” he wrote. “The launch of Antinalysis likely reflects the difficulties faced by the market and its vendors in cashing out their Bitcoin proceeds.”<br> Elliptic wasn’t impressed with the quality of the intelligence provided by Antinalysis, saying it performs poorly on detecting links to major darknet markets and other criminal entities. But with countless criminals now making millions from ransomware, there is certainly a vast, untapped market for services that help those folks improve their operational security.<br> “It is also significant because it makes blockchain analytics available to the public for the first time,” Robinson wrote. “To date, this type of analysis has been used primarily by regulated financial service providers.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/new-anti-anti-money-laundering-services-for-crooks/#more-56578">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210813-202120/ Fri, 13 Aug 2021 20:21:20 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210813-202120/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133232_bugatti-bolide-headed-to-production">Bugatti Bolide headed to production</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133223_lamborghini-countach-reborn-as-803-hp-hybrid-supercar">Lamborghini Countach reborn as 803-hp hybrid supercar</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210813-201739/ Fri, 13 Aug 2021 20:17:39 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210813-201739/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-seize-more-afghan-cities-assault-on-capital-kabul-expected-idUSKBN2FE0B3">Taliban seize more Afghan cities, assault on capital Kabul expected</a><br></p> <hr> KABUL (Reuters) -Taliban insurgents have seized Afghanistan's second- and third-biggest cities, local officials said on Friday, as resistance from government forces crumbled and fears grew that an assault on the capital Kabul could be just days away.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-refugees/in-desperation-u-s-scours-for-countries-willing-to-house-afghan-refugees-idUSKBN2FE1Q5">In desperation, U.S. scours for countries willing to house Afghan refugees</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210813-161721/ Fri, 13 Aug 2021 16:17:21 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210813-161721/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-tighten-grip-on-afghanistan-as-all-eyes-turn-to-capital-kabul-idUSKBN2FE0B3">Taliban tighten grip on Afghanistan as all eyes turn to capital Kabul</a><br></p> <hr> KABUL (Reuters) -Taliban insurgents tightened their grip on Afghanistan on Friday, seizing the second- and third-biggest cities and raising fears that an assault on the capital Kabul could be just days away.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-britain-shooting-plymouth/in-rare-british-mass-shooting-gunman-kills-five-including-3-year-old-girl-idUSKBN2FE148">In rare British mass shooting, gunman kills five, including 3-year-old girl</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/08/13/the-week-in-numbers-messi-coin-and-fruga?videoId=734120430&videoChannel=118169">The Week in Numbers: Messi-coin and frugal Google</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210813-122151/ Fri, 13 Aug 2021 12:21:51 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210813-122151/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133217_mini-takes-sustainability-to-the-extreme-with-cooper-se-based-strip-concept">Mini takes sustainability to the extreme with Cooper SE-based Strip concept</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210813-121809/ Fri, 13 Aug 2021 12:18:09 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210813-121809/ <p>Pfizer and Moderna could reap billions from COVID-19 vaccine booster market <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/healthcare-pharmaceuticals/pfizer-moderna-seen-reaping-billions-covid-19-vaccine-booster-market-2021-08-13/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-captures-two-major-cities-tightening-grip-on-afghanistan-idUSKBN2FE0B3">Taliban captures two major cities, tightening grip on Afghanistan</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-herat/afghan-commander-ismail-khan-captured-as-taliban-seize-herat-idUSKBN2FE13R">Afghan commander Ismail Khan captured as Taliban seize Herat</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-britain-shooting-plymouth/english-shooter-killed-five-including-very-young-girl-idUSKBN2FE148">English shooter killed five, including very young girl</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210813-082031/ Fri, 13 Aug 2021 08:20:31 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210813-082031/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133086_open-top-aston-martin-valkyrie-spider-is-closest-representation-to-f1-car-for-the-road">Open-top Aston Martin Valkyrie Spider is ultimate representation of F1 car for the road</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210813-081654/ Fri, 13 Aug 2021 08:16:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210813-081654/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-capture-afghanistans-kandahar-herat-embassies-getting-staff-out-idUSKBN2FE0B3">Taliban capture Afghanistan's Kandahar, Herat; embassies getting staff out</a><br></p> <hr> KABUL (Reuters) -Taliban insurgents tightened their grip on Afghanistan on Friday, wresting control of its second and third biggest cities while Western embassies prepared to send in troops to help evacuate staff from the capital, Kabul.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia-voluntee/pretty-devastating-sydney-councillor-delivers-food-in-lockdown-districts-idUSKBN2FE0J5">'Pretty devastating': Sydney councillor delivers food in lockdown districts</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-britain-emergency-incident/six-people-killed-in-mass-shooting-in-plymouth-england-idUSKBN2FD247">Six people killed in mass shooting in Plymouth, England</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210813-042154/ Fri, 13 Aug 2021 04:21:54 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210813-042154/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133209_2022-bentley-flying-spur-mulliner-takes-its-place-as-the-brand-s-flagship">2022 Bentley Flying Spur Mulliner takes its place as the brand's flagship</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210813-041819/ Fri, 13 Aug 2021 04:18:18 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210813-041819/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-apple-privacy-exclusive/exclusive-apples-child-protection-features-spark-concern-within-its-own-ranks-sources-idUSKBN2FD28E">Exclusive: Apple's child protection features spark concern within its own ranks -sources</a><br></p> <hr> SAN FRANCISCO A backlash over Apple's move to scan U.S. customer phones and computers https://www.reuters.com/world/middle-east/apple-not-pass-icloud-photo-uploads-law-enforcement-if-they-do-not-contain-child-2021-08-06 for child sex abuse images has grown to include employees speaking out internally, a notable turn in a company famed for its secretive culture, as well as provoking intensified protests from leading technology policy groups.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/embassies-get-staff-out-of-afghanistan-as-taliban-claim-two-big-cities-idUSKBN2FE0B3">Embassies get staff out of Afghanistan as Taliban claim two big cities</a><br> <hr> Western embassies and aid agencies began evacuating civilian staff from Afghanistan on Friday after the Taliban claimed to have captured two of its biggest cities in an advance that has raised fears of the collapse of the U.S.-backed government.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/sydney-readies-for-more-military-support-as-delta-sweeps-city-idUSKBN2FD2BQ">Sydney readies for more military support as Delta sweeps city</a><br> https://www.whatsupup.com/blog/boxed/modification/20210813-041534/ Fri, 13 Aug 2021 04:15:33 +0000 https://www.whatsupup.com/blog/boxed/modification/20210813-041534/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#math">math</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#puzzles">puzzles</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#science">science</a><br> Via Hacker News: <a rel="noreferrer" target="_blank" href="https://timroughgarden.org/notes.html">lecture notes</a> from several of Tim Roughgarden’s courses at Stanford, particularly CS269I “Incentives in Computer Science.” They’re worth reading from start to finish. Here are two gems I thought were especially neat.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210813-002229/ Fri, 13 Aug 2021 00:22:29 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210813-002229/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133213_2022-acura-nsx-type-s-debuts-as-600-hp-171-495-swan-song">2022 Acura NSX Type S debuts as 600 hp, $171,495 swan song</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210813-001829/ Fri, 13 Aug 2021 00:18:29 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210813-001829/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-apple-privacy-exclusive/apples-child-protection-features-spark-concern-within-its-own-ranks-sources-idUSKBN2FD28E">Apple's child protection features spark concern within its own ranks -sources</a><br></p> <hr> SAN FRANCISCO (Reuters) -A backlash over Apple's move to scan U.S. customer phones and computers https://www.reuters.com/world/middle-east/apple-not-pass-icloud-photo-uploads-law-enforcement-if-they-do-not-contain-child-2021-08-06 for child sex abuse images has grown to include employees speaking out internally, a notable turn in a company famed for its secretive culture, as well as provoking intensified protests from leading technology policy groups.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/apple-privacy/exclusive-apples-child-protection-features-spark-concern-within-its-own-ranks-sources-idUSL1N2PJ2PU">EXCLUSIVE-Apple's child protection features spark concern within its own ranks -sources</a><br> <hr> SAN FRANCISCO, Aug 12 A backlash over Apple's move to scan U.S. customer phones and computers https://www.reuters.com/world/middle-east/apple-not-pass-icloud-photo-uploads-law-enforcement-if-they-do-not-contain-child-2021-08-06 for child sex abuse images has grown to include employees speaking out internally, a notable turn in a company famed for its secretive culture, as well as provoking intensified protests from leading technology policy groups.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-advance-on-major-afghan-cities-as-u-s-uk-troops-to-aid-evacuations-idUSKBN2FD0GP">Taliban advance on major Afghan cities as U.S., UK troops to aid evacuations</a><br> <hr> KABUL (Reuters) -The United States and Britain said on Thursday they would send thousands of troops to Afghanistan to help evacuate civilians, as the Taliban stood poised for their two biggest military victories since they began a broad offensive in May.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-exclusive/u-s-mobilizes-3000-troops-to-kabul-for-embassy-staff-drawdown-idUSKBN2FD1UV">U.S. mobilizes 3,000 troops to Kabul for embassy staff drawdown</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/sydney-readies-for-tighter-lockdown-rules-as-delta-gains-ground-idUSKBN2FD2BQ">Sydney readies for tighter lockdown rules as Delta gains ground</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210812-202117/ Thu, 12 Aug 2021 20:21:17 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210812-202117/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133086_open-top-aston-martin-valkyrie-spider-is-closest-representation-to-f1-car-for-the-road">Open-top Aston Martin Valkyrie Spider is closest representation to F1 car for the road</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133148_president-joe-biden-said-gm-ceo-promised-he-can-drive-the-first-electric-chevrolet-corvette">President Joe Biden said GM CEO promised he can drive the first electric Chevrolet Corvette</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210812-201729/ Thu, 12 Aug 2021 20:17:29 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210812-201729/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/u-s-british-troops-to-aid-afghan-evacuation-as-taliban-poised-to-take-key-cities-idUSKBN2FD0GP">U.S., British troops to aid Afghan evacuation as Taliban poised to take key cities</a><br></p> <hr> KABUL (Reuters) -The United States and Britain said on Thursday they would send thousands of troops to Afghanistan to protect and help evacuate civilians, as the Taliban stood poised for their two biggest military victories since they began a broad offensive in May.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-exclusive/u-s-to-reduce-kabul-embassy-to-core-staff-add-3000-troops-to-help-idUSKBN2FD1UV">U.S. to reduce Kabul embassy to core staff, add 3,000 troops to help</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-politics-election/canada-pm-trudeau-planning-snap-election-seeks-approval-for-covid-response-sources-idUSKBN2FD1I8">Canada PM Trudeau planning snap election, seeks approval for COVID response - sources</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20210812-201612/ Thu, 12 Aug 2021 20:16:11 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210812-201612/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-02208-z">Why NASA’s Mars rover failed to collect its first rock core</a><br></p> <hr> Intriguing rocks turned out to be too crumbly for Perseverance to drill successfully. It’s moving on to try elsewhere.<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210812-200815/ Thu, 12 Aug 2021 20:08:15 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210812-200815/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/solera-health-customer-story/">Why Solera Health chose Retool over React for internal tools Solera Health chose to build custom apps in Retool instead of using React. Learn how those CRUD apps reduced friction and sped up workflows for customer support agents.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210812-162133/ Thu, 12 Aug 2021 16:21:33 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210812-162133/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133208_2022-ford-gt-heritage-edition-honors-the-earliest-gt40s">2022 Ford GT Heritage Edition honors the earliest GT40s</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131901_2022-polestar-2-price-specs-review-photos-info">Preview: 2022 Polestar 2 adds base model with single motor, 265-mile range</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210812-161957/ Thu, 12 Aug 2021 16:19:57 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210812-161957/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/08/11/competitive-programming-in-haskell-monoidal-accumulation/#comments">1 Comment</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210812-161957/ Thu, 12 Aug 2021 16:19:56 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210812-161957/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/08/12/technology/reddit-new-funding.html">Reddit is valued at more than $10 billion in latest funding round. Just six months ago it was valued at $6 billion. It raised $410 million in its latest round. By Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210812-161754/ Thu, 12 Aug 2021 16:17:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210812-161754/ <p>LIVE NOW: Qatar's Olympic gold medalist Mutaz Barshim speaks with Reuters on Instagram about Tokyo Games <a rel="noreferrer" target="_blank" href="https://www.instagram.com/reuters/live/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-take-strategic-afghan-city-of-ghazni-on-road-to-kabul-idUSKBN2FD0GP">Taliban take strategic Afghan city of Ghazni on road to Kabul</a><br></p> <hr> KABUL (Reuters) -Taliban fighters captured the strategic Afghan city of Ghazni on Thursday, taking them to within 150 km (95 miles) of Kabul following days of fierce clashes as the Islamist group ruled out sharing power with the government.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-citizens/u-s-embassy-in-kabul-urges-u-s-citizens-to-leave-afghanistan-immediately-idUSKBN2FD1MD">U.S. Embassy in Kabul urges U.S. citizens to leave Afghanistan immediately</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-politics-election/canada-pm-trudeau-planning-snap-election-seeks-approval-for-covid-response-idUSKBN2FD1I8">Canada PM Trudeau planning snap election, seeks approval for COVID response</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210812-122024/ Thu, 12 Aug 2021 12:20:24 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210812-122024/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131423_2023-honda-cr-v-spy-shots">2023 Honda CR-V spy shots: Redesign coming for popular crossover</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1123274_production-ready-pininfarina-battista-debuts-at-2021-monterey-car-week">Production-ready Pininfarina Battista debuts at 2021 Monterey Car Week</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210812-121859/ Thu, 12 Aug 2021 12:18:59 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210812-121859/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/08/12/technology/reddit-new-funding.html">Reddit raises $410 million in new funding. By Mike Isaac</a><br></p> <hr> Aug. 12, 2021<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210812-121704/ Thu, 12 Aug 2021 12:17:03 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210812-121704/ <p>Out of Control: How the pandemic laid bare America’s diabetes crisis <a rel="noreferrer" target="_blank" href="https://www.reuters.com/investigates/special-report/usa-diabetes-covid/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-take-strategic-ghazni-city-on-road-to-kabul-idUSKBN2FD0GP">Taliban take strategic Ghazni city on road to Kabul</a><br></p> <hr> KABUL (Reuters) -Taliban fighters in Afghanistan captured the strategic city of Ghazni on Thursday, the ninth provincial capital they have seized in a week and another gain after U.S. intelligence said the insurgents could take the capital Kabul within 90 days.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/08/12/how-covid-19-laid-bare-americas-diabetes?videoId=734073083&videoChannel=118169">How COVID-19 laid bare America's diabetes crisis</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210812-081955/ Thu, 12 Aug 2021 08:19:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210812-081955/ <p>Lionel Messi's financial package in Paris St Germain transfer includes payment in cryptocurrency fan tokens <a rel="noreferrer" target="_blank" href="https://www.reuters.com/lifestyle/sports/exclusive-messis-paris-st-germain-package-includes-crypto-fan-tokens-2021-08-12/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-take-ghazni-city-on-road-to-afghan-capital-idUSKBN2FD0GP">Taliban take Ghazni city on road to Afghan capital</a><br></p> <hr> KABUL (Reuters) -Taliban insurgents captured the city of Ghazni on Thursday, the ninth provincial capital they have seized in a week, as U.S. intelligence said the capital, Kabul, just 150 km to the northeast, could fall to the insurgents within 90 days.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-law/china-signals-crackdown-on-privacy-data-anti-trust-to-go-on-idUSKBN2FD09J">China signals crackdown on privacy, data, anti-trust to go on</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-japan-ship/ship-sailing-under-panama-flag-runs-aground-in-northern-japan-splits-in-two-idUSKBN2FD04K">Ship sailing under Panama flag runs aground in northern Japan, splits in two</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210812-042101/ Thu, 12 Aug 2021 04:21:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210812-042101/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-newzealand/fortress-new-zealand-eyes-opening-to-vaccinated-travellers-early-2022-idUSKBN2FC2GJ">Fortress New Zealand eyes opening to vaccinated travellers early 2022</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-climate-wildfires-mediterranean/at-least-65-killed-in-algerian-wildfires-greece-and-italy-burn-idUSKBN2FC23V">At least 65 killed in Algerian wildfires, Greece and Italy burn</a><br> https://www.whatsupup.com/blog/sited/implore/20210812-042034/ Thu, 12 Aug 2021 04:20:33 +0000 https://www.whatsupup.com/blog/sited/implore/20210812-042034/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/subscription/home-delivery?campaignId=79FKF">Get Home Delivery 50% off</a> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/by/cecilia-kang">Log In</a><br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/subscription/home-delivery?campaignId=79FKF">Get Home Delivery 50% off</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/08/10/world/covid-delta-variant-vaccine/bidens-ire-at-facebook-over-vaccine-falsehoods-was-fueled-by-a-series-of-meetings">Biden’s ire at Facebook over vaccine falsehoods was fueled by a series of meetings. This was featured in live coverage. By Zolan Kanno-Youngs and Cecilia Kang</a><br> <hr> Aug. 10, 2021<br> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/08/10/technology/facebook-vaccine-misinformation.html">Inside the White House-Facebook Rift Over Vaccine Misinformation Frustrations grew behind the scenes among top leaders on both sides, potentially hurting the government’s efforts to overcome the pandemic. By Zolan Kanno-Youngs and Cecilia Kang</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210812-040747/ Thu, 12 Aug 2021 04:07:46 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210812-040747/ Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines.<br> Microsoft said attackers have seized upon <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948">CVE-2021-36948</a> , which is a weakness in the Windows Update Medic service. Update Medic is a new service that lets users repair Windows Update components from a damaged state so that the device can continue to receive updates.<br> Redmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. The flaw is an “elevation of privilege” vulnerability that affects Windows 10 and Windows Server 2019 , meaning it can be leveraged in combination with another vulnerability to let attackers run code of their choice as administrator on a vulnerable system.<br> “CVE-2021-36948 is a privilege escalation vulnerability – the cornerstone of modern intrusions as they allow attackers the level of access to do things like hide their tracks and create user accounts,” said Kevin Breen of <a rel="noreferrer" target="_blank" href="https://www.immersivelabs.com">Immersive Labs</a> . “In the case of ransomware attacks, they have also been used to ensure maximum damage.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/microsoft-patch-tuesday-august-2021-edition/#more-56563">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210812-002558/ Thu, 12 Aug 2021 00:25:58 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210812-002558/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133170_lamborghini-s-bringing-back-the-countach">Lamborghini's bringing back the Countach</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133198_tom-cruise-s-old-1986-porsche-911-targa-is-for-sale">Tom Cruise's old 1986 Porsche 911 Targa is for sale</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1125565_2023-mercedes-benz-amg-c63-wagon-spy-shots-and-video">2023 Mercedes-Benz AMG C63 Wagon spy shots and video: More power, fewer cylinders</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133193_1-400-hp-hongqi-s9-hypercar-to-debut-in-production-form-at-2021-milan-design-week">1,400-hp Hongqi S9 hypercar to debut in production form at 2021 Milan Design Week</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1124450_2022-mercedes-benz-g-class-4x4-squared-spy-shots-video">2022 Mercedes-Benz G-Class 4x4 Squared spy shots and video: Luxury monster truck set for return</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133096_toyota-trademarks-hybrid-max-name-perhaps-for-a-tundra-hybrid">Toyota trademarks Hybrid Max name, perhaps for a Tundra hybrid?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132650_toyota-reveals-more-of-its-redesigned-2022-tundra">Toyota reveals more of its redesigned 2022 Tundra, including rear coil springs</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210812-002415/ Thu, 12 Aug 2021 00:24:15 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210812-002415/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/08/11/competitive-programming-in-haskell-monoidal-accumulation/">Competitive programming in Haskell: monoidal accumulation</a><br></p> <hr> In <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/19/competitive-programming-in-haskell-folding-folds/">my last competitive programming post</a> , I challenged you to solve <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/pleasegofirst">Please, Go First</a> . In that problem, we are presented with a hypothetical scenario with people waiting in a queue for a ski lift. Each person is part of a friend group (possibly just themselves), but friend groups are not necessarily consecutive in line; when someone gets to the top they will wait for the last person in their friend group to arrive before skiing. We are asked to consider how much waiting time could be saved if people start letting others go ahead of them in line as long as it doesn’t cost them any waiting time and decreases the waiting time for the others.<br> There is actually a bit of ambiguity that we need to resolve first; to be honest, it’s not the most well-written problem statement. Consider this scenario, with three people in group and two in group :<br> Consider the person labelled . Should they let pass? Letting pass would not change ’s waiting time: they have to wait for anyway and it does not matter whether they do the waiting at the top or bottom of the mountain. But it would not immediately change ’s waiting time, either: they still have to wait for . What the problem literally says is “someone lets another pass if doing this doesn’t change his own total waiting time, but saves time for the other person”, so taking this literally would seem to imply that in this scenario does not let pass. However, the given example inputs and outputs imply that in this scenario should let pass; indeed, right after doing so, can then let pass as well, which saves time for both and . So in the end, it seems we really want to say something like “ should let pass if it doesn’t increase ’s waiting time and will eventually save time for ”.<br> The solution idea<br> It took me an embarrassingly long time to come up with the following key insight: after doing this process as much as possible, I claim that (1) all the friends within each friend group will be consecutive, and (2) the groups will be sorted by the original position of the last person in each group. To see why claim (2) is true, note that whenever someone is last in their friend group, moving backward in the line always increases their waiting time; so any two people who are both last in their friend group will never pass each other, since it would make the waiting time worse for the one who moves backward. That means the people who are last in their friend group will always remain in the same relative order. As for claim (1), I thought about it for a while and am so far unable to come up with a short, convincing proof, though I still believe it is true (and my solution based on it was accepted). If anyone has a good way to show why this must be true, I’d love to hear about it in the comments.<br> My second key insight is that the total amount of time saved for a given friend group depends only on (1) how many people are in the group and (2) how many places the last person in the group got to move up (although there are other ways to solve the problem; more below). In particular, the total time saved for the group will be the product of these two numbers, times five minutes. It’s irrelevant how many places someone moves if they are not last in their group, because they have to wait until that last person arrives, and it makes no difference if they do their waiting at the top or bottom of the mountain.<br> So here’s my solution, based on the above insights. First, let’s set up the main pipeline to read the input, solve each test case, and produce the output.<br> main = C.interact $ runScanner ( numberOf ( int *> str ) ) >>> map ( solve >>> showB ) >>> C.unlines<br> showB<br> is just a utility function I’ve recently added to my solution template which calls<br> show<br> and then converts the result to a<br> ByteString<br> using<br> pack<br> For a given test case, we need to first do a pass through the lift queue in order to accumulate some information about friend groups: for each group, we need to know how big it is, as well as the index of the last member of the group. In an imperative language, we would make accumulator variables to hold this information (probably two maps, aka dictionaries), and then iterate through the queue, imperatively updating the accumulator variables for each item. We can translate that approach more or less mechanically into Haskell, by having an update function that takes a single item and a tuple of accumulators as input, and returns a new tuple of accumulators as output. This is the <a rel="noreferrer" target="_blank" href="https://gist.github.com/aaronallen8455/5f73e76428bf8ed8566457d032ccf90f">approach taken by Aaron Allen</a> , and sometimes that’s the best way to do something like this. However, in this particular scenario—looping over a list and accumulating some information—the accumulators are often monoidal, which gives us much nicer tools to work with, such as<br> Data.Map.fromListWith (<>)<br> We’ll make a type<br> Group<br> to represent the needed information about a friend group: the number of people and the index of the last person. We can use <a rel="noreferrer" target="_blank" href="https://ghc.gitlab.haskell.org/ghc/doc/users_guide/exts/deriving_via.html">DerivingVia</a> to create an appropriate<br> Semigroup<br> instance for it (in this case we actually don’t need<br> since there is no such thing as an empty group). Note that we use<br> First Int<br> instead of the expected<br> Last Int<br> ; this is explained below.<br> newtype Group = Group { unGroup :: ( Int , Int ) } deriving Semigroup via ( Sum Int , First Int ) deriving Show<br> Now we can write the code to calculate the total time save for a given starting queue.<br> solve :: ByteString -> Int solve ( C.unpack -> queue ) = timeSaved where<br> We first map over the queue and turn each item into a singleton<br> imap<br> is a utility to do an indexed map, with type<br> (Int -> a -> b) -> [a] -> [b]<br> ); then we use<br> M.fromListWith (<>)<br> to build a<br> Map<br> associating each distinct character to a<br> . The<br> instance will take care of summing the number of friends and keeping only the last index in each group. Note that<br> fromListWith<br> is implemented via a left fold, which explains why we needed to use<br> : the list items will actually be combined in reverse order. (Alternatively, we could use<br> M.fromListWith (flip (<>))<br> ; of course, this is only something we need to worry about when using a non-commutative<br> ).<br> groupInfo :: Map Char Group groupInfo = queue >$> imap ( \ i c -> ( c , Group ( 1 , i ) ) ) >>> M.fromListWith ( <> )<br> Now we can sort the queue by index of the last member of each friend group, producing its final form:<br> sortedQueue = sortOn ( ( groupInfo ! ) >>> unGroup >>> snd ) queue<br> Computing the total time saved is now just a matter of figuring out how much each last friend moved and summing the time save for each friend group:<br> timeSaved = sortedQueue >$> zip [ 0 :: Int .. ] -- final positions >>> groupBy ( ( == ) `on` snd ) -- put groups together >>> map ( last >>> timeSaveForGroup ) >>> sum -- get the time save based on the last person in each group timeSaveForGroup ( i , c ) = 5 * size * ( idx - i ) where Group ( size , idx ) = groupInfo ! c<br> This is not the fastest way to solve the problem—in fact, my solution is slowest of the five Haskell solutions so far!—but I wanted to illustrate this technique of accumulating over an array using a<br> M.fromListWith<br> can be used similarly when we need just a single result value rather than a<br> of some sort.<br> Other solutions<br> Several people linked to their own solutions. I already mentioned Aaron Allen’s solution above. <a rel="noreferrer" target="_blank" href="https://github.com/anurudhp/CPHaskell/blob/master/contests/kattis/pleasegofirst.hs">Anurudh Peduri’s solution</a> works by computing the initial and final wait time for each group and subtracting; notably, it simply sorts the groups alphabetically, not by index of the final member of the group. I don’t quite understand it, but I think this works because the initial and final wait times would change by the same amount when permuting the groups in line, so ultimately this cancels out.<br> <a rel="noreferrer" target="_blank" href="https://github.com/TimPut/KattisProblems/blob/master/pleasegofirst.hs">Tim Put’s solution</a> is by far the fastest (and, in my opinion, the cleverest). For each friend in a friend group, it computes the number of people in other friend groups who stand between them and the last person in their group (using a clever combination of functions including<br> ByteString.elemIndices<br> ). Each such person represents a potential time save of 5 minutes, all of which will be realized once the groups are all consecutive. Hence all we have to do is sum these numbers and multiply by 5. It is instructive thinking about why this works. It does not compute the actual time saved by each group, just the potential time save represented by each group. That potential time save might be realized by the group itself (if the last person in the group gets to move up) or by a different group (if someone in the group lets others go ahead of them). Ultimately, though, it does not matter how much time is saved by each group, only the total amount of time saved.<br> Next time: Purple Rain<br> For next time, I invite you to solve <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/purplerain">Purple Rain</a> . This problem has a solution which is “well known” in competitive programming (if you need a hint, ybbx hc Xnqnar’f Nytbevguz); the challenge is to translate it into idiomatic (and, ideally, reusable) Haskell.<br> Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/08/11/competitive-programming-in-haskell-monoidal-accumulation/#respond">Leave a comment</a><br> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/08/11/competitive-programming-in-haskell-monoidal-accumulation/">Competitive programming in Haskell: monoidal accumulation</a><br> https://www.whatsupup.com/blog/gaper/whisky/20210812-002259/ Thu, 12 Aug 2021 00:22:59 +0000 https://www.whatsupup.com/blog/gaper/whisky/20210812-002259/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/08/hopping-on-firefox-91/">Hopping on Firefox 91 →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/08/hopping-on-firefox-91/">Hopping on Firefox 91</a><br> <hr> August is already here, which means so is Firefox 91! For developers, Firefox 91 supports the Visual Viewport API and Intl.DateTimeFormat object additions.<br> https://www.whatsupup.com/blog/buckeroo/doubling/20210812-002258/ Thu, 12 Aug 2021 00:22:58 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210812-002258/ August 11, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/08/11/Debugging-your-new-PL.html">Tips for debugging your new programming language</a><br> August 10, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/08/10/Apple-CSAM-scanning.html">Police to begin regular, warrant-free searches of homes for child abuse material</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210812-002132/ Thu, 12 Aug 2021 00:21:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210812-002132/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-could-take-afghan-capital-within-90-days-after-rapid-gains-u-s-intelligence-idUSKBN2FC0I8">Taliban could take Afghan capital within 90 days after rapid gains -U.S. intelligence</a><br></p> <hr> WASHINGTON/KABUL (Reuters) -Taliban fighters could isolate Afghanistan's capital in 30 days and possibly take it over within 90, a U.S. defence official cited U.S. intelligence as saying, as the resurgent militants made more advances across the country.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-taliban/taliban-denies-killing-civilians-calls-for-independent-inquiry-idUSKBN2FC2B7">Taliban denies killing civilians, calls for independent inquiry</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-poland-media/polish-lower-house-passes-media-reform-bill-which-u-s-denounces-idUSKBN2FC0LS">Polish lower house passes media reform bill, which U.S. denounces</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210812-001822/ Thu, 12 Aug 2021 00:18:21 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210812-001822/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/08/allstar-continuous-security-policy.html">AllStar: Continuous Security Policy Enforcement for GitHub Projects</a><br></p> <hr> Posted by Mike Maraya, Google Open Source Security Team<br> As an active member of the open source software (OSS) community, Google recognizes the growing threat of software supply chain <a rel="noreferrer" target="_blank" href="https://www.sonatype.com/hubfs/Corporate/Software%20Supply%20Chain/2020/SON_SSSC-Report-2020_final_aug11.pdf#page=7">attacks</a> against OSS we use and develop. Building on our efforts to improve OSS security with an end-to-end framework ( <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html">SLSA</a> ), metrics ( <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/07/measuring-security-risks-in-open-source.html">Scorecards</a> ), and coordinated vulnerability disclosure ( <a rel="noreferrer" target="_blank" href="https://github.com/google/oss-vulnerability-guide">guide</a> ), we are excited to announce <a rel="noreferrer" target="_blank" href="https://github.com/ossf/allstar">Allstar</a> .<br> Allstar is a GitHub app that continuously enforces security policy settings through selectable automated enforcement actions. Allstar is already filing and closing security <a rel="noreferrer" target="_blank" href="https://github.com/search?q=%22Issue+created+by+Allstar.+https%3A%2F%2Fgithub.com%2Fossf%2Fallstar%22&type=issues">issues</a> for <a rel="noreferrer" target="_blank" href="https://www.envoyproxy.io/">Envoy</a> and <a rel="noreferrer" target="_blank" href="https://github.com/GoogleContainerTools">GoogleContainerTools</a> , with more organizations and repositories lined up.<br> See the <a rel="noreferrer" target="_blank" href="https://openssf.org/blog/2021/08/11/introducing-the-allstar-github-app/">OpenSSF announcement</a> for more information on Allstar.<br> https://www.whatsupup.com/blog/alamode/heartsore/20210812-001348/ Thu, 12 Aug 2021 00:13:48 +0000 https://www.whatsupup.com/blog/alamode/heartsore/20210812-001348/ <p><a rel="noreferrer" target="_blank" href="https://signal.org/blog/disappearing-by-default/">Embrace ephemerality with default disappearing messages</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/jimio">jimio</a> on 10 Aug 2021<br> As the norms for how people connect have changed, much of the communication that once took place through the medium of coffee shops, bars, and parks now takes place through the medium of digital devices. One side effect of this shift from analog to digital is the conjoined shift from the ephemeral to the eternal: words once transiently spoken are now – more often than not – data stored forever.<br> We’ve designed Signal so that your data always stays in your hands. We think there’s something special about sharing a private fleeting moment between friends, so Signal also supports disappearing messages. Now, we’ve added the ability to preconfigure all conversations you initiate with a default disappearing messages timer.<br> https://www.whatsupup.com/blog/augur/cussed/20210812-001031/ Thu, 12 Aug 2021 00:10:31 +0000 https://www.whatsupup.com/blog/augur/cussed/20210812-001031/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/behind-the-curtain-how-three-communities-found-success-in-stage-events-fbfae0c7f856?source=collection_home---4------0-----------------------">How Three Discord Communities Found Success in Stage Events</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/behind-the-curtain-how-three-communities-found-success-in-stage-events-fbfae0c7f856?source=collection_home---4------0-----------------------">How Three Discord Communities Found Success in Stage Events Three great communities are here to share their experiences, plus some tips for hosting your own successful Stage events.</a><br> https://www.whatsupup.com/blog/popularization/compilable/20210812-000947/ Thu, 12 Aug 2021 00:09:47 +0000 https://www.whatsupup.com/blog/popularization/compilable/20210812-000947/ <p>I'm an Associate Professor in Computer Science at Brown University. My research is in Human-Computer Interaction, where I am <a rel="noreferrer" target="_blank" href="https://hci.brown.edu">building personalized systems based on user behavior data</a> . These systems are applied to attention, mobile, and health. I am primarily funded by the NSF, NIH, and ARO, and have received the NSF CAREER award, Facebook Fellowship, and ARO Young Investigator Award.<br> My Ph.D. is in Information Science from the University of Washington in Seattle, and my masters and undergraduate degrees are in Computer Science from the University of Illinois at Urbana-Champaign (UIUC). Before joining Brown, I analyzed search behavior at Microsoft Research, Google, Yahoo, and Bing; and co-founded World Blender, a Techstars-backed company that makes geolocation mobile games.<br> <a rel="noreferrer" target="_blank" href="https://hci.brown.edu/">The HCI Group</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://docs.google.com/document/d/1M3MXfClgl03K_Dfn1ZI4REgh96I4HIge8Apc2a6cmvk/edit?usp=sharing">Research Prep</a><br> <hr> Zainab Iftikhar<br> Ji Won Chung<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210810-082856/ Tue, 10 Aug 2021 08:28:55 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210810-082856/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1112267_2022-hyundai-santa-cruz-price-specs-review-photos-info">First drive review: 2022 Hyundai Santa Cruz cures the common crossover blues</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133166_little-car-company-returns-with-3-4-scale-ferrari-250-testa-rossa">Little Car Company returns with 3/4-scale Ferrari 250 Testa Rossa</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1028665_2021-mercedes-benz-s-class-guard-keeps-you-comfy-and-protected">2021 Mercedes-Benz S-Class Guard keeps you comfy...and protected</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133161_czech-brand-praga-signs-first-us-dealership">Czech brand Praga signs first US dealership</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133160_audi-signs-off-on-rs-q-e-tron-hot-weather-testing">Audi signs off on RS Q E-Tron hot-weather testing</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133158_2022-acura-nsx-type-s-2022-cadillac-ct4-v-blackwing-brabham-bt63-gt2-this-week-s-top-photos">2022 Acura NSX Type S, 2022 Cadillac CT4-V Blackwing, Brabham BT63 GT2: This Week's Top Photos</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210810-082503/ Tue, 10 Aug 2021 08:25:02 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210810-082503/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/legal-us-apple-privacy-scanning/apple-says-photos-in-icloud-will-be-checked-by-child-abuse-detection-system-idUSKBN2FA1ZZ">Apple says photos in iCloud will be checked by child abuse detection system</a><br></p> <hr> Apple Inc on Monday said that iPhone users' entire photo libraries will be checked for known child abuse images if they are stored in the online iCloud service.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-canada-schellenberg/china-court-upholds-canadians-death-sentence-as-huawei-executive-fights-extradition-idUSKBN2FB05H">China court upholds Canadian's death sentence as Huawei executive fights extradition</a><br> <hr> A Chinese court upheld on Tuesday a Canadian man's death sentence for drug smuggling a day before another court is due to rule on the case of another Canadian accused of spying.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-northkorea-southkorea-usa/north-korea-says-south-u-s-should-pay-a-price-for-military-drills-idUSKBN2FA25E">North Korea says South, U.S. should 'pay a price' for military drills</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-tighten-control-of-afghan-north-as-residents-weigh-options-idUSKBN2FB0K7">Taliban tighten control of Afghan north as residents weigh options</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210810-082205/ Tue, 10 Aug 2021 08:22:04 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210810-082205/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/08/simplifying-titan-security-key-options.html">Simplifying Titan Security Key options for our users</a><br></p> <hr> Posted by Christiaan Brand, Product Manager, Google Cloud<br> Today we are excited to announce some changes to our lineup of <a rel="noreferrer" target="_blank" href="https://store.google.com/us/product/titan_security_key">Titan Security Keys on the Google Store</a> which provide a simpler experience and make choosing the right security key for you even easier. We will now offer only two types of Titan Security Keys: a USB-A and a USB-C version. Both of these keys have Near Field Communication (NFC) functionality, which allows you to use it with most mobile devices by simply tapping it on the back of your mobile device in order to sign in securely. These keys will be available for all users starting tomorrow, August 10. In 2018, <a rel="noreferrer" target="_blank" href="https://cloud.google.com/blog/products/identity-security/titan-security-keys-now-available-on-the-google-store">Google introduced the Titan Security Key</a> as a direct defense against credential phishing. Phishing occurs when an attacker tries to trick you into giving them your username and password, and it remains one of the easiest and most successful ways of breaching accounts online. Paired with our <a rel="noreferrer" target="_blank" href="https://landing.google.com/advancedprotection/">Advanced Protection Program</a> and its industry-leading automatic protections, the Titan Security Key remains one of the best ways to keep your Google Account safe.<br> Introducing new Titan Security Key options<br> Since NFC functionality is now supported by a wide range of Android phones and iPhones, we are discontinuing the Bluetooth Titan Security Key and focusing on the easier and more widely available NFC capability. However, for existing users with our Bluetooth Titan Security Keys, these will continue to work with Bluetooth and will continue to work as an NFC key on most modern mobile devices. Applicable warranties for existing Bluetooth Titan Security Keys will continue to be honored per their terms. All Titan Security Keys are built with a hardware secure element chip that includes firmware engineered by Google to verify the key’s integrity. If you have a computer with USB-A ports, we recommend you get the USB-A + NFC security key:<br> If you have a computer with USB-C ports, we recommend you get the USB-C + NFC security key:<br> If you have an iPad with a USB-C connector you can use the USB-C Titan Security Key. If you have an iPad with a lightning connector, it’s recommended to get a USB-A Titan Security Key with an <a rel="noreferrer" target="_blank" href="https://www.apple.com/shop/product/MD821AM/A/lightning-to-usb-camera-adapter">Apple Lightning adapter</a> :<br> To purchase a Titan Security Key, visit the <a rel="noreferrer" target="_blank" href="https://store.google.com/us/product/titan_security_key">Google Store</a> . The USB-A+NFC key,which includes a USB-A to USB-C adapter, is available for $30 and the USB-C+NFC key retails for $35.<br> To learn more about how security keys can help protect you against phishing, visit the <a rel="noreferrer" target="_blank" href="https://cloud.google.com/titan-security-key">Titan Security Key product page</a> .<br> https://www.whatsupup.com/blog/giuseppe/fibroma/20210810-082136/ Tue, 10 Aug 2021 08:21:36 +0000 https://www.whatsupup.com/blog/giuseppe/fibroma/20210810-082136/ 2021-08-08 <a rel="noreferrer" target="_blank" href="https://internalregister.github.io/2021/08/08/Another-Homebrew-Console.html">Another ‘Homebrew’ Video Game Console</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20210810-082020/ Tue, 10 Aug 2021 08:20:20 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210810-082020/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/08/05/Western-Electric">Western Electric</a> · At 6:30 PM on Wednesday August 4 th my 15-year-old daughter and I pulled up the Jaguar I-Pace electric car in front of my 91-year-old Mom’s place in Regina, Saskatchewan. I was tired and achey because I’d just finished driving 1,725km (1,072 miles) across two days to see her for the first time since Covid started. I was happy to see Mom, happy about the first road-trip in a long time, and happy to have tested the hypothesis that, in 2021, a fully-electric vehicle can handle long-haul travel <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/08/05/Western-Electric">…</a> [11 comments]<br> https://www.whatsupup.com/blog/sovietizing/ohioan/20210810-081149/ Tue, 10 Aug 2021 08:11:48 +0000 https://www.whatsupup.com/blog/sovietizing/ohioan/20210810-081149/ <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2021/08/04/advancing-advertising-transparency-in-the-us-congress/">Advancing advertising transparency in the US Congress</a> August 4, 2021<br> https://www.whatsupup.com/blog/evildoer/onionskin/20210810-081129/ Tue, 10 Aug 2021 08:11:29 +0000 https://www.whatsupup.com/blog/evildoer/onionskin/20210810-081129/ <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2021/08/04/advancing-advertising-transparency-in-the-us-congress/">Advancing advertising transparency in the US Congress</a> August 4, 2021<br> https://www.whatsupup.com/blog/augur/cussed/20210810-081102/ Tue, 10 Aug 2021 08:11:01 +0000 https://www.whatsupup.com/blog/augur/cussed/20210810-081102/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/nitro-users-now-get-an-enhanced-video-experience-with-three-months-of-youtube-premium-9d86db0a4a7c?source=collection_home---4------0-----------------------">Nitro Users Now Get an Enhanced Video Experience with Three Months of YouTube Premium</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/nitro-users-now-get-an-enhanced-video-experience-with-three-months-of-youtube-premium-9d86db0a4a7c?source=collection_home---4------0-----------------------">Nitro Users Now Get an Enhanced Video Experience with Three Months of YouTube Premium We’ve put together a deal with another amazing streaming service: YouTube Premium.</a><br> https://www.whatsupup.com/blog/popularization/compilable/20210810-081007/ Tue, 10 Aug 2021 08:10:07 +0000 https://www.whatsupup.com/blog/popularization/compilable/20210810-081007/ Links<br> https://www.whatsupup.com/blog/ideo/fleury/20210810-080841/ Tue, 10 Aug 2021 08:08:40 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210810-080841/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/phishing-sites-targeting-scammers-and-thieves/">Phishing Sites Targeting Scammers and Thieves</a><br></p> <hr> I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/about/">the contact form</a> on this site:<br> “Hello I go by the username Nuclear27 on your site Briansclub[.]com ,” wrote “ Mitch ,” confusing me with the proprietor of perhaps the underground’s largest bazaar for stolen credit and identity data. “I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.”<br> The real BriansClub login page.<br> Several things stood out in Mitch’s message. For starters, that is not the actual domain for BriansClub. And it’s easy to see why Mitch got snookered: The real BriansClub site is currently not at the top of search results when one queries that shop name at Google.<br> Also, this greenhorn criminal clearly had bought into BriansClub’s advertising, which uses my name and likeness in a series of ads that run on all the top cybercrime forums. In those ads, a crab with my head on it zigs and zags on the sand. This is all meant to be a big joke: Krebs means “crab” or “cancer” in German, but a “crab” is sometimes used in Russian hacker slang to refer to a “carder,” or a person who regularly engages in street-level credit card fraud. Like Mitch.<br> In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information. That was right after KrebsOnSecurity broke the news that someone had <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2019/10/briansclub-hack-rescues-26m-stolen-cards/">hacked BriansClub and siphoned information on 26 million stolen debit and credit accounts</a> . The hacked BriansClub database had <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2019/10/takeaways-from-the-566m-briansclub-breach/">an estimated collective street value of $566 million</a> , and that data was subsequently shared with thousands of financial institutions.<br> Mitch said he’d just made a deposit of $240 worth of bitcoin at BriansClub[.]com, and was wondering when the funds would be reflected in the balance of his account on the shop.<br> Playing along, I said I was sorry to hear about his ordeal, and asked Mitch if there were any stolen cards issued by a particular bank or to a specific region that he was seeking.<br> Mitch didn’t bite, but neither would he be dissuaded that I was at fault for his wayward funds. He shared a picture showing funds he’d sent to the bitcoin address instructed by BriansClub[.]com — <a rel="noreferrer" target="_blank" href="https://www.blockchain.com/btc/address/1PLALmM5rrmLTGGVRHHTnB6VnZd3FFwh1Z">1PLALmM5rrmLTGGVRHHTnB6VnZd3FFwh1Z</a> — <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/wp-content/uploads/2021/08/mitch.png">using a Bitcoin ATM in Canada</a> .<br> The real BriansClub uses a dodgy virtual currency exchange service based in St. Petersburg, Russia called PinPays . The company’s website has long featured little more than a brand icon and an instant messenger address to reach the proprietor. The fake BriansClub told Mitch the Bitcoin address he was asked to pay was a PinPays address that would change with each transaction.<br> The payment message displayed by the carding site phishing domain BriansClub[.]com.<br> However, upon registering at the phishing site and clicking to fund my account, I was presented with the exact same Bitcoin address that Mitch said he paid. Also, the site wasn’t using PinPays; it was just claiming to do so to further mimic the real BriansClub.<br> According to the Blockchain, that Bitcoin address Mitch paid has received more than a thousand payments over the past five months totaling more than USD $40,000 worth of Bitcoin. Most are relatively small payments like Mitch’s.<br> The screenshot Mitch sent of his deposit.<br> Unwary scammers like Mitch are a dime a dozen, as are phishing sites that spoof criminal services online. Shortly after it came online as a phishing site last year, BriansClub[.]com was hosted at a company in Moscow with just a handful of other domains phishing popular cybercrime stores, including Jstashbazar[.]com, vclub[.]cards, vclubb[.]com and vclub[.]credit.<br> Whoever’s behind these sites is making a decent income fleecing clueless crooks. A review of <a rel="noreferrer" target="_blank" href="https://www.blockchain.com/btc/address/16c3rDKaySmnk5cdnm6xBvSPqs9aZweEG3?page=1">the Bitcoin wallet</a> listed as the payment address for BriansClub[.]org , for example, shows a similar haul: 704 transactions totaling $38,000 in Bitcoin over the past 10 months.<br> “Wow, thanks for ripping me off,” Mitch wrote, after I’d dozed off for the evening without responding to his increasingly strident emails. “Should have spent the last money on my bills I’m trying to pay off. Should have known you were nothing but a thief.”<br> Deciding the ruse had gone too far, I confessed to Mitch that I wasn’t really the administrator of BriansClub, and that the person he’d reached out to was an independent journalist who writes about cybercrime. I told him not to feel bad, as more than a thousand people had been similarly duped by the carding shop.<br> But Mitch did not appear to accept my confession.<br> “If that’s the case then why is your name all over it including in the window that opens up when you go to make a deposit?,” Mitch demanded, referring to the phishing site.<br> Clearly, nothing I said was going to deter Mitch at this point. He asked in a follow-up email if a link he included in the message was indeed the “legitimate” BriansClub address. My only reply was that he should maybe consider another line of work before he got ripped off yet again, or the Royal Canadian Mounted Police showed up at his doorstep. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/phishing-sites-targeting-scammers-and-thieves/#more-56513">Continue reading →</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210808-122523/ Sun, 08 Aug 2021 12:25:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210808-122523/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/taliban-seize-government-buildings-in-afghan-cities-kunduz-sar-e-pul-idUSKBN2F908T">Taliban seize government buildings in Afghan cities Kunduz, Sar-e Pul</a><br></p> <hr> KABUL (Reuters) -Taliban fighters overran two provincial capitals, including the strategic northeastern city of Kunduz and northern Sar-e Pul on Sunday, local officials said, as the insurgents intensified pressure on the north and threatened further cities.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-brazil-usa/biden-envoy-told-brazils-bolsonaro-important-not-to-undermine-elections-source-idUSKBN2F90CK">Biden envoy told Brazil's Bolsonaro important not to undermine elections - source</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210808-082423/ Sun, 08 Aug 2021 08:24:22 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210808-082423/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/hong-kong-minister-signals-path-to-adopting-china-anti-sanctions-law-idUSKBN2F907G">Hong Kong minister signals path to adopting China anti-sanctions law</a><br></p> <hr> Hong Kong's justice secretary said on Sunday that a mainland Chinese law to counter foreign sanctions could also be adopted in the China-ruled city by writing it into Hong Kong's mini-constitution, pending a decision by the Chinese parliament.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-myanmar-politics/anti-military-protests-in-myanmar-on-anniversary-of-1988-uprising-idUSKBN2F907E">Anti-military protests in Myanmar on anniversary of 1988 uprising</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-greece-wildfires/blaze-ravages-evia-island-on-sixth-day-of-greek-wildfires-idUSKBN2F906V">Blaze ravages Evia island on sixth day of Greek wildfires</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210808-042432/ Sun, 08 Aug 2021 04:24:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210808-042432/ <p>Tokyo feared that the Olympic Games would spread COVID-19; numbers suggest that didn't happen <a rel="noreferrer" target="_blank" href="https://www.reuters.com/lifestyle/sports/tokyo-has-shown-pandemic-can-be-beaten-games-health-adviser-says-2021-08-07/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-northkorea-rain/n-koreas-kim-calls-for-relief-campaign-in-rain-hit-areas-idUSKBN2F901P">N.Korea's Kim calls for relief campaign in rain-hit areas</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nicaragua-politics/top-u-s-diplomat-nicaraguas-ortega-clinging-to-power-at-all-costs-idUSKBN2F900G">Top U.S. diplomat: Nicaragua's Ortega clinging to power 'at all costs'</a><br> https://www.whatsupup.com/blog/boxed/modification/20210808-042043/ Sun, 08 Aug 2021 04:20:43 +0000 https://www.whatsupup.com/blog/boxed/modification/20210808-042043/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#implicit-move">implicit-move</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#llvm">llvm</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#proposal">proposal</a><br> A few months ago, Matheus Izvekov implemented my WG21 proposal <a rel="noreferrer" target="_blank" href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2021/p2266r1.html">P2266 “Simpler Implicit Move”</a> in Clang. As of Clang 13, it’s enabled by default under<br> -std=c++2b<br> .<br> We’ve received some feedback from the field already (leading up to the Clang 13 release). Here are the punch lines as far as I can recall. These examples will all appear in P2266R2, whenever I get around to submitting it.<br> Many thanks to Matheus Izvekov for the implementation, and to Stephan Bergmann for reporting these issues! …<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210807-202218/ Sat, 07 Aug 2021 20:22:17 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210807-202218/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/afghan-air-force-pilot-killed-in-kabul-bombing-attack-claimed-by-taliban-idUSKBN2F80L1">Afghan Air Force pilot killed in Kabul bombing, attack claimed by Taliban</a><br></p> <hr> KABUL (Reuters) -An Afghan Air Force pilot was killed by a bomb in Kabul on Saturday, officials said, in an attack claimed by the Taliban.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-myanmar-politics-un/u-s-says-plot-against-myanmar-u-n-envoy-fits-disturbing-pattern-idUSKBN2F80LD">U.S. says plot against Myanmar U.N. envoy fits 'disturbing pattern'</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-lebanon-israel/hezbollah-chief-nasrallah-says-group-could-escalate-its-response-to-israel-idUSKBN2F80MU">Hezbollah chief Nasrallah says group could escalate its response to Israel</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210807-201028/ Sat, 07 Aug 2021 20:10:28 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210807-201028/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/build-a-mongodb-gui-in-minutes/">Build a MongoDB GUI in minutes In this post, we’ll show you how to build a simple yet powerful admin panel for your MongoDB instance. Using MongoDB’s sample data, we’ll demonstrate how to query data, build</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210807-162339/ Sat, 07 Aug 2021 16:23:38 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210807-162339/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-europe-migrants-italy/rescue-ship-carrying-257-migrants-docks-in-sicily-port-idUSKBN2F80HM">Rescue ship carrying 257 migrants docks in Sicily port</a><br></p> <hr> A ship carrying 257 migrants docked in the Italian port of Trapani on Saturday almost a week after rescuing the people from international waters off Tunisia.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-greece-wildfires/greece-battles-wildfires-for-fifth-day-in-nightmarish-summer-idUSKBN2F8074">Greece battles wildfires for fifth day in 'nightmarish summer'</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210807-122757/ Sat, 07 Aug 2021 12:27:57 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210807-122757/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133154_1966-rcr-ford-gt40-replica-stunt-car-from-ford-v-ferrari-heads-to-auction">1966 RCR Ford GT40 replica stunt car from "Ford v. Ferrari" heads to auction</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133107_2022-subaru-forester-wilderness-teased">2022 Subaru Forester Wilderness teased</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210807-122312/ Sat, 07 Aug 2021 12:23:12 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210807-122312/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-thailand-protests/thai-anti-govt-protesters-clash-with-police-in-bangkok-idUSKBN2F809Q">Thai anti-govt protesters clash with police in Bangkok</a><br></p> <hr> More than a thousand Thai anti-government protesters clashed with police on Saturday, as they protested against the government's failure to handle coronavirus outbreaks and its impact on the economy.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-shipping-security-gulf-oman-iran/iran-denies-role-in-tanker-attack-says-seeks-gulf-security-idUSKBN2F808T">Iran denies role in tanker attack, says seeks Gulf security</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-poland-eu-judiciary/poland-to-dissolve-judges-disciplinary-chamber-to-meet-eu-demands-idUSKBN2F8076">Poland to dissolve judges' Disciplinary Chamber to meet EU demands</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210807-082256/ Sat, 07 Aug 2021 08:22:55 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210807-082256/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia-wales/australia-suffers-worst-covid-day-this-year-with-millions-in-lockdown-idUSKBN2F800S">Australia suffers worst COVID day this year with millions in lockdown</a><br></p> <hr> MELBOURNE (Reuters) -Australia saw a record daily number of new coronavirus cases this year on Saturday, with the country's most populous states of New South Wales, Victoria and Queensland recording a total of 361 cases of the highly infectious Delta variant.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-britain-johnson/uk-pm-johnson-wont-isolate-after-staff-members-positive-covid-test-idUSKBN2F806D">UK PM Johnson won't isolate after staff member's positive COVID test</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20210807-082103/ Sat, 07 Aug 2021 08:21:02 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210807-082103/ The sample collected by NASA’s Perseverance rover might be volcanic, helping scientists to understand the red planet's evolution.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210807-042310/ Sat, 07 Aug 2021 04:23:10 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210807-042310/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-border-strike-deal/canadian-government-border-staff-reach-deal-ending-strike-union-idUSKBN2F802D">Canadian government, border staff reach deal, ending strike -union</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-japan-tokyo-stabbing/knife-attacker-on-tokyo-commuter-train-wanted-to-kill-happy-women-nhk-idUSKBN2F801L">Knife attacker on Tokyo commuter train wanted to kill 'happy women'- NHK</a><br> https://www.whatsupup.com/blog/boxed/modification/20210807-041938/ Sat, 07 Aug 2021 04:19:38 +0000 https://www.whatsupup.com/blog/boxed/modification/20210807-041938/ std<br> templates<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#library-design">library-design</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pitfalls">pitfalls</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#sd-8-adjacent">sd-8-adjacent</a><br> I hope by now everybody knows not to forward-declare standard library types. For example, this code ( <a rel="noreferrer" target="_blank" href="https://godbolt.org/z/938oqY4f7">Godbolt</a> ) is wrong:<br> https://www.whatsupup.com/blog/seer/hemisphere/20210807-002713/ Sat, 07 Aug 2021 00:27:13 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210807-002713/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-02166-6">Excitement as Mars rover drills first rock core for return to Earth</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210807-002014/ Sat, 07 Aug 2021 00:20:13 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210807-002014/ 1/ If the last-minute amendment introduced to the infrastructure bill introduced by @MarkWarner passes, it will impose an unworkable reporting requirement on the shoulders of software developers.<br> https://www.whatsupup.com/blog/buckeroo/doubling/20210806-202526/ Fri, 06 Aug 2021 20:25:26 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210806-202526/ August 6, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/08/06/goproxy-breaks-go.html">proxy.golang.org allows many Go packages to be silently broken</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210806-202322/ Fri, 06 Aug 2021 20:23:22 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210806-202322/ <p>U.S. job growth rose solidly in July amid demand for workers in the services industry <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us/us-job-growth-solid-july-unemployment-rate-falls-54-2021-08-06/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/uk-apple-privacy/apple-to-roll-out-photo-checking-system-on-country-by-country-basis-idUSKBN2F720T">Apple to roll out photo checking system on country-by-country basis</a><br></p> <hr> (Reuters) -Apple Inc will roll out a system for checking photos for child abuse imagery on a country-by-country basis, depending on local laws, the company said on Friday.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/legal-us-usa-cyber-providers/kaseya-ransomware-attack-sets-off-race-to-hack-service-providers-researchers-idUSKBN2F42D8">Kaseya ransomware attack sets off race to hack service providers -researchers</a><br> <hr> Aug 03 2021<br> SAN FRANCISCO A ransomware attack in July that paralyzed as many as 1,500 organizations by compromising tech-management software from a company called Kaseya has set off a race among criminals looking for similar vulnerabilities, cyber security experts said.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/resurgent-taliban-take-provincial-capital-kill-afghan-govt-spokesman-idUSKBN2F712F">Resurgent Taliban take provincial capital, kill Afghan govt spokesman</a><br> <hr> KABUL (Reuters) -Taliban insurgents captured an Afghan provincial capital and killed the government's senior media officer in Kabul on Friday amid a deteriorating security situation as U.S. and other foreign troops withdraw.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-response/talibans-actions-wont-help-them-gain-international-legitimacy-white-house-idUSKBN2F7287">Taliban's actions won't help them gain international legitimacy -White House</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-northkorea-sanctions-un/north-korea-developing-nuclear-missile-programs-in-2021-u-n-report-idUSKBN2F727E">North Korea developing nuclear, missile programs in 2021 -U.N. report</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/08/02/disrupted-why-gen-z-is-turning-to-depop?videoId=733666723&videoChannel=118169">Disrupted: Why Gen Z is turning to Depop</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/08/01/will-venices-ban-end-the-cruise-ship-bat?videoId=733634075&videoChannel=118169">Will Venice's ban end the cruise ship battle?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/07/30/the-week-in-numbers-techs-tower-robin-re?videoId=733562112&videoChannel=118169">The Week in Numbers: techs tower, Robin reels</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/07/29/climbing-brothers-shoot-for-olympic-meda?videoId=733524915&videoChannel=118169">Climbing brothers shoot for Olympic medal</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210806-162603/ Fri, 06 Aug 2021 16:26:03 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210806-162603/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133149_mazda-patent-drawing-shows-coupe-resembling-stunning-rx-vision-concept">Mazda patent drawing shows coupe resembling stunning RX-Vision concept</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20210806-161730/ Fri, 06 Aug 2021 16:17:30 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210806-161730/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/08/01/Long-Links">Long Links</a> · Welcome to the August 1st edition of “Long Links”, which assembles long-form pieces that I have the luxury of enjoying due to semi-retirement. Nobody with a real job has time to read all this stuff, but one or two items might enrich your life without burning too many minutes. Note: There was no July 1st Long Links because either I was busier or the world’s long-form authors less prolific in June. Highlights this time out: Taxing wealth, attacking Amazon, guitar music, and God <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/08/01/Long-Links">…</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210806-122713/ Fri, 06 Aug 2021 12:27:13 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210806-122713/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1129224_2022-bmw-m3-touring-spy-shots-and-video">2022 BMW M3 Touring spy shots: Speedy wagon coming, but not to US</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133145_porsche-offers-final-run-of-991-generation-911-gt2-rs-clubsport-to-mark-manthey-racing-partnership">Porsche offers final run of 991-generation 911 GT2 RS Clubsport to mark Manthey-Racing partnership</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133113_dodge-plug-in-hybrid-coming-in-2022">Dodge plug-in hybrid coming in 2022</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210806-082611/ Fri, 06 Aug 2021 08:26:11 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210806-082611/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133144_pagani-huayra-bc-pacchetto-tempesta-arrives-with-816-hp-6-exhaust-tips">Pagani Huayra BC Pacchetto Tempesta arrives with 816 hp, 6 exhaust tips</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210806-002911/ Fri, 06 Aug 2021 00:29:11 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210806-002911/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133139_2022-lexus-gx-price-specs-review-photos-info">Preview: 2022 Lexus GX gets new tech and Black Line Special Edition</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133130_morgan-gets-into-the-overlanding-spirit-with-plus-four-cx-t">Morgan gets into the overlanding spirit with Plus Four CX-T</a><br> https://www.whatsupup.com/blog/augur/cussed/20210806-001048/ Fri, 06 Aug 2021 00:10:47 +0000 https://www.whatsupup.com/blog/augur/cussed/20210806-001048/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/an-update-on-racial-equity-at-discord-through-inclusion-diversity-and-purpose-efforts-1c1b76bac47c?source=collection_home---4------0-----------------------">An Update on Racial Equity at Discord Through Inclusion, Diversity and Purpose Efforts</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/an-update-on-racial-equity-at-discord-through-inclusion-diversity-and-purpose-efforts-1c1b76bac47c?source=collection_home---4------0-----------------------">An Update on Racial Equity at Discord Through Inclusion, Diversity and Purpose Efforts Our work to prevent Discord from being used for hate and violence is never done. It’s vital that we continue to hold ourselves accountable.</a><br> <hr> Aug 5<br> https://www.whatsupup.com/blog/effete/washstand/20210805-203127/ Thu, 05 Aug 2021 20:31:27 +0000 https://www.whatsupup.com/blog/effete/washstand/20210805-203127/ × Close<br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210805-202522/ Thu, 05 Aug 2021 20:25:21 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210805-202522/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2012/04/05/icloud-who-holds-key/">iCloud: Who holds the key?</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210805-162537/ Thu, 05 Aug 2021 16:25:37 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210805-162537/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133133_czinger-claims-21c-prototype-already-laps-laguna-seca-2s-faster-than-a-mclaren-senna">Czinger claims 21C prototype already laps Laguna Seca 2s faster than a McLaren Senna</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20210805-162233/ Thu, 05 Aug 2021 16:22:32 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210805-162233/ August 5, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/08/05/In-praise-of-Postgres.html">In praise of PostgreSQL</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210805-122629/ Thu, 05 Aug 2021 12:26:29 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210805-122629/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133128_brabham-bt63-gt2-ready-to-start-racing-in-2022">Brabham BT63 GT2 ready to start racing in 2022</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132677_watch-the-2022-audi-rs-3-lap-the-ring-in-7-40">Watch the 2022 Audi RS 3 lap the 'Ring in 7:40</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133127_2023-bmw-8-series-spy-shots">2023 BMW 8-Series spy shots: Mid-cycle update for mega coupe</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210805-122148/ Thu, 05 Aug 2021 12:21:47 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210805-122148/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/08/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown/">Critical Cobalt Strike bug leaves botnet servers vulnerable to takedown</a><br></p> <hr> New exploit available for download lets hackers crash Cobalt Strike team servers.<br> https://www.whatsupup.com/blog/ideo/fleury/20210805-120822/ Thu, 05 Aug 2021 12:08:22 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210805-120822/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/">Ransomware Gangs and the Name Game Distraction</a><br></p> <hr> It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation.<br> A rough timeline of major ransomware operations and their reputed links over time.<br> Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one’s demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere.<br> Cybercriminal syndicates also perform similar disappearing acts whenever it suits them. These organizational reboots are an opportunity for ransomware program leaders to set new ground rules for their members — such as which types of victims aren’t allowed (e.g., hospitals, governments, critical infrastructure), or how much of a ransom payment an affiliate should expect for bringing the group access to a new victim network.<br> I put together the above graphic to illustrate some of the more notable ransom gang reinventions over the past five years. What it doesn’t show is what we already know about the cybercriminals behind many of these seemingly disparate ransomware groups, some of whom were pioneers in the ransomware space almost a decade ago. We’ll explore that more in the latter half of this story.<br> One of the more intriguing and recent revamps involves DarkSide , the group that extracted a $5 million ransom from Colonial Pipeline earlier this year, only to watch <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/justice-dept-claws-back-2-3m-paid-by-colonial-pipeline-to-ransomware-gang/">much of it get clawed back in an operation by the U.S. Department of Justice</a> .<br> After acknowledging someone had also seized their Internet servers, DarkSide <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/">announced it was folding</a> . But a little more than a month later, a new ransomware affiliate program called BlackMatter emerged, and experts quickly <a rel="noreferrer" target="_blank" href="https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/">determined</a> BlackMatter was using the same unique encryption methods that DarkSide had used in their attacks.<br> DarkSide’s demise roughly coincided with that of REvil , a long-running ransomware group that claims to have extorted more than $100 million from victims. REvil’s last big victim was Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. That attack let REvil deploy ransomware to as many as 1,500 organizations that used Kaseya.<br> REvil demanded a whopping $70 million to release a universal decryptor for all victims of the Kaseya attack. Just days later, President Biden <a rel="noreferrer" target="_blank" href="https://www.cnbc.com/2021/07/09/ransomware-biden-presses-putin-to-disrupt-cybercriminals-in-russia.html">reportedly</a> told Russian President Vladimir Putin that he expects Russia to act when the United States shares information on specific Russians involved in ransomware activity.<br> A REvil ransom note.<br> Whether that conversation prompted actions is unclear. But REvil’s victim shaming blog would disappear from the dark web just four days later.<br> Mark Arena , CEO of cyber threat intelligence firm <a rel="noreferrer" target="_blank" href="https://www.intel471.com">Intel 471</a> , said it remains unclear whether BlackMatter is the REvil crew operating under a new banner, or if it is simply the reincarnation of DarkSide.<br> But one thing is clear, Arena said: “Likely we will see them again unless they’ve been arrested.”<br> Likely, indeed. REvil is widely considered a reboot of <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=gandcrab">GandCrab</a> , a prolific ransomware gang that boasted of extorting more than $2 billion over 12 months before abruptly closing up shop in June 2019. “We are living proof that you can do evil and get off scot-free,” Gandcrab bragged.<br> And wouldn’t you know it: Researchers have found GandCrab <a rel="noreferrer" target="_blank" href="https://research.checkpoint.com/2018/gandcrab-ransomware-mindset/">shared key behaviors</a> with Cerber , an early ransomware-as-a-service operation that stopped claiming new victims at roughly the same time that GandCrab came on the scene. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/#more-56464">Continue reading →</a><br> https://www.whatsupup.com/blog/underpeopled/multichannel/20210805-082209/ Thu, 05 Aug 2021 08:22:09 +0000 https://www.whatsupup.com/blog/underpeopled/multichannel/20210805-082209/ <p><a rel="noreferrer" target="_blank" href="https://github.com/">Back to GitHub.com</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/">The GitHub Blog</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/community/">Community</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/company/">Company</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/education/">Education</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/engineering/">Engineering</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/enterprise/">Enterprise</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/policy/">Policy</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/product/">Product</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/security/">Security</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/changelog/">Changelog</a><br> <hr> Search by Keyword<br> Search<br> Primary Menu<br> Posts by<br> Abby Vollmer<br> <a rel="noreferrer" target="_blank" href="https://github.com/vollmera">@vollmera</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/2021-04-08-safe-harbors-for-software-collaboration-part-2/">April 8, 2021</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/2021-04-08-safe-harbors-for-software-collaboration-part-2/">Safe harbors for software collaboration, part 2</a><br> <hr> The modern internet was built on a legal framework of safe harbors for user-generated content. These safe harbors are widely credited with having enabled global internet innovation by protecting online platforms from liability for user<br> <a rel="noreferrer" target="_blank" href="https://github.blog/author/vollmera/">Abby Vollmer</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/2021-02-25-2020-transparency-report/">2020 Transparency Report</a><br> <hr> At GitHub, we put developers first, and we work hard to provide a safe, open, and inclusive platform for code collaboration. This means we are committed to minimizing the disruption of software projects, protecting developer<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2020-11-16-standing-up-for-developers-youtube-dl-is-back/">Standing up for developers: youtube-dl is back</a><br> <hr> Today we reinstated youtube-dl, a popular project on GitHub, after we received additional information about the project that enabled us to reverse a Digital Millennium Copyright Act (DMCA) takedown.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2020-10-15-updates-to-our-terms-of-service-and-our-privacy-statement/">Updates to our Terms of Service and Privacy Statement</a><br> <hr> We regularly update our policies to reflect the evolution of our products, changing legal requirements, and user feedback. In this update, we’ve made some changes to our Terms of Service, Privacy Statement, and other site<br> As policymakers grapple with how to address hate speech and disinformation on the internet, they’re eying the legal structure underpinning collaborative software development: legal safe harbors. These safe harbors protect online platforms from liability for<br> We’re excited to share GitHub’s 2019 Transparency Report, a by-the-numbers look at how we handle requests for user data and moderate content on GitHub.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2019-06-25-github-scores-high-in-content-moderation-report/">GitHub scores high in content moderation report</a><br> <hr> See how GitHub protects users against online censorship.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2019-04-17-github-shares-lessons-learned-from-eu-copyright-directive-at-us-dmca-roundtable/">GitHub shares lessons learned from EU Copyright Directive at US DMCA roundtable</a><br> <hr> Find out what we shared at the US Copyright Office based on our experience with the EU Copyright Directive.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2019-03-20-our-contribution-to-the-united-nations-report-on-free-assembly-and-association-online/">Our contribution to the United Nations report on free assembly and association online</a><br> <hr> Read about how collaboration on GitHub connects to free assembly and association online as part of our input to the United Nations Human Rights Council.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2019-02-13-the-eu-copyright-directive-what-happens-from-here/">The EU Copyright Directive: what happens from here</a><br> <hr> The EU Copyright Directive has come down to a final vote. Read on for more on what’s at stake and how the developer community shaped the debate.<br> Previous 1 <a rel="noreferrer" target="_blank" href="https://github.blog/author/vollmera/page/2/">2</a> <a rel="noreferrer" target="_blank" href="https://github.blog/author/vollmera/page/3/">3</a> <a rel="noreferrer" target="_blank" href="https://github.blog/author/vollmera/page/2/">Next</a><br> Product<br> <a rel="noreferrer" target="_blank" href="https://github.com/features">Features</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/pricing">Pricing</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://resources.github.com/">Resources</a><br> <hr> Platform<br> <a rel="noreferrer" target="_blank" href="https://developer.github.com/">Developer API</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://partner.github.com/">Partners</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://atom.io/">Atom</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.electronjs.org/">Electron</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://desktop.github.com/">GitHub Desktop</a><br> <hr> Support<br> <a rel="noreferrer" target="_blank" href="https://docs.github.com/">Docs</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.community/">Community Forum</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://services.github.com/">Training</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.githubstatus.com/">Status</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://support.github.com/">Contact</a><br> <hr> Company<br> <a rel="noreferrer" target="_blank" href="https://github.com/about">About</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/">Blog</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/about/careers">Careers</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/about/press">Press</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://shop.github.com/">Shop</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://twitter.com/github">Github Twitter link</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.facebook.com/GitHub">Github Facebook link</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.youtube.com/github">Github Youtube link</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.linkedin.com/company/github">Github LinkedIn link</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/github">Github link</a><br> <hr> © 2021 GitHub, Inc.<br> <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/github/site-policy/github-terms-of-service">Terms</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/github/site-policy/github-privacy-statement">Privacy</a><br> https://www.whatsupup.com/blog/hardened/twinkled/20210805-082204/ Thu, 05 Aug 2021 08:22:03 +0000 https://www.whatsupup.com/blog/hardened/twinkled/20210805-082204/ <p><a rel="noreferrer" target="_blank" href="https://github.com/">Back to GitHub.com</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/">The GitHub Blog</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/community/">Community</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/company/">Company</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/education/">Education</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/engineering/">Engineering</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/enterprise/">Enterprise</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/policy/">Policy</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/product/">Product</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/category/security/">Security</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/changelog/">Changelog</a><br> <hr> Search by Keyword<br> Search<br> Primary Menu<br> Posts by<br> Nat Friedman<br> <a rel="noreferrer" target="_blank" href="https://github.com/nat">@nat</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/2021-06-29-introducing-github-copilot-ai-pair-programmer/">June 29, 2021</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/author/nat/">Nat Friedman</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/2021-04-19-open-source-goes-to-mars/">Open source goes to Mars</a><br> <hr> This morning, we watched in awe as the first Mars Helicopter, Ingenuity, took flight in the thin Martian atmosphere. This is an incredible achievement for the teams at NASA and the Jet Propulsion Lab (JPL).<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2021-01-05-advancing-developer-freedom-github-is-fully-available-in-iran/">Advancing developer freedom: GitHub is fully available in Iran</a><br> <hr> Today we are announcing a breakthrough: we have secured a license from the US government to offer GitHub to developers in Iran. This includes all services for individuals and organizations, private and public, free and paid.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2020-12-17-no-cookie-for-you/">No cookie for you</a><br> <hr> Good news: we removed all cookie banners from GitHub! No one likes cookie banners. But cookie banners are everywhere. So how did we pull this off? Well, EU law requires you to use cookie<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2020-04-14-github-is-now-free-for-teams/">GitHub is now free for teams</a><br> <hr> Every developer and team can now get private repositories with unlimited collaborators at no cost with GitHub Free, and we reduced prices for some of our paid plans.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2020-03-16-npm-is-joining-github/">npm is joining GitHub</a><br> <hr> We’re excited to announce that npm will be joining GitHub.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2019-10-09-github-and-us-government-developers/">GitHub and US Government developers</a><br> <hr> At GitHub, we believe in empowering developers around the world. We also believe in basic human rights and treating people with respect and dignity. Today, I wanted to share a message I sent to all employees yesterday that is related to this, as it is important that we share our views on immigration policy with the world and not just internally with employees.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2019-09-18-github-welcomes-semmle/">Welcoming Semmle to GitHub</a><br> <hr> Today we’re announcing a big step in securing the open source supply chain: we’re welcoming Semmle to the GitHub.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2019-08-08-github-actions-now-supports-ci-cd/">GitHub Actions now supports CI/CD, free for public repositories</a><br> <hr> Since we introduced GitHub Actions last year, the response has been phenomenal, and developers have created thousands of inspired workflows. But we’ve also heard clear feedback from almost everyone: you want CI/CD! And that’s what we’re announcing today.<br> <a rel="noreferrer" target="_blank" href="https://github.blog/2019-05-23-building-an-interconnected-community-together/">Building an interconnected community, together</a><br> <hr> Today, we joined hundreds of developers in Berlin for GitHub Satellite, our global developer conference. To celebrate our interconnected community, we launched GitHub Sponsors to help support open source maintainers and contributors, released new security features to enable more secure software development from start to finish, and introduced new capabilities that address the needs of enterprises and large organizations.<br> Previous 1 <a rel="noreferrer" target="_blank" href="https://github.blog/author/nat/page/2/">2</a> <a rel="noreferrer" target="_blank" href="https://github.blog/author/nat/page/2/">Next</a><br> Product<br> <a rel="noreferrer" target="_blank" href="https://github.com/features">Features</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/pricing">Pricing</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://resources.github.com/">Resources</a><br> <hr> Platform<br> <a rel="noreferrer" target="_blank" href="https://developer.github.com/">Developer API</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://partner.github.com/">Partners</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://atom.io/">Atom</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.electronjs.org/">Electron</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://desktop.github.com/">GitHub Desktop</a><br> <hr> Support<br> <a rel="noreferrer" target="_blank" href="https://docs.github.com/">Docs</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.community/">Community Forum</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://services.github.com/">Training</a><br&gt; <hr> <a rel="noreferrer" target="_blank" href="https://www.githubstatus.com/">Status</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://support.github.com/">Contact</a><br> <hr> Company<br> <a rel="noreferrer" target="_blank" href="https://github.com/about">About</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.blog/">Blog</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/about/careers">Careers</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/about/press">Press</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://shop.github.com/">Shop</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://twitter.com/github">Github Twitter link</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.facebook.com/GitHub">Github Facebook link</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.youtube.com/github">Github Youtube link</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.linkedin.com/company/github">Github LinkedIn link</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/github">Github link</a><br> <hr> © 2021 GitHub, Inc.<br> <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/github/site-policy/github-terms-of-service">Terms</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/github/site-policy/github-privacy-statement">Privacy</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210805-081521/ Thu, 05 Aug 2021 08:15:20 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210805-081521/ Kathryn Haun <a rel="noreferrer" target="_blank" href="https://twitter.com/katie_haun">@katie_haun</a><br> We @a16z (@bhorowitz, @pmarca, myself & @cdixon) just sent a letter to @SenSchumer and @LeaderMcConnell in support of the bipartisan Wyden-Lummis-Toomey Amendment to the Infrastructure Bill <a rel="noreferrer" target="_blank" href="https://t.co/980hP7kdlT"><a href="https://t.co/980hP7kdlT">https://t.co/980hP7kdlT</a></a> <a rel="noreferrer" target="_blank" href="https://t.co/K6zmT22ink"><a href="https://t.co/K6zmT22ink">https://t.co/K6zmT22ink</a></a><br> https://www.whatsupup.com/blog/effete/washstand/20210805-042655/ Thu, 05 Aug 2021 04:26:54 +0000 https://www.whatsupup.com/blog/effete/washstand/20210805-042655/ <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog">× Close</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210805-042632/ Thu, 05 Aug 2021 04:26:32 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210805-042632/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133118_first-2022-acura-nsx-type-s-headed-to-auction">First 2022 Acura NSX Type S headed to auction</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133115_bespoke-mclaren-speedtail-combines-two-very-special-colors">Bespoke McLaren Speedtail combines two very special colors</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1121646_5-000-hp-devel-sixteen-not-dead-prototype-starts-track-tests">5,000-hp Devel Sixteen not dead, prototype starts track tests</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1123274_production-ready-pininfarina-battista-heads-to-2021-monterey-car-week">Production-ready Pininfarina Battista heads to 2021 Monterey Car Week</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1128705_2022-volkswagen-tiguan-review-price-photos-specs-info">2022 Volkswagen Tiguan preview: Update for compact crossover with a light touch for $27,190</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132294_bruce-canepa-drives-a-porsche-917k-on-the-street">Bruce Canepa drives a Porsche 917K on the street</a><br> https://www.whatsupup.com/blog/gaper/whisky/20210805-042403/ Thu, 05 Aug 2021 04:24:02 +0000 https://www.whatsupup.com/blog/gaper/whisky/20210805-042403/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/08/mdns-autocomplete-search/">How MDN’s autocomplete search works →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/08/mdns-autocomplete-search/">How MDN’s autocomplete search works</a><br> <hr> Last month, Gregor Weber and Peter Bengtsson added an autocomplete search to MDN Web Docs, that allows you to quickly jump straight to the document you're looking for by typing parts of the document title. This is the story about how that's implemented.<br> https://www.whatsupup.com/blog/traveling/splay/20210805-042341/ Thu, 05 Aug 2021 04:23:41 +0000 https://www.whatsupup.com/blog/traveling/splay/20210805-042341/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/08/03/science/trinity-site-atomic-fat-man.html">Out There Touring Trinity, the Birthplace of Nuclear Dread A recent visit to the site of the first atomic bomb explosion offered desert vistas, (mildly) radioactive pebbles and troubling reflections. By Dennis Overbye</a><br></p> <hr> Aug. 3, 2021<br> https://www.whatsupup.com/blog/disappear/fussy/20210805-042240/ Thu, 05 Aug 2021 04:22:40 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210805-042240/ <p><a rel="noreferrer" target="_blank" href="https://arstechnica.com/information-technology/2021/08/the-state-department-and-3-other-us-agencies-earn-a-d-for-cybersecurity/">The State Department and 3 other US agencies earn a D for cybersecurity</a><br></p> <hr> Two years after a damning cybersecurity report, auditors find little has improved.<br> <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/08/how-to-go-from-stolen-pc-to-network-intrusion-in-30-minutes/">Trusted platform module security defeated in 30 minutes, no soldering required</a><br> <hr> Sometimes, locking down a laptop with the latest defenses isn't enough.<br> https://www.whatsupup.com/blog/underpeopled/multichannel/20210805-042220/ Thu, 05 Aug 2021 04:22:20 +0000 https://www.whatsupup.com/blog/underpeopled/multichannel/20210805-042220/ Error 503 Backend fetch failed<br> Backend fetch failed<br> Guru Meditation:<br> XID: 39511034<br> Varnish cache server<br> https://www.whatsupup.com/blog/hardened/twinkled/20210805-042208/ Thu, 05 Aug 2021 04:22:07 +0000 https://www.whatsupup.com/blog/hardened/twinkled/20210805-042208/ Error 503 Backend fetch failed<br> Backend fetch failed<br> Guru Meditation:<br> XID: 369142756<br> Varnish cache server<br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210805-042118/ Thu, 05 Aug 2021 04:21:17 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210805-042118/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/">A riddle wrapped in a curve</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210805-041958/ Thu, 05 Aug 2021 04:19:57 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210805-041958/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/08/linux-kernel-security-done-right.html">Linux Kernel Security Done Right</a><br></p> <hr> Posted by Kees Cook, Software Engineer, Google Open Source Security Team To borrow from an <a rel="noreferrer" target="_blank" href="http://kernsec.org/files/lss2015/giant-bags-of-mostly-water.pdf">excellent analogy</a> between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway, you're not sprayed in the face with oil and gasoline, and you quickly get where you want to go. However, in the face of failure, the car may end up on fire, flying off a cliff. <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/08/linux-kernel-security-done-right.html">Read More</a><br> Posted by Kees Cook, Software Engineer, Google Open Source Security Team To borrow from an <a rel="noreferrer" target="_blank" href="http://kernsec.org/files/lss2015/giant-bags-of-mostly-water.pdf">excellent analogy</a> between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway, you're not sprayed in the face with oil and gasoline, and you quickly get where you want to go. However, in the face of failure, the car may end up on fire, flying off a cliff.<br> As we approach its 30th Anniversary, Linux still remains the largest collaborative development project in the history of computing. The huge community surrounding Linux allows it to do amazing things and run smoothly. What's still missing, though, is sufficient focus to make sure that Linux <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Fail-safe">fails well</a> too. There's a strong link between code robustness and security: making it harder for any bugs to manifest makes it harder for security flaws to manifest. But that's not the end of the story. When flaws do manifest, it's important to handle them effectively.<br> Rather than only taking a one-bug-at-a-time perspective, preemptive actions can stop bugs from having bad effects. With Linux written in <a rel="noreferrer" target="_blank" href="https://outflux.net/slides/2019/lca/danger.pdf">C</a> , it will continue to have a long tail of associated <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/01/data-driven-security-hardening-in.html">problems</a> . Linux must be designed to take proactive steps to defend itself from its own risks. Cars have seat belts not because we want to crash, but because it is guaranteed to happen sometimes. Even though everyone wants a safe kernel running on their computer, phone, car, or <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/github/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#list-of-qualifying-repositories-for-mars-2020-helicopter-contributor-badge">interplanetary helicopter</a> , not everyone is in a position to do something about it. Upstream kernel developers can fix bugs, but have no control over what a downstream vendor chooses to incorporate into their products. End users get to choose their products, but don't usually have control over what bugs are fixed nor what kernel is used (a <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Electronics_right_to_repair">problem</a> in itself). Ultimately, vendors are responsible for keeping their product's kernels safe.<br> What to fix?<br> The statistics of tracking and fixing distinct bugs are sobering. The <a rel="noreferrer" target="_blank" href="http://kroah.com/log/blog/2018/02/05/linux-kernel-release-model/">stable kernel releases</a> ("bug fixes only") each contain close to 100 new fixes per week. Faced with this high rate of change, a vendor can choose to ignore all the fixes, pick out only "important" fixes, or face the daunting task of taking everything.<br> Fix nothing?<br> With the preponderance of malware, botnets, and state surveillance <a rel="noreferrer" target="_blank" href="https://android-developers.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html">targeting flawed software</a> , it's clear that ignoring all fixes is the wrong "solution." Unfortunately this is the very common stance of vendors who see their devices as just a physical product instead of a hybrid product/service that must be regularly <a rel="noreferrer" target="_blank" href="https://datatracker.ietf.org/doc/rfc8996/">updated</a> .<br> Fix important flaws?<br> Between the dereliction of doing nothing and the assumed burden of fixing everything, the traditional vendor choice has been to cherry-pick only the "important" fixes. But what constitutes "important" or even relevant? Just determining whether to implement a fix takes developer time. The prevailing wisdom has been to choose vulnerabilities to fix based on the Mitre <a rel="noreferrer" target="_blank" href="https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=%22linux+kernel%22">CVE</a> list, presuming all important flaws (and therefore fixes) would have an associated CVE. However, given the volume of flaws and their applicability to a particular system, not all security flaws have CVEs assigned, nor are they assigned in a timely manner. Evidence shows that for Linux CVEs, more than 40% had been fixed before the CVE was even assigned, with the average delay being <a rel="noreferrer" target="_blank" href="https://github.com/gregkh/presentation-cve-is-dead">over three months after the fix</a> . Some fixes <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html">went years</a> without having their security impact recognized. On top of this, product-relevant bugs may not even <a rel="noreferrer" target="_blank" href="https://cve.mitre.org/cve/cna/rules.html#section_7_assignment_rules">classify</a> for a CVE. Finally, upstream developers aren't actually interested in <a rel="noreferrer" target="_blank" href="https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html#cve-assignment">CVE assignment</a> ; they spend their limited time actually fixing bugs. A vendor relying on cherry-picking is all but guaranteed to miss important vulnerabilities that others are actively fixing, which is almost worse than doing nothing since it creates the illusion that security updates are being appropriately handled.<br> Fix everything!<br> So what is a vendor to do? The answer is simple, if painful: continuously update to the <a rel="noreferrer" target="_blank" href="https://www.kernel.org/">latest kernel release</a> , either major or stable. Tracking major releases means gaining <a rel="noreferrer" target="_blank" href="https://outflux.net/blog/?s=%22security+things%22">security improvements</a> along with bug fixes, while stable releases are bug fixes only. For example, although modern Android phones ship with kernels that are based on major releases from almost <a rel="noreferrer" target="_blank" href="https://source.android.com/devices/architecture/kernel/android-common#compatibility-matrix">two to four years earlier</a> , Android vendors do now, thankfully, <a rel="noreferrer" target="_blank" href="https://source.android.com/devices/architecture/kernel/releases">track stable kernel releases</a> . So even though the features being added to newer major kernels will be missing, all the latest stable kernel fixes are present. Performing continuous kernel updates (major or stable) understandably faces enormous resistance within an organization due to fear of regressions—will the update break the product? The answer is usually that a vendor doesn't know, or that the update frequency is shorter than their time needed for testing. But the problem with updating is not that the kernel might cause regressions; it's that vendors don't have sufficient test coverage and automation to know the answer. Testing must take priority over individual fixes.<br> Make it happen<br> One question remains: how to possibly support all the work continuous updates require? As it turns out, it’s a simple resource allocation problem, and is more easily accomplished than might be imagined: downstream redundancy can be moved into greater upstream collaboration.<br> More engineers for fixing bugs earlier<br> With vendors using old kernels and backporting existing fixes, their engineering resources are doing redundant work. For example, instead of 10 companies each assigning one engineer to backport the same fix independently, those developer hours could be shifted to upstream work where 10 separate bugs could be fixed for everyone in the Linux ecosystem. This would help address the growing backlog of bugs. Looking at just one source of potential kernel security flaws, the <a rel="noreferrer" target="_blank" href="https://syzkaller.appspot.com/upstream">syzkaller dashboard</a> shows the number of open bugs is currently approaching 900 and growing by about <a rel="noreferrer" target="_blank" href="http://web.archive.org/web/20200812135009/https://syzkaller.appspot.com/upstream">100 a year</a> , even with about <a rel="noreferrer" target="_blank" href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=Reported-by%3A+syzbot%2B">400 a year</a> being fixed.<br> More engineers for code review<br> Beyond just squashing bugs after the fact, more focus on upstream code review will help stem the tide of their introduction in the first place, with benefits extending beyond just the immediate bugs caught. Capable code <a rel="noreferrer" target="_blank" href="https://lwn.net/Articles/718411/">review bandwidth</a> is a limited resource. Without enough <a rel="noreferrer" target="_blank" href="https://kernel-recipes.org/en/2016/talks/maintainers-dont-scale/">people dedicated</a> to upstream code review and subsystem maintenance tasks, the entire kernel development process bottlenecks. Long-term Linux robustness depends on developers, but especially on effective kernel <a rel="noreferrer" target="_blank" href="https://www.linuxfoundation.org/blog/role-of-a-linux-kernel-maintainer/">maintainers</a> . Although there is effort in the industry to <a rel="noreferrer" target="_blank" href="https://training.linuxfoundation.org/linux-kernel-development/">train</a> new developers, this has been traditionally justified only by the "feature driven" jobs they can get. But focusing only on product timelines ultimately leads Linux into the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Tragedy_of_the_commons">Tragedy of the Commons</a> . Expanding the number of maintainers can <a rel="noreferrer" target="_blank" href="https://techdebtpolicy.com/tragedy-of-the-commons/">avoid it</a> . Luckily the "pipeline" for new maintainers is straightforward. Maintainers are built not only from their depth of knowledge of a subsystem's technology, but also from their experience with mentorship of other developers and code review. Training new reviewers must become the norm, motivated by making upstream review part of the job. Today's reviewers become tomorrow's maintainers. If each major kernel subsystem gained four more dedicated maintainers, we could <a rel="noreferrer" target="_blank" href="https://par.nsf.gov/servlets/purl/10106647">double productivity</a> .<br> More engineers for testing and infrastructure<br> Along with more reviewers, improving Linux's <a rel="noreferrer" target="_blank" href="https://www.kernel.org/doc/html/latest/process/development-process.html">development workflow</a> is critical to expanding everyone's ability to contribute. Linux's "email only" workflow is <a rel="noreferrer" target="_blank" href="https://lwn.net/Articles/803619/">showing its age</a> , but the upstream development of more automated <a rel="noreferrer" target="_blank" href="https://patchwork.kernel.org/project/netdevbpf/list/">patch tracking</a> , <a rel="noreferrer" target="_blank" href="https://linux.kernelci.org/job/">continuous integration</a> , <a rel="noreferrer" target="_blank" href="https://github.com/google/syzkaller/issues?q=is%3Aissue+is%3Aopen+label%3A%22syzbot+user+request%22">fuzzing</a> , <a rel="noreferrer" target="_blank" href="https://github.com/google/syzkaller/issues/533">coverage</a> , and <a rel="noreferrer" target="_blank" href="https://www.kernel.org/doc/html/latest/dev-tools/">testing</a> will make the development process significantly more efficient. Additionally, instead of testing kernels after they're released, it's more effective to test during development. When tests are performed against unreleased kernel versions (e.g. <a rel="noreferrer" target="_blank" href="https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git">linux-next</a> ) and <a rel="noreferrer" target="_blank" href="https://groups.io/g/kernelci/message/1142">reported upstream</a> , developers get immediate feedback about bugs. Fixes can be developed before a flaw is ever actually released; it's always easier to <a rel="noreferrer" target="_blank" href="https://www.ministryoftesting.com/dojo/lessons/ten-reasons-why-you-fix-bugs-as-soon-as-you-find-them">fix a bug earlier than later</a> . This " <a rel="noreferrer" target="_blank" href="https://www.ibrahimatlinux.com/uploads/6/3/9/7/6397792/03.pdf">upstream first</a> " approach to product kernel development and testing is extremely efficient. Google has been successfully doing this with <a rel="noreferrer" target="_blank" href="https://lwn.net/Articles/798147/">Chrome OS</a> and <a rel="noreferrer" target="_blank" href="https://lwn.net/Articles/771974/">Android</a> for a while now, and is hardly alone in the industry. It means feature development happens against the latest kernel, and devices are similarly tested as close as possible to the latest upstream kernels, all avoiding duplicated "in-house" effort.<br> More engineers for security and toolchain development<br> Besides dealing reactively to individual bugs and existing maintenance needs, there is also the need to proactively eliminate entire classes of flaws, so developers cannot introduce these types of bugs ever again. Why fix the same kind of security vulnerability 10 times a year when we can stop it from ever appearing again? Over the last few years, various fragile language features and kernel APIs have been eliminated or replaced (e.g. <a rel="noreferrer" target="_blank" href="https://git.kernel.org/linus/0bb95f80a38f82884693194ea720e9cca5e12ada">VLAs</a> , <a rel="noreferrer" target="_blank" href="https://git.kernel.org/linus/a035d552a93bb9ef6048733bb9f2a0dc857ff869">switch fallthrough</a> , <a rel="noreferrer" target="_blank" href="https://git.kernel.org/linus/3d2403fd10a1dbb359b154af41ffed9f2a7520e8">addr_limit</a> ). However, there is still plenty <a rel="noreferrer" target="_blank" href="https://github.com/KSPP/linux/issues">more work to be done</a> . One of the most time-consuming aspects has been the refactoring involved in making these usually invasive and context-sensitive changes across Linux's 25 million lines of code. Beyond kernel code itself, the compiler and toolchain also need to grow more … https://www.whatsupup.com/blog/overinsuring/enzyme/20210802-201711/ Mon, 02 Aug 2021 20:17:10 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210802-201711/ This brings us to the central challenge of all content tracing proposals so far: to make tracing possible, a tracing system needs to turn every WhatsApp user (including the originator) into a cooperative green circle — regardless of whether users actually want to cooperate with police. Moreover, to prevent users from losing their phones and/or going offline, the system will need to force users to place the necessary tracing information into escrow as soon as they receive content, so it will remain available even if users leave the network or lose their phones.<br> Not only that, but each of these newly “cooperative” users might even be forced to admit to police that they also forwarded the content. Don’t want to tell the Swedish government that you made fun of their beloved King? Then you’d better not use a system that follows this pattern of enforced traceability.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210802-162352/ Mon, 02 Aug 2021 16:23:52 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210802-162352/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1130164_2022-audi-e-tron-gt-price-specs-review-photos-info">First drive review: 2022 Audi E-Tron GT and RS E-Tron GT make electric sexy, but not fun</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1129961_2022-volkswagen-id-5-electric-coupe-like-crossover-teased-ahead-of-imminent-debut">2022 Volkswagen ID.5 electric coupe-like crossover teased ahead of imminent debut</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1125333_2022-mercedes-benz-c-class-all-terrain-spy-shots">2022 Mercedes-Benz C-Class All-Terrain spy shots: Soft-roader wagon coming soon</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133085_lincoln-teams-up-with-shinola-for-plush-aviator-concept">Lincoln teams up with Shinola for plush Aviator concept</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133055_jay-leno-drives-a-tastefully-updated-1973-mgb">Jay Leno drives a tastefully updated 1973 MGB</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133082_2022-mercedes-benz-amg-sl-roadster-2022-porsche-cayenne-turbo-gt-final-bugatti-divo-this-week-s-top-photos">2022 Mercedes-Benz AMG SL Roadster, 2022 Porsche Cayenne Turbo GT, final Bugatti Divo: This Week's Top Photos</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210802-161839/ Mon, 02 Aug 2021 16:18:38 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210802-161839/ A few weeks back, the messaging service WhatsApp <a rel="noreferrer" target="_blank" href="https://www.fastcompany.com/90640728/whatsapp-is-suing-the-indian-government-over-traceability-but-what-is-it">sued the Indian government</a> over new <a rel="noreferrer" target="_blank" href="https://pib.gov.in/PressReleseDetailm.aspx?PRID=1700749">legislation</a> that could undermine its end-to-end encryption (E2EE) software. The legislation requires, among other things, that social media and messaging companies must include the ability to “trace” the source of harmful viral content.<br> This tracing capability has been a major issue in India due to several cases of misinformation content that led to <a rel="noreferrer" target="_blank" href="https://www.washingtonpost.com/politics/2020/02/21/how-misinformation-whatsapp-led-deathly-mob-lynching-india/">brutal mob attacks</a> . The ostensible goal of the new legislation is to make it possible for police to track down those who originate or disseminate this content. Put simply, what the authorities say they want is a means to identify a piece of content (for example, a video or a meme) that has gone to a large group of people, and then trace the content back to the WhatsApp account that originally sent it.<br> I don’t plain to weigh in on whether this policy is a good idea or viable on the merits, nor is it in my wheelhouse to say whether the Indian government is being forthright in their reasons for demanding this capability. (I will express a very grave degree of skepticism that this approach will catch any criminal who is remotely malicious and takes steps to cover their tracks.) In this post I mostly want to talk about the technology implications for encrypted messaging services, and what tracing features might mean for end-to-end encrypted systems like WhatsApp.<br> This turns out to be a big problem for encrypted communication systems like WhatsApp, in which end-to-end encryption protects the confidentiality of content even from the gaze of the service provider. In WhatsApp, all messages (as well as file attachments) are encrypted directly from sender to recipient, using an encryption key that WhatsApp doesn’t possess. With a few engineering caveats,* tracing content in these systems is very difficult.<br> But difficult is not the same thing as impossible. A <a rel="noreferrer" target="_blank" href="https://faq.whatsapp.com/general/security-and-privacy/what-is-traceability-and-why-does-whatsapp-oppose-it/?lang=en">recent post by WhatsApp</a> makes the case that tracing is fundamentally impossible to implement securely in an end-to-end encrypted system. While this claim seems intuitively correct, it’s also kind of unsatisfying. After all, “impossible” is a strong word, and it’s highly dependent on which assumptions you’re making. The problem with imprecise claims is that they invite arguments — and indeed WhatsApp’s claim has <a rel="noreferrer" target="_blank" href="https://nadim.computer/posts/2021-06-02-traceability.html">has already been disputed</a> by some in the field.<br> The confidentiality of “who sent what” : while the content itself may not be secret, the fact that a given user transmitted a piece of content is still quite sensitive. If I send you a political meme — perhaps the one at right, poking fun at the King of Sweden — then I might not care very much about the secrecy of the meme itself . But I sure might want to hide the fact that I sent it, to avoid retribution by a totalitarian Swedish government.** Proper end-to-end encryption is supposed to protect this sort of expression.<br> In short: traceability can really screw with the “who sent what” side of content confidentiality. It is a fairly harmless thing for, say, the tyrannical Swedish government to learn that specific memes about the King of Sweden exist. It is very different for them to know that I’ve been sending a lot of them to a specific group of friends.<br> There are at least two proposals that I’ve seen for adding traceability to E2EE communications schemes, and both start from similar assumptions. They both rely on making changes to the end-users’ client software to ensure that tracing information is stored in “escrow” at the provider every time content is sent from one user to another.<br> One proposal is <a rel="noreferrer" target="_blank" href="https://eprint.iacr.org/2019/981">academic</a> , and it takes something like the following “strawman” approach:<br> They will use this key to encrypt a record that contains (A) the content (or a hash of it) and (B) the sender and receiver identities. They will store the encrypted record on WhatsApp’s servers as a kind of “key escrow.” Critically, at this point they will not send WhatsApp the key K .<br> The sender will transmit the record encryption key K to its recipient, using end-to-end encryption.<br> When the next user forwards the same content on to another user, it will repeat steps (1-4) and it will also send all the keys generated by previous users.<br> Now if the police receive a copy of some viral content on an account they control, they will have a list of encryption keys that correspond to everyone in the forwarding chain for that content. They can just go back to WhatsApp with a subpoena, obtain the encrypted records, and use the chain of keys to decrypt them. This will reveal the entire forwarding path back to the originator.<br> Of course sending thousands of keys along with each forwarded message is kind of a drag, so there are some efficiency optimizations one can use to compress this information. For example, each time a user forwards a message they can store the previous user’s encryption key inside the encrypted record they escrow with WhatsApp. That means if police get one key — corresponding to the last record in a chain — they can decrypt the escrow record, and then they will obtain the key for the previous record in the chain. They can repeat this process until the entire forwarding chain is “unzipped”.<br> A lazy diagram (at right) shows how this process might work with three participants. Essentially the whole thing is a form of key escrow, with WhatsApp acting as the escrow authority. If the police get included in any chain at all, they (Eve in this diagram) can subpoena WhatsApp to trace the chain back to originator.<br> Of course, this is a very simple strawman explanation of the ideas: for a more fully-specified (academic) proposal, you can see this paper by <a rel="noreferrer" target="_blank" href="https://eprint.iacr.org/2019/981.pdf">Tyagi, Miers and Ristenpart</a> . Not only does it support path traceback, but it also lets you figure out who else the message was forwarded to! The cryptography is a bit more optimized, but the security guarantees are roughly the same.<br> A <a rel="noreferrer" target="_blank" href="https://web.archive.org/web/20200730005921/https://www.medianama.com/2019/08/223-kamakoti-medianama-whatsapp-traceability-interview/">second proposal</a> by Dr V. Kamakoti of IIT Madras is far simpler: it essentially requires each person who originates new content into the network (as opposed to forwarding it) to attach a “watermark” to the content that identifies the account ID of the sender. This also assumes a trustworthy WhatsApp client, of course. Presumably that watermark could be encrypted using a key stored at WhatsApp, so this tracing will at least require the provider’s involvement.<br> Well if you’re ok with the fact that police can determine the identity of every single person who forwarded a piece of viral content regardless of whether they’re not the originator of that content then, I guess, nothing.<br> That’s the essence of what the Tyagi, Miers and Ristenpart proposal offers, and frankly I’m not particularly ok with it. Even if I accepted the logic that we should have the means to trace “content originators” — the actual justification governments have offered for building systems like this one — I surely would not want to reveal every random user account that happened to forward the content . That seems like a recipe for persecuting innocent people.<br> The approaches I describe above rely on a critical assumption: that all participants in the system are going to behave honestly — that is, everyone will run the official WhatsApp client, which will contain logic designed to store an escrow record on WhatsApp’s servers. Nobody in this system will try to bypass this system by running an unofficial client, or by hacking their client to disable the escrow logic.<br> If you’re willing to make such a strong assumption, why bother with the complicated Tyagi, Miers and Ristenpart proposal? Why not just use the Kamakoti proposal: modify your WhatsApp client to add a small “watermark” to each fresh non-forwarded media file. After all: once you’ve assumed that everyone is running an honest client, you can assume that the content originator will be too — can’t you? This approach would still reveal a lot of information to police, but it wouldn’t reveal the identity of every random person who forwarded the content.<br> My guess is that Tyagi, Miers and Ristenpart have an answer to this that boils down to something like “maybe you can’t trust the originator to run the correct client, but loads of other people will be running it.” To me this invites a much more detailed discussion about what security assumptions you’re making, and how “bad” the bad guys really are.<br> Notes : * Some messaging systems implement attachment forwarding by passing a pointer to an existing file that is stored on their servers. This is a nice storage optimization, since it avoids the need to make and store a full duplicate copy of each object whenever the user hits “forward”. The downside of this approach is that it makes tracing relatively easy for providers, since they can see exactly which users accessed a given file. Such optimizations are inimical to private systems and really should be avoided.<br> ** All claims about the Swedish government are fictionalized.<br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210802-041959/ Mon, 02 Aug 2021 04:19:57 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210802-041959/ A first thing to keep in mind is that content tracing is not really a natural feature for messaging system. That is, tracing content poses a challenge even for completely unencrypted messaging apps: the kind where service providers can see all data traveling through the system. Tracing back to a content originator requires that the provider must be able to identify a file received at some end-user’s account, and then “chase” the content backwards through time through each user account that forwarded it. Even this description doesn’t quite respect the difficulty of the problem: not every user literally hits a “forward” button to send content onward. Many will save and re-upload a file, which breaks the forwarding chain and can even produce a slightly different file — thanks to the magic of digital compression.<br> From the user’s side, E2EE systems are supposed to maintain the confidentiality of user communications. Confidentiality is a broad term and can mean a lot of things. In this case it has two specific flavors that are relevant, with names that I just made up now:<br> I wanted to illustrate this post with memes about the Swedish monarchy. Unfortunately, it turns out that Swedish Monarchy memes basically suck.<br> The confidentiality of “who sent what” : while the content itself may not be secret anymore, the fact that a given user transmitted a piece of content is still quite sensitive. If I send you a political meme — perhaps the one at right, poking fun at the King of Sweden — then I might not care very much about the secrecy of the meme itself . But I sure might want to hide the fact that I sent it to you, to avoid retribution by the pro-monarchy Swedish government. Proper end-to-end encryption is supposed to protect this sort of expression.<br> In short: traceability systems don’t really harm the confidentiality of the “content” itself, since viral memes themselves aren’t usually a big secret. What it does impact is the “who sent what” side of confidentiality. It is a fairly harmless thing for, say, the tyrannical Swedish government to learn that specific memes about the King of Sweden exist. It is very different for them to know that I’ve been sending a lot of them to a specific group of friends.<br> Finally I need to clarify one more thing, since discussions with colleagues have made me realize that it is not obvious. Information revealed about “who sent what” in an E2E system is not the same as metadata. I feel stupid having to point this out, but metadata (information about data that we can’t easily hide from providers, such as the list of contacts you’ve communicated with) is a very different thing. WhatsApp might inevitably learn that I texted 500 people last month because they delivered my (encrypted) messages. They still shouldn’t learn that any of my messages are making fun of the Swedish monarchy.<br> While confidentiality and traceability may seem like they’re in conflict, it’s important to point out that some forms of tracing can be implemented in a non-coercive way that does not inherently violate confidentiality. For example, imagine Alice originates a meme, and this meme subsequently makes its way to police officer Eve via the following forwarding path:<br> Provided that Bob, Charlie and Dave are willing to cooperate with the police, then Eve can use shoe-leather detective work to trace the content backwards towards Alice. After all: each participant (1) is an authorized recipient of the data and (2) knows who they received the content from. Nobody is “breaking” E2E if they perform this sort of cooperative tracing: it’s just people sharing information they’re already entitled to have.<br> By passing these laws, police are tacitly admitting that voluntary content tracing is not sufficient to met their investigative needs. This implies that when police try to follow a chain like the one shown above, they’re running into people who are either (1) unwilling to share this information in a timely way, or (2) simply don’t have the information anymore — maybe because they deleted the messages or lost their phone.<br> The prevalance of uncooperative nodes in the above graph makes it virtually impossible for cooperative tracing to find the originator. It seems obvious that real-world situations like this will make voluntary tracing very difficult to achieve.<br> This brings us to the central challenge of all content tracing proposals so far: to make tracing possible, a tracing system needs to turn every WhatsApp user into a cooperative green circle — regardless of whether users actually want to cooperate with police. Moreover, to prevent users from losing their phones and/or going offline, the system will need to force users to place the necessary tracing information into escrow as soon as they receive content, so it will remain available even if users leave the network or lose their phones.<br> Both proposals take something like the following “strawman” approach:<br> Each time someone sends content to another user, they will generate some fresh encryption key K .<br> Frankly I’m not particularly ok with that. Even if I was willing to bend to the logic that we should have the means to trace “content originators” — the actual justification governments have offered for building systems like this one — I surely would not want to reveal every random user account that happened to forward the content . That information just seems like a recipe for oppression.<br> The approach I described above relies on a critical assumption: that all participants in the system are going to behave honestly — that is, everyone will run the official WhatsApp client, which will contain logic designed to store an escrow record on WhatsApp’s servers. Nobody in this system will try to bypass this system by running an unofficial client, or by hacking their client to disable the escrow logic.<br> If you’re willing to make such a strong assumption, why bother building such a complicated system? Why not modify your WhatsApp client to add a small “watermark” to each fresh non-forwarded media file, a watermark that identifies the account ID of the original sender? (If you’re worried about confidentiality, you could encrypt this using a key held by WhatsApp.) After all: once you’ve assumed that everyone is running an honest client, you can assume that the content originator will be too — can’t you? This approach would still reveal a lot of information to police, but it wouldn’t reveal the identity of every random person who forwarded the content.<br> I’m sure there is some convenient answer to this, but my suspicion is that it once you try to explore the question deeply, the answer is going to make a hash of your very simple security assumptions. That’s why life is complicated.<br> If you read this far to answer the (rarified) question of how traceability could work and whether it breaks E2E encryption, then you can stop here. The rest of this post is not about that. It’s just me alienating a whole bunch of my academic peers.<br> Here is what I want to say to them.<br> The debate around key escrow and law enforcement surveillance is a very hard one. People have a lot of opinions about whether this work is “helping the good guys” or “helping the bad guys”, i.e., whether it’s about helping police find criminals, or whether it’s going to build the infrastructure for authoritarianism and spying. I don’t know the answer to this. I suppose the answer depends to some extent on the integrity of the government(s) that are implementing them. I have opinions, but I don’t expect all of my colleagues to share them.<br> What I would ask my colleagues to think hard about is the following:<br> When you propose (or review a paper that proposes) a new “lawful access” system, is it solving the hard problems, or is it punting on the hard problems and solving only the easy ones?<br> Because at the end of the day, building systems that violate the confidentiality of E2E encryption is a relatively easy problem from a scientific perspective. We’ve known how to build <a rel="noreferrer" target="_blank" href="https://dl.acm.org/doi/abs/10.1145/227234.227239">key escrow systems</a> from the earliest days of encryption. Building these systems is not interesting, scientifically. It is useful from an engineering perspective, of course — to parties who want to deploy such systems. When respected academics write such papers, it is also politically useful to those same parties.<br> What is scientifically interesting is whether we can build systems that actually prevent abuse, either by governments that misuse the technology or by criminals who steal keys. We don’t really know to do that very well right now. This is the actual scientific problem of designing law enforcement access systems — not the “access” part, which is relatively easy and mostly consists of engineering. In short, the scientific problem is figuring out how to prevent the wrong type of access.<br> When I read a paper that builds a sophisticated surveillance system, I expect it to address those abuse problems in a meaningful way. If the paper punts the important problems to subsequent work — if what I get is a paragraph like the one at right — my thinking is that you aren’t solving the right problem. You’re just laying the engineering groundwork for a world I don’t want my kids to live in. I would politely ask you all to stop doing that.<br> By <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/author/matthewdgreen/">Matthew Green</a> in <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/category/backdoors/">backdoors</a> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2021/08/01/thinking-about-traceability/">August 1, 2021 August 2, 2021</a> 3,248 Words <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2021/08/01/thinking-about-traceability/#comments">1 Comment</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210802-002025/ Mon, 02 Aug 2021 00:20:23 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210802-002025/ <p><a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2021/06/07/thinking-about-traceability/">Thinking about “traceability”</a><br></p> <hr> A few weeks ago the messaging service WhatsApp <a rel="noreferrer" target="_blank" href="https://www.fastcompany.com/90640728/whatsapp-is-suing-the-indian-government-over-traceability-but-what-is-it">sued the Indian government</a> over new <a rel="noreferrer" target="_blank" href="https://pib.gov.in/PressReleseDetailm.aspx?PRID=1700749">legislation</a> that could undermine its end-to-end encryption (E2EE) software. The legislation requires, among other things, that social media and messaging companies must include the ability to “trace” the source of harmful viral content.<br> This tracing capability has been a major issue in India due to several cases of misinformation content that led to <a rel="noreferrer" target="_blank" href="https://www.washingtonpost.com/politics/2020/02/21/how-misinformation-whatsapp-led-deathly-mob-lynching-india/">brutal mob attacks</a> . The ostensible goal of the new legislation is to make it possible for police to track down those who originate or disseminate this content. Put simply, what the authorities want is a means to identify a piece of content (say, a video or a meme) that has gone to a large group of people, and then trace the content back to the WhatsApp account that originally sent it.<br> I don’t plain to weigh in very heavily about whether this policy is a good idea or viable on the merits — except to express a very grave degree of skepticism that this approach will every catch a criminal who is remotely clever. Here I just want to talk about the technology implications for encrypted messaging services, and what tracing features might mean for end-to-end encrypted systems like WhatsApp.<br> Why is content tracing hard in the first place?<br> A first thing to keep in mind is that content tracing is not really a natural feature for messaging system. That is, tracing content poses a challenge even for completely unencrypted messaging apps: the kind where service providers can see all data traveling through the system. Tracing back to a content originatorsrequires that the provider must be able to identify a file received at some end-user’s account, and then “chase” the content backwards through time through each user account that forwarded it. Even this description doesn’t quite respect the difficulty of the problem: not every user literally hits a “forward” button to send content onward. Many will save and re-upload a file, which breaks the forwarding chain and can even produce a slightly different file — thanks to the magic of digital compression.<br> These problems aren’t intractable. In a system with no end-to-end encryption, they could perhaps be solved using <a rel="noreferrer" target="_blank" href="https://www.phash.org/">perceptual hash functions</a> that identify similar media files by constructing a “fingerprint” of each file that can easily be compared against other files, and can survive re-encoding or minor edits. (This is the same technology that’s used in detecting child sexual abuse imagery, something I wrote about <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2019/12/08/on-client-side-media-scanning/">here</a> .) What’s important is that even with this technology, the obvious approach to content tracing requires the provider to have plaintext access to (at least the hashes of) user content.<br> This turns out to be a big problem for encrypted communication systems like WhatsApp, which use end-to-end encryption to protect the confidentiality of content even from the gaze of the service provider. In WhatsApp, all messages (as well as file attachments) are encrypted from sender to recipient, using an encryption key that WhatsApp doesn’t learn. With a few engineering caveats,* tracing content in these systems is very difficult.<br> But difficult is not the same thing as impossible. A <a rel="noreferrer" target="_blank" href="https://faq.whatsapp.com/general/security-and-privacy/what-is-traceability-and-why-does-whatsapp-oppose-it/?lang=en">recent post by WhatsApp</a> makes the case that tracing is fundamentally impossible to implement securely in an end-to-end encrypted system. While this claim seems intuitively correct, it’s also kind of unsatisfying. After all, “impossible” is a strong word, and it’s highly dependent on assumptions. The problem with imprecise claims is that they invite arguments — and indeed WhatsApp’s claim has <a rel="noreferrer" target="_blank" href="https://nadim.computer/posts/2021-06-02-traceability.html">has already been disputed</a> by some in the field.<br> In this post I’m going to consider the following simple question: is traceability in end-to-end encrypted systems actually possible? And if so, what are the costs to privacy and security? For the record: I’m writing this post as much to answer the question for myself as to answer it for anyone else, so don’t expect this to be short or simple. I’m working things out as I go along.<br> Let’s start with the most basic question.<br> What is “traceability” in an end-to-end encrypted system?<br> The biggest problem with the debate over content tracing is that nobody seems to have a terribly rigorous definition of what, precisely an end-to-end encrypted tracing scheme is supposed to do — or more precisely, what its limits will be. To understand whether these systems can be built, we need to think hard about what they’re supposed to do in the first place.<br> From the perspective of law enforcement, content tracing is a simple feature. A piece of “viral” content (say an image file) has been widely distributed through a messaging platform, and authorities have decided that this content is <a rel="noreferrer" target="_blank" href="https://www.theguardian.com/world/2018/jul/03/whatsapp-murders-india-struggles-to-combat-crimes-linked-to-messaging-service">harmful</a> . Since the content is widespread, we can assume that police have received a copy of the file at an account they control (e.g., their own accounts, or the account of a cooperating user.) The authorities wish to contact the service provider and ask them for the originator and/or major spreaders of the content. This gives us our first requirement:<br> Traceability: given a piece of “viral” content received by a device/account (plus any cryptographic keys at the device), a tracing scheme should be able to reliably trace the content back to the originator (or at least, earlier) accounts.<br> From the user’s side, E2EE systems are supposed to maintain the confidentiality of user communications. Confidentiality is a broad term. In this case it has two specific flavors that are relevant, with names that I just made up now:<br> I decided to illustrate this post with memes about the Swedish monarchy, on the theory that everyone has strong feelings about the King of Sweden they want to keep to themselves. Unfortunately, all the memes I was able to find turned out to be hokey, as if the Swedes don’t even have controversial things to say about their monarchy.<br> The confidentiality of the content itself : this ensures that forwarded files are known only to the sender and authorized recipients(s) of a conversation. Notice that for viral content, this property isn’t terribly important. Remember: our assumption is that the content itself has ultimately been forwarded widely, until (nearly) everyone has received a copy.<br> The confidentiality of “who sent what” : while the content itself may not be secret anymore, the fact that a given user transmitted a piece of content is still quite sensitive. If I send you a political meme — perhaps one poking fun at an authoritarian ruler such as the King of Sweden — then I might not care very much about the secrecy of the meme itself . But I sure might want to hide the fact that I sent it to you. Proper end-to-end encryption is supposed to ensure this.<br> Traceability does not generally impact the confidentiality of the “content” itself when it comes to viral memes, since the memes themselves aren’t the secret. What it does impact is the “who sent what” side of confidentiality. It is a fairly harmless thing for, say, the tyrannical Swedish government to learn that memes about the King of Sweden exist. It is very different for them to know that I’ve been sending a lot of them to a specific group of friends.<br> Finally I need to clarify one more thing, since discussions with colleagues have made me realize that it is not obvious. Revealing information about “who sent what” in an E2E system is not the same as leaking metadata. I feel stupid having to point this out, but metadata (information that we can’t easily hide from providers, such as the list of contacts you’ve communicated with) is a very different thing. WhatsApp might inevitably know that I texted 500 people last month because they delivered my (encrypted) messages. They shouldn’t learn which of my messages are making fun of the Swedish monarchy.<br> So can traceability be accomplished without breaking E2E?<br> It really depends what you mean by “traceability” and what you mean by “breaking.”<br> While confidentiality and traceability may seem like they’re in conflict, it’s important to point out that some forms of tracing can be voluntary , and does not inherently need to violate anyone’s confidentiality. For example, imagine Alice sends a meme to Bob, and this meme makes its way to police officer Eve via the following forwarding path:<br> Provided that Bob, Charlie and Dave are willing to cooperate with the police, then Eve can use shoe-leather detective work to trace the content backwards towards Alice. After all: each participant is (1) an authorized recipient and (2) knows who they received the content from. Nobody is “breaking” E2E if they perform this sort of cooperative tracing: it’s just people sharing information they’re already entitled to have.<br> It’s now time to say a stupid and obvious thing: what’s being proposed in India is not cooperative tracing .<br> Let’s be clear: if detective work and cooperation was sufficient to trace the originators of harmful content, the police wouldn’t be asking for new encryption laws, and WhatsApp wouldn’t be suing the Indian government.<br> By passing these laws, police are tacitly admitting that voluntary content tracing is not sufficient to met their investigative needs. This implies that when police try to follow a chain like the one shown above, they’re running into people who are either (1) unwilling to share this information , (2) simply don’t have the information anymore — maybe because they deleted the messages or lost their phone, or (3) won’t turn it over in a timely way.<br> Let’s draw a picture of this situation. Below, each node represents a WhatsApp account, with the red node being the originator of some viral content, and the blue node representing police. Green nodes represent users who are willing to cooperate with the police, provided they are contacted. Here the gray nodes are users who won’t cooperate — either because they didn’t keep the information, or maybe because they just don’t like police.<br> Police (blue) can try to cooperatively trace … https://www.whatsupup.com/blog/kickback/overgeneralization/20210801-200933/ Sun, 01 Aug 2021 20:09:33 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210801-200933/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/best-postgresql-guis-in-2020/">Best PostgreSQL GUIs in 2021 (Updated) This post walks through the best GUIs available for querying your Postgres data.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210801-162443/ Sun, 01 Aug 2021 16:24:43 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210801-162443/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133058_megarexx-megaraptor-is-the-ford-f-250-super-duty-in-raptor-form">MegaRexx MegaRaptor is the Ford F-250 Super Duty in Raptor form</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133038_here-s-batman-s-new-batcycle-from-the-flash">Here's Batman's new Batcycle from "The Flash"</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210801-121918/ Sun, 01 Aug 2021 12:19:17 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210801-121918/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2015/04/02/truecrypt-report/">Truecrypt report</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210731-161912/ Sat, 31 Jul 2021 16:19:11 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210731-161912/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/with-help-from-google-impersonated-brave-com-website-pushes-malware/">With help from Google, impersonated Brave.com website pushes malware</a><br></p> <hr> With a valid TLS certificate, faux Bravė.com could fool even security-savvy people.<br> https://www.whatsupup.com/blog/boxed/modification/20210731-081610/ Sat, 31 Jul 2021 08:16:09 +0000 https://www.whatsupup.com/blog/boxed/modification/20210731-081610/ =delete<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pitfalls">pitfalls</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#template-metaprogramming">template-metaprogramming</a><br> (Hat tip to Louis Dionne and Tim Song for bringing this up in a libc++ review, and then explaining it enough that I think I got it.)<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210731-042452/ Sat, 31 Jul 2021 04:24:52 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210731-042452/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133076_2022-chevrolet-copo-572-camaro-debuts-with-new-big-block-v-8">2022 Chevrolet COPO 572 Camaro debuts with new big-block V-8</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133067_1995-jaguar-xj220-headed-to-auction-1-of-4-painted-daytona-black">1995 Jaguar XJ220 headed to auction, 1 of 4 painted Daytona Black</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210731-042342/ Sat, 31 Jul 2021 04:23:42 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210731-042342/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2012/11/25/teaching-abstraction/">Teaching abstraction</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210731-000924/ Sat, 31 Jul 2021 00:09:24 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210731-000924/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/retool-and-firebase/">Build tools and admin panels on top of Firebase When it comes to building apps, Firebase takes care of pretty much anything you can think of: real-time database storage, cloud object storage, authentication, web hosting, serverless functions, analytics, monitoring, machine learning, notifications,</a><br> https://www.whatsupup.com/blog/augur/cussed/20210730-200832/ Fri, 30 Jul 2021 20:08:31 +0000 https://www.whatsupup.com/blog/augur/cussed/20210730-200832/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/brush-up-on-your-mod-know-how-with-new-dma-articles-924531c5f5a8?source=collection_home---4------0-----------------------">Brush Up On Your Mod Know-How With New DMA Articles</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/brush-up-on-your-mod-know-how-with-new-dma-articles-924531c5f5a8?source=collection_home---4------0-----------------------">Brush Up On Your Mod Know-How With New DMA Articles The Mod Academy gains over fifteen new articles, going over even more topics to help you bring your moderating game to the next level.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210730-162706/ Fri, 30 Jul 2021 16:27:05 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210730-162706/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133066_rare-shelby-series-1-heads-to-auction">Rare Shelby Series 1 heads to auction</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210730-160906/ Fri, 30 Jul 2021 16:09:06 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210730-160906/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/what-is-low-code/">What is low code? A comprehensive guide Low code and no code have equal amounts of hype and skepticism. On the one hand, it’s clear low code has market traction: in April 2021, a provider of low code automation</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210730-122622/ Fri, 30 Jul 2021 12:26:22 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210730-122622/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131174_glickenhaus-reveals-baja-ready-pickup-concept-fueled-by-hydrogen">Glickenhaus reveals Baja-ready pickup concept fueled by hydrogen</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133063_2022-bentley-flying-spur-hybrid-odyssean-edition-marks-electrified-sedan-s-launch">2022 Bentley Flying Spur Hybrid Odyssean Edition marks electrified sedan's launch</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132750_2022-subaru-wrx-2022-mercedes-benz-sl-roadster-mclaren-765lt-spider-today-s-car-news">2022 Subaru WRX, 2022 Mercedes-Benz SL Roadster, McLaren 765LT Spider: Today's Car News</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210730-122152/ Fri, 30 Jul 2021 12:21:51 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210730-122152/ <p><a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/malicious-pypi-packages-caught-stealing-developer-data-and-injecting-code/">Software downloaded 30,000 times from PyPI ransacked developers’ machines</a><br></p> <hr> Expect to see more of these "Frankenstein" malware packages, researchers warn.<br> <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/new-bank-fraud-malware-called-vultur-infects-thousands-of-devices/">New bank-fraud malware called Vultur infects thousands of devices</a><br> <hr> Screen sharing courtesy of VNC mirrors device screens to attacker-controlled servers.<br> https://www.whatsupup.com/blog/sideswiped/tuftily/20210730-081417/ Fri, 30 Jul 2021 08:14:16 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210730-081417/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/07/17/Music-Notes">Music Notes</a> · Herewith notes on what I’m listening to in 2021, and why that’s a problem. With recommendations both for music and for things we can do to keep it alive <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/07/17/Music-Notes">…</a> [11 comments]<br> https://www.whatsupup.com/blog/palpable/mulla/20210730-080622/ Fri, 30 Jul 2021 08:06:21 +0000 https://www.whatsupup.com/blog/palpable/mulla/20210730-080622/ <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2021/07/30/meet-buttons.html">Google Meet buttons</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20210730-001712/ Fri, 30 Jul 2021 00:17:12 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210730-001712/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/programming-note-what-ive-learned">What I’ve Learned In A Year On Substack</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/programming-note-what-ive-learned">This thing is for real. The incentives are right. The community is the key. And I'll be back after Labor Day.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210730-000704/ Fri, 30 Jul 2021 00:07:04 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210730-000704/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/the-life-cycle-of-a-breached-database/">The Life Cycle of a Breached Database</a><br></p> <hr> Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database.<br> Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. One might even say passwords are the fossil fuels powering most IT modernization: They’re ubiquitous because they are cheap and easy to use, but that means they also come with significant trade-offs — such as polluting the Internet with weaponized data when they’re leaked or stolen en masse.<br> When a website’s user database gets compromised, that information invariably turns up on hacker forums. There, denizens with computer rigs that are built primarily for mining virtual currencies can set to work using those systems to crack passwords.<br> How successful this password cracking is depends a great deal on the length of one’s password and the type of password hashing algorithm the victim website uses to obfuscate user passwords. But a decent crypto-mining rig can quickly crack a majority of password hashes generated with <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/MD5">MD5</a> (one of the weaker and more commonly-used password hashing algorithms).<br> “You hand that over to a person who used to mine Ethereum or Bitcoin, and if they have a large enough dictionary [of pre-computed hashes] then you can essentially break 60-70 percent of the hashed passwords in a day or two,” said Fabian Wosar , chief technology officer at security firm <a rel="noreferrer" target="_blank" href="https://www.emsisoft.com">Emsisoft</a> .<br> From there, the list of email addresses and corresponding cracked passwords will be run through various automated tools that can check how many email address and password pairs in a given leaked data set also work at other popular websites (and heaven help <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/">those who’ve re-used their email password elsewhere</a> ).<br> This sifting of databases for low-hanging fruit and password re-use most often yields less than a one percent success rate — and usually far less than one percent.<br> But even a hit rate below one percent can be a profitable haul for fraudsters, particularly when they’re password testing databases with millions of users. From there, the credentials are eventually used for fraud and resold in bulk to legally murky online services that index and resell access to breached data.<br> Much like <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=weleakinfo">WeLeakInfo</a> and others operated before being shut down by law enforcement agencies, these services sell access to anyone who wants to search through billions of stolen credentials by email address, username, password, Internet address, and a variety of other typical database fields.<br> TARGETED PHISHING<br> So hopefully by this point it should be clear why re-using passwords is generally a bad idea. But the more insidious threat with hacked databases comes not from password re-use but from targeted phishing activity in the early days of a breach, when relatively few ne’er-do-wells have got their hands on a hot new hacked database.<br> Earlier this month, customers of the soccer jersey retailer classicfootballshirts.co.uk started receiving emails with a “cash back” offer. The messages addressed customers by name and referenced past order numbers and payment amounts tied to each account. The emails encouraged recipients to click a link to accept the cash back offer, and the link went to a look-alike domain that requested bank information.<br> The targeted phishing message that went out to classicfootballshirts.co.uk customers this month.<br> “It soon became clear that customer data relating to historic orders had been compromised to conduct this attack,” Classicfootballshirts said in <a rel="noreferrer" target="_blank" href="https://www.classicfootballshirts.co.uk/data-statement">a statement</a> about the incident. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/the-life-cycle-of-a-breached-database/#more-56301">Continue reading →</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210729-201928/ Thu, 29 Jul 2021 20:19:28 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210729-201928/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/29/technology/activision-walkout-metoo-call-of-duty.html">Activision, Facing Internal Turmoil, Grapples With #MeToo Reckoning More than 1,500 employees for the video game giant, which is facing an explosive state lawsuit, have called for executives to take sexual harassment seriously. By Kellen Browning and Mike Isaac</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210729-162115/ Thu, 29 Jul 2021 16:21:15 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210729-162115/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133051_land-rover-celebrates-camel-trophy-past-with-2022-defender-trophy-edition">Land Rover celebrates Camel Trophy past with 2022 Defender Trophy Edition</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210729-122033/ Thu, 29 Jul 2021 12:20:33 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210729-122033/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1050005_fisker-to-show-production-intent-ocean-prototype-at-2021-los-angeles-auto-show">Fisker to show production-intent Ocean prototype at 2021 Los Angeles Auto Show</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133048_trio-of-special-race-cars-mark-50th-anniversary-of-mercedes-benz-amg-s-historic-spa-victory">Trio of special race cars mark 50th anniversary of Mercedes-Benz AMG's historic Spa victory</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133047_audi-to-preview-future-of-luxury-performance-with-sky-sphere-concept">Audi to preview future of luxury performance with Sky Sphere concept</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132752_2022-subaru-wrx-to-debut-at-2021-new-york-auto-show">2022 Subaru WRX to debut at 2021 New York auto show</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210729-121740/ Thu, 29 Jul 2021 12:17:40 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210729-121740/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/feds-list-the-top-30-most-exploited-vulnerabilities-many-are-years-old/">Feds list the top 30 most exploited vulnerabilities. Many are years old</a><br></p> <hr> Hackers continue to exploit publicly known—and often dated—software vulnerabilities.<br> https://www.whatsupup.com/blog/playacted/rededication/20210729-002153/ Thu, 29 Jul 2021 00:21:53 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210729-002153/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/28/business/facebook-q2-earnings.html">Facebook’s profit surges 101 percent on strong ad sales. Advertising revenue, which continues to be the bulk of Facebook’s income, rose 56 percent to $28.6 billion, easily surpassing Wall Street expectations. By Mike Isaac</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210728-202305/ Wed, 28 Jul 2021 20:23:05 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210728-202305/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133040_uk-firm-makes-an-electric-1971-citroen-ds">UK firm makes an electric 1971 Citroen DS</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210728-162205/ Wed, 28 Jul 2021 16:22:05 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210728-162205/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1112697_hennessey-celebrates-30-years-with-final-run-of-1-000-hp-exorcist-camaro-zl1">Hennessey celebrates 30 years with final run of 1,000-hp Exorcist Camaro ZL1</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1127739_2023-porsche-cayenne-coupe-spy-shots-and-video">2023 Porsche Cayenne Coupe spy shots and video: Major changes pegged for mid-cycle refresh</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133036_new-defender-ready-for-bowler-defender-challenge-one-make-rally-series">New Defender ready for Bowler Defender Challenge one-make rally series</a><br> https://www.whatsupup.com/blog/sited/implore/20210728-161813/ Wed, 28 Jul 2021 16:18:12 +0000 https://www.whatsupup.com/blog/sited/implore/20210728-161813/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/28/technology/state-facebook-antitrust-lawsuit.html">States say they will appeal the dismissal of their Facebook antitrust suit. A federal judge eviscerated arguments by more than 40 state attorneys general that Facebook had a monopoly. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210728-122219/ Wed, 28 Jul 2021 12:22:19 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210728-122219/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133035_ford-honors-women-airforce-service-pilots-with-special-mustang-mach-e">Ford honors Women Airforce Service Pilots with special Mustang Mach-E</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20210728-121945/ Wed, 28 Jul 2021 12:19:44 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210728-121945/ July 28, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/07/28/The-next-YAML.html">My wish-list for the next YAML</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210728-121848/ Wed, 28 Jul 2021 12:18:48 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210728-121848/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/july-has-already-brought-us-2-new-ransomware-groups-hunting-for-big-game/">Haron and BlackMatter are the latest groups to crash the ransomware party</a><br></p> <hr> The additions come as the number of high-severity ransomware attacks ratchet up.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210727-202203/ Tue, 27 Jul 2021 20:22:03 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210727-202203/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133019_richard-hammond-plans-classic-car-restoration-show">Richard Hammond plans classic-car restoration show</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133018_tom-hanks-1980-toyota-fj40-land-cruiser-heads-to-auction">Tom Hanks' 1980 Toyota FJ40 Land Cruiser heads to auction</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210727-162248/ Tue, 27 Jul 2021 16:22:48 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210727-162248/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1128969_2023-mercedes-benz-eqs-suv-spy-shots-video">2023 Mercedes-Benz EQS SUV spy shots: Electric crossover to join S-Class family</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133022_mclaren-765lt-spider-price-specs-review-photos-info">Preview: McLaren 765LT Spider drops the top on hardcore supercar</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132650_toyota-reveals-more-of-its-redesigned-2022-tundra">Toyota reveals more of its redesigned 2022 Tundra</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132982_jay-leno-drives-a-quirky-1967-panhard-24-bt">Jay Leno drives a quirky 1967 Panhard 24 BT</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210727-161627/ Tue, 27 Jul 2021 16:16:27 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210727-161627/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/07/a-new-chapter-for-googles-vulnerability.html">A new chapter for Google’s Vulnerability Reward Program</a><br></p> <hr> Posted by Jan Keller, Technical Program Manager, Google VRP<br> A little over <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2010/11/rewarding-web-application-security.html">10 years ago</a> , we launched our <a rel="noreferrer" target="_blank" href="https://www.google.com/about/appsecurity/reward-program/">Vulnerability Rewards Program</a> (VRP). Our goal was to establish a channel for security researchers to report bugs to Google and offer an efficient way for us to thank them for helping make Google, our users, and the Internet a safer place. To recap our progress on these goals, here is a snapshot of what VRP has accomplished with the community over the past 10 years:<br> Total bugs rewarded: 11,055<br> Number of rewarded researchers : 2,022<br> Representing 84 different countries<br> Total rewards: $29,357,516<br> To celebrate our anniversary and ensure the next 10 years are just as (or even more) successful and collaborative, we are excited to announce the launch of our new platform, <a rel="noreferrer" target="_blank" href="https://bughunters.google.com/">bughunters.google.com</a> . This new site brings all of our VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues. Other improvements you will notice include:<br> More opportunities for interaction and a bit of healthy competition through gamification, per-country leaderboards, awards/badges for certain bugs and more!<br> A more functional and aesthetically pleasing leaderboard. We know a lot of you are using your achievements in the VRP to find jobs ( <a rel="noreferrer" target="_blank" href="https://careers.google.com/?src=Online%2FHouse%20Ads%2FBKWS%27">we’re hiring!</a> ) and we hope this acts as a useful resource.<br> A stronger emphasis on learning: Bug hunters can improve their skills through the content available in our new <a rel="noreferrer" target="_blank" href="http://goo.gle/bhu">Bug Hunter University</a><br> Streamlined publication process: we know the value that knowledge sharing brings to our community. That’s why we want to make it easier for you to publish your bug reports.<br> Swag will now be supported for special occasions (we heard you loud and clear!)<br> We also want to take a moment to shine a light on some aspects of the VRP that are not yet well-known, such as:<br> <a rel="noreferrer" target="_blank" href="http://goo.gle/patchz">Submitting patches</a> to open-source software is eligible for a reward<br> We have <a rel="noreferrer" target="_blank" href="http://goo.gle/paperz">rewards for research papers</a> on the security of open source<br> Your open-source software <a rel="noreferrer" target="_blank" href="http://goo.gle/subsidiz">might be eligible for a subsidy</a><br> When we launched our very first VRP, we had no idea how many valid vulnerabilities - if any - would be submitted on the first day. Everyone on the team put in their estimate, with predictions ranging from zero to 20. In the end, we actually received more than 25 reports, taking all of us by surprise. Since its inception, the VRP program has not only grown significantly in terms of report volume, but the team of security engineers behind it has also expanded – including almost 20 bug hunters who reported vulnerabilities to us and ended up joining the Google VRP team. That is why we are thrilled to bring you this new platform, continue to grow our community of bug hunters and support the skill development of up-and-coming vulnerability researchers. Thanks again to the entire Google bug hunter community for making our vulnerability rewards program successful. As you continue to play around with the new site and reporting system, tell us about it - we would love to <a rel="noreferrer" target="_blank" href="http://twitter.com/googlevrp">hear your feedback</a> . Until next time, keep on finding those bugs!<br> Labels: <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/Security">Security</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/vulnerabilities">vulnerabilities</a><br> https://www.whatsupup.com/blog/boxed/modification/20210727-161604/ Tue, 27 Jul 2021 16:16:04 +0000 https://www.whatsupup.com/blog/boxed/modification/20210727-161604/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#math">math</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pretty-pictures">pretty-pictures</a><br> You’ve heard of the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Mandelbrot_set">Mandelbrot set</a> , right? Basically, for each point<br> c<br> on the complex plane, we iterate the function<br> z<br> =<br> 2<br> +<br> and color the point<br> based on how many steps it takes until<br> |<br> ≥<br> (which is known as “diverging” or “escaping”).<br> I recently learned of another visualization called the “ <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Buddhabrot">Buddhabrot</a> ,” originally discovered by <a rel="noreferrer" target="_blank" href="https://superliminal.com/fractals/bbrot/">Melinda Green</a> . In the Buddhabrot, you color each complex point<br> t<br> based on the number of times that<br> is visited by the escaping trajectories of all points<br> . As Wikipedia says, this produces a graph of “the probability distribution over the trajectories of points that escape.”<br> https://www.whatsupup.com/blog/uprousing/bayed/20210727-161001/ Tue, 27 Jul 2021 16:10:00 +0000 https://www.whatsupup.com/blog/uprousing/bayed/20210727-161001/ <p><a rel="noreferrer" target="_blank" href="https://ciechanow.ski/naval-architecture/">Naval Architecture</a><br></p> <hr> When I first heard the term <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Naval_architecture">naval architecture</a> I thought it was the artistic practice of designing beautiful boats. It turns out it’s a proper scientific discipline dedicated to the engineering of ships.<br> Over the course of this article we’ll go over different aspects of naval architecture. I’ll explain how ships are propelled, what makes them stay afloat, and how they’re carefully designed to not tip over even in dynamic conditions:<br> To understand why a ship rocks side-to-side in the wavy ocean waters, we first have to understand that it’s water itself that’s responsible for all of the ship’s behaviors. We’ll start with a simple device – a water-filled syringe.<br> Pressure<br> You’ve probably seen a syringe before. When its plunger is pressed, the contents of the syringe comes out on the other end. In the demonstration below we have a syringe connected through a thin hose to another container that has a spring in it. The entire system is filled with water . As you increase the force on the plunger observe the little spring being compressed at the other end of the hose:<br> By applying force on the plunger we increase the pressure in the fluid , which in turn pushes the little piston and compresses the spring. We can measure that pressure using a pressure gauge. In the demonstration below the sliders allow you to control the applied force and the area of the plunger:<br> Observe that the pressure P on the gauge is proportional to the perpendicular input force F , but it’s inversely proportional to the area A . We can tie these three values using the following equation:<br> P = F / A<br> In metric system pressure is expressed in pascals (Pa) named after <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Blaise_Pascal">Blaise Pascal</a> , while in the imperial system pounds per square inch (psi) are commonly used.<br> Notice that we no longer have any spring to compress. Even though we’re applying a force the plunger doesn’t move since water, unlike air, is <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Properties_of_water#Compressibility">minimally compressible</a> . It’s easy to squeeze an empty, tightly screwed plastic bottle, but when filled to the brim with water the bottle won’t budge much. At the pressures we’re applying here, water practically doesn’t change its volume.<br> With a syringe, we’ve directly applied a force by pushing on the plunger, however, we could recreate that experiment by putting a heavy, tightly fitting weight on top of water in a container. In the demonstration below you can control how heavy the weight is to see how it affects the pressure read by the gauge:<br> Note that even when we <a rel="noreferrer" target="_blank" href="https://ciechanow.ski">remove the weight</a> the pressure meter shows a non-zero read. The water itself also has weight so its mass above the point of measurement contributes to the readout as well.<br> Let’s try to quantify the force exerted by the water. Firstly, notice that the shape of the water above the measurement forms a cylinder with height h and a base surface area A :<br> The mass m of that cylinder of water is just its volume V times the density ρ of the contained water:<br> m = ρ × V<br> That highlighted volume V , however, can also be expressed as the area of the base A times the height h which we can plug into the equation for mass m :<br> m = ρ × A × h<br> The force of gravity F acting on that water is equal to its mass m times the gravitational acceleration g :<br> F = m × g<br> If we now plug all these values to the equation for pressure P = F / A we get:<br> P = ρ × A × h × g / A<br> Which we can simplify by reducing the area A to obtain the final equation for pressure P of liquid with density ρ at a depth h under surface:<br> P = ρ × h × g<br> Note that the resulting pressure P is independent of the base area, it’s only affected by the height h and density ρ of the water above:<br> In general the density ρ of water is not constant and depends on temperature and <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Salinity">salinity</a> , but at the scales we’re interested in we can assume its value doesn’t change.<br> If you recall our first demonstration of a loaded syringe, you may remember that the pressure applied to the plunger “travelled” through the hose to act on a spring, which was quite distant from the syringe itself. The very same rules apply here. Observe the pressure shown by the gauge two different spots of this L-shaped container:<br> The right gauge always shows the same pressure even though in some cases there is less water “directly” above it. This may seem a little surprising, but you’d probably agree that if we removed the green plug from the <a rel="noreferrer" target="_blank" href="https://ciechanow.ski">filled</a> container, the water would come out of the opening because of non-zero pressure in that area.<br> That behavior of pressure in incompressible fluids is known as <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Pascal%27s_law">Pascal’s law</a> . It states that pressure applied to any part of the liquid will be transmitted in all directions. As a result, the pressure in a connected body of water is the same at every level under the free surface.<br> It’s worth stressing that in these static cases the pressure at a given level depends purely on the height of the body of water. This may have some unexpected consequences. For example, pressure at the bottom of these two containers is exactly the same:<br> Note how much less water there is in a thin straw compared to the wide container. This scenario is known as Pascal’s barrel . By making the straw longer and filling it with water we can make the pressure inside the barrel arbitrarily large, causing it to explode. While Pascal himself possibly <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Pascal%27s_law#Pascal's_barrel">never performed</a> that experiment, some modern recreations <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=EJHrr21UvY8">have been successful</a> .<br> Buoyancy<br> On its own pressure doesn’t have any direction – it’s a scalar value, just like temperature is. However, the force exerted by pressure acts in the normal, that is locally perpendicular, direction to the surface of the object. We can visualize the local forces created by the pressure with small arrows:<br> In fact, these forces act not only on the container itself, but also on any object placed in the water as well. In the demonstration below a red brick is hanging on a string . You can dunk it into water using the slider:<br> From this point on I’ll remove the constraints of containers and we’ll instead move outdoors where we’ll submerge things into vast, peaceful ocean waters. In this new environment the rules of pressure remain the same – after all, we’re still dealing with water.<br> The brick is now hanging on a string that is attached to a scale, which we’ll lower. Notice that as a larger part of the brick gets underwater, the weight shown by the scale decreases:<br> While the horizontal arrows of water pressure forces balance each other, the vertical ones don’t, and the pressure exerts a net positive force that pushes up on the brick. All the small arrows add up to the cumulative force known as <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Buoyancy">buoyancy</a> . In this example buoyancy is not strong enough to completely overcome the force of gravity acting on the brick, but it manages to diminish it to some extent, which reduces the weight as measured by the scale:<br> Note that for the sake of clarity, I shifted the arrows apart a little, but in this simple scenario buoyancy and gravity are actually positioned on the same vertical line.<br> If we use a wooden block instead of a brick, the situation changes a bit. As the block gets gently lowered, it will reach a point where the water is capable of keeping it on the surface and the string gets some slack:<br> If we remove the string and manually push a wooden block underwater, the force of buoyancy will become higher than the block’s weight . When we let go of the block, the water will push it up:<br> Once the block gains some speed it may even overshoot its steady position, only to get pulled down by gravity again. After a while the water resistance slows the oscillating movement enough for the block to find its steady balance.<br> Let’s try to quantify the force of buoyancy as created by the pressure. Naturally, the forces here are three dimensional, however, observe that all the horizontal components are matched on the opposite side and they cancel each other out. Only the pressure forces on top and bottom are unbalanced. You can drag the block around to see all the pressure forces acting on it:<br> The pressure P T on top of the brick acting on the top surface area A exerts the force F T equal to:<br> F T = P T × A = ρ × g × h T × A<br> Similarly, the resulting force F B acting from the bottom is:<br> F B = P B × A = ρ × g × h B × A<br> And the net force of buoyancy F in the upwards direction is the difference of the two:<br> F = F B − F T = ρ × g × ( h B − h T ) × A<br> Notice however, that the highlighted difference is just the height of the submerged part:<br> F = ρ × g × h × A<br> And the product of height h and the base area A is volume V of the submerged object, which gives us the equation that ties the force of buoyancy to the displaced volume V of fluid with density ρ :<br> F = ρ × g × V<br> Displaced volume is the volume of fluid that would normally occupy a space that is now filled by the object. We can also observe that density ρ times volume V is just mass m :<br> This is force is just the weight of the displaced fluid. This general rule, known as <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Archimedes%27_principle">Archimedes’ principle</a> , states that the force of buoyancy is equal to the weight of the fluid that the object has displaced. Note that buoyancy does not depend on the weight of the object itself, it’s only affected by the submerged volume of that object.<br> You may wonder if the same rule holds for an arbitrary shape. After all, I’ve conveniently used a plain wooden block to simplify the volume and force calculations. However, we can use the same method even for smooth shapes by subdividing them into arbitrarily small rectangular prisms.<br> In the following demonstration you can use smaller and smaller prisms to approximate the shape of a sphere. For the sake of clarity, I’m only coloring the top and bottom surfaces. You can drag the simulation around to see it from different angles:<br> Notice how quickly a group of blocks starts to resemble the smooth shape of the sphere.<br> Now that we know that the force of buoyancy depends on the submerged volume we can also analyze what happens when the wooden block is forcefully tilted:<br> The local forces exerted by pressure are no longer … https://www.whatsupup.com/blog/augur/cussed/20210727-160849/ Tue, 27 Jul 2021 16:08:49 +0000 https://www.whatsupup.com/blog/augur/cussed/20210727-160849/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/connect-the-conversation-with-threads-on-discord-3f5fa8b0f6b?source=collection_home---4------0-----------------------">Connect the Conversation with Threads on Discord</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/connect-the-conversation-with-threads-on-discord-3f5fa8b0f6b?source=collection_home---4------0-----------------------">Connect the Conversation with Threads on Discord Today, we’re excited to introduce a new home for all those winding discussions happening in your communities: Threads!</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210727-121657/ Tue, 27 Jul 2021 12:16:56 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210727-121657/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/">VPN servers seized by Ukrainian authorities weren’t encrypted</a><br></p> <hr> Company says it's in the process of overhauling its VPN offerings to better secure them.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210727-082308/ Tue, 27 Jul 2021 08:23:08 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210727-082308/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132320_2022-porsche-cayenne-turbo-gt-price-specs-review-photos-info">First drive review: 2022 Porsche Cayenne Turbo GT jams the soul of a sports car into an SUV body</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1125026_2021-tesla-model-s-plaid-returns-to-ring-in-potential-record-attempt">2021 Tesla Model S Plaid returns to 'Ring in potential record attempt</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133011_bentley-bentayga-will-soon-be-available-with-22-inch-carbon-fiber-wheels">Bentley Bentayga will soon be available with 22-inch carbon-fiber wheels</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132971_christian-von-koenigsegg-provides-walkthrough-of-koenigsegg-jesko-hypercar">Christian von Koenigsegg provides walkthrough of Koenigsegg Jesko hypercar</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210727-082134/ Tue, 27 Jul 2021 08:21:33 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210727-082134/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/by/mike-isaac">Do Not Sell My Personal Information</a><br></p> <hr> Something went wrong. Please try again later.<br> <a rel="noreferrer" target="_blank" href="http://www.nytimes.com/privacy/california-notice">California Notices</a><br> https://www.whatsupup.com/blog/jigging/witherer/20210727-081951/ Tue, 27 Jul 2021 08:19:51 +0000 https://www.whatsupup.com/blog/jigging/witherer/20210727-081951/ <a rel="noreferrer" target="_blank" href="https://themarkup.org/announcements">Announcements</a><br> https://www.whatsupup.com/blog/sited/implore/20210727-081906/ Tue, 27 Jul 2021 08:19:06 +0000 https://www.whatsupup.com/blog/sited/implore/20210727-081906/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/by/cecilia-kang">Do Not Sell My Personal Information</a><br></p> <hr> Something went wrong. Please try again later.<br> <a rel="noreferrer" target="_blank" href="http://www.nytimes.com/privacy/california-notice">California Notices</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210727-080651/ Tue, 27 Jul 2021 08:06:50 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210727-080651/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/plugwalkjoe-does-the-perp-walk/">PlugwalkJoe Does the Perp Walk</a><br></p> <hr> Joseph “PlugwalkJoe” O’Connor, in a photo from a paid <a rel="noreferrer" target="_blank" href="https://www.globenewswire.com/en/news-release/2020/09/02/2087991/0/en/Cryptocurrency-Prodigy-Joseph-PlugWalkJoe-O-Connor-is-Helping-People-Everywhere-Master-Crypto.html">press release</a> on Sept. 02, 2020, pitching him as a trustworthy cryptocurrency expert and advisor.<br> One day after last summer’s mass-hack of Twitter , KrebsOnSecurity <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2020/07/whos-behind-wednesdays-epic-twitter-hack/">wrote</a> that 22-year-old British citizen Joseph “PlugwalkJoe” O’Connor appeared to have been involved in the incident. When the U.S. Justice Department last week announced O’Connor’s arrest and indictment, his alleged role in the Twitter compromise was well covered in the media.<br> But most of the coverage seems to have overlooked the far more sinister criminal charges in the indictment, which involve an underground scene wherein young men turn to extortion, sextortion, SIM swapping, death threats and physical attacks — all in a frenzied effort to seize control over social media accounts.<br> Skim the government’s indictment and you might overlook a footnote on Page 4 that says O’Connor is part of a group that had exactly zero reservations about using their playbook of harassment tactics against law enforcement agents who were already investigating their alleged crimes.<br> “ O’Connor has potentially been linked to additional prior swatting incidents and possibly (although not confirmed and currently still under investigation) the swatting of a U.S. law enforcement officer ,” the footnote reads.<br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/tag/swatting/">Swatting</a> involves making a false report to authorities in a target’s name with the intention of sending a heavily armed police force to that person’s address. It’s a potentially deadly hoax: Earlier this month, a Tennessee man was sentenced to 60 months in prison for setting in motion a swatting attack that <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/serial-swatter-who-caused-death-gets-five-years-in-prison/">led to the death of a 60-year-old grandfather</a> .<br> As for the actual criminal charges, O’Connor faces ten counts, including conspiracy, computer intrusion, extortive communications, stalking and threatening communications.<br> FEMALE TARGETS<br> All of those come into play in the case of the Snapchat account of actor Bella Thorne , who was allegedly targeted by PlugwalkJoe and associates in June 2019.<br> Investigators say O’Connor was involved in a “SIM swap” against Thorne’s mobile phone number. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/tag/sim-swapping/">Unauthorized SIM swapping</a> is a scheme in which fraudsters trick or bribe employees at wireless phone companies into redirecting the target’s text messages and phone calls to a device they control. From there, the attackers can reset the password for any online account that allows password resets via SMS.<br> In this case, the SIM swap was done to wrest control over Thorne’s Snapchat account. Once inside, the attackers found nude photos of Thorne, which they then threatened to release unless she agreed to post on social media thanking the hackers using their online handles.<br> The intruders posted on Thorne’s Snapchat, “Will drop nudes if 5000 of you follow @PlugwalkJoe.” Thorne told the feds her phone lost service shortly before her account was hijacked. Investigators later found the same Internet address used to access Thorne’s Snapchat account also was used minutes later to access “@Joe” on Instagram, which O’Connor has claimed publicly.<br> On June 15, 2019, Thorne <a rel="noreferrer" target="_blank" href="https://twitter.com/THR/status/1140327216061878272">posted on Twitter</a> that she’d been “threatened with my own nudes,” and posted screenshots of the text message with the individual who had extorted him/her. Thorne said she was releasing the photographs so that the individual would not be able to “take yet another thing from me.”<br> The indictment alleges O’Connor also swatted and cyberstalked a 16-year-old girl, sending her nude photos and threatening to rape and/or murder her and her family.<br> Social media personality <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Addison_Rae">Addison Rae</a> had 55 million followers when her TikTok account got hacked last August. I <a rel="noreferrer" target="_blank" href="https://twitter.com/briankrebs/status/1294464374841761792">noted on Twitter</a> at the time that PlugWalkJoe had left his calling card yet again. The indictment alleges O’Connor also was involved in a SIM-swap against Rae’s mobile number.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210726-162126/ Mon, 26 Jul 2021 16:21:26 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210726-162126/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133010_porsche-imagines-an-interior-for-self-driving-cars">Porsche imagines an interior for self-driving cars</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1133007_ssangyong-reveals-pair-of-suvs-as-us-investors-eye-stake-in-struggling-brand">SsangYong reveals pair of SUVs as US investors eye stake in struggling brand</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131172_israeli-startup-with-modular-ev-platform-goes-public-via-spac-deal-expands-to-us">Israeli startup with modular EV platform goes public via SPAC deal, expands to US</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210726-161202/ Mon, 26 Jul 2021 16:12:02 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210726-161202/ <a rel="noreferrer" target="_blank" href="https://future.com/technology-saves-the-world/">Technology Saves the World</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210726-160826/ Mon, 26 Jul 2021 16:08:26 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210726-160826/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/earnin-customer-story/">How Earnin rebuilt their customer service process ahead of launching a new feature This is the story how Paula built a new service dashboard in Retool to help the customer service team prepare for the launch of their new product, WeWin.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210726-122146/ Mon, 26 Jul 2021 12:21:46 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210726-122146/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132990_with-ipo-in-view-volvo-buys-out-chinese-joint-ventures-from-geely">With IPO in view, Volvo buys out Chinese joint ventures from Geely</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210726-081121/ Mon, 26 Jul 2021 08:11:20 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210726-081121/ 19 Aug 2019 » <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2019-08-19/bpftrace.html">A thorough introduction to bpftrace</a><br> Slides for my Facebook Systems@Scale talk <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/systemsscale-2021-bpf-performance-getting-started">Performance Wins with BPF: Getting Started</a> ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/systemsscale-2021-bpf-performance-getting-started">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/Scale2021_BPF_performance_getting_started_2021.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.facebook.com/atscaleevents/videos/536868690830345">video</a> ) (2021).<br> An article for opensource.com: <a rel="noreferrer" target="_blank" href="https:///opensource.com/article/19/8/introduction-bpftrace">An introduction to bpftrace for Linux</a> , summarizing the syntax and including a one-liners tutorial (2019).<br> Video for my Facebook Systems@Scale talk <a rel="noreferrer" target="_blank" href="https://www.facebook.com/atscaleevents/videos/536868690830345">Performance Wins with BPF: Getting Started</a> ( <a rel="noreferrer" target="_blank" href="https://www.facebook.com/atscaleevents/videos/536868690830345">video</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/systemsscale-2021-bpf-performance-getting-started">slideshare</a> ) (21 mins) (2021).<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210725-122123/ Sun, 25 Jul 2021 12:21:23 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210725-122123/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132985_the-final-bugatti-divo-has-been-built-and-delivered">The final Bugatti Divo has been built and delivered</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210725-041714/ Sun, 25 Jul 2021 04:17:14 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210725-041714/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2013/02/04/attack-of-week-tls-timing-oracles/">Attack of the week: TLS timing oracles</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210725-040639/ Sun, 25 Jul 2021 04:06:39 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210725-040639/ Thinking of a Cybersecurity Career?<br> Read this.<br> https://www.whatsupup.com/blog/sited/implore/20210724-161755/ Sat, 24 Jul 2021 16:17:55 +0000 https://www.whatsupup.com/blog/sited/implore/20210724-161755/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/24/business/biden-antitrust-amazon-google.html">Biden’s Antitrust Team Signals a Big Swing at Corporate Titans The president has stacked his administration with crusaders who have spent their careers challenging corporate consolidation. By Jim Tankersley and Cecilia Kang</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210724-122110/ Sat, 24 Jul 2021 12:21:10 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210724-122110/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132997_bmw-s-art-cars-go-digital">BMW's Art Cars go digital</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210724-040836/ Sat, 24 Jul 2021 04:08:36 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210724-040836/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/google-sheets/">Building apps on top of Google Sheets While spreadsheet software has evolved over the years—first VisiCalc, then Lotus, Excel and now Google Sheets—the core abstractions have remained the same.They’re flexible, intuitive, and accessible. But these abstractions</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210724-002216/ Sat, 24 Jul 2021 00:22:16 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210724-002216/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131719_2022-mercedes-benz-eqs-specs-price-review-info-photos">First drive review: 2022 Mercedes-Benz EQS vaults the S-Class into tomorrow</a><br> https://www.whatsupup.com/blog/sited/implore/20210724-001815/ Sat, 24 Jul 2021 00:18:15 +0000 https://www.whatsupup.com/blog/sited/implore/20210724-001815/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/23/technology/ftc-facebook-antitrust-lawsuit.html">The F.T.C. asks for an extension to refile its Facebook antitrust suit. The F.T.C. said in its request that it had reached an agreement with Facebook over the proposed extension. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210724-001713/ Sat, 24 Jul 2021 00:17:13 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210724-001713/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2012/04/11/its-end-of-world-as-we-know-it-and-i/">It's the end of the world as we know it (and I feel fine)</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210724-000735/ Sat, 24 Jul 2021 00:07:34 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210724-000735/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/serial-swatter-who-caused-death-gets-five-years-in-prison/">Serial Swatter Who Caused Death Gets Five Years in Prison</a><br></p> <hr> A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.<br> 60-year-old Mark Herring died of a heart attack after police surrounded his home in response to a swatting attack.<br> Shane Sonderman , of Lauderdale County, Tenn. admitted to conspiring with a group of criminals that’s been “swatting” and harassing people for months in a bid to coerce targets into giving up their valuable Twitter and Instagram usernames.<br> At Sonderman’s sentencing hearing today, prosecutors told the court the defendant and his co-conspirators would text and call targets and their families, posting their personal information online and sending them pizzas and other deliveries of food as a harassment technique.<br> Other victims of the group told prosecutors their tormentors further harassed them by making false reports of child abuse to social services local to the target’s area, and false reports in the target’s name to local suicide prevention hotlines.<br> Eventually, when subjects of their harassment refused to sell or give up their Twitter and Instagram usernames, Sonderman and others would swat their targets — or make a false report to authorities in the target’s name with the intention of sending a heavily armed police response to that person’s address.<br> For weeks throughout March and April 2020, 60-year-old <a rel="noreferrer" target="_blank" href="https://www.facebook.com/mark.herring.940641">Mark Herring</a> of Bethpage, Tenn. was inundated with text messages asking him to give up his @Tennessee Twitter handle. When he ignored the requests, Sonderman and his buddies began having food delivered to Herring’s home via cash on delivery.<br> At one point, Sonderman posted Herring’s home address in a Discord chat room used by the group, and a minor in the United Kingdom quickly followed up by directing a swatting attack on Herring’s home.<br> Ann Billings was dating Mr. Herring and was present when the police surrounded his home. She recalled for the Tennessee court today how her friend died shortly thereafter of a heart attack.<br> Billings said she first learned of the swatting when a neighbor called and asked why the street was lined with police cars. When Mr. Herring stepped out on the back porch to investigate, police told him to put his hands up and to come to the street.<br> Unable to disengage a lock on his back fence, Herring was instructed to somehow climb over the fence with his hands up.<br> “He was starting to get more upset,” Billings recalled. “He said, ‘I’m a 60-year-old fat man and I can’t do that.'”<br> Billings said Mr. Herring then offered to crawl under a gap in the fence, but when he did so and stood up, he collapsed of a heart attack. Herring died at a nearby hospital soon after.<br> Mary Frances Herring , who was married to Mr. Herring for 28 years, said her late husband was something of a computer whiz in his early years who secured the @Tennessee Twitter handle shortly after Twitter came online. Internet archivist <a rel="noreferrer" target="_blank" href="https://twitter.com/textfiles/status/1417743261125513217">Jason Scott says</a> Herring was the creator of the successful software products Sparkware and QWIKMail; Scott has 2 hours worth of interviews with Herring from 20 years ago <a rel="noreferrer" target="_blank" href="https://t.co/aJ3CQ9Fzay?amp=1">here</a> .<br> Perhaps the most poignant testimony today came when Ms. Herring said her husband — who was killed by people who wanted to steal his account — had a habit of registering new Instagram usernames as presents for friends and family members who’d just had children.<br> “If someone was having a baby, he would ask them, ‘What are your naming the baby?’,” Ms. Herring said. “And he would get them that Instagram name and give it to them as a gift.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/serial-swatter-who-caused-death-gets-five-years-in-prison/#more-56372">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210723-202218/ Fri, 23 Jul 2021 20:22:18 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210723-202218/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132995_alpha-motors-superwolf-compact-pickup-combines-retro-style-with-electric-powertrain">Alpha Motors Superwolf compact pickup combines retro style with electric powertrain</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20210723-201719/ Fri, 23 Jul 2021 20:17:18 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210723-201719/ <a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-02010-x">NASA investigates renaming James Webb telescope after anti-LGBT+ claims</a><br></p> <hr> Some astronomers argue the flagship observatory — successor to the Hubble Space Telescope — will memorialize discrimination. Others are waiting for more evidence.<br> https://www.whatsupup.com/blog/augur/cussed/20210723-200854/ Fri, 23 Jul 2021 20:08:53 +0000 https://www.whatsupup.com/blog/augur/cussed/20210723-200854/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/meet-the-discord-users-who-imagined-a-place-657325b75fa6?source=collection_home---4------0-----------------------">Meet the Discord Users Who Imagined a Place</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/meet-the-discord-users-who-imagined-a-place-657325b75fa6?source=collection_home---4------0-----------------------">Meet the Discord Users Who Imagined a Place Let’s talk about you, the community who inspired the entire Imagine a Place project and Discord — The Movie (2021).</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210723-162159/ Fri, 23 Jul 2021 16:21:59 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210723-162159/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132993_audi-rs-q-e-tron-super-suv-gets-ready-to-rock-at-2022-dakar-rally">Audi RS Q E-Tron super SUV gets ready to rock at 2022 Dakar Rally</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210723-122148/ Fri, 23 Jul 2021 12:21:48 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210723-122148/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132992_ac-cobra-series-1-electric-starts-testing">AC Cobra Series 1 Electric starts testing</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132991_2022-mercedes-benz-t-class-citan-spy-shots">2022 Mercedes-Benz T-Class (Citan) spy shots: Renault-based compact van spotted</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20210723-041658/ Fri, 23 Jul 2021 04:16:57 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210723-041658/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/what-facebook-cant-fix">What Facebook Can’t Fix</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/what-facebook-cant-fix">When people lose faith in institutions, they gravitate to misinformation. It's time to address the trust vacuum.</a><br> <a rel="noreferrer" target="_blank" href="javascript:void(0)">6</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/what-facebook-cant-fix/comments">Comment</a> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> Jul 15 <a rel="noreferrer" target="_blank" href="javascript:void(0)">12</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/its-never-been-better-to-be-talent/comments">Comment 1</a> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210723-002203/ Fri, 23 Jul 2021 00:22:03 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210723-002203/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132975_2021-jeep-wrangler-rubicon-392-drives-fast-over-any-surface-sometimes-too-fast">2021 Jeep Wrangler Rubicon 392 drives fast over any surface, sometimes too fast</a><br> https://www.whatsupup.com/blog/jigging/witherer/20210723-001921/ Fri, 23 Jul 2021 00:19:21 +0000 https://www.whatsupup.com/blog/jigging/witherer/20210723-001921/ <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/07/09/facebook-got-rid-of-racial-ad-categories-or-did-it">Citizen Browser Facebook Got Rid of Racial Ad Categories. Or Did It? Our Citizen Browser project found an array of proxies through which advertisers can target Black Facebook users, among other demographics July 9, 2021 08:00 ET</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210723-001846/ Fri, 23 Jul 2021 00:18:45 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210723-001846/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/kaseya-gets-master-decryptor-to-help-customers-still-suffering-from-revil-attack/">Kaseya gets master decryptor to help customers still suffering from REvil attack</a><br></p> <hr> REvil ransomware struck as many as 1,500 networks, but a master key is now available.<br> https://www.whatsupup.com/blog/augur/cussed/20210723-000905/ Fri, 23 Jul 2021 00:09:05 +0000 https://www.whatsupup.com/blog/augur/cussed/20210723-000905/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/resources-for-celebrating-pride-throughout-the-year-688b080fb040?source=collection_home---4------0-----------------------">Resources for Celebrating Pride Throughout The Year</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/resources-for-celebrating-pride-throughout-the-year-688b080fb040?source=collection_home---4------0-----------------------">Resources for Celebrating Pride Throughout The Year Discord’s Pride ERG would like to share knowledge, resources, and information to help support LGBTQIA+ communities any day of the year.</a><br> <hr> Jul 22<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210722-202159/ Thu, 22 Jul 2021 20:21:58 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210722-202159/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1130340_2022-subaru-brz-price-specs-review-info-photos">2022 Subaru BRZ preview: No turbo, but more power for $28,955</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132986_volkswagen-atlas-cross-sport-gt-concept-imagines-a-sporty-family-crossover">Volkswagen Atlas Cross Sport GT Concept imagines a sporty family crossover</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1103534_2023-maserati-granturismo-spy-shots">2023 Maserati GranTurismo spy shots: Electric and ICE options coming</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210722-161846/ Thu, 22 Jul 2021 16:18:46 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210722-161846/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-britain/pingdemic-puts-britains-food-supply-under-strain-idUSKBN2ES0H6">'Pingdemic' puts Britain's food supply under strain</a><br></p> <hr> LONDON (Reuters) -British supermarkets said on Thursday that some products were in short supply and petrol stations had been forced to close after the official health app told hundreds of thousands of workers to isolate following contact with someone with COVID-19.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-cuba-usa-sanctions/u-s-to-impose-sanctions-on-cuban-officials-over-crackdown-on-protests-source-idUSKBN2ES1X5">U.S. to impose sanctions on Cuban officials over crackdown on protests -source</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-colombia-violence/colombia-arrests-10-over-bombing-shooting-of-presidents-helicopter-idUSKBN2ES1TX">Colombia arrests 10 over bombing, shooting of president's helicopter</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210722-122144/ Thu, 22 Jul 2021 12:21:44 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210722-122144/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132975_2021-jeep-wrangler-rubicon-392-is-fast-over-any-surface-sometimes-too-fast">2021 Jeep Wrangler Rubicon 392 is fast over any surface, sometimes too fast</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1076105_porsche-928-from-risky-business-heads-to-auction">Porsche 928 from "Risky Business" heads to auction</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210722-121808/ Thu, 22 Jul 2021 12:18:08 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210722-121808/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-britain/pingdemic-grips-britain-as-fears-of-food-shortages-grow-idUSKBN2ES0H6">'Pingdemic' grips Britain as fears of food shortages grow</a><br></p> <hr> LONDON (Reuters) -Britain's supermarkets, wholesalers and hauliers were struggling on Thursday to ensure stable food and fuel supplies after an official health app told hundreds of thousands of workers to isolate after contact with someone with COVID-19.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-norway-attacks/bells-toll-across-norway-to-mark-10-years-since-neo-nazi-breivik-killed-77-people-idUSKBN2ER2HY">Bells toll across Norway to mark 10 years since neo-Nazi Breivik killed 77 people</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-unions/childrens-tales-of-sheep-and-wolves-incite-sedition-hk-police-say-idUSKBN2ES0BF">Children's tales of sheep and wolves incite sedition, HK police say</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210722-082224/ Thu, 22 Jul 2021 08:22:24 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210722-082224/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1129686_2023-bmw-x7-spy-shots">2023 BMW X7 spy shots: Heavy styling update set for big crossover</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210722-081902/ Thu, 22 Jul 2021 08:19:02 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210722-081902/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-olympics-2020-ceremony-director/opening-ceremony-director-dismissed-after-past-comments-on-holocaust-tokyo-2020-says-idUSKBN2ES06X">Opening ceremony director dismissed after past comments on Holocaust, Tokyo 2020 says</a><br></p> <hr> The director of the opening ceremony of the Tokyo 2020 Olympics has been dismissed, organisers said on Thursday, following news reports about his past comments on the Holocaust.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-cyber-nso/israeli-lawmaker-eyes-spyware-export-curbs-as-macron-convenes-cabinet-idUSKBN2ES0HC">Israeli lawmaker eyes spyware export curbs as Macron convenes cabinet</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-court/hk-court-denies-bail-to-apple-daily-staff-facing-national-security-charges-idUSKBN2ES037">HK court denies bail to Apple Daily staff facing national security charges</a><br> https://www.whatsupup.com/blog/emphysema/mesalliance/20210722-042250/ Thu, 22 Jul 2021 04:22:50 +0000 https://www.whatsupup.com/blog/emphysema/mesalliance/20210722-042250/ <p><a rel="noreferrer" target="_blank" href="https://intuitiveexplanations.com/">Intuitive Explanations</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://intuitiveexplanations.com/about/projects">Projects</a> <a rel="noreferrer" target="_blank" href="https://intuitiveexplanations.com/math">Math</a> <a rel="noreferrer" target="_blank" href="https://intuitiveexplanations.com/tech">Tech</a> <a rel="noreferrer" target="_blank" href="https://intuitiveexplanations.com/fiction">Fiction</a> <a rel="noreferrer" target="_blank" href="https://intuitiveexplanations.com/assets/Resume.pdf">Resume</a> <a rel="noreferrer" target="_blank" href="https://intuitiveexplanations.com/about">About</a><br> Technical blog<br> This page has an index of writing I’ve done about programming.<br> <a rel="noreferrer" target="_blank" href="https://intuitiveexplanations.com/kalyn">Kalyn: a self-hosting compiler for x86-64</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://intuitiveexplanations.com/replit/">How Replit used legal threats to kill my open-source project</a><br> <hr> Intuitive Explanations<br> <a rel="noreferrer" target="_blank" href="mailto:radon.neon@gmail.com">radon.neon@gmail.com</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/raxod502">raxod502</a><br> <hr> Understand, don't memorize.<br> https://www.whatsupup.com/blog/gonadal/revving/20210722-042018/ Thu, 22 Jul 2021 04:20:17 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210722-042018/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2008/04/17/collecting-unstructured-information-with-the-monoid-of-partial-knowledge/">Collecting unstructured information with the monoid of partial knowledge</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210722-041805/ Thu, 22 Jul 2021 04:18:04 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210722-041805/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-accident-tunnel/death-toll-in-china-flooded-highway-tunnel-rises-to-13-idUSKBN2ES013">Death toll in China flooded highway tunnel rises to 13</a><br></p> <hr> Rescuers have found the bodies of 10 more workers who were trapped in a flooded highway tunnel in the southern Chinese city of Zhuhai last week, bringing the death toll to 13, state media reported late on Wednesday.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-court/four-apple-daily-staff-due-in-hong-kong-court-on-national-security-charges-idUSKBN2ES037">Four Apple Daily staff due in Hong Kong court on national security charges</a><br> https://www.whatsupup.com/blog/emphysema/mesalliance/20210722-002417/ Thu, 22 Jul 2021 00:24:17 +0000 https://www.whatsupup.com/blog/emphysema/mesalliance/20210722-002417/ [Nothing new, only with content removed] https://www.whatsupup.com/blog/disappear/fussy/20210722-001854/ Thu, 22 Jul 2021 00:18:54 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210722-001854/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/home-and-office-routers-come-under-attack-by-china-state-hackers-france-warns/">Home and office routers come under attack by China state hackers, France warns</a><br></p> <hr> Compromised routers give the hackers anonymity in ongoing large-scale attacks.<br> https://www.whatsupup.com/blog/trifid/ragwort/20210722-001810/ Thu, 22 Jul 2021 00:18:10 +0000 https://www.whatsupup.com/blog/trifid/ragwort/20210722-001810/ <a rel="noreferrer" target="_blank" href="https://dashboard.smartcar.com/login/">Log in</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210721-202243/ Wed, 21 Jul 2021 20:22:43 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210721-202243/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132938_2023-chevrolet-corvette-z06-teased-with-sound-of-screaming-flat-plane-crank-v-8">2023 Chevrolet Corvette Z06 teased with sound of screaming flat-plane crank V-8</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20210721-202011/ Wed, 21 Jul 2021 20:20:11 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210721-202011/ July 21, 2021 <a rel="noreferrer" target="_blank" href="gemini://drewdevault.com/2021/07/21/Demon-Slayer-review.gmi">Demon Slayer: The Movie: Mugen Train review</a> [ <a rel="noreferrer" target="_blank" href="https://drewdevault.com/gemini.html">what is gemini://?</a> ]<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210721-201859/ Wed, 21 Jul 2021 20:18:59 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210721-201859/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma/death-toll-in-south-africa-riots-rises-to-276-minister-says-idUSKBN2ER28F">Death toll in South Africa riots rises to 276, minister says</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-taliban-pentagon/half-of-all-afghan-district-centers-under-taliban-control-u-s-general-idUSKBN2ER26Q">Half of all Afghan district centers under Taliban control - U.S. general</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/07/21/covering-the-tokyo-olympics-in-japans-he?videoId=733207116&videoChannel=118169">Covering the Tokyo Olympics in Japan's heat</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210721-201235/ Wed, 21 Jul 2021 20:12:35 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210721-201235/ <p>Congratulations to @Clubhouse for going out of beta/no more invites or waitlist starting today.</p> <p>@aarthir and I will be doing a special edition of @GoodTimeShowCH tonight at 10pm PT with @pdavison @rohanseth @pmarca @stevesi to talk about today+their road to getting here.<br></p> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210721-162242/ Wed, 21 Jul 2021 16:22:42 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210721-162242/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132969_street-legal-1998-mercedes-benz-clk-gtr-headed-to-auction">Street-legal 1998 Mercedes-Benz CLK GTR headed to auction</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131444_2022-volvo-c40-recharge-debuts-as-automaker-s-first-electric-only-model-for-59-845">2022 Volvo C40 Recharge debuts as automaker's first electric-only model for $59,845</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132966_bugatti-bought-back-the-first-veyron-grand-sport-prototype-and-restored-it">Bugatti bought back the first Veyron Grand Sport prototype and restored it</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132965_pininfarina-shows-off-first-client-spec-for-battista-electric-hypercar">Pininfarina shows off first client spec for Battista electric hypercar</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210721-161907/ Wed, 21 Jul 2021 16:19:07 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210721-161907/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-weather-henan/at-least-25-dead-as-rains-deluge-central-chinas-henan-province-idUSKBN2EQ2CF">At least 25 dead as rains deluge central China's Henan province</a><br></p> <hr> At least 25 people have died in China's flood-stricken central province of Henan, a dozen of them in a subway line in its capital Zhengzhou, and more rains are forecast for the region.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-usa-travel/u-s-extends-travel-curbs-at-canada-mexico-land-borders-through-aug-21-idUSKBN2ER1JV">U.S. extends travel curbs at Canada, Mexico land borders through Aug. 21</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-russia-politics-navalny-spokesperson/russia-extends-house-arrest-of-kremlin-critic-navalnys-spokesperson-idUSKBN2ER1XJ">Russia extends house arrest of Kremlin critic Navalny's spokesperson</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20210721-161434/ Wed, 21 Jul 2021 16:14:34 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210721-161434/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/07/12/Slow-M1">Where’s the Apple M2?</a> · DPReview just published <a rel="noreferrer" target="_blank" href="https://www.dpreview.com/opinion/5834413552/apple-still-hasnt-made-a-truly-pro-m1-mac">Apple still hasn't made a truly “Pro” M1 Mac – so what’s the holdup?</a> Following on the good performance and awesome power efficiency of the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Apple_M1">Apple M1</a> , there’s a hungry background rumble in Mac-land along the lines of “Since the M1 is an entry-level chip, the next CPU is gonna blow everyone’s mind!” But it’s been eight months since the M1 shipped and we haven’t heard from Apple. I have a good guess what’s going on: It’s proving really hard to make a CPU (or <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/System_on_a_chip">SoC</a> ) that’s perceptibly faster than the M1. Here’s why <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/07/12/Slow-M1">…</a> [4 comments]<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210721-160856/ Wed, 21 Jul 2021 16:08:56 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210721-160856/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/segment-customer-story/">How the Segment support team uses real-time data to help customers create and use audiences As Segment prepared to launch their second product, Personas, a PM realized that their customer support team needed a new level of visibility into product data.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210721-122221/ Wed, 21 Jul 2021 12:22:21 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210721-122221/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132953_first-drive-review-2021-mercedes-benz-amg-e63-s-wagon-packs-supercar-power-and-crossover-space">First drive review: 2021 Mercedes-Benz AMG E63 S wagon packs supercar power and crossover space</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210721-121816/ Wed, 21 Jul 2021 12:18:15 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210721-121816/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-weather-henan/at-least-25-dead-in-chinese-provinces-heaviest-rains-in-1000-years-idUSKBN2EQ2CF">At least 25 dead in Chinese province's heaviest rains in 1,000 years</a><br></p> <hr> At least 25 people have died in China's flood-stricken central province of Henan, a dozen of them in a subway line in its capital that was drenched by what weather officials called the heaviest rains for 1,000 years.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-china-diplomacy/senior-u-s-diplomat-sherman-to-visit-china-state-department-idUSKBN2ER13L">Senior U.S. diplomat Sherman to visit China - State Department</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-cyber-nso/israels-national-security-council-looking-into-nso-spyware-allegations-idUSKBN2ER14M">Israel's National Security Council 'looking into' NSO spyware allegations</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210721-121626/ Wed, 21 Jul 2021 12:16:26 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210721-121626/ By <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/author/matthewdgreen/">Matthew Green</a> in <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/category/apple/">Apple</a> , <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/category/attacks/">attacks</a> , <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/category/backdoors/">backdoors</a> , <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/category/malware/">malware</a> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2021/07/20/a-case-against-security-nihilism/">July 20, 2021 July 20, 2021</a> 1,417 Words <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2021/07/20/a-case-against-security-nihilism/#comments">2 Comments</a><br> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2018/04/26/a-few-thoughts-on-ray-ozzies-clear-proposal/">A few thoughts on Ray Ozzie's "Clear" Proposal</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210721-082128/ Wed, 21 Jul 2021 08:21:28 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210721-082128/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132961_aston-martin-announces-updates-for-2022-including-more-power-for-db11-v8">Aston Martin announces updates for 2022, including more power for DB11 V8</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210721-081752/ Wed, 21 Jul 2021 08:17:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210721-081752/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-weather-henan/central-chinas-henan-province-swamped-after-heaviest-rain-in-1000-years-idUSKBN2EQ2CF">Central China's Henan province swamped after heaviest rain in 1,000 years</a><br></p> <hr> Large swathes of China's central Henan province were under water on Wednesday, with at least a dozen people dead in its capital Zhengzhou after the city was drenched by what weather watchers said was the heaviest rain in 1,000 years.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-russia-vaccination/push-to-get-wary-russians-vaccinated-leaves-some-covid-clinics-short-idUSKBN2ER0F2">Push to get wary Russians vaccinated leaves some COVID clinics short</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210721-042132/ Wed, 21 Jul 2021 04:21:32 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210721-042132/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132935_tesla-makes-full-self-driving-available-as-199-monthly-subscription">Tesla makes Full Self-Driving available as $199 monthly subscription</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210721-041750/ Wed, 21 Jul 2021 04:17:50 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210721-041750/ <p>Milwaukee Bucks beat Phoenix Suns to win their first NBA championship in 50 years <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKBN2ER09A">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-olympics-2020/olympics-japan-win-softball-opener-as-games-of-hope-begin-idUSKBN2ER058">Olympics-Japan win softball opener as Games 'of hope' begin</a><br></p> <hr> FUKUSHIMA/TOKYO (Reuters) -Japan's women's softball team got the Tokyo 2020 Olympics off to a winning start for the hosts on Wednesday, a boost for the pandemic-postponed Games that the World Health Organization sees as "a celebration of hope" even as COVID-19 cases surge.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-weather-henan/central-chinese-province-swamped-after-heaviest-rain-in-1000-years-idUSKBN2EQ2CF">Central Chinese province swamped after heaviest rain in 1,000 years</a><br> https://www.whatsupup.com/blog/sited/implore/20210721-041736/ Wed, 21 Jul 2021 04:17:36 +0000 https://www.whatsupup.com/blog/sited/implore/20210721-041736/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/20/business/kanter-doj-antitrust.html">Biden to Name a Critic of Big Tech as the Top Antitrust Cop Jonathan Kanter, a longtime antitrust lawyer, has built his career largely around working for smaller rivals of Google, Facebook, Amazon and Apple. By Lauren Hirsch and David McCabe</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210721-040842/ Wed, 21 Jul 2021 04:08:42 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210721-040842/ Try Retool<br> https://www.whatsupup.com/blog/disappear/fussy/20210721-001832/ Wed, 21 Jul 2021 00:18:32 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210721-001832/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/separate-eop-flaws-let-hackers-gain-full-control-of-windows-and-linux-systems/">Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling</a><br></p> <hr> Both OSes have flaws that allow attackers with a toehold to elevate access.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210721-001831/ Wed, 21 Jul 2021 00:18:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210721-001831/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-funeral/haiti-appoints-new-prime-minister-in-wake-of-presidents-assassination-idUSKBN2EQ238">Haiti appoints new prime minister in wake of president's assassination</a><br></p> <hr> PORT-AU-PRINCE (Reuters) -Haiti's government on Tuesday formally appointed Ariel Henry as prime minister, nearly two weeks after President Jovenel Moise was gunned down in a murder plot that likely extends far beyond the Caribbean country's borders.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/change-is-coming-perus-castillo-faces-a-divided-nation-after-election-battle-idUSKBN2EQ21C">'Change is coming': Peru's Castillo faces a divided nation after election battle</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210721-001714/ Wed, 21 Jul 2021 00:17:13 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210721-001714/ A perverse reaction I’ve seen from some <a rel="noreferrer" target="_blank" href="https://twitter.com/0xcharlie/status/1417482008373104654">security experts</a> is to shrug and say “there’s no such thing as perfect security.” More concretely, some folks argue, this kind of well-resourced targeted attack is fundamentally impossible to prevent — no matter how much effort companies like Apple put into stopping it.<br> By <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/author/matthewdgreen/">Matthew Green</a> in <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/category/apple/">Apple</a> , <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/category/attacks/">attacks</a> , <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/category/backdoors/">backdoors</a> , <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/category/malware/">malware</a> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2021/07/20/a-case-against-security-nihilism/">July 20, 2021 July 20, 2021</a> 1,417 Words <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2021/07/20/a-case-against-security-nihilism/#comments">1 Comment</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210721-000717/ Wed, 21 Jul 2021 00:07:16 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210721-000717/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/spam-kingpin-peter-levashov-gets-time-served/">Spam Kingpin Peter Levashov Gets Time Served</a><br></p> <hr> Peter Levashov, appearing via Zoom at his sentencing hearing today.<br> A federal judge in Connecticut today handed down a sentence of time served to spam kingpin <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=peter+severa&x=0&y=0">Peter “Severa” Levashov</a> , a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison. Instead, he will go free under three years of supervised release and a possible fine.<br> A native of St. Petersburg, Russia, the 40-year-old Levashov operated under the hacker handle “Severa.” Over the course of his 15-year cybercriminal career, Severa would emerge as a pivotal figure in the cybercrime underground, serving as the primary moderator of a spam community that spanned multiple top Russian cybercrime forums.<br> Severa created and then leased out to others some of the nastiest cybercrime engines in history — including the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Storm_Worm">Storm worm</a> , and the <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=waledac&x=0&y=0">Waledac</a> and <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=kelihos&x=0&y=0">Kelihos</a> spam botnets. His central role in the spam forums gave Severa a prime spot to advertise the services tied to his various botnets, while allowing him to keep tabs on the activities of other spammers.<br> Severa rented out segments of his Waledac botnet to anyone seeking a vehicle for sending spam. For $200, vetted users could hire his botnet to blast one million emails containing malware or ads for male enhancement drugs. Junk email campaigns touting employment or “money mule” scams cost $300 per million, and phishing emails could be blasted out through Severa’s botnet for the bargain price of $500 per million.<br> Severa was a moderator on the Russian spam community Spamdot[.]biz. In this paid ad from 2004, Severa lists prices to rent his spam botnet.<br> Early in his career, Severa worked very closely with two major purveyors of spam. One was Alan Ralsky , an American spammer who was <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Alan_Ralsky">convicted in 2009</a> of paying Severa and other spammers to promote pump-and-dump stock scams.<br> The other was a major spammer who went by the nickname “ <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2011/06/rustock-botnet-suspect-sought-job-at-google/">Cosma</a> ,” the cybercriminal thought to be responsible for managing the Rustock botnet (so named because it was a Russian botnet frequently used to send pump-and-dump stock spam). Microsoft, which has battled to scrub botnets like Rustock off of millions of PCs, later <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2011/07/microsoft-offers-250k-bounty-for-rustock-author/">offered a still-unclaimed $250,000 reward</a> for information leading to the arrest and conviction of the Rustock author.<br> Severa ran several affiliate programs that paid cybercriminals to trick people into installing fake antivirus software. In 2011, <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2011/07/spam-fake-av-like-ham-eggs/">KrebsOnSecurity dissected “SevAntivir”</a> — Severa’s eponymous fake antivirus affiliate program  — showing it was used to deploy new copies of the Kelihos spam botnet.<br> A screenshot of the “SevAntivir” fake antivirus or “scareware” affiliate program run by Severa.<br> In 2010, Microsoft — in tandem with a number of security researchers — launched a <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2010/02/microsoft-ambushes-waledac-botnet-shutters-whistleblower-site/">combined technical and legal sneak attack</a> on the Waledac botnet, successfully dismantling it. The company would later do the same <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2012/03/researchers-clobber-khelios-spam-botnet/">to the Kelihos botnet</a> , a global spam machine which shared a great deal of code with Waledac and infected more than 110,000 Microsoft Windows PCs.<br> Levashov was <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2017/04/alleged-spam-king-pyotr-levashov-arrested/">arrested in 2017</a> while in Barcelona, Spain with his family. According to <a rel="noreferrer" target="_blank" href="https://www.wired.com/2017/04/fbi-took-russias-spam-king-massive-botnet/">a lengthy April 2017 story in Wired.com</a> , he got caught because he <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/05/the-wages-of-password-re-use-your-money-or-your-life/">violated a basic security no-no</a> : He used the same log-in credentials to both run his criminal enterprise and log into sites like iTunes .<br> In fighting his extradition to the United States, Levashov famously told the media, “If I go to the U.S., I will die in a year.” But a few months after his extradition, Levashov would plead guilty to four felony counts, including intentional damage to protected computers, conspiracy, wire fraud and aggravated identity theft.<br> At his sentencing hearing today, Levashov thanked his wife, attorney and the large number of people who wrote the court in support of his character, but otherwise declined to make a statement. His attorney read a lengthy statement explaining that Levashov got into spamming as a way to provide for his family, and that over a period of many years that business saw him supporting countless cybercrime operations. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/spam-kingpin-peter-levashov-gets-time-served/#more-56098">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210720-202302/ Tue, 20 Jul 2021 20:23:02 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210720-202302/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132951_the-warlord-is-a-wild-250-000-ram-1500-trx-6x6-ready-for-the-apocalypse">The Warlord is a wild $250,000 Ram 1500 TRX 6x6 ready for the apocalypse</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210720-202134/ Tue, 20 Jul 2021 20:21:34 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210720-202134/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/20/technology/apple-return-to-office-delay.html">Apple delays its return to office as the Delta variant surges. Employees are now expected to come back to the workplace as early as October, a month later than planned. By Jack Nicas and Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210720-201911/ Tue, 20 Jul 2021 20:19:10 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210720-201911/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-cyber-nso-france/frances-macron-targeted-in-project-pegasus-spyware-case-le-monde-idUSKBN2EQ0T9">France's Macron targeted in project Pegasus spyware case - Le Monde</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-britain-politics-cummings/we-discussed-ousting-johnson-ex-adviser-to-uk-prime-minister-says-idUSKBN2EQ20Y">We discussed ousting Johnson, ex-adviser to UK prime minister says</a><br> https://www.whatsupup.com/blog/sited/implore/20210720-201853/ Tue, 20 Jul 2021 20:18:53 +0000 https://www.whatsupup.com/blog/sited/implore/20210720-201853/ Cecilia Kang covers technology and regulation and joined The Times in 2015. She is the co-author, along with Sheera Frankel of The Times, of “An Ugly Truth: Inside Facebook's Battle for Domination.”<br> More<br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210720-201745/ Tue, 20 Jul 2021 20:17:44 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210720-201745/ <p><a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2021/07/20/a-case-against-security-nihilism/">A case against security nihilism</a><br></p> <hr> This week a group of global newspapers is running a series of <a rel="noreferrer" target="_blank" href="https://www.washingtonpost.com/technology/2021/07/19/apple-iphone-nso/">articles</a> <a rel="noreferrer" target="_blank" href="https://www.theguardian.com/world/2021/jul/20/pegasus-project-turns-spotlight-on-spyware-firm-nso-ties-to-israeli-state">detailing</a> <a rel="noreferrer" target="_blank" href="https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus">abuses</a> of NSO Group’s Pegasus spyware. If you haven’t seen any of these articles, they’re worth reading — and likely will continue to be so as more revelations leak out. The impetus for the stories is a leak comprising more than 50,000 phone numbers that are allegedly the targets of NSO’s advanced iPhone/Android malware.<br> Notably, these targets include journalists and members of various nations’ political opposition parties — in other words, precisely the people who every thinking person worried would be the target of the mass-exploitation software that NSO sells. And indeed, that should be the biggest lesson of these stories: the <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-facebook-cyber-whatsapp-nso-group/nso-owner-tells-amnesty-it-will-prevent-abuse-of-spyware-linked-to-whatsapp-breach-idUSKCN1SL26N">bad thing</a> everyone said would happen now has.<br> This is a technical blog, so I won’t advocate for, say, sanctioning NSO Group or <a rel="noreferrer" target="_blank" href="https://www.prnewswire.com/il/news-releases/nso-group-announces-new-human-rights-policy-and-governance-framework-300914924.html">demanding answers from the</a> <a rel="noreferrer" target="_blank" href="https://www.forbes.com/sites/thomasbrewster/2019/10/23/its-a-sad-day-for-human-rights--washington-post-slammed-for-its-latest-columnist-hire/">luminaries</a> on NSO’s “governance and compliance” committee. Instead I want to talk a bit about some of the technical lessons we’ve learned from these leaks — and even more at a high level, precisely what’s wrong with shrugging these attacks away.<br> We should all want perfect security!<br> Don’t feel bad, targeted attacks are super hard!<br> A perverse reaction I’ve seen from some <a rel="noreferrer" target="_blank" href="https://twitter.com/0xcharlie/status/1417482008373104654">security experts</a> is to shrug and say “there’s no such thing as perfect security”. More concretely, some folks argue, this kind of well-resourced targeted attack is fundamentally impossible to prevent — no matter how much effort companies like Apple put into stopping it.<br> And at the extremes, this argument is not wrong. NSO isn’t some script-kiddy toy. Deploying it costs hundreds of thousands of dollars, and fighting attackers with that level of resources is always difficult. Plus, the argument goes, even if we raise the bar for NSO then someone with even more resources will find their way into the gap — perhaps charging an even more absurd price. So let’s stop crapping on Apple, a company that works hard to improve the baseline security of their products, just because they’re failing to solve an impossible problem.<br> Still that doesn’t mean today’s version of those products are doing everything they could be to stop attacks. There is certainly more that corporations like Apple and Google could be doing to protect their users. However, the only way we’re going to get those changes is if we demand them.<br> Not all vectors are created equal<br> Because spyware is hard to capture, we don’t know precisely how Pegasus works. The forensic details we do have come from an extensive investigation conducted by <a rel="noreferrer" target="_blank" href="https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/">Amnesty International’s technology group</a> . They describe a sophisticated infection process that proved capable of infecting a fully-patched iPhone 12 running the latest version of Apple’s iOS (14.6).<br> Many attacks used “network injection” to redirect the victim to a malicious website. That technique requires some control of the local network, which makes it hard to deploy to remote users in other countries. A more worrying set of attacks appear to use Apple’s iMessage to perform “0-click” exploitation of iOS devices. Using this vector, NSO simply “throws” a targeted exploit payload at some Apple ID such as your phone number, and then sits back and waits for your zombie phone to contact its infrastructure.<br> This is really bad. While cynics are probably correct (for now) that we probably can’t shut down every avenue for compromise, there’s good reason to believe we can close down a vector for 0-interaction compromise. And we should try to do that.<br> What can we do to make NSO’s life harder?<br> What we know that these attacks take advantage of fundamental <a rel="noreferrer" target="_blank" href="https://www.washingtonpost.com/technology/2021/07/19/apple-iphone-nso/">weaknesses in Apple iMessage</a> : most critically, the fact that iMessage will gleefully parse all sorts of complex data received from random strangers, and will do that parsing using crappy libraries written in memory unsafe languages. These issues are hard to fix, since iMessage can accept so many data formats and has been allowed to sprout so much complexity over the past few years.<br> There is good evidence that Apple realizes the bind they’re in, since they tried to fix iMessage by barricading it behind a specialized “firewall” called <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html">BlastDoor</a> . But firewalls haven’t been particularly successful at preventing targeted network attacks, and there’s no reason to think that BlastDoor will do much better. (Indeed, we know it’s probably not doing its job now.)<br> Adding a firewall is the cheap solution to the problem, and this is probably why Apple chose this as their first line of defense. But actually closing this security hole is going to require a lot more. Apple will have to re-write most of the iMessage codebase in some memory-safe language, along with many system libraries that handle data parsing. They’ll also need to widely deploy ARM mitigations like PAC and <a rel="noreferrer" target="_blank" href="https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/enhancing-memory-safety">MTE</a> in order to make exploitation harder. All of this work has costs and (more importantly) risks associated with it — since activating these features can break all sorts of things, and people with a billion devices can’t afford to have .001% of them crashing every day.<br> An entirely separate area is surveillance and detection: Apple already performs some remote telemetry to detect processes doing weird things. This kind of telemetry could be expanded as much as possible while not destroying user privacy. While this wouldn’t necessarily stop NSO, it would make the cost of throwing these exploits quite a bit higher — and make them think twice before pushing them out to every random authoritarian government.<br> It’s the scale, stupid<br> Critics are correct that fixing these issues won’t stop exploits. The problem that companies like Apple need to solve is not preventing exploits forever, but a much simpler one: they need to screw up the economics of NSO-style mass exploitation.<br> Targeted exploits have been around forever. What makes NSO special is not that they have some exploits. Rather: NSO’s genius is that they’ve done something that attackers were never incentivized to do in this past: democratize access to exploit technology. In other words, they’ve done precisely what every “smart” tech business is supposed to do: take something difficult and very expensive, and make it more accessible by applying the magic of scale. NSO is basically the SpaceX of surveillance.<br> But this scalability is not inevitable.<br> NSO can afford to maintain a 50,000 number target list because the exploits they use hit a particular “sweet spot” where the risk of losing an exploit chain — combined with the cost of developing new ones — is low enough that they can deploy them at scale. That’s why they’re willing to hand out exploitation to every idiot dictator — because right now they think they can keep the business going even if Amnesty International or CitizenLab occasionally catches them targeting some human rights lawyer.<br> But companies like Apple and Google can raise both the cost and risk of exploitation — not just everywhere, but at least on specific channels like iMessage. This could make NSO’s scaling model much harder to maintain. A world where only a handful of very rich governments can launch exploits (under very careful vetting and controlled circumstances) isn’t a great world, but it’s better than a world where any tin-pot authoritarian can cut a check to NSO and surveil their political opposition or some random journalist.<br> So how do we get to that world?<br> In a perfect world, US and European governments would wake up and realize that arming authoritarianism is really is bad for democracy — and that whatever trivial benefit they get from NSO is vastly outweighed by the very real damage this technology is doing to journalism and democratic governance worldwide.<br> But I’m not holding my breath for that to happen.<br> In the world I inhabit, I’m hoping that <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Ivan_Krsti%C4%87">Ivan Krstić</a> wakes up tomorrow and tells his bosses he wants to put NSO out of business. And I’m hoping that his bosses say “great: here’s a blank check.” Maybe they’ll succeed and maybe they’ll fail, but I’ll bet they can at least make NSO’s life interesting.<br> But Apple isn’t going to do any of this if they don’t think they have to, and they won’t think they have to if people aren’t calling for their heads. The only people who can fix Apple devices are Apple (very much by their own design) and that means Apple has to feel responsible each time an innocent victim gets pwned while using an Apple device. If we simply pat Apple on the head and say “gosh, targeted attacks are hard, it’s not your fault” then this is exactly the level of security we should expect to get — and we’ll deserve it.<br> By <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/author/matthewdgreen/">Matthew Green</a> in <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/category/apple/">Apple</a> , <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/category/attacks/">attacks</a> , <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/category/backdoors/">backdoors</a> , <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/category/malware/">malware</a> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2021/07/20/a-case-against-security-nihilism/">July 20, 2021 July 20, 2021</a> 1,417 Words <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2021/07/20/a-case-against-security-nihilism/#respond">Leave a comment</a><br> <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2021/07/20/a-case-against-security-nihilism/">A case against security nihilism</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210720-201633/ Tue, 20 Jul 2021 20:16:32 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210720-201633/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/07/protecting-more-with-site-isolation.html">Protecting more with Site Isolation</a><br></p> <hr> Posted by Charlie Reis​ and Alex Moshchuk, Chrome Security Team<br> Chrome's Site Isolation is an essential security defense that makes it harder for malicious web sites to steal data from other web sites. On Windows, Mac, Linux, and Chrome OS, Site Isolation <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2018/07/mitigating-spectre-with-site-isolation.html">protects all web sites</a> from each other, and also ensures they <a rel="noreferrer" target="_blank" href="https://blog.chromium.org/2017/05/improving-extension-security-with-out.html">do not share processes with extensions</a> , which are more highly privileged than web sites. As of Chrome 92, we will start extending this capability so that extensions can no longer share processes with each other. This provides an extra line of defense against malicious extensions, without removing any existing extension capabilities.<br> Meanwhile, Site Isolation on Android currently focuses on <a rel="noreferrer" target="_blank" href="https://blog.chromium.org/2019/10/recent-site-isolation-improvements.html">protecting only high-value sites</a> , to keep performance overheads low. Today, we are announcing two Site Isolation improvements that will protect more sites for our Android users. Starting in Chrome 92, Site Isolation will apply to sites where users log in via third-party providers, as well as sites that carry Cross-Origin-Opener-Policy headers.<br> Our ongoing goal with Site Isolation for Android is to offer additional layers of security without adversely affecting the user experience for resource-constrained devices. Site Isolation for all sites continues to be too costly for most Android devices, so our strategy is to improve heuristics for prioritizing sites that benefit most from added protection. So far, Chrome has been isolating sites where users log in by entering a password. However, many sites allow users to authenticate on a third-party site (for example, sites that offer "Sign in with Google"), possibly without the user ever typing in a password. This is most commonly accomplished with the industry-standard <a rel="noreferrer" target="_blank" href="https://oauth.net/2/">OAuth protocol</a> . Starting in Chrome 92, Site Isolation will recognize common OAuth interactions and protect sites relying on OAuth-based login, so that user data is safe however a user chooses to authenticate.<br> Additionally, Chrome will now trigger Site Isolation based on the new <a rel="noreferrer" target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy">Cross-Origin-Opener-Policy</a> (COOP) response header. Supported since Chrome 83, this header allows operators of security-conscious websites to <a rel="noreferrer" target="_blank" href="https://html.spec.whatwg.org/dev/origin.html#cross-origin-opener-policies">request a new browsing context group</a> for certain HTML documents. This allows the document to better isolate itself from untrustworthy origins, by preventing attackers from referencing or manipulating the site's top-level window. It’s also one of the headers required to use <a rel="noreferrer" target="_blank" href="https://web.dev/coop-coep/">powerful APIs</a> such as SharedArrayBuffers. Starting in Chrome 92, Site Isolation will treat non-default values of the COOP header on any document as a signal that the document's underlying site may have sensitive data and will start isolating such sites. Thus, site operators who wish to ensure their sites are protected by Site Isolation on Android can do so by serving COOP headers on their sites.<br> As before, Chrome stores newly isolated sites locally on the device and clears the list whenever users clear their browsing history or other site data. Additionally, Chrome places certain restrictions on sites isolated by COOP to keep the list focused on recently-used sites, prevent it from growing overly large, and protect it from misuse (e.g., by requiring user interaction on COOP sites before adding them to the list). We continue to require a minimum RAM threshold (currently 2GB) for these new Site Isolation modes. With these considerations in place, our data suggests that the new Site Isolation improvements do not noticeably impact Chrome's overall memory usage or performance, while protecting many additional sites with sensitive user data.<br> Given these improvements in Site Isolation on Android, we have also decided to disable <a rel="noreferrer" target="_blank" href="https://v8.dev/blog/spectre">V8 runtime mitigations</a> for Spectre on Android. These mitigations are less effective than Site Isolation and impose a performance cost. Disabling them brings Android on par with desktop platforms, where they have been turned off since Chrome 70. We advise that <a rel="noreferrer" target="_blank" href="https://blog.chromium.org/2021/03/mitigating-side-channel-attacks.html">sites wanting to protect data from Spectre should consider serving COOP headers</a> , which will in turn trigger Site Isolation.<br> Users who desire the most complete protection for their Android devices may manually opt in to full Site Isolation via chrome://flags/#enable-site-per-process, which will isolate all websites but carry higher memory cost.<br> <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/07/advancing-inclusive-diverse-security.html">Advancing an inclusive, diverse security industry</a><br> <hr> Posted by Sarah Morales, Community Outreach Manager, Security It’s no secret that lack of diversity in corporate America is a well-documented problem and improvements have been slow. To help improve female representation in the cybersecurity industry, Google teamed up with ... <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/07/advancing-inclusive-diverse-security.html">Read More</a><br> Posted by Sarah Morales, Community Outreach Manager, Security It’s no secret that lack of diversity in corporate America is a well-documented problem and improvements have been slow. To help improve female representation in the cybersecurity industry, Google teamed up with <a rel="noreferrer" target="_blank" href="https://www.wicys.org/">Women in Cybersecurity (WiCyS)</a> and <a rel="noreferrer" target="_blank" href="https://www.sans.org/">SANS Institute</a> a year ago to establish the <a rel="noreferrer" target="_blank" href="https://www.wicys.org/benefits/security-training-scholarship/">Security Training Scholarship Program</a> . The multi-stage security training program set participants on a path to launch and advance their careers in cybersecurity through skills development, introducing them to fundamental cybersecurity concepts with interactive challenges like Capture the Flag (CTF) and the SANS CyberStart Game, which introduces topics such as Linux, web attacks, programming, forensics, and more. Mentors and peers guide the participants through each stage of the program and top qualifiers then graduate and receive access to the SANS foundational security training courses, which readies and prepares these women for their first roles in the security industry. The goal is to get them employed in cybersecurity within the next 1.5 years and to create a powerful network of women in the field – in essence, drawing more women to the industry and helping to close the talent gap. As the inaugural program comes to an end, we are proud to report that its overall impact includes:<br> 112 people received training-based scholarship<br> 15 Full Scholarship Recipients received the full course training, which includes:<br> CyberStart Game and SANS BootUp CTF<br> SANS SEC275 Foundations & Exam<br> SANS 401 Security Essentials Bootcamp and GSEC<br> Elective - SANS SEC504/GCIH, SEC488/GCLD, SEC560/GPEN, or SEC548/GWAPT<br> 24 certifications earned to date with 100% pass rate, with average score on GSEC 90%<br> Since 2013, only 2 people have scored 99% on GIAC Certified Incident Handler (GCIH) one is a WiCyS Scholarship Recipient<br> 1/3 of students were employed in direct information security roles before the program ended<br> 100% of Full Scholarship Recipients intend to have long term careers in information security (15+ years)<br> Participants praise the program’s strong networking component where they can support one another, share best practices, ask questions from SANS security experts and receive industry insight from members across Google’s security team. As Lynn Dohm, executive director of WiCyS, told us, “You cannot put a price tag on the power of community, and last year’s WiCyS Security Training Program proved just that.” Here at Google, we are inspired by the dedication and passion the scholarship recipients have shown throughout the program and are eager to see what they accomplish throughout their careers. Elizabeth Beattie, who was part of the inaugural program told us, “I learned that, as part of my scholarship program with WiCyS, SANS Institute and Google, I’ve been awarded a scholarship to attend the WiCyS 2021 conference in September. In fact, I’ve volunteered to co-author a panel there with some of my amazing fellow recipients. And the crowning achievement? Tonight, I passed my first GIAC certification (GSEC)!” Despite these great results, we know there is still a lot of work to be done to help educate and develop a more inclusive information security workforce. So this year we are expanding the Security Trainings Scholarship Program to help us reach even more women and generate a steady stream of talent in the field of information security. This expansion would not have been possible without the added support of Facebook and Bloomberg, who have come on board this year to boost this important program. “We are thrilled to scale the program this year, powered by scholarships from Google, Bloomberg, and Facebook,” said Dohm. “Now, more WiCyS members will be able to dive deep and change the trajectory of their career in less than a year, all within a cohort setting with extensive support and resources provided by mentors and colleagues. That’s what empowerment looks like, and we are thrilled that these three incredible strategic partners of WiCyS can make this happen for not only the WiCyS community, but also for the sake of the cybersecurity workforce at large.” The next round of scholarships is open through August 2, 2021. To learn more and apply, please visit the <a rel="noreferrer" target="_blank" href="https://www.wicys.org/benefits/security-training-scholarship/">WiCyS application page</a> . We can’t wait to meet the next cohort of recipients.<br> https://www.whatsupup.com/blog/ideo/fleury/20210720-200719/ Tue, 20 Jul 2021 20:07:18 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210720-200719/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/dont-wanna-pay-ransom-gangs-test-your-backups/">Don’t Wanna Pay Ransom Gangs? Test Your Backups.</a><br></p> <hr> Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.<br> This story isn’t about what organizations do in response to <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2020/11/why-paying-to-delete-stolen-data-is-bonkers/">cybercriminals holding their data for hostage</a> , which has become something of a best practice among most of the top ransomware crime groups today. Rather, it’s about why victims still pay for a key needed to decrypt their systems even when they have the means to restore everything from backups on their own.<br> Experts say the biggest reason ransomware targets and/or their insurance providers still pay when they already have reliable backups is that nobody at the victim organization bothered to test in advance how long this data restoration process might take.<br> “In a lot of cases, companies do have backups, but they never actually tried to restore their network from backups before, so they have no idea how long it’s going to take,” said Fabian Wosar , chief technology officer at <a rel="noreferrer" target="_blank" href="https://www.emsisoft.com">Emsisoft</a> . “Suddenly the victim notices they have a couple of petabytes of data to restore over the Internet, and they realize that even with their fast connections it’s going to take three months to download all these backup files. A lot of IT teams never actually make even a back-of-the-napkin calculation of how long it would take them to restore from a data rate perspective.”<br> Wosar said the next most-common scenario involves victims that have off-site, encrypted backups of their data but discover that the digital key needed to decrypt their backups was stored on the same local file-sharing network that got encrypted by the ransomware.<br> The third most-common impediment to victim organizations being able to rely on their backups is that the ransomware purveyors manage to corrupt the backups as well.<br> “That is still somewhat rare,” Wosar said. “It does happen but it’s more the exception than the rule. Unfortunately, it is still quite common to end up having backups in some form and one of these three reasons prevents them from being useful.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/dont-wanna-pay-ransom-gangs-test-your-backups/#more-55992">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210720-162229/ Tue, 20 Jul 2021 16:22:29 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210720-162229/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132229_rml-short-wheelbase-is-styled-like-a-ferrari-250-gt-but-based-on-a-550-maranello">RML Short Wheelbase is styled like a Ferrari 250 GT but based on a 550 Maranello</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1070214_stretched-2022-land-rover-range-rover-evoque-l-debuts-in-china">Stretched 2022 Land Rover Range Rover Evoque L debuts in China</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132311_first-lewis-hamilton-formula-one-car-up-for-grabs-sells-for-millions-at-auction">First Lewis Hamilton Formula One car up for grabs sells for millions at auction</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132905_the-grand-tour-lochdown-trailer-released-arrives-on-amazon-prime-on-july-30">"The Grand Tour: Lochdown" trailer released, arrives on Amazon Prime on July 30</a><br> https://www.whatsupup.com/blog/gaper/whisky/20210720-161954/ Tue, 20 Jul 2021 16:19:53 +0000 https://www.whatsupup.com/blog/gaper/whisky/20210720-161954/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/07/spring-cleaning-mdn-part-1/">Spring Cleaning MDN: Part 1 →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/07/spring-cleaning-mdn-part-1/">Spring Cleaning MDN: Part 1</a><br> <hr> As we’re all aware by now, we made some big platform changes at the end of 2020. Whilst the big move has happened, it’s given us a great opportunity to clear out the cupboards and closets.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210720-161840/ Tue, 20 Jul 2021 16:18:40 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210720-161840/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-space-exploration-blueorigin/best-day-ever-billionaire-bezos-has-successful-first-space-jaunt-idUSKBN2EQ0EP">'Best day ever': billionaire Bezos has successful first space jaunt</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20210720-161710/ Tue, 20 Jul 2021 16:17:09 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210720-161710/ <p>Journal<br> All<br> Apply filters<br> Clear selection<br> Article type<br> Astronomy and planetary science<br> Business and industry<br> Chemistry<br> Climate sciences<br> Ecology<br> Engineering<br> Environmental sciences<br> Evolution<br> Genetics<br> Health care<br> Immunology<br> Materials science<br> Medical research<br> Microbiology<br> Physics<br> Planetary science<br> Psychology<br> Scientific community<br> Social sciences<br> Solid Earth sciences<br> Date<br> <a rel=“noreferrer” target="_blank" href=“<a href="https://www.nature.com/search?q=">https://www.nature.com/search?q=</a>"Alexandra Witze"">Clear all filters</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="javascript:;">Sort by Date — most recent</a><br> <hr> Working with the United Nations, scientists hope to establish standards for satellite ‘megaconstellations’ and reduce disruption of astronomical observations.<br> Alexandra Witze<br> News 16 Jul 2021<br> Nature<br> Scientists are mapping correlations between race, poverty and heat in cities, and suggesting solutions to reduce the dangers.<br> Volume: 595, P: 349-351<br> Scientists searching for extraterrestrial life should narrow their hunt to stars and planetary systems that have an occasional view of Earth as it passes in front of the Sun.<br> News 23 Jun 2021<br> Investigations at Lund University found the high-ranking pair guilty of bullying, but staff members say stronger action is needed to repair the damage.<br> Videos of the surprising phenomenon could help researchers to better understand natural ‘dust devils’ blowing across the red planet.<br> Volume: 594, P: 484<br> Space agency aims to breathe new life into its Earth-science programme as US President Joe Biden pushes an ambitious climate agenda.<br> News 07 May 2021<br> NASA’s Ingenuity helicopter successfully hovered for 40 seconds in Mars’s thin atmosphere.<br> News 19 Apr 2021<br> US president’s first budget proposal emphasizes applied research and public health, and aims to tackle climate change and racial injustice.<br> Jeff Tollefson<br> Amy Maxmen<br> As the US president announces his advisers and agency heads, Nature’ s guide tracks the appointees who matter most to science.<br> Nidhi Subbaraman<br> News 19 Mar 2021<br> The search for COVID vaccines that can be self-administered, fight new variants and survive the heat. Plus, tear-gland organoids that cry and the winners of the Abel Prize.<br> Flora Graham<br> Mars becomes the first inner planet after Earth to have the size of its core estimated with seismology.<br> No signs of past life have emerged yet, but rocks at the landing site show signs of having been shaped by wind and water.<br> A whirlwind geological journey in which the past meets the present and the future.<br> Books & Arts 16 Mar 2021<br> Despite pandemic disruption, astronomers detected thousands of previously unknown near-Earth asteroids last year.<br> The NASA spacecraft has also snapped more shots of its surroundings and listened to a Martian wind gust.<br> News 22 Feb 2021<br> Having stuck its nail-biting landing, the Perseverance rover will now collect rocks to return to Earth and record Mars sounds for the first time.<br> Fierce competition between nineteenth century astronomers has inspired our fascination with the red planet over the years. Plus: why scientists think the virus that causes COVID-19 is here to stay.<br> Emma Stoye<br> The Perseverance spacecraft, due to land this week, aims to scour Jezero Crater and collect the first rocks from the red planet.<br> The broken promise that undermines human genome research. Plus, China and UAE missions have both successfully reached Mars, and we are flushing away valuable phosphorus.<br> Historian Patricia Fara curates caricatures that provide snapshots of social and political debates around the emergence of modern research.<br> Comments & Opinion 01 Feb 2021<br> New studies knock down a controversial report observing phosphine in the planet’s atmosphere.<br> News 28 Jan 2021<br> US president-elect also elevates the position to the cabinet for the first time.<br> Scientists seek guidance on exploring frozen caches at the lunar poles responsibly.<br> Team detects a huge increase and says it could be due to climate change, but others can’t confirm the findings.<br> News 17 Dec 2020<br> NASA’s InSight mission yields the first data on the internal structure of a planet other than Earth.<br> Mars missions, record-breaking wildfires and a room-temperature superconductor are among this year’s top non-COVID stories.<br> Davide Castelvecchi<br> The coronavirus pandemic shaped the year in research — from vaccines and treatments to campus shutdowns and virtual meetings.<br> Ewen Callaway<br> Heidi Ledford<br> Instrument platform crashed into the telescope’s dish, irrevocably ending the facility’s role in astronomy.<br> New satellite image reveals the damage that shut down the facility, ending an era in astronomical observation.<br> News 19 Nov 2020<br> Debate continues over controversial report of phosphine in the planet’s atmosphere, as researchers reanalyse data and find a fainter signal.<br> A sociologist embedded in the agency shows that what gets discovered depends on how scientists collaborate.<br> Books & Arts 16 Nov 2020<br> The new president has the opportunity to reverse four years of anti-science policies — but he has a hard road ahead as he inherits a nation divided.<br> A graphical guide to the research carried out on the International Space Station — and who did it.<br> Howard Hughes Medical Institute’s six-figure donation is a step towards addressing racial injustice in the sciences.<br> News 29 Oct 2020<br> OSIRIS-REx spacecraft successfully executes a nail-biting manoeuvre to scoop up rock samples from the asteroid Bennu and send them back to Earth.<br> The coronavirus pandemic, climate change and space exploration are among the issues that Biden will influence if he wins the upcoming US election.<br> Heat waves, winds and thin ice contribute to a ‘new normal’ in the north’s climate.<br> News 22 Sept 2020<br> Fires are releasing record levels of carbon dioxide, partly because they are burning ancient peatlands that have been a carbon sink.<br> Most detailed report yet about the impact of giant satellite clusters says damage to observations is unavoidable — and offers mitigation strategies.<br> News 26 Aug 2020<br> One-time head of the US National Science Foundation Rita Colwell speaks out on sexism — and how her experiences as a leader in science can inform pandemic response.<br> Perseverance will stow away rocks for eventual delivery to Earth, and will listen for Martian sounds for the first time.<br> As NASA prepares to launch the first spacecraft that will collect samples from Mars, Nature looks at back at missions that have grabbed extraterrestrial material.<br> A three minute guide to why 2020 is the year of Mars launches.<br> Spain launches the largest test yet of no-strings-attached income — but it’s not truly universal. Plus: how group testing could transform the hunt for coronavirus cases, and PhD students in Australia face financial meltdown.<br> As three nations prepare to send spacecraft to Mars, a planetary scientist offers her personal tour of those who led the way. By Alexandra Witze<br> Books & Arts 09 Jul 2020<br> The United States, China and the United Arab Emirates will soon launch missions to a notoriously dangerous destination for spacecraft.<br> Smriti Mallapaty<br> Elizabeth Gibney<br> Top epidemiologist Jayaprakash Muliyil says we don’t yet know the true scale of the epidemic in India. Plus, CRISPR wreaks chromosomal mayhem in human embryos and why boring is good for two nearby exoplanets.<br> A nearby red dwarf doesn’t emit flares or harmful radiation — so its planets might have atmospheres.<br> Systemic racism, sexual harassment and institutional bias permeate a film about three female scientists, who have survived and thrived.<br> Books & Arts 24 Jun 2020<br> Latest action sows anxiety and confusion across the US scientific workforce.<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210720-160845/ Tue, 20 Jul 2021 16:08:45 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210720-160845/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/saltpay-customer-story/">How SaltPay consolidated 10 back office tasks into one app This is the story of how SaltPay was able to bring together critical user data and support workflows into one Retool app to replace a disjointed and slow customer support process.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210720-122054/ Tue, 20 Jul 2021 12:20:54 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210720-122054/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132892_2020-alfa-romeo-4c-spider-33-tributo-says-goodbye-to-america-in-jay-leno-s-garage">2020 Alfa Romeo 4C Spider 33 Tributo says goodbye to America in Jay Leno's Garage</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210720-121737/ Tue, 20 Jul 2021 12:17:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210720-121737/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-afghanistan-veterans/we-lost-some-u-s-veterans-say-blood-spilled-in-afghanistan-was-wasted-idUSKBN2EQ0YH">'We lost': Some U.S. veterans say blood spilled in Afghanistan was wasted</a><br></p> <hr> Jason Lilley was a special operations forces Marine Raider who fought in multiple battles in Iraq and Afghanistan during America's longest war.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-vaccines-trials/global-quest-underway-to-speed-covid-19-vaccine-trials-idUSKBN2EQ0YP">Global quest underway to speed COVID-19 vaccine trials</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/07/20/wipeout-of-an-olympic-dream-for-japanese?videoId=733155239&videoChannel=118169">Wipeout of an Olympic dream for Japanese surf pioneer</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210720-082041/ Tue, 20 Jul 2021 08:20:41 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210720-082041/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1127047_2024-land-rover-range-rover-sport-spy-shots">2024 Land Rover Range Rover Sport spy shots: Redesign spotted for first time</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210720-081714/ Tue, 20 Jul 2021 08:17:14 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210720-081714/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/clickless-exploits-from-israeli-firm-hacked-activists-fully-updated-iphones/">“Clickless” exploits from Israeli firm hacked activists’ fully updated iPhones</a><br></p> <hr> NSO Group says its spyware targets only criminals and terrorists. Critics disagree.<br> https://www.whatsupup.com/blog/overgrazing/propellent/20210720-081631/ Tue, 20 Jul 2021 08:16:30 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210720-081631/ <a rel="noreferrer" target="_blank" href="javascript:void(0)">11</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/its-never-been-better-to-be-talent/comments">Comment 1</a> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210720-043707/ Tue, 20 Jul 2021 04:37:07 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210720-043707/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132944_preview-2022-porsche-macan-adds-power-tweaks-looks">Preview: 2022 Porsche Macan adds power, tweaks looks</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210720-043534/ Tue, 20 Jul 2021 04:35:33 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210720-043534/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2014/08/04/maniac-week/">Maniac week</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210720-043146/ Tue, 20 Jul 2021 04:31:45 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210720-043146/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-regulation-data/analysis-beyond-security-crackdown-beijing-charts-state-controlled-data-market-idUSKBN2EQ0AR">Analysis: Beyond security crackdown, Beijing charts state-controlled data market</a><br></p> <hr> China's sweeping regulatory action against internet giants such as ride-hailing firm Didi Global Inc, which has sent chills through the industry, is part of a broader national project to create a domestic marketplace for the country's vast troves of big data.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election-fujimori/peru-socialist-castillo-confirmed-president-after-lengthy-battle-over-results-idUSKBN2EP28L">Peru socialist Castillo confirmed president after lengthy battle over results</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-cuba-exclusive/exclusive-u-s-expected-to-take-initial-steps-soon-in-aftermath-of-cuba-protests-officials-idUSKBN2EP29V">Exclusive-U.S. expected to take initial steps soon in aftermath of Cuba protests -officials</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210720-000915/ Tue, 20 Jul 2021 00:09:15 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210720-000915/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/build-document-workflow-automation-with-revv-retool/">Build simple and effective document workflow automation with Revv & Retool Drafting, reviewing, tracking, signing, and storing business documents is essential—and can be painful, especially if you are still in the pen and paper era. Revv, a complete document management system, specializes in</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210719-202024/ Mon, 19 Jul 2021 20:20:24 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210719-202024/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132936_vw-passat-reaches-end-of-the-road-in-us-after-2022">VW Passat reaches end of the road in US after 2022</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132895_your-ecu-tune-may-soon-hold-you-up-in-california-s-smog-test">Your ECU tune may soon hold you up in California's smog test</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210719-201655/ Mon, 19 Jul 2021 20:16:55 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210719-201655/ U.S. stocks end sharply lower as investors fear a spike in COVID-19 cases could derail the economic recovery<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president-joseph/haiti-interim-prime-minister-joseph-set-to-step-down-this-week-idUSKBN2EP1FF">Haiti interim prime minister Joseph set to step down this week</a><br> https://www.whatsupup.com/blog/sited/implore/20210719-201629/ Mon, 19 Jul 2021 20:16:29 +0000 https://www.whatsupup.com/blog/sited/implore/20210719-201629/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/19/world/biden-facebook-misinformation.html">‘Facebook isn’t killing people’: Biden softens his attack over vaccine misinformation. The president said that he wished that Facebook would “do something” about false information about Covid vaccines. By Daniel E. Slotnik and Cecilia Kang</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210719-162044/ Mon, 19 Jul 2021 16:20:43 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210719-162044/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1115876_2023-bmw-x8-spy-shots-and-video">2023 BMW X8 spy shots and video: Flagship crossover in the works</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1128999_rivian-r1t-pickup-deliveries-delayed-to-sept-2021-r1s-suv-to-follow">Rivian R1T pickup deliveries delayed to Sept. 2021, R1S SUV to follow</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210719-161728/ Mon, 19 Jul 2021 16:17:27 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210719-161728/ <p>US, allies to accuse China of global cyber hacking campaign <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKBN2EP0YR">VIEW MORE</a><br> LONDON (Reuters) -Prime Minister Boris Johnson's 'freedom day' ending over a year of COVID-19 lockdown restrictions in England was marred on Monday by surging infections, warnings of supermarket shortages and his own forced self-isolation.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-britain-eu-exclusive/exclusive-uk-to-warn-eu-it-may-deviate-from-brexit-deal-on-n-ireland-sources-idUSKBN2EP110">Exclusive-UK to warn EU it may deviate from Brexit deal on N.Ireland -sources</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president-joseph/haitis-interim-prime-minister-joseph-says-he-will-step-down-idUSKBN2EP1FF">Haiti's interim prime minister Joseph says he will step down</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210719-082014/ Mon, 19 Jul 2021 08:20:14 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210719-082014/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132640_2022-audi-rs-3-price-specs-review-photos-info">Preview: 2022 Audi RS 3 ramps up the turbo-5 power and track capability</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210719-081710/ Mon, 19 Jul 2021 08:17:10 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210719-081710/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-japan-southkorea-summit/japan-s-korea-leaders-summit-in-limbo-amid-uproar-over-sexual-innuendo-idUSKBN2EO0NM">Japan, S.Korea leaders summit in limbo amid uproar over sexual innuendo</a><br></p> <hr> TOKYO/SEOUL (Reuters) -Plans to hold the first in-person summit between the leaders of Japan and South Korea have hit a snag over a disparaging comment by a Japanese diplomat about the South Korean president, the latest flare-up between the fractious neighbours.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-britain/englands-freedom-day-marred-by-soaring-cases-and-isolation-chaos-idUSKBN2EO0LE">England's 'freedom day' marred by soaring cases and isolation chaos</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210719-041853/ Mon, 19 Jul 2021 04:18:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210719-041853/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-cyber-nso/israeli-firms-spyware-used-to-target-journalists-cell-phones-reports-idUSKBN2EP042">Israeli firm's spyware used to target journalists' cell phones - reports</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210719-041714/ Mon, 19 Jul 2021 04:17:13 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210719-041714/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2011/12/15/whats-deal-with-rc4/">What's the deal with RC4?</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210719-001925/ Mon, 19 Jul 2021 00:19:25 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210719-001925/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-britain/pm-johnson-pleads-for-caution-as-freedom-day-arrives-in-england-idUSKBN2EO0LE">PM Johnson pleads for caution as 'Freedom Day' arrives in England</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210718-161900/ Sun, 18 Jul 2021 16:18:59 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210718-161900/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-europe-weather-germany/its-terrifying-merkel-shaken-as-flood-deaths-rise-to-188-in-europe-idUSKBN2EO04T">'It's terrifying': Merkel shaken as flood deaths rise to 188 in Europe</a><br></p> <hr> BERCHTESGADEN/BISCHOFSWIESEN, Germany (Reuters) -German Chancellor Angela Merkel described the flooding that has devastated parts of Europe as "terrifying" on Sunday after the death toll across the region rose to 188 and a district of Bavaria was battered by the extreme weather.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-saudi-haj/immunised-pilgrims-gather-for-haj-as-covid-restrictions-limit-numbers-idUSKBN2EO0CA">Immunised pilgrims gather for haj as COVID restrictions limit numbers</a><br> https://www.whatsupup.com/blog/sited/implore/20210718-161819/ Sun, 18 Jul 2021 16:18:19 +0000 https://www.whatsupup.com/blog/sited/implore/20210718-161819/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/07/18/world/covid-variant-vaccine-updates/facebook-and-the-biden-administration-trade-punches-over-vaccine-misinformation">Facebook and the Biden administration trade punches over vaccine misinformation. This was featured in live coverage. By Cecilia Kang</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/17/technology/facebook-vaccine-misinformation.html">Facebook Tells Biden: ‘Facebook Is Not the Reason’ Vaccination Goal Was Missed The social network and the Biden administration have engaged in an increasingly rancorous war of words over the issue of vaccine misinformation. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210718-121825/ Sun, 18 Jul 2021 12:18:25 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210718-121825/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-europe-weather-germany/flash-floods-batter-bavaria-as-european-death-toll-rises-to-184-idUSKBN2EO04T">Flash floods batter Bavaria as European death toll rises to 184</a><br></p> <hr> BERCHTESGADEN/BISCHOFSWIESEN, Germany (Reuters) -Flash floods hit southern Germany on Sunday, killing at least one person, turning roads into rivers and adding to the flooding devastation that has claimed the lives of more than 180 people across Europe in recent days.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-britain/uk-pm-johnson-reverses-plan-to-skip-quarantine-after-covid-exposure-idUSKBN2EO059">UK PM Johnson reverses plan to skip quarantine after COVID exposure</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-palestinians-religion-eid/after-war-with-israel-a-grieving-gaza-marks-eid-al-adha-holiday-idUSKBN2EO07M">After war with Israel, a grieving Gaza marks Eid Al-Adha holiday</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210718-121110/ Sun, 18 Jul 2021 12:11:10 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210718-121110/ Brendan's site:<br> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/overview.html">Start Here</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/index.html">Homepage</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/index.html">Blog</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/systems-performance-2nd-edition-book.html">Sys Perf book</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/bpf-performance-tools-book.html">BPF Perf book</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/linuxperf.html">Linux Perf</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/ebpf.html">eBPF Tools</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/perf.html">perf Examples</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/methodology.html">Perf Methods</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/usemethod.html">USE Method</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/tsamethod.html">TSA Method</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/offcpuanalysis.html">Off-CPU Analysis</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/activebenchmarking.html">Active Bench.</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/wss.html">WSS Estimation</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/flamegraphs.html">Flame Graphs</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/heatmaps.html">Heat Maps</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/frequencytrails.html">Frequency Trails</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/colonygraphs.html">Colony Graphs</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/dtrace.html">DTrace Tools</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/dtracetoolkit.html">DTraceToolkit</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/dtkshdemos.html">DtkshDemos</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/guessinggame.html">Guessing Game</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/specials.html">Specials</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/books.html">Books</a> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/sites.html">Other Sites</a><br> Slides for my eBPF summit keynote <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/performance-wins-with-bpf-getting-started">Performance Wins with BPF: Getting Started</a> , where I showed how to get started the easy way, as I kept seeing people start the hard way waste their own time ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/performance-wins-with-bpf-getting-started">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/eBPF2020_performance_getting_started.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=wyfhjr_ufag">youtube</a> ) (2020).<br> Slides for my YOW2020 talk <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/yow2020-linux-systems-performance">Linux Systems Performance</a> , delivered online ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/yow2020-linux-systems-performance">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/YOW2020_Linux_Systems_Performance.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=_Lf-h5TDTN0">youtube</a> ) (2020).<br> Slides for my USENIX LISA 2019 talk on <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/lisa2019-linux-systems-performance">Linux Systems Performance</a> , covering observability, methodologies, benchmarking, profiling, tracing, and tuning. It's intended for everyone as a tour of fundamentals, and some companies have indicated they will use it for new hire training. ( <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/lisa2019-linux-systems-performance">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/LISA2019_Linux_Systems_Performance.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=fhBHvsi0Ql0">youtube</a> ).<br> I wrote the original <a rel="noreferrer" target="_blank" href="https://docs.oracle.com/cd/E22471_01/pdf/820-4167.pdf">Sun ZFS Storage 7000 admin guide</a> and online help, and while doing so created the most advanced content system within Sun Microsystems: A content wiki that could auto-generate Sun-styled PDFs and other formats, allowing versions to be built in seconds instead of the usual 2-week process. This 2010 version has many updates from other staff (I've yet to find my original 2008 PDF) (2008).<br> The companion book to Solaris Internals 2nd Edition: <a rel="noreferrer" target="_blank" href="http://www.amazon.com/gp/product/0131568191/ref=as_li_ss_tl?ie=UTF8&tag=deirdrestraug-20&linkCode=as2&camp=217145&creative=399369&creativeASIN=0131568191">Solaris Performance and Tools</a> , with Richard McDougall and Jim Mauro (Prentice Hall, 2006; ISBN 0131568191). These chapters began during development of Solaris Internals 2nd Edition, and were later split into a separate companion volume. It worked well: a reference book on internals, and a companion book for practitioners on performance. 444 pages.<br> A 233-slide deck for a <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/dtrace_workshop01_slides.pdf">DTrace workshop</a> that I developed and delivered in London, that summarized Solaris performance and DTrace analysis. As part of this workshop I created performance labs for the students to solve (not included in the slides). (2006)<br> My <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/zones.html">Solaris 10 Zones</a> page from 2005, where I developed models for configuring Zones (containers) with Resource Controls. This was pioneering work for the performance isolation of containers (nowadays the realm of Linux cgroups). Sun later based their official docs on my work, without attribution! (Their excuse was that company policy forbid them from listing a non-Sun source as a reference.)<br> My USENIX LISA2021 online plenary video on <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=5nN1wjA_S30">Computing Performance: On the Horizon</a> , covering the present and future of performance. ( <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=5nN1wjA_S30">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-07-05/computing-performance-on-the-horizon.html">blog</a> ) (41 mins) (2021).<br> My USENIX LISA2021 online talk video on <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=_5Z2AU7QTH4">BPF Internals (eBPF)</a> showing high-level to machine code ( <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=_5Z2AU7QTH4">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-06-15/bpf-internals.html">blog</a> ) (39 mins) (2021).<br> My eBPF summit online keynote video on <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=wyfhjr_ufag">Performance Wins with BPF: Getting Started</a> . This was seven months into a California lockdown and, like many, I needed a haircut ( <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=wyfhjr_ufag">youtube</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/performance-wins-with-bpf-getting-started">slideshare</a> ) (19 mins).<br> My YOW2020 online talk video for <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=_Lf-h5TDTN0">Linux Systems Performance</a> , my first online conference talk ( <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=_Lf-h5TDTN0">youtube</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/yow2020-linux-systems-performance">slideshare</a> ) (46 mins) (2020).<br> My AWS re:Invent 2019 talk video <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=16slh29iN1g">BPF Performance Analysis at Netflix</a> includes my BPF theremin demo ( <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=16slh29iN1g">youtube</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/reinvent-2019-bpf-performance-analysis-at-netflix">slideshare</a> ) (57 mins).<br> My USENIX LISA 2019 talk on <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=fhBHvsi0Ql0">Linux Systems Performance</a> , covering observability, methodologies, benchmarking, profiling, tracing, and tuning. Some companies have indicated they will use this video it for new hire training. ( <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=fhBHvsi0Ql0">youtube</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/lisa2019-linux-systems-performance">slideshare</a> ) (40 mins).<br> <a rel="noreferrer" target="_blank" href="https://github.com/iovisor/bcc#tools">bcc tools</a> (github), BPF compiler collection, for which I'm a major contributor, especially for performance tools.<br> <a rel="noreferrer" target="_blank" href="https://github.com/iovisor/bpftrace#tools">bpftrace tools</a> (github) a high-level BPF tracing language, for which I'm a major contributor.<br> Last updated: 18-Jul-2021 Created: 2001 About this site, and email address: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/email.html">here</a> Copyright 2021 Brendan Gregg, all rights reserved<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210718-081913/ Sun, 18 Jul 2021 08:19:12 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210718-081913/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-europe-weather-germany/bavaria-hit-by-floods-as-german-death-toll-climbs-to-156-idUSKBN2EO04T">Bavaria hit by floods as German death toll climbs to 156</a><br></p> <hr> Flash floods hit southern Germany on Sunday, killing at least one person and adding to the devastation after flooding in the country this week that killed more than 150 people.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-nuclear-usa/iran-insists-prisoner-swap-deal-was-agreed-with-u-s-says-ready-to-proceed-today-idUSKBN2EO067">Iran insists prisoner swap deal was agreed with U.S., says ready to proceed 'today'</a><br> https://www.whatsupup.com/blog/sited/implore/20210718-081844/ Sun, 18 Jul 2021 08:18:44 +0000 https://www.whatsupup.com/blog/sited/implore/20210718-081844/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/07/17/world/covid-variant-vaccine-updates/after-criticism-from-biden-facebook-says-it-is-not-the-reason-the-us-missed-its-vaccination-goal">After criticism from Biden, Facebook says it is ‘not the reason’ the U.S. missed its vaccination goal. This was featured in live coverage. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210718-081139/ Sun, 18 Jul 2021 08:11:38 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210718-081139/ Video for my AWS re:Invent 2019 talk <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=16slh29iN1g">BPF Performance Analysis at Netflix</a> , including my BPF theremin demo ( <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=16slh29iN1g">youtube</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/reinvent-2019-bpf-performance-analysis-at-netflix">slideshare</a> ) (57 mins).<br> <a rel="noreferrer" target="_blank" href="http://www.youtube.com/watch?v=tDacjrSCeq4">Shouting in the Datacenter</a> ( <a rel="noreferrer" target="_blank" href="http://www.youtube.com/watch?v=tDacjrSCeq4">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2008-12-31/unusual-disk-latency.html">blog</a> ) was a video that Bryan Cantrill and I made on the spur of the moment on New Year's Eve 2008, which went viral (1M+ views). I've had many emails about it: It has spawned an industry of sound proofing data centers (2 mins). There is also a <a rel="noreferrer" target="_blank" href="http://www.youtube.com/watch?v=lMPozJFC8g0">making of</a> ( <a rel="noreferrer" target="_blank" href="http://www.youtube.com/watch?v=lMPozJFC8g0">youtube</a> ) video (5 mins).<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210718-041851/ Sun, 18 Jul 2021 04:18:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210718-041851/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-europe-weather-germany-victims/germanys-floods-cover-livelihoods-in-sludge-idUSKBN2EN0EJ">Germany's floods cover livelihoods in sludge</a><br></p> <hr> Business owners in a town badly hit by the record flooding in Germany struggled on Saturday to pick up the pieces after their livelihoods - from old books to wine - were swept away or caked in sludge.<br> https://www.whatsupup.com/blog/sited/implore/20210718-041811/ Sun, 18 Jul 2021 04:18:11 +0000 https://www.whatsupup.com/blog/sited/implore/20210718-041811/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/17/technology/facebook-biden-vaccine-misinformation-tensions.html">Facebook Tells Biden: ‘Facebook Is Not the Reason’ Vaccination Goal Was Missed The social network hit back at the president’s criticism of social media for spreading vaccine misinformation. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210717-201803/ Sat, 17 Jul 2021 20:18:03 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210717-201803/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-europe-weather/death-toll-rises-to-170-in-germany-and-belgium-floods-idUSKBN2EN099">Death toll rises to 170 in Germany and Belgium floods</a><br></p> <hr> ERFTSTADT, Germany/WASSENBERG, Germany (Reuters) -The death toll in devastating flooding in western Germany and Belgium rose to at least 170 on Saturday after burst rivers and flash floods this week collapsed houses and ripped up roads and power lines.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-cuba-unrest-government/cuban-government-holds-mass-rally-in-havana-after-protests-idUSKBN2EN0GR">Cuban government holds mass rally in Havana after protests</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210717-161840/ Sat, 17 Jul 2021 16:18:39 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210717-161840/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-europe-weather/death-toll-in-rises-to-157-in-germany-and-belgium-floods-idUSKBN2EN099">Death toll in rises to 157 in Germany and Belgium floods</a><br></p> <hr> ERFTSTADT, Germany/WASSENBERG, Germany (Reuters) -Rescue workers searched flood-ravaged parts of Germany and Belgium for survivors on Saturday after burst rivers and flash floods this week collapsed houses and claimed at least 157 lives.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-paris-protest/french-protests-call-for-freedom-amid-government-vaccine-push-idUSKBN2EN0DU">French protests call for 'freedom' amid government vaccine push</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict/afghan-politicians-taliban-meet-in-doha-as-fighting-continues-idUSKBN2EN0CV">Afghan politicians, Taliban meet in Doha as fighting continues</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210717-161131/ Sat, 17 Jul 2021 16:11:30 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210717-161131/ Brendan Gregg's Homepage<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210717-122229/ Sat, 17 Jul 2021 12:22:29 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210717-122229/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132922_walter-r-hrl-and-the-porsche-924-carrera-gts-rally-reunited-after-40-years">Walter Röhrl and the Porsche 924 Carrera GTS Rally reunited after 40 years</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132876_2022-ford-everest-2022-hyundai-santa-cruz-vw-new-auto-strategy-today-s-car-news">2022 Ford Everest, 2022 Hyundai Santa Cruz, VW New Auto Strategy: Today's Car News</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210717-121852/ Sat, 17 Jul 2021 12:18:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210717-121852/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-europe-weather/german-belgian-flood-deaths-rise-to-157-as-search-continues-idUSKBN2EN099">German, Belgian flood deaths rise to 157 as search continues</a><br></p> <hr> Rescue workers searched flood-ravaged parts of Germany and Belgium for survivors on Saturday after burst rivers and flash floods this week collapsed houses and claimed at least 157 lives.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-sanctions/china-official-in-hong-kong-says-u-s-sanctions-business-advisory-have-despicable-intention-idUSKBN2EN03B">China official in Hong Kong says U.S. sanctions, business advisory have 'despicable intention'</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210717-081807/ Sat, 17 Jul 2021 08:18:06 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210717-081807/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-europe-weather-germany/german-floods-kill-at-least-133-search-for-survivors-continues-idUSKBN2EN05D">German floods kill at least 133, search for survivors continues</a><br></p> <hr> Rescue workers searched flood-ravaged parts of western Germany for survivors on Saturday as water levels remained high in many towns and houses continued to collapse in the country's worst natural disaster in half a century.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210717-041813/ Sat, 17 Jul 2021 04:18:12 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210717-041813/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-mexico-usa-immigration/mexico-regrets-u-s-judges-decision-on-daca-ministry-idUSKBN2EM2FB">Mexico regrets U.S. judge's decision on DACA - ministry</a><br> https://www.whatsupup.com/blog/sited/implore/20210717-041746/ Sat, 17 Jul 2021 04:17:46 +0000 https://www.whatsupup.com/blog/sited/implore/20210717-041746/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/07/16/world/covid-variant-vaccine-updates/theyre-killing-people-biden-denounces-social-media-for-virus-disinformation">‘They’re killing people’: Biden denounces social media for virus disinformation. This was featured in live coverage. By Zolan Kanno-Youngs and Cecilia Kang</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210717-001945/ Sat, 17 Jul 2021 00:19:44 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210717-001945/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/disable-the-windows-print-spooler-to-prevent-hacks-microsoft-tells-customers/">Disable the Windows print spooler to prevent hacks, Microsoft tells customers</a><br></p> <hr> The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.<br> https://www.whatsupup.com/blog/sited/implore/20210717-001928/ Sat, 17 Jul 2021 00:19:27 +0000 https://www.whatsupup.com/blog/sited/implore/20210717-001928/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/16/us/politics/biden-facebook-social-media-covid.html">‘They’re Killing People’: Biden Denounces Social Media for Virus Disinformation The president’s blunt statement capped weeks of frustration in the White House over the spread of vaccine disinformation on Facebook and other platforms. By Zolan Kanno-Youngs and Cecilia Kang</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20210717-001844/ Sat, 17 Jul 2021 00:18:43 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210717-001844/ <p><a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-01954-4">Astronomers push for global debate on giant satellite swarms</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nature.com/search?q=%22Alexandra+Witze%22&order=date_desc">Rights & permissions for article Astronomers push for global debate on giant satellite swarms . Opens in a new window.</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210717-001225/ Sat, 17 Jul 2021 00:12:23 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210717-001225/ This page lists everything: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/index.html#Documentation">Documentation</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/index.html#Videos">Videos</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/index.html#Software">Software</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/index.html#Misc">Misc</a> . For a short selection of highlights, see my <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/overview.html">Overview</a> page.<br> Video for my AWS re:Invent 2019 talk <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=16slh29iN1g">BPF Performance Analysis at Netflix</a> , which includes my BPF theremin demo ( <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=16slh29iN1g">youtube</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/reinvent-2019-bpf-performance-analysis-at-netflix">slideshare</a> ) (57 mins).<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210716-202326/ Fri, 16 Jul 2021 20:23:26 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210716-202326/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132920_ford-patents-charging-electric-cars-by-towing-them">Ford patents charging electric cars by towing them</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1122165_3m-koenigsegg-jesko-ready-for-production-but-already-sold-out">$3M Koenigsegg Jesko ready for production but already sold out</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132915_everrati-partners-with-superformance-plans-electric-ford-gt40">Everrati partners with Superformance, plans electric Ford GT40</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1125802_2022-formula-one-car-revealed-new-design-cost-cap-better-racing">2022 Formula One car revealed: New design, cost cap, better racing?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1128922_lotus-emira-2022-bmw-2-series-2022-jeep-grand-cherokee-this-week-s-top-photos">Lotus Emira, 2022 BMW 2-Series, 2022 Jeep Grand Cherokee: This Week's Top Photos</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210716-201942/ Fri, 16 Jul 2021 20:19:42 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210716-201942/ <p>German officials feared more deaths on Friday after "catastrophic" floods swept through western regions, demolishing streets and houses, killing more than 100 people and leaving hundreds more missing and homeless.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president-colombia/colombia-police-say-former-haiti-official-suspected-of-ordering-moise-hit-idUSKBN2EM20I">Colombia police say former Haiti official suspected of ordering Moise hit</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/07/16/this-alpaca-ranch-offers-a-transgender-h?videoId=733010373&videoChannel=118169">This alpaca ranch offers a transgender haven</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210716-161855/ Fri, 16 Jul 2021 16:18:55 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210716-161855/ <p>SCHULD/ERFTSTADT, Germany (Reuters) -More than 1,000 people were missing in flood-stricken regions of western Germany and Belgium on Friday, where waters were still rising with the death toll already well over 100 and communications in some areas cut.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-reuters-siddiqui/reuters-photographer-danish-siddiqui-captured-the-people-behind-the-story-idUSKBN2EM19A">Reuters photographer Danish Siddiqui captured the people behind the story</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/07/16/the-week-in-numbers-bumper-profits-carbo?videoId=732999864&videoChannel=118169">The Week in Numbers: bumper profits, carbon costs</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210716-121812/ Fri, 16 Jul 2021 12:18:12 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210716-121812/ <p>Reuters journalist Danish Siddiqui killed while covering a clash between Afghan security forces and Taliban fighters <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKBN2EM0SW">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-europe-weather/floodwaters-still-rising-in-western-europe-with-death-toll-over-110-idUSKBN2EM117">Floodwaters still rising in western Europe with death toll over 110</a><br></p> <hr> More than 1,000 people were missing and more homes were destroyed in flood-stricken regions of western Germany and Belgium on Friday where waters were still rising and the death toll was already at about 117.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-reuters/reuters-journalist-killed-covering-clash-between-afghan-forces-taliban-idUSKBN2EM0SW">Reuters journalist killed covering clash between Afghan forces, Taliban</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma/south-africas-president-says-he-wont-allow-anarchy-and-mayhem-idUSKBN2EM0RR">South Africa's president says he won't allow 'anarchy and mayhem'</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210716-082115/ Fri, 16 Jul 2021 08:21:15 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210716-082115/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132914_2024-bmw-i5-spy-shots">2024 BMW i5 spy shots: Electric 5-Series starts testing</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210716-081741/ Fri, 16 Jul 2021 08:17:40 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210716-081741/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-europe-weather/floods-in-germany-claim-81-victims-more-than-1000-missing-idUSKBN2EM0FN">Floods in Germany claim 81 victims, more than 1,000 missing</a><br></p> <hr> SCHULD, Germany (Reuters) -The number of people who lost their lives in the heavy floods in the western part of Germany increased to at least 81 on Friday, according to German broadcaster ARD, in what is Germany's worst mass loss of life in years.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma/ramaphosa-to-visit-worst-hit-province-as-south-africa-violence-eases-idUSKBN2EM0RR">Ramaphosa to visit worst-hit province as South Africa violence eases</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20210716-080704/ Fri, 16 Jul 2021 08:07:03 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20210716-080704/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/course">course New</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210716-041747/ Fri, 16 Jul 2021 04:17:47 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210716-041747/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-germany/biden-merkel-stress-friendship-while-agreeing-to-disagree-on-pipeline-idUSKBN2EL0FH">Biden, Merkel stress friendship while agreeing to disagree on pipeline</a><br></p> <hr> WASHINGTON (Reuters) -U.S. President Joe Biden and German Chancellor Angela Merkel agreed to disagree on Thursday about a Russian pipeline project that Washington opposes, while vowing to stand together against aggression from Moscow and anti-democratic action from Beijing.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-indigenous-trudeau/as-canada-heads-toward-vote-trudeau-vulnerable-over-indigenous-policies-idUSKBN2EL29K">As Canada heads toward vote, Trudeau vulnerable over indigenous policies</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210716-041615/ Fri, 16 Jul 2021 04:16:14 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210716-041615/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2012/02/21/random-number-generation-illustrated/">Random number generation: An illustrated primer</a><br> https://www.whatsupup.com/blog/boxed/modification/20210716-041446/ Fri, 16 Jul 2021 04:14:46 +0000 https://www.whatsupup.com/blog/boxed/modification/20210716-041446/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#cppnow">cppnow</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#etymology">etymology</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#library-design">library-design</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#litclub">litclub</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#old-shit">old-shit</a><br> I was just reading <a rel="noreferrer" target="_blank" href="https://archive.org/details/dialoguesofplat01plat/page/323/mode/1up">Plato’s Cratylus</a> (see also <a rel="noreferrer" target="_blank" href="https://plato.stanford.edu/entries/plato-cratylus/">its Stanford Encyclopedia article</a> ). In it, (Plato’s version of) Socrates talks about choosing good names:<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210716-001752/ Fri, 16 Jul 2021 00:17:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210716-001752/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-lebanon-crisis/lebanon-spins-further-into-crisis-as-hariri-abandons-bid-to-form-government-idUSKBN2EL1NF">Lebanon spins further into crisis as Hariri abandons bid to form government</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-cuba-internet/u-s-reviewing-whether-it-can-help-restore-internet-access-in-cuba-biden-idUSKBN2EL2D8">U.S. reviewing whether it can help restore internet access in Cuba -Biden</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20210716-001644/ Fri, 16 Jul 2021 00:16:43 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210716-001644/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/its-never-been-better-to-be-talent">There’s Never Been a Better Time to Be Talent</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/its-never-been-better-to-be-talent">If you make stuff for the internet, and are good at it, you are very happy right now.</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210715-201822/ Thu, 15 Jul 2021 20:18:21 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210715-201822/ <p>SCHULD, Germany (Reuters) -At least 42 people have died in Germany and dozens were missing on Thursday as swollen rivers caused by record rainfall across western Europe swept through towns and villages, leaving cars upended, houses destroyed and people stranded on rooftops.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-cuba-internet/u-s-reviewing-whether-it-can-help-restore-internet-access-in-cuba-idUSKBN2EL2D8">U.S. reviewing whether it can help restore internet access in Cuba</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-haiti/charges-could-be-brought-in-u-s-over-haitian-assassination-u-s-official-idUSKBN2EL2FA">Charges could be brought in U.S. over Haitian assassination -U.S. official</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/07/15/paralyzed-indycar-driver-races-again?videoId=732962853&videoChannel=118169">Paralyzed IndyCar driver races again</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210715-201746/ Thu, 15 Jul 2021 20:17:45 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210715-201746/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/for-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer/">For years, a backdoor in popular KiwiSDR product gave root to project developer</a><br></p> <hr> Users are rattled after learning their devices and networks were exposed.<br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210715-201558/ Thu, 15 Jul 2021 20:15:57 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210715-201558/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/07/verifiable-design-in-modern-systems.html">Verifiable design in modern systems</a><br></p> <hr> Posted by Ryan Hurst, Production Security Team The way we design and build software is continually evolving. Just as we now think of security as something we build into software from the start, we are also increasingly looking for new ways to minimize trust in that software. One of the ways we can do that is by designing software so that you can get cryptographic certainty of what the software has done. <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/07/verifiable-design-in-modern-systems.html">Read More</a><br> Posted by Ryan Hurst, Production Security Team<br> The way we design and build software is continually evolving. Just as we now think of security as something we build into software from the start, we are also increasingly looking for new ways to minimize trust in that software. One of the ways we can do that is by designing software so that you can get cryptographic certainty of what the software has done. In this post, we'll introduce the concept of <a rel="noreferrer" target="_blank" href="https://transparency.dev/verifiable-data-structures/">verifiable data structures</a> that help us get this cryptographic certainty. We'll describe some existing and new applications of verifiable data structures, and provide some additional resources we have created to help you use them in your own applications. A verifiable data structure is a class of data structure that lets people efficiently agree, with cryptographic certainty, that the data contained within it is correct. <a rel="noreferrer" target="_blank" href="https://artsandculture.google.com/entity/merkle-tree/m07h_v_">Merkle Trees</a> are the most famous of these and have been used for decades because they can enable efficient verification that a particular piece of data is included among many records - as a result they also form the basis of most blockchains. Although these verifiable data structures are not new, we now have a new generation of developers who have discovered them and the designs they enable -- further accelerating their adoption. These verifiable data structures enable building a new class of software that have elements of verifiability and transparency built into the way they operate. This gives us new ways to defend against coercion, introduce accountability to existing and new ecosystems, and make it easier to demonstrate compliance to regulators, customers and partners. <a rel="noreferrer" target="_blank" href="https://certificate.transparency.dev/">Certificate Transparency</a> is a great example of a non-blockchain use of these verifiable data structures at scale to secure core internet infrastructure. By using these patterns, we have been able to <a rel="noreferrer" target="_blank" href="https://certificate.transparency.dev/community/">introduce transparency and accountability</a> to an existing system used by everyone without <a rel="noreferrer" target="_blank" href="https://research.google/pubs/pub47551/">breaking the web</a> . Unfortunately, despite the capabilities of verifiable data structures and the associated patterns, there are not many resources developers can use to design, build, and deploy scalable and production-quality systems based on them. To address this gap we have generalized the <a rel="noreferrer" target="_blank" href="https://github.com/google/trillian">platform</a> we used to build Certificate Transparency so it can be applied to other classes of problems as well. Since this infrastructure has been used for years as part of this ecosystem it is well understood and can be deployed confidently in production systems. This is why we have seen solutions in areas of healthcare, financial services, and supply chain leverage this platform. Beyond that, we have also applied these patterns to bring these transparency and accountability properties to other problems within our own products and services. To this end, in 2019, we used this platform to bring supply chain integrity to the Go language ecosystem via the <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=KqTySYYhPUE">Go Checksum Database</a> . This system allows developers to have confidence that the package management systems supporting the Go ecosystem can’t intentionally, arbitrarily, or accidentally start giving out the wrong code without getting caught. The reproducibility of Go builds makes this particularly powerful as it enables the developer to ensure what is in the source repository matches what is in the package management system. This solution delivers a verifiable chaiin all the way from the source repositories to the final compiled artifacts. Another example of using these patterns is our recently <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html">announced</a> partnership with the Linux Foundation on <a rel="noreferrer" target="_blank" href="https://sigstore.dev/">Sigstore</a> . This project is a response to the ever-increasing influx of supply chain attacks on the Open Source ecosystem. Supply chain attacks have been possible because there are weaknesses at every link in the chain. Components like build systems, source code management tools, and artifact repositories all need to be treated as critical production environments, because they are. To address this, we first need to make it possible to verify provenance along the entire chain and the goal of the Sigstore effort is to enable just that. We are now working on using these patterns and tools to <a rel="noreferrer" target="_blank" href="https://github.com/google/trillian-examples/tree/master/binary_transparency/firmware">enable hardware-enforced supply chain integrity for device firmware</a> , which we hope will discourage supply chain attacks on the devices, like smartphones, that we rely on every day by bringing transparency and accountability to their firmware supply chain. In all of the above examples, we are using these verifiable data structures to ensure the integrity of artifacts in the supply chain. This enables customers, auditors, and internal security teams to be confident that each actor in the supply chain has lived up to their responsibilities. This helps earn the trust of those that rely on the supply chain, discourages insiders from using their position as it increases the chance they will get caught, introduces accountability, and enables proving the associated systems continually meet their compliance obligations. When using these patterns the most important task is defining what data should be logged. This is why we put together a <a rel="noreferrer" target="_blank" href="https://transparency.dev/how-to-design-a-verifiable-system/">taxonomy and modeling framework</a> which we have found to be helpful in designing verifiability into the systems we discussed above, and which we hope you will find valuable too. Please take a look at the <a rel="noreferrer" target="_blank" href="http://transparency.dev/">transparency.dev</a> website to learn about these verifiable data structures, and the tools and guidance we have put together to help use them in your own applications.<br> Labels: <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/Security">Security</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210715-162028/ Thu, 15 Jul 2021 16:20:28 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210715-162028/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132904_2022-chevrolet-colorado-price-specs-review-photos-info">Preview: 2022 Chevrolet Colorado levels up with Trail Boss model</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132836_1994-audi-rs-2-avant-sells-for-77-500-on-bring-a-trailer">1994 Audi RS 2 Avant sells for $77,500 on Bring A Trailer</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132902_2024-bmw-5-series-spy-shots">2024 BMW 5-Series spy shots: Popular sedan slims down for next generation</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210715-161714/ Thu, 15 Jul 2021 16:17:13 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210715-161714/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-germany-weather/at-least-44-dead-dozens-missing-as-floods-sweep-through-western-europe-idUSKBN2EL0FJ">At least 44 dead, dozens missing as floods sweep through western Europe</a><br></p> <hr> At least 42 people have died in Germany and dozens were missing on Thursday as swollen rivers caused by record rainfall across western Europe swept through towns and villages, leaving cars upended, houses destroyed and people stranded on rooftops.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/07/15/culinary-diplomacy-as-chefs-of-world-lea?videoId=732953661&videoChannel=118169">'Culinary diplomacy' as chefs of world leaders gather</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210715-122004/ Thu, 15 Jul 2021 12:20:04 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210715-122004/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132903_rebooted-aston-martin-valhalla-hypercar-given-new-look-v-8-power">Rebooted Aston Martin Valhalla hypercar given new look, V-8 power</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210715-121704/ Thu, 15 Jul 2021 12:17:04 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210715-121704/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-germany-weather/more-than-20-die-in-floods-in-western-europe-dozens-missing-idUSKBN2EL0FJ">More than 20 die in floods in western Europe, dozens missing</a><br></p> <hr> At least 19 people have died in Germany and dozens were missing on Thursday as record rainfall in western Europe caused rivers to burst their banks, swept away homes and flooded cellars.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma/residents-count-cost-as-south-africa-looting-starts-to-die-down-idUSKBN2EL10F">Residents count cost as South Africa looting starts to die down</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ethiopia-conflict-arrests/hundreds-of-tigrayans-detained-in-ethiopian-capital-in-recent-weeks-witnesses-say-idUSKBN2EL0FR">Hundreds of Tigrayans detained in Ethiopian capital in recent weeks, witnesses say</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210715-082110/ Thu, 15 Jul 2021 08:21:10 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210715-082110/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132900_teorema-concept-is-first-pininfarina-designed-with-vr">Teorema concept is first Pininfarina designed with VR</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210715-081747/ Thu, 15 Jul 2021 08:17:47 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210715-081747/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-germany/biden-merkel-may-have-little-time-to-rebuild-indispensable-relationship-idUSKBN2EL0FH">Biden, Merkel may have little time to rebuild 'indispensable' relationship</a><br></p> <hr> The clock is ticking as President Joe Biden welcomes German Chancellor Angela Merkel to the White House on Thursday with both hoping to rebuild ties badly frayed under former President Donald Trump.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-refugees/afghan-neighbours-wary-of-new-refugee-crisis-as-violence-surges-idUSKBN2EL0JX">Afghan neighbours wary of new refugee crisis as violence surges</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-turkey-economy-erdogan-analysis/analysis-when-erdogans-turkish-economic-miracle-began-failing-idUSKBN2EL0HM">Analysis-When Erdogan's Turkish economic miracle began failing</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210715-041810/ Thu, 15 Jul 2021 04:18:09 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210715-041810/ Exclusive: Iran will not be ready for nuclear talks with the U.S. until President-elect Ebrahim Raisi's administration begins <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKBN2EL001">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/haitians-protest-pay-tribute-as-country-grapples-with-presidents-killing-idUSKBN2EK27F">Haitians protest, pay tribute as country grapples with president's killing</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210715-001837/ Thu, 15 Jul 2021 00:18:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210715-001837/ <p>DOJ watchdog slams FBI for botching sexual abuse probe of ex-gymnastics doctor Nassar, says officials lied to investigators <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKBN2EK272">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-taliban/afghan-taliban-seize-border-crossing-with-pakistan-in-major-advance-idUSKBN2EK0HG">Afghan Taliban seize border crossing with Pakistan in major advance</a><br></p> <hr> KABUL (Reuters) -Taliban fighters in Afghanistan seized control of a major border crossing with Pakistan on Wednesday, one of the most important objectives they have achieved so far during a rapid advance across the country as U.S. forces pull out.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma/s-african-govt-plans-troop-surge-to-quell-unrest-reports-idUSKBN2EK0OD">S.African govt plans troop surge to quell unrest -reports</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/haitians-protest-pay-tribute-in-a-country-still-reeling-from-presidents-killing-idUSKBN2EK27F">Haitians protest, pay tribute in a country still reeling from president's killing</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210715-001836/ Thu, 15 Jul 2021 00:18:35 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210715-001836/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/solarwinds-hackers-used-an-ios-0-day-to-steal-google-and-microsoft-credentials/">iOS zero-day let SolarWinds hackers compromise fully updated iPhones</a><br></p> <hr> Flaw was exploited when government officials clicked on links in LinkedIn messages.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210714-202111/ Wed, 14 Jul 2021 20:21:11 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210714-202111/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1128149_2022-volkswagen-golf-gti-price-specs-review-photos-info">Preview: 2022 Volkswagen Golf GTI to be quicker, more digital, start at $30,540</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1130127_2022-volkswagen-golf-r-price-specs-review-info-photos">Preview: 315-hp 2022 Volkswagen Golf R brings more tech, more performance, $44,640 starting price</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210714-201737/ Wed, 14 Jul 2021 20:17:37 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210714-201737/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/solarwinds-hackers-used-an-ios-0-day-to-steal-google-and-microsoft-credentials/">SolarWinds hackers used an iOS 0-day to steal Google and Microsoft credentials</a><br></p> <hr> WebKit flaw was exploited when government officials clicked on LinkedIn messages.<br> https://www.whatsupup.com/blog/boxed/modification/20210714-201451/ Wed, 14 Jul 2021 20:14:50 +0000 https://www.whatsupup.com/blog/boxed/modification/20210714-201451/ <p>iterator<br> IS-NOT-A<br> const_iterator<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#antipatterns">antipatterns</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#implementation-divergence">implementation-divergence</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#library-design">library-design</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#stl-classic">stl-classic</a><br> Consider the following code snippet ( <a rel="noreferrer" target="_blank" href="https://godbolt.org/z/GEzWPrcKM">Godbolt</a> ). Would you believe that it compiles on MSVC (with Microsoft’s STL) but not on libc++ or libstdc++?<br> template<class C> struct Wrap { Wrap(C&); operator C::iterator() const; };</p> <p>template<class C> void f(C&, typename C::const_iterator);</p> <p>int main() { std::list<int> v; f(v, Wrap(v)); } …<br></p> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210714-162205/ Wed, 14 Jul 2021 16:22:05 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210714-162205/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132890_1-of-3-1972-lamborghini-miura-svj-is-up-for-sale">1-of-3 1972 Lamborghini Miura SVJ is up for sale</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132766_2005-saleen-s7-twin-turbo-competition-package-with-1-300-miles-sells-for-655-000-on-bring-a-trailer">2005 Saleen S7 twin-turbo competition package with 1,300 miles sells for $655,000 on Bring A Trailer</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210714-161824/ Wed, 14 Jul 2021 16:18:24 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210714-161824/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma/citizens-arm-themselves-as-looting-unrest-roil-south-africa-idUSKBN2EK0OD">Citizens arm themselves as looting, unrest roil South Africa</a><br></p> <hr> DURBAN, South Africa (Reuters) -South African President Cyril Ramaphosa said on Wednesday he might order more troops onto the streets as the army and police struggled to quell days of looting and violence, while some citizens armed themselves to protect their property and businesses from the rampage.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-twitter-enforcement-exclusive/exclusive-twitter-sees-jump-in-govt-demands-to-remove-content-of-journalists-news-outlets-idUSKBN2EK1IE">Exclusive-Twitter sees jump in govt demands to remove content of journalists, news outlets</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-brazil-bolsonaro/brazils-bolsonaro-stabbed-in-2018-hospitalized-with-chronic-hiccups-idUSKBN2EK177">Brazil's Bolsonaro, stabbed in 2018, hospitalized with chronic hiccups</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210714-161800/ Wed, 14 Jul 2021 16:18:00 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210714-161800/ Hackers IDed as DEV-0322 have a fondness for defense contractors and software-makers.<br> https://www.whatsupup.com/blog/seer/hemisphere/20210714-161708/ Wed, 14 Jul 2021 16:17:07 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210714-161708/ <p><a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-01881-4">Racism is magnifying the deadly impact of rising city heat</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nature.com/search?q=%22Alexandra+Witze%22&order=date_desc">Rights & permissions for article Racism is magnifying the deadly impact of rising city heat . Opens in a new window.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210714-122136/ Wed, 14 Jul 2021 12:21:36 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210714-122136/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1115126_2023-bmw-m2-coupe-spy-shots">2023 BMW M2 spy shots: Next generation of driver's coupe hits the 'Ring</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132887_gm-to-spend-71m-on-new-california-design-center">GM to spend $71M on new California design center</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132861_lamborghini-s-next-supercar-will-feature-an-entirely-new-v-12">Lamborghini's next supercar will feature an entirely new V-12</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132865_time-capsule-1995-mclaren-f1-with-242-miles-headed-to-auction">Time capsule 1995 McLaren F1 with 242 miles headed to auction</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210714-121747/ Wed, 14 Jul 2021 12:17:47 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210714-121747/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma/south-african-crowds-rampage-hospital-operations-disrupted-idUSKBN2EK0OD">South African crowds rampage, hospital operations disrupted</a><br></p> <hr> Crowds looted shops and offices in South Africa on Wednesday, defying government calls to end a week of violence that has killed more than 70 people and wrecked hundreds of businesses.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-asean/u-s-rejects-china-maritime-claims-calls-for-asean-action-on-myanmar-idUSKBN2EK0B1">U.S. rejects China maritime claims, calls for ASEAN action on Myanmar</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-brazil-bolsonaro/brazils-bolsonaro-hospitalized-to-find-cause-of-hiccups-presidency-says-idUSKBN2EK177">Brazil's Bolsonaro hospitalized to find cause of hiccups, presidency says</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210714-082310/ Wed, 14 Jul 2021 08:23:10 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210714-082310/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1129768_2022-hyundai-elantra-n-price-specs-review-photos-info">Preview: 2022 Hyundai Elantra N revealed with 276 hp, 8-speed DCT</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210714-081926/ Wed, 14 Jul 2021 08:19:26 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210714-081926/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma/south-african-crowds-rampage-overnight-defying-calls-for-end-to-violence-looting-idUSKBN2EK0OD">South African crowds rampage overnight, defying calls for end to violence, looting</a><br></p> <hr> Crowds looted shops and businesses in South Africa on Wednesday, defying government calls for an end to a week of violence that has killed more than 70 people, wrecked hundreds of businesses and shut down a refinery.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-taliban/taliban-claims-to-control-key-afghan-border-crossing-with-pakistan-idUSKBN2EK0HG">Taliban claims to control key Afghan border crossing with Pakistan</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-myanmar-politics/myanmar-anti-coup-activists-protest-as-u-s-seeks-regional-action-idUSKBN2EK0LT">Myanmar anti-coup activists protest as U.S. seeks regional action</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210714-042254/ Wed, 14 Jul 2021 04:22:54 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210714-042254/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131838_2022-jeep-compass-price-specs-review-photos-info">Preview: 2022 Jeep Compass arrives with more tech and refinement</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210714-042133/ Wed, 14 Jul 2021 04:21:32 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210714-042133/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2020/05/16/competitive-programming-in-haskell-summer-series/">Competitive programming in Haskell: summer series</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210714-041919/ Wed, 14 Jul 2021 04:19:18 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210714-041919/ JOHANNESBURG (Reuters) -Crowds clashed with police and ransacked or set ablaze shopping malls in cities across South Africa on Tuesday, with dozens of people reported killed, as grievances unleashed by the jailing of ex-president Jacob Zuma boiled over into the worst violence in years.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-cuba-unrest/faced-with-rare-protests-cuba-curbs-social-media-access-watchdog-says-idUSKBN2EJ218">Faced with rare protests, Cuba curbs social media access, watchdog says</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210714-041855/ Wed, 14 Jul 2021 04:18:54 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210714-041855/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/microsoft-says-hackers-in-china-exploited-critical-solarwinds-0-day/">SolarWinds 0-day gave Chinese hackers privileged access to customer servers</a><br></p> <hr> Hackers IDed as DEV-0322 have a fondness for defense contractors and software makers.<br> https://www.whatsupup.com/blog/deformative/unaccompanied/20210714-041638/ Wed, 14 Jul 2021 04:16:37 +0000 https://www.whatsupup.com/blog/deformative/unaccompanied/20210714-041638/ <a rel="noreferrer" target="_blank" href="https://www.briangilham.com">← 🏠</a><br></p> <hr> 404<br> The page you're looking for doesn't exist. Sorry about that.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210714-002422/ Wed, 14 Jul 2021 00:24:22 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210714-002422/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132881_2022-mercedes-benz-amg-sl-roadster-s-high-tech-cabin-revealed">2022 Mercedes-Benz AMG SL Roadster's high-tech cabin revealed</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210714-000728/ Wed, 14 Jul 2021 00:07:27 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210714-000728/ Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft.<br> Thirteen of the security bugs quashed in this month’s release earned Microsoft’s most-dire “critical” rating, meaning they can be exploited by malware or miscreants to seize remote control over a vulnerable system without any help from users.<br> Another 103 of the security holes patched this month were flagged as “important,” which Microsoft assigns to vulnerabilities “whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.”<br> Among the critical bugs is of course the official fix for the PrintNightmare print spooler flaw in most versions of Windows ( <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527">CVE-2021-34527</a> ) that prompted Microsoft <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/">to rush out a patch for a week ago</a> in response to exploit code for the flaw that got accidentally published online. That patch seems to have caused a number of problems for Windows users. Here’s hoping the updated fix resolves some of those issues for readers who’ve been holding out.<br> <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34448">CVE-2021-34448</a> is a critical remote code execution vulnerability in the scripting engine built into every supported version of Windows — including server versions. Microsoft says this flaw is being exploited in the wild.<br> Both <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33771">CVE-2021-33771</a> and <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31979">CVE-2021-31979</a> are elevation of privilege flaws in the Windows kernel. Both are seeing active exploitation, according to Microsoft. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/microsoft-patch-tuesday-july-2021-edition/#more-56103">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210713-202328/ Tue, 13 Jul 2021 20:23:28 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210713-202328/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132877_rivian-files-patent-application-for-k-turn-mode">Rivian files patent application for "K-turn mode"</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210713-201936/ Tue, 13 Jul 2021 20:19:36 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210713-201936/ Vaccination burnout? Here's which countries have the highest vaccination rates – and the lowest <a rel="noreferrer" target="_blank" href="https://graphics.reuters.com/HEALTH-CORONAVIRUS/VACCINATION/xklvyxrdgpg/index.html">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-cuba-state/u-s-calls-for-calm-in-cuba-concerned-by-images-of-violence-idUSKBN2EJ27L">U.S. calls for calm in Cuba, concerned by images of violence</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210713-162329/ Tue, 13 Jul 2021 16:23:29 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210713-162329/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131252_2022-infiniti-qx60-price-specs-review-photos-info">Preview: 2022 Infiniti QX60 coming with 295-hp V-6, 9-speed automatic, sharper looks for $47,875</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1112267_2022-hyundai-santa-cruz-price-specs-review-photos-info">Preview: 2022 Hyundai Santa Cruz compact pickup priced from $25,175</a><br> https://www.whatsupup.com/blog/gaper/whisky/20210713-162044/ Tue, 13 Jul 2021 16:20:44 +0000 https://www.whatsupup.com/blog/gaper/whisky/20210713-162044/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/07/getting-lively-with-firefox-90/">Getting lively with Firefox 90 →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/07/getting-lively-with-firefox-90/">Getting lively with Firefox 90</a><br> <hr> As the summer rolls around for those of us in the northern hemisphere, temperatures are high and unwinding with a cool ice tea is high on the agenda. Isn't it lucky then that Background Update is here for Windows, which means Firefox can update even if it's not running. We can just sit back and relax! <p>Also this release we see a few nice JavaScript additions, including private fields and methods for classes, and the at() method for Array, String and TypedArray global objects.</p> <p>This blog post just provides a set of highlights.<br></p> https://www.whatsupup.com/blog/twopenny/ultraism/20210713-161928/ Tue, 13 Jul 2021 16:19:28 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210713-161928/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-kandahar/responding-to-sos-afghan-commandos-caught-in-fierce-taliban-attack-idUSKBN2EJ1P8">Responding to SOS, Afghan commandos caught in fierce Taliban attack</a><br></p> <hr> Minutes after returning from a mission on Tuesday before dawn, a convoy of exhausted Afghan commandos were speeding back out of their base to try to extract a wounded policeman trapped by Taliban insurgents on the outskirts of Kandahar.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma/worst-violence-in-years-spreads-in-south-africa-as-grievances-boil-over-idUSKBN2EJ0N2">Worst violence in years spreads in South Africa as grievances boil over</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iraq-fire-hospital/anger-mounts-after-92-die-in-fire-on-iraq-covid-ward-idUSKBN2EJ0OH">Anger mounts after 92 die in fire on Iraq COVID ward</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210713-122136/ Tue, 13 Jul 2021 12:21:36 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210713-122136/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132510_2022-opel-astra-price-specs-review-photos-info">2022 Opel Astra reveal marks next step in brand's transformation</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210713-121808/ Tue, 13 Jul 2021 12:18:08 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210713-121808/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma/violence-spreads-in-south-africa-as-grievances-boil-over-idUSKBN2EJ0N2">Violence spreads in South Africa as grievances boil over</a><br></p> <hr> JOHANNESBURG (Reuters) -Protesters clashed with police in several areas of South Africa and looters ransacked shopping malls on Tuesday as frustrations over poverty and inequality boiled over into the country's worst unrest in years.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma-stampede/10-bodies-found-at-looted-s-african-mall-following-stampede-idUSKBN2EJ180">10 bodies found at looted S.African mall following stampede</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210713-082209/ Tue, 13 Jul 2021 08:22:09 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210713-082209/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132872_2022-ford-everest-spy-shots">2022 Ford Everest spy shots: Redesign for Ranger-based SUV</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210713-081820/ Tue, 13 Jul 2021 08:18:19 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210713-081820/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-japan-defence/japan-warns-of-crisis-over-taiwan-growing-risks-from-u-s-china-rivalry-idUSKBN2EJ055">Japan warns of crisis over Taiwan, growing risks from U.S.-China rivalry</a><br></p> <hr> Growing military tensions around Taiwan as well as economic and technological rivalry between China and the United States threaten peace and stability in East Asia as the regional power balance shifts in Beijing's favour, Japan said in its annual defence white paper.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-sputnik-regulator/european-efforts-to-assess-russias-sputnik-v-vaccine-stymied-by-data-gaps-idUSKBN2EJ0ET">European efforts to assess Russia’s Sputnik V vaccine stymied by data gaps</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-france-google-antitrust/france-fines-google-500-million-euros-over-copyright-row-idUSKBN2EJ0KP">France fines Google 500 million euros over copyright row</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/07/12/explainer-what-does-eus-climate-masterpl?videoId=732833386&videoChannel=118169">Explainer: What does EU's climate masterplan entail?</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210713-001802/ Tue, 13 Jul 2021 00:18:02 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210713-001802/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president-usa-suspects/former-u-s-drug-agency-informant-arrested-in-haiti-assassination-source-says-idUSKBN2EI2AY">Former U.S. drug agency informant arrested in Haiti assassination, source says</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20210713-001420/ Tue, 13 Jul 2021 00:14:19 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210713-001420/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/07/10/Murderbot-Diaries">Murderbot Diaries</a> · I suffered a massive loss of productivity for a few days last week because I started reading the first of <a rel="noreferrer" target="_blank" href="https://amzn.to/3AOm3Aq">this series</a> and found that I had to read them all pretty much without stopping <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/07/10/Murderbot-Diaries">…</a> [1 comment]<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210712-201748/ Mon, 12 Jul 2021 20:17:48 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210712-201748/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/white-house-does-not-rule-out-haiti-request-for-u-s-troops-idUSKBN2EI1HM">White House does not rule out Haiti request for U.S. troops</a><br></p> <hr> BOGOTA/PORT-AU-PRINCE (Reuters) -The United States is still reviewing a request for troops made by Haiti's interim Prime Minister Claude Joseph to help secure key infrastructure after the assassination of President Jovenel Moise, White House spokesperson Jen Psaki said on Monday.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president-usa/u-s-delegation-to-haiti-met-all-three-claimants-to-power-white-house-idUSKBN2EI1YU">U.S. delegation to Haiti met all three claimants to power -White House</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-cuba-protests/cuba-blames-unrest-on-u-s-interference-as-biden-backs-protests-idUSKBN2EI1H4">Cuba blames unrest on U.S. interference as Biden backs protests</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210712-201724/ Mon, 12 Jul 2021 20:17:24 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210712-201724/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/microsoft-discovers-critical-solarwinds-zero-day-under-active-attack/">Microsoft discovers critical SolarWinds zero-day under active attack</a><br></p> <hr> Flaws allow attackers to run malicious code on machines hosting Serv-U products.<br> https://www.whatsupup.com/blog/deformative/unaccompanied/20210712-201509/ Mon, 12 Jul 2021 20:15:08 +0000 https://www.whatsupup.com/blog/deformative/unaccompanied/20210712-201509/ <p>Page Not Found<br> Looks like you've followed a broken link or entered a URL that doesn't exist on this site.<br> <a rel="noreferrer" target="_blank" href="https://www.briangilham.com/">Back to our site</a><br></p> <hr> If this is your site, and you weren't expecting a 404 for this path, please visit Netlify's <a rel="noreferrer" target="_blank" href="https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125?utm_source=404page&utm_campaign=community_tracking">"page not found" support guide</a> for troubleshooting tips.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210712-162135/ Mon, 12 Jul 2021 16:21:35 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210712-162135/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132863_2022-ram-1500-big-horn-and-lone-star-available-in-new-backcountry-edition">2022 Ram 1500 Big Horn and Lone Star available in new BackCountry Edition</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132862_audi-teases-an-electric-a8-successor-with-grand-sphere-concept">Audi teases an electric A8 successor with Grand Sphere concept</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210712-161808/ Mon, 12 Jul 2021 16:18:07 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210712-161808/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-kandahar/afghan-special-forces-moved-in-on-taliban-only-to-find-they-had-melted-away-idUSKBN2EI10A">Afghan special forces moved in on Taliban, only to find they had melted away</a><br></p> <hr> Soldiers from Afghanistan's special forces paused for a short prayer late on Sunday night on a deserted stretch of highway in the southern province of Kandahar. They do so each time they prepare to face Taliban militants in battle.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/colombian-police-say-no-hypothesis-in-haiti-assassination-probe-idUSKBN2EI1HM">Colombian police say no 'hypothesis' in Haiti assassination probe</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210712-122035/ Mon, 12 Jul 2021 12:20:35 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210712-122035/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1065042_2023-audi-q6-e-tron-spy-shots">2023 Audi Q6 E-Tron spy shots: Electric Porsche Macan's Audi twin spotted</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210712-121729/ Mon, 12 Jul 2021 12:17:29 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210712-121729/ Afghan special forces moved in on Taliban, only to find they had melted away <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKBN2EI10A">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-usa-commander/in-symbolic-end-to-war-u-s-general-to-step-down-from-command-in-afghanistan-idUSKBN2EI0NE">In symbolic end to war, U.S. general to step down from command in Afghanistan</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210712-082116/ Mon, 12 Jul 2021 08:21:16 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210712-082116/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132860_2022-bmw-x5-black-vermilion-is-perfect-for-the-fashion-conscious">2022 BMW X5 Black Vermilion is perfect for the fashion conscious</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210712-081941/ Mon, 12 Jul 2021 08:19:40 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210712-081941/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/12/technology/facebook-creators-tiktok-youtube.html">Facebook Wants to Court Creators. It Could Be a Tough Sell. The social network is aiming to be a destination for creators and their viral memes. But TikTok and YouTube got there first. By Mike Isaac and Taylor Lorenz</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210712-081748/ Mon, 12 Jul 2021 08:17:47 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210712-081748/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-cuba-unrest/cuba-sees-biggest-protests-for-decades-as-pandemic-adds-to-woes-idUSKBN2EH0ID">Cuba sees biggest protests for decades as pandemic adds to woes</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma/s-african-ex-leader-zumas-court-hearing-starts-after-looting-arson-idUSKBN2EI0IE">S.African ex-leader Zuma's court hearing starts after looting, arson</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210712-041904/ Mon, 12 Jul 2021 04:19:04 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210712-041904/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-cuba-unrest/thousands-of-cubans-join-biggest-anti-government-protests-in-decades-idUSKBN2EH0ID">Thousands of Cubans join biggest anti-government protests in decades</a><br></p> <hr> HAVANA (Reuters) -Chanting "freedom" and calling for President Miguel Diaz-Canel to step down, thousands of Cubans joined street protests from Havana to Santiago on Sunday in the biggest anti-government demonstrations on the Communist-run island in decades.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-northkorea-aid/n-korea-dismisses-u-s-humanitarian-aid-as-sinister-scheme-idUSKBN2EI07Q">N.Korea dismisses U.S. humanitarian aid as 'sinister scheme'</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/haiti-police-arrest-suspect-in-presidents-assassination-idUSKBN2EH0DA">Haiti police arrest suspect in president's assassination</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210712-002124/ Mon, 12 Jul 2021 00:21:23 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210712-002124/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2020/03/23/data-structure-challenge-finding-the-rightmost-empty-slot/">Data structure challenge: finding the rightmost empty slot</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210711-201831/ Sun, 11 Jul 2021 20:18:30 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210711-201831/ <p>Djokovic triumphs at Wimbledon to secure record-equalling 20th major <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKBN2EH0DJ">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/leaked-testimony-from-haiti-suspects-says-plan-was-to-arrest-not-kill-president-idUSKBN2EH0DA">Leaked testimony from Haiti suspects says plan was to arrest, not kill president</a><br></p> <hr> PORT-AU-PRINCE (Reuters) -A group of Colombians and Haitian Americans suspected of assassinating Haitian President Jovenel Moise told investigators they were there to arrest him, not kill him, the Miami Herald and a person familiar with the matter said on Sunday.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president-usa/pentagon-says-u-s-team-going-to-haiti-to-assess-needs-idUSKBN2EH0DP">Pentagon says U.S. team going to Haiti to assess needs</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma/south-africa-violence-spreads-to-johannesburg-in-wake-of-zuma-jailing-idUSKBN2EH062">South Africa violence spreads to Johannesburg in wake of Zuma jailing</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210711-161720/ Sun, 11 Jul 2021 16:17:20 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210711-161720/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-safrica-zuma/violence-spreads-to-south-africas-economic-hub-in-wake-of-zuma-jailing-idUSKBN2EH062">Violence spreads to South Africa's economic hub in wake of Zuma jailing</a><br></p> <hr> JOHANNESBURG (Reuters) -Shops were looted overnight, a section of the M2 highway was closed and stick-wielding protesters marched through the streets of Johannesburg on Sunday, as sporadic acts of violence following the jailing of former South African President Jacob Zuma spread to the country's main economic hub.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210711-121759/ Sun, 11 Jul 2021 12:17:59 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210711-121759/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-pope-surgery/pope-reappears-after-surgery-backs-free-universal-health-care-idUSKBN2EH074">Pope reappears after surgery, backs free universal health care</a><br></p> <hr> ROME (Reuters) -Pope Francis, seeming in good overall condition, appeared in public on Sunday for the first time since undergoing intestinal surgery a week ago and made a plea for free universal healthcare.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-taiwan-vaccine/tsmc-foxconn-say-they-are-in-process-of-signing-deal-for-biontech-covid-19-vaccines-idUSKBN2EH027">TSMC, Foxconn say they are in process of signing deal for BioNTech COVID-19 vaccines</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210711-041811/ Sun, 11 Jul 2021 04:18:10 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210711-041811/ Argentina beat Brazil 1-0 to win Copa America for the 15th time <a rel="noreferrer" target="_blank" href="https://www.reuters.com/lifestyle/sports/argentina-beat-brazil-1-0-win-copa-america-2021-07-11/">VIEW MORE</a><br> PORT-AU-PRINCE (Reuters) -One of Haiti's most powerful gang leaders said on Saturday his men would take to the streets to protest the assassination of President Jovenel Moise, threatening to pitch the impoverished Caribbean country deeper into chaos.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-syria-attack/no-injuries-damage-in-attack-against-u-s-forces-in-syria-defense-official-idUSKBN2EG0JA">No injuries, damage in attack against U.S. forces in Syria- defense official</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210711-001856/ Sun, 11 Jul 2021 00:18:55 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210711-001856/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/gang-boss-wades-into-haiti-turmoil-sees-conspiracy-behind-presidents-killing-idUSKBN2EG0B8">Gang boss wades into Haiti turmoil, sees conspiracy behind president's killing</a><br></p> <hr> PORT-AU-PRINCE (Reuters) -One of Haiti's most powerful gang leaders said on Saturday his men would take to the streets in protest at the assassination of President Jovenel Moise, threatening to pitch the impoverished Caribbean nation deeper into chaos.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-northkorea/leaders-of-n-korea-china-vow-greater-cooperation-in-face-of-foreign-hostility-kcna-idUSKBN2EG0HU">Leaders of N.Korea, China vow greater cooperation in face of foreign hostility: KCNA</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210710-201706/ Sat, 10 Jul 2021 20:17:05 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210710-201706/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/slain-haitian-leaders-widow-blames-political-enemies-as-power-struggle-intensifies-idUSKBN2EG0B8">Slain Haitian leader's widow blames political enemies as power struggle intensifies</a><br></p> <hr> PORT-AU-PRINCE (Reuters) -The widow of slain Haitian President Jovenel Moise on Saturday accused shadowy enemies of organizing his assassination to stop democratic change, as a struggle for power intensified in the Caribbean nation.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ethiopia-election/ethiopia-pm-abiys-party-wins-landslide-victory-in-election-idUSKBN2EG0DW">Ethiopia PM Abiy's party wins landslide victory in election</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210710-161602/ Sat, 10 Jul 2021 16:16:02 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210710-161602/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/rival-haitian-leaders-battle-for-power-after-presidents-assassination-idUSKBN2EG0B8">Rival Haitian leaders battle for power after president's assassination</a><br></p> <hr> A power struggle is brewing in Haiti as the man appointed prime minister shortly before the assassination of Haiti's president this week said he - not the acting premier - should lead the Caribbean nation and was forming a government to that effect.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-somalia-security/at-least-8-killed-in-mogadishu-by-suicide-bomb-targeting-government-convoy-idUSKBN2EG077">At least 8 killed in Mogadishu by suicide bomb targeting government convoy</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-opposition/iranian-exiles-protest-demand-prosecution-of-president-elect-idUSKBN2EG0B5">Iranian exiles protest, demand prosecution of president-elect</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210710-121943/ Sat, 10 Jul 2021 12:19:43 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210710-121943/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131974_the-lamborghini-miura-sv-is-now-50-years-old">The Lamborghini Miura SV is now 50 years old</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210710-121622/ Sat, 10 Jul 2021 12:16:21 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210710-121622/ WASHINGTON/PORT-AU-PRINCE (Reuters) -The United States on Friday rebuffed Haiti's request for troops to help secure key infrastructure after the assassination of President Jovenel Moise by suspected foreign mercenaries, even as it pledged to help with the investigation.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-pope-surgery/pope-gradually-resuming-work-walking-eating-with-aides-vatican-says-idUSKBN2EG07O">Pope gradually resuming work, walking, eating with aides, Vatican says</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210710-120536/ Sat, 10 Jul 2021 12:05:36 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210710-120536/ “One of the things they found out during the arrest was the people wanting to be in the gang were told they had to bring them $250,000 within a week,” Santor said.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210710-081556/ Sat, 10 Jul 2021 08:15:55 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210710-081556/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-chile-police/son-of-chile-indigenous-leader-killed-by-police-in-restive-province-media-idUSKCN2EG03Q">Son of Chile indigenous leader killed by police in restive province -media</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210710-041715/ Sat, 10 Jul 2021 04:17:15 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210710-041715/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/u-s-rebuffs-haiti-troops-request-after-presidents-assassination-idUSKCN2EF1JI">U.S rebuffs Haiti troops request after president's assassination</a><br></p> <hr> The United States on Friday rebuffed Haiti's request for troops to help secure key infrastructure after the assassination of President Jovenel Moise by suspected foreign mercenaries, even as it pledged to help with the investigation.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-biden-germany/biden-to-host-germanys-merkel-at-white-house-next-thursday-white-house-idUSKCN2EF20A">Biden to host Germany's Merkel at White House next Thursday - White House</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210710-001700/ Sat, 10 Jul 2021 00:17:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210710-001700/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/haiti-requests-u-s-u-n-forces-after-presidents-assassination-idUSKCN2EF1JI">Haiti requests U.S., U.N. forces after president's assassination</a><br></p> <hr> Haiti has requested U.S. and U.N. security forces to help it protect key infrastructure like the airport and ports after the assassination of President Jovenel Moise by foreign mercenaries, a government minister said on Friday.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-mexico-politics-president/mexico-president-casts-video-of-brother-taking-cash-as-political-smear-idUSKCN2EF1DM">Mexico president casts video of brother taking cash as political smear</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-biden-india/biden-picks-los-angeles-mayor-garcetti-to-be-u-s-ambassador-to-india-idUSKCN2EF259">Biden picks Los Angeles Mayor Garcetti to be U.S. ambassador to India</a><br> https://www.whatsupup.com/blog/sited/implore/20210710-001647/ Sat, 10 Jul 2021 00:16:47 +0000 https://www.whatsupup.com/blog/sited/implore/20210710-001647/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/09/business/biden-big-business-executive-order.html">Biden Urges More Scrutiny of Big Businesses, Such as Tech Giants An executive order reflects the administration’s growing embrace of warnings by some economists that declining competition is hobbling the economy’s vitality. By David McCabe and Jim Tankersley</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210710-001647/ Sat, 10 Jul 2021 00:16:47 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210710-001647/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/feds-indict-the-bull-for-allegedly-selling-insider-stock-info-on-the-dark-web/">Feds indict “The Bull” for allegedly selling insider stock info on the dark web</a><br></p> <hr> Data allegedly sold individually or through weekly or monthly subscriptions.<br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210710-001517/ Sat, 10 Jul 2021 00:15:17 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210710-001517/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2015/07/20/a-history-of-backdoors/">A history of backdoors</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210709-202005/ Fri, 09 Jul 2021 20:20:05 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210709-202005/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132852_british-startup-mcmurtry-unveils-electric-track-car-with-downforce-generating-fan">British startup McMurtry unveils electric track car with downforce-generating fan</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1117564_aston-martin-valkyrie-amr-pro-porsche-cayenne-turbo-gt-volvo-concept-recharge-this-week-s-top-photos">Aston Martin Valkyrie AMR Pro, Porsche Cayenne Turbo GT, Volvo Concept Recharge: This Week's Top Photos</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210709-201646/ Fri, 09 Jul 2021 20:16:46 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210709-201646/ <p>President Biden plans to nominate Los Angeles Mayor Eric Garcetti to be U.S. ambassador to India <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2EF259">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/u-s-colombia-sending-officials-to-haiti-after-assassination-arrests-idUSKCN2EF1JI">U.S., Colombia sending officials to Haiti after assassination arrests</a><br></p> <hr> The United States and Colombia said on Friday they will send law enforcement and intelligence officials to help Haiti following the assassination of President Jovenel Moise and arrests of their nationals by Haitian authorities.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-syria-security-un/u-s-strikes-deal-with-russia-to-continue-u-n-syria-aid-access-idUSKCN2EF1QE">U.S. strikes deal with Russia to continue U.N. Syria aid access</a><br> https://www.whatsupup.com/blog/boxed/modification/20210709-201356/ Fri, 09 Jul 2021 20:13:56 +0000 https://www.whatsupup.com/blog/boxed/modification/20210709-201356/ for ad-hoc tag dispatch<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#metaprogramming">metaprogramming</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pearls">pearls</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#templates">templates</a><br> I’ve mentioned the<br> trick a couple of times in previous posts; it’s time I did a post specifically on this trick.<br> https://www.whatsupup.com/blog/ideo/fleury/20210709-200615/ Fri, 09 Jul 2021 20:06:14 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210709-200615/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/spike-in-chain-gang-destructive-attacks-on-atms/">Spike in “Chain Gang” Destructive Attacks on ATMs</a><br></p> <hr> Last summer, financial institutions throughout Texas started reporting a sudden increase in attacks involving well-orchestrated teams that would show up at night, use stolen trucks and heavy chains to rip Automated Teller Machines (ATMs) out of their foundations, and make off with the cash boxes inside. Now it appears the crime — known variously as “ ATM smash-and-grab ” or “ chain gang ” attacks — is rapidly increasing in other states.<br> Four different ATM “chain gang” attacks in Texas recently. Image: Texas Bankers Association.<br> The Texas Bankers Association documented at least 139 chain gang attacks against Texas financial institutions in the year ending November 2020. The association says organized crime is the main source of the destructive activity, and that Houston-based FBI officials have made more than 50 arrests and are actively tracking about 250 individuals suspected of being part of these criminal rings.<br> From surveillance camera footage examined by fraud investigators, the perpetrators have followed the same playbook in each incident. The bad guys show up in the early morning hours with a truck or tractor that’s been stolen from a local construction site.<br> Then two or three masked men will pry the front covering from the ATM using crowbars, and attach heavy chains to the cash machine. The canisters of cash inside are exposed once the crooks pull the ATM’s safe door off using the stolen vehicle.<br> In nearly all cases, the perpetrators are done in less than five minutes.<br> Tracey Santor is the bond product manager for <a rel="noreferrer" target="_blank" href="https://www.travelers.com/">Travelers</a> , which insures a large number of financial institutions against this type of crime. Santor said investigators questioning some of the suspects learned that the smash-and-grabs are used as a kind of initiation for would-be gang members.<br> “One of the things they found out during the arrest was the people wanting to be in the gang were told they had to bring them $250,000 within a week,” Santor said. “And they were given instructions on how to do it. I’ve also heard of cases where the perpetrators put construction cones around the ATM so it looks to anyone passing by that they’re legitimately doing construction at the site.”<br> Santor said the chain gang attacks have spread to other states, and that in the year ending June 2021 Travelers saw a 257 percent increase in the number of insurance claims related to ATM smash-and-grabs.<br> That 257 percent increase also includes claims involving incidents where attackers will crash a stolen car into a convenience store, and then in the ensuing commotion load the store’s ATM into the back of the vehicle and drive away.<br> In addition to any cash losses — which can often exceed $200,000 — replacing destroyed ATMs and any associated housing can take weeks, and newer model ATMs can cost $80,000 or more.<br> “It’s not stopping,” Santor said of the chain gang attacks. “In the last year we counted 32 separate states we’ve seen this type of attack in. Normally we are seeing single digits across the country. 2021 is going to be the same or worse for us than last year.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/spike-in-chain-gang-destructive-attacks-on-atms/#more-56096">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210709-161913/ Fri, 09 Jul 2021 16:19:13 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210709-161913/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132849_glickenhaus-004s-debuts-at-2021-goodwood-festival-of-speed">Glickenhaus 004S debuts at 2021 Goodwood Festival of Speed</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132808_one-millionth-toyota-tacoma-is-a-trd-pro-and-it-s-headed-to-auction">One-millionth Toyota Tacoma is a TRD Pro, and it's headed to auction</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1112214_2024-volkswagen-id-buzz-spy-shots-and-video">2024 Volkswagen ID Buzz spy shots and video: Modern electric Bus takes shape</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210709-161601/ Fri, 09 Jul 2021 16:16:01 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210709-161601/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/colombian-suspects-in-haiti-presidents-killing-arrived-via-dominican-republic-idUSKCN2EF1JI">Colombian suspects in Haiti president's killing arrived via Dominican Republic</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-belarus-politics-migrants-lithuania/lithuania-toughens-belarus-border-with-razor-wire-to-bar-migrants-idUSKCN2EF0VI">Lithuania toughens Belarus border with razor wire to bar migrants</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/07/09/the-week-in-numbers-didi-drops-wise-pops?videoId=732710313&videoChannel=118169">The Week in Numbers: Didi drops, Wise pops</a><br> https://www.whatsupup.com/blog/sited/implore/20210709-161532/ Fri, 09 Jul 2021 16:15:31 +0000 https://www.whatsupup.com/blog/sited/implore/20210709-161532/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/07/09/us/joe-biden-news/biden-is-expected-to-sign-an-executive-order-encouraging-us-agencies-to-crack-down-on-major-tech-companies">Biden is expected to sign an executive order encouraging U.S. agencies to crack down on major tech companies. An executive order will tell the federal agencies that approve mergers that they should scrutinize the tech industry’s practices more closely. By David McCabe and Cecilia Kang</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210709-121931/ Fri, 09 Jul 2021 12:19:30 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210709-121931/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132848_2021-ford-shelby-f-150-rolls-in-with-775-hp">2021 Ford Shelby F-150 rolls in with 775 hp</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1120250_2024-porsche-911-turbo-s-e-hybrid-spy-shots">2024 Porsche 911 Turbo S E-Hybrid spy shots: Electrified 911 starts testing</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132495_first-look-at-2022-jeep-grand-cherokee-two-row-4xe-plug-in-hybrid">First look at 2022 Jeep Grand Cherokee two-row, 4xe plug-in hybrid</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210709-121612/ Fri, 09 Jul 2021 12:16:11 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210709-121612/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-pilots-special-r/special-report-afghan-pilots-assassinated-by-taliban-as-u-s-withdraws-idUSKCN2EF11F">Special Report-Afghan pilots assassinated by Taliban as U.S. withdraws</a><br></p> <hr> Afghan Air Force Major Dastagir Zamaray had grown so fearful of Taliban assassinations of off-duty forces in Kabul that he decided to sell his home to move to a safer pocket of Afghanistan's sprawling capital.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-britain-murder/uk-police-officer-pleads-guilty-to-sarah-everards-murder-idUSKCN2EF0U5">UK police officer pleads guilty to Sarah Everard's murder</a><br> https://www.whatsupup.com/blog/sited/implore/20210709-121556/ Fri, 09 Jul 2021 12:15:55 +0000 https://www.whatsupup.com/blog/sited/implore/20210709-121556/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/09/technology/biden-tech-executive-order.html">Biden to Urge More Scrutiny of Tech Mergers and Data Privacy The order is the president’s latest acknowledgment of concerns that the tech giants have obtained outsize market power. By David McCabe and Cecilia Kang</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/09/books/review/the-ugly-truth-sheera-frenkel-and-cecilia-kang.html">Nonfiction The ‘Ugly Truth’ About Facebook A new, deeply reported book by the Times reporters Sheera Frenkel and Cecilia Kang recounts the full story of the social media company’s foibles. By Sarah Frier</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210709-081552/ Fri, 09 Jul 2021 08:15:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210709-081552/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-biden/analysis-biden-lost-faith-in-the-u-s-mission-in-afghanistan-over-a-decade-ago-idUSKCN2EF0BG">Analysis-Biden lost faith in the U.S. mission in Afghanistan over a decade ago</a><br></p> <hr> President Joe Biden's frustrations with Afghanistan boiled over more than a decade ago, and they never again eased.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/sydney-faces-covid-19-lockdown-extension-amid-record-2021-cases-idUSKCN2EE2L8">Sydney faces COVID-19 lockdown extension amid record 2021 cases</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210709-080940/ Fri, 09 Jul 2021 08:09:40 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210709-080940/ This page lists everything. For a short selection of highlights, see my <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/overview.html">overview</a> page.<br> My plenary talk on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-07-05/computing-performance-on-the-horizon.html">Computing Performance: On the Horizon</a> for the USENIX LISA 2021 conference, covering the present and future of processors, memory, disks, networking, hypervisors, and more. ( <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-07-05/computing-performance-on-the-horizon.html">blog</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/computing-performance-on-the-horizon-2021">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/LISA2021_ComputingPerformance.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=5nN1wjA_S30">youtube</a> ) (2021).<br> A post on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-07-03/how-to-add-bpf-observability.html">How To Add eBPF Observability To Your Product</a> aimed at those adding it to commercial or internal observability platforms (2021).<br> A 122-slide talk on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-06-15/bpf-internals.html">BPF Internals (eBPF)</a> for the USENIX LISA 2021 conference, where I show all the steps from the high-level bpftrace language to machine code ( <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-06-15/bpf-internals.html">blog</a> , <a rel="noreferrer" target="_blank" href="https://www.slideshare.net/brendangregg/bpf-internals-ebpf">slideshare</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/Slides/LISA2021_BPF_Internals.pdf">PDF</a> , <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=_5Z2AU7QTH4">youtube</a> ) (2021).<br> The story of the most surprising software demo I've been given: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-06-04/an-unbelievable-demo.html">An Unbelievable Demo</a> (2021).<br> As it has become an FAQ, a post on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-05-23/what-is-observability.html">What is Observability</a> , a term myself and other performance engineers have used since before it was popular (2021).<br> A post on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2020-11-04/bpf-co-re-btf-libbpf.html">BPF binaries: BTF, CO-RE, and the future of eBPF perf tools</a> (2020).<br> My latest book website: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/systems-performance-2nd-edition-book.html">Systems Performance: Enterprise and the Cloud, Second Edition</a> and <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2020-07-15/systems-performance-2nd-edition.html">blog post</a> about it. The publisher is Addison-Wesley, and the draft book is over 800 pages. This updates the Linux and cloud content, and adds chapters on perf, Ftrace, and BPF (2020).<br> Linux gets a high-level eBPF front-end: <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2018-10-08/dtrace-for-linux-2018.html">bpftrace (DTrace 2.0) for Linux 2018</a> . The <a rel="noreferrer" target="_blank" href="https://github.com/iovisor/bpftrace">repository</a> has tools and docs I developed, including a <a rel="noreferrer" target="_blank" href="https://github.com/iovisor/bpftrace/blob/master/docs/tutorial_one_liners.md">bpftrace one-liners tutorial</a> , a <a rel="noreferrer" target="_blank" href="https://github.com/iovisor/bpftrace/blob/master/docs/reference_guide.md">bpftrace reference guide</a> , and an <a rel="noreferrer" target="_blank" href="https://github.com/iovisor/bpftrace/blob/master/docs/internals_development.md">internals development guide</a> (2018).<br> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2016-10-27/dtrace-for-linux-2016.html">DTrace for Linux 2016</a> , announcing that the Linux kernel now has similar raw capabilities as DTrace in Linux 4.9 via enhanced BPF. I've been heavily involved in this project, especially as the number one user, and it was great to reach this milestone.<br> A summary of <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2013-01-11/virtualization-performance-zones-kvm-xen.html">Virtualization Performance: Zones, KVM, Xen</a> , focusing on I/O path overheads (2013).<br> <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2011-10-10/top-10-dtrace-scripts-for-mac-os-x.html">Top 10 DTrace Scripts</a> for Mac OS X performance analysis and troubleshooting, written to reach the broader Mac OS X community. This includes step by step instructions on how to find and run the Terminal application and sudo.<br> My USENIX LISA2021 plenary video on <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=5nN1wjA_S30">Computing Performance: On the Horizon</a> , covering the present and future of performance. ( <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=5nN1wjA_S30">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-07-05/computing-performance-on-the-horizon.html">blog</a> ) (41 mins) (2021).<br> My USENIX LISA2021 talk video on <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-06-15/bpf-internals.html">BPF Internals (eBPF)</a> showing high-level to machine code ( <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=_5Z2AU7QTH4">youtube</a> , <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-06-15/bpf-internals.html">blog</a> ) (39 mins) (2021).<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210709-041558/ Fri, 09 Jul 2021 04:15:58 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210709-041558/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/ex-colombian-military-haitian-americans-suspected-in-killing-of-haiti-president-idUSKCN2EE1NU">Ex-Colombian military, Haitian Americans suspected in killing of Haiti president</a><br></p> <hr> A heavily armed commando unit that assassinated Haitian President Jovenel Moise this week comprised 26 Colombians and two Haitian Americans, authorities said on Thursday, as the hunt went on for the masterminds of the brazen killing.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia-state/australias-new-south-wales-flags-lockdown-extension-after-record-cases-idUSKCN2EF03U">Australia's New South Wales flags lockdown extension after record cases</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20210709-041452/ Fri, 09 Jul 2021 04:14:52 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210709-041452/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/she-advocated-for-women-then-microsoft">She Advocated For Women, Then Microsoft Pushed Her Off Its Board</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/she-advocated-for-women-then-microsoft">“Are you trying to fucking destroy the company?” Bill Gates asked former board member Maria Klawe when she pushed for diversity.</a><br> Jul 2 <a rel="noreferrer" target="_blank" href="javascript:void(0)">8</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/okay-lets-talk-about-social-media/comments">Comment</a> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> https://www.whatsupup.com/blog/doable/warrantable/20210709-041203/ Fri, 09 Jul 2021 04:12:03 +0000 https://www.whatsupup.com/blog/doable/warrantable/20210709-041203/ <p><a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/three-ways-to-trace-end-to-end-f61181d6db63?source=user_profile---------0----------------------------">1 day ago</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://rakyll.medium.com/three-ways-to-trace-end-to-end-f61181d6db63?source=user_profile---------0----------------------------">Three ways to trace end-to-end</a><br> <hr> Having end-to-end distributed traces is a huge challenge for any project. In distributed tracing, end-to-end tracing is a term often used to refer to traces that capture most components in a critical path. Imagine an HTTP request made to trigger a Lambda function. Being able to see the HTTP client, load balancing and scheduling decisions, any outgoing requests made from the Lambda function to serve the request would be “more end-to-end” than just capturing a trace with a function invocation. End-to-end traces are critical because they tell you the larger picture story and how your systems interact with others. …<br> <a rel="noreferrer" target="_blank" href="https://medium.com/new-story?source=user_profile-------------------------------------">Write</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210709-002009/ Fri, 09 Jul 2021 00:20:09 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210709-002009/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132838_dodge-confirms-electric-muscle-car-for-2024">Dodge confirms electric muscle car for 2024</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210709-001645/ Fri, 09 Jul 2021 00:16:45 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210709-001645/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/two-haitian-americans-in-custody-after-presidents-killing-minister-says-idUSKCN2EE1NU">Two Haitian Americans in custody after president's killing, minister says</a><br></p> <hr> PORT-AU-PRINCE (Reuters) -Haitian police killed four suspects in the assassination of President Jovenel Moise and arrested six more including two Haitian Americans, a minister said on Thursday, as authorities sought the masterminds behind the killing that stunned the impoverished Caribbean nation.<br> https://www.whatsupup.com/blog/disappear/fussy/20210709-001645/ Fri, 09 Jul 2021 00:16:44 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210709-001645/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/morgan-stanley-discloses-data-breach-that-resulted-from-accellion-fta-hacks/">Morgan Stanley discloses data breach that resulted from Accellion FTA hacks</a><br></p> <hr> Financial services firm says data was stolen by exploiting flaws discovered in December.<br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210709-001457/ Fri, 09 Jul 2021 00:14:57 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210709-001457/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2014/03/19/how-do-you-know-if-rng-is-working/">How do you know if an RNG is working?</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210709-000624/ Fri, 09 Jul 2021 00:06:23 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210709-000624/ Last week cybercriminals deployed ransomware to 1,500 organizations, including many that provide IT security and technical support to other companies. The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210708-202032/ Thu, 08 Jul 2021 20:20:32 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210708-202032/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132836_1994-audi-rs-2-avant-for-sale-on-bring-a-trailer">1994 Audi RS 2 Avant for sale on Bring A Trailer</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1097801_2023-mercedes-benz-glc-class-spy-shots-and-video">2023 Mercedes-Benz GLC-Class spy shots: Popular crossover coming in for redesign</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210708-201850/ Thu, 08 Jul 2021 20:18:49 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210708-201850/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/08/technology/fidji-simo-instacart.html">Instacart hires a top Facebook executive as its new chief. Fidji Simo, the new chief, worked on Facebook’s advertising business and helped develop parts of the company’s mobile advertising. By Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210708-201655/ Thu, 08 Jul 2021 20:16:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210708-201655/ <p>U.S. judge sentences Michael Avenatti, former lawyer for Stormy Daniels, to 30 months in prison in Nike extortion case <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2EE29B">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/haiti-police-say-they-have-presidents-suspected-killers-still-hunting-masterminds-idUSKCN2EE1NU">Haiti police say they have president's suspected killers, still hunting masterminds</a><br></p> <hr> Haiti's police has killed or apprehended the suspected killers of President Jovenel Moise, officials said on Thursday, and are hunting for the masterminds behind the assassination that stunned the impoverished Caribbean nation.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-biden-afghanistan/biden-says-afghans-must-decide-own-future-u-s-to-leave-on-aug-31-idUSKCN2EE0CZ">Biden says Afghans must decide own future; U.S. to leave on Aug. 31</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-venezuela-politics-exclusive/exclusive-talks-between-venezuelan-govt-opposition-set-for-august-sources-idUSKCN2EE29Z">Exclusive-Talks between Venezuelan gov't, opposition set for August -sources</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210708-200552/ Thu, 08 Jul 2021 20:05:51 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210708-200552/ Michael Sanders , executive vice president of account management at Kaseya, confirmed that the customer portal was taken offline in response to a vulnerability report. Sanders said the portal had been retired in 2018 in favor of a more modern customer support and ticketing system, yet somehow the old site was still left available online.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210708-161948/ Thu, 08 Jul 2021 16:19:48 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210708-161948/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132835_stellantis-confirms-plans-for-solid-state-batteries-4-ev-platforms">Stellantis confirms plans for solid-state batteries, 4 EV platforms</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132834_british-startup-wells-reveals-porsche-boxster-rival">British startup Wells reveals Porsche Boxster rival</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210708-161640/ Thu, 08 Jul 2021 16:16:40 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210708-161640/ <p>The 2020 Tokyo Olympics will be held without spectators, says Japan’s Olympics minister <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2EE1HS">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/haitians-awake-to-uncertainty-after-presidential-assassination-idUSKCN2EE1NU">Haitians awake to uncertainty after presidential assassination</a><br></p> <hr> Haitians awoke to uncertainty on Thursday, awaiting the outcome of a gunbattle between police and a hit squad that assassinated President Jovenel Moise, while politicians argued over who should assume the leadership of the violence-wracked country.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-olympics-2020/host-city-tokyo-bans-olympic-spectators-amid-covid-19-emergency-idUSKCN2EE01R">Host city Tokyo bans Olympic spectators amid COVID-19 emergency</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hungary-lgbt/as-hungarys-anti-lgbt-law-takes-effect-some-teachers-are-defiant-idUSKCN2EE108">As Hungary's anti-LGBT law takes effect, some teachers are defiant</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210708-160540/ Thu, 08 Jul 2021 16:05:39 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210708-160540/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/kaseya-left-customer-portal-vulnerable-to-2015-flaw-in-its-own-software/">Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software</a><br></p> <hr> Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.<br> On July 3, the <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=revil">REvil ransomware affiliate program</a> began using a zero-day security hole ( <a rel="noreferrer" target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30116">CVE-2021-30116</a> ) to deploy ransomware to hundreds of IT management companies running Kaseya’s remote management software — known as the Kaseya Virtual System Administrator (VSA).<br> According to <a rel="noreferrer" target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30116">this entry for CVE-2021-30116</a> , the security flaw that powers that Kaseya VSA zero-day was assigned a vulnerability number on April 2, 2021, indicating Kaseya <a rel="noreferrer" target="_blank" href="https://csirt.divd.nl/2021/07/04/Kaseya-Case-Update-2/">had roughly three months to address the bug before it was exploited in the wild</a> .<br> Also on July 3, security incident response firm Mandiant notified Kaseya that their billing and customer support site — portal.kaseya.net — was vulnerable to <a rel="noreferrer" target="_blank" href="https://nvd.nist.gov/vuln/detail/CVE-2015-2862">CVE-2015-2862</a> , a “directory traversal” vulnerability in Kaseya VSA that allows remote users to read any files on the server using nothing more than a Web browser.<br> As its name suggests, CVE-2015-2862 was issued in July 2015. Six years later, Kaseya’s customer portal was still exposed to the data-leaking weakness.<br> The Kaseya customer support and billing portal. Image: Archive.org.<br> Mandiant notified Kaseya after hearing about it from Alex Holden , founder and chief technology officer of Milwaukee-based cyber intelligence firm <a rel="noreferrer" target="_blank" href="https://www.holdsecurity.com">Hold Security</a> . Holden said the 2015 vulnerability was present on Kaseya’s customer portal until Saturday afternoon, allowing him to download the site’s <a rel="noreferrer" target="_blank" href="https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/webconfig-file-detected/">“web.config” file</a> , a server component that often contains sensitive information such as usernames and passwords and the locations of key databases.<br> “It’s not like they forgot to patch something that Microsoft fixed years ago,” Holden said. “It’s a patch for their own software. And it’s not zero-day. It’s from 2015!”<br> The official description of CVE-2015-2862 says a would-be attacker would need to be already authenticated to the server for the exploit to work. But Holden said that was not the case with the vulnerability on the Kaseya portal that he reported via Mandiant.<br> “This is worse because the CVE calls for an authenticated user,” Holden said. “This was not.”<br> “It was deprecated but left up,” Sanders said.<br> In a written statement shared with KrebsOnSecurity, Kaseya said that in 2015 CERT reported two vulnerabilities in its VSA product.<br> “We worked with CERT on responsible disclosure and released patches for VSA versions V7, R8, R9 and R9 along with the public disclosure (CVEs) and notifications to our customers. Portal.kaseya.net was not considered by our team to be part of the VSA shipping product and was not part of the VSA product patch in 2015. It has no access to customer endpoints and has been shut down – and will no longer be enabled or used by Kaseya.”<br> “At this time, there is no evidence this portal was involved in the VSA product security incident,” the statement continued. “We are continuing to do forensic analysis on the system and investigating what data is actually there.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/kaseya-left-customer-portal-vulnerable-to-2015-flaw-in-its-own-software/#more-56209">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210708-121932/ Thu, 08 Jul 2021 12:19:32 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210708-121932/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132829_review-update-2021-porsche-911-turbo-s-deals-out-supercar-thrills">Review update: 2021 Porsche 911 Turbo S deals out supercar thrills</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132833_tuned-polestar-2-with-469-hp-shows-up-at-2021-goodwood-festival-of-speed">Tuned Polestar 2 with 469 hp shows up at 2021 Goodwood Festival of Speed</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210708-121629/ Thu, 08 Jul 2021 12:16:29 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210708-121629/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-britain-afghanistan-withdrawal/britain-has-withdrawn-nearly-all-its-troops-from-afghanistan-pm-johnson-idUSKCN2EE19X">Britain has withdrawn nearly all its troops from Afghanistan - PM Johnson</a><br></p> <hr> LONDON (Reuters) -Most British troops have been pulled out of Afghanistan, British Prime Minister Boris Johnson said on Thursday, ending its official role in a two-decades long conflict amid fears the departure of foreign soldiers could lead to a chaotic civil war.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-palestinians-violence/israel-demolishes-family-home-of-suspected-palestinian-attacker-idUSKCN2EE10J">Israel demolishes family home of suspected Palestinian attacker</a><br> https://www.whatsupup.com/blog/sited/implore/20210708-121600/ Thu, 08 Jul 2021 12:15:59 +0000 https://www.whatsupup.com/blog/sited/implore/20210708-121600/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/07/08/business/mark-zuckerberg-sheryl-sandberg-facebook.html">Mark Zuckerberg and Sheryl Sandberg’s Partnership Did Not Survive Trump The company they built is wildly successful. But her Washington wisdom didn’t hold up, and neither did their close working relationship. By Sheera Frenkel and Cecilia Kang</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210708-081606/ Thu, 08 Jul 2021 08:16:05 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210708-081606/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia-state/sydney-sees-worst-pandemic-day-of-2021-two-weeks-into-lockdown-idUSKCN2EE049">Sydney sees worst pandemic day of 2021 two weeks into lockdown</a><br></p> <hr> SYDNEY (Reuters) -Australia's New South Wales (NSW) state on Thursday reported its biggest daily rise in locally acquired cases of COVID-19 this year as officials struggle to stamp out a growing cluster of the highly infectious Delta variant.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-olympics-2020/spectators-to-face-olympic-ban-as-tokyo-declares-coronavirus-emergency-report-idUSKCN2EE01R">Spectators to face Olympic ban as Tokyo declares coronavirus emergency-report</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210708-041717/ Thu, 08 Jul 2021 04:17:17 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210708-041717/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/haiti-police-battle-gunmen-who-killed-president-amid-fears-of-chaos-idUSKCN2ED0YM">Haiti police battle gunmen who killed president, amid fears of chaos</a><br></p> <hr> PORT-AU-PRINCE (Reuters) -Haiti's security forces were locked in a fierce gun battle on Wednesday with assailants who assassinated President Jovenel Moise at his home overnight, plunging the already impoverished, violence-wracked nation deeper into chaos.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president-snapshot/haiti-may-slip-deeper-into-lawlessness-after-presidents-killing-idUSKCN2EE00P">Haiti may slip deeper into lawlessness after president's killing</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-olympics-2020/japan-to-declare-covid-19-emergency-for-tokyo-as-it-mulls-olympics-without-fans-idUSKCN2EE01R">Japan to declare COVID-19 emergency for Tokyo as it mulls Olympics without fans</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210708-001849/ Thu, 08 Jul 2021 00:18:49 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210708-001849/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/microsofts-emergency-patch-fails-to-fix-critical-printnightmare-vulnerability/">Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability</a><br></p> <hr> Game-over code-execution attacks are still possible even after fix is installed.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210708-001843/ Thu, 08 Jul 2021 00:18:42 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210708-001843/ <p>A U.S. appeals court has suspended former Trump lawyer Rudy Giuliani from practicing law in Washington, D.C. <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2ED2OF">VIEW MORE</a><br> PORT-AU-PRINCE (Reuters) -Haitian President Jovenel Moise was shot dead by gunmen with assault rifles in his private residence overnight on Wednesday, sparking fears of a further descent into chaos in the impoverished Caribbean nation as a manhunt got underway.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iraq-security/rockets-hit-iraqi-base-housing-u-s-forces-wounding-two-americans-officials-idUSKCN2ED122">Rockets hit Iraqi base housing U.S. forces, wounding two Americans -officials</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-nuclear/iran-says-concern-over-its-enriched-uranium-metal-process-is-unnecessary-idUSKCN2ED2AJ">Iran says concern over its enriched uranium metal process is "unnecessary"</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210707-202119/ Wed, 07 Jul 2021 20:21:18 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210707-202119/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132702_pearl-yellow-2012-lexus-lfa-with-72-miles-sells-for-808-000-on-bring-a-trailer">Pearl Yellow 2012 Lexus LFA with 72 miles sells for $808,000 on Bring A Trailer</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1128707_ineos-grenadier-off-roader-s-rugged-interior-revealed">Ineos Grenadier off-roader's rugged interior revealed</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210707-201740/ Wed, 07 Jul 2021 20:17:40 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210707-201740/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/gunmen-assassinate-haitian-president-at-his-home-hunt-launched-for-killers-idUSKCN2ED0YM">Gunmen assassinate Haitian president at his home, hunt launched for killers</a><br></p> <hr> PORT-AU-PRINCE (Reuters) -Haitian President Jovenel Moise was shot dead by gunmen with heavy-caliber weapons in his private residence overnight on Wednesday, sparking an international outcry amid fears of a descent into chaos in the impoverished Caribbean nation.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iraq-security/rockets-hit-iraqi-base-housing-u-s-forces-wounding-two-americans-officials-idUSKCN2ED122">Rockets hit Iraqi base housing U.S. forces, wounding two Americans- officials</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210707-200635/ Wed, 07 Jul 2021 20:06:34 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210707-200635/ Microsoft’s out-of-band update may not completely fix the PrinterNightmare vulnerability. Security researcher <a rel="noreferrer" target="_blank" href="https://blog.gentilkiwi.com/">Benjamin Delpy</a> <a rel="noreferrer" target="_blank" href="https://twitter.com/gentilkiwi/status/1412771368534528001">posted on Twitter</a> that the exploit still works on a fully patched Windows server if the server also has Point & Print enabled — a Windows feature that automatically downloads and installs available printer drivers.<br> Delpy said it’s common for organizations to enable Point & Print using group policies because it allows users to install printer updates without getting approval first from IT.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210707-162045/ Wed, 07 Jul 2021 16:20:45 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210707-162045/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132823_2022-ram-1500-g-t-pickups-offer-popular-mods-straight-from-the-factory">2022 Ram 1500 G/T pickups offer popular mods straight from the factory</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210707-161752/ Wed, 07 Jul 2021 16:17:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210707-161752/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/haitian-president-assassinated-by-gunmen-at-home-state-of-emergency-declared-idUSKCN2ED0YM">Haitian president assassinated by gunmen at home, state of emergency declared</a><br></p> <hr> Haitian President Jovenel Moise was shot dead by unidentified attackers in his private residence overnight in a "barbaric act", the government said on Wednesday, stirring fears of escalating turmoil in the impoverished Caribbean nation.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iraq-security/rockets-hit-iraqi-base-housing-u-s-forces-wounding-two-u-s-coalition-idUSKCN2ED122">Rockets hit Iraqi base housing U.S. forces, wounding two - U.S. coalition</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-syria-security-crossing/with-aid-in-balance-syrians-who-fled-assad-fear-deeper-hardship-idUSKCN2ED1EO">With aid in balance, Syrians who fled Assad fear deeper hardship</a><br> https://www.whatsupup.com/blog/vernalize/massed/20210707-160625/ Wed, 07 Jul 2021 16:06:25 +0000 https://www.whatsupup.com/blog/vernalize/massed/20210707-160625/ <a rel="noreferrer" target="_blank" href="https://overreacted.io/npm-audit-broken-by-design/">npm audit: Broken by Design</a><br></p> <hr> Found 99 vulnerabilities (84 moderately irrelevant, 15 highly irrelevant)<br> https://www.whatsupup.com/blog/ideo/fleury/20210707-160617/ Wed, 07 Jul 2021 16:06:15 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210707-160617/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/">Microsoft Issues Emergency Patch for Windows Flaw</a><br></p> <hr> Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “ PrintNightmare ,” a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsoft’s normal monthly Patch Tuesday release, and follows the publishing of exploit code showing would-be attackers how to leverage the flaw to break into Windows computers.<br> At issue is <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527">CVE-2021-34527</a> , which involves a flaw in the Windows Print Spooler service that could be exploited by attackers to run code of their choice on a target’s system. Microsoft says it has already detected active exploitation of the vulnerability.<br> Satnam Narang , staff research engineer at Tenable , said Microsoft’s patch warrants urgent attention because of the vulnerability’s ubiquity across organizations and the prospect that attackers could exploit this flaw in order to take over a Windows domain controller.<br> “We expect it will only be a matter of time before it is more broadly incorporated into attacker toolkits,” Narang said. “PrintNightmare will remain a valuable exploit for cybercriminals as long as there are unpatched systems out there, and as we know, unpatched vulnerabilities have a long shelf life for attackers.”<br> In <a rel="noreferrer" target="_blank" href="https://msrc-blog.microsoft.com/2021/07/06/out-of-band-oob-security-update-available-for-cve-2021-34527/">a blog post</a> , Microsoft’s Security Response Center said it was delayed in developing fixes for the vulnerability in Windows Server 2016 , Windows 10 version 1607 , and Windows Server 2012 . The fix also apparently includes a new feature that allows Windows administrators to implement stronger restrictions on the installation of printer software.<br> “Prior to installing the July 6, 2021, and newer Windows Updates containing protections for CVE-2021-34527, the printer operators’ security group could install both signed and unsigned printer drivers on a printer server,” reads Microsoft’s <a rel="noreferrer" target="_blank" href="https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7">support advisory</a> . “After installing such updates, delegated admin groups like printer operators can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.”<br> Windows 10 users can check for the patch by opening Windows Update. Chances are, it will show what’s pictured in the screenshot below — that KB5004945 is available for download and install. A reboot will be required after installation.<br> Friendly reminder: It’s always a good idea to backup your data before applying security updates. Windows 10 <a rel="noreferrer" target="_blank" href="https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473">has some built-in tools</a> to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.<br> This post will be updated if Windows users start reporting any issues in applying the patch.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210707-122106/ Wed, 07 Jul 2021 12:21:06 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210707-122106/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131329_2022-volkswagen-golf-r-variant-price-specs-review-photos-info">2022 Volkswagen Golf R wagon revealed with 315 hp, drift mode</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1117959_lamborghini-aventador-ultimae-price-specs-review-photos-info">Preview: Lamborghini Aventador Ultimae revealed as last bull with non-electrified V-12</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210707-121746/ Wed, 07 Jul 2021 12:17:45 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210707-121746/ <p>Haitian President shot dead at home overnight: prime minister <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2ED0YM">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-lebanon-crisis/french-envoy-slams-lebanon-pm-for-shifting-blame-on-economic-collapse-idUSKCN2ED18Z">French envoy slams Lebanon PM for shifting blame on economic collapse</a><br></p> <hr> The French ambassador rebuked Lebanon's prime minister for saying the country was under siege and blamed years of "mismanagement and inactivity" by Lebanese leaders for its economic collapse.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-haiti-president/haitian-president-assassinated-at-home-in-barbaric-act-pm-idUSKCN2ED0YM">Haitian president assassinated at home in 'barbaric act' -PM</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iraq-security/rockets-hit-iraqi-base-housing-u-s-forces-wounding-three-u-s-coalition-idUSKCN2ED122">Rockets hit Iraqi base housing U.S. forces, wounding three - U.S. coalition</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/07/07/bubble-man-brings-joy-to-san-francisco-s?videoId=732594083&videoChannel=118169">'Bubble man' brings joy to San Francisco streets</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210707-082106/ Wed, 07 Jul 2021 08:21:05 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210707-082106/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132819_preview-lotus-emira-is-automaker-s-farewell-to-internal-combustion">Preview: Lotus Emira is automaker's farewell to internal combustion</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132817_preview-2022-bentley-flying-spur-hybrid-debuts-as-536-hp-plug-in-grand-tourer">Preview: 2022 Bentley Flying Spur Hybrid debuts as 536-hp plug-in grand tourer</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210707-081813/ Wed, 07 Jul 2021 08:18:12 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210707-081813/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/sydney-locked-down-for-another-week-as-delta-covid-19-variant-spreads-idUSKCN2EC2IG">Sydney locked down for another week as Delta COVID-19 variant spreads</a><br></p> <hr> SYDNEY (Reuters) -The leader of Australia's New South Wales (NSW) state on Wednesday ordered a week-long extension of Sydney's COVID-19 lockdown, warning new cases are bound to rise as the country's biggest city grapples with the highly infectious Delta variant.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-rights-lgbt/chinas-wechat-deletes-university-lgbt-accounts-idUSKCN2ED08Y">China's Wechat deletes university LGBT accounts</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210707-041945/ Wed, 07 Jul 2021 04:19:44 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210707-041945/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-nuclear-iaea/iran-takes-steps-to-make-enriched-uranium-metal-u-s-europe-powers-dismayed-idUSKCN2EC21S">Iran takes steps to make enriched uranium metal; U.S., Europe powers dismayed</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/sydney-locked-down-for-another-week-as-delta-covid-variant-spreads-idUSKCN2EC2IG">Sydney locked down for another week as Delta COVID variant spreads</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210707-002509/ Wed, 07 Jul 2021 00:25:09 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210707-002509/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132734_2022-bmw-2-series-price-specs-review-photos-info">Preview: 2022 BMW 2-Series coupe keeps the rear-wheel-drive dream alive</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132819_lotus-emira-is-automaker-s-farewell-to-internal-combustion">Lotus Emira is automaker's farewell to internal combustion</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210707-002123/ Wed, 07 Jul 2021 00:21:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210707-002123/ <p>Eric Adams poised to win New York City Democratic mayoral primary with one-point lead over Kathryn Garcia <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2EC1TP">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-nuclear-iaea/iran-begins-process-of-making-enriched-uranium-metal-u-s-e3-dismayed-idUSKCN2EC21S">Iran begins process of making enriched uranium metal; U.S., E3 dismayed</a><br></p> <hr> VIENNA/WASHINGTON (Reuters) -Iran has begun the process of producing enriched uranium metal, the U.N. atomic watchdog said on Tuesday, a move that could help it develop a nuclear weapon and that three European powers said threatened talks to revive the 2015 Iran nuclear deal.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-indigenous-children/canadian-indigenous-group-takes-charge-of-child-welfare-services-idUSKCN2EC2GB">Canadian indigenous group takes charge of child welfare services</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-britain-liverpool/mass-testing-reduced-liverpool-covid-19-cases-by-a-fifth-study-finds-idUSKCN2EC2KG">Mass-testing reduced Liverpool COVID-19 cases by a fifth, study finds</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210707-002107/ Wed, 07 Jul 2021 00:21:06 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210707-002107/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/up-to-1500-businesses-infected-in-one-of-the-worst-ransomware-attacks-ever/">Up to 1,500 businesses infected in one of the worst ransomware attacks ever</a><br></p> <hr> Mass compromise is having cascading effects around the world.<br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210707-001918/ Wed, 07 Jul 2021 00:19:17 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210707-001918/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2013/09/06/on-nsa/">On the NSA</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210706-202356/ Tue, 06 Jul 2021 20:23:56 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210706-202356/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1125996_peugeot-reveals-9x8-le-mans-hypercar-destined-for-2022-world-endurance-championship">Peugeot reveals 9X8 Le Mans Hypercar destined for 2022 World Endurance Championship</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210706-202025/ Tue, 06 Jul 2021 20:20:25 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210706-202025/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-nuclear-iaea/iran-gives-iaea-notice-of-escalating-uranium-metal-work-idUSKCN2EC21S">Iran gives IAEA notice of escalating uranium metal work</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ethiopia-dam-un/u-n-urges-ethiopia-egypt-and-sudan-to-recommit-to-dam-talks-idUSKCN2EC294">U.N. urges Ethiopia, Egypt and Sudan to recommit to dam talks</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210706-162420/ Tue, 06 Jul 2021 16:24:20 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210706-162420/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132817_2022-bentley-flying-spur-hybrid-debuts-as-536-hp-plug-in-grand-tourer">2022 Bentley Flying Spur Hybrid debuts as 536-hp plug-in grand tourer</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132812_audi-teases-concepts-for-electric-gt-sports-car-and-urban-crossover">Audi teases concepts for electric GT, sports car and urban crossover</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210706-162017/ Tue, 06 Jul 2021 16:20:17 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210706-162017/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-russia-tajikista/russia-drills-attack-helicopters-pledges-help-to-secure-tajik-afghan-border-idUSKCN2EC0WN">Russia drills attack helicopters, pledges help to secure Tajik-Afghan border</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-brazil-race-sweeper-widerimage/scholar-by-day-street-sweeper-by-night-one-black-man-navigates-rios-racial-divide-idUSKCN2EC1K9">Scholar by day, street-sweeper by night, one Black man navigates Rio's racial divide</a><br> https://www.whatsupup.com/blog/reigned/coffeecake/20210706-160938/ Tue, 06 Jul 2021 16:09:38 +0000 https://www.whatsupup.com/blog/reigned/coffeecake/20210706-160938/ New: <a rel="noreferrer" target="_blank" href="http://paulgraham.com/hwh.html">How to Work Hard</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/own.html">Project</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/fn.html">Fierce</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/newideas.html">Crazy</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210706-122244/ Tue, 06 Jul 2021 12:22:43 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210706-122244/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132811_2022-genesis-g80-sport-price-specs-review-photos-info">Preview: 2022 Genesis G80 Sport revealed with all-wheel steering</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1129997_2023-bmw-x8-m-spy-shots">2023 BMW X8 M spy shots: M division plans electrified V-8 crossover</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1129768_hyundai-teases-elantra-n-sport-sedan-debut-set-for-july-14">Hyundai teases Elantra N sport sedan, debut set for July 14</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210706-122057/ Tue, 06 Jul 2021 12:20:56 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210706-122057/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/07/06/business/economy-stock-market-news/nextdoor-the-social-network-for-neighborhoods-plans-to-go-public">Nextdoor, the social network for neighborhoods, plans to go public. This was featured in live coverage. By Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210706-121845/ Tue, 06 Jul 2021 12:18:44 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210706-121845/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-belarus-politics-babariko/belarus-jails-lukashenko-foe-babariko-for-14-years-in-sham-trial-idUSKCN2EC0KQ">Belarus jails Lukashenko foe Babariko for 14 years in 'sham' trial</a><br></p> <hr> MOSCOW (Reuters) -A court in Belarus jailed former presidential contender Viktor Babariko for 14 years on Tuesday after convicting him on corruption charges he denied, sparking condemnation from the West and the embattled opposition-in-exile.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-russia-airplane/no-survivors-from-plane-crash-in-russias-far-east-rescue-officials-say-idUSKCN2EC0D1">No survivors from plane crash in Russia's far east, rescue officials say</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210706-081859/ Tue, 06 Jul 2021 08:18:59 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210706-081859/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-india-twitter/twitter-loses-immunity-over-user-generated-content-in-india-idUSKCN2EC0HE">Twitter loses immunity over user-generated content in India</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210706-041923/ Tue, 06 Jul 2021 04:19:22 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210706-041923/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-israel-pfizer/israel-sees-drop-in-pfizer-vaccine-protection-against-infections-still-strong-in-severe-illness-idUSKCN2EB1NH">Israel sees drop in Pfizer vaccine protection against infections, still strong in severe illness</a><br></p> <hr> Israel reported on Monday a decrease in the effectiveness of the Pfizer/BioNTech COVID-19 vaccine in preventing infections and symptomatic illness but said it remained highly effective in preventing serious illness.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-japan-rainfall/rescuers-resume-search-for-24-missing-in-japan-landslides-idUSKCN2EC03K">Rescuers resume search for 24 missing in Japan landslides</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/hk-leader-says-ideologies-pose-security-risk-teenagers-need-to-be-monitored-idUSKCN2EC07C">HK leader says 'ideologies' pose security risk, teenagers need to be monitored</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210706-001923/ Tue, 06 Jul 2021 00:19:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210706-001923/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nigeria-security-kidnappings-school/some-150-students-missing-after-gunmen-raid-nigerian-school-parent-administrator-idUSKCN2EB0YZ">Some 150 students missing after gunmen raid Nigerian school –parent, administrator</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210706-000915/ Tue, 06 Jul 2021 00:09:15 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210706-000915/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-to-build-a-super-subscription-center-in-retool-using-stripe-and-sync-inc/">How to build a Super Subscription Center in Retool using Stripe and Sync Inc. This tutorial walks how to build a subscription management center using Retool, Stripe, and Sync Inc.</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210705-201925/ Mon, 05 Jul 2021 20:19:25 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210705-201925/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-britain-lockdown/return-to-normal-uk-pm-johnson-outlines-end-to-englands-virus-restrictions-idUSKCN2EB0FW">Return to normal? UK PM Johnson outlines end to England's virus restrictions</a><br></p> <hr> LONDON (Reuters) -British Prime Minister Boris Johnson set out plans on Monday to end social and economic COVID-19 restrictions in England in two weeks' time, a test of whether a rapid vaccine rollout offers enough protection from the highly contagious Delta variant.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-taliban/tajikistan-calls-up-reservists-to-bolster-border-as-afghan-troops-fleeing-taliban-seek-refuge-idUSKCN2EB0QA">Tajikistan calls up reservists to bolster border as Afghan troops, fleeing Taliban, seek refuge</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210705-161958/ Mon, 05 Jul 2021 16:19:57 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210705-161958/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-taliban/afghan-security-personnel-flee-into-tajikistan-as-taliban-advance-idUSKCN2EB0QA">Afghan security personnel flee into Tajikistan as Taliban advance</a><br></p> <hr> DUSHANBE, Tajikistan/KABUL (Reuters) -More than 1,000 Afghan security personnel have fled across the border into Tajikistan after Taliban advances in northern Afghanistan, the Tajik border guard service said on Monday, while dozens of others were captured by the insurgents.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-britain-lockdown/uk-pm-johnson-outlines-end-englands-virus-restrictions-idUSKCN2EB0FW">UK PM Johnson outlines end England's virus restrictions</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nigeria-security-kidnappings-school/some-150-students-missing-after-gunmen-raid-nigerian-school-parent-administrator-idUSKCN2EB0YZ">Some 150 students missing after gunmen raid Nigerian school – parent, administrator</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210705-161202/ Mon, 05 Jul 2021 16:12:01 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210705-161202/ 05 Jul 2021 » <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-07-05/computing-performance-on-the-horizon.html">USENIX LISA2021 Computing Performance: On the Horizon</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210705-122246/ Mon, 05 Jul 2021 12:22:45 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210705-122246/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132789_deep-dive-2022-cadillac-ct4-v-blackwing-gets-serious-about-downforce">Deep dive: 2022 Cadillac CT4-V Blackwing gets serious about downforce</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132804_vanderhall-brawley-is-a-200-mile-electric-off-roader-with-35-inch-tires">Vanderhall Brawley is a 200-mile electric off-roader with 35-inch tires</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132767_a-v-8-powered-datsun-240z-rumbles-into-jay-leno-s-garage">A V-8-powered Datsun 240Z rumbles into Jay Leno's Garage</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210705-121859/ Mon, 05 Jul 2021 12:18:59 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210705-121859/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-britain-lockdown/pm-johnson-to-set-out-lockdown-easing-though-pandemic-not-over-idUSKCN2EB0FW">PM Johnson to set out lockdown easing, though pandemic 'not over'</a><br></p> <hr> LONDON (Reuters) -British Prime Minister Boris Johnson will set out plans on Monday for the final step in easing England's COVID-19 lockdown, including guidance on social distancing, face coverings and working from home.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-pope-surgery/pope-in-good-condition-alert-after-surgery-to-remove-part-of-colon-idUSKCN2EB0PT">Pope in good condition, alert after surgery to remove part of colon</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-mexico-cases/mexico-officials-hope-vaccine-coverage-will-make-pandemic-surge-less-deadly-idUSKCN2EB0S0">Mexico officials hope vaccine coverage will make pandemic surge less deadly</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210705-082040/ Mon, 05 Jul 2021 08:20:40 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210705-082040/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-japan-rainfall/eighty-missing-after-japan-landslide-search-races-time-weather-idUSKCN2EB00D">Eighty missing after Japan landslide, search races time, weather</a><br></p> <hr> TOKYO (Reuters) -Rescuers in Japan searched desperately on Monday for survivors among 80 people believed to be still missing two days after landslides tore through the seaside city of Atami, destroying houses and burying roads under mud and rock.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-philippines-airplane-crash/philippines-orders-probe-after-military-plane-crash-kills-50-idUSKCN2EA0MN">Philippines orders probe after military plane crash kills 50</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-myanmar-politics-telecoms-exclusive/exclusive-after-pressuring-telecom-firms-myanmars-junta-bans-executives-from-leaving-idUSKCN2EB00N">Exclusive: After pressuring telecom firms, Myanmar's junta bans executives from leaving</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210705-002134/ Mon, 05 Jul 2021 00:21:34 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210705-002134/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-philippines-airplane-crash/philippines-plane-crash-kills-47-injures-49-probe-ordered-idUSKCN2EA0MN">Philippines' plane crash kills 47, injures 49; probe ordered</a><br></p> <hr> MANILA (Reuters) -All 96 passengers of the Philippine Air Force plane that crashed on Sunday killing 47 people have been accounted for, military chief Cirilito Sobejana said on Monday.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210704-202354/ Sun, 04 Jul 2021 20:23:54 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210704-202354/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132803_2021-ford-f-150-raptor-is-now-a-1-379-piece-lego-model">2021 Ford F-150 Raptor is now a 1,379-piece Lego model</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132752_2022-subaru-wrx-teased-debuting-soon">2022 Subaru WRX teased, debuting soon</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20210704-202106/ Sun, 04 Jul 2021 20:21:06 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210704-202106/ July 4, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/07/04/Is-GitHub-a-derivative-work.html">Is GitHub a derivative work of GPL'd software?</a><br> July 3, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/07/03/How-does-IRC-federate.html">How does IRC's federation model compare to ActivityPub?</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210704-201957/ Sun, 04 Jul 2021 20:19:56 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210704-201957/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-cyber-kaseya-sweden/major-ransomware-attack-against-u-s-tech-provider-forces-swedish-store-closures-idUSKCN2E90F5">Major ransomware attack against U.S. tech provider forces Swedish store closures</a><br></p> <hr> STOCKHOLM (Reuters) -One of the largest ransomware attacks in history spread worldwide on Saturday, forcing the Swedish Coop grocery store chain to close all 800 of its stores because it could not operate its cash registers.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-russia-kremlin/kremlin-says-provocations-like-uk-warship-episode-demand-tough-response-idUSKCN2EA09D">Kremlin says 'provocations' like UK warship episode demand tough response</a><br> <hr> A British warship's entry into what Moscow considers Russian territorial waters near Crimea last month is the kind of provocation that demands a tough response, the Kremlin said on Sunday.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ethiopia-conflict/ethiopias-tigray-demands-troop-withdrawals-for-ceasefire-talks-idUSKCN2EA08X">Ethiopia's Tigray demands troop withdrawals for ceasefire talks</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-myanmar-politics/myanmar-forces-kill-25-in-raid-on-town-residents-and-media-say-idUSKCN2EA069">Myanmar forces kill 25 in raid on town, residents and media say</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210704-201806/ Sun, 04 Jul 2021 20:18:06 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210704-201806/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/">How safe is Apple's Safe Browsing?</a><br> https://www.whatsupup.com/blog/emphysema/mesalliance/000000-000000/ Sun, 04 Jul 2021 16:03:08 +0000 https://www.whatsupup.com/blog/emphysema/mesalliance/000000-000000/ [Marking site as being monitored from now on] https://www.whatsupup.com/blog/twopenny/ultraism/20210703-161932/ Sat, 03 Jul 2021 16:19:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210703-161932/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-afghanistan-bagram/what-was-the-point-afghans-rue-decades-of-war-as-u-s-quits-bagram-idUSKCN2E90FL">'What was the point?' Afghans rue decades of war as U.S. quits Bagram</a><br></p> <hr> As American troops left their main military base in Afghanistan on Friday, marking a symbolic end to the longest war in U.S. history, locals living in the shadow of the base and in nearby Kabul were left ruing the past and bracing for what comes next.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-vatican-trial/cardinal-among-10-indicted-by-vatican-for-financial-crimes-idUSKCN2E908B">Cardinal among 10 indicted by Vatican for financial crimes</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-brazil-politics/brazil-top-court-gives-nod-for-probe-into-bolsonaro-over-vaccine-deal-idUSKCN2E90D9">Brazil top court gives nod for probe into Bolsonaro over vaccine deal</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210703-161150/ Sat, 03 Jul 2021 16:11:49 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210703-161150/ 03 Jul 2021 » <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-07-03/how-to-add-bpf-observability.html">How To Add eBPF Observability To Your Product</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210703-121949/ Sat, 03 Jul 2021 12:19:48 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210703-121949/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-vatican-trial/vatican-judge-indicts-10-including-a-cardinal-for-alleged-financial-crimes-idUSKCN2E908B">Vatican judge indicts 10, including a cardinal, for alleged financial crimes</a><br></p> <hr> VATICAN CITY (Reuters) -A Vatican judge on Saturday ordered 10 people, including an Italian cardinal, to stand trial for alleged financial crimes including embezzlement, money laundering, fraud, extortion and abuse of office.<br> https://www.whatsupup.com/blog/ideo/fleury/20210703-080702/ Sat, 03 Jul 2021 08:07:00 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210703-080702/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users/">Another 0-Day Looms for Many Western Digital Users</a><br></p> <hr> Some of Western Digital’s MyCloud-based data storage devices. Image: WD.<br> Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who can’t or won’t upgrade to the latest operating system.<br> At issue is a remote code execution flaw residing in all Western Digital network attached storage (NAS) devices running MyCloud OS 3 , an operating system the company only recently stopped supporting.<br> Researchers <a rel="noreferrer" target="_blank" href="https://www.flashback.sh/">Radek Domanski and Pedro Ribeiro</a> originally planned to present their findings at the <a rel="noreferrer" target="_blank" href="https://www.thezdi.com/blog/2020/7/28/announcing-pwn2own-tokyo-2020-live-from-toronto">Pwn2Own hacking competition in Tokyo</a> last year. But just days before the event Western Digital released MyCloud OS 5 , which eliminated the bug they found. That update effectively nullified their chances at competing in Pwn2Own, which requires exploits to work against the latest firmware or software supported by the targeted device.<br> Nevertheless, in February 2021, the duo published <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=vsg9YgvGBec">this detailed YouTube video</a> , which documents how they discovered a chain of weaknesses that allows an attacker to remotely update a vulnerable device’s firmware with a malicious backdoor — using a low-privileged user account that has a blank password.<br> The researchers said Western Digital never responded to their reports. In a statement provided to KrebsOnSecurity, Western Digital said it received their report after Pwn2Own Tokyo 2020, but that at the time the vulnerability they reported had already been fixed by the release of My Cloud OS 5.<br> “The communication that came our way confirmed the research team involved planned to release details of the vulnerability and asked us to contact them with any questions,” Western Digital said. “We didn’t have any questions so we didn’t respond. Since then, we have updated our process and respond to every report in order to avoid any miscommunication like this again. We take reports from the security research community very seriously and conduct investigations as soon as we receive them.”<br> Western Digital ignored questions about whether the flaw found by Domanski and Ribeiro was ever addressed in OS 3. A statement published on its support site March 12, 2021 says the company will <a rel="noreferrer" target="_blank" href="https://www.westerndigital.com/support/productsecurity/wdc-21004-recommended-upgrade-to-mycloud-os-5">no longer provide further security updates to the MyCloud OS 3 firmware</a> .<br> “We strongly encourage moving to the My Cloud OS5 firmware,” the statement reads. “If your device is not eligible for upgrade to My Cloud OS 5, we recommend that you upgrade to one of our other My Cloud offerings that support My Cloud OS 5. More information can be found <a rel="noreferrer" target="_blank" href="https://shop.westerndigital.com/support/software/my-cloud-os">here</a> .” A list of MyCloud devices that can support OS 5 is <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com">here</a> . <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users/#more-56182">Continue reading →</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210703-042025/ Sat, 03 Jul 2021 04:20:24 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210703-042025/ <p>Jul 02 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-south-korea-ferry-extradition/south-korea-can-seek-extradition-linked-to-2014-ferry-sinking-u-s-judge-idUSKCN2E9004">South Korea can seek extradition linked to 2014 ferry sinking -U.S. judge</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/australian-officials-report-biggest-daily-covid-19-caseload-for-2021-idUSKCN2E902Z">Australian officials report biggest daily COVID-19 caseload for 2021</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210703-002132/ Sat, 03 Jul 2021 00:21:32 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210703-002132/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/google-boots-google-play-apps-for-stealing-users-facebook-passwords/">Apps with 5.8 million Google Play downloads stole users’ Facebook passwords</a><br></p> <hr> Researchers uncovered 9 apps that used a sneaking method to pilfer credentials.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210703-002128/ Sat, 03 Jul 2021 00:21:27 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210703-002128/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-cyber-kaseya/ransomware-breach-at-florida-it-firm-hits-200-businesses-idUSKCN2E82FB">Ransomware breach at Florida IT firm hits 200 businesses</a><br></p> <hr> WASHINGTON (Reuters) -Hundreds of American businesses were hit Friday by an unusually sophisticated ransomware attack that hijacked widely used technology management software from a Miami-based supplier called Kaseya.<br> KABUL (Reuters) -American troops pulled out of their main military base in Afghanistan on Friday, leaving behind a piece of the World Trade Center they buried 20 years ago in a country that could descend into civil war without them.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ethiopia-conflict-un/u-n-warns-of-worsening-famine-more-clashes-in-ethiopias-tigray-idUSKCN2E82D4">U.N. warns of worsening famine, more clashes in Ethiopia's Tigray</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-china-congress/china-bill-delayed-in-u-s-house-amid-partisan-wrangling-idUSKCN2E82E4">China bill delayed in U.S. House amid partisan wrangling</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210703-001940/ Sat, 03 Jul 2021 00:19:39 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210703-001940/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2018/12/17/on-ghost-users-and-messaging-backdoors/">On Ghost Users and Messaging Backdoors</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210702-202328/ Fri, 02 Jul 2021 20:23:27 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210702-202328/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132794_1994-bugatti-eb-110-gt-prototype-for-sale">1994 Bugatti EB 110 GT Prototype for sale</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132729_ferrari-296-gtb-2022-honda-civic-2022-toyota-tundra-this-week-s-top-photos">Ferrari 296 GTB, 2022 Honda Civic, 2022 Toyota Tundra: This Week's Top Photos</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210702-202010/ Fri, 02 Jul 2021 20:20:10 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210702-202010/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-afghanistan-taliban/era-ends-uncertainty-looms-as-u-s-forces-quit-main-afghanistan-base-idUSKCN2E80G6">Era ends, uncertainty looms as U.S. forces quit main Afghanistan base</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-lebanon-crisis-blast/beirut-blast-judge-to-question-top-politicians-security-officials-idUSKCN2E8197">Beirut blast judge to question top politicians, security officials</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-brazil-corruption-bolsonaro/brazil-top-prosecutor-to-investigate-bolsonaro-over-covid-19-vaccine-deal-idUSKCN2E81OU">Brazil top prosecutor to investigate Bolsonaro over COVID-19 vaccine deal</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210702-162401/ Fri, 02 Jul 2021 16:24:01 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210702-162401/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1130341_1952-ferrari-that-raced-at-le-mans-and-once-traded-hands-for-200-heads-to-auction">1952 Ferrari that raced at Le Mans and once traded hands for $200 heads to auction</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210702-162032/ Fri, 02 Jul 2021 16:20:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210702-162032/ <p>KABUL (Reuters) -American troops pulled out of their main military base in Afghanistan on Friday, leaving behind a piece of the World Trade Center they buried 20 years ago in a country that the top U.S. commander has warned may descend into civil war without them.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ethiopia-conflict-tigray-analysis/analysis-ethiopia-govt-withdrawal-from-tigray-capital-opens-new-chapter-in-war-idUSKCN2E81PS">Analysis-Ethiopia govt withdrawal from Tigray capital opens new chapter in war</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-brazil-politics-bolsonaro-analysis/analysis-brazils-bolsonaro-is-paying-dearly-to-fend-off-impeachment-idUSKCN2E81VW">Analysis-Brazil's Bolsonaro is paying dearly to fend off impeachment</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210702-162007/ Fri, 02 Jul 2021 16:20:06 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210702-162007/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/07/passwords-in-amazon-echo-dots-live-on-even-after-you-factory-reset-them/">Thinking about selling your Echo Dot—or any IoT device? Read this first</a><br></p> <hr> Deleting data from Echo Dots—and other IoT devices from Amazon and elsewhere—is hard.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210702-122440/ Fri, 02 Jul 2021 12:24:39 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210702-122440/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132795_review-update-2022-infiniti-qx55-delivers-style-without-substance">Review update: 2022 Infiniti QX55 delivers style without substance</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132292_watch-gmc-s-9-000-lb-hummer-ev-hit-60-mph-in-3-seconds">Watch GMC's 9,000-lb Hummer EV hit 60 mph in 3 seconds</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132798_north-america-becomes-bugatti-s-biggest-market-for-first-time">North America becomes Bugatti's biggest market for first time</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210702-122052/ Fri, 02 Jul 2021 12:20:50 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210702-122052/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-afghanistan-taliban/era-ends-war-looms-as-u-s-forces-quit-main-base-in-afghanistan-idUSKCN2E80G6">Era ends, war looms as U.S. forces quit main base in Afghanistan</a><br></p> <hr> American troops pulled out of their main military base in Afghanistan on Friday, leaving behind a piece of the World Trade Center they buried 20 years ago in a country that the top U.S. commander has warned may descend into civil war without them.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-asia/delta-variant-sweeps-asia-prompting-curbs-as-vaccination-remains-tepid-idUSKCN2E80RR">Delta variant sweeps Asia, prompting curbs as vaccination remains tepid</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-day-indigenous-statues/statues-of-queen-victoria-queen-elizabeth-ii-toppled-in-canada-idUSKCN2E8151">Statues of Queen Victoria, Queen Elizabeth II toppled in Canada</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210702-081935/ Fri, 02 Jul 2021 08:19:34 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210702-081935/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-afghanistan-taliban/u-s-forces-leave-bagram-base-in-afghanistan-official-idUSKCN2E80G6">U.S. forces leave Bagram base in Afghanistan - official</a><br></p> <hr> KABUL (Reuters) -American troops pulled out of their main military base in Afghanistan on Friday, a U.S. defence official said, under an agreement with the Taliban allowing for the withdrawal of all U.S. forces from the country after a two-decade war.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-humantrafficking-asia/forced-labour-main-human-trafficking-crime-in-malaysia-u-s-says-idUSKCN2E80H6">Forced labour main human trafficking crime in Malaysia, U.S. says</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-southkorea-japan-comfortwomen/s-koreas-few-surviving-comfort-women-face-lifes-end-as-political-fight-rages-on-idUSKCN2E80J1">S.Korea's few surviving 'comfort women' face life's end as political fight rages on</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210702-041939/ Fri, 02 Jul 2021 04:19:38 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210702-041939/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-china-nuclear/u-s-calls-build-up-of-chinas-nuclear-arsenal-concerning-idUSKCN2E75KK">U.S. calls build-up of China's nuclear arsenal 'concerning'</a><br></p> <hr> The United States said on Thursday China's rapid build-up of its nuclear forces was concerning and called on Beijing to engage with it "on practical measures to reduce the risks of destabilizing arms races."<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/hong-kong-policeman-was-stabbed-in-lone-wolf-attack-security-chief-idUSKCN2E8070">Hong Kong policeman was stabbed in "lone wolf" attack- security chief</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-southkorea-northkorea/s-koreas-moon-and-norths-kim-exchanged-letters-ahead-of-biden-summit-newspaper-idUSKCN2E80BF">S.Korea's Moon and North's Kim exchanged letters ahead of Biden summit -newspaper</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20210702-041835/ Fri, 02 Jul 2021 04:18:35 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210702-041835/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/okay-lets-talk-about-social-media">Okay, Let’s Talk About Social Media And Allegations Of Anti-Conservative Bias</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/okay-lets-talk-about-social-media">The charge is playing a role in the antitrust debate, so some context would be nice.</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210702-041748/ Fri, 02 Jul 2021 04:17:48 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210702-041748/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2013/05/14/a-few-thoughts-on-cellular-encryption/">On cellular encryption</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210701-202139/ Thu, 01 Jul 2021 20:21:38 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210701-202139/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132766_2005-saleen-s7-twin-turbo-competition-package-with-1-300-miles-for-sale-on-bring-a-trailer">2005 Saleen S7 twin-turbo competition package with 1,300 miles for sale on Bring A Trailer</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132691_jay-leno-drives-a-1957-chevrolet-step-van-with-a-unique-story">Jay Leno drives a 1957 Chevrolet Step Van with a unique story</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210701-201817/ Thu, 01 Jul 2021 20:18:15 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210701-201817/ <p>X<br> Edition:<br> International<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world">World</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world">World Home</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us-politics">U.S. Politics</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/us">United States</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/uk">United Kingdom</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/china">China</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/india">India</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/americas">Americas</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/asia-pacific">Asia Pacific</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/europe">Europe</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/middle-east-africa">Middle East & Africa</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/world/the-great-reboot">The Great Reboot</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business">Business</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business">Business Home</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/sustainable-business">Sustainable Business</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/legal">Legal</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/energy">Energy</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/environment">Environment</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/finance">Finance</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/media-telecom">Media & Telecoms</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/healthcare-pharmaceuticals">Healthcare & Pharmaceuticals</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/autos-transportation">Autos & Transportation</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/aerospace-defense">Aerospace & Defense</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/change-suite">The Change Suite</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/retail-consumer">Retail & Consumer</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/reuters-next">Reuters Next</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/business/take-five">Take Five</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets">Markets</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets">Markets Home</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/us">U.S. Markets</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/europe">European Markets</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/asia">Asian Markets</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/deals">Deals</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/global-market-data">Global Market Data</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/stocks">Stocks</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/bonds">Bonds</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/funds">Funds</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/commodities">Commodities</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/markets/currencies">Currencies</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/breakingviews">Breakingviews</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/technology">Technology</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/investigates/">Investigations</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/lifestyle">Lifestyle</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/lifestyle">Lifestyle Home</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/lifestyle/sports">Sports</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/lifestyle/science">Science</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/lifestyle/wealth">Wealth</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/lifestyle/oddly-enough">Oddly Enough</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/pictures">Pictures</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video">Video</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://graphics.reuters.com/">Graphics</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com">International</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://cn.reuters.com">中国</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://jp.reuters.com">日本</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-microsoft-breach/microsoft-says-new-breach-discovered-in-probe-of-suspected-solarwinds-hackers-idUSKCN2E12EB">Microsoft says new breach discovered in probe of suspected SolarWinds hackers</a><br> <hr> SAN FRANCISCO (Reuters) -Microsoft said on Friday an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-nuclear-iaea-exclusive/exclusive-iran-restricts-iaea-access-to-main-enrichment-plant-after-attack-diplomats-idUSKCN2E74G4">Exclusive-Iran restricts IAEA access to main enrichment plant after attack -diplomats</a><br> <hr> PARIS/VIENNA (Reuters) -Iran has been restricting U.N. nuclear inspectors' access to its main uranium enrichment plant at Natanz, citing security concerns after what it says was an attack on the site by Israel in April, diplomats say.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-humantrafficking/in-a-first-u-s-warns-of-dangers-of-systemic-racism-in-human-trafficking-report-idUSKCN2E756T">In a first, U.S. warns of dangers of systemic racism in human trafficking report</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-colombia-protests/colombias-duque-looks-to-get-tough-on-vandalism-critics-decry-attack-on-protests-idUSKCN2E75GO">Colombia's Duque looks to get tough on vandalism, critics decry attack on protests</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/06/25/the-week-in-numbers-big-brands-and-bitco?videoId=732048377&videoChannel=118169">The Week in Numbers: big brands and bitcoin bling</a><br> <hr> Follow Reuters:<br> <a rel="noreferrer" target="_blank" href="https://www.twitter.com/reuters">Follow Us On Twitter</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.facebook.com/Reuters">Follow Us On Facebook</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/journalists/%20//instagram.com/reuters/">Follow Us On Instagram</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.youtube.com/user/ReutersVideo">Follow Us On YouTube</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.linkedin.com/company/10256858/">Follow Us On LinkedIn</a><br> <hr> Subscribe: <a rel="noreferrer" target="_blank" href="https://newslink.reuters.com/join/subscribe">Newsletters</a> | <a rel="noreferrer" target="_blank" href="https://www.reuters.com/tools/podcasts">Podcasts</a> | <a rel="noreferrer" target="_blank" href="https://www.reuters.com/tools/mobile">Apps</a><br> <a rel="noreferrer" target="_blank" href="https://www.reutersagency.com/?utm_source=website&utm_medium=reuters&utm_campaign=site-referral&utm_content=us&utm_term=0">Reuters News Agency</a> | <a rel="noreferrer" target="_blank" href="https://www.reutersagency.com/en/about/brand-attribution-guidelines/">Brand Attribution Guidelines</a> | <a rel="noreferrer" target="_blank" href="https://sales.reuters.com/en%20">Advertise with Us</a> | <a rel="noreferrer" target="_blank" href="https://thomsonreuters.com/en/careers.html">Careers</a> | <a rel="noreferrer" target="_blank" href="https://www.reutersagency.com/en/about/leadership-team/">Reuters Leadership</a> | <a rel="noreferrer" target="_blank" href="https://www.reuters.com/fact-check">Reuters Fact Check</a> | <a rel="noreferrer" target="_blank" href="https://static.reuters.com/resources/media/editorial/20210405/DiversityReportApril2021.pdf">Reuters Diversity Report</a><br> Reuters, the news and media division of <a rel="noreferrer" target="_blank" href="http://thomsonreuters.com/">Thomson Reuters</a> , is the world’s largest multimedia news provider, reaching billions of people worldwide every day. Reuters provides business, financial, national and international news to professionals via desktop terminals, the world's media organizations, industry events and directly to consumers.<br> <a rel="noreferrer" target="_blank" href="https://www.refinitiv.com/en/products/eikon-trading-software">Eikon Information, analytics and exclusive news on financial markets - delivered in an intuitive desktop and mobile interface</a> <a rel="noreferrer" target="_blank" href="https://www.refinitiv.com/en/products/refinitiv-data-platform">Refinitiv Data Platform Access to real-time, reference, and non-real time data in the cloud to power your enterprise.</a> <a rel="noreferrer" target="_blank" href="https://www.refinitiv.com/en/products/world-check-kyc-screening">World-Check Screen for heightened risk individuals and entities globally to help uncover hidden risks in business relationships and human networks</a> <a rel="noreferrer" target="_blank" href="https://legalsolutions.thomsonreuters.com/law-products/westlaw-legal-research/">Westlaw Build the strongest argument relying on authoritative content, attorney-editor expertise, and industry defining technology</a> <a rel="noreferrer" target="_blank" href="https://tax.thomsonreuters.com/products/brands/onesource/">ONESOURCE The most comprehensive solution to manage all your complex and ever-expanding tax and compliance needs</a> <a rel="noreferrer" target="_blank" href="https://tax.thomsonreuters.com/products/brands/checkpoint/">CHECKPOINT The industry leader for online information for tax, accounting and finance professionals</a><br> All quotes delayed a minimum of 15 minutes. <a rel="noreferrer" target="_blank" href="https://www.reuters.com/info/disclaimer">See here for a complete list</a> of exchanges and delays.<br> <a rel="noreferrer" target="_blank" href="https://www.thomsonreuters.com/en/policies/copyright.html">© 2021 Reuters. All Rights Reserved.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reutersagency.com/en/contact-reuters/">Site Feedback</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reutersagency.com/en/contact-reuters/">Corrections</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.thomsonreuters.com/en/privacy-statement.html">Privacy Policy</a><br> <hr> <a rel="noreferrer" target="_blank" href="javascript:window.OneTrust.ToggleInfoDisplay();">Do Not Sell My Personal Information</a><br> https://www.whatsupup.com/blog/spectrometry/obol/20210701-201557/ Thu, 01 Jul 2021 20:15:56 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20210701-201557/ <a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html">An EPYC escape: Case-study of a KVM breakout</a> (Jun)<br> https://www.whatsupup.com/blog/phonic/shopboy/20210701-201215/ Thu, 01 Jul 2021 20:12:14 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210701-201215/ Just setting up my bitclout <a rel="noreferrer" target="_blank" href="https://t.co/7McZFxbiT1"><a href="https://t.co/7McZFxbiT1">https://t.co/7McZFxbiT1</a></a><br> https://www.whatsupup.com/blog/ideo/fleury/20210701-200554/ Thu, 01 Jul 2021 20:05:52 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210701-200554/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/intuit-to-share-payroll-data-from-1-4m-small-businesses-with-equifax/">Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax</a><br></p> <hr> Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month.<br> Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and income verification services when they wish to apply for a loan or line of credit.<br> “In early fall 2021, your QuickBooks Online Payroll subscription will include an automated income and employment verification service powered by The Work Number from Equifax,” reads the Intuit email, which <a rel="noreferrer" target="_blank" href="https://glam.app.intuit.com/app/guesttos?glocale=en_US&cid=DR_EM-ELM2953-001a-Text1-NA-TWNPayroll-NA-NA-CN-COMPL-NA-US-QBOPR">includes a link to the new Terms of Service</a> . “Your employees may need to verify their income and employment info when applying for things like loans, credit, or public aid. Before, you likely had to manually provide this info to lenders, creditors or government agencies. These verifications will be automated by The Work Number, which helps employees get faster approvals and saves you time.”<br> An Intuit spokesperson clarified that the new service is not available through QuickBooks Online or to QuickBooks Online users as a whole. Intuit’s FAQ on the changes is <a rel="noreferrer" target="_blank" href="https://quickbooks.intuit.com/learn-support/en-us/data-utilities/get-answers-to-questions-about-the-work-number-from-equifax/00/897361">here</a> .<br> Equifax’s <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=equifax+breach">2017 megabreach that exposed the personal and financial details of 145.5 million Americans</a> may have shocked the public, but it did little to stop <a rel="noreferrer" target="_blank" href="https://secure.theworknumber.talx.com/twneeer/PreAuthenticated/EnterEmployerSearchCriteria.ascx">more than a million employers</a> from continuing to sell Equifax their employee payroll data, Bloomberg found in late 2017.<br> “The workforce-solutions unit is now among Equifax’s fastest-growing businesses, contributing more than a fifth of the firm’s $3.1 billion of revenue last year,” <a rel="noreferrer" target="_blank" href="https://www.bloomberg.com/news/articles/2017-10-02/equifax-has-amassed-salary-details-for-people-at-7-100-companies">wrote</a> Jennifer Surane . “Using payroll data from government agencies and thousands of employers — including a vast majority of Fortune 500 companies — Equifax has cultivated a database of 300 million current and historic employment records, according to regulatory filings.”<br> QuickBooks Online user Anthony Citrano <a rel="noreferrer" target="_blank" href="https://twitter.com/acitrano/status/1410351452346720259">posted on Twitter about receiving the notice</a> , noting that the upcoming changes had yet to receive any attention in the financial or larger media space.<br> “The way I read the terms, Equifax gets to proactively collect all payroll data just in case they need to share it later — similar to how they already handle credit reporting,” said Citrano, who is founder and CEO of <a rel="noreferrer" target="_blank" href="https://acquicent.com/">Acquicent</a> , a company that issues non-fungible tokens (NFTs). “And that feels like a disaster waiting to happen, especially given Equifax’s history.”<br> In selling payroll data to Equifax, Intuit will be joining some of the world’s largest payroll providers. For example, ADP — the largest payroll software provider in the United States — has long shared payroll data with Equifax.<br> But Citrano said this move by Intuit will incorporate a large number of fairly small businesses.<br> “ADP participates in some way already, but QuickBooks Online jumping on the bandwagon means a lot of employees of small to mid-sized businesses are going to be affected,” he said.<br> Why might small businesses want to think twice before entrusting Equifax with their payroll data? The answer is the company doesn’t have a great track record of protecting that information. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/07/intuit-to-share-payroll-data-from-1-4m-small-businesses-with-equifax/#more-56153">Continue reading →</a><br> <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/we-infiltrated-a-counterfeit-check-ring-now-what/">We Infiltrated a Counterfeit Check Ring! Now What?</a><br> <hr> Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and you’ve shared this information in advance with the authorities each day for a year with no outward indication that they are doing anything about it. How frustrated would you be?<br> A counterfeit check image [redacted] that was intended for a person helping this fraud gang print and mail phony checks tied to a raft of email-based scams. One fraud-fighting group is intercepting hundreds to thousands of these per day.<br> Such is the curse of the fraud fighter known online by the handles “ Brianna Ware ” and “ B. Ware ” for short, a longtime member of a global group of volunteers who’ve infiltrated a cybercrime gang that disseminates counterfeit checks tied to a dizzying number of online scams.<br> For the past year, B. Ware has maintained contact with an insider from the criminal group that’s been sending daily lists of would-be victims who are to receive counterfeit checks printed using the real bank account information of legitimate companies.<br> “Some days we’re seeing thousands of counterfeit checks going out,” B. Ware said.<br> The scams used in connection with the fraudulent checks vary widely, from fake employment and “mystery shopper” schemes to those involving people who have been told they can get paid to cover their cars in advertisements (a.k.a. <a rel="noreferrer" target="_blank" href="https://www.consumer.ftc.gov/blog/2016/08/how-spot-car-wrap-scam">the “car wrap” scam</a> ).<br> A form letter mailed out with a counterfeit check urges the recipient to text a phone number after the check has been deposited.<br> Most of the counterfeit checks being disseminated by this fraud group are in amounts ranging from $2,500 to $5,000. The crimes that the checks enable are known variously as “ advanced fee ” scams, in that they involve tricking people into making payments in anticipation of receiving something of greater value in return.<br> But in each scheme the goal is the same: Convince the recipient to deposit the check and then wire a portion of the amount somewhere else. A few days after the check is deposited, it gets invariably canceled by the organization whose bank account information was on the check. And then person who deposited the phony check is on the hook for the entire amount.<br> “Like the car wrap scam, where they send you a check for $5,000, and you agree to keep $1,000 for your first payment and send the rest back to them in exchange for the car wrap materials,” B. Ware said. “Usually the check includes a letter that says they want you to text a specific phone number to let them know you received the check. When you do that, they’ll start sending you instructions on how and where to send the money.”<br> A typical confirmation letter that accompanies a counterfeit check for a car wrap scam.<br> Traditionally, these groups have asked recipients to transit money via wire transfer. But these days, B. Ware said, the same crooks are now asking people to forward the money via mobile applications like CashApp and Venmo .<br> B. Ware and other volunteer fraud fighters believe the fake checks gang is using people looped into phony employment schemes and wooed through online romance scams to print the counterfeit checks, and that other recruits are responsible for mailing them out each day.<br> “More often than not, the scammers creating the shipping labels will provide those to an unwitting accomplice, or the accomplice is told to log in to an account and print the labels,” B. Ware explained.<br> Often the counterfeit checks and labels forwarded by B. Ware’s informant come with notes attached indicating the type of scam with which they are associated.<br> “Sometimes they’re mystery shopper scams, and other times it’s overpayment for an item sold on Craigslist,” B. Ware said. “We don’t know how the scammers are getting the account and routing numbers for these checks, but they are drawn on real companies and always scan fine through a bank’s systems initially. The recipients can deposit them at any bank, but we try to get the checks to the banks when we can so they have a heads up.”<br> SHRINKING FROM THE FIREHOSE?<br> Roughly a year ago, B. Ware’s group started sharing its intelligence with fraud investigators at FedEx and the U.S. Postal Service — the primary delivery mechanisms for these counterfeit checks.<br> Both the USPS and FedEx have an interest in investigating because the fraudsters in this case are using stolen shipping labels paid for by companies who have no idea their FedEx or USPS accounts are being used for such purposes.<br> “In most cases, the name of the sender will be completely unrelated to what’s being sent,” B. Ware said. “For example, you’ll see a label for a letter to go out with a counterfeit check for a car wrap scam, and the sender on the shipping label will be something like XYZ Biological Resources.”<br> But B. Ware says a year later, there is little sign that anyone is interested in acting on the shared intelligence.<br> “It’s so much information that they really don’t want it anymore and they’re not doing anything about it,” B. Ware said of FedEx and the USPS. “It’s almost like they’re turning a blind eye. There are so many of these checks going out each day that instead of trying to drink from the firehouse, they’re just turning their heads.”<br> FedEx did not respond to requests for comment. The U.S. Postal Inspection Service responded with a statement saying it “does not comment publicly on its investigative procedures and operational protocols.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/we-infiltrated-a-counterfeit-check-ring-now-what/#more-55409">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210701-162136/ Thu, 01 Jul 2021 16:21:35 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210701-162136/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132788_805-hp-e-legend-el1-electric-super-coupe-channels-the-audi-sport-quattro-in-fantastic-fashion">805-hp E-Legend EL1 electric super coupe channels the Audi Sport Quattro in fantastic fashion</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132785_klein-vision-s-flying-car-completes-first-intercity-flight">Klein Vision's flying car completes first intercity flight</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210701-161458/ Thu, 01 Jul 2021 16:14:56 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210701-161458/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/07/measuring-security-risks-in-open-source.html">Measuring Security Risks in Open Source Software: Scorecards Launches V2</a><br></p> <hr> Posted by Kim Lewandowski, Azeem Shaikh, Laurent Simon, Google Open Source Security Team <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/07/measuring-security-risks-in-open-source.html">Read More</a><br> Posted by Kim Lewandowski, Azeem Shaikh, Laurent Simon, Google Open Source Security Team<br> Contributors to the <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard">Scorecards project</a> , an automated security tool that produces a “risk score” for open source projects, have accomplished a lot since <a rel="noreferrer" target="_blank" href="https://opensource.googleblog.com/2020/11/security-scorecards-for-open-source.html">our launch last fall.</a> Today, in collaboration with the <a rel="noreferrer" target="_blank" href="https://openssf.org/">Open Source Security Foundation</a> community, we are announcing <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/releases/tag/v2.0.0">Scorecards v2</a> . We have added new security checks, scaled up the number of projects being scored, and made this data easily accessible for analysis. With so much software today relying on open-source projects, consumers need an easy way to judge whether their dependencies are safe. Scorecards helps reduce the toil and manual effort required to continually evaluate changing packages when maintaining a project’s supply chain. Consumers can automatically assess the risks that dependencies introduce and use this data to make informed decisions about accepting these risks, evaluating alternative solutions, or working with the maintainers to make improvements.<br> Identifying Risks<br> Since last fall, Scorecards’ coverage has grown; we've added several new checks, following the <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/02/know-prevent-fix-framework-for-shifting.html">Know, Prevent, Fix framework</a> proposed by Google earlier this year, to prioritize our additions:<br> Malicious contributors Contributors with malicious intent or compromised accounts can introduce potential backdoors into code. Code reviews help mitigate against such attacks. With the new <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/blob/main/checks/checks.md#branch-protection">Branch-Protection</a> check, developers can verify that the project enforces mandatory code review from another developer before code is committed. Currently, this check can only be run by a repository admin due to GitHub API limitations. For a third-party repository, use the less informative <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/blob/main/checks/checks.md#code-review">Code-Review</a> check instead.<br> Vulnerable code Despite best efforts by developers and peer reviews, vulnerable code can enter source control and remain undetected. That’s why it's important to enable continuous fuzzing and static code analysis to catch bugs early in the development lifecycle. We have added checks to detect if a project uses <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/blob/main/checks/checks.md#fuzzing">Fuzzing</a> and <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/blob/main/checks/checks.md#sast">SAST</a> tools as part of their CI/CD system.<br> Build system compromise A common CI/CD solution used by GitHub projects is <a rel="noreferrer" target="_blank" href="https://github.com/features/actions">GitHub Actions</a> . A danger with these action workflows is that they may handle untrusted user input. Meaning, an attacker can craft a malicious pull request to gain access to the privileged GitHub token, and with it the ability to <a rel="noreferrer" target="_blank" href="https://www.bleepingcomputer.com/news/security/heres-how-a-researcher-broke-into-microsoft-vs-codes-github/">push malicious code to the repo</a> without review. To mitigate this risk, Scorecard's <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/blob/main/checks/checks.md#token-permissions">Token-Permissions</a> prevention check now verifies that the GitHub workflows follow the principle of least privilege by making GitHub tokens read-only by default.<br> Bad dependencies Any software is as secure as its weakest dependency. This may sound obvious, but the first step to knowing our dependencies is simply to declare them... and have our dependencies declare them too. Once we have this provenance information, we can assess the risks of our software and mitigate those risks. Unfortunately, there are several widely-used anti-patterns that break this provenance principle. The first of these anti-patterns is checked-in binaries -- as there's no way to easily verify or check the contents of the binary in the project. Scorecards provides <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/blob/main/checks/checks.md#binary-artifacts">Binary-Artifacts</a> check for testing this. Another anti-pattern is the use of curl | bash in scripts which dynamically pulls dependencies. Cryptographic hashes let us pin our dependencies to a known value: if this value ever changes, the build system will detect it and refuse to build. Pinning dependencies is useful everywhere we have dependencies: not just during compilation, but also in Dockerfiles, CI/CD workflows, etc. Scorecards checks for these anti-patterns with the <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/blob/main/checks/checks.md#frozen-deps">Frozen-Deps</a> check. This check is helpful for mitigating against malicious dependency attacks such as the recent <a rel="noreferrer" target="_blank" href="https://about.codecov.io/security-update/">CodeCov</a> attack. Even with hash-pinning, hashes need to be updated once in a while when dependencies patch vulnerabilities. Tools like <a rel="noreferrer" target="_blank" href="https://docs.github.com/en/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates">dependabot</a> or <a rel="noreferrer" target="_blank" href="https://github.com/renovatebot/renovate">renovatebot</a> give us the opportunity to review and update the hashes. The Scorecards <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/blob/main/checks/checks.md#automatic-dependency-update">Automated-Dependency-Update</a> check verifies that developers rely on such tools to update their dependencies. It is important to know vulnerabilities in a project before uptaking it as a dependency. Scorecards can provide this information via the new <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/blob/main/checks/checks.md#vulnerabilities">Vulnerabilities</a> check, without the need to subscribe to a vulnerability alert system.<br> Scaling the impact<br> To date, the Scorecards project has scaled up to evaluate security criteria for over <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/blob/main/cron/data/projects.csv">50,000</a> open source projects. In order to scale this project, we undertook a massive redesign of our architecture and used a PubSub model which achieved horizontal scalability and higher throughput. This fully automated tool periodically evaluates critical open source projects and exposes the Scorecards check information through a <a rel="noreferrer" target="_blank" href="https://console.cloud.google.com/bigquery?p=openssf&page=table&d=scorecardcron&t=scorecard">public BigQuery dataset</a> which is refreshed weekly.<br> This data can be retrieved using the <a rel="noreferrer" target="_blank" href="https://cloud.google.com/bigquery/docs/reference/bq-cli-reference">bq command line tool</a> . The following example shows how to export data for the Kubernetes project. Substitute the url for the repo to export data from a different project:<br> $ bq query --nouse_legacy_sql 'SELECT Repo, Date, Checks FROM openssf.scorecardcron.scorecard_latest WHERE Repo="github.com/kubernetes/kubernetes"'<br> To export the latest data on all analyzed projects, see instructions <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard#public-data">here</a> .<br> How does the internet measure up?<br> Scorecards data for available projects is now included in the recently <a rel="noreferrer" target="_blank" href="https://opensource.googleblog.com/2021/06/introducing-open-source-insights-project.html">announced</a> Google Open Source Insights <a rel="noreferrer" target="_blank" href="https://deps.dev/">project</a> and also showcased in <a rel="noreferrer" target="_blank" href="http://metrics.openssf.org/">OpenSSF Security Metrics project</a> . The data on these sites shows that there are still important security gaps to fill, even in widely used packages <a rel="noreferrer" target="_blank" href="https://deps.dev/go/k8s.io%2Fkubernetes">like Kubernetes</a> . We also analyzed Scorecards data through Google Data Studio -- one of our data analysis and visualization tools.The diagram below shows a breakdown of the checks that were run and the pass/fail outcome for the 50,000 repositories:<br> As we can see, a lot needs to be done to improve the security of these critical projects. A large number of these projects are not continuously <a rel="noreferrer" target="_blank" href="https://github.com/google/oss-fuzz">fuzzed</a> , do not define a security policy for reporting vulnerabilities, and do not pin dependencies, to name just a few common problems. We all need to come together as an industry to drive awareness of these widespread security risks, and to make improvements that will benefit everyone.<br> Scorecards in Action<br> Several large projects have adopted Scorecards and are keeping us updated on their experiences with it. Below are some examples of Scorecards in action:<br> Envoy Early on we <a rel="noreferrer" target="_blank" href="https://blog.envoyproxy.io/security-scorecards-envoy-automating-supply-chain-analysis-7b8fd9829169">talked</a> about how the Envoy maintainers adopted Scorecards for their project and integrated it within their policy on introducing new dependencies. Since then, pull requests introducing new dependencies to Envoy must get approval from a dependency maintainer who uses Scorecards to <a rel="noreferrer" target="_blank" href="https://github.com/envoyproxy/envoy/blob/main/DEPENDENCY_POLICY.md#new-external-dependencies">evaluate</a> the dependency against a set of criteria. In addition, Envoy also got right to work in improving its own security health metrics according to its own Scorecards evaluation, and is now pinning C++ dependencies and <a rel="noreferrer" target="_blank" href="https://github.com/envoyproxy/envoy/issues/12951">requiring</a> pip hashes for python dependencies. <a rel="noreferrer" target="_blank" href="https://github.com/envoyproxy/envoy/issues/16579">Github actions</a> are also pinned in the continuous integration flow. Previously, Envoy had created a <a rel="noreferrer" target="_blank" href="https://github.com/envoyproxy/envoy/blob/main/tools/dependency/ossf_scorecard.py">tool</a> that outputs Scorecards data on its dependencies as a CSV that can be used to generate a table of results:<br> Now with more project data, Envoy is able to automatically generate up-to-date Scorecard information about its dependencies and publish it in <a rel="noreferrer" target="_blank" href="https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/external_deps">documentation</a> , like the following:<br> Scorecards We improved our own score for the Scorecards! For example, we are now pinning our own dependencies by hash (e.g. <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/commit/3b1c9b8496a7ff8dad8506691fa28f2d60b14a90">docker dependencies</a> , <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/commit/6367cc44f6a1d8318e452761253f2935b1becd4a">workflow dependencies</a> ) to prevent <a rel="noreferrer" target="_blank" href="https://about.codecov.io/security-update/">CodeCov</a> style attacks. We’ve also included a <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/blob/main/SECURITY.md">Security Policy</a> based on this <a rel="noreferrer" target="_blank" href="https://github.com/google/oss-vulnerability-guide">recommended template</a> .<br> We look forward to continuing to grow the Scorecards community. The project now has contributions from <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/graphs/contributors">23</a> developers. Thank you to <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/commits?author=azeemshaikh38">Azeem</a> , <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/commits?author=naveensrinivasan">Naveen</a> , <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/commits?author=laurentsimon">Laurent</a> , <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/commits?author=asraa">Asra</a> and <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/commits?author=chrismcgehee">Chris</a> for their work building these new features and scaling Scorecards. If you would like to join the fun, check out these good first timer <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/issues">issues</a> . If you would like us to help you run Scorecards on specific projects, please submit a GitHub pull request to add those projects <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/blob/main/cron/data/projects.csv">here</a> . Last but not least, we have a lot of ideas and <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/issues?q=is%3Aopen+is%3Aissue+%22new+check%3A%22">many more checks we’d like to add</a> , but we want to hear from you. Tell us which checks you would like to see in the next version of Scorecards.<br> What’s next?<br> There are a couple of big enhancements we’re especially excited about:<br> <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/issues/271">Scorecards Badges</a> - GitHub badges to show off compliance<br> <a rel="noreferrer" target="_blank" href="https://github.com/ossf/scorecard/issues/193">Integration with CI/CD and GitHub Code Scanning Results</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://github.com/ossf/allstar">Integration with Allstar project</a> - GitHub App for enforcing security policies<br> Thanks again to the entire Scorecards community and the OpenSSF for making this project successful. If you’re adopting and improving the score of the projects you maintain, <a rel="noreferrer" target="_blank" href="https://slack.openssf.org/#security_scorecards">tell us</a> about it. Until next time, keep on improving those scores!<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210701-122109/ Thu, 01 Jul 2021 12:21:08 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210701-122109/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1034652_2021-lexus-ls-review-price-photos-specs-info">First drive review: 2021 Lexus LS 500 delivers bargain flagship in need of a flagship powertrain</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132782_dallara-stradale-sports-car-spawns-more-extreme-track-variant">Dallara Stradale sports car spawns more extreme track variant</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210701-042042/ Thu, 01 Jul 2021 04:20:41 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210701-042042/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132769_volvo-concept-recharge-is-the-electric-wagon-of-the-future">Volvo Concept Recharge is the electric wagon of the future</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132764_the-quickest-police-car-isn-t-a-car-it-s-a-ford-f-150-pickup-truck">The quickest police car isn't a car, it's a Ford F-150 pickup truck</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132553_princess-diana-s-1981-ford-escort-sells-for-65-000">Princess Diana's 1981 Ford Escort sells for $65,000</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132759_2022-audi-meb-electric-crossover-for-china-spy-shots">2022 Audi electric crossover for China spy shots</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210701-001522/ Thu, 01 Jul 2021 00:15:21 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210701-001522/ SLSA 1 requires that the build process be fully scripted/automated and generate provenance. Provenance is metadata about how an artifact was built, including the build process, top-level source, and dependencies. Knowing the provenance allows software consumers to make risk-based security decisions. Though provenance at SLSA 1 does not protect against tampering, it offers a basic level of code source identification and may aid in vulnerability management. SLSA 2 requires using version control and a hosted build service that generates authenticated provenance. These additional requirements give the consumer greater confidence in the origin of the software. At this level, the provenance prevents tampering to the extent that the build service is trusted. SLSA 2 also provides an easy upgrade path to SLSA 3. SLSA 3 further requires that the source and build platforms meet specific standards to guarantee the auditability of the source and the integrity of the provenance, respectively. We envision an accreditation process whereby auditors certify that platforms meet the requirements, which consumers can then rely on. SLSA 3 provides much stronger protections against tampering than earlier levels by preventing specific classes of threats, such as cross-build contamination. SLSA 4 is currently the highest level, requiring two-person review of all changes and a hermetic, reproducible build process. Two-person review is an industry best practice for catching mistakes and deterring bad behavior. Hermetic builds guarantee that the provenance’s list of dependencies is complete. Reproducible builds, though not strictly required, provide many auditability and reliability benefits. Overall, SLSA 4 gives the consumer a high degree of confidence that the software has not been tampered with. More details on these proposed levels can be found in the <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa">GitHub repository</a> , including the corresponding Source and Build/Provenance <a rel="noreferrer" target="_blank" href="https://slsa.dev/">requirements</a> . We are open to feedback and suggestions for changes on these requirements.<br> https://www.whatsupup.com/blog/augur/cussed/20210630-200845/ Wed, 30 Jun 2021 20:08:45 +0000 https://www.whatsupup.com/blog/augur/cussed/20210630-200845/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/unleash-your-creativity-with-stickers-on-discord-99363194871?source=collection_home---4------0-----------------------">Unleash Your Creativity with Stickers on Discord</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/unleash-your-creativity-with-stickers-on-discord-99363194871?source=collection_home---4------0-----------------------">Unleash Your Creativity with Stickers on Discord We’re reintroducing Stickers to Discord and giving you ways to incorporate your own sets of stickers within your communities.</a><br> https://www.whatsupup.com/blog/sideswiped/tuftily/20210630-161347/ Wed, 30 Jun 2021 16:13:46 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210630-161347/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/06/25/Investing">Investing Intro</a> · We’ve started to actively manage some of our family investments. It’s entertaining me, and I notice people really like talking about money, so why not talk about it here? This is the start of <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/What/Investing">a new blog category</a> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/06/25/Investing">…</a> [1 comment]<br> https://www.whatsupup.com/blog/disappear/fussy/20210630-081730/ Wed, 30 Jun 2021 08:17:30 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210630-081730/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/">Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices [Updated]</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210630-002414/ Wed, 30 Jun 2021 00:24:14 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210630-002414/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132320_2022-porsche-cayenne-turbo-gt-price-specs-review-photos-info">Preview: 2022 Porsche Cayenne Turbo GT is your top track-focused crossover</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210630-001811/ Wed, 30 Jun 2021 00:18:10 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210630-001811/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2017/03/05/secure-computing-for-journalists/">Secure computing for journalists</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210629-202316/ Tue, 29 Jun 2021 20:23:15 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210629-202316/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132756_toyota-announces-more-replacement-parts-for-a70-and-a80-supras">Toyota announces more replacement parts for A70 and A80 Supras</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132751_porsche-tests-cloud-based-warning-system-that-identifies-hazards-in-real-time">Porsche tests cloud-based warning system that identifies hazards in real time</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132749_2023-mercedes-benz-amg-a45-hatchback-spy-shots-mid-cycle-update-on-the-way">2023 Mercedes-Benz AMG A45 Hatchback spy shots: Mid-cycle update on the way</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210629-202149/ Tue, 29 Jun 2021 20:21:49 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210629-202149/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/projects/">projects</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/teaching/">teaching</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/math/">math</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/pedagogy/">pedagogy</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/programming/">programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/sets/">sets</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/types/">types</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/language/">language</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/foundations/">foundations</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/24/types-versus-sets-in-math-and-programming-languages/#comments">6 Comments</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210629-202132/ Tue, 29 Jun 2021 20:21:31 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210629-202132/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/29/technology/facebook-newsletters-bulletin.html">Facebook unveils ‘Bulletin,’ a newsletter subscription service. The recent growth of start-ups like Substack and Revue has renewed interest in newsletters. By Mike Isaac</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/29/technology/facebook-google-antitrust-tech.html">Congress Faces Renewed Pressure to ‘Modernize Our Antitrust Laws’ After a federal judge threw out state and federal competition cases against Facebook, calls grew for lawmakers to quickly change century-old monopoly laws. By David McCabe and Steve Lohr</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210629-201941/ Tue, 29 Jun 2021 20:19:41 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210629-201941/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/microsoft-digitally-signs-malicious-rootkit-driver/">Microsoft digitally signs malicious rootkit driver</a><br></p> <hr> Company still hasn't revealed the cause of this serious security lapse.<br> https://www.whatsupup.com/blog/spectrometry/obol/20210629-201712/ Tue, 29 Jun 2021 20:17:11 +0000 https://www.whatsupup.com/blog/spectrometry/obol/20210629-201712/ <p><a rel="noreferrer" target="_blank" href="https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html">An EPYC escape: Case-study of a KVM breakout</a><br></p> <hr> Posted by Felix Wilhelm, Project Zero<br> Introduction<br> KVM (for Kernel-based Virtual Machine) is the de-facto standard hypervisor for Linux-based cloud environments. Outside of Azure, almost all large-scale cloud and hosting providers are running on top of KVM, turning it into one of the fundamental security boundaries in the cloud.<br> In this blog post I describe a <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/detail?id=2177&q=owner%3Afwilhelm%40google.com&can=1">vulnerability</a> in KVM’s AMD-specific code and discuss how this bug can be turned into a full virtual machine escape. To the best of my knowledge, this is the first public writeup of a KVM guest-to-host breakout that does not rely on bugs in user space components such as QEMU. The discussed bug was assigned CVE-2021-29657, affects kernel versions v5.10-rc1 to v5.12-rc6 and was patched at the end of <a rel="noreferrer" target="_blank" href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a58d9166a756a0f4a6618e4f593232593d6df134">March</a> 2021 . As the bug only became exploitable in v5.10 and was discovered roughly 5 months later, most real world deployments of KVM should not be affected. I still think the issue is an interesting case study in the work required to build a stable guest-to-host escape against KVM and hope that this writeup can strengthen the case that hypervisor compromises are not only theoretical issues.<br> I start with a short overview of KVM’s architecture, before diving into the bug and its exploitation.<br> KVM<br> KVM is a Linux based open source hypervisor supporting hardware accelerated virtualization on x86, ARM, PowerPC and S/390. In contrast to the other big open source hypervisor Xen, KVM is deeply integrated with the Linux Kernel and builds on its scheduling, memory management and hardware integrations to provide efficient virtualization.<br> KVM is implemented as one or more kernel modules (kvm.ko plus kvm-intel.ko or kvm-amd.ko on x86) that expose a low-level IOCTL-based <a rel="noreferrer" target="_blank" href="https://www.kernel.org/doc/html/latest/virt/kvm/api.html">API</a> to user space processes over the /dev/kvm device. Using this API, a user space process (often called VMM for Virtual Machine Manager) can create new VMs, assign vCPUs and memory, and intercept memory or IO accesses to provide access to emulate d or virtualization-aware hardware devices. <a rel="noreferrer" target="_blank" href="https://www.qemu.org/">QEMU</a> has been the standard user space choice for KVM-based virtualization for a long time, but in the last few years alternatives like <a rel="noreferrer" target="_blank" href="https://github.com/lkvm/lkvm">LKVM</a> , <a rel="noreferrer" target="_blank" href="https://chromium.googlesource.com/chromiumos/platform/crosvm/">crosvm</a> or <a rel="noreferrer" target="_blank" href="https://github.com/firecracker-microvm/firecracker">Firecracker</a> have started to become popular.<br> While KVM’s reliance on a separate user space component might seem complicated at first, it has a very nice benefit: Each VM running on a KVM host has a 1:1 mapping to a Linux process, making it managable using standard Linux tools.<br> This means for example, that a guest's memory can be inspected by dumping the allocated memory of its user space process or that resource limits for CPU time and memory can be applied easily. Additionally, KVM can offload most work related to device emulation to the userspace component. Outside of a couple of performance-sensitive devices related to interrupt handling, all of the complex low-level code for providing virtual disk, network or GPU access can be implemented in userspace.<br> When looking at public writeups of KVM-related vulnerabilities and exploits it becomes clear that this design was a wise decision. The large majority of disclosed vulnerabilities and all publicly available exploits affect QEMU and its support for emulated/paravirtualized devices.<br> Even though KVM’s kernel attack surface is significantly smaller than the one exposed by a default QEMU configuration or similar user space VMMs, a KVM vulnerability has advantages that make it very valuable for an attacker:<br> Whereas user space VMMs can be sandboxed to reduce the impact of a VM breakout, no such option is available for KVM itself. Once an attacker is able to achieve code execution (or similarly powerful primitives like write access to page tables) in the context of the host kernel, the system is fully compromised.<br> Due to the somewhat poor security history of QEMU, new user space VMMs like crosvm or Firecracker are written in Rust, a memory safe language. Of course, there can still be non-memory safety vulnerabilities or problems due to incorrect or buggy usage of the KVM APIs, but using Rust effectively prevents the large majority of bugs that were discovered in C-based user space VMMs in the past.<br> Finally, a pure KVM exploit can work against targets that use proprietary or heavily modified user space VMMs. While the big cloud providers do not go into much detail about their virtualization stacks publicly, it is safe to assume that they do not depend on an unmodified QEMU version for their production workloads. In contrast, KVM’s smaller code base makes heavy modifications unlikely (and KVM’s contributor list points at a strong tendency to upstream such modifications when they exist).<br> With these advantages in mind, I decided to spend some time hunting for a KVM vulnerability that could be turned into a guest-to-host escape. In the past, I had <a rel="noreferrer" target="_blank" href="https://bugs.chromium.org/p/project-zero/issues/list?q=vmx%20owner%3Afwilhelm&can=1">some success</a> with finding vulnerabilities in KVM’s support for nested virtualization on Intel CPUs so reviewing the same functionality for AMD seemed like a good starting point. This is even more true, because the recent increase of AMD’s market share in the server segment means that KVM’s AMD implementation is suddenly becoming a more interesting target than it was in the last years.<br> Nested virtualization, the ability for a VM (called L1) to spawn nested guests (L2), was also a niche feature for a long time. However, due to hardware improvements that reduce its overhead and increasing customer demand it’s becoming more widely available. For example, Microsoft is heavily pushing for <a rel="noreferrer" target="_blank" href="https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs">Virtualization-based Security</a> as part of newer Windows versions, requiring nested virtualization to support cloud-hosted Windows installations. KVM enables support for nested virtualization on both AMD and Intel by default, so if an administrator or the user space VMM does not explicitly disable it, it’s part of the attack surface for a malicious or compromised VM.<br> AMD’s virtualization extension is called SVM (for Secure Virtual Machine) and in order to support nested virtualization, the host hypervisor needs to intercept all SVM instructions that are executed by its guests, emulate their behavior and keep its state in sync with the underlying hardware. As you might imagine, implementing this correctly is quite difficult with a large potential for complex logic flaws, making it a perfect target for manual code review.<br> The Bug<br> Before diving into the KVM codebase and the bug I discovered, I want to quickly introduce how AMD SVM works to make the rest of the post easier to understand. (For a thorough documentation see <a rel="noreferrer" target="_blank" href="https://www.amd.com/system/files/TechDocs/24593.pdf">AMD64 Architecture Programmer’s Manual, Volume 2: System Programming Chapter 15</a> .) SVM adds support for 6 new instructions to x86-64 if SVM support is enabled by setting the SVME bit in the EFER MSR. The most interesting of these instructions is VMRUN , which (as its name suggests) is responsible for running a guest VM. VMRUN takes an implicit parameter via the RAX register pointing to the page-aligned physical address of a data structure called “virtual machine control block” (VMCB), which describes the state and configuration of the VM.<br> The VMCB is split into two parts: First, the State Save area, which stores the values of all guest registers, including segment and control registers. Second, the Control area which describes the configuration of the VM. The Control area describes the virtualization features enabled for a VM,  sets which VM actions are intercepted to trigger a VM exit and stores some fundamental configuration values such as the page table address used for <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Second_Level_Address_Translation">nested paging</a> .<br> If the VMCB is correctly prepared (and we are not already running in a VM), VMRUN will first save the host state in a memory region called the host save area, whose address is configured by writing a physical address to the VM_HSAVE_PA MSR. Once the host state is saved, the CPU switches to the VM context and VMRUN only returns once a VM exit is triggered for one reason or another.<br> An interesting aspect of SVM is that a lot of the state recovery after a VM exit has to be done by the hypervisor. Once a VM exit occurs, only RIP, RSP and RAX are restored to the previous host values and all other general purpose registers still contain the guest values. In addition, a full context switch requires manual execution of the VMSAVE/VMLOAD instructions which save/load additional system registers (FS, SS, LDTR, STAR, LSTAR …) from memory.<br> For nested virtualization to work, KVM intercepts execution of the VMRUN instruction and creates its own VMCB based on the VMCB the L1 guest prepared (called vmcb12 in KVM terminology). Of course, KVM can’t trust the guest provided vmcb12 and needs to carefully validate all fields that end up in the real VMCB that gets passed to the hardware (known as vmcb02).<br> Most of the KVM’s code for nested virtualization on AMD is implemented in <a rel="noreferrer" target="_blank" href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kvm/svm/nested.c?h=v5.11">arch/x86/kvm/svm/nested.c</a> and the code that intercepts VMRUN instructions of nested guests is implemented in nested_svm_vmrun :<br> int nested_svm_vmrun ( struct vcpu_svm * svm )<br> int ret ;<br> struct vmcb * vmcb12 ;<br> struct vmcb * hsave = svm -> nested . hsave ;<br> struct vmcb * vmcb = svm -> vmcb ;<br> struct kvm_host_map map ;<br> u64 vmcb12_gpa ;<br> vmcb12_gpa = svm -> vmcb -> save . rax ; ** 1 **<br> ret = kvm_vcpu_map (& svm -> vcpu , gpa_to_gfn ( vmcb12_gpa ), & map ); ** 2 **<br> ret = kvm_skip_emulated_instruction (& svm -> vcpu );<br> vmcb12 = map . hva ;<br> if (! nested_vmcb_checks ( svm , vmcb12 )) { ** 3 **<br> vmcb12 -> control . exit_code = SVM_EXIT_ERR ;<br> vmcb12 -> control . exit_code_hi = 0 ;<br> vmcb12 -> control . exit_info_1 = 0 ;<br> goto out ;<br> * Save the old vmcb, so we don't need to pick what we save, but can<br> * restore everything when a VMEXIT occurs<br> hsave -> save . es = vmcb -> save . es ;<br> hsave -> save . cs = vmcb -> save . cs ;<br> hsave -> save . ss = vmcb -> save . ss ;<br> hsave -> save . ds = vmcb -> save . ds ;<br> hsave -> save . gdtr = vmcb -> save . gdtr ;<br> hsave -> save . … https://www.whatsupup.com/blog/hardened/twinkled/20210629-161937/ Tue, 29 Jun 2021 16:19:37 +0000 https://www.whatsupup.com/blog/hardened/twinkled/20210629-161937/ <a rel="noreferrer" target="_blank" href="https://github.blog/2021-06-29-introducing-github-copilot-ai-pair-programmer/">Introducing GitHub Copilot: your AI pair programmer</a><br></p> <hr> Today, we’re launching a technical preview of GitHub Copilot, a new AI pair programmer that helps you write better code.<br> https://www.whatsupup.com/blog/disappear/fussy/20210629-121802/ Tue, 29 Jun 2021 12:18:01 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210629-121802/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/">Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices</a><br></p> <hr> Western Digital removed code that would have prevented the wiping of petabytes of data.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210629-082316/ Tue, 29 Jun 2021 08:23:15 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210629-082316/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1127494_aston-martin-valkyrie-spied-on-the-road-ahead-of-start-of-deliveries-this-summer">Aston Martin Valkyrie spied on the road ahead of start of deliveries this summer</a><br> https://www.whatsupup.com/blog/sited/implore/20210629-081900/ Tue, 29 Jun 2021 08:19:00 +0000 https://www.whatsupup.com/blog/sited/implore/20210629-081900/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/29/technology/boom-times-for-lawyers-as-washington-pursues-big-tech.html">Boom Times for Lawyers as Washington Pursues Big Tech Not since the government sued to break up Microsoft in the late 1990s has there been greater demand for people who know the ins and outs of corporate competition law. By Cecilia Kang and David McCabe</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210629-042054/ Tue, 29 Jun 2021 04:20:53 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210629-042054/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/28/technology/facebook-ftc-lawsuit.html">Judge Throws Out 2 Antitrust Cases Against Facebook The decisions were a major blow to attempts to rein in Big Tech. The judge said one of the complaints, from the Federal Trade Commission, lacked facts and gave the agency 30 days to refile it. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/sited/implore/20210629-041851/ Tue, 29 Jun 2021 04:18:50 +0000 https://www.whatsupup.com/blog/sited/implore/20210629-041851/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/28/technology/facebook-ftc-lawsuit.html">Judge Throws Out 2 Antitrust Cases Against Facebook The decisions were a major blow to attempts to rein in Big Tech. The judge said one of the complaints, from the Federal Trade Commission, lacked facts and gave the agency 30 days to refile it. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/popularization/compilable/20210629-040821/ Tue, 29 Jun 2021 04:08:21 +0000 https://www.whatsupup.com/blog/popularization/compilable/20210629-040821/ <a rel="noreferrer" target="_blank" href="https://jeffhuang.com/papers/Portalware_DIS21.pdf">Portalware: Exploring Free-Hand AR Drawing with a Dual-Display Smartphone-Wearable Paradigm</a> Jing Qian, Tongyu Zhou, Meredith Young-Ng, Jiaju Ma, Angel Cheung, Xiangyu Li, Ian Gonsher, Jeff Huang DIS 2021<br> https://www.whatsupup.com/blog/sideswiped/tuftily/20210629-001649/ Tue, 29 Jun 2021 00:16:49 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210629-001649/ <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/06/25/Investing">Investing Intro</a> · We’ve started to actively manage some of our family investments. It’s entertaining me, and I notice people really like talking about money, so why not talk about it here? This is the start of <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/What/Investing">a new blog category</a> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/06/25/Investing">…</a><br> <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/06/22/Galaxy-Tab-S7-Plus">Galaxy Tab S7+</a> · I impulse-bought this big Samsung slab which I guess represents the state of the art in Android tabletry and is trying to occupy an iPad-like spot in the ecosystem. It’s got issues but I’m keeping it. I’m writing this based on my perception that not many people have a tablet that’s not an iPad, so the territory is only lightly explored <a rel="noreferrer" target="_blank" href="https://www.tbray.org/ongoing/When/202x/2021/06/22/Galaxy-Tab-S7-Plus">…</a> [4 comments]<br> https://www.whatsupup.com/blog/novice/millrace/20210629-001632/ Tue, 29 Jun 2021 00:16:31 +0000 https://www.whatsupup.com/blog/novice/millrace/20210629-001632/ <a rel="noreferrer" target="_blank" href="https://medium.com/new-story">Write</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210628-122341/ Mon, 28 Jun 2021 12:23:41 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210628-122341/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1128825_2021-ford-bronco-price-specs-review-photos-info">First drive review: 2021 Ford Bronco bucking for king of the hill</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210628-082246/ Mon, 28 Jun 2021 08:22:45 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210628-082246/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1113841_aston-martin-valkyrie-amr-pro-le-mans-hypercar-aping-track-car-revealed">Aston Martin Valkyrie AMR Pro: Le Mans Hypercar-aping track car revealed</a><br> https://www.whatsupup.com/blog/boxed/modification/20210628-041710/ Mon, 28 Jun 2021 04:17:09 +0000 https://www.whatsupup.com/blog/boxed/modification/20210628-041710/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#argument-dependent-lookup">argument-dependent-lookup</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#implementation-divergence">implementation-divergence</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#stl-classic">stl-classic</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#templates">templates</a><br> Today, while inventing questions for my next <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/09/18/cppcon-2020-pub-quiz-2/">C++ Pub Quiz</a> , I ran into a fairly obscure and meaningless divergence among vendors’ implementations of<br> vector<bool>::reference<br> . Given:<br> std::vector<bool> v = {true, true};<br> The correct way to swap<br> v[0]<br> with<br> is of course<br> swap(v[0], v[1])<br> , optionally preceded by<br> using std::swap<br> ; see <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/2020/07/11/the-std-swap-two-step/">“What is the std::swap two-step?”</a> (2020-07-11). But look at all these wrong things you can try! …<br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210628-001917/ Mon, 28 Jun 2021 00:19:16 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210628-001917/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2014/10/15/attack-of-week-poodle/">Attack of the week: POODLE</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20210627-162115/ Sun, 27 Jun 2021 16:21:15 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210627-162115/ June 27, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/06/27/You-cant-capture-the-nuance.html">You can't capture the nuance of my form fields</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210627-122437/ Sun, 27 Jun 2021 12:24:37 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210627-122437/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132720_mid-engine-hellcat-powered-1968-dodge-charger-lets-you-live-your-fast-and-furious-dreams">Mid-engine Hellcat-powered 1968 Dodge Charger lets you live your "Fast and Furious" dreams</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132175_why-mpg-is-a-dumb-unit-for-fuel-economy">Why MPG is a dumb unit for fuel economy</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20210627-041940/ Sun, 27 Jun 2021 04:19:39 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210627-041940/ Big Technology is on Substack – the place for independent writing<br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210627-001827/ Sun, 27 Jun 2021 00:18:26 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210627-001827/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2012/08/19/dear-apple-please-set-imessage-free/">Dear Apple: Please set iMessage free</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210626-161840/ Sat, 26 Jun 2021 16:18:39 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210626-161840/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/solarwinds-hackers-breach-new-victims-including-a-microsoft-support-agent/">SolarWinds hackers breach new victims, including a Microsoft support agent</a><br></p> <hr> Discovery came as Microsoft was investigating new breaches by the same hacker group.<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210626-000940/ Sat, 26 Jun 2021 00:09:39 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210626-000940/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/what-is-low-code/">What is low code? A comprehensive guide Low code and no code have all the hype, but among developers, they also have equal amounts of skepticism. In March 2021, no code pioneer Zapier acquired no-code community Makerpad. In April 2021,</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210626-000716/ Sat, 26 Jun 2021 00:07:15 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210626-000716/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/mybook-users-urged-to-unplug-devices-from-internet/">MyBook Users Urged to Unplug Devices from Internet</a><br></p> <hr> Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device.<br> One of many similar complaints on Western Digital’s user forum.<br> Earlier this week, <a rel="noreferrer" target="_blank" href="https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/">Bleeping Computer</a> and <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/mass-data-wipe-in-my-book-devices-prompts-warning-from-western-digital/?utm_brand=arstechnica&utm_source=twitter&utm_social-type=owned&utm_medium=social">Ars Technica</a> pointed to <a rel="noreferrer" target="_blank" href="https://community.wd.com/t/help-all-data-in-mybook-live-gone-and-owner-password-unknown/268111">a heated discussion thread on Western Digital’s user forum</a> where many customers complained of finding their MyBook Live and MyBook Live Duo devices completely wiped of their data.<br> “Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability,” the company said in a statement June 24. “In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information.”<br> Western Digital’s <a rel="noreferrer" target="_blank" href="https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo">brief advisory</a> includes <a rel="noreferrer" target="_blank" href="https://nvd.nist.gov/vuln/detail/CVE-2018-18472#VulnChangeHistorySection">a link to an entry in the National Vulnerability Database for CVE-2018-18472</a> . The NVD writeup says Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug.<br> “It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,” NVD wrote.<br> Examine the CVE attached to this flaw and you’ll notice it was issued in 2018. The <a rel="noreferrer" target="_blank" href="https://nvd.nist.gov/vuln/detail/CVE-2018-18472#VulnChangeHistorySection">NVD’s advisory</a> credits VPN reviewer Wizcase.com with reporting the bug to Western Digital three years ago, back in June 2018.<br> In some ways, it’s remarkable that it took this long for vulnerable MyBook devices to be attacked: The 2018 Wizcase writeup on the flaw includes proof-of-concept code that lets anyone run commands on the devices as the all-powerful “root” user. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/mybook-users-urged-to-unplug-devices-from-internet/#more-56082">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210625-202344/ Fri, 25 Jun 2021 20:23:43 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210625-202344/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132709_rush-drummer-neil-peart-s-car-collection-to-be-auctioned-in-pebble-beach">Rush drummer Neil Peart's car collection to be auctioned in Pebble Beach</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210625-162336/ Fri, 25 Jun 2021 16:23:36 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210625-162336/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1128272_2022-honda-civic-type-r-spy-shots">2022 Honda Civic Type R spy shots: Redesigned hot hatch coming soon</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132719_2021-jeep-wrangler-rubicon-xtreme-recon-package-takes-aim-at-the-ford-bronco">2021 Jeep Wrangler Rubicon Xtreme Recon package takes aim at the Ford Bronco</a><br> https://www.whatsupup.com/blog/novice/millrace/20210625-161558/ Fri, 25 Jun 2021 16:15:57 +0000 https://www.whatsupup.com/blog/novice/millrace/20210625-161558/ <p>MooseyAnon Follows<br> <a rel="noreferrer" target="_blank" href="https://delatango.medium.com/?source=blogrolls_sidebar-------------------------------------">Kelsea Delatango</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://mooseyanon.medium.com/following?source=blogrolls_sidebar-------------------------------------">See all (8)</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210625-160909/ Fri, 25 Jun 2021 16:09:09 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210625-160909/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/what-is-low-code/">What is low code? The last guide you’ll ever need Low code and no code have all the hype, but among developers, they also have equal amounts of skepticism. In March 2021, no code pioneer Zapier acquired no-code community Makerpad. In April 2021,</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210625-122323/ Fri, 25 Jun 2021 12:23:23 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210625-122323/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132713_2023-porsche-panamera-spy-shots">2023 Porsche Panamera spy shots: 2nd update on the way</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10067359_robert-duffer">Robert Duffer - Senior Editor</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210625-042238/ Fri, 25 Jun 2021 04:22:37 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210625-042238/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/projects/">projects</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/teaching/">teaching</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/foundations/">foundations</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/language/">language</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/math/">math</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/pedagogy/">pedagogy</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/programming/">programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/sets/">sets</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/types/">types</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/24/types-versus-sets-in-math-and-programming-languages/#comments">2 Comments</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210625-041937/ Fri, 25 Jun 2021 04:19:36 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210625-041937/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/mass-data-wipe-in-my-book-devices-prompts-warning-from-western-digital/">“I’m totally screwed.” WD My Book Live users wake up to find their data deleted</a><br></p> <hr> Storage-device maker advises customers to unplug My Book Lives from the Internet ASAP.<br> https://www.whatsupup.com/blog/phonic/shopboy/20210625-041326/ Fri, 25 Jun 2021 04:13:26 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210625-041326/ I'm discussing “ GTS: Talking crypto with A16z” with @sriramk, @pdavison, @cdixon, @aarthir, @alive_eth, @AriannaSimpson, @katie_haun, @stevesi, and Good Time. Today, Jun 24 at 6:00 PM PDT on @clubhouse. Join us! <a rel="noreferrer" target="_blank" href="https://t.co/0wTCc50XpL"><a href="https://t.co/0wTCc50XpL">https://t.co/0wTCc50XpL</a></a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210625-002353/ Fri, 25 Jun 2021 00:23:52 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210625-002353/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132702_pearl-yellow-2012-lexus-lfa-with-72-miles-never-left-dealership-for-sale-on-bring-a-trailer">Pearl Yellow 2012 Lexus LFA with 72 miles never left dealership, for sale on Bring A Trailer</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132703_electric-volvo-xc90-successor-to-be-revealed-in-2022-with-lidar-and-advanced-driver-assist-tech">Electric Volvo XC90 successor to be revealed in 2022 with lidar and advanced driver-assist tech</a><br> https://www.whatsupup.com/blog/sited/implore/20210625-001932/ Fri, 25 Jun 2021 00:19:32 +0000 https://www.whatsupup.com/blog/sited/implore/20210625-001932/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/24/technology/antitrust-overhaul-congress.html">Antitrust Overhaul Passes Its First Tests. Now, the Hard Parts. When the Judiciary Committee began approving a suite of bills on Wednesday, fault lines were exposed that could make final passage difficult. By Cecilia Kang and David McCabe</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210625-001919/ Fri, 25 Jun 2021 00:19:19 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210625-001919/ <p>Server Encountered an Error<br> Our apologies, the content you requested cannot be rendered at the moment. Please try refreshing the page or visit to our <a rel="noreferrer" target="_blank" href="https://www.reuters.com/">homepage.</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/tools/mobile">Apps</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://newslink.reuters.com/join/subscribe">Newsletters</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://sales.reuters.com/en/">Advertise with Us</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.thomsonreuters.com/en/privacy-statement.html">Privacy</a><br> <hr> All quotes delayed a minimum of 15 minutes. See <a rel="noreferrer" target="_blank" href="https://www.reuters.com/info/disclaimer">here for a complete list</a> of exchanges and delays.<br> <a rel="noreferrer" target="_blank" href="https://thomsonreuters.com/copyright/">©2020 Reuters. All Rights Reserved.</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20210625-001910/ Fri, 25 Jun 2021 00:19:09 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210625-001910/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/what-big-techs-chamber-of-progress">What Big Tech’s “Chamber of Progress” Is Really All About</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/what-big-techs-chamber-of-progress">A vaguely-named influence shop does Big Tech’s heavy lifting</a><br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/people/10286039-alex-kantrowitz">Alex Kantrowitz</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/what-big-techs-chamber-of-progress/comments">Comment</a> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210625-001722/ Fri, 25 Jun 2021 00:17:21 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210625-001722/ In recent months, Google has launched <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/02/know-prevent-fix-framework-for-shifting.html">several efforts</a> to strengthen open-source security on multiple fronts. One important focus is improving how we identify and respond to known security vulnerabilities without doing extensive manual work. It is essential to have a precise common data format to triage and remediate security vulnerabilities, particularly when communicating about risks to affected dependencies—it enables easier automation and empowers consumers of open-source software to know when they are impacted and make security fixes as soon as possible. We released the <a rel="noreferrer" target="_blank" href="https://opensource.googleblog.com/2021/02/launching-osv-better-vulnerability.html">Open Source Vulnerabilities (OSV) database</a> in February with the goal of automating and improving vulnerability triage for developers and users of open source software. This initial effort was bootstrapped with a dataset of a few thousand vulnerabilities from the <a rel="noreferrer" target="_blank" href="https://github.com/google/oss-fuzz">OSS-Fuzz</a> project. Implementing OSV to communicate precise vulnerability data for hundreds of critical open-source projects proved the success and utility of the format, and garnered feedback to help us improve the project; for example, we dropped the Cloud API key requirement, making the database even easier to access by more users. The community response also showed that there was broad interest in extending the effort further. Today, we’re excited to announce a new milestone in expanding OSV to several key open-source ecosystems: <a rel="noreferrer" target="_blank" href="https://github.com/golang/vulndb">Go</a> , <a rel="noreferrer" target="_blank" href="https://github.com/RustSec/advisory-db">Rust</a> , <a rel="noreferrer" target="_blank" href="https://github.com/pypa/advisory-db">Python</a> , and <a rel="noreferrer" target="_blank" href="https://github.com/distributedweaknessfiling/dwflist">DWF</a> . This expansion unites and aggregates four important vulnerability databases, giving software developers a better way to track and remediate the security issues that affect them. Our effort also aligns with the recent <a rel="noreferrer" target="_blank" href="https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity">US Executive Order on Improving the Nation’s Cybersecurity</a> , which emphasized the need to remove barriers to sharing threat information in order to strengthen national infrastructure. This expanded shared vulnerability database marks an important step toward creating a more secure open-source environment for all users.<br> A simple, unified schema for describing vulnerabilities precisely As with open source development, vulnerability databases in open source follow a distributed model, with many ecosystems and organizations creating their own database. Since each uses their own format to describe vulnerabilities, a client tracking vulnerabilities across multiple databases must handle each completely separately. Sharing of vulnerabilities between databases is also difficult. The Google Open Source Security team, Go team, and the broader open-source community have been developing a simple <a rel="noreferrer" target="_blank" href="https://tinyurl.com/vuln-json">vulnerability interchange schema</a> for describing vulnerabilities that’s designed from the beginning for open-source ecosystems. After starting work on the schema a few months ago, we <a rel="noreferrer" target="_blank" href="http://tinyurl.com/vuln-json">requested public feedback and received hundreds of comments</a> . We have incorporated the input from readers to arrive at the current schema:<br> https://www.whatsupup.com/blog/buckeroo/doubling/20210624-202100/ Thu, 24 Jun 2021 20:21:00 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210624-202100/ June 24, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/06/24/finger-client.html">A finger client</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210624-201934/ Thu, 24 Jun 2021 20:19:34 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210624-201934/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/zyxel-scrambles-to-thwart-active-hacks-targeting-customers-firewalls-and-vpns/">Hackers are using unknown user accounts to target Zyxel firewalls and VPNs</a><br></p> <hr> Authentication bypass attacks allow hackers to change breach network security.<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210624-200852/ Thu, 24 Jun 2021 20:08:52 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210624-200852/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/retool-raises-50-million-led-by-sequoia/">Retool raises $50M led by Sequoia Since Retool launched two years ago on HN, tens of thousands of companies have come to rely on Retool. It's how Allbirds measures the efficacy of their marketing campaigns; how Brex builds applications</a><br> https://www.whatsupup.com/blog/augur/cussed/20210624-200850/ Thu, 24 Jun 2021 20:08:50 +0000 https://www.whatsupup.com/blog/augur/cussed/20210624-200850/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/discord-github-help-make-online-hackathons-easier-for-everyone-e5ba683a1666?source=collection_home---4------0-----------------------">Discord & GitHub Help Make Online Hackathons Easier for Everyone</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/discord-github-help-make-online-hackathons-easier-for-everyone-e5ba683a1666?source=collection_home---4------0-----------------------">Discord & GitHub Help Make Online Hackathons Easier for Everyone Discord has joined forces with GitHub and Major League Hacking to produce the ultimate easy-to-use environment for running hackathons.</a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20210624-200727/ Thu, 24 Jun 2021 20:07:26 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20210624-200727/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/why-you-should-practice-voluntary-discomfort-to-become-happier">Why you should practice voluntary discomfort to become happier</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/put-yourself-on-the-productive-path">Put yourself on the Productive Path</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-change-for-the-better">How to change for the better</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-set-goals-that-work">How to set goals that work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-finally-start-doing-something-about-your-dreams">How to finally start doing something about your dreams</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-avoid-i-ll-do-it-tomorrow">How to avoid “I’ll do it tomorrow”</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/play-the-ultimate-game-your-real-life">Play the ultimate game: your real life</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-real-reason-why-you-get-distracted">The real reason why you get distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/today-shouldnt-suck">Today shouldn’t suck</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted">4 most common ways of getting distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210624-162229/ Thu, 24 Jun 2021 16:22:29 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210624-162229/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1130983_2021-hennessey-mammoth-1000-ram-1500-trx-price">2021 Hennessey Mammoth 1000 is a 1,000-plus-hp Ram 1500 TRX, and it's ready to hit the plains</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132700_ferrari-296-gtb-revealed-with-818-hp-from-a-v-6-hybrid-powertrain">Ferrari 296 GTB revealed with 818 hp from a V-6 hybrid powertrain</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210624-162058/ Thu, 24 Jun 2021 16:20:58 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210624-162058/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/24/types-versus-sets-in-math-and-programming-languages/">Types versus sets in math and programming languages</a><br> https://www.whatsupup.com/blog/jigging/witherer/20210624-161902/ Thu, 24 Jun 2021 16:19:02 +0000 https://www.whatsupup.com/blog/jigging/witherer/20210624-161902/ <p><a rel="noreferrer" target="_blank" href="https://themarkup.org/newsletter">Newsletters</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://themarkup.org/citizen-browser/2021/06/24/after-repeatedly-promising-not-to-facebook-keeps-recommending-political-groups-to-its-users">Citizen Browser After Repeatedly Promising Not to, Facebook Keeps Recommending Political Groups to Its Users The company announced the policy as a way to stop spreading divisive content June 24, 2021 08:00 ET</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210624-161830/ Thu, 24 Jun 2021 16:18:30 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210624-161830/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-russia-britain-navy/russia-warns-britain-it-will-bomb-ships-next-time-idUSKCN2E00K3">Russia warns Britain it will bomb ships next time</a><br></p> <hr> LONDON/MOSCOW (Reuters) -Russia warned Britain on Thursday that it would bomb British naval vessels in the Black Sea if there were any further provocative actions by the British navy off the coast of Russia-annexed Crimea.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-indigenous-children/indigenous-group-in-canada-finds-751-unmarked-graves-at-former-residential-school-idUSKCN2E0203">Indigenous group in Canada finds 751 unmarked graves at former residential school</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/hks-apple-daily-owner-lai-punished-for-exercising-fundamental-rights-uns-bachelet-idUSKCN2E0045">HK's Apple Daily owner Lai punished for exercising fundamental rights-UN's Bachelet</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210624-161607/ Thu, 24 Jun 2021 16:16:05 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210624-161607/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/06/announcing-unified-vulnerability-schema.html">Announcing a unified vulnerability schema for open source</a><br></p> <hr> Posted by Oliver Chang, Google Open Source Security team and Russ Cox, Go team<br> In recent months, Google has launched <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/02/know-prevent-fix-framework-for-shifting.html">several efforts</a> to strengthen open-source security on multiple fronts. One important focus is improving how we identify and respond to known security vulnerabilities without doing extensive manual work. It is essential to have a precise common data format to triage and remediate security vulnerabilities, particularly when communicating about risks to affected dependencies—it enables easier automation and empowers consumers of open-source software to know when they are impacted and make security fixes as soon as possible. <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/06/announcing-unified-vulnerability-schema.html">Read More</a><br> In recent months, Google has launched <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/02/know-prevent-fix-framework-for-shifting.html">several efforts</a> to strengthen open-source security on multiple fronts. One important focus is improving how we identify and respond to known security vulnerabilities without doing extensive manual work. It is essential to have a precise common data format to triage and remediate security vulnerabilities, particularly when communicating about risks to affected dependencies—it enables easier automation and empowers consumers of open-source software to know when they are impacted and make security fixes as soon as possible. We released the <a rel="noreferrer" target="_blank" href="https://opensource.googleblog.com/2021/02/launching-osv-better-vulnerability.html">Open Source Vulnerabilities (OSV) database</a> in February with the goal of automating and improving vulnerability triage for developers and users of open source software. This initial effort was bootstrapped with a dataset of a few thousand vulnerabilities from the <a rel="noreferrer" target="_blank" href="https://github.com/google/oss-fuzz">OSS-Fuzz</a> project. Implementing OSV to communicate precise vulnerability data for hundreds of critical open-source projects proved the success and utility of the format, and garnered feedback to help us improve the project; for example, we dropped the Cloud API key requirement, making the database even easier to access by more users. The community response also showed that there was broad interest in extending the effort further. Today, we’re excited to announce a new milestone in expanding OSV to several key open-source ecosystems: <a rel="noreferrer" target="_blank" href="https://github.com/golang/vulndb">Go</a> , <a rel="noreferrer" target="_blank" href="https://github.com/RustSec/advisory-db">Rust</a> , <a rel="noreferrer" target="_blank" href="https://github.com/pypa/advisory-db">Python</a> , and <a rel="noreferrer" target="_blank" href="https://github.com/distributedweaknessfiling/dwflist">DWF</a> . This expansion unites and aggregates four important vulnerability databases, giving software developers a better way to track and remediate the security issues that affect them. Our effort also aligns with the recent <a rel="noreferrer" target="_blank" href="https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity">US Executive Order on Improving the Nation’s Cybersecurity</a> , which emphasized the need to remove barriers to sharing threat information in order to strengthen national infrastructure. This expanded shared vulnerability database marks an important step toward creating a more secure open-source environment for all users. A simple, unified schema for describing vulnerabilities precisely As with open source development, vulnerability databases in open source follow a distributed model, with many ecosystems and organizations creating their own database. Since each uses their own format to describe vulnerabilities, a client tracking vulnerabilities across multiple databases must handle each completely separately. Sharing of vulnerabilities between databases is also difficult. The Google Open Source Security team, Go team, and the broader open-source community have been developing a simple <a rel="noreferrer" target="_blank" href="https://tinyurl.com/vuln-json">vulnerability interchange schema</a> for describing vulnerabilities that’s designed from the beginning for open-source ecosystems. After starting work on the schema a few months ago, we <a rel="noreferrer" target="_blank" href="http://tinyurl.com/vuln-json">requested public feedback and received hundreds of comments</a> . We have incorporated the input from readers to arrive at the current schema:<br> {<br> "id" : string ,<br> "modified" : string ,<br> "published" : string ,<br> "withdrawn" : string ,<br> "aliases" : [ string ],<br> "related" : [ string ],<br> "package" : {<br> "ecosystem" : string ,<br> "name" : string ,<br> "purl" : string ,<br> },<br> "summary" : string ,<br> "details" : string ,<br> "affects" : [ {<br> "ranges" : [ {<br> "type" : string ,<br> "repo" : string ,<br> "introduced" : string ,<br> "fixed" : string<br> } ],<br> "versions" : [ string ]<br> "references" : [ {<br> "url" : string<br> "ecosystem_specific" : { see spec },<br> "database_specific" : { see spec },<br> }<br> This new vulnerability schema aims to address some key problems with managing vulnerabilities in open source. We found that there was no existing standard format which:<br> Enforces version specification that precisely matches naming and versioning schemes used in actual open source package ecosystems. For instance, matching a vulnerability such as a <a rel="noreferrer" target="_blank" href="https://cve.mitre.org/">CVE</a> to a package name and set of versions in a package manager is difficult to do in an automated way using existing mechanisms such as <a rel="noreferrer" target="_blank" href="https://nvd.nist.gov/products/cpe">CPEs</a> .<br> Can be used to describe vulnerabilities in any open source ecosystem, while not requiring ecosystem-dependent logic to process them.<br> Is easy to use by both automated systems and humans.<br> With this schema we hope to define a format that all vulnerability databases can export. A unified format means that vulnerability databases, open source users, and security researchers can easily share tooling and consume vulnerabilities across all of open source. This means a more complete view of vulnerabilities in open source for everyone, as well as faster detection and remediation times resulting from easier automation.<br> The current state<br> The <a rel="noreferrer" target="_blank" href="https://tinyurl.com/vuln-json">vulnerability schema spec</a> has gone through several iterations, and we are inviting further feedback as it gets closer to finalized. A number of public vulnerability databases today are already exporting this format, with more in the pipeline:<br> <a rel="noreferrer" target="_blank" href="https://github.com/golang/vulndb">Go vulnerability database</a> for Go packages<br> <a rel="noreferrer" target="_blank" href="https://github.com/RustSec/advisory-db">Rust advisory database</a> for Cargo packages<br> <a rel="noreferrer" target="_blank" href="https://github.com/pypa/advisory-db">Python advisory database</a> for PyPI packages<br> <a rel="noreferrer" target="_blank" href="https://github.com/distributedweaknessfiling/dwflist">DWF database</a> for vulnerabilities in the Linux kernel and other popular software<br> <a rel="noreferrer" target="_blank" href="https://github.com/google/oss-fuzz-vulns">OSS-Fuzz database</a> for vulnerabilities in C/C++ software found by OSS-Fuzz<br> The OSV service has also aggregated all of these vulnerability databases, which are viewable at our <a rel="noreferrer" target="_blank" href="https://osv.dev/list">web UI</a> . They can also be queried with a single command via the same <a rel="noreferrer" target="_blank" href="https://osv.dev/docs/#tag/api">existing APIs</a> :<br> curl - X POST - d \<br> '{"commit": "a46c08c533cfdf10260e74e2c03fa84a13b6c456"}' \<br> "https://api.osv.dev/v1/query"<br> '{"version": "2.4.1", "package": {"name": "jinja2", "ecosystem": "PyPI"}}' \<br> Automating vulnerability database maintenance<br> Producing quality vulnerability data is also difficult. In addition to <a rel="noreferrer" target="_blank" href="https://opensource.googleblog.com/2021/02/launching-osv-better-vulnerability.html">OSV’s existing automation</a> , we built more <a rel="noreferrer" target="_blank" href="https://github.com/google/osv/tree/master/vulnfeeds">automation tools</a> for vulnerability database maintenance, and used these tools to <a rel="noreferrer" target="_blank" href="https://discuss.python.org/t/proposing-a-community-maintained-database-of-pypi-package-vulnerabilities/8374/13">bootstrap</a> the community <a rel="noreferrer" target="_blank" href="https://github.com/pypa/advisory-db">Python advisory database</a> . This automation takes existing feeds, accurately matches them to packages, and <a rel="noreferrer" target="_blank" href="https://github.com/pypa/advisory-db/commit/7afe2510b693ad60a0b95da8a5b2a370a7c48997">generates entries</a> containing <a rel="noreferrer" target="_blank" href="https://github.com/pypa/advisory-db/commit/e4035d8131324cf207ac9b40eacac79b97b1c6b2">precise, validated version ranges</a> with minimal human intervention. We plan to extend this tooling to other ecosystems for which there is no existing vulnerability database, or little support for ongoing database maintenance.<br> Get involved<br> Thank you to all the open source developers who have provided feedback and adopted this format. We’re continuing to work with open source communities to develop this further and earn more widespread adoption in all ecosystems. If you are interested in adopting this format, we’d appreciate any feedback on our <a rel="noreferrer" target="_blank" href="https://tinyurl.com/vuln-json">public spec</a> .<br> Labels: <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/Open%20Source">Open Source</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/Security">Security</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/vulnerabilities">vulnerabilities</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210624-160647/ Thu, 24 Jun 2021 16:06:47 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210624-160647/ The shimmers were an innovation that caused concern on multiple levels. For starters, chip-based payment cards were supposed to be far more expensive and difficult for thieves to copy and clone. But these skimmers took advantage of weaknesses in the way many banks at the time implemented the new chip card standard.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210624-122609/ Thu, 24 Jun 2021 12:26:08 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210624-122609/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132286_2021-techart-gt-street-r-is-a-tuned-porsche-911-turbo-that-packs-800-hp">2021 Techart GT Street R is a tuned Porsche 911 Turbo that packs 800 hp</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1112214_2024-volkswagen-id-buzz-spy-shots">2024 Volkswagen ID Buzz spy shots: Modern electric Bus starts testing</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210624-122420/ Thu, 24 Jun 2021 12:24:19 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210624-122420/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/24/types-versus-sets-in-math-and-programming-languages/">Types versus sets in math and programming languages</a><br></p> <hr> For several years I have been designing and implementing a <a rel="noreferrer" target="_blank" href="https://github.com/disco-lang/disco/">functional teaching language especially for use in the context of a Discrete Mathematics course</a> . The idea is for students to be exposed to some functional and statically-typed programming early in their computer science education, and to give them a fun and concrete way to see the connections between the concepts they learn in a Discrete Math course and computation. I am <a rel="noreferrer" target="_blank" href="https://cs.wheaton.edu/~tvandrun/dmfp/">not the first to think of combining FP + Discrete Math</a> , but I think there is an opportunity to do it really well with a language designed expressly for the purpose. (And, who am I kidding, designing and implementing a language is just plain fun.)<br> Of course the language has an expressive static type system, with base types like natural numbers, rationals, Booleans, and Unicode characters, as well as sum and product types, lists, strings, and the ability to define arbitrary recursive types. It also has built-in types and syntax for finite sets. For example,<br> A : Set ℕ A = {1, 3, 6}<br> (Incidentally, I will be using Unicode syntax since it looks nice, but there are also ASCII equivalents for everything.) Sets support the usual operations like union, intersection, and difference, as well as set comprehension notation. The intention is that this will provide a rich playground for students to play around with the basic set theory that is typically taught in a discrete math class.<br> But wait…<br> Hopefully the above all seems pretty normal if you are used to programming in a statically typed language. Unfortunately, there is something here that I suspect is going to be deeply confusing to students. I am so used to it that it took me a long time to realize what was wrong; maybe you have not realized it either. (Well, perhaps I gave it away with the title of the blog post…)<br> In a math class, we typically tell students that is a set . But in Disco,<br> ℕ<br> is a type and something like<br> {1,2,3}<br> is a set. If you have been told that is a set, the distinction is going to seem very weird and artificial to you. For example, right now in Disco, you can ask whether<br> {1,2}<br> is a subset of<br> :<br> Disco> {1,2} ⊆ {1,2,3} true<br> But if you try to ask whether<br> , you get a syntax error:<br> Disco> {1,2} ⊆ ℕ 1:10: | 1 | {1,2} ⊆ ℕ | ^ keyword "ℕ" cannot be used as an identifier<br> Now, we could try various things to improve this particular example—at the very least, make it fail more gracefully. But the fundamental question remains: what is the distinction between types and sets, and why is it important? If it’s not important, we should get rid of it; if it is important, then I need to be able to explain it to students!<br> We could try to completely get rid of the distinction, but this seems like it would lead directly to a dependent type system and refinement types. Refinement types <a rel="noreferrer" target="_blank" href="https://ucsd-progsys.github.io/liquidhaskell-blog/">are super cool</a> but I really don’t think I want to go there (Disco’s type system is <a rel="noreferrer" target="_blank" href="https://github.com/disco-lang/disco/issues/207">already complicated enough</a> ).<br> However, I think there actually is an important distinction; this blog post is my first attempt at crystallizing my thoughts on the distinction and how I plan to explain it to students.<br> Types vs sets<br> So what is the difference between sets and types? The slogan is that types are intensional , whereas sets are extensional . (I won’t actually use those words with my students.) That is:<br> Sets are characterized by the relation: we can ask which items are elements of a set and which are not.<br> Types, on the other hand, are characterized by how elements of the type are built: we can construct elements of a type (and deconstruct them) in certain ways specific to the type.<br> This seems kind of symmetric, but it is not. You can’t ask whether a thing is an element of a set if you don’t know how to even make or talk about any things in the first place. So types are prior to sets: types provide a universe of values, constructed in orderly ways, that we can work with; only then can we start picking out certain values to place them in a set.<br> Of course, this all presupposes some kind of type theory as foundational. Of course I am aware that one can instead take axiomatic set theory as a foundation and build everything up from the empty set. But I’m building a typed functional programming language, so of course I’m taking type theory as foundational! More importantly, however, it’s what almost every working mathematician does in practice . No one actually works or thinks in terms of axiomatic set theory (besides set theorists). Even in a typical math class, some sets are special. Before we can talk about the set , we have to introduce the special set so we know what , , and are. Before we can talk about the set we have to introduce the special Cartesian product operation on sets so we know what tuples are. And so on. We can think of types as a language for describing this prior class of special sets.<br> Explaining things to students<br> So what will I actually say to my students? First of all, when introducing the language, I will tell them about various built-in primitive types like naturals, rationals, booleans, and characters. I won’t make a big deal about it, and I don’t think I will need to: for the most part they will have already seen a language like Python or Java with types for primitive values.<br> When we get to talking about sets, however (usually the second unit, after starting with propositional logic), we will define sets as collections of values, and I will explicitly point out the similarity to types. I will tell them that types are special built-in sets with rules for building their elements. We will go on to talk about disjoint union and Cartesian product, and practice building elements of sum and product types. (When we later get to recursion, they will therefore have the tools they need to start building recursive types such as lists and trees.)<br> The other thing to mention will be the way that when we write the type of a set, as in,<br> Set ℕ<br> , we have to write down the type of the elements—in other words, the universe , or ambient set from which the elements are chosen. When introducing set theory, traditionally one mentions universe sets only when talking about the set complement operation; but the fact is that mathematicians always have some universe set in mind when describing a given set.<br> Now, coming back to the example of<br> {1,2} ⊆ ℕ<br> , it would still be confusing for students if this is a syntax error, and I have some ideas about how to make it work. Briefly, the idea is to allow types to be used in expressions (but not the other way around!), with<br> T : Set T<br> . If I tell them that types are special sets, then logically they will expect to be able to use them as such! However, this is an extremely nontrivial change: it means that Disco would now be able to represent infinite sets, requiring sets to be internally represented via a deep embedding, rather than simply storing their elements (as is currently the case). For example,<br> 2 ∈ (ℕ \ {3,5})<br> should evaluate to<br> true<br> , but we obviously can’t just enumerate all the elements of<br> ℕ \ {3,5}<br> since there are infinitely many. More on this in a future post, perhaps!<br> Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/projects/">projects</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/teaching/">teaching</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/foundations/">foundations</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/language/">language</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/math/">math</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/pedagogy/">pedagogy</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/programming/">programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/sets/">sets</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/types/">types</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/24/types-versus-sets-in-math-and-programming-languages/#respond">Leave a comment</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210624-121858/ Thu, 24 Jun 2021 12:18:57 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210624-121858/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-britain-johnson/uk-pm-johnson-im-not-ruling-out-a-foreign-vacation-this-summer-idUSKCN2E01BO">UK PM Johnson: I'm not ruling out a foreign vacation this summer</a><br></p> <hr> British Prime Minister Boris Johnson said on Thursday he was not ruling out going abroad for his summer vacation this year as the government mulls easing restrictions on travel for those who have had two COVID-19 vaccination doses.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-russia-britain-navy/russia-warns-britain-do-not-provoke-us-again-in-black-sea-idUSKCN2E00K3">Russia warns Britain: Do not provoke us again in Black Sea</a><br> https://www.whatsupup.com/blog/sited/implore/20210624-121826/ Thu, 24 Jun 2021 12:18:25 +0000 https://www.whatsupup.com/blog/sited/implore/20210624-121826/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/24/technology/antitrust-overhaul-congress.html">Antitrust Overhaul Passes Its First Tests. Now, the Hard Parts. When the Judiciary Committee began approving a suite of bills on Wednesday, it exposed the fault lines that could make final passage difficult. By Cecilia Kang and David McCabe</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210624-081835/ Thu, 24 Jun 2021 08:18:35 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210624-081835/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/emotions-run-high-as-hk-bids-farewell-to-pro-democracy-newspaper-apple-daily-idUSKCN2E0045">Emotions run high as HK bids farewell to pro-democracy newspaper Apple Daily</a><br></p> <hr> HONG KONG (Reuters) -Hong Kong residents snapped up last-edition copies of the final edition of pro-democracy newspaper Apple Daily on Thursday after it was forced to end a 26-year run amid a national security crackdown that froze the company's funds.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-apple-daily-newsroo/heartbreak-in-newsroom-as-apple-daily-bids-farewell-to-hong-kong-idUSKCN2E00QH">Heartbreak in newsroom as Apple Daily bids farewell to Hong Kong</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/sydney-faces-scariest-period-in-pandemic-amid-delta-outbreak-idUSKCN2DZ2RR">Sydney faces 'scariest period' in pandemic amid Delta outbreak</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210624-081809/ Thu, 24 Jun 2021 08:18:09 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210624-081809/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/author/dan-goodin/">Dan Goodin</a> – 6/23/2021, 8:46 PM<br> <a rel="noreferrer" target="_blank" href="https://arstechnica.com/author/dan-goodin/">Dan Goodin</a> – 6/4/2021, 11:55 AM<br> https://www.whatsupup.com/blog/phonic/shopboy/20210624-081220/ Thu, 24 Jun 2021 08:12:20 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210624-081220/ How can you be asleep at a time like this? Join us in 3 minutes! <a rel="noreferrer" target="_blank" href="https://t.co/r7w12ewPPn"><a href="https://t.co/r7w12ewPPn">https://t.co/r7w12ewPPn</a></a><br> I'm discussing “ A Conversation with Marc Andreessen” with @sriramk, @stevesi, @aarthir, and Good Time. Today, Jun 23 at 10:00 PM PDT on @clubhouse. Join us! <a rel="noreferrer" target="_blank" href="https://t.co/r7w12ewPPn"><a href="https://t.co/r7w12ewPPn">https://t.co/r7w12ewPPn</a></a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210624-042203/ Thu, 24 Jun 2021 04:22:03 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210624-042203/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132533_2022-honda-civic-hatchback-price-specs-review-photos-info">US-built 2022 Honda Civic Hatchback combines sportiness and practicality</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132052_2021-ford-mustang-mach-e-gt-and-gt-performance-price-specs-review-photos-info">2021 Ford Mustang Mach-E GT and GT Performance priced from $61,000, have up to 270 miles of range</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131252_2022-infiniti-qx60-price-specs-review-photos-info">Preview: 2022 Infiniti QX60 coming with 295-hp V-6, 9-speed automatic, sharper looks</a><br> https://www.whatsupup.com/blog/effete/washstand/20210624-042152/ Thu, 24 Jun 2021 04:21:51 +0000 https://www.whatsupup.com/blog/effete/washstand/20210624-042152/ <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog">Discover</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210624-041822/ Thu, 24 Jun 2021 04:18:22 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210624-041822/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/john-mcafee-the-eccentric-av-tycoon-dead-at-75-by-apparent-suicide/">AV mogul John McAfee found dead by hanging in Spanish prison cell</a><br></p> <hr> McAFee's larger-than-life and often illegal antics came to define his later years.<br> Open source repositories can be vectors for maliciousness, so look before you run.<br> https://www.whatsupup.com/blog/sited/implore/20210624-041818/ Thu, 24 Jun 2021 04:18:17 +0000 https://www.whatsupup.com/blog/sited/implore/20210624-041818/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/23/technology/big-tech-antitrust-bills.html">House Lawmakers Are Considering 6 Bills Aimed at Big Tech A committee took its first vote in the early afternoon, advancing a bill that would increase the money companies pay government agencies when getting some mergers approved. By Cecilia Kang and David McCabe</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/23/us/politics/biden-infrastructure-plan.html">Biden and Senators Close In on Bipartisan Infrastructure Deal Lawmakers were set to take a tentative framework to the White House on Thursday. Administration officials signaled the president was prepared to support it, pending final details. By Jim Tankersley and Emily Cochrane</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210624-041153/ Thu, 24 Jun 2021 04:11:52 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210624-041153/ <p>By popular demand, we have @pmarca back on our show tonight at 10pm. Join @aarthir, @stevesi and me as we talk to Marc about</p> <p>↳ the last year/aftermath of “time to build” ↳ AI ↳ Productivity, wages, the economy ↳ Impact of COVID on work ↳ And more!</p> <p>Join us at 10pm PT. <a rel="noreferrer" target="_blank" href="https://t.co/C0wofe5gPi"><a href="https://t.co/C0wofe5gPi">https://t.co/C0wofe5gPi</a></a><br></p> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210623-162137/ Wed, 23 Jun 2021 16:21:36 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210623-162137/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132583_midnight-purple-r34-nissan-skyline-gt-r-v-spec-sold-for-315-187">Midnight Purple R34 Nissan Skyline GT-R V-Spec sold for $315,187</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10001739_viknesh-vijayenthiran">Viknesh Vijayenthiran - Editor</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210623-161808/ Wed, 23 Jun 2021 16:18:08 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210623-161808/ <p>Supreme Court rules in favor of teen whose profane social media post got her banished from high school cheerleading squad <a rel="noreferrer" target="_blank" href="https://www.reuters.com/legal/litigation/us-supreme-court-hands-victory-cheerleader-free-speech-case-2021-06-23/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-russia-britain-navy/russia-says-it-chases-british-destroyer-out-of-crimea-waters-with-warning-shots-bombs-idUSKCN2DZ16I">Russia says it chases British destroyer out of Crimea waters with warning shots, bombs</a><br></p> <hr> MOSCOW/LONDON (Reuters) -Russia said on Wednesday it had fired warning shots and dropped bombs in the path of a British warship to chase it out of waters Moscow claims in the Black Sea off the coast of the Crimea peninsula.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ethiopia-conflict/medical-official-air-strike-kills-at-least-43-in-ethiopias-tigray-idUSKCN2DZ0Y9">Medical official: air strike kills at least 43 in Ethiopia's Tigray</a><br> https://www.whatsupup.com/blog/sited/implore/20210623-161752/ Wed, 23 Jun 2021 16:17:52 +0000 https://www.whatsupup.com/blog/sited/implore/20210623-161752/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/23/us/politics/tech-giants-are-aggressively-lobbying-washington-to-back-off-on-antitrust-rules.html">Tech giants are aggressively lobbying Washington to back off on antitrust rules. By Cecilia Kang, David McCabe and Kenneth P. Vogel</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210623-161744/ Wed, 23 Jun 2021 16:17:44 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210623-161744/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/counterfeit-pypi-packages-with-5000-downloads-installed-cryptominers/">Ahoy, there’s malice in your repos—PyPI is the latest to be abused</a><br></p> <hr> Open source repositories can be vectors for badness, so look before you run.<br> https://www.whatsupup.com/blog/seer/hemisphere/20210623-161703/ Wed, 23 Jun 2021 16:17:02 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210623-161703/ <p><a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-01692-7">The 2,000 stars where aliens would catch a glimpse of Earth</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nature.com/search?q=%22Alexandra+Witze%22&order=date_desc">Rights & permissions for article The 2,000 stars where aliens would catch a glimpse of Earth . Opens in a new window.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210623-160614/ Wed, 23 Jun 2021 16:06:14 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210623-160614/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/how-cyber-sleuths-cracked-an-atm-shimmer-gang/">How Cyber Sleuths Cracked an ATM Shimmer Gang</a><br></p> <hr> In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn’t decrypt the data on the devices. This is a story of ingenuity and happenstance, and how one former Secret Service agent helped crack a code that revealed the contours of a global organized crime ring.<br> Jeffrey Dant was a special agent at the U.S. Secret Service for 12 years until 2015. After that, Dant served as the global lead for the fraud fusion center at Citi , one of the largest financial institutions in the United States.<br> Not long after joining Citi, Dant heard from industry colleagues at a bank in Mexico who reported finding one of these shimming devices inside the card acceptance slot of a local ATM. As it happens, KrebsOnSecurity <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2015/08/chip-card-atm-shimmer-found-in-mexico/">wrote about that particular shimmer back in August 2015</a> .<br> This card ‘shimming’ device is made to read chip-enabled cards and can be inserted directly into the ATM’s card acceptance slot.<br> The shimmers were an innovation that caused concern on multiple levels. For starters, chip-based payment cards were supposed to make it far more expensive and difficult for thieves to copy and clone. But these skimmers took advantage of weaknesses in the way many banks at the time implemented the new chip card standard.<br> Also, unlike traditional ATM skimmers that run on hidden cell phone batteries, the ATM shimmers found in Mexico did not require any external power source, and thus could remain in operation collecting card data until the device was removed.<br> When a chip card is inserted, a chip-capable ATM reads the data stored on the smart card by sending an electric current through the chip. Incredibly, these shimmers were able to siphon a small amount of that power (a few milliamps) to record any data transmitted by the card. When the ATM is no longer in use, the skimming device remains dormant, storing the stolen data in an encrypted format.<br> Dant and other investigators looking into the shimmers didn’t know at the time how the thieves who planted the devices went about gathering the stolen data. Traditional ATM skimmers are either retrieved manually, or they are programmed to transmit the stolen data wirelessly, such as via text message or Bluetooth.<br> But recall that these shimmers don’t have anywhere near the power needed to transmit data wirelessly, and the flexible shimmers themselves tend to rip apart when retrieved from the mouth of a compromised ATM. So how were the crooks collecting the loot?<br> “We didn’t know how they were getting the PINs at the time, either,” Dant recalled. “We found out later they were combining the skimmers with old school cameras hidden in fake overhead and side panels on the ATMs.”<br> Investigators wanted to look at the data stored on the shimmer, but it was encrypted. So they sent it to MasterCard’s forensics lab in the United Kingdom, and to the Secret Service.<br> “The Secret Service didn’t have any luck with it,” Dant said. “MasterCard in the U.K. was able to understand a little bit at a high level what it was doing, and they confirmed that it was powered by the chip. But the data dump from the shimmer was just encrypted gibberish.”<br> Organized crime gangs that specialize in deploying skimmers very often will encrypt stolen card data as a way to remove the possibility that any gang members might try to personally siphon and sell the card data in underground markets.<br> THE DOWNLOAD CARDS<br> Then in 2017, Dant got a lucky break: Investigators had found a shimming device inside an ATM in New York City, and that device appeared identical to the shimmers found in Mexico two years earlier.<br> “That was the first one that had showed up in the U.S. at that point,” Dant said.<br> The Citi team suspected that if they could work backwards from the card data that was known to have been recorded by the skimmers, they might be able to crack the encryption.<br> “We knew when the shimmer went into the ATM, thanks to closed-circuit television footage,” Dant said. “And we know when that shimmer was discovered. So between that time period of a couple of days, these are the cards that interacted with the skimmer, and so these card numbers are most likely on this device.”<br> Based off that hunch, MasterCard’s eggheads had success decoding the encrypted gibberish. But they already knew which payment cards had been compromised, so what did investigators stand to gain from breaking the encryption?<br> According to Dant, this is where things got interesting: They found that the same primary account number (unique 16 digits of the card) was present on the download card and on the shimmers from both New York City and Mexican ATMs.<br> Further research revealed that account number was tied to a payment card issued years prior by an Austrian bank to a customer who reported never receiving the card in the mail.<br> “So why is this Austrian bank card number on the download card and two different shimming devices in two different countries, years apart?” Dant said he wondered at the time.<br> He didn’t have to wait long for an answer. Soon enough, the NYPD brought a case against a group of Romanian men suspected of planting the same shimming devices in both the U.S. and Mexico. Search warrants served against the Romanian defendants turned up multiple copies of the shimmer they’d seized from the compromised ATMs. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/how-cyber-sleuths-cracked-an-atm-shimmer-gang/#more-54583">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210623-122155/ Wed, 23 Jun 2021 12:21:54 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210623-122155/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132670_first-ride-2022-toyota-86-redesign-rewards-drivers">First ride: 2022 Toyota 86 redesign rewards drivers</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132680_2022-mercedes-benz-gle-class-spy-shots">2022 Mercedes-Benz GLE-Class spy shots</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132676_bugatti-chiron-super-sport-undergoing-high-speed-testing">Bugatti Chiron Super Sport undergoing high-speed testing</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132642_2022-porsche-macan-r34-nissan-gt-r-2022-toyota-tundra-this-week-s-top-photos">2022 Porsche Macan, R34 Nissan GT-R, 2022 Toyota Tundra: This Week's Top Photos</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210623-121818/ Wed, 23 Jun 2021 12:18:18 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210623-121818/ <p>Air strike kills dozens in Ethiopia's Tigray region <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DZ0Y9">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-apple-daily/hong-kong-pro-democracy-paper-apple-daily-to-print-last-edition-on-thursday-idUSKCN2DZ0BR">Hong Kong pro-democracy paper Apple Daily to print last edition on Thursday</a><br></p> <hr> HONG KONG (Reuters) -Hong Kong's pro-democracy tabloid Apple Daily announced it will print its last edition on Thursday after a stormy year in which it was raided by police and its tycoon owner and other staff were arrested under a new national security law.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-spain-politics-catalonia-prison/pardoned-catalan-separatist-leaders-walk-out-of-jail-idUSKCN2DZ12O">Pardoned Catalan separatist leaders walk out of jail</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-russia-britain-navy/russian-forces-reportedly-fire-warning-shots-at-british-destroyer-in-black-sea-idUSKCN2DZ16I">Russian forces reportedly fire warning shots at British destroyer in Black Sea</a><br> https://www.whatsupup.com/blog/sited/implore/20210623-121748/ Wed, 23 Jun 2021 12:17:47 +0000 https://www.whatsupup.com/blog/sited/implore/20210623-121748/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/23/us/politics/biden-infrastructure-plan.html">Biden’s Economic Agenda Faces Familiar Hurdle With Fight Over Financing As Democrats pursue both bipartisan infrastructure negotiations and a catch-all economic package, old divisions persist on how to fund the spending. By Jim Tankersley and Emily Cochrane</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210623-081909/ Wed, 23 Jun 2021 08:19:08 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210623-081909/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-apple-daily/hong-kongs-next-digital-says-apple-daily-newspaper-to-end-by-saturday-idUSKCN2DZ0BR">Hong Kong's Next Digital says Apple Daily newspaper to end by Saturday</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/sydney-isolated-as-covid-19-clusters-build-nz-tightens-curbs-in-capital-idUSKCN2DZ001">Sydney isolated as COVID-19 clusters build; NZ tightens curbs in capital</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210623-041911/ Wed, 23 Jun 2021 04:19:11 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210623-041911/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-taiwan-china-usa/china-condemns-latest-u-s-warship-transit-of-taiwan-strait-idUSKCN2DZ00F">China condemns latest U.S. warship transit of Taiwan Strait</a><br></p> <hr> BEIJING/TAIPEI (Reuters) -China condemned the United States on Wednesday as the region's greatest security "risk creator" after a U.S. warship again sailed through the sensitive waterway that separates Taiwan from China.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/first-person-charged-under-hong-kongs-national-security-law-pleads-not-guilty-idUSKCN2DZ06W">First person charged under Hong Kong's national security law pleads not guilty</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-iran-internet/u-s-blocks-websites-linked-to-iranian-disinformation-idUSKCN2DY27X">U.S. blocks websites linked to Iranian disinformation</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210623-040649/ Wed, 23 Jun 2021 04:06:48 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210623-040649/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/how-cyber-safe-is-your-drinking-water-supply/">How Cyber Safe is Your Drinking Water Supply?</a><br></p> <hr> Amid multiple recent reports of hackers breaking into and tampering with drinking water treatment systems comes a new industry survey with some sobering findings: A majority of the 52,000 separate drinking water systems in the United States still haven’t inventoried some or any of their information technology systems — a basic first step in protecting networks from cyberattacks.<br> The <a rel="noreferrer" target="_blank" href="https://www.cisa.gov/sector-coordinating-councils">Water Sector Coordinating Council</a> surveyed roughly 600 employees of water and wastewater treatment facilities nationwide, and found 37.9 percent of utilities have identified all IT-networked assets, with an additional 21.7 percent working toward that goal.<br> The Council found when it comes to IT systems tied to “operational technology” (OT) — systems responsible for monitoring and controlling the industrial operation of these utilities and their safety features — just 30.5 percent had identified all OT-networked assets, with an additional 22.5 percent working to do so.<br> “Identifying IT and OT assets is a critical first step in improving cybersecurity,” the report concluded. “An organization cannot protect what it cannot see.”<br> It’s also hard to see threats you’re not looking for: 67.9 percent of water systems reported no IT security incidents in the last 12 months, a somewhat unlikely scenario.<br> Michael Arceneaux , managing director of the <a rel="noreferrer" target="_blank" href="https://www.waterisac.org/">WaterISAC</a> — an industry group that tries to facilitate information sharing and the adoption of best practices among utilities in the water sector — said the survey shows much room for improvement and a need for support and resources.<br> “Threats are increasing, and the sector, EPA, CISA and USDA need to collaborate to help utilities prevent and recover from compromises,” Arceneaux <a rel="noreferrer" target="_blank" href="https://twitter.com/criticalh2o/status/1405638206301868032">said on Twitter</a> .<br> While documenting each device that needs protection is a necessary first step, a number of recent cyberattacks on water treatment systems have been blamed on a failure to properly secure water treatment employee accounts that can be used for remote access.<br> In April, federal prosecutors unsealed an indictment against a 22-year-old from Kansas who’s accused of <a rel="noreferrer" target="_blank" href="https://www.vice.com/en/article/3anx79/feds-indict-kansas-man-for-allegedly-hacking-into-water-supply">hacking into a public water system in 2019</a> . The defendant in that case is a former employee of the water district he allegedly hacked.<br> In February, we learned that <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/02/whats-most-interesting-about-the-florida-water-system-hack-that-we-heard-about-it-at-all/">someone hacked into the water treatment plan in Oldsmar, Fla.</a> and briefly increased the amount of sodium hydroxide (a.k.a. lye used to control acidity in the water) to 100 times the normal level. That incident stemmed from stolen or leaked employee credentials for TeamViewer , a popular program that lets users remotely control their computers.<br> In January, a hacker tried to poison a water treatment plant that served parts of the San Francisco Bay Area, <a rel="noreferrer" target="_blank" href="https://www.nbcnews.com/tech/security/hacker-tried-poison-calif-water-supply-was-easy-entering-password-rcna1206">reports</a> Kevin Collier for NBCNews. The hacker in that case also had the username and password for a former employee’s TeamViewer account. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/how-cyber-safe-is-your-drinking-water-supply/#more-56022">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210623-002235/ Wed, 23 Jun 2021 00:22:34 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210623-002235/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132681_473-hp-2022-porsche-911-gts-bows-as-a-coupe-convertible-and-targa">Porsche 911 GTS bows for 2022 as a 473-hp coupe, convertible, or targa</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210623-001905/ Wed, 23 Jun 2021 00:19:05 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210623-001905/ <p>U.S. Senate Republicans block Democrats' bid to hold debate on voting-rights legislation <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DY0XD">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-taiwan-china-usa/u-s-warship-transits-taiwan-strait-a-week-after-large-chinese-air-incursion-idUSKCN2DZ00F">U.S. warship transits Taiwan Strait a week after large Chinese air incursion</a><br></p> <hr> A U.S. warship has again sailed through the sensitive waterway that separates Taiwan from China, a week after the Chinese-claimed island reported the largest incursion https://www.reuters.com/world/asia-pacific/taiwan-reports-largest-incursion-yet-by-chinese-air-force-2021-06-15 to date of Chinese air force jets in Taiwan's air defence zone.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-iran-internet/u-s-blocks-websites-linked-to-iranian-disinformation-source-idUSKCN2DY27X">U.S. blocks websites linked to Iranian disinformation -source</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-britain-turing-gchq/britains-spy-agency-honours-codebreaker-turing-in-giant-artwork-idUSKCN2DY2M8">Britain's spy agency honours codebreaker Turing in giant artwork</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210622-201857/ Tue, 22 Jun 2021 20:18:56 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210622-201857/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ethiopia-election/officials-count-ballots-after-ethiopias-election-new-fighting-reported-in-tigray-idUSKCN2DY0RK">Officials count ballots after Ethiopia's election, new fighting reported in Tigray</a><br></p> <hr> ADDIS ABABA (Reuters) -Officials in Ethiopia counted ballots on Tuesday after a parliamentary election billed as the first free vote in the country's history but marred by an opposition boycott, war and reports of irregularities in some areas.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-immigration-mexico/in-a-mexican-border-camp-asylum-seekers-wait-for-biden-to-end-trump-health-directive-idUSKCN2DY1KJ">In a Mexican border camp, asylum seekers wait for Biden to end Trump health directive</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-spain-politics-catalonia/lets-talk-says-spain-as-jailed-catalan-separatists-are-pardoned-idUSKCN2DY1B2">Let's talk, says Spain, as jailed Catalan separatists are pardoned</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210622-201849/ Tue, 22 Jun 2021 20:18:48 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210622-201849/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/a-week-after-arrests-cl0p-ransomware-group-dumps-new-tranche-of-stolen-data/">A week after arrests, Cl0p ransomware group dumps new tranche of stolen data</a><br></p> <hr> Leak shows that, like the rest of the ransomware scourge, Cl0p isn't going away.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210622-162216/ Tue, 22 Jun 2021 16:22:15 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210622-162216/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132677_sneak-preview-2022-audi-rs-3-to-add-rear-torque-splitter-hit-62-mph-in-3-8-seconds">Sneak preview: 2022 Audi RS 3 to add rear torque splitter, hit 62 mph in 3.8 seconds</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132664_porsche-pcm-6-0-infotainment-system-adds-android-auto-hey-porsche-voice-recognition">Porsche PCM 6.0 infotainment system adds Android Auto, "Hey Porsche" voice recognition</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132463_deep-dive-2022-vw-golf-gti-and-r-interiors-go-digital">Deep dive: 2022 VW Golf GTI and R interiors go digital</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132621_new-ferrari-supercar-teased-to-debut-on-june-24">New Ferrari supercar teased, to debut on June 24</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210622-162016/ Tue, 22 Jun 2021 16:20:15 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210622-162016/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/2d/">2D</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/fold/">fold</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/geometry/">geometry</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/line/">line</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/origami/">origami</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/reflect/">reflect</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/19/competitive-programming-in-haskell-folding-folds/#comments">2 Comments</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210622-161821/ Tue, 22 Jun 2021 16:18:20 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210622-161821/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-spain-politics-catalonia/lets-talk-says-spain-as-jailed-catalan-separatists-pardoned-idUSKCN2DY1B2">Let's talk, says Spain, as jailed Catalan separatists pardoned</a><br></p> <hr> MADRID/BARCELONA (Reuters) -Spain's government on Tuesday pardoned all nine separatist leaders jailed for their role in Catalonia's failed independence bid in 2017, expressing hope that the gesture might help end a trial of strength that has sown deep divisions.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-eu-hungary-germany-roth/grotesque-eu-countries-condemn-hungary-over-anti-lgbtq-law-idUSKCN2DY0L9">'Grotesque': EU countries condemn Hungary over anti-LGBTQ law</a><br> https://www.whatsupup.com/blog/seer/hemisphere/20210622-161715/ Tue, 22 Jun 2021 16:17:15 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210622-161715/ <p><a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-01621-8">Astronomers victimized colleagues — and put historic Swedish department in turmoil</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nature.com/search?q=%22Alexandra+Witze%22&order=date_desc">Rights & permissions for article Astronomers victimized colleagues — and put historic Swedish department in turmoil . Opens in a new window.</a><br> https://www.whatsupup.com/blog/veld/paternal/20210622-161623/ Tue, 22 Jun 2021 16:16:22 +0000 https://www.whatsupup.com/blog/veld/paternal/20210622-161623/ <p><a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/author/eben#rp-app-landmark-main">Skip to main content</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/author/eben#rp-app-landmark-footer">Skip to footer</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/accessibility/">Accessbility statement and help</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/products/">Hardware</a><br> <hr> Low-cost, high-performance Raspberry Pi computers and accessories<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/products/raspberry-pi-4-model-b/">Buy Raspberry Pi 4</a> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/products/raspberry-pi-400/">Buy Raspberry Pi 400</a><br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/products/">All products</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/for-industry/">For industry</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/documentation/">Documentation</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/forums/">Forums</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/software/">Software</a><br> <hr> Everything you need to get started with your Raspberry Pi computer<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/software/">Our software</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/software/operating-systems/#raspberry-pi-os-32-bit">Raspberry Pi OS</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/downloads/raspberry-pi-desktop/">Raspberry Pi Desktop</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/help/">Help</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/books-magazines/">Books & magazines</a><br> <hr> Books and magazines from Raspberry Pi Press<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/books-magazines/">Explore our titles</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://magpi.raspberrypi.org/">The MagPi</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://hackspace.raspberrypi.org/">HackSpace</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wireframe.raspberrypi.org/">Wireframe</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://custompc.raspberrypi.org/">Custom PC</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/learn/">Learn</a><br> <hr> Free resources for young people to learn to code and become digital makers<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/learn/">Learn at home</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://projects.raspberrypi.org/">Guided coding projects</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://codeclub.org/">Learn at a Code Club</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://coderdojo.com/">Learn at a CoderDojo</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/teach/">Teach</a><br> <hr> Free training, resources, and guidance to help you teach computing with confidence<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/teach/">Support for teachers</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://teachcomputing.org/">Teach Computing</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://codeclub.org/en/start-a-code-club/">Start a Code Club</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/training/online/">Online training courses</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/about/">About us</a><br> <hr> We work to put the power of computing and digital making into the hands of people all over the world<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/donate/">Donate</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/support-us/">Support us</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/about/supporters/">Our supporters</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/">Blog</a><br> <hr> Raspberry Pi Blog<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog">All blog posts</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/archive/">Archive</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/feed/">RSS</a><br> <hr> Posts by Eben Upton<br> Chief Executive Raspberry Pi Trading - 113 posts<br> Eben Upton - 24th May 2021 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/announcing-the-raspberry-pi-poe-hat/#comments">74 comments</a><br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/pi-day-at-the-raspberry-pi-foundation/">Pi Day at the Raspberry Pi Foundation</a><br> <hr> Support us to give young people the tools to shape their future<br> Eben Upton - 26th Feb 2021 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/pi-day-at-the-raspberry-pi-foundation/#comments">4 comments</a><br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/spread-the-joy-of-learning-through-making/">Spread the joy of learning through making</a><br> <hr> Create a spark in a young person’s life!<br> Eben Upton - 1st Dec 2020 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/spread-the-joy-of-learning-through-making/#comments">2 comments</a><br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/new-raspberry-pi-4-case-fan/">New product: Raspberry Pi 4 Case Fan</a><br> <hr> A $5 stocking-filler that keeps your Raspberry Pi 4 cool under stress<br> Eben Upton - 30th Nov 2020 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/new-raspberry-pi-4-case-fan/#comments">81 comments</a><br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/vulkan-update-were-conformant/">Vulkan update: we’re conformant!</a><br> <hr> The V3DV Vulkan Mesa driver for Raspberry Pi 4 is conformant for Vulkan 1.0<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/raspberry-pi-400-the-70-desktop-pc/">Raspberry Pi 400: the $70 desktop PC</a><br> <hr> Your complete personal computer, built into a compact keyboard<br> Eben Upton - 2nd Nov 2020 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/raspberry-pi-400-the-70-desktop-pc/#comments">453 comments</a><br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/vulkan-update-merged-to-mesa/">Vulkan update: merged to Mesa</a><br> <hr> Vulkan driver for Raspberry Pi 4 becomes an official Vulkan Mesa driver, bringing many advantages<br> Eben Upton - 20th Oct 2020 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/vulkan-update-merged-to-mesa/#comments">37 comments</a><br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/raspberry-pi-compute-module-4/">Raspberry Pi Compute Module 4 on sale now from $25</a><br> <hr> Our most powerful, compact, flexible Compute Module yet<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/vulkan-update-now-with-added-source-code/">Vulkan update: now with added source code</a><br> <hr> The future of 3D on Raspberry Pi<br> Eben Upton - 9th Jun 2020 This post has <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/vulkan-update-now-with-added-source-code/#comments">33 comments</a><br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/8gb-raspberry-pi-4-on-sale-now-at-75/">8GB Raspberry Pi 4 on sale now at $75</a><br> <hr> Surprise!<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/blog/new-price-raspberry-pi-4-2gb/">A birthday gift: 2GB Raspberry Pi 4 now only $35</a><br> <hr> Happy birthday to us!<br> Page 1 of 10<br> About Us<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/about/meet-the-team">Our team</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/about/governance">Governance</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/safeguarding">Safeguarding</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/research-and-insights">Research</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://raspberrypi.workable.com/">Jobs</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/contact">Contact us</a><br> <hr> Support<br> <a rel="noreferrer" target="_blank" href="https://projects.raspberrypi.org/">Projects</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/training">Training</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/help/faqs">FAQ</a><br> <hr> Sign up to our newsletter<br> Subscribe<br> <a rel="noreferrer" target="_blank" href="https://www.facebook.com/raspberrypi">Like Raspberry Pi on Facebook</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://twitter.com/Raspberry_Pi">Follow Raspberry Pi on Twitter</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.instagram.com/raspberrypi/">Join us on Instagram</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://youtube.com/raspberrypi">Subscribe to the Raspberry Pi YouTube channel</a><br> <hr> Raspberry Pi Foundation UK Registered Charity 1129409<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/accessibility">Accessibility</a> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/privacy">Privacy</a> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/cookies">Cookies</a> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/trademark-rules">Trademark rules and brand guidelines</a><br> Got it!<br> We use cookies to ensure that we give you the best experience on our websites. By continuing to visit this site you agree to our use of cookies. <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org/cookies">Cookie policy</a> <a rel="noreferrer" target="_blank" href="https://cookieinfoscript.com">Cookie Info Script</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210622-122105/ Tue, 22 Jun 2021 12:21:05 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210622-122105/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132673_review-update-2021-dodge-durango-srt-hellcat-is-in-a-class-of-one">Review update: 2021 Dodge Durango SRT Hellcat is in a class of one</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132663_mazda-s-next-generation-vehicle-platform-to-be-used-with-gas-diesel-evs-and-front-and-rear-wheel-drive">Mazda's next-generation vehicle platform to be used with gas, diesel, EVs, and front- and rear-wheel drive</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210622-121725/ Tue, 22 Jun 2021 12:17:25 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210622-121725/ <p>EU antitrust regulators to investigate Google's adtech business <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DY0W0">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-belarus-politics/western-sanctions-bordering-on-a-declaration-of-economic-war-says-belarus-idUSKCN2DY105">Western sanctions bordering on a 'declaration of economic war', says Belarus</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-northkorea-usa-southkorea/n-korea-warns-u-s-misinterpreting-signals-risks-disappointment-idUSKCN2DY018">N.Korea warns U.S. misinterpreting signals risks disappointment</a><br> https://www.whatsupup.com/blog/veld/paternal/20210622-121521/ Tue, 22 Jun 2021 12:15:20 +0000 https://www.whatsupup.com/blog/veld/paternal/20210622-121521/ <p><a rel="noreferrer" target="_blank" href="https://my.raspberrypi.org">Raspberry Pi</a><br></p> <hr> Server error<br> A server error occured and your page could not be served, please try again in a few minutes<br> Origin is unreachable<br> The origin web server is not reachable.<br> Your IP address: 143.198.58.73<br> Error reference number: 523<br> Cloudflare Location: San Jose<br> <a rel="noreferrer" target="_blank" href="https://www.raspberrypi.org">Raspberry Pi Foundation</a><br> <hr> UK registered charity 1129409<br> https://www.whatsupup.com/blog/traveling/splay/20210622-081825/ Tue, 22 Jun 2021 08:18:24 +0000 https://www.whatsupup.com/blog/traveling/splay/20210622-081825/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/22/science/natural-history-museum-gems-minerals.html">Out There Why Geology Is Our Destiny A visit to the renovated hall of gems and minerals at the American Museum of Natural History reveals how the cosmos works in the real world. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210622-081715/ Tue, 22 Jun 2021 08:17:15 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210622-081715/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/hong-kong-court-grants-bail-to-activist-charged-under-security-law-media-idUSKCN2DY0MP">Hong Kong court grants bail to activist charged under security law -media</a><br></p> <hr> Hong Kong's High Court on Tuesday approved bail for a pro-democracy activist who is among 47 charged with conspiracy to commit subversion under a sweeping national security law Beijing imposed on its freest city last year, the city's public broadcaster RTHK reported.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-jury/hk-court-upholds-decision-for-no-jury-at-first-national-security-trial-idUSKCN2DY0BE">HK court upholds decision for no jury at first national security trial</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210622-041743/ Tue, 22 Jun 2021 04:17:43 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210622-041743/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/criticism-of-apple-daily-raid-is-attempt-to-beautify-security-threats-hk-leader-idUSKCN2DY06J">Criticism of Apple Daily raid is attempt to 'beautify' security threats-HK leader</a><br></p> <hr> HONG KONG (Reuters) -Hong Kong leader Carrie Lam hit back on Tuesday against criticism of authorities' actions against pro-democracy tabloid Apple Daily as attempts to "beautify" acts that endangered national security.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-northkorea-usa-southkorea/north-korea-ridicules-u-s-hopes-for-talks-as-allies-rethink-approach-idUSKCN2DY018">North Korea ridicules U.S. hopes for talks as allies rethink approach</a><br> https://www.whatsupup.com/blog/stratification/pride/20210622-041702/ Tue, 22 Jun 2021 04:17:01 +0000 https://www.whatsupup.com/blog/stratification/pride/20210622-041702/ Read the rules you agree to by using this website in our <a rel="noreferrer" target="_blank" href="https://boingboing.net/tos">Terms of Service</a> .<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210622-001818/ Tue, 22 Jun 2021 00:18:17 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210622-001818/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ethiopia-election/ethiopians-vote-as-opposition-alleges-some-irregularities-idUSKCN2DW0N9">Ethiopians vote as opposition alleges some irregularities</a><br></p> <hr> ADDIS ABABA (Reuters) -Prime Minister Abiy Ahmed said he hoped Ethiopia's national and regional elections on Monday would prove the success of democratic reforms, but an opposition boycott, war, ethnic violence and logistical challenges overshadowed the vote in some regions.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/peruvian-judge-in-keiko-fujimori-corruption-case-rejects-call-to-return-her-to-prison-idUSKCN2DX2JU">Peruvian judge in Keiko Fujimori corruption case rejects call to return her to prison</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210622-001759/ Tue, 22 Jun 2021 00:17:59 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210622-001759/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/connecting-to-malicious-wi-fi-networks-can-mess-with-your-iphone/">Connecting to malicious Wi-Fi networks can mess with your iPhone</a><br></p> <hr> The world's most secure consumer OS is bitten by a garden-variety programming bug.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210621-202153/ Mon, 21 Jun 2021 20:21:53 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210621-202153/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132603_the-jerrari-is-half-jeep-wagoneer-and-half-ferrari-365-gt-and-it-s-for-sale">The Jerrari is half Jeep Wagoneer and half Ferrari 365 GT, and it's for sale</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210621-201805/ Mon, 21 Jun 2021 20:18:05 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210621-201805/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-politics-raisi/irans-raisi-backs-nuclear-talks-rules-out-meeting-biden-idUSKCN2DX115">Iran's Raisi backs nuclear talks, rules out meeting Biden</a><br></p> <hr> Iranian President-elect Ebrahim Raisi on Monday backed talks between Iran and six world powers to revive a 2015 nuclear deal but flatly rejected meeting U.S. President Joe Biden, even if Washington removed all sanctions.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-next-digital/closure-looms-for-hong-kongs-pro-democracy-apple-daily-after-raids-idUSKCN2DX0O5">Closure looms for Hong Kong's pro-democracy Apple Daily after raids</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-defense-authorization/forever-war-authorization-measure-faces-delay-in-u-s-senate-idUSKCN2DX27R">'Forever war' authorization measure faces delay in U.S. Senate</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210621-200831/ Mon, 21 Jun 2021 20:08:31 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210621-200831/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/retool-user-license-app/">How Retool issues and manages user licenses using Retool An inside look at why and how we built a custom app for account managers to generate user license keys, manage trials, map account data with Salesforce, and manage feature flags.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210621-162203/ Mon, 21 Jun 2021 16:22:03 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210621-162203/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1129467_2021-mercedes-benz-s-class-price-specs-review-photos-info">First drive review: 2021 Mercedes-Benz S-Class will go down in history as peak ICE</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132629_ken-block-s-1977-ford-f-150-hoonitruck-for-sale-for-1-1m">Ken Block's 1977 Ford F-150 Hoonitruck for sale for $1.1M</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210621-161824/ Mon, 21 Jun 2021 16:18:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210621-161824/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-politics-analysis/iran-vote-points-to-hardline-goal-of-long-term-power-analysts-idUSKCN2DX1N7">Iran vote points to hardline goal of long-term power - analysts</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-france-election-paca/greens-candidate-quits-provence-run-off-complicating-le-pen-bid-media-idUSKCN2DX1GM">Greens candidate quits Provence run-off, complicating Le Pen bid -media</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210621-160828/ Mon, 21 Jun 2021 16:08:28 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210621-160828/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/react-map-library/">Choose one of these as the React map library for your next project We're breaking down the strengths and drawbacks of the top React map libraries, as well as highlight the types of projects each library excels at so you can determine what's best for you.</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210621-121806/ Mon, 21 Jun 2021 12:18:05 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210621-121806/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ethiopia-election/ethiopians-vote-in-what-government-bills-as-first-free-election-idUSKCN2DW0N9">Ethiopians vote in what government bills as first free election</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210621-081738/ Mon, 21 Jun 2021 08:17:38 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210621-081738/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-election-saudi/iran-set-to-stay-on-hardline-course-after-raisi-win-saudi-commentators-say-idUSKCN2DX0NC">Iran set to stay on hardline course after Raisi win, Saudi commentators say</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210621-041753/ Mon, 21 Jun 2021 04:17:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210621-041753/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-exclusive/exclusive-hks-apple-daily-to-shut-within-days-says-jimmy-lai-adviser-idUSKCN2DX00G">Exclusive-HK's Apple Daily to shut within days, says Jimmy Lai adviser</a><br></p> <hr> HONG KONG (Reuters) -Hong Kong pro-democracy newspaper Apple Daily will be forced to shut "in a matter of days" after authorities froze the company's assets under a national security law, an adviser to jailed owner Jimmy Lai told Reuters on Monday.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-quotes/what-people-in-hong-kong-say-about-apple-daily-idUSKCN2DX09B">What people in Hong Kong say about Apple Daily</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210620-201815/ Sun, 20 Jun 2021 20:18:14 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210620-201815/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-nuclear-talks/europeans-u-s-warn-iran-nuclear-talks-wont-be-open-ended-idUSKCN2DW09G">Europeans, U.S. warn Iran nuclear talks won't be open-ended</a><br></p> <hr> VIENNA/DUBAI (Reuters) -Western officials warned Tehran on Sunday that negotiations to revive its nuclear deal could not continue indefinitely, after the sides announced a break following the election of a new hardline president in Iran.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-france-election-regions/french-far-right-irked-by-election-results-southern-region-in-play-idUSKCN2DW00H">French far right irked by election results, southern region in play</a><br> https://www.whatsupup.com/blog/stratification/pride/20210620-201750/ Sun, 20 Jun 2021 20:17:49 +0000 https://www.whatsupup.com/blog/stratification/pride/20210620-201750/ Read the rules you agree to by using this website in our <a rel="noreferrer" target="_blank" href="https://boingboing.net/tos">Terms of Service</a> .<br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210620-201622/ Sun, 20 Jun 2021 20:16:21 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210620-201622/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2017/07/02/beyond-public-key-encryption/">Beyond public key encryption</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210620-161809/ Sun, 20 Jun 2021 16:18:09 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210620-161809/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-nuclear-talks/iran-world-powers-adjourn-nuclear-talks-resumption-date-unclear-idUSKCN2DW09G">Iran, world powers adjourn nuclear talks, resumption date unclear</a><br></p> <hr> VIENNA/DUBAI (Reuters) -Negotiators for Iran and six world powers on Sunday adjourned talks on reviving their 2015 nuclear deal and return to respective capitals for consultations as remaining differences still need to be overcome, officials said.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-nuclear-talks-eu/iran-nuclear-deal-still-possible-after-hardliners-election-eu-says-idUSKCN2DW0DR">Iran nuclear deal still possible after hardliner's election, EU says</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210620-122130/ Sun, 20 Jun 2021 12:21:30 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210620-122130/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132571_ford-shelby-cobra-concept-headed-to-monterey-auction">Ford Shelby Cobra concept headed to Monterey auction</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210620-121814/ Sun, 20 Jun 2021 12:18:13 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210620-121814/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-iran/israels-bennett-warns-against-nuclear-talks-with-irans-hangmen-regime-idUSKCN2DW06X">Israel's Bennett warns against nuclear talks with Iran's "hangmen regime"</a><br></p> <hr> Israel condemned on Sunday the election of hardline judge Ebrahim Raisi as Iranian president, saying his would be a "regime of brutal hangmen" with which world powers should not negotiate a new nuclear deal.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-nuclear-talks/iran-says-nuclear-talks-to-be-adjourned-for-consultations-in-capitals-idUSKCN2DW09G">Iran says nuclear talks to be adjourned for consultations in capitals</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-taiwan-usa/taiwan-welcomes-us-vaccine-aid-bolstering-its-covid-fight-idUSKCN2DW012">Taiwan welcomes US vaccine aid, bolstering its COVID fight</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210620-081725/ Sun, 20 Jun 2021 08:17:24 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210620-081725/ DUBAI (Reuters) -Gulf Arab states are unlikely to be deterred from dialogue to improve ties with Iran after a hardline judge won the presidency but their talks with Tehran might become tougher, analysts said.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-taiwan-hongkong/taiwanese-staff-to-leave-hong-kong-office-in-one-china-row-idUSKCN2DW02J">Taiwanese staff to leave Hong Kong office in 'one China' row</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210620-041928/ Sun, 20 Jun 2021 04:19:27 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210620-041928/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-taiwan-usa/forces-for-good-will-prevail-taiwan-welcomes-massive-us-vaccine-aid-idUSKCN2DW012">'Forces for good will prevail' - Taiwan welcomes massive US vaccine aid</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210620-002115/ Sun, 20 Jun 2021 00:21:15 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210620-002115/ Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/2d/">2D</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/fold/">fold</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/geometry/">geometry</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/line/">line</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/origami/">origami</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/reflect/">reflect</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/19/competitive-programming-in-haskell-folding-folds/#comments">1 Comment</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210620-001910/ Sun, 20 Jun 2021 00:19:09 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210620-001910/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-brazil/brazil-passes-half-a-million-covid-19-deaths-experts-warn-of-worse-ahead-idUSKCN2DV0DA">Brazil passes half a million COVID-19 deaths, experts warn of worse ahead</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210619-201956/ Sat, 19 Jun 2021 20:19:55 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210619-201956/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/19/competitive-programming-in-haskell-folding-folds/">Competitive programming in Haskell: folding folds</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/08/average-and-median-via-optimization/">Average and median via optimization</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210619-201743/ Sat, 19 Jun 2021 20:17:43 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210619-201743/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-election-gulf/as-iran-veers-right-ties-with-gulf-arabs-may-hinge-on-nuclear-pact-idUSKCN2DV0GJ">As Iran veers right, ties with Gulf Arabs may hinge on nuclear pact</a><br></p> <hr> Gulf Arab states are unlikely to be deterred from dialogue to improve ties with Iran after a hardline judge won the presidency but their talks with Tehran might become tougher, analysts said.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-election-raisi-newsmaker/winner-of-iran-presidency-is-hardline-judge-who-is-under-u-s-sanctions-idUSKCN2DR0GV">Winner of Iran presidency is hardline judge who is under U.S. sanctions</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210619-162103/ Sat, 19 Jun 2021 16:21:03 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210619-162103/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132650_2022-toyota-tundra-first-look">2022 Toyota Tundra first look</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210619-161934/ Sat, 19 Jun 2021 16:19:33 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210619-161934/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/19/competitive-programming-in-haskell-folding-folds/">Competitive programming in Haskell: folding folds</a><br></p> <hr> Now that the semester is over—and I will be on sabbatical in the fall!—you can expect a lot more competitive programming in Haskell posts. In <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/02/23/competitive-programming-in-haskell-folding-challenge/">a previous post</a> , I challenged you to solve <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/origami">Origami</a> . <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/02/23/competitive-programming-in-haskell-folding-challenge/#comment-39466">j0sejuan took me up on the challenge</a> , as did Aaron Allen and Ryan Yates; if you still want to try it, go do it before reading on!<br> In the problem, we start with a square sheet of paper and are given a series of folds to perform in sequence; each fold is specified as a line, and we fold whatever is on one side of the line across onto the other side. Given some query points, we have to compute how thick the resulting origami design is at each point.<br> Lines<br> The first order of business is some computational geometry relating to lines in 2D (this code can all be found in <a rel="noreferrer" target="_blank" href="https://github.com/byorgey/comprog-hs/blob/master/Geom.hs">Geom.hs</a> . Here I am following <a rel="noreferrer" target="_blank" href="https://vlecomte.github.io/">Victor Lecomte</a> ’s excellent <a rel="noreferrer" target="_blank" href="https://vlecomte.github.io/cp-geo.pdf">Handbook of geometry for competitive programmers</a> , which I think I’ve mentioned before. I’ll try to give a bit of explanation, but if you want full explanations and proofs you should consult that document.<br> The equation of a line can be thought of as the set of all points whose dot product with the vector is a constant . This will in fact be a line perpendicular to the vector , where determines the distance of the line from the origin. Alternatively, we can think of the vector , which is perpendicular to and thus parallel to the line; the line now consists of all points whose <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2020/07/10/competitive-programming-in-haskell-2d-cross-product-part-1/">2D cross product</a> with is the constant (since ; note that the order matters). Either representation would work, but I will follow Lecomte in choosing the second: we represent a line by a vector giving its direction, and a scalar offset.<br> data L2 s = L2 { getDirection :: ! ( V2 s ) , getOffset :: ! s } type L2D = L2 Double<br> There are a few ways to construct a line: from an equation , or from two points which lie on the line. The first is easy, given the above discussion. For the second, given points and , we can easily construct the direction of the line as . Then to get the constant , we simply use the fact that is the cross product of the direction vector with any point on the line, say, (of course would also work).<br> lineFromEquation :: Num s => s -> s -> s -> L2 s lineFromEquation a b c = L2 ( V2 b ( - a ) ) c lineFromPoints :: Num s => P2 s -> P2 s -> L2 s lineFromPoints p q = L2 v ( v `cross` p ) where v = q ^-^ p<br> Now we can write some functions to decide where a given point lies with respect to a line. First, the<br> side<br> function computes for any point .<br> side :: Num s => L2 s -> P2 s -> s side ( L2 v c ) p = cross v p - c<br> Of course, for points that lie on the line, this quantity will be zero. We can also classify points as lying to the left or right of the line (looking in the direction of ) depending on whether<br> side l p<br> is positive or negative, respectively.<br> onLine :: ( Num s , Eq s ) => L2 s -> P2 s -> Bool onLine l p = side l p == 0 leftOf :: ( Num s , Ord s ) => L2 s -> P2 s -> Bool leftOf l p = side l p > 0 rightOf :: ( Num s , Ord s ) => L2 s -> P2 s -> Bool rightOf l p = side l p < 0<br> The last piece we will need to solve the problem is a way to reflect a point across a line.<br> toProjection l p<br> computes the vector perpendicular to which points from to , and<br> reflectAcross<br> works by adding<br> p<br> twice. I won’t derive the definition of<br> toProjection<br> , but the basic idea is to start with a vector perpendicular to the direction of the line (<br> perp v<br> ) and scale it by a factor related to<br> . (Intuitively, it makes sense that tells us something about the distance from to the line; the farther away is from the line, the farther is from .) See Lecomte for the full details.<br> toProjection :: Fractional s => L2 s -> P2 s -> V2 s toProjection l @ ( L2 v _ ) p = ( - side l p / normSq v ) *^ perp v project :: Fractional s => L2 s -> P2 s -> P2 s project l p = p ^+^ toProjection l p reflectAcross :: Fractional s => L2 s -> P2 s -> P2 s reflectAcross l p = p ^+^ ( 2 *^ toProjection l p )<br> Folding origami<br> Finally we can solve the problem! First, some imports and input parsing.<br> {-# LANGUAGE RecordWildCards #-} import Control.Arrow import qualified Data.ByteString.Lazy.Char8 as C import Geom import ScannerBS main = C.interact $ runScanner tc >>> solve >>> map ( show >>> C.pack ) >>> C.unlines data TC = TC { steps :: [ L2D ] , holes :: [ P2D ] } tc = TC <$> numberOf ( lineFromPoints <$> p2 double <*> p2 double ) <*> numberOf ( p2 double ) solve :: TC -> [ Int ] solve TC { .. } = map countLayers holes where<br> For<br> countLayers<br> , the idea is to work backwards from a given query point to find all its preimages, that is, the points that will eventually map to that point under the folds. Then we can just count how many of those points lie (strictly) inside the original square of paper.<br> inSquare ( V2 x y ) = 0 < x && x < 1000 && 0 < y && y < 1000<br> For a given point and fold, there are two possibilities, depending on which side of the fold line the point falls on. If the point falls on the fold or to the right of it, then it has no preimages (we always fold from right to left, so after the fold, there will be no paper on the right side of the line, and the problem specifies that points exactly on a folded edge do not count). Hence we can just discard such a point. On the other hand, if the point lies on the left side of the line, then the point has two preimages: the point itself, and its reflection across the fold line.<br> preimage :: L2D -> P2D -> [ P2D ] preimage l p | leftOf l p = [ p , reflectAcross l p ] | otherwise = []<br> So we keep a set of points, starting with the singleton query point, and for each fold (in order from last to first) we find the preimage of every point in the set under the fold. We actually use lists of points instead of sets, because (1) we won’t ever get any collisions (actually, the more I think about this, the less sure I am!) and (2) it lets us use the actual list monad instead of making some ad-hoc<br> monad operations.<br> countLayers :: P2D -> Int countLayers q = length . filter inSquare $ foldr ( \ l -> ( >>= preimage l ) ) [ q ] steps<br> It is very satisfying to use a fold to process a list of folds!<br> Next time: Please, Go First<br> For next time, I invite you to solve <a rel="noreferrer" target="_blank" href="https://open.kattis.com/problems/pleasegofirst">Please, Go First</a> .<br> Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/competitive-programming/">competitive programming</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/haskell/">haskell</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/2d/">2D</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/fold/">fold</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/geometry/">geometry</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/haskell/">haskell</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/kattis/">Kattis</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/line/">line</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/origami/">origami</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/reflect/">reflect</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/19/competitive-programming-in-haskell-folding-folds/#respond">Leave a comment</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210619-161743/ Sat, 19 Jun 2021 16:17:43 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210619-161743/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-election-victory/khamenei-protege-wins-iran-election-amid-low-turnout-idUSKCN2DV05J">Khamenei protege wins Iran election amid low turnout</a><br></p> <hr> DUBAI (Reuters) -Ebrahim Raisi, a hardline judge who is under U.S. sanctions for human rights abuses, secured victory as expected on Saturday in Iran's presidential election after a contest marked by voter apathy over economic hardships and political restrictions.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-election-amnesty/rights-groups-call-for-probe-into-irans-raisi-for-crimes-against-humanity-idUSKCN2DV0BB">Rights groups call for probe into Iran's Raisi for crimes against humanity</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210619-122142/ Sat, 19 Jun 2021 12:21:42 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210619-122142/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132623_awkward-tesla-model-s-yoke-is-no-joke">Awkward: Tesla Model S yoke is no joke</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210619-121816/ Sat, 19 Jun 2021 12:18:16 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210619-121816/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-election-victory/hardline-judge-poised-for-iran-presidency-in-landslide-election-win-idUSKCN2DV05J">Hardline judge poised for Iran presidency in landslide election win</a><br></p> <hr> Hardline judge Ebrahim Raisi was heading for a landslide win in Iran's presidential election on Saturday, as the man he will replace pledged a smooth transition a day after millions voted in a contest that critics boycotted over economic woes and political curbs.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-usa-taiwan/exclusive-u-s-triples-vaccines-for-taiwan-with-2-5-million-dose-shipment-idUSKCN2DV0AX">Exclusive-U.S. triples vaccines for Taiwan with 2.5 million-dose shipment</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210619-081830/ Sat, 19 Jun 2021 08:18:29 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210619-081830/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-election-victory/hardline-judge-raisi-leads-in-iranian-presidential-election-says-official-idUSKCN2DV05J">Hardline judge Raisi leads in Iranian presidential election, says official</a><br></p> <hr> DUBAI (Reuters) -Hardline judge Ebrahim Raisi leads Iran's presidential election, an interior ministry official said on Saturday, a day after millions of Iranians voted in a contest that critics boycotted over economic woes and political restrictions.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/apple-daily-editor-ceo-denied-bail-in-hong-kong-idUSKCN2DV011">Apple Daily editor, CEO denied bail in Hong Kong</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210619-081642/ Sat, 19 Jun 2021 08:16:42 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210619-081642/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2017/11/08/a-few-thoughts-on-csrankings-org/">A few thoughts on CSRankings.org</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210619-041812/ Sat, 19 Jun 2021 04:18:11 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210619-041812/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/crowds-gather-for-hearing-of-two-apple-daily-executives-on-national-security-charge-idUSKCN2DV011">Crowds gather for hearing of two Apple Daily executives on national security charge</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/peru-ex-military-stir-election-tensions-with-appeal-to-armed-forces-to-remedy-poll-idUSKCN2DU2F5">Peru ex-military stir election tensions with appeal to Armed Forces to "remedy" poll</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210619-001758/ Sat, 19 Jun 2021 00:17:57 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210619-001758/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-myanmar-politics-un/united-nations-calls-for-halt-of-weapons-to-myanmar-idUSKCN2DU1US">United Nations calls for halt of weapons to Myanmar</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-refugees/canada-vows-to-nearly-double-intake-of-protected-persons-as-refugee-family-backlog-grows-idUSKCN2DU2AO">Canada vows to nearly double intake of 'protected persons' as refugee family backlog grows</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210618-201723/ Fri, 18 Jun 2021 20:17:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210618-201723/ <p>Exclusive: Fed’s Neel Kashkari opposes rate hikes at least through 2023 as the central bank becomes more hawkish <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DU26B">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-election/judge-under-u-s-sanctions-set-to-take-over-iran-presidency-idUSKCN2DT2V9">Judge under U.S. sanctions set to take over Iran presidency</a><br></p> <hr> DUBAI (Reuters) -Millions of Iranians voted on Friday in a contest set to hand the presidency to a hardline judge who is subject to U.S. sanctions, though anger over economic hardship and curbs on freedoms mean many will heed calls for a boycott.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-mexico-train-accident/mexico-city-mayor-to-construction-firms-pay-up-for-collapsed-metro-line-idUSKCN2DU25V">Mexico City mayor to construction firms: Pay up for collapsed metro line</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-venezuela-politics/venezuela-opposition-committee-to-seek-support-in-washington-brussels-idUSKCN2DU280">Venezuela opposition committee to seek support in Washington, Brussels</a><br> https://www.whatsupup.com/blog/trifid/ragwort/20210618-201556/ Fri, 18 Jun 2021 20:15:55 +0000 https://www.whatsupup.com/blog/trifid/ragwort/20210618-201556/ <a rel="noreferrer" target="_blank" href="https://smartcar.com/dpa/">Data Processing Addendum</a><br> https://www.whatsupup.com/blog/depository/unfitted/20210618-201409/ Fri, 18 Jun 2021 20:14:09 +0000 https://www.whatsupup.com/blog/depository/unfitted/20210618-201409/ <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/going-up-the-hill/">Going up the hill</a> : 2021<br> https://www.whatsupup.com/blog/effete/washstand/20210618-162107/ Fri, 18 Jun 2021 16:21:06 +0000 https://www.whatsupup.com/blog/effete/washstand/20210618-162107/ <p>Discover<br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/realtime/">Real-Time Episodes being played now</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/explorer/">Explorer Find similar podcasts</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/best-podcasts/">Best Podcasts Recommended by us</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/hot-podcasts/">Hot Podcasts Popular shows today</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/curated-podcasts/">Curated Podcasts Recommended by media</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/podcast-playlists/">Playlists Playlists from our community</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/classifieds/">Classified Ads Help needed for podcasts</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/podcast-academy/">Podcast Academy Learn podcasting</a><br> <hr> ☰ MORE<br> |<br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog">Login</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/about/">ABOUT</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/business/">BUSINESS</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/labs/">LABS</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/help/">HELP</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/podcast-stats/">PODCAST STATS</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/blog/">BLOG</a> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/contact/">CONTACT</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://listennotes.substack.com/">Get Listen Notes Monthly Updates Email Newsletter</a><br> <hr> SHARE<br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/accounts/facebook/login/?next=%2Fblog%2F">Continue with Facebook</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/accounts/google/login/?next=%2Fblog%2F&method=oauth2">Continue with Google</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/accounts/twitter/login/?next=%2Fblog%2F&method=oauth2">Continue with Twitter</a><br> <hr> ✓ English (en)<br> <hr> Put this image on your website to promote the show -<br> Get embed code<br> <a href=" " title=" "><img loading="lazy" src=" " alt=" " style="height: 120px; max-width: 100%;" /></a><br> What is Listen Score? Listen Score (LS) is a metric that shows the estimated popularity of this podcast compared to <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/podcast-stats/">other rss-based public podcasts</a> in the world on a scale from 0 to 100. The higher, the more popular. Calculated from 1st and 3rd party data. Updated monthly.<br> What is Global Rank? This podcast is one of the top most popular shows out of <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/podcast-stats/">2,500,052 podcasts</a> globally, ranked by Listen Score (the estimated popularity score).<br> Updated: 2021-5-5<br> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/listen-score/">About Listen Score</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/listen/">Listen Later Curate podcast playlists</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/clips/">Listen Clips Create podcast clips</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/alerts/">Listen Alerts Monitor podcast mentions</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/api/">Listen API Build podcast apps</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/datasets/">Listen Datasets Batch export podcasts</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/premium/">Premium Membership Advanced search features</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/submit/">Submit Add your podcasts</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/integrations/">Integrations Bring podcasts everywhere</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.listennotes.com/podcaster-interviews/">Podcaster Interviews We interview podcasters</a><br> <hr> https://www.whatsupup.com/blog/twopenny/ultraism/20210618-161757/ Fri, 18 Jun 2021 16:17:56 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210618-161757/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-election/judge-sanctioned-by-u-s-set-to-take-over-iran-presidency-idUSKCN2DT2V9">Judge sanctioned by U.S. set to take over Iran presidency</a><br></p> <hr> DUBAI (Reuters) -Iranians voted on Friday in a contest set to hand the presidency to a hardline judge subject to U.S. sanctions, though many are likely to ignore the ballot amid anger over economic hardship and calls for a boycott by critics of hardline rule.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-britain-politics/embarrassing-defeat-uk-pm-johnsons-party-loses-out-at-election-idUSKCN2DU0KE">Embarrassing defeat, UK PM Johnson's party loses out at election</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/06/18/the-week-in-numbers-moving-bottles-move?videoId=731733119&videoChannel=118169">The Week in Numbers: moving bottles move markets</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20210618-161651/ Fri, 18 Jun 2021 16:16:51 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210618-161651/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-big-tech-bill-that-could-backfire">The One Big Tech Bill That Could Backfire Spectacularly</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-big-tech-bill-that-could-backfire">Congress wants to stop most Big Tech acquisitions. But that won't necessarily increase competition.</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210618-161505/ Fri, 18 Jun 2021 16:15:04 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210618-161505/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/06/get-ready-for-2021-google-ctf.html">Get ready for the 2021 Google CTF</a><br></p> <hr> Posted by Kristoffer Janke, Information Security Engineer<br> Are you ready for no sleep, no chill and a lot of hacking? Our annual Google CTF is back! The competition kicks off on Saturday July 17 00:00:01 AM UTC and runs through Sunday July 18 23:59:59 UTC. Teams can register at <a rel="noreferrer" target="_blank" href="http://goo.gle/ctf">http://goo.gle/ctf</a> . Just like last year, the top 16 teams will qualify for our <a rel="noreferrer" target="_blank" href="https://capturetheflag.withgoogle.com/hackceler8#about">Hackceler8</a> speed run and the chance to take home a total of $30,301.70 in prize money.<br> As we reminisce on last years event, we’d be remiss if we didn’t recognize our 2020 winning teams:<br> Plaid Parliament of Pwning<br> I Use Bing<br> pasten<br> The Flat Network Society<br> We are eager to see if they can defend their leet status. For those interested, we have published all 2020 Hackceler8 videos for your viewing pleasure <a rel="noreferrer" target="_blank" href="http://goo.gle/hackceler8">here.</a> Whether you’re a seasoned CTF player or just curious about cyber security and ethical hacking, we want you to join us. Sign up to learn skills, meet new friends in the security community and even watch the pros in action. For the latest announcements, see g.co/ctf, subscribe to our mailing list or follow us on <a rel="noreferrer" target="_blank" href="https://twitter.com/GoogleVRP">@GoogleVRP</a> . See you there! P.S. Curious about last year’s Google CTF challenges? We open-sourced them <a rel="noreferrer" target="_blank" href="https://github.com/google/google-ctf/tree/master/2020/quals">here</a> .<br> Labels: <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/CTF">CTF</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/Security">Security</a><br> <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/CTF">CTF</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210618-160623/ Fri, 18 Jun 2021 16:06:22 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210618-160623/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/first-american-financial-pays-farcical-500k-fine/">First American Financial Pays Farcical $500K Fine</a><br></p> <hr> In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/First_American_Corporation">First American Financial Corp.</a> [ <a rel="noreferrer" target="_blank" href="https://www.marketbeat.com/stocks/NYSE/FAF/">NYSE:FAF</a> ] was <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/">leaking more than 800 million documents</a> — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.<br> First American Financial Corp.<br> If you bought or sold a property in the last two decades or so, chances are decent that you also gave loads of personal and financial documents to First American. According to <a rel="noreferrer" target="_blank" href="https://www.alta.org/publications/press-release.cfm?ALTA-Reports-Title-Premium-Volume-Increases-217-Percent-in-2020">data</a> from the American Land Title Association , First American is the second largest mortgage title and settlement company in the United States, handling nearly a quarter of all closings each year.<br> The SEC says First American derives nearly 92 percent of its revenue from its title insurance segment, earning $7.1 billion last year.<br> Title insurance protects homebuyers from the prospect of someone contesting their legitimacy as the new homeowner. According to <a rel="noreferrer" target="_blank" href="https://www.simpleshowing.com/blog/who-pays-for-the-title-insurance">SimpleShowing.com</a> , there are actually two title insurance policies in each transaction — one for the buyer and one for the lender (the latter also needs protection as they’re providing the mortgage to purchase the home).<br> Title insurance is not mandated by law, but most lenders require it as part of any mortgage transaction. In other words, if you wish to take out a mortgage on a home you will not be able to do so without giving companies like First American gobs of documents about your income, assets and liabilities — including quite a bit of sensitive financial data.<br> Aside from its core business competency — checking to make sure the property at issue in any real estate transaction is unencumbered by any liens or other legal claims against it — First American basically has one job: Protect the privacy and security of all these documents.<br> A redacted screenshot of one of many millions of sensitive records exposed by First American’s Web site.<br> It’s easy to see why companies like First American might not view protecting this data as sacrosanct, as the entire industry’s incentive for safeguarding all those sensitive documents is somewhat misaligned.<br> That is to say, in the title insurance industry the parties to a real estate transaction aren’t customers, but rather they are are the product . The actual customers of the title insurance companies are principally the banks which back these mortgage transactions.<br> We see a similar dynamic with social media platforms, where the “user” is not the customer at all but the product whose data is being bought and sold by these platforms.<br> Roughly five months before KrebsOnSecurity notified First American that anyone with a web browser could view sensitive document in its “Eagle Pro” database online just by changing some characters at the end of a link, an internal security audit at First American flagged the exact same vulnerability.<br> But the company never acted to fix it until the news media came calling. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/first-american-financial-pays-farcical-500k-fine/#more-55971">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210618-122011/ Fri, 18 Jun 2021 12:20:10 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210618-122011/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132580_2021-kia-k5-gt-price-specs-review-photos-info">First drive review: 2021 Kia K5 GT spins the fun dial way up</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132343_1994-toyota-supra-driven-by-paul-walker-in-the-fast-and-the-furious-for-sale">1994 Toyota Supra driven by Paul Walker in "The Fast and the Furious" for sale</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132466_1987-buick-gnx-with-8-7-miles-on-it-headed-to-auction">1987 Buick GNX with 8.7 miles on it headed to auction</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210618-121705/ Fri, 18 Jun 2021 12:17:04 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210618-121705/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-election/judge-under-u-s-sanctions-set-to-win-presidency-for-irans-hardliners-idUSKCN2DT2V9">Judge under U.S. sanctions set to win presidency for Iran's hardliners</a><br></p> <hr> Iranians voted on Friday in an election expected to hand the presidency to a hardline judge subject to U.S. sanctions, though many are likely to ignore the ballot amid economic hardship and calls for a boycott by critics at home and abroad.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/two-apple-daily-executives-charged-with-collusion-with-foreign-country-idUSKCN2DU04I">Two Apple Daily executives charged with collusion with foreign country</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210618-081635/ Fri, 18 Jun 2021 08:16:35 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210618-081635/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-election/judge-under-u-s-sanctions-set-for-presidency-as-iranians-vote-idUSKCN2DT2V9">Judge under U.S. sanctions set for presidency as Iranians vote</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210618-041654/ Fri, 18 Jun 2021 04:16:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210618-041654/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-pacific-exclusive/exclusive-pacific-undersea-cable-project-sinks-after-u-s-warns-against-chinese-participation-idUSKCN2DU06W">Exclusive-Pacific undersea cable project sinks after U.S. warns against Chinese participation</a><br></p> <hr> A World Bank-led project declined to award a contract to lay sensitive undersea communications cables after Pacific island governments heeded U.S. warnings that participation of a Chinese company posed a security threat, two sources told Reuters.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/hk-democracy-supporters-snap-up-apple-daily-copies-amid-anger-at-police-crackdown-idUSKCN2DU04I">HK democracy supporters snap up Apple Daily copies amid anger at police crackdown</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210618-001706/ Fri, 18 Jun 2021 00:17:06 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210618-001706/ <p>Exclusive: Some Chinese apps could face subpoenas or bans under Biden's executive order aimed at protecting Americans' data <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DT2RX">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-election/iran-election-set-to-hand-presidency-to-hardline-judge-idUSKCN2DT2V9">Iran election set to hand presidency to hardline judge</a><br></p> <hr> Iranians choose a president on Friday in a contest likely to be won by a judge fiercely loyal to the religious establishment, although large numbers of people are expected to ignore the vote due to discontent with economic hardship and hardline rule.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/perus-electoral-board-says-it-is-working-at-top-speed-to-resolve-election-questions-idUSKCN2DT2SD">Peru's electoral board says it is working at top speed to resolve election questions</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-northkorea-usa/n-koreas-kim-says-to-prepare-for-both-dialogue-and-confrontation-with-u-s-kcna-idUSKCN2DT2TA">N.Korea's Kim says to prepare for 'both dialogue and confrontation' with U.S. -KCNA</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210618-001657/ Fri, 18 Jun 2021 00:16:57 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210618-001657/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/newly-discovered-vigilante-malware-outs-software-pirates-and-blocks-them/">Newly discovered Vigilante malware outs software pirates and blocks them</a><br></p> <hr> Most malware tries to steal stuff. Vigilante, by contrast, takes aim at piracy.<br> https://www.whatsupup.com/blog/overgrazing/propellent/20210618-001600/ Fri, 18 Jun 2021 00:15:59 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210618-001600/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-big-tech-bill-that-could-backfire">The One Big Tech Bill That Could Backfire Spectacularly</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/the-big-tech-bill-that-could-backfire">Congress wants to stop most Big Tech acquisitions. But that won't neccesarily increase competition.</a><br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/congress-is-going-to-throw-the-kitchen">Congress Is Going To Throw The Kitchen Sink At Big Tech</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/congress-is-going-to-throw-the-kitchen">Big Technology obtained the five draft bills currently circulating around the House of Representatives that target Big Tech. If they’re signed into law…</a><br> Jun 10 <a rel="noreferrer" target="_blank" href="javascript:void(0)">12</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/congress-is-going-to-throw-the-kitchen/comments">Comment 4</a> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210617-201739/ Thu, 17 Jun 2021 20:17:39 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210617-201739/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-china-researchers-focus/chinese-scientists-ensnared-in-u-s-visa-fraud-legal-battle-idUSKCN2DT2LI">Chinese scientists ensnared in U.S. visa fraud legal battle</a><br></p> <hr> For Chinese brain researcher Song Chen, a visiting scholar at Stanford University when she was arrested last July on a visa fraud charge, a court hearing last month in San Francisco brought some hope.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-mexico-train-accident/probe-finds-new-defects-after-mexico-city-metro-crash-idUSKCN2DT2KJ">Probe finds new defects after Mexico City metro crash</a><br> https://www.whatsupup.com/blog/sited/implore/20210617-201721/ Thu, 17 Jun 2021 20:17:21 +0000 https://www.whatsupup.com/blog/sited/implore/20210617-201721/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/17/technology/fcc-china-technology-restrictions.html">The F.C.C. proposes further restrictions on Chinese telecom equipment. The agency’s actions are a sign of bipartisan opposition to China’s providers of cutting-edge technology like Huawei and ZTE. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210617-162001/ Thu, 17 Jun 2021 16:20:00 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210617-162001/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1130845_2021-jeep-grand-cherokee-l-price-specs-review-photos-info">First drive review: 2021 Jeep Grand Cherokee L grows up but remains playful</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210617-161704/ Thu, 17 Jun 2021 16:17:03 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210617-161704/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-apple-daily/hong-kongs-apple-daily-newsroom-raided-by-500-officers-over-national-security-law-idUSKCN2DT01I">Hong Kong's Apple Daily newsroom raided by 500 officers over national security law</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210617-122015/ Thu, 17 Jun 2021 12:20:15 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210617-122015/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1130845_2021-jeep-grand-cherokee-l-price-specs-review-photos-info">First Drive review: 2021 Jeep Grand Cherokee L grows up but remains playful</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10000044_motor-authority">Motor Authority - Motor Authority Importer</a><br> https://www.whatsupup.com/blog/traveling/splay/20210617-121807/ Thu, 17 Jun 2021 12:18:07 +0000 https://www.whatsupup.com/blog/traveling/splay/20210617-121807/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/17/science/betelgeuse-montarges-star-supernova.html">Out There Betelgeuse Merely Burped, Astronomers Conclude The dramatic dimming of the red supergiant in 2019 was the product of dust, not a prelude to destruction, a new study has found. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210617-121650/ Thu, 17 Jun 2021 12:16:49 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210617-121650/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-space-exploration-china-shenzhou/chinese-astronauts-board-space-station-module-in-historic-mission-idUSKCN2DT04K">Chinese astronauts board space station module in historic mission</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-apple-daily/hks-apple-daily-newsroom-raided-by-500-officers-over-national-security-law-idUSKCN2DT01I">HK's Apple Daily newsroom raided by 500 officers over national security law</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210617-081800/ Thu, 17 Jun 2021 08:17:59 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210617-081800/ President Joe Biden on his first foreign foray sought to cast Russia not as a direct competitor to the United States but as a bit player in a world where Washington is increasingly pre-occupied by China.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-china-b3w/asia-has-wary-welcome-for-g7s-answer-to-belt-and-road-idUSKCN2DT0LJ">Asia has wary welcome for G7's answer to Belt and Road</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210617-041814/ Thu, 17 Jun 2021 04:18:14 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210617-041814/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-summit-biden/analysis-biden-talks-down-russia-spurs-allies-in-bid-to-back-putin-into-a-corner-idUSKCN2DT0B4">Analysis-Biden talks down Russia, spurs allies in bid to back Putin into a corner</a><br></p> <hr> President Joe Biden on his first foreign foray sought to cast Russia not as a direct competitor to the United States but as a bit player in world where Washington is increasingly pre-occupied by China.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210617-021833/ Thu, 17 Jun 2021 02:18:33 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210617-021833/ <p>GENEVA (Reuters) -U.S. President Joe Biden and Russian President Vladimir Putin agreed on Wednesday to begin cybersecurity and arms control talks at a summit that highlighted their discord on those issues, human rights and Ukraine.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-space-exploration-china-shenzhou/china-launches-crewed-spacecraft-shenzhou-12-in-historic-mission-idUSKCN2DT04K">China launches crewed spacecraft Shenzhou-12 in historic mission</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-mexico-train-accident-report/probe-into-mexico-city-metro-crash-blames-structural-failure-idUSKCN2DS28A">Probe into Mexico City metro crash blames structural failure</a><br> https://www.whatsupup.com/blog/sited/implore/20210617-021812/ Thu, 17 Jun 2021 02:18:11 +0000 https://www.whatsupup.com/blog/sited/implore/20210617-021812/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/16/technology/lina-khan-big-tech.html">One of Big Tech’s Biggest Critics Is Now Its Regulator Lina Khan is the most progressive chair of the Federal Trade Commission in at least a generation. By David McCabe and Cecilia Kang</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210616-222040/ Wed, 16 Jun 2021 22:20:39 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210616-222040/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132630_high-performance-600-plus-hp-porsche-cayenne-coupe-sets-ring-record">High-performance 600-plus-hp Porsche Cayenne Coupe sets 'Ring record</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210616-221738/ Wed, 16 Jun 2021 22:17:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210616-221738/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-summit/far-apart-at-first-summit-biden-and-putin-agree-to-steps-on-cybersecurity-arms-control-idUSKCN2DR2M0">Far apart at first summit, Biden and Putin agree to steps on cybersecurity, arms control</a><br></p> <hr> GENEVA (Reuters) -U.S. President Joe Biden and Russian President Vladimir Putin agreed on Wednesday to begin cybersecurity and arms control talks at a summit that laid bare their deep discord on those issues, human rights and Ukraine.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-china-taiwan-congress/pushing-against-china-u-s-lawmakers-plan-pro-taiwan-bill-idUSKCN2DS2BP">Pushing against China, U.S. lawmakers plan pro-Taiwan bill</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-brazil-indigenous/firing-arrows-indigenous-people-in-brazil-protest-bill-curtailing-land-rights-idUSKCN2DS2J4">Firing arrows, indigenous people in Brazil protest bill curtailing land rights</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210616-202018/ Wed, 16 Jun 2021 20:20:18 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210616-202018/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2019/10/12/competitive-programming-in-haskell-reading-large-inputs-with-bytestring/">Competitive Programming in Haskell: reading large inputs with ByteString</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210616-201821/ Wed, 16 Jun 2021 20:18:20 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210616-201821/ Federal Reserve policymakers see the first interest rate hike in 2023, Wall Street drops <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DS0BJ">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-summit/biden-pointedly-asks-putin-about-cyberattacks-at-summit-idUSKCN2DR2M0">Biden pointedly asks Putin about cyberattacks at summit</a><br></p> <hr> GENEVA (Reuters) -U.S. President Joe Biden asked Russian President Vladimir Putin on Wednesday how he would feel if someone carried out a ransomware attack on Russian oil pipelines, a pointed question during their summit that illustrated the breadth of their disagreements.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210616-181829/ Wed, 16 Jun 2021 18:18:28 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210616-181829/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-summit/biden-calls-for-basic-rules-of-the-road-at-summit-with-putin-idUSKCN2DR2M0">Biden calls for "basic rules of the road" at summit with Putin</a><br></p> <hr> U.S. President Joe Biden and Russian President Vladimir Putin decided at a "pragmatic" first summit on Wednesday to hold arms control and cyber-security talks and return their respective ambassadors, while agreeing to differ on other issues.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210616-161740/ Wed, 16 Jun 2021 16:17:39 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210616-161740/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-summit/putin-and-biden-agree-at-summit-to-return-respective-ambassadors-idUSKCN2DR2M0">Putin and Biden agree at summit to return respective ambassadors</a><br></p> <hr> GENEVA (Reuters) -U.S. President Joe Biden and Russian President Vladimir Putin agreed at their first summit on Wednesday to return ambassadors to each other's capitals after they were withdrawn earlier this year.<br> https://www.whatsupup.com/blog/seer/hemisphere/20210616-161644/ Wed, 16 Jun 2021 16:16:42 +0000 https://www.whatsupup.com/blog/seer/hemisphere/20210616-161644/ <p><a rel="noreferrer" target="_blank" href="https://www.nature.com/articles/d41586-021-01537-3">Mars helicopter kicks up ‘cool’ dust clouds — and unexpected science</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nature.com/search?q=%22Alexandra+Witze%22&order=date_desc">Rights & permissions for article Mars helicopter kicks up ‘cool’ dust clouds — and unexpected science . Opens in a new window.</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210616-161504/ Wed, 16 Jun 2021 16:15:03 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210616-161504/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html">Introducing SLSA, an End-to-End Framework for Supply Chain Integrity</a><br></p> <hr> Posted Kim Lewandowski, Google Open Source Security Team & Mark Lodato, Binary Authorization for Borg Team <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html">Read More</a><br> Posted Kim Lewandowski, Google Open Source Security Team & Mark Lodato, Binary Authorization for Borg Team<br> Supply chain integrity attacks—unauthorized modifications to software packages—have been <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">on the rise</a> in the past two years, and are proving to be common and reliable attack vectors that affect all consumers of software. The software development and deployment supply chain is quite complicated, with numerous threats along the source ➞ build ➞ publish workflow. While point solutions do exist for some specific vulnerabilities, there is no comprehensive end-to-end framework that both defines how to mitigate threats across the software supply chain, and provides reasonable security guarantees. There is an urgent need for a solution in the face of the eye-opening, multi-billion dollar attacks in recent months (e.g. <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">SolarWinds</a> , <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">Codecov</a> ), some of which could have been prevented or made more difficult had such a framework been adopted by software developers and consumers. Our proposed solution is <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">Supply chain Levels for Software Artifacts</a> (SLSA, pronounced “salsa”), an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain. It is inspired by Google’s internal “ <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">Binary Authorization for Borg</a> ” which has been in use for the past 8+ years and is mandatory for all of Google's production workloads. The goal of SLSA is to improve the state of the industry, particularly open source, to defend against the most pressing integrity threats. With SLSA, consumers can make informed choices about the security posture of the software they consume.<br> How SLSA helps SLSA helps to protect against common supply chain attacks. The following image illustrates a typical software supply chain and includes examples of attacks that can occur at every link in the chain. Each type of attack has occured over the past several years and, unfortunately, is increasing as time goes on.<br> Threat<br> Known example<br> How SLSA could have helped<br> Submit bad code to the source repository<br> <a rel="noreferrer" target="_blank" href="https://lore.kernel.org/lkml/202105051005.49BFABCE@keescook/">Linux hypocrite commits</a> : Researcher attempted to intentionally introduce vulnerabilities into the Linux kernel via patches on the mailing list.<br> Two-person review caught most, but not all, of the vulnerabilities.<br> B<br> Compromise source control platform<br> <a rel="noreferrer" target="_blank" href="https://news-web.php.net/php.internals/113838">PHP</a> : Attacker compromised PHP’s self-hosted git server and injected two malicious commits.<br> A better-protected source code platform would have been a much harder target for the attackers.<br> C<br> Build with official process but from code not matching source control<br> <a rel="noreferrer" target="_blank" href="https://www.webmin.com/exploit.html">Webmin</a> : Attacker modified the build infrastructure to use source files not matching source control.<br> A SLSA-compliant build server would have produced provenance identifying the actual sources used, allowing consumers to detect such tampering.<br> D<br> Compromise build platform<br> <a rel="noreferrer" target="_blank" href="https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/">SolarWinds</a> : Attacker compromised the build platform and installed an implant that injected malicious behavior during each build.<br> Higher SLSA levels require <a rel="noreferrer" target="_blank" href="https://github.com/slsa-framework/slsa/blob/main/build-requirements.md">stronger security controls for the build platform</a> , making it more difficult to compromise and gain persistence.<br> E<br> Use bad dependency (i.e. A-H, recursively)<br> <a rel="noreferrer" target="_blank" href="https://schneider.dev/blog/event-stream-vulnerability-explained/">event-stream</a> : Attacker added an innocuous dependency and then updated the dependency to add malicious behavior. The update did not match the code submitted to GitHub (i.e. attack F).<br> Applying SLSA recursively to all dependencies would have prevented this particular vector, because the provenance would have indicated that it either wasn’t built from a proper builder or that the source did not come from GitHub.<br> F<br> Upload an artifact that was not built by the CI/CD system<br> <a rel="noreferrer" target="_blank" href="https://about.codecov.io/apr-2021-post-mortem/">CodeCov</a> : Attacker used leaked credentials to upload a malicious artifact to a GCS bucket, from which users download directly.<br> Provenance of the artifact in the GCS bucket would have shown that the artifact was not built in the expected manner from the expected source repo.<br> G<br> Compromise package repository<br> <a rel="noreferrer" target="_blank" href="https://theupdateframework.io/papers/attacks-on-package-managers-ccs2008.pdf">Attacks on Package Mirrors</a> : Researcher ran mirrors for several popular package repositories, which could have been used to serve malicious packages.<br> Similar to above (F), provenance of the malicious artifacts would have shown that they were not built as expected or from the expected source repo.<br> H<br> Trick consumer into using bad package<br> <a rel="noreferrer" target="_blank" href="https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt">Browserify typosquatting</a> : Attacker uploaded a malicious package with a similar name as the original.<br> SLSA does not directly address this threat, but provenance linking back to source control can enable and enhance other solutions.<br> What is SLSA In its current state, SLSA is a set of incrementally adoptable security guidelines being established by industry consensus. In its final form, SLSA will differ from a list of best practices in its enforceability: it will support the automatic creation of auditable metadata that can be fed into policy engines to give "SLSA certification" to a particular package or build platform. SLSA is designed to be incremental and actionable, and to provide security benefits at every step. Once an artifact qualifies at the highest level, consumers can have confidence that it has not been tampered with and can be securely traced back to source—something that is difficult, if not impossible, to do with most software today. SLSA consists of four levels, with SLSA 4 representing the ideal end state. The lower levels represent incremental milestones with corresponding incremental integrity guarantees. The requirements are currently defined as follows.<br> SLSA 1 requires that the build process be fully scripted/automated and generate provenance. Provenance is metadata about how an artifact was built, including the build process, top-level source, and dependencies. Knowing the provenance allows software consumers to make risk-based security decisions. Though provenance at SLSA 1 does not protect against tampering, it offers a basic level of code source identification and may aid in vulnerability management. SLSA 2 requires using version control and a hosted build service that generates authenticated provenance. These additional requirements give the consumer greater confidence in the origin of the software. At this level, the provenance prevents tampering to the extent that the build service is trusted. SLSA 2 also provides an easy upgrade path to SLSA 3. SLSA 3 further requires that the source and build platforms meet specific standards to guarantee the auditability of the source and the integrity of the provenance, respectively. We envision an accreditation process whereby auditors certify that platforms meet the requirements, which consumers can then rely on. SLSA 3 provides much stronger protections against tampering than earlier levels by preventing specific classes of threats, such as cross-build contamination. SLSA 4 is currently the highest level, requiring two-person review of all changes and a hermetic, reproducible build process. Two-person review is an industry best practice for catching mistakes and deterring bad behavior. Hermetic builds guarantee that the provenance’s list of dependencies is complete. Reproducible builds, though not strictly required, provide many auditability and reliability benefits. Overall, SLSA 4 gives the consumer a high degree of confidence that the software has not been tampered with. More details on these proposed levels can be found in the <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">GitHub repository</a> , including the corresponding <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">Source</a> and <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">Build/Provenance</a> requirements. We are open to feedback and suggestions for changes on these requirements.<br> Proof of Concept Today, we are releasing a proof of concept for SLSA 1 provenance generator ( <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">repo</a> , <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">marketplace</a> ). This will allow a user to create and upload provenance alongside their build artifacts, thereby achieving SLSA 1. To use it, add the following snippet to your workflow:<br> - name : Generate provenance<br> uses : slsa - framework / github - actions - demo@v0 . 1<br> with :<br> artifact_path : < path - to - artifact/directory ><br> Going forward, we plan to work with popular source, build, and packaging platforms to make it as easy as possible to reach higher levels of SLSA. These plans include generating provenance automatically in build systems, propagating provenance natively in package repositories, and adding security features across the major platforms. Our long-term goal is to raise the security bar across the industry so that the default expectation is higher-level SLSA security standards, with minimal effort on the part of software producers.<br> Summary SLSA is a practical framework for end-to-end software supply chain integrity, based on a model proven to work at scale in one of the world’s largest software engineering organizations. Achieving the highest level of SLSA for most projects may be difficult, but incremental improvements recognized by lower SLSA levels will already go a long way toward improving the security of the open source ecosystem. We look forward to working with the community on refining the levels as we begin adopting SLSA for our own open source projects. If you are a project maintainer and interested in trying to adopt and provide feedback on SLSA, please <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">reach out</a> or come join the discussions taking place in the <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">OpenSSF Digital Identity Attestation Working Group</a> . Check out the <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">Know, Prevent, Fix</a> post to read more about Google’s overall approach to open source security.<br> Labels: <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/Open%20Source">Open Source</a> , <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/search/label/Security">Security</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210616-160621/ Wed, 16 Jun 2021 16:06:20 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210616-160621/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/ukrainian-police-nab-six-tied-to-clop-ransomware/">Ukrainian Police Nab Six Tied to CLOP Ransomware</a><br></p> <hr> Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School , the University of California , and University of Maryland .<br> A still shot from a video showing Ukrainian police seizing a Tesla, one of many high-end vehicles seized in this week’s raids on the Clop gang.<br> According to <a rel="noreferrer" target="_blank" href="https://www.npu.gov.ua/ua/news/kiberzlochini/kiberpolicziya-vikrila-xakerske-ugrupovannya-u-rozpovsyudzhenni-virusu-shifruvalnika-ta-nanesenni-inozemnim-kompaniyam-piv-milyarda-dolariv-zbitkiv/">a statement</a> and videos released today, the Ukrainian Cyber Police charged six defendants with various computer crimes linked to the CLOP gang, and conducted 21 searches throughout the Kyiv region.<br> First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access.<br> <span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><br> /<br> CLOP has been especially busy over the past six months exploiting four different zero-day vulnerabilities in File Transfer Appliance (FTA), a file sharing product made by California-based <a rel="noreferrer" target="_blank" href="https://www.accellion.com/company/security-updates/mandiant-issues-final-report-regarding-accellion-fta-attack/">Accellion</a> .<br> The CLOP gang seized on those flaws <a rel="noreferrer" target="_blank" href="https://www.recordedfuture.com/dewmode-accellion-supply-chain-impact/">to deploy ransomware to a significant number of Accellion’s FTA customers</a> , including U.S. grocery chain Krogers , the law firm Jones Day , security firm Qualys , and the Singaporean telecom giant Singtel .<br> Last year, CLOP adopted the practice of attempting to extract a second ransom demand from victims in exchange for a promise not to publish or sell any stolen data. Terabytes of documents and files stolen from victim organizations that have not paid a data ransom are now available for download from CLOP’s deep web site, including Stanford, UCLA and the University of Maryland.<br> CLOP’s victim shaming blog on the deep web.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210616-142142/ Wed, 16 Jun 2021 14:21:41 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210616-142142/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132617_2022-porsche-911-gt3-touring-price-specs-review-photos-info">2022 Porsche 911 GT3 Touring brings the go without the show</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210616-141805/ Wed, 16 Jun 2021 14:18:04 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210616-141805/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-summit/putin-sees-a-lot-of-issues-as-summit-with-biden-begins-idUSKCN2DR2M0">Putin sees 'a lot of issues' as summit with Biden begins</a><br></p> <hr> With deep disagreements likely and expectations of solving them low, U.S. President Joe Biden and Russian President Vladimir Putin sat down in a lakeside Geneva villa on Wednesday for their first summit since Biden took office.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210616-122116/ Wed, 16 Jun 2021 12:21:16 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210616-122116/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1124655_2021-audi-rs-6-avant-price-specs-review-photos-info">First drive review: 2021 Audi RS 6 Avant blends massive performance and mass appeal</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210616-121732/ Wed, 16 Jun 2021 12:17:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210616-121732/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-summit/wide-gulf-slim-hopes-as-putin-and-biden-arrive-for-summit-idUSKCN2DR2M0">Wide gulf, slim hopes as Putin and Biden arrive for summit</a><br></p> <hr> Shaking hands in front of a grand Geneva villa, U.S. President Joe Biden and Russian President Vladimir Putin on Wednesday began their first summit since Biden took office, with deep disagreements likely and expectations of solving them low.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-palestinians-attack/palestinian-woman-shot-after-attacking-israeli-troops-army-idUSKCN2DS119">Palestinian woman shot after attacking Israeli troops: army</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-india-twitter/india-slams-twitter-for-not-complying-with-new-it-rules-idUSKCN2DS0L5">India slams Twitter for not complying with new IT rules</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210616-102144/ Wed, 16 Jun 2021 10:21:44 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210616-102144/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132290_redesigned-2022-toyota-tundra-coming-soon-with-new-iforce-max-powertrain">Redesigned 2022 Toyota Tundra coming soon with new iForce Max powertrain</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210616-081742/ Wed, 16 Jun 2021 08:17:42 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210616-081742/ <p>U.S. President Joe Biden and Russian President Vladimir Putin square up on Wednesday for their first meeting since Biden took office with deep disagreements likely and expectations low for any breakthroughs.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/sydney-records-first-local-covid-19-case-in-more-than-a-month-idUSKCN2DS08N">Sydney records first local COVID-19 case in more than a month</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-china-vaccinations/china-ramps-up-vaccinations-but-uneven-rollout-leaves-borders-closed-idUSKCN2DS0BL">China ramps up vaccinations, but uneven rollout leaves borders closed</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210616-061718/ Wed, 16 Jun 2021 06:17:18 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210616-061718/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-southkorea-citizenship-china/proposed-changes-to-s-korea-citizenship-law-face-anti-china-headwinds-idUSKCN2DS09F">Proposed changes to S.Korea citizenship law face anti-China headwinds</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210616-041907/ Wed, 16 Jun 2021 04:19:07 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210616-041907/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2019/05/14/lightweight-efficiently-sampleable-enumerations-in-haskell/">Lightweight, efficiently sampleable enumerations in Haskell</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210616-041654/ Wed, 16 Jun 2021 04:16:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210616-041654/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-australia/australias-melbourne-to-allow-residents-to-leave-city-despite-stubborn-virus-outbreak-idUSKCN2DS08N">Australia's Melbourne to allow residents to leave city, despite stubborn virus outbreak</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210616-001750/ Wed, 16 Jun 2021 00:17:49 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210616-001750/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-summit/wide-disagreements-low-expectations-as-biden-putin-meet-idUSKCN2DR2M0">Wide disagreements, low expectations as Biden, Putin meet</a><br></p> <hr> U.S. President Joe Biden and Russian President Vladimir Putin face off on Wednesday in their first meeting since Biden took office with wide disagreements likely and expectations low for any breakthroughs.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-afghanistan-visas/u-s-speeds-visas-for-vulnerable-afghans-as-pullout-looms-but-congress-wants-more-idUSKCN2DR2KG">U.S. speeds visas for vulnerable Afghans as pullout looms, but Congress wants more</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210615-221730/ Tue, 15 Jun 2021 22:17:30 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210615-221730/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-palestinians/israeli-nationalists-march-in-east-jerusalem-raising-tensions-with-palestinians-idUSKCN2DQ255">Israeli nationalists march in East Jerusalem, raising tensions with Palestinians</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/castillo-ahead-in-peru-presidential-vote-as-election-tally-finishes-idUSKCN2DR2DX">Castillo ahead in Peru presidential vote as election tally finishes</a><br> https://www.whatsupup.com/blog/sited/implore/20210615-221649/ Tue, 15 Jun 2021 22:16:48 +0000 https://www.whatsupup.com/blog/sited/implore/20210615-221649/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/15/technology/lina-khan-ftc.html">Biden Names Lina Khan, a Big-Tech Critic, as F.T.C. Chair Ms. Khan, who first attracted notice as a critic of Amazon, was confirmed by the Senate as a commissioner on the agency on Tuesday. By David McCabe and Cecilia Kang</a><br> https://www.whatsupup.com/blog/conservatorship/reemphasize/20210615-220943/ Tue, 15 Jun 2021 22:09:43 +0000 https://www.whatsupup.com/blog/conservatorship/reemphasize/20210615-220943/ A New Era for Mechanical CAD<br> Time to move forward from decades-old design.<br> https://www.whatsupup.com/blog/phonic/shopboy/20210615-201109/ Tue, 15 Jun 2021 20:11:09 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210615-201109/ <p><a rel="noreferrer" target="_blank" href="https://t.co/KLPTDRn0TJ"><a href="https://t.co/KLPTDRn0TJ">https://t.co/KLPTDRn0TJ</a></a><br></p> <hr> Turner Novak <a rel="noreferrer" target="_blank" href="https://twitter.com/TurnerNovak">@TurnerNovak</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210615-200803/ Tue, 15 Jun 2021 20:08:03 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210615-200803/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/building-a-modern-on-prem-software-business/">Building a modern, on-prem software business How we decided to build both a cloud and on-prem option for Retool, the challenges, and why it's becoming more common to offer both.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210615-182040/ Tue, 15 Jun 2021 18:20:39 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210615-182040/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1113484_2022-maserati-grecale-spy-shots">2022 Maserati Grecale spy shots: Stelvio-based crossover coming soon</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210615-181749/ Tue, 15 Jun 2021 18:17:48 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210615-181749/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-snapshot/biden-and-putin-summit-where-they-disagree-and-where-they-might-compromise-idUSKCN2DR18J">Biden and Putin summit: Where they disagree and where they might compromise</a><br></p> <hr> GENEVA/MOSCOW (Reuters) -Don't expect a major breakthrough at a summit on Wednesday between U.S. President Joe Biden and his Russian counterpart Vladimir Putin, a U.S. official said on Tuesday, given relations between Washington and Moscow are their most strained in years.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-somalia-security/at-least-15-killed-in-somalia-suicide-bombing-claimed-by-militants-idUSKCN2DR0Y6">At least 15 killed in Somalia suicide bombing claimed by militants</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210615-181137/ Tue, 15 Jun 2021 18:11:37 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210615-181137/ <p>a16z to change name to a15z, announces "the countdown has begun"<br> a16z <a rel="noreferrer" target="_blank" href="https://twitter.com/a16z">@a16z</a><br> Introducing Future.</p> <p>A new site from a16z. By and for the people building the future. <a rel="noreferrer" target="_blank" href="https://t.co/UkaC69Af8g"><a href="https://t.co/UkaC69Af8g">https://t.co/UkaC69Af8g</a></a><br></p> https://www.whatsupup.com/blog/kickback/overgeneralization/20210615-180804/ Tue, 15 Jun 2021 18:08:04 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210615-180804/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/building-a-modern-on-prem-software-business/">Building a modern, on-prem software business How we built a</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210615-161733/ Tue, 15 Jun 2021 16:17:32 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210615-161733/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-palestinians/israeli-nationalists-march-in-east-jerusalem-under-heavy-police-presence-idUSKCN2DQ255">Israeli nationalists march in East Jerusalem under heavy police presence</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210615-160544/ Tue, 15 Jun 2021 16:05:43 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210615-160544/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/how-does-one-get-hired-by-a-top-cybercrime-gang/">How Does One Get Hired by a Top Cybercrime Gang?</a><br></p> <hr> The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware.<br> Just how did a self-employed web site designer and mother of two come to work for one of the world’s most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her involvement with the gang? This post explores answers to those questions, as well as some of the ways Trickbot and other organized cybercrime gangs gradually recruit, groom and trust new programmers.<br> Alla Witte’s personal website — allawitte[.]nl — circa October 2018.<br> The <a rel="noreferrer" target="_blank" href="https://www.justice.gov/opa/press-release/file/1401766/download">indictment released by the DOJ</a> (PDF) is heavily redacted, and only one of the defendants is named: Alla “Max” Witte , a 55-year-old Latvian national who was arrested Feb. 6 in Miami, Fla.<br> The DOJ alleges Witte was responsible for “overseeing the creation of code related to the monitoring and tracking of authorized users of the Trickbot malware, the control and deployment of ransomware, obtaining payments from ransomware victims, and developing tools and protocols for the storage of credentials stolen and exfiltrated from victims infected by Trickbot.”<br> The indictment also says Witte provided code to the Trickbot Group for a web panel used to access victim data stored in a database. According to the government, that database contained a large number of credit card numbers and stolen credentials from the Trickbot botnet, as well as information about infected machines available as bots.<br> “Witte provided code to this repository that showed an infected computer or ‘bot’ status in different colors based on the colors of a traffic light and allowed other Trickbot Group members to know when their co-conspirators were working on a particular infected machine,” the indictment alleges.<br> While any law enforcement action against a crime group that has targeted hospitals, schools, public utilities and governments is good news, Witte’s indictment and arrest were probably inevitable: It is hard to think of an accused cybercriminal who has made more stunningly poor and rookie operational security mistakes than this Latvian senior citizen.<br> For starters, it appears at one point in 2020 Witte actually <a rel="noreferrer" target="_blank" href="https://twitter.com/cybsecbot/status/1401588458666270722">hosted Trickbot malware on a vanity website registered in her name</a> — <a rel="noreferrer" target="_blank" href="https://web.archive.org/web/20170914053226/http://allawitte.nl/">allawitte[.]nl</a> .<br> While it is generally a bad idea for cybercriminals to mix their personal life with work, Witte’s social media accounts mention a close family member (perhaps her son or husband) had the first name “Max,” which allegedly was her hacker handle.<br> Unlike many accused cybercriminals who hail from Russia or former Soviet countries, Witte did not feel obligated to avoid traveling to areas where she might be within reach of U.S. law enforcement agencies. According to her indictment, Witte was living in the South American nation of <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Suriname">Suriname</a> and she was arrested in Miami while flying from Suriname. It is not clear where her intended destination was.<br> A Google-translated post Witte made to her Vkontakte page, five years before allegedly joining the Trickbot group.<br> Alex Holden , founder of the cybersecurity intelligence firm Hold Security, said Witte’s greatest lapse in judgment came around Christmas time in 2019, when she infected one of her own computers with the Trickbot malware — allowing it to steal and log her data within the botnet interface.<br> “On top of the password re-use, the data shows a great insight into her professional and personal Internet usage,” Holden wrote in <a rel="noreferrer" target="_blank" href="https://holdsecurity.com/news/2021/06/trickbot-gang-arrest-story-of-alla-witte/">a blog post on Witte’s arrest</a> .<br> “Many in the gang not only knew her gender but her name too,” Holden wrote. “Several group members had AllaWitte folders with data. They refer to Alla almost like they would address their mothers.”<br> So how did this hacker mom with apparently zero sense of self-preservation come to work for one of the world’s most predatory cybercriminal gangs? <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/how-does-one-get-hired-by-a-top-cybercrime-gang/#more-55911">Continue reading →</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210615-142016/ Tue, 15 Jun 2021 14:20:15 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210615-142016/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132599_2023-mercedes-benz-c-class-cabriolet-spy-shots">2023 Mercedes-Benz C-Class Cabriolet spy shots: Redesigned convertible on the way</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210615-141714/ Tue, 15 Jun 2021 14:17:13 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210615-141714/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-taiwan-china/taiwan-reports-largest-incursion-yet-by-chinese-air-force-idUSKCN2DR12V">Taiwan reports largest incursion yet by Chinese air force</a><br></p> <hr> Twenty-eight Chinese air force aircraft, including fighters and nuclear-capable bombers, entered Taiwan's air defence identification zone (ADIZ) on Tuesday, the island's government said, the largest reported incursion to date.<br> https://www.whatsupup.com/blog/phonic/shopboy/20210615-141115/ Tue, 15 Jun 2021 14:11:15 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210615-141115/ Future from a16z<br> A new site for understanding the future, how tech shapes it, and how we build it.<br> <a rel="noreferrer" target="_blank" href="https://future.a16z.com">Go to Future</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210615-140758/ Tue, 15 Jun 2021 14:07:58 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210615-140758/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/building-a-modern-on-prem-software-business/">Building a modern, on-prem software business Retool is a fast way for engineers to build internal tools. Here’s a 4 minute video demo. We started building the product in 2017, and in about a year got to $1M</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210615-121916/ Tue, 15 Jun 2021 12:19:15 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210615-121916/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132592_first-drive-review-2022-porsche-macan-prototype-builds-a-fun-bridge-to-an-electric-future">First drive review: 2022 Porsche Macan prototype builds a fun bridge to an electric future</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210615-101934/ Tue, 15 Jun 2021 10:19:33 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210615-101934/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132598_2021-ford-bronco-production-is-underway">2021 Ford Bronco production is underway</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132460_watch-jay-leno-set-9-24s-quarter-mile-world-record-in-the-tesla-model-s-plaid">Watch Jay Leno set 9.24s quarter-mile world record in the Tesla Model S Plaid</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210615-101623/ Tue, 15 Jun 2021 10:16:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210615-101623/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nato-summit-china/china-urges-nato-to-stop-exaggerating-china-threat-theory-idUSKCN2DR0C0">China urges NATO to stop exaggerating 'China threat theory'</a><br></p> <hr> BEIJING (Reuters) -China's mission to the European Union urged NATO on Tuesday to stop exaggerating the "China threat theory" after the group's leaders warned that the country presented "systemic challenges".<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210615-081637/ Tue, 15 Jun 2021 08:16:36 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210615-081637/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-election/khamenei-set-to-tighten-grip-in-iran-vote-as-frustrations-grow-idUSKCN2DR0GB">Khamenei set to tighten grip in Iran vote as frustrations grow</a><br></p> <hr> Iranians elect a new president on Friday in a race dominated by hardline candidates close to Supreme Leader Ayatollah Ali Khamenei, with popular anger over economic hardship and curbs on freedoms set to keep many pro-reform Iranians at home.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-india-variant-insi/health-experts-say-india-missed-early-alarm-let-deadly-coronavirus-variant-spread-idUSKCN2DR0PP">Health experts say India missed early alarm, let deadly coronavirus variant spread</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ivorycoast-politics/ivory-coast-hopes-to-end-a-decade-of-rancour-with-gbagbos-return-idUSKCN2DR0PL">Ivory Coast hopes to end a decade of rancour with Gbagbo's return</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210615-081117/ Tue, 15 Jun 2021 08:11:16 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210615-081117/ Chuck. <a rel="noreferrer" target="_blank" href="https://t.co/l98m7qLCpm"><a href="https://t.co/l98m7qLCpm">https://t.co/l98m7qLCpm</a></a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210615-061645/ Tue, 15 Jun 2021 06:16:45 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210615-061645/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-el-salvador-migration-usaid/usaid-to-grant-115-million-in-aid-to-el-salvador-to-stem-migration-idUSKCN2DR01V">USAID to grant $115 million in aid to El Salvador to stem migration</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-summit-agreements/kremlin-says-deals-at-putin-biden-summit-unlikely-but-talks-useful-idUSKCN2DR0G3">Kremlin says deals at Putin-Biden summit unlikely but talks useful</a><br> https://www.whatsupup.com/blog/gigabit/polenta/20210615-041935/ Tue, 15 Jun 2021 04:19:35 +0000 https://www.whatsupup.com/blog/gigabit/polenta/20210615-041935/ <p><a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com#menu">Menu</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://svbtle.com">Chris Zacharias is writing on the Svbtle network.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.chriszacharias.com">chriszacharias.com</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://twitter.com/zacman85">@zacman85</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/feed">rss feed</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://svbtle.com/about">about svbtle</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://svbtle.com/signup">sign up</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com">Chris Zacharias</a><br> <hr> Founder of imgix. YCombinator alum. Ex-YouTuber. Studied New Media at RIT.<br> Read this first<br> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/imgix-a-new-step-forward">imgix: A New Step Forward</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/imgix-a-new-step-forward">Nowadays, you can take out your phone, open a user-friendly app, capture a shockingly high-quality picture, make any corrections you need, and then send that picture to your grandma, who can see it seconds later. Consumer photography is a largely solved problem. However, the same innovations that have benefited consumers - access to high quality cameras, ease of use, rapid distribution of photos - have created a multitude of complexities for businesses who are now forced to deal with both a more discerning user and a more complicated visual landscape. Delivering the highest quality, lowest latency image to your users is getting progressively harder over time as more and more factors play a role in what delivering the “perfect” image means. Nobody should have to become an imaging scientist to achieve the most with their images. We built imgix to solve this. By providing a simple URL API...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/imgix-a-new-step-forward">Continue reading →</a><br> <hr> May 1, 2019<br> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/a-conspiracy-to-kill-ie6">A Conspiracy To Kill IE6</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/a-conspiracy-to-kill-ie6">The bittersweet consequence of YouTube’s incredible growth is that so many stories will be lost underneath all of the layers of new paint. This is why I wanted to tell the story of how, ten years ago, a small team of web developers conspired to kill IE6 from inside YouTube and got away with it. I do not recall the exact triggering event that led to our web development team laying out plans to kill IE6 over lunch in the YouTube cafeteria. Perhaps it was the time I pushed out a CSS stylesheet that included an attribute selector on a semi-supported HTML element. Any reasonable web developer would expect this to be ignored by browsers not up to the task. This was not the case with older flavors of IE. Under very specific conditions, an attribute selector on an unsupported HTML element in IE would create an internal recursion that would at best, cause the browser to crash and at worst...</a><br> <hr> Feb 8, 2016<br> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/imaging-and-the-internet">The Imaging Chain and the Internet</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/imaging-and-the-internet">Consider what taking a simple photograph meant 25 years ago. You had film cameras, negatives, dark rooms, emulsions, and paper. It would take days to produce a picture you could show to someone. Now consider what taking a photograph means today. With a smartphone that fits in our pocket, we can capture a photo, edit it, view it, and show it to anyone, all in as a little as a few seconds. These fantastic devices are simultaneously capable of capturing high resolution visuals, displaying them, and immediately distributing them to a billion other devices similarly capable of the exact same things. It is now actually perceivable that a photo you take one moment could be seen by over half of the entire human population a moment later. This power in visual expression has never existed before. We can create and express visual media so incredibly fast that it is causing new behavioral patterns...</a><br> <hr> Aug 26, 2015<br> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/multiplane-camera">The Multiplane Camera</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/multiplane-camera">During a recent trip to the Disney Museum in San Francisco, I became immediately fascinated by the multiplane camera that was on display there. The gigantic machine represents so much of what I find inspiring in graphics and technology. It is fun to get lost in thought, imagining what the modern equivalent of the multiplane camera might be and how to foster the intersection of art and technology from which the multiplane camera emerged. The multiplane camera was invented in 1933 by famous Disney animator/director Ub Iwerks. It worked by enabling animators to position their layers of acetate animation cels at varying distances and offsets in a vertical column. They could then shoot a camera downward to compose the cels into a single frame. While animators had been using acetate celluloid frames composited over painted mattes for decades prior, the technical effects that the multiplane...</a><br> <hr> Dec 21, 2012<br> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/page-weight-matters">Page Weight Matters</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/page-weight-matters">Three years ago, while I was a web developer at YouTube, one of the senior engineers began a rant about the page weight of the video watch page being far too large. The page had ballooned to as high as 1.2MB and dozens of requests. This engineer openly vented that “if they can write an entire Quake clone in under 100KB, we have no excuse for this!” Given that I agreed with him and I was excited to find a new project, I decided to champion the cause of getting the YouTube watch page to weigh in under 100KB. On the shuttle home from San Bruno that night, I coded up a prototype. I decided to limit the functionality to just a basic masthead, the video player, five related videos, a sharing button, a flagging tool, and ten comments loaded in via AJAX. I code-named the project “Feather”. Even with such a limited set of features, the page was weighing in at 250KB. I dug into the code and...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/investors">Investors</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/investors">When I was going through YCombinator in the summer of 2011, I felt like I was the only person in the entire class who knew nothing about taking investment. I remember distinctly when Jessica Livingston announced the $150K we would be getting from SV Angel and Start Fund. When she told us the terms, the room erupted in shouting and applause. I sat there Googling nervously, trying to understand what had just been said and wondering if I really belonged in YC at all. Being surrounded by such a select group of founders, each in varying stages of building their companies, you pick up the knowledge you need very quickly. This is the most valuable part of the 3-month YCombinator session. One piece of knowledge you learn very early on is that investors tend to have a herd mentality. What I would later realize through observation was that founders tend to as well. I remember getting the...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/cruise-ships">Cruise Ships</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://blog.chriszacharias.com/cruise-ships">In July of 2010, I made the decision to leave YouTube. The first thoughts I had were “How am I going to explain this to anyone? How will I tell mom?” To my family, I had the greatest job in the world and the amount of money I was making was unfathomable. They were certainly not wrong in thinking this. Google is absolutely the best place in the world to work and they do pay very well. It certainly was not an easy decision on my part. About 4 months before, I was backpacking through Europe, stopping off in major cities to present our latest HTML5 work at the local Google offices. It was my first time really exploring a different part of the world. I met fascinating people and experienced many random adventures. I was trapped in Stockholm for 9 days due to the Icelandic ash cloud. I was a successful stowaway on a train from Copenhagen to Hamburg. I had a girlfriend break up with me during...</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://svbtle.com/terms">Terms</a> • <a rel="noreferrer" target="_blank" href="https://svbtle.com/privacy">Privacy</a> • <a rel="noreferrer" target="_blank" href="https://svbtle.com/promise">Promise</a><br> <hr> https://www.whatsupup.com/blog/gonadal/revving/20210615-041857/ Tue, 15 Jun 2021 04:18:57 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210615-041857/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2018/02/13/a-work-in-progress-translation-of-joyals-original-paper-on-species/">A (work in progress) translation of Joyal’s original paper on species</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2010/04/15/cabal-init/">cabal init</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210615-041112/ Tue, 15 Jun 2021 04:11:11 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210615-041112/ Please join @bhorowitz and me on @Clubhouse in 15 minutes, 7PM Pacific, for our show "One on One with A & Z" – special episode on the future of remote work in a post-COVID world!<br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210615-041017/ Tue, 15 Jun 2021 04:10:16 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210615-041017/ 15 Jun 2021 » <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-06-15/bpf-internals.html">USENIX LISA2021 BPF Internals (eBPF)</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210615-021631/ Tue, 15 Jun 2021 02:16:30 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210615-021631/ Peruvians were still waiting on Monday for their next president to be confirmed, more than a week after a polarizing run-off vote, with socialist Pedro Castillo clinging to a narrow lead that would tilt the country firmly to the left.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-usa-borders/u-s-canada-set-to-discuss-lifting-of-border-restrictions-sources-idUSKCN2DR012">U.S., Canada set to discuss lifting of border restrictions -sources</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210615-021047/ Tue, 15 Jun 2021 02:10:47 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210615-021047/ Join us live on @Clubhouse, right now, for a discussion on the future of work post-COVID, with @bhorowitz and @stevesi. <a rel="noreferrer" target="_blank" href="https://t.co/6QFZwtcQzs"><a href="https://t.co/6QFZwtcQzs">https://t.co/6QFZwtcQzs</a></a><br> Join us! <a rel="noreferrer" target="_blank" href="https://t.co/6QFZwtcQzs"><a href="https://t.co/6QFZwtcQzs">https://t.co/6QFZwtcQzs</a></a><br> I'm discussing “One on One with A & Z” with @bhorowitz and a16z. Today, Jun 14 at 7:00 PM PDT on @clubhouse. Join us! <a rel="noreferrer" target="_blank" href="https://t.co/TDJlMf891Q"><a href="https://t.co/TDJlMf891Q">https://t.co/TDJlMf891Q</a></a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20210615-001847/ Tue, 15 Jun 2021 00:18:47 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210615-001847/ June 14, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/06/14/Provided-as-is-without-warranty.html">Provided "as is", without warranty of any kind</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210615-001755/ Tue, 15 Jun 2021 00:17:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210615-001755/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/a-divided-peru-waits-for-next-president-as-vote-count-nears-completion-idUSKCN2DQ14L">A divided Peru waits for next president as vote count nears completion</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210615-001609/ Tue, 15 Jun 2021 00:16:09 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210615-001609/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2015/12/22/on-juniper-backdoor/">On the Juniper backdoor</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210614-221956/ Mon, 14 Jun 2021 22:19:56 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210614-221956/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132557_2022-mercedes-benz-amg-gt-53-4-door-coupe-becomes-more-practical-with-seating-for-five">2022 Mercedes-Benz AMG GT 53 4-Door Coupe becomes more practical with seating for five</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210614-221653/ Mon, 14 Jun 2021 22:16:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210614-221653/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nato-summit/nato-adopts-tough-line-on-china-at-bidens-debut-summit-with-alliance-idUSKCN2DQ010">NATO adopts tough line on China at Biden's debut summit with alliance</a><br></p> <hr> BRUSSELS (Reuters) -NATO leaders warned on Monday that China presents "systemic challenges," taking a forceful stance towards Beijing in a communique at Joe Biden's first summit with an alliance that Donald Trump openly disparaged.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-palestinians/israeli-nationalists-to-march-in-east-jerusalem-palestinians-plan-day-of-rage-idUSKCN2DQ255">Israeli nationalists to march in East Jerusalem, Palestinians plan 'Day of Rage'</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-conflict-un/u-n-readies-for-more-displaced-afghans-after-troop-withdrawal-idUSKCN2DQ26T">U.N. readies for more displaced Afghans after troop withdrawal</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210614-201723/ Mon, 14 Jun 2021 20:17:22 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210614-201723/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/new-israeli-government-approves-nationalist-march-in-jerusalem-idUSKCN2DQ0HL">New Israeli government approves nationalist march in Jerusalem</a><br></p> <hr> JERUSALEM (Reuters) -Israel's new government on Monday approved a Jewish nationalist march in Jerusalem, a step that risks inflaming tensions with Palestinians hours after veteran leader Benjamin Netanyahu handed over power to Prime Minister Naftali Bennett.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-attack-suspect/canadian-man-accused-of-murdering-muslim-family-members-to-face-terror-charges-idUSKCN2DQ1G3">Canadian man accused of murdering Muslim family members to face terror charges</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210614-181659/ Mon, 14 Jun 2021 18:16:58 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210614-181659/ <p>The U.S. has crossed the milestone of 600,000 dead from COVID-19, even as the country begins to return to normal <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DQ1U8">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-ransomware-analysis/analysis-murkiness-of-russias-ransomware-role-complicates-biden-summit-mission-idUSKCN2DQ1UM">Analysis: Murkiness of Russia's ransomware role complicates Biden summit mission</a><br></p> <hr> As U.S. President Joe Biden prepares to confront Russian President Vladimir Putin over ransomware gangs in his country that twice recently targeted critical American infrastructure, his administration is publicly blaming the Russian government for allowing those criminals to profit without prosecution.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nato-summit/nato-takes-tough-line-on-china-at-first-summit-with-biden-idUSKCN2DQ010">NATO takes tough line on China at first summit with Biden</a><br> <hr> BRUSSELS (Reuters) -NATO leaders designated China as presenting "systemic challenges" in a summit communique on Monday, taking a forceful stance towards Beijing at Joe Biden's first summit with an alliance that Donald Trump openly disparaged and ridiculed.<br> https://www.whatsupup.com/blog/augur/cussed/20210614-180811/ Mon, 14 Jun 2021 18:08:10 +0000 https://www.whatsupup.com/blog/augur/cussed/20210614-180811/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/pride-month-activities-around-discord-and-the-world-fc0eed930a?source=collection_home---4------0-----------------------">Pride Month Activities Around Discord and The World</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/pride-month-activities-around-discord-and-the-world-fc0eed930a?source=collection_home---4------0-----------------------">Pride Month Activities Around Discord and The World We’ve got the scoop on a ton of amazing community events, a new bot, and some appropriately proud artwork.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210614-162036/ Mon, 14 Jun 2021 16:20:35 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210614-162036/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132549_things-to-consider-when-displaying-a-classic-car-at-a-local-show">Things to consider when displaying a classic car at a local show</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/writer/10062679_classiccars-com">ClassicCars.com - Contributor</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210614-161708/ Mon, 14 Jun 2021 16:17:07 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210614-161708/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nato-summit/nato-designates-china-as-a-systemic-challenge-idUSKCN2DQ010">NATO designates China as a 'systemic' challenge</a><br></p> <hr> BRUSSELS (Reuters) -NATO leaders designated China as presenting "systemic challenges" in a summit communique on Monday that marked a forceful stance for the Western military alliance, declared a priority for U.S. President Joe Biden after the Trump years.<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210614-160747/ Mon, 14 Jun 2021 16:07:47 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210614-160747/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/react-autocomplete-libraries/">React autocomplete libraries: Downshift, react-select, and more We’ve researched and compared React autocomplete libraries to suss out the best React autocomplete library, and then created this simple guide to aggregate all the top options in one place.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210614-142032/ Mon, 14 Jun 2021 14:20:31 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210614-142032/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132583_there-s-a-midnight-purple-r34-nissan-skyline-gt-r-v-spec-for-sale-in-the-us">There's a Midnight Purple R34 Nissan Skyline GT-R V-Spec for sale in the US</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210614-141735/ Mon, 14 Jun 2021 14:17:34 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210614-141735/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nato-summit/defense-of-europe-is-a-sacred-obligation-biden-tells-nato-idUSKCN2DQ010">Defense of Europe is a 'sacred obligation', Biden tells NATO</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-afghanistan-nato-qatar-excusive/exclusive-nato-approaches-qatar-to-seek-training-base-for-afghan-forces-after-withdrawal-idUSKCN2DQ17N">Exclusive: NATO approaches Qatar to seek training base for Afghan forces after withdrawal</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/new-israeli-government-faces-tension-with-palestinians-over-jerusalem-idUSKCN2DQ0HL">New Israeli government faces tension with Palestinians over Jerusalem</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210614-121706/ Mon, 14 Jun 2021 12:17:05 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210614-121706/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nato-summit/at-nato-biden-says-defence-of-europe-a-sacred-obligation-idUSKCN2DQ010">At NATO, Biden says defence of Europe a 'sacred obligation'</a><br></p> <hr> U.S. President Joe Biden told fellow NATO leaders on Monday the defence of Europe, Turkey and Canada was a "sacred obligation" for the United States, a marked shift from his predecessor Donald Trump's threats to withdraw from the military alliance.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-palestinians-trauma-helpline/the-trauma-helpline-taking-calls-from-gaza-during-conflict-and-beyond-idUSKCN2DQ0ZR">The trauma helpline taking calls from Gaza during conflict and beyond</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210614-101831/ Mon, 14 Jun 2021 10:18:30 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210614-101831/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nato-summit-turkey/no-breakthroughs-expected-from-first-biden-erdogan-meeting-idUSKCN2DQ0M4">No breakthroughs expected from first Biden-Erdogan meeting</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210614-100827/ Mon, 14 Jun 2021 10:08:27 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210614-100827/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/self-hosted-retool-plans/">Introducing a self-hosted option for our Free and Startup plans We’re excited to announce that you can deploy our Free and Startup plan on your own infra, behind your own VPN, and in your own VPC.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210614-082104/ Mon, 14 Jun 2021 08:21:03 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210614-082104/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132581_2023-maserati-granturismo-prototype-hits-the-road">2023 Maserati GranTurismo prototype hits the road</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210614-081739/ Mon, 14 Jun 2021 08:17:39 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210614-081739/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nato-summit/nato-to-toughen-g7-message-on-china-despite-beijings-cries-of-slander-idUSKCN2DQ010">NATO to toughen G7 message on China despite Beijing's cries of 'slander'</a><br></p> <hr> BRUSSELS (Reuters) -NATO leaders are expected to brand China a security risk to the Western alliance when they meet on Monday, a day after the Group of Seven rich nations issued a statement on human rights in China and Taiwan that Beijing said slandered its reputation.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/israels-new-government-begins-netanyahu-era-ends-idUSKCN2DQ0HL">Israel's new government begins, Netanyahu era ends</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210614-061823/ Mon, 14 Jun 2021 06:18:22 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210614-061823/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-myanmar-politics/suu-kyis-trial-set-to-start-in-myanmar-junta-rejects-u-n-rights-chiefs-statement-idUSKCN2DQ05L">Suu Kyi's trial set to start in Myanmar, junta rejects U.N. rights chief's statement</a><br></p> <hr> The trial of Myanmar's ousted leader Aung San Suu Kyi was set to start on Monday, as the junta that overthrew her elected government rejected criticism by the U.N. High Commissioner for Human Rights over its use of deadly force against protesters.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-newzealand-shooting-ardern/ardern-says-nz-mosque-attack-film-should-focus-on-muslim-community-not-her-idUSKCN2DQ08V">Ardern says NZ mosque attack film should focus on Muslim community not her</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nato-summit/nato-welcomes-biden-in-pivotal-post-trump-summit-idUSKCN2DQ010">NATO welcomes Biden in 'pivotal' post-Trump summit</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210614-061644/ Mon, 14 Jun 2021 06:16:43 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210614-061644/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2013/04/11/zerocoin-making-bitcoin-anonymous/">Zerocoin: making Bitcoin anonymous</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210613-221814/ Sun, 13 Jun 2021 22:18:14 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210613-221814/ JERUSALEM (Reuters) -Benjamin Netanyahu's record 12-year run as Israel's prime minister ended on Sunday with parliament approving a new "government of change" led by nationalist Naftali Bennett, an improbable scenario few Israelis once could have imagined.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210613-201825/ Sun, 13 Jun 2021 20:18:24 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210613-201825/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/netanyahu-out-bennett-in-as-israel-marks-end-of-an-era-idUSKCN2DP01I">Netanyahu out, Bennett in as Israel marks end of an era</a><br></p> <hr> JERUSALEM (Reuters) -Benjamin Netanyahu's record 12-year run as Israel's prime minister ended on Sunday with parliament approving a new "government of change" led by nationalist Naftali Bennett, an improbable scenario few Israelis could have imagined.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nato-summit-usa/white-house-says-nato-will-launch-ambitious-security-initiatives-idUSKCN2DP0NH">White House says NATO will launch 'ambitious' security initiatives</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics-reaction/hope-anger-and-defiance-greet-birth-of-israels-new-government-idUSKCN2DP0LM">Hope, anger and defiance greet birth of Israel's new government</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210613-182027/ Sun, 13 Jun 2021 18:20:26 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210613-182027/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2011/11/12/generating-plane-tilings-with-diagrams/">Generating plane tilings with diagrams</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210613-181818/ Sun, 13 Jun 2021 18:18:17 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210613-181818/ <p>New Israeli government wins majority vote, ending Benjamin Netanyahu's 12-year tenure <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DP01I">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/new-israeli-government-wins-majority-vote-ending-netanyahu-tenure-idUSKCN2DP01I">New Israeli government wins majority vote, ending Netanyahu tenure</a><br></p> <hr> JERUSALEM (Reuters) -Benjamin Netanyahu's 12-year run as Israel's prime minister ended on Sunday with parliament approving a new "government of change" led by nationalist Naftali Bennett.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics-explainer/explainer-whos-who-in-israels-new-patchwork-coalition-government-idUSKCN2DP0EX">Explainer-Who's who in Israel's new patchwork coalition government</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-china-caution/g7-chides-china-on-rights-demands-covid-origins-investigation-idUSKCN2DP036">G7 chides China on rights, demands COVID origins investigation</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210613-122121/ Sun, 13 Jun 2021 12:21:20 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210613-122121/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132554_turn-back-time-with-this-retro-2021-ford-f-150">Turn back time with this retro 2021 Ford F-150</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210613-121812/ Sun, 13 Jun 2021 12:18:11 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210613-121812/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/israels-knesset-set-to-vote-on-new-government-ending-netanyahus-rule-idUSKCN2DP01I">Israel's Knesset set to vote on new government, ending Netanyahu's rule</a><br></p> <hr> JERUSALEM (Reuters) -Israeli Prime Minister Benjamin Netanyahu's record 12-year hold on power was set to end on Sunday when parliament votes on a new government, ushering in an administration that has pledged to heal a nation bitterly divided over his departure.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-china-caution/g7-calls-out-china-over-xinjiang-hong-kong-and-taiwan-draft-communique-idUSKCN2DP036">G7 calls out China over Xinjiang, Hong Kong and Taiwan - draft communique</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-climate/g7-leaders-agree-increased-climate-finance-details-missing-idUSKCN2DO0M1">G7 leaders agree increased climate finance, details missing</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210613-101748/ Sun, 13 Jun 2021 10:17:48 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210613-101748/ <p>CARBIS BAY, England (Reuters) -China on Sunday pointedly cautioned Group of Seven leaders that the days when "small" groups of countries decided the fate of the world was long gone, hitting back at the richest democracies as they sought to act in concert to counter Beijing's might.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-communique/g7-agrees-1-billion-covid-vaccine-donation-communique-idUSKCN2DP04G">G7 agrees 1 billion COVID vaccine donation - communique</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-putin/putin-says-he-wants-biden-summit-to-help-establish-dialogue-ifax-idUSKCN2DP050">Putin says he wants Biden summit to help establish dialogue - Ifax</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210613-061816/ Sun, 13 Jun 2021 06:18:16 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210613-061816/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nato-summit-climate-analysis/analysis-with-trump-gone-nato-wages-war-on-climate-threat-idUSKCN2DP03E">Analysis-With Trump gone, NATO wages war on climate threat</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-china-caution/china-cautions-g7-small-groups-dont-rule-the-world-idUSKCN2DP036">China cautions G7: 'small' groups don't rule the world</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210613-041839/ Sun, 13 Jun 2021 04:18:38 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210613-041839/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/israels-knesset-to-vote-on-new-government-end-netanyahus-record-reign-idUSKCN2DP01I">Israel's Knesset to vote on new government, end Netanyahu's record reign</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210613-001845/ Sun, 13 Jun 2021 00:18:45 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210613-001845/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-blinken/u-s-south-korea-reaffirm-cooperation-toward-denuclearization-of-korean-peninsula-idUSKCN2DO0N4">U.S., South Korea reaffirm cooperation toward denuclearization of Korean Peninsula</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210613-001708/ Sun, 13 Jun 2021 00:17:07 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210613-001708/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2013/06/26/can-apple-read-your-imessages/">Can Apple read your iMessages?</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210612-221738/ Sat, 12 Jun 2021 22:17:38 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210612-221738/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-china/g7-rivals-china-with-grand-infrastructure-plan-idUSKCN2DO048">G7 rivals China with grand infrastructure plan</a><br></p> <hr> The Group of Seven richest democracies sought on Saturday to counter China's growing influence by offering developing nations an infrastructure plan that could rival President Xi Jinping's multi-trillion-dollar Belt and Road initiative.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-climate/g7-leaders-commit-to-increasing-climate-finance-contributions-idUSKCN2DO0M1">G7 leaders commit to increasing climate finance contributions</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210612-221128/ Sat, 12 Jun 2021 22:11:26 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210612-221128/ Ben Horowitz @bhorowitz and I will be back with our Clubhouse @joinClubhouse show, "One On One with A & Z", Monday, June 14 at 7:00 PM PST. SPECIAL TOPIC the end of COVID & the future of work. Please suggest great questions for us to answer by replying to this tweet!<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210612-201734/ Sat, 12 Jun 2021 20:17:33 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210612-201734/ <p>CARBIS BAY, England (Reuters) -The Group of Seven richest democracies sought on Saturday to counter China's growing influence by offering developing nations an infrastructure plan that could rival President Xi Jinping's multi-trillion-dollar Belt and Road initiative.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-biden-trump-talks/g7-source-praises-biden-after-complete-chaos-of-trump-idUSKCN2DO0K7">G7 source praises Biden after 'complete chaos' of Trump</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/perus-fujimori-pushes-again-to-annul-votes-as-castillo-nears-runoff-win-idUSKCN2DO0DE">Peru's Fujimori pushes again to annul votes as Castillo nears runoff win</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210612-181731/ Sat, 12 Jun 2021 18:17:30 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210612-181731/ Denmark's Christian Eriksen conscious in hospital after collapsing at Euro 2020 soccer match <a rel="noreferrer" target="_blank" href="https://www.reuters.com/lifestyle/sports/denmarks-eriksen-given-cpr-during-euro-2020-clash-2021-06-12/">VIEW MORE</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210612-161725/ Sat, 12 Jun 2021 16:17:24 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210612-161725/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-usa/america-is-back-with-biden-frances-macron-says-idUSKCN2DO0DN">America is back with Biden, France's Macron says</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210612-141901/ Sat, 12 Jun 2021 14:19:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210612-141901/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-china/anything-you-can-do-g7-rivals-china-with-grand-infrastructure-plan-idUSKCN2DO048">Anything you can do: G7 rivals China with grand infrastructure plan</a><br></p> <hr> CARBIS BAY, England (Reuters) -The Group of Seven richest democracies on Saturday sought to counter China's growing influence by offering developing nations an infrastructure plan that would rival President Xi Jinping's multi-trillion-dollar Belt and Road initiative.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-brexit/whatever-it-takes-uks-johnson-warns-eu-over-post-brexit-trade-idUSKCN2DO088">'Whatever it takes', UK's Johnson warns EU over post-Brexit trade</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-summit/biden-to-hold-solo-news-conference-after-putin-summit-idUSKCN2DO09F">Biden to hold solo news conference after Putin summit</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210612-121706/ Sat, 12 Jun 2021 12:17:06 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210612-121706/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-brexit/no-movement-uk-eu-show-little-sign-of-defusing-post-brexit-row-idUSKCN2DO088">No movement: UK, EU show little sign of defusing post-Brexit row</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210612-102033/ Sat, 12 Jun 2021 10:20:33 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210612-102033/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132553_princess-diana-s-1981-ford-escort-heads-to-auction">Princess Diana's 1981 Ford Escort heads to auction</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210612-101706/ Sat, 12 Jun 2021 10:17:05 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210612-101706/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-china/g7-to-counter-chinas-clout-with-big-infrastructure-project-senior-u-s-official-idUSKCN2DO048">G7 to counter China's clout with big infrastructure project - senior U.S. official</a><br></p> <hr> CARBIS BAY, England (Reuters) -The Group of Seven will seek to rival China’s multi-trillion-dollar Belt and Road initiative on Saturday by announcing a global infrastructure plan to help developing nations, a senior official in U.S. President Joe Biden's administration said.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210612-061734/ Sat, 12 Jun 2021 06:17:33 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210612-061734/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-china/g7-to-counter-chinas-belt-and-road-with-infrastructure-project-senior-us-official-idUSKCN2DO048">G7 to counter China's belt and road with infrastructure project - senior US official</a><br></p> <hr> The Group of Seven rich nations will announce on Saturday a new global infrastructure plan as a response to China's belt and road intiative, a senior official in U.S. President Joe Biden's administration said.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210612-042150/ Sat, 12 Jun 2021 04:21:50 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210612-042150/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132562_preview-2022-lexus-nx-leads-a-youth-movement-with-hybrid-options-new-infotainment">Preview: 2022 Lexus NX leads a youth movement with hybrid options, new infotainment</a><br> https://www.whatsupup.com/blog/gigabit/polenta/20210612-042040/ Sat, 12 Jun 2021 04:20:40 +0000 https://www.whatsupup.com/blog/gigabit/polenta/20210612-042040/ <p><a rel="noreferrer" target="_blank" href="https://svbtle.com">An error has occurred.</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://svbtle.com">Svbtle →</a> System ready ▮<br> <a rel="noreferrer" target="_blank" href="https://svbtle.com">500</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210612-041823/ Sat, 12 Jun 2021 04:18:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210612-041823/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/hong-kong-democracy-activist-agnes-chow-released-from-prison-idUSKCN2DO01Z">Hong Kong democracy activist Agnes Chow released from prison</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210612-001801/ Sat, 12 Jun 2021 00:18:01 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210612-001801/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/perus-castillo-on-verge-of-being-named-president-after-last-minute-vote-wrangling-idUSKCN2DN1QW">Peru's Castillo on verge of being named President after last-minute vote wrangling</a><br></p> <hr> LIMA (Reuters) -Peru's presidential election front-runner Pedro Castillo was poised for victory on Friday night, despite legal wrangles over the ultra-close vote count that had ignited tensions in the Andean nation.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-russia-usa-putin/putin-says-relations-with-u-s-at-lowest-point-in-years-idUSKCN2DN2JW">Putin says relations with U.S. at lowest point in years</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210612-001748/ Sat, 12 Jun 2021 00:17:47 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210612-001748/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/cd-projekt-red-says-its-data-is-likely-circulating-online-after-ransom-attack/">CD Projekt Red does an about-face, says ransomware crooks are leaking data</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210611-221652/ Fri, 11 Jun 2021 22:16:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210611-221652/ The northern highlands of Ethiopia became a global byword for famine in the mid-1980s, when drought and conflict combined to create a disaster that killed as many as one million people. Now hunger is stalking the Tigray region again, and a senior UN official alleges that starvation is being used as a weapon of war.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/perus-castillo-tells-backers-to-stay-alert-as-vote-count-tensions-rise-idUSKCN2DN1QW">Peru's Castillo tells backers to 'stay alert' as vote count tensions rise</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210611-221635/ Fri, 11 Jun 2021 22:16:35 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210611-221635/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/cd-projekt-red-says-its-data-is-likely-circulating-online-after-ransom-attack/">CD Project Red does an about-face, says ransomware crooks are leaking data</a><br></p> <hr> Data taken in breach disclosed in February likely related to employees and contractors.<br> https://www.whatsupup.com/blog/sited/implore/20210611-221620/ Fri, 11 Jun 2021 22:16:19 +0000 https://www.whatsupup.com/blog/sited/implore/20210611-221620/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/11/technology/big-tech-antitrust-bills.html">Lawmakers, Taking Aim at Big Tech, Push Sweeping Overhaul of Antitrust A bipartisan group of House members introduced five bills targeting Amazon, Apple, Facebook and Google. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210611-201701/ Fri, 11 Jun 2021 20:17:01 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210611-201701/ Reuters wins the Pulitzer Prize for Explanatory Reporting on how qualified immunity shields cops of excessive force <a rel="noreferrer" target="_blank" href="https://www.reuters.com/investigates/section/usa-police-immunity/">VIEW MORE</a><br> The new Israeli government set to end Benjamin Netanyahu's 12-year tenure as prime minister signed its final coalition agreements on Friday, pointedly including term limits.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ethiopia-conflict-famine-exclusive/exclusive-un-official-accuses-eritrean-forces-of-deliberately-starving-tigray-idUSKCN2DN285">Exclusive-UN official accuses Eritrean forces of deliberately starving Tigray</a><br> https://www.whatsupup.com/blog/sited/implore/20210611-201630/ Fri, 11 Jun 2021 20:16:29 +0000 https://www.whatsupup.com/blog/sited/implore/20210611-201630/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/11/technology/big-tech-antitrust-bills.html">Lawmakers, Taking Aim at Big Tech, Push Sweeping Overhaul of Antitrust A bipartisan group of House members introduced five bills that take direct aim at Amazon, Apple, Facebook and Google. By Cecilia Kang</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210611-181648/ Fri, 11 Jun 2021 18:16:48 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210611-181648/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/new-israeli-government-seals-coalition-deals-as-netanyahu-era-approaches-its-end-idUSKCN2DN1YM">New Israeli government seals coalition deals as Netanyahu era approaches its end</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210611-181047/ Fri, 11 Jun 2021 18:10:47 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210611-181047/ Interesting and probing response to my recent interview with @Progrockfarmer from @DouthatNYT! <a rel="noreferrer" target="_blank" href="https://t.co/AGlPTSLSs9"><a href="https://t.co/AGlPTSLSs9">https://t.co/AGlPTSLSs9</a></a><br> https://www.whatsupup.com/blog/rubicundity/envenomation/20210611-180648/ Fri, 11 Jun 2021 18:06:47 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20210611-180648/ <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/one-thing-you-should-learn-from-david-goggins">One thing you should learn from David Goggins</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-change-for-the-better">How to change for the better</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-set-goals-that-work">How to set goals that work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-finally-start-doing-something-about-your-dreams">How to finally start doing something about your dreams</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-avoid-i-ll-do-it-tomorrow">How to avoid “I’ll do it tomorrow”</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/case-study-why-you-should-play-factorio">Case Study: Why you should play Factorio</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-real-benefits-of-gaming">The real benefits of gaming</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/play-the-ultimate-game-your-real-life">Play the ultimate game: your real life</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/the-real-reason-why-you-get-distracted">The real reason why you get distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/today-shouldnt-suck">Today shouldn’t suck</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted">4 most common ways of getting distracted</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself">How to be more productive without forcing yourself</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/how-to-focus-on-work">How to focus on work</a> <a rel="noreferrer" target="_blank" href="https://www.deprocrastination.co/blog/block-out-input-free-time">Block out input-free time</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210611-162005/ Fri, 11 Jun 2021 16:20:04 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210611-162005/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1084154_2022-ferrari-v-6-hybrid-supercar-spy-shots-and-video">2022 Ferrari V-6 hybrid supercar spy shots and video: Entry-level mid-engine car coming</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210611-161654/ Fri, 11 Jun 2021 16:16:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210611-161654/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-summit-geneva/swiss-deploy-army-repair-villa-for-biden-putin-summit-idUSKCN2DN1WX">Swiss deploy army, repair villa for Biden-Putin summit</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210611-141714/ Fri, 11 Jun 2021 14:17:14 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210611-141714/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-foreign-exclusive/exclusive-chinas-attacks-on-foreign-forces-threaten-hong-kongs-global-standing-top-u-s-envoy-idUSKCN2DN0TZ">Exclusive: China's attacks on 'foreign forces' threaten Hong Kong's global standing - top U.S. envoy</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nato-summit-usa-turkey/erdogans-summit-with-biden-clouded-by-bitter-disputes-idUSKCN2DN169">Erdogan's summit with Biden clouded by bitter disputes</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210611-121719/ Fri, 11 Jun 2021 12:17:17 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210611-121719/ Trump-inspired death threats are terrorizing election workers <a rel="noreferrer" target="_blank" href="https://www.reuters.com/investigates/special-report/usa-trump-georgia-threats/">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-raab-exclusive/exclusive-uks-raab-some-countries-are-using-vaccines-as-a-geopolitcal-tool-idUSKCN2DN0SQ">Exclusive-UK's Raab: Some countries are using vaccines as a geopolitcal tool</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210611-101945/ Fri, 11 Jun 2021 10:19:44 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210611-101945/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1124807_2022-volkswagen-multivan-price-specs-review-photos-info">Volkswagen's T7-generation van debuts in Multivan guise</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132533_2022-honda-civic-hatchback-price-specs-review-photos-info">US-built 2022 Honda Civic Hatchback teased ahead of June 23 reveal</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210611-101655/ Fri, 11 Jun 2021 10:16:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210611-101655/ In 2017 the president of the United States shocked Washington's Western allies during his first European trip, scolding them for failing to pay their "fair share" on defense, physically shoving aside one prime minister, and white-knuckling another leader in a public handshake.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security-foreign-exclusive/exclusive-chinas-attacks-on-foreign-forces-threaten-hong-kongs-global-standing-top-u-s-envoy-idUSKCN2DN0TZ">Exclusive-China's attacks on 'foreign forces' threaten Hong Kong's global standing -top U.S. envoy</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210611-082114/ Fri, 11 Jun 2021 08:21:14 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210611-082114/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1129699_2021-tesla-model-s-plaid-price-specs-review-photos-info">Preview: 2021 Tesla Model S Plaid is world's quickest car, costs $131,190</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210611-041739/ Fri, 11 Jun 2021 04:17:39 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210611-041739/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-india-vaccine/young-indian-unvaccinated-the-worlds-largest-inoculation-drive-falters-idUSKCN2DN06L">Young, Indian, Unvaccinated: the world's largest inoculation drive falters</a><br></p> <hr> India began an inoculation drive for its 1.38 billion people in earnest in mid-January.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-biden-allies/america-may-be-back-at-g7-but-allies-doubts-about-u-s-democracy-linger-idUSKCN2DN09Z">America may be 'back' at G7, but allies' doubts about U.S. democracy linger</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/people-have-awakened-perus-castillo-closes-in-on-election-win-idUSKCN2DM1SG">'People have awakened': Peru's Castillo closes in on election win</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210611-001753/ Fri, 11 Jun 2021 00:17:53 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210611-001753/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/perus-castillo-nears-victory-in-tight-presidential-election-idUSKCN2DM1SG">Peru's Castillo nears victory in tight presidential election</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nicaragua-usa/u-s-vows-to-review-trade-cooperation-with-nicaragua-if-elections-unfair-idUSKCN2DM2T5">U.S. vows to review trade cooperation with Nicaragua if elections unfair</a><br> https://www.whatsupup.com/blog/overgrazing/propellent/20210611-001643/ Fri, 11 Jun 2021 00:16:43 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210611-001643/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/congress-is-going-to-throw-the-kitchen">Congress Is Going To Throw The Kitchen Sink At Big Tech</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/congress-is-going-to-throw-the-kitchen">Big Technology obtained the five draft bills currently circulating around the House of Representatives that target Big Tech. If they’re signed into law, it will be bad news for the tech giants.</a><br> Jun 4 <a rel="noreferrer" target="_blank" href="javascript:void(0)">8</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/twitters-certainty-problem/comments">Comment</a> <a rel="noreferrer" target="_blank" href="javascript:void(0)">Share</a><br> https://www.whatsupup.com/blog/trifid/ragwort/20210611-001626/ Fri, 11 Jun 2021 00:16:25 +0000 https://www.whatsupup.com/blog/trifid/ragwort/20210611-001626/ <a rel="noreferrer" target="_blank" href="https://smartcar.com/customers/">Customers Learn how mobility businesses build and scale with Smartcar</a> <a rel="noreferrer" target="_blank" href="https://smartcar.com/blog/">Blog Read our latest product and company updates</a> <a rel="noreferrer" target="_blank" href="https://smartcar.com/careers/">Careers We’re hiring! Explore open positions and benefits</a> <a rel="noreferrer" target="_blank" href="https://smartcar.com/about/">About us Meet the Smartcar team and learn about our mission</a> <a rel="noreferrer" target="_blank" href="https://smartcar.com/contact/">Support & live chat We’re here to help</a> <a rel="noreferrer" target="_blank" href="https://smartcar.com/press/">Press Writing about mobility? Let’s chat</a><br> <a rel="noreferrer" target="_blank" href="https://smartcar.com/customers/">Customers</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210610-221945/ Thu, 10 Jun 2021 22:19:44 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210610-221945/ On the road―or paved track—the star is something else: WTF mode….<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210610-221638/ Thu, 10 Jun 2021 22:16:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210610-221638/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-biden-vaccine/biden-says-biggest-vaccine-donation-supercharges-battle-against-coronavirus-idUSKCN2DM0FE">Biden says biggest vaccine donation 'supercharges' battle against coronavirus</a><br></p> <hr> U.S. President Joe Biden said on Thursday that a donation of 500 million doses of the Pfizer COVID-19 vaccine to the world's poorest countries would supercharge the battle with the virus and comes with "no strings attached."<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-venezuela-vaccine/venezuela-says-payments-to-covax-vaccine-system-have-been-blocked-idUSKCN2DM2PV">Venezuela says payments to COVAX vaccine system have been blocked</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210610-200736/ Thu, 10 Jun 2021 20:07:36 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210610-200736/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/on-prem-vs-cloud/">On-prem vs cloud: Why you have more options than you think The debate between on-premise vs cloud is nothing new. We've collected deeper context and frameworks to make evaluating your options easier.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210610-182039/ Thu, 10 Jun 2021 18:20:39 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210610-182039/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1127888_2022-audi-a3-price-specs-review-photos-info">Preview: 2022 Audi A3 lets you move up in the compact class for $34,945</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1128619_2022-audi-s3-price-specs-review-photos-info">Preview: 2022 Audi S3 will add some sport to your life for $45,945</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210610-181730/ Thu, 10 Jun 2021 18:17:30 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210610-181730/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit/biden-meets-britains-johnson-to-warn-over-northern-irish-peace-idUSKCN2DL2NB">Biden meets Britain's Johnson, to warn over Northern Irish peace</a><br></p> <hr> U.S. President Joe Biden brought a grave Brexit warning to his first meeting with British Prime Minister Boris Johnson on Thursday: Prevent a row with the European Union from imperilling the delicate peace in Northern Ireland.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/perus-castillo-closes-in-on-victory-in-presidential-election-idUSKCN2DM1SG">Peru's Castillo closes in on victory in presidential election</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-mexico-cartel-wife/wife-of-el-chapo-could-face-decade-in-u-s-prison-after-guilty-plea-idUSKCN2DM110">Wife of 'El Chapo' could face decade in U.S. prison after guilty plea</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210610-181728/ Thu, 10 Jun 2021 18:17:28 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210610-181728/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/data-thieving-hackers-strike-again-stealing-ea-source-code-and-police-data/">EA source code stolen by hacker claiming to sell it online</a><br></p> <hr> More organizations feel the pain as the ransomware scourge grows more pernicious.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210610-162130/ Thu, 10 Jun 2021 16:21:30 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210610-162130/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132551_geely-vision-starburst-concept-shows-off-automaker-s-new-design-direction">Geely Vision Starburst concept shows off automaker's new design direction</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132495_new-jeep-grand-cherokee-to-spawn-two-row-plug-in-hybrid-options-in-2021">New Jeep Grand Cherokee to spawn two-row, plug-in hybrid options in 2021</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132248_deep-dive-the-yenko-camaro-and-dodge-challenger-from-2-fast-2-furious">Deep dive: The Yenko Camaro and Dodge Challenger from "2 Fast 2 Furious"</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210610-161819/ Thu, 10 Jun 2021 16:18:18 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210610-161819/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit/biden-meets-britains-johnson-to-warn-over-n-irish-peace-idUSKCN2DL2NB">Biden meets Britain's Johnson, to warn over N.Irish peace</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-palestinians-violence/israeli-forces-kill-palestinian-militant-two-security-officers-in-west-bank-clash-idUSKCN2DM08L">Israeli forces kill Palestinian militant, two security officers in West Bank clash</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210610-161757/ Thu, 10 Jun 2021 16:17:57 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210610-161757/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/nameless-malware-collects-1-2tb-of-sensitive-data-and-stashes-it-online/">Mystery malware steals 26M passwords from millions of PCs. Are you affected?</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210610-142235/ Thu, 10 Jun 2021 14:22:34 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210610-142235/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131105_2021-ford-f-150-raptor-price-specs-review-photos-info">Preview: 2021 Ford F-150 Raptor comes with 450 hp, rear coil springs, $65,840 price tag</a><br> https://www.whatsupup.com/blog/underpeopled/multichannel/20210610-141841/ Thu, 10 Jun 2021 14:18:41 +0000 https://www.whatsupup.com/blog/underpeopled/multichannel/20210610-141841/ <a rel="noreferrer" target="_blank" href="https://github.com/customer-stories?type=enterprise">Customer Stories</a><br> https://www.whatsupup.com/blog/hardened/twinkled/20210610-141832/ Thu, 10 Jun 2021 14:18:31 +0000 https://www.whatsupup.com/blog/hardened/twinkled/20210610-141832/ <a rel="noreferrer" target="_blank" href="https://github.com/customer-stories?type=enterprise">Customer Stories</a><br> https://www.whatsupup.com/blog/evildoer/onionskin/20210610-140931/ Thu, 10 Jun 2021 14:09:31 +0000 https://www.whatsupup.com/blog/evildoer/onionskin/20210610-140931/ <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2021/06/04/the-van-buren-decision-is-a-strong-step-forward-for-public-interest-research-online/">The Van Buren decision is a strong step forward for public interest research online</a> June 4, 2021<br> https://www.whatsupup.com/blog/sovietizing/ohioan/20210610-140927/ Thu, 10 Jun 2021 14:09:26 +0000 https://www.whatsupup.com/blog/sovietizing/ohioan/20210610-140927/ <p><a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2021/06/10/working-in-the-open-enhancing-privacy-and-security-in-the-dns/">Working in the open: Enhancing privacy and security in the DNS</a><br></p> <hr> In 2018, we started pioneering work on securing one of the oldest parts of the Internet, one that had till then remained largely untouched by efforts to make the web … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2021/06/10/working-in-the-open-enhancing-privacy-and-security-in-the-dns/">Read more</a><br> <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2021/06/10/working-in-the-open-enhancing-privacy-and-security-in-the-dns/">Working in the open: Enhancing privacy and security in the DNS</a> June 10, 2021<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210610-122051/ Thu, 10 Jun 2021 12:20:50 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210610-122051/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132545_2022-chevrolet-corvette-price-specs-review-photos-info">Preview: 2022 Chevrolet Corvette receives engine tweaks, IMSA GTLM special edition</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132543_2023-kia-niro-spy-shots">2023 Kia Niro spy shots: Radical look pegged for compact crossover</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210610-121749/ Thu, 10 Jun 2021 12:17:48 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210610-121749/ <p>An Indian state has raised its COVID-19 death toll sharply higher after the discovery of thousands of unreported cases, lending weight to suspicion that India's overall death tally is significantly more than the official figure.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit/biden-warns-britain-dont-imperil-northern-irish-peace-idUSKCN2DL2NB">Biden warns Britain: Don't imperil Northern Irish peace</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-who-europe/who-issues-covid-19-warning-to-europe-before-summer-travels-idUSKCN2DM0XJ">WHO issues COVID-19 warning to Europe before summer travels</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/06/09/meet-grace-the-robot-spawned-from-the-he?videoId=731188958&videoChannel=118169">Meet Grace, the robot spawned from the health crisis</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210610-081901/ Thu, 10 Jun 2021 08:19:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210610-081901/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit/biden-has-a-brexit-warning-for-britain-dont-imperil-n-irish-peace-idUSKCN2DL2NB">Biden has a Brexit warning for Britain: Don't imperil N.Irish peace</a><br></p> <hr> CARBIS BAY, England (Reuters) -U.S. President Joe Biden will bring a grave Brexit warning to his first meeting with British Prime Minister Boris Johnson: Prevent a row with the European Union from imperilling the delicate peace in Northern Ireland.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-india/indian-state-sharply-raises-covid-19-death-toll-prompting-call-for-wide-review-idUSKCN2DM09G">Indian state sharply raises COVID-19 death toll prompting call for wide review</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-ethiopia-conflict-famine-exclusive/some-350000-people-in-ethiopias-tigray-in-famine-u-n-document-idUSKCN2DL2SS">Some 350,000 people in Ethiopia's Tigray in famine -U.N. document</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210610-062300/ Thu, 10 Jun 2021 06:22:59 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210610-062300/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132538_next-gen-toyota-land-cruiser-debuts-with-twin-turbo-v-6-but-it-s-not-coming-to-the-u-s">2022 Toyota Land Cruiser debuts with twin-turbo V-6, but isn't coming to US</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210610-061932/ Thu, 10 Jun 2021 06:19:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210610-061932/ India records world’s highest single-day COVID-19 death toll with 6,148 fatalities <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DM09G">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit/biden-brings-a-brexit-warning-for-britain-dont-imperil-n-irish-peace-idUSKCN2DL2NB">Biden brings a Brexit warning for Britain: Don't imperil N.Irish peace</a><br></p> <hr> CARBIS BAY, England (Reuters) -U.S. President Joe Biden brings a grave Brexit warning to his first meeting with British Prime Minister Boris Johnson: Prevent a row with the European Union from imperiling the delicate peace in Northern Ireland.<br> https://www.whatsupup.com/blog/sited/implore/20210610-061907/ Thu, 10 Jun 2021 06:19:07 +0000 https://www.whatsupup.com/blog/sited/implore/20210610-061907/ <a rel="noreferrer" target="_blank" href="https://cn.nytimes.com/usa/20210610/biden-tiktok-ban-trump/">阅读简体中文版</a> <a rel="noreferrer" target="_blank" href="https://cn.nytimes.com/usa/20210610/biden-tiktok-ban-trump/zh-hant/">閱讀繁體中文版</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210610-021942/ Thu, 10 Jun 2021 02:19:42 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210610-021942/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-guatemala-military/guatemalan-court-charges-retired-soldiers-for-civil-war-killings-disappearances-idUSKCN2DM02A">Guatemalan court charges retired soldiers for Civil War killings, disappearances</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210610-002029/ Thu, 10 Jun 2021 00:20:28 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210610-002029/ President Joe Biden on Wednesday began his first trip abroad since taking office by hailing America's unwavering commitment to the NATO alliance and warning Russia it faced "robust and meaningful" consequences if it engaged in harmful activities.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-southkorea-economy-millennial/young-voter-anger-over-housing-jobs-threatens-moons-legacy-in-south-korea-idUSKCN2DL2TL">Young voter anger over housing, jobs threatens Moon's legacy in South Korea</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210610-001845/ Thu, 10 Jun 2021 00:18:43 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210610-001845/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/">Attack of the week: 64-bit ciphers in TLS</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210609-222001/ Wed, 09 Jun 2021 22:20:01 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210609-222001/ <p>Russian court declares Navalny's opposition groups 'extremist,' barring members from running in a parliamentary election <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DL2II">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-biden-departure/biden-warns-russia-it-faces-robust-response-for-harmful-actions-as-he-begins-european-visit-idUSKCN2DL0C6">Biden warns Russia it faces 'robust' response for harmful actions as he begins European visit</a><br></p> <hr> MILDENHALL, England (Reuters) -President Joe Biden on Wednesday began his first trip abroad since taking office by hailing America's unwavering commitment to the NATO alliance and warning Russia it faced "robust and meaningful" consequences if it engaged in harmful activities.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-indigenous-lawsuit/canada-proposes-to-settle-indigenous-lawsuit-after-discovery-of-childrens-remains-idUSKCN2DL2KR">Canada proposes to settle indigenous lawsuit after discovery of children's remains</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-russia-politics-navalny/court-outlaws-kremlin-critic-navalnys-network-in-pre-election-knockout-idUSKCN2DL0RT">Court outlaws Kremlin critic Navalny's network in pre-election knockout</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210609-221942/ Wed, 09 Jun 2021 22:19:42 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210609-221942/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/nameless-malware-collects-1-2tb-of-sensitive-data-and-stashes-it-online/">Mystery malware steals 26M passwords from 3M PCs. Are you affected?</a><br></p> <hr> Massive trove can be used for ransomware, espionage, and more.<br> https://www.whatsupup.com/blog/sited/implore/20210609-221940/ Wed, 09 Jun 2021 22:19:39 +0000 https://www.whatsupup.com/blog/sited/implore/20210609-221940/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/09/us/politics/biden-order-tiktok.html">Biden Revokes and Replaces Trump Order That Banned TikTok The new order calls for a broader review of a number of foreign-controlled applications that could pose a security risk to Americans and their data. By Katie Rogers and Cecilia Kang</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210609-202005/ Wed, 09 Jun 2021 20:20:04 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210609-202005/ <p>The U.S. plans to donate 500 million Pfizer COVID-19 vaccine doses globally over the next two years, a source says <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DL29V">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-immigration-mexico/mexico-hails-harris-after-visit-flags-more-border-talks-idUSKCN2DL1QY">Mexico hails Harris after visit, flags more border talks</a><br></p> <hr> MEXICO CITY (Reuters) -Mexico's government on Wednesday praised U.S. Vice President Kamala Harris following talks aimed at curbing undocumented immigration, and said another top Biden administration official would visit next week for more discussions.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-turkey-biden-erdogan/turkey-optimistic-about-erdogan-biden-meeting-at-nato-summit-minister-idUSKCN2DL2HL">Turkey optimistic about Erdogan-Biden meeting at NATO summit -minister</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election-castillo-policy/perus-castillo-to-respect-market-economy-if-declared-election-winner-says-adviser-idUSKCN2DL2EJ">Peru's Castillo to respect market economy if declared election winner, says adviser</a><br> https://www.whatsupup.com/blog/boxed/modification/20210609-201638/ Wed, 09 Jun 2021 20:16:37 +0000 https://www.whatsupup.com/blog/boxed/modification/20210609-201638/ <p>requires<br> -clause syntax pitfall<br> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#compiler-diagnostics">compiler-diagnostics</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#concepts">concepts</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#implementation-divergence">implementation-divergence</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#pitfalls">pitfalls</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#slack">slack</a><br> In my CppCon 2018 talk <a rel="noreferrer" target="_blank" href="https://www.youtube.com/watch?v=CXn02MPkn8Y">“Concepts As She Is Spoke,”</a> I presented some pitfalls in<br> -clause syntax, such as:<br> template<class T> concept HasHash = requires (const T& t) { t.hash() -> std::integral; };</p> <p>struct X { int hash() const; }; static_assert(!HasHash<X>);<br> On the cpplang Slack today, John Eivind Helset and Eugenio Bargiacchi (inadvertently) showed me a new trap I hadn’t seen before: …<br></p> https://www.whatsupup.com/blog/reigned/coffeecake/20210609-200917/ Wed, 09 Jun 2021 20:09:16 +0000 https://www.whatsupup.com/blog/reigned/coffeecake/20210609-200917/ New: <a rel="noreferrer" target="_blank" href="http://paulgraham.com/own.html">A Project of One's Own</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/fn.html">Fierce Nerds</a> | <a rel="noreferrer" target="_blank" href="http://paulgraham.com/newideas.html">Crazy Ideas</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210609-182150/ Wed, 09 Jun 2021 18:21:50 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210609-182150/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132538_next-gen-toyota-land-cruiser-debuts-with-twin-turbo-v-6-but-it-s-not-coming-to-the-u-s">Next-gen Toyota Land Cruiser debuts with twin-turbo V-6, but it's not coming to the U.S.</a><br> https://www.whatsupup.com/blog/sited/implore/20210609-181801/ Wed, 09 Jun 2021 18:17:58 +0000 https://www.whatsupup.com/blog/sited/implore/20210609-181801/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/09/us/politics/biden-tiktok-ban.html">Biden revokes and replaces Trump’s executive order that sought to ban TikTok. The directive replaces an order that has been tied up in litigation in favor of a broader review of foreign-controlled applications. By Katie Rogers and Cecilia Kang</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210609-180855/ Wed, 09 Jun 2021 18:08:55 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210609-180855/ <p><a rel="noreferrer" target="_blank" href="https://retool.com/blog/neo4j-story/">How Neo4j reduced churn by moving renewals out of Salesforce The story behind how Mike Brophy (VP of Global Renewals at Neo4J) reduced churn by built a custom internal tool to manage renewals outside of Salesforce.</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/descript-story/">How Descript gives engineers more time to build for customer impact The story behind how Andrew Mason (CEO and Founder of Descript) lifted the load off engineering teams building internal tools by moving to Retool.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/leadgenius-story/">How LeadGenius saved $1M with better internal tooling The story behind how Adam Louie (Senior Director of Business Operations at LeadGenius) built 3 internal applications that ended up saving LeadGenius $1M.</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210609-162107/ Wed, 09 Jun 2021 16:21:07 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210609-162107/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132517_1969-dodge-charger-daytona-nascar-race-car-heads-to-auction">1969 Dodge Charger Daytona NASCAR race car heads to auction</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210609-161750/ Wed, 09 Jun 2021 16:17:50 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210609-161750/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-europe-drugs/illegal-drugs-trade-goes-digital-for-pandemic-idUSKCN2DL1WE">Illegal drugs trade goes digital for pandemic</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-britain-eu-nireland/uk-eu-sausage-war-talks-yield-threats-not-progress-idUSKCN2DK2MT">UK-EU 'sausage war' talks yield threats, not progress</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210609-142058/ Wed, 09 Jun 2021 14:20:57 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210609-142058/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1128600_2022-jaguar-i-pace-price-specs-review-photos-info">Preview: 2022 Jaguar I-Pace revealed with improved charging, infotainment</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210609-141726/ Wed, 09 Jun 2021 14:17:25 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210609-141726/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-biden-departure/with-g7-summit-stop-first-biden-embarks-on-8-day-europe-trip-idUSKCN2DL0C6">With G7 summit stop first, Biden embarks on 8-day Europe trip</a><br></p> <hr> WASHINGTON (Reuters) -U.S. President Joe Biden departs for Britain on Wednesday on his first trip abroad since taking office, an eight-day mission to rebuild trans-Atlantic ties strained during the Trump era and to reframe relations with Russia.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-palestinians-children-trauma/she-screams-when-someone-comes-near-gaza-children-in-trauma-idUSKCN2DL1E6">'She screams when someone comes near': Gaza children in trauma</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210609-121722/ Wed, 09 Jun 2021 12:17:22 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210609-121722/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-summit-venue/biden-putin-set-to-meet-in-18th-century-swiss-villa-for-summit-idUSKCN2DL1A3">Biden, Putin set to meet in 18th-century Swiss villa for summit</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210609-121709/ Wed, 09 Jun 2021 12:17:08 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210609-121709/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/hackers-can-mess-with-https-connections-by-sending-data-to-your-email-server/">Hackers can mess with HTTPS connections by sending data to your email server</a><br></p> <hr> Cross-protocol attacks could potentially steal login cookies or execute malicious code.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210609-102135/ Wed, 09 Jun 2021 10:21:34 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210609-102135/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132512_rugged-ineos-grenadier-suv-coming-to-us-in-2023">Rugged Ineos Grenadier SUV coming to US in 2023</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132495_new-jeep-grand-cherokee-to-spawn-2-row-plug-in-hybrid-options-in-2021">New Jeep Grand Cherokee to spawn 2-row, plug-in hybrid options in 2021</a><br> https://www.whatsupup.com/blog/traveling/splay/20210609-101928/ Wed, 09 Jun 2021 10:19:26 +0000 https://www.whatsupup.com/blog/traveling/splay/20210609-101928/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/es/2021/06/09/espanol/como-ver-eclipse-solar.html">Allá Afuera ¿Quieres ver el eclipse del ‘anillo de fuego’? Acá te explicamos todo lo que tienes que saber Este eclipse anular solar comenzará en Canadá y terminará en una parte remota de Rusia. En algunas regiones de Estados Unidos las personas solo verán un eclipse parcial. By Dennis Overbye</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/09/science/solar-eclipse-june-10.html">Out There Where to Watch the Ring of Fire Solar Eclipse at Sunrise An annular eclipse will start in Canada and end in a remote part of Russia. People in areas of the United States will see a partial eclipse. By Dennis Overbye</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210609-101826/ Wed, 09 Jun 2021 10:18:25 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210609-101826/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-biden-departure/with-g7-summit-the-first-stop-biden-embarks-on-8-day-trip-to-europe-idUSKCN2DL0C6">With G7 summit the first stop, Biden embarks on 8-day trip to Europe</a><br></p> <hr> U.S. President Joe Biden departs for Britain on Wednesday on his first trip abroad since taking office, an eight-day mission to rebuild trans-Atlantic ties strained during the Trump era and to reframe relations with Russia.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-japan-australia-china/japan-australia-raise-concerns-about-reported-abuses-in-china-idUSKCN2DL0RZ">Japan, Australia raise concerns about reported abuses in China</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-britain-eu-citizens-insight/brexit-bureaucracy-creates-british-nightmare-for-dutch-boat-captain-idUSKCN2DL0PH">Brexit bureaucracy creates British nightmare for Dutch boat captain</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210609-081927/ Wed, 09 Jun 2021 08:19:26 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210609-081927/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2013/04/16/beeminding-for-fun-and-profit/">Beeminding for fun and profit</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210609-061807/ Wed, 09 Jun 2021 06:18:06 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210609-061807/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/socialist-castillo-clings-on-to-tight-lead-in-peru-election-as-count-nears-end-idUSKCN2DK1XQ">Socialist Castillo clings on to tight lead in Peru election as count nears end</a><br></p> <hr> Peruvian socialist candidate Pedro Castillo held on to a narrow lead late on Tuesday in the country's runoff presidential election, as tensions rose over contested ballots and accusations of fraud, which sparked protests outside the elections office.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210609-042128/ Wed, 09 Jun 2021 04:21:28 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210609-042128/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132513_2022-bmw-4-series-gran-coupe-price-specs-review-photos-info">Preview: 2022 BMW 4-Series Gran Coupe grows in size, brawn</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132515_2022-bmw-x3-price-specs-review-photos-info">Preview: 2022 BMW X3 arrives with fresh looks, mild-hybrid tech</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132519_2022-bmw-x4-price-specs-review-photos-info">Preview: 2022 BMW X4 keeps sexy looks, adds tech</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132514_it-took-over-400-000-legos-to-create-this-lamborghini-sian-hypercar">It took over 400,000 Legos to create this Lamborghini Sian hypercar</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132510_arrival-of-new-astra-marks-next-step-in-opel-s-transformation">Arrival of new Astra marks next step in Opel's transformation</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132458_2022-ford-ranger-2022-bmw-m4-gt3-czinger-21c-car-news-headlines">2022 Ford Ranger, 2022 BMW M4 GT3, Czinger 21C: Car News Headlines</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210609-042008/ Wed, 09 Jun 2021 04:20:08 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210609-042008/ <p><a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/08/average-and-median-via-optimization/">Average and median via optimization</a><br></p> <hr> This is certainly not a new observation, and I’m sure it is folklore and/or contained in various textbooks, but it was amusing to derive it independently.<br> Suppose we have a finite set of real numbers , and we want to pick a value which is somehow “in the middle” of the . The punchline is that<br> if we want to minimize the sum of the squared distances from to each , we should pick to be the average of the ;<br> if we want to minimize the sum of the absolute distances from to each , we should pick to be the median of the .<br> The first of these is tricky to understand intuitively but easy to derive; the second is intuitively straightforward but trying to derive it leads to an interesting twist.<br> Average = minimizing sum of squared distances<br> Let’s not worry about why we would want to minimize the sum of squared distances; there are good reasons and it’s not the point. I don’t know about you, but I find it difficult to reason intuitively about how and why to pick to minimize this sum of squared differences. If you know of an intuitive way to explain this, I would love to hear about it! But in any case, it is easy to derive using some strightforward calculus.<br> Let denote the sum of squared distances from a given to each of the . Taking the derivative of with respect to , we find<br> Setting the derivative equal to zero, we can first divide through by the factor of 2, yielding<br> Since does not depend on , this is just copies of less the sum of the . Hence, solving for yields<br> as expected: the value of which minimizes the sum of squared distances to the is their average, that is, the sum of the divided by the size of the set.<br> Median = minimizing sum of absolute distances<br> Now suppose we want to minimize the sum of absolute distances instead, that is,<br> In this scenario, it is much easier to reason out the correct answer. Start with some arbitrary , and imagine nudging it by some small amount , say, to the right. ’s distances to any points on its left will each increase by , and its distances to any points on its right will each decrease by the same amount. Therefore, if there are more to the left of , then the overall sum of distances distances will increase; if there are more to the right, then the overall sum will decrease. So, to find which minimizes the sum of absolute differences, we want the same number of on the left and the right, that is, we want the median . Note that if is odd, then we must pick to be exactly equal to the in the middle; if is even, then we can pick to be anywhere inside the interval between the middle two .<br> Just for fun, can we derive this answer using calculus, like we did for minimizing squared differences? There is a wrinkle, of course, which is that the absolute value function is not differentiable everywhere: it has a sharp corner at zero. But we won’t let that stop us! Clearly the derivative of is when and when . So it seems reasonable to just assign the derivative a value of at . Algebraically, we can define<br> where is equal to when the proposition is true, and when it is false (this notation is called the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Iverson_bracket">Iverson bracket</a> ). So when we get ; when we get ; and when both propositions are false so we get .<br> Armed with this definition, we can differentiate with respect to :<br> Clearly, this is zero when , that is, when there are the same number of on either side of .<br> The curious thing to me is that even though the derivative of is undefined when , it seems like it “wants” to be 0 here. In general, if we assign the value to the derivative at , the derivative of becomes<br> When is nonzero and is odd, there are no values of for which this derivative is zero, making it more difficult to find the minimum.<br> Posted in <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/category/math/">math</a> | Tagged <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/absolute-value/">absolute value</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/average/">average</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/derivative/">derivative</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/median/">median</a> , <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/tag/optimization/">optimization</a> | <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2021/06/08/average-and-median-via-optimization/#respond">Leave a comment</a><br> <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2010/03/03/deriving-pleasure-from-ghc-6-12-1/">Deriving pleasure from GHC 6.12.1</a><br> https://www.whatsupup.com/blog/gaper/whisky/20210609-041852/ Wed, 09 Jun 2021 04:18:52 +0000 https://www.whatsupup.com/blog/gaper/whisky/20210609-041852/ <p><a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/06/implementing-private-fields-for-javascript/">Implementing Private Fields for JavaScript →</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://hacks.mozilla.org/2021/06/implementing-private-fields-for-javascript/">Implementing Private Fields for JavaScript</a><br> <hr> When implementing a language feature for JavaScript, an implementer must make decisions about how the language in the specification maps to the implementation. Private fields is an example of where the specification language and implementation reality diverge, at least in SpiderMonkey– the JavaScript engine which powers Firefox. To understand more, I’ll explain what private fields are, a couple of models for thinking about them, and explain why our implementation diverges from the specification language.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210609-041758/ Wed, 09 Jun 2021 04:17:58 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210609-041758/ <p>U.S. Senate passes sweeping bill to boost the country's ability to compete with Chinese technology <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DK2PU">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/socialist-castillo-holds-on-to-tight-lead-in-peru-election-as-protests-break-out-idUSKCN2DK1XQ">Socialist Castillo holds on to tight lead in Peru election as protests break out</a><br></p> <hr> Hundreds of Peruvians demonstrated outside the elections office in Lima on Tuesday as the presidential vote count neared its end, with socialist Pedro Castillo holding on to a narrow lead and tensions rising over contested ballots and accusations of fraud.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-attack-vigil/in-vigil-remembering-canadian-muslim-family-a-vow-that-this-is-our-city-idUSKCN2DL01C">In vigil remembering Canadian Muslim family, a vow that 'this is our city'</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-immigration-harris/harris-says-mexico-talks-candid-pledges-investment-to-stem-migration-idUSKCN2DK1BU">Harris says Mexico talks 'candid,' pledges investment to stem migration</a><br> https://www.whatsupup.com/blog/sited/implore/20210609-041727/ Wed, 09 Jun 2021 04:17:27 +0000 https://www.whatsupup.com/blog/sited/implore/20210609-041727/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/08/technology/google-ohio-public-utility.html">Ohio’s attorney general wants Google to be declared a public utility. If Google were declared a so-called common carrier like a utility company, it would prevent the company from prioritizing its own products, services and websites in search results. By Daisuke Wakabayashi and Cecilia Kang</a><br> https://www.whatsupup.com/blog/giuseppe/fibroma/20210609-041513/ Wed, 09 Jun 2021 04:15:13 +0000 https://www.whatsupup.com/blog/giuseppe/fibroma/20210609-041513/ <p><a rel="noreferrer" target="_blank" href="https://internalregister.github.io#content">Skip to the content.</a><br></p> <hr> Internal Register<br> Software and hardware projects for fun from a guy who loves retro computing<br> 2019-09-29 <a rel="noreferrer" target="_blank" href="https://internalregister.github.io/2019/09/29/Console-Video.html">‘HomeBrew’ Video Game Console - Video</a><br> 2019-09-29 <a rel="noreferrer" target="_blank" href="https://internalregister.github.io/2019/09/29/Console-PPU-Simulator.html">‘HomeBrew’ Video Game Console - PPU Simulator</a><br> 2019-07-26 <a rel="noreferrer" target="_blank" href="https://internalregister.github.io/2019/07/26/Console-CPU.html">‘HomeBrew’ Video Game Console - CPU Board</a><br> 2019-03-14 <a rel="noreferrer" target="_blank" href="https://internalregister.github.io/2019/03/14/Homebrew-Console.html">Building a ‘Homebrew’ Video Game Console</a><br> This page was generated by <a rel="noreferrer" target="_blank" href="https://pages.github.com">GitHub Pages</a> .<br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210609-041507/ Wed, 09 Jun 2021 04:15:05 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210609-041507/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/06/rustc-interop-in-android-platform.html">Rust/C++ interop in the Android Platform</a><br></p> <hr> Posted by Joel Galenson and Matthew Maurer, Android Team<br> One of the main challenges of evaluating Rust for use within the Android platform was ensuring we could provide sufficient interoperability with our existing codebase. If Rust is to meet its goals of improving security, stability, and quality Android-wide, we need to be able to use Rust anywhere in the codebase that native code is required. To accomplish this, we need to provide the majority of functionality platform developers use. As we discussed <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/04/rust-in-android-platform.html">previously</a> , we have too much C++ to consider ignoring it, rewriting all of it is infeasible, and rewriting older code would likely be counterproductive as the bugs in that code have largely been fixed. This means interoperability is the most practical way forward.<br> Before introducing Rust into the Android Open Source Project (AOSP), we needed to demonstrate that Rust interoperability with C and C++ is sufficient for practical, convenient, and safe use within Android. Adding a new language has costs; we needed to demonstrate that Rust would be able to scale across the codebase and meet its potential in order to justify those costs. This post will cover the analysis we did more than a year ago while we evaluated Rust for use in Android. We also present a follow-up analysis with some insights into how the original analysis has held up as Android projects have adopted Rust.<br> Language interoperability in Android<br> Existing language interoperability in Android focuses on well defined foreign-function interface (FFI) boundaries, which is where code written in one programming language calls into code written in a different language. Rust support will likewise focus on the FFI boundary as this is consistent with how AOSP projects are developed, how code is shared, and how dependencies are managed. For Rust interoperability with C, the C application binary interface (ABI) is already sufficient.<br> Interoperability with C++ is more challenging and is the focus of this post. While both Rust and C++ support using the C ABI, it is not sufficient for idiomatic usage of either language. Simply enumerating the features of each language results in an unsurprising conclusion: many concepts are not easily translatable, nor do we necessarily want them to be. After all, we’re introducing Rust because many features and characteristics of C++ make it difficult to write safe and correct code. Therefore, our goal is not to consider all language features, but rather to analyze how Android uses C++ and ensure that interop is convenient for the vast majority of our use cases.<br> We analyzed code and interfaces in the Android platform specifically, not codebases in general. While this means our specific conclusions may not be accurate for other codebases, we hope the methodology can help others to make a more informed decision about introducing Rust into their large codebase. Our colleagues on the Chrome browser team have done a similar analysis, which you can find <a rel="noreferrer" target="_blank" href="https://www.chromium.org/Home/chromium-security/memory-safety/rust-and-c-interoperability">here</a> .<br> This analysis was not originally intended to be published outside of Google: our goal was to make a data-driven decision on whether or not Rust was a good choice for systems development in Android. While the analysis is intended to be accurate and actionable, it was never intended to be comprehensive, and we’ve pointed out a couple of areas where it could be more complete. However, we also note that initial investigations into these areas showed that they would not significantly impact the results, which is why we decided to not invest the additional effort.<br> Methodology<br> Exported functions from Rust and C++ libraries are where we consider interop to be essential. Our goals are simple:<br> Rust must be able to call functions from C++ libraries and vice versa.<br> FFI should require a minimum of <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Boilerplate_code">boilerplate</a> .<br> FFI should not require deep expertise.<br> While making Rust functions callable from C++ is a goal, this analysis focuses on making C++ functions available to Rust so that new Rust code can be added while taking advantage of existing implementations in C++. To that end, we look at exported C++ functions and consider existing and planned compatibility with Rust via the C ABI and compatibility libraries. Types are extracted by running<br> objdump<br> on shared libraries to find external C++ functions they use <a rel="noreferrer" target="_blank" href="https://security.googleblog.com#fn1">1</a> and running<br> c++filt<br> to parse the C++ types. This gives functions and their arguments. It does not consider return values, but a preliminary analysis <a rel="noreferrer" target="_blank" href="https://security.googleblog.com#fn2">2</a> of those revealed that they would not significantly affect the results.<br> We then classify each of these types into one of the following buckets:<br> Supported by bindgen<br> These are generally simple types involving primitives (including pointers and references to them). For these types, Rust’s existing FFI will handle them correctly, and Android’s build system will <a rel="noreferrer" target="_blank" href="https://cs.android.com/android/platform/superproject/+/master:external/selinux/libselinux/Android.bp;l=268;drc=f30e6ff37683d72b65c160a808f87fe356c71c0b">auto-generate the bindings</a> .<br> Supported by cxx compat crate<br> These are handled by the <a rel="noreferrer" target="_blank" href="https://cxx.rs/">cxx</a> crate. This currently includes<br> std::string<br> ,<br> std::vector,<br> and C++ methods (including pointers/references to these types). Users simply have to <a rel="noreferrer" target="_blank" href="https://cxx.rs/index.html#example">define</a> the types and functions they want to share across languages and cxx will generate the code to do that safely.<br> Native support<br> These types are not directly supported, but the interfaces that use them have been manually reworked to add Rust support. Specifically, this includes types used by <a rel="noreferrer" target="_blank" href="https://android-review.googlesource.com/c/platform/system/tools/aidl/+/1357705">AIDL</a> and <a rel="noreferrer" target="_blank" href="https://android-review.googlesource.com/c/platform/build/soong/+/1412889">protobufs</a> .<br> We have also implemented a native interface for <a rel="noreferrer" target="_blank" href="https://android-review.googlesource.com/c/platform/frameworks/proto_logging/+/1592771">StatsD</a> as the existing C++ interface relies on method overloading, which is not well supported by bindgen and cxx <a rel="noreferrer" target="_blank" href="https://security.googleblog.com#fn3">3</a> . Usage of this system does not show up in the analysis because the C++ API does not use any unique types.<br> Potential addition to cxx<br> This is currently common data structures such as<br> <a rel="noreferrer" target="_blank" href="https://github.com/dtolnay/cxx/issues/87">std::optional</a><br> <hr> and<br> std::chrono::duration<br> and custom string and vector implementations.<br> These can either be supported natively by a future contribution to cxx, or by using its ExternType facilities. We have only included types in this category that we believe are relatively straightforward to implement and have a reasonable chance of being accepted into the cxx project.<br> We don't need/intend to support<br> Some types are exposed in today’s C++ APIs that are either an implicit part of the API, not an API we expect to want to use from Rust, or are language specific. Examples of types we do not intend to support include:<br> Mutexes - we expect that locking will take place in one language or the other, rather than needing to pass mutexes between languages, as per our coarse-grained philosophy.<br> native_handle<br> - this is a JNI interface type, so it is inappropriate for use in Rust/C++ communication.<br> std::locale&<br> - Android uses a separate locale system from C++ locales. This type primarily appears in output due to e.g.,<br> cout<br> usage, which would be inappropriate to use in Rust.<br> Overall, this category represents types that we do not believe a Rust developer should be using.<br> HIDL<br> Android is in the process of deprecating <a rel="noreferrer" target="_blank" href="https://source.android.com/devices/architecture/hidl">HIDL</a> and migrating to <a rel="noreferrer" target="_blank" href="https://source.android.com/devices/architecture/aidl/aidl-hals">AIDL for HALs</a> for new services.We’re also migrating some existing implementations to stable AIDL. Our current plan is to not support HIDL, preferring to migrate to stable AIDL instead. These types thus currently fall into the “We don't need/intend to support'' bucket above, but we break them out to be more specific. If there is sufficient demand for HIDL support, we may revisit this decision later.<br> Other<br> This contains all types that do not fit into any of the above buckets. It is currently mostly<br> being passed by value, which is not supported by cxx.<br> Top C++ libraries<br> One of the primary reasons for supporting interop is to allow reuse of existing code. With this in mind, we determined the most commonly used C++ libraries in Android:<br> liblog<br> libbase<br> libutils<br> libcutils<br> libhidlbase<br> libbinder<br> libhardware<br> libz<br> libcrypto<br> , and<br> libui<br> . We then analyzed all of the external C++ functions used by these libraries and their arguments to determine how well they would interoperate with Rust.<br> Overall, 81% of types are in the first three categories (which we currently fully support) and 87% are in the first four categories (which includes those we believe we can easily support). Almost all of the remaining types are those we believe we do not need to support.<br> Mainline modules<br> In addition to analyzing popular C++ libraries, we also examined <a rel="noreferrer" target="_blank" href="https://source.android.com/devices/architecture/modular-system">Mainline modules</a> . Supporting this context is critical as Android is <a rel="noreferrer" target="_blank" href="https://android-developers.googleblog.com/2019/05/fresher-os-with-projects-treble-and-mainline.html">migrating some of its core functionality to Mainline</a> , including much of the native code we hope to augment with Rust. Additionally, their modularity presents an opportunity for interop support.<br> We analyzed 64 binaries and libraries in 21 modules. For each analyzed library we examined their used C++ functions and analyzed the types of their arguments to determine how well they would interoperate with Rust in the same way we did above for the top 10 libraries.<br> Here 88% of types are in the first three categories and 90% in the first four, with almost all of the remaining being types we do not need to handle.<br> Analysis of Rust/C++ Interop in AOSP<br> With almost a year of Rust development in AOSP behind us, and more than a hundred thousand lines of code written in Rust, we can now examine how our original analysis has held up based on how C/C++ code is currently called from Rust in AOSP. <a rel="noreferrer" target="_blank" href="https://security.googleblog.com#fn4">4</a><br> The results largely match what we expected from our analysis with bindgen handling the majority of interop needs. Extensive use of AIDL by the new Keystore2 service results in the primary difference between our original analysis and actual Rust usage in the “Native Support” category.<br> A few current examples of interop are:<br> <a rel="noreferrer" target="_blank" href="https://cs.android.com/android/platform/superproject/+/master:system/bt/gd/rust/shim/src/hci.rs;l=9;drc=1417e3ea64248efebaa432d0428fce7f6c734104">Cxx in Bluetooth</a> - While Rust is intended to be the primary language for Bluetooth, migrating from the existing C/C++ implementation will happen in stages. Using cxx allows the Bluetooth team to more easily serve legacy protocols like HIDL until they are phased out by using the existing C++ support to incrementally migrate their service.<br> <a rel="noreferrer" target="_blank" href="https://cs.android.com/android/platform/superproject/+/master:system/security/keystore2/src/service.rs;l=343;drc=3ed5da79ae8698ded3684577b6b5094d9d596399">AIDL in keystore</a> - … https://www.whatsupup.com/blog/augur/cussed/20210609-040820/ Wed, 09 Jun 2021 04:08:20 +0000 https://www.whatsupup.com/blog/augur/cussed/20210609-040820/ <p><a rel="noreferrer" target="_blank" href="https://blog.discord.com/pushing-the-boundaries-of-discord-sabotage-studios-server-experience-5f39da3eabbf?source=collection_home---4------0-----------------------">Pushing the Boundaries of Discord: Sabotage Studio’s Server Experience</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://blog.discord.com/pushing-the-boundaries-of-discord-sabotage-studios-server-experience-5f39da3eabbf?source=collection_home---4------0-----------------------">Pushing the Boundaries of Discord: Sabotage Studio’s Server Experience Sabotage Studio will take you through their journey of leveraging Discord’s toolset to build the best community experience on the platform.</a><br> https://www.whatsupup.com/blog/incremental/comte/20210609-040759/ Wed, 09 Jun 2021 04:07:58 +0000 https://www.whatsupup.com/blog/incremental/comte/20210609-040759/ <p><a rel="noreferrer" target="_blank" href="https://howonlee.github.io/">Ferns</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/about/">About</a><br> <hr> Welcome!<br> Posts<br> May 10, 2021<br> Dec 26, 2020<br> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2020/12/26/Abstraction-20As-20Gambling.html">Program Abstraction as Gambling</a><br> <hr> Jun 14, 2020<br> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2020/06/14/Idiot-20Comedy-20Steps-20Towards-20Fast-20Classical-20Shors.html">Idiot Comedy Steps Towards Fast Classical Shor's</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2020/05/18/On-20The-20Deterministic-20Qubit.html">On the Deterministic Qubit</a><br> <hr> Feb 12, 2020<br> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2020/02/12/I-20Add-2020-20Seconds-20of-20Latency-20to-20Every-20Website-20I-20Visit.html">I Add 3-25 Seconds of Latency to Every Page I Visit</a><br> <hr> Oct 26, 2019<br> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2019/10/26/Listen-20To-20A-20NP-20Complete-20Problem.html">Listen To An NP-Complete Problem</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2019/10/12/Literallt-20Suffocating-20In-20Meetings-20A-20Little.html">Literally Suffocating In Meetings, A Little</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2019/06/30/An-20Algorithmic-20Approach-20To-20Alienation.html">An Algorithmic Approach to Alienation</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2019/02/26/Fast-20Newtons-20Method-20For-20Neural-20Nets-20With-20Finite-20Difference.html">Fast Newton's Method for Neural Nets, with Finite Difference</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2019/02/18/Two-20Strange-20Useless-20Things-20To-20Do-20With-20Neural-20Nets.html">Two Strange and Useless Things to Do With a Neural Net</a><br> <hr> Jan 31, 2019<br> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2019/01/31/JR-20Bob-20Dobbs-20Fast-20Newtons-20Method.html">J. R. "Bob" Dobbs Memorial Fast Finite Difference Newton's Method</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2019/01/07/JR-20Bob-20Dobbs-20Fast-20Hessian-20Inverse-20Multiplication-20Method.html">J. R. "Bob" Dobbs Memorial Fast Hessian Inverse Multiplication Method</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2018/01/03/Your-20Market-20Can-27t-20Learn-20XOR.html">Your Market Can't Learn XOR</a><br> <hr> Nov 9, 2017<br> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2017/11/09/Hard-20Problems-20Of-20Consciousness-2c-20Consciousness-20Of-20Hard-20Problems.html">The Hard Problem of Consciousness, The Consciousness of Hard Problems</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2017/05/30/Poking-20At-20Causation2c.html">Poking At Causation 2c / 3</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://howonlee.github.io/2016/01/21/Poking-20At-20Causation1.html">Poking At Causation 1 / 3</a><br> <hr> Ferns<br> <a rel="noreferrer" target="_blank" href="https://github.com/howonlee">howonlee</a><br> <hr> https://www.whatsupup.com/blog/ideo/fleury/20210609-040609/ Wed, 09 Jun 2021 04:06:08 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210609-040609/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/microsoft-patches-six-zero-day-security-holes/">Microsoft Patches Six Zero-Day Security Holes</a><br></p> <hr> Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks.<br> June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately. But what this month lacks in volume it makes up for in urgency: Microsoft warns that bad guys are leveraging a half-dozen of those weaknesses to break into computers in targeted attacks.<br> Among the zero-days are:<br> – <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742">CVE-2021-33742</a> , a remote code execution bug in a Windows HTML component. – <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955">CVE-2021-31955</a> , an information disclosure bug in the Windows Kernel – <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956">CVE-2021-31956</a> , an elevation of privilege flaw in Windows NTFS – <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739">CVE-2021-33739</a> , an elevation of privilege flaw in the Microsoft Desktop Window Manager – <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201">CVE-2021-31201</a> , an elevation of privilege flaw in the Microsoft Enhanced Cryptographic Provider – <a rel="noreferrer" target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199">CVE-2021-31199</a> , an elevation of privilege flaw in the Microsoft Enhanced Cryptographic Provider<br> Kevin Breen , director of cyber threat research at Immersive Labs , said elevation of privilege flaws are just as valuable to attackers as remote code execution bugs: Once the attacker has gained an initial foothold, he can move laterally across the network and uncover further ways to escalate to system or domain-level access.<br> “This can be hugely damaging in the event of ransomware attacks, where high privileges can enable the attackers to stop or destroy backups and other security tools,” Breen said. “The ‘exploit detected’ tag means attackers are actively using them, so for me, it’s the most important piece of information we need to prioritize the patches.” <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/microsoft-patches-six-zero-day-security-holes/#more-55896">Continue reading →</a><br> https://www.whatsupup.com/blog/tweediest/constructed/20210608-125927/ Tue, 08 Jun 2021 12:59:26 +0000 https://www.whatsupup.com/blog/tweediest/constructed/20210608-125927/ <p><a rel="noreferrer" target="_blank" href="https://mtlynch.io/">Michael Lynch</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/posts/">Blog</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/retrospectives/">Retrospectives</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/projects/">Projects</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/book-reports/">Book Reports</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/about/">About</a><br> <hr> I'm Michael Lynch, software developer and blogger. I used to work as a software engineer at large companies, but now I run small software businesses of my own and blog about the process.<br> Most Popular Articles<br> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/why-i-quit-google/">Why I Quit Google to Work for Myself</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/tinypilot/">TinyPilot: Build a KVM Over IP for Under $100</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/stole-siacoins/">How I Stole Your Siacoin</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/solo-developer-year-2/">My Second Year as a Solo Developer</a><br> <hr> Articles about Software Development<br> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/code-review-love/">How to Make Your Code Reviewer Fall in Love with You</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/human-code-reviews-1/">How to Do Code Reviews Like a Human</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/good-developers-bad-tests/">Why Good Developers Write Bad Unit Tests</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/painless-web-app-testing/">End-to-End Testing Web Apps: The Painless Way</a><br> <hr> Articles about Blogging<br> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/editor/">How I Hired a Freelance Editor for My Blog</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/how-to-hire-a-cartoonist/">How to Hire a Cartoonist to Make Your Blog Less Boring</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://mtlynch.io/hiring-content-writers/">Hiring Content Writers: A Guide for Small Businesses</a><br> <hr> Crafted with ❤️ in Western Massachusetts. <pre><code> · © 2021<br> </code></pre> <p>This work is licensed under a <a rel="noreferrer" target="_blank" href="http://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a> .<br></p> https://www.whatsupup.com/blog/palpable/mulla/20210608-123319/ Tue, 08 Jun 2021 12:33:18 +0000 https://www.whatsupup.com/blog/palpable/mulla/20210608-123319/ <p>Articles<br> 2021/04/25<br> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2021/04/12/main-master.html">Default branches at work</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2021/02/22/cloud-services.html">Cloud services, winter 2021</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2020/10/02/scf-stuf.html">U.S.-Distribution-of-Wealth Stuf Oreos</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2020/08/12/closeguard.html">“A resource failed to call close.”</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2020/08/10/glitch-privesc-2019.html">Root access on Glitch</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2020/08/03/firebase-messaging-apache.html">Firebase Messaging open source license</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2020/07/17/github-indent.html">Auto-indenting code blocks in GitHub comments</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2020/03/08/diablo3-resources.html">Resources in Diablo 3</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2020/02/18/libkate.html">The reason you need to install a karaoke captioning library if you want to change your desktop wallpaper</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2020/01/26/vmstat-swap-unit.html">vmstat(8) swap unit</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2020/01/22/bathroom-brands.html">Brands in the bathroom</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2020/01/05/pandora.html">Pandora’s track title display</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2020/01/04/jekyll-link.html">How Jekyll checks if a link is valid</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2020/01/02/scissors.html">Which emoji scissors close</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2019/11/16/easter-egg-inspection.html">Android Studio’s “Code contains easter egg” inspection</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2019/11/05/rasterization.html">Rasterization of coincident edges</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2019/11/02/eoa.html">The essence of anticipation (2016)</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2019/10/31/intellij-desktop.html">How IntelliJ determines if it can create a desktop entry</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2019/09/09/idea-shellcheck.html">How IntelliJ IDEA installs shellcheck</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2019/03/02/highlight-all-65.html">Highlight All in Firefox 65</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2018/03/18/proxycommand.html">Writing a ProxyCommand for SSH</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2018/03/15/windows-size.html">Windows disk space requirements</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2018/02/27/ssh-protocol.html">The SSH protocol</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2018/02/24/firebase-messaging-license.html">Firebase Messaging license</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2018/02/17/build-file-checksums-ser.html">build_file_checksums.ser</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2018/02/06/amp.html">Google AMP from the other side</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2017/12/28/language-dism.html">Uninstalling extraneous language optional features on Windows 10</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2017/12/14/resource-monitor.html">Subduing Windows machinations with Resource Monitor</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2017/11/28/rust-pound.html">Those pound sign thingies in Rust</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2017/09/07/tf-checkpoints.html">Working with TensorFlow checkpoints</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2017/08/30/slf4j-just-work.html">How to get SLF4J to just work</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2017/08/25/windows-transparency.html">Transparency effects in Windows</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2017/08/22/getnavigationbarview-npe.html">NullPointerException in getNavigationBarView</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2017/08/21/jekyll-ruby24-timezones.html">Time zones in Jekyll on Ruby 2.4</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2017/07/27/safari-history.html">History navigation in Safari</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2017/05/07/complete-filename.html">How to complete a filename in Bash</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2017/03/09/highlight-all.html">Highlight All in Firefox</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2017/02/08/monitor-black.html">Why my monitor went black</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2017/01/19/lift-to-check-phone.html">Lift to check phone</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2016/12/23/ambient-display.html">Ambient display</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2016/12/06/apt-sha1.html">That thing you saw when you upgraded apt and SHA1 hashes stopped working</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2016/11/30/potluck.html">Potluck</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2016/07/03/git-checkout-patch.html">Hunk editing in git checkout –patch</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2016/07/02/cloud-services.html">Cloud services, summer 2016</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2016/06/30/android-doze.html">Android Doze inconveniences</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2016/06/12/disposal.html">Disposal</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2015/11/22/awkward-browsing.html">The awkward browsing game</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2015/11/10/fennec.html">Transferring your Firefox profile</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2015/10/25/suborigins.html">Relinquishing control with suborigins</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2015/10/14/mozilla-extension-signing.html">Extension signing requirements for Firefox</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2015/10/14/new-feature.html">A new feature for this site</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2015/10/11/github-new.html">GitHub’s online editing tools</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2015/10/10/modifying-gems.html">Modifying other people’s Ruby gems</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2015/10/10/meteor-stuff.html">Meteor stuff</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://wh0.github.io/2015/10/10/windows-d.html">Windows+D</a><br> <hr> Please do not write below this line.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210608-102213/ Tue, 08 Jun 2021 10:22:12 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210608-102213/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132503_2022-ford-maverick-price-specs-review-photos-info">Preview: 2022 Ford Maverick compact pickup rides right out of the danger zone</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132460_tesla-model-s-plaid-reportedly-sets-quarter-mile-record-of-9-2-seconds">Tesla Model S Plaid reportedly sets quarter-mile record of 9.2 seconds</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210608-101935/ Tue, 08 Jun 2021 10:19:35 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210608-101935/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-crime-organised-crackdown/hi-tech-sting-leads-to-global-crackdown-on-organised-crime-over-800-detained-idUSKCN2DK0K1">Hi-tech sting leads to global crackdown on organised crime, over 800 detained</a><br></p> <hr> CANBERRA/AMSTERDAM (Reuters) -Global law enforcement agencies hacked into an app used by criminals and read millions of encrypted messages, leading to hundreds of arrests of organised crime figures in 18 countries, officials said on Tuesday.<br> https://www.whatsupup.com/blog/giuseppe/fibroma/20210608-101734/ Tue, 08 Jun 2021 10:17:34 +0000 https://www.whatsupup.com/blog/giuseppe/fibroma/20210608-101734/ [Nothing new, only with content removed] https://www.whatsupup.com/blog/tweediest/constructed/20210608-101340/ Tue, 08 Jun 2021 10:13:40 +0000 https://www.whatsupup.com/blog/tweediest/constructed/20210608-101340/ [Nothing new, only with content removed] https://www.whatsupup.com/blog/incremental/comte/20210608-100755/ Tue, 08 Jun 2021 10:07:55 +0000 https://www.whatsupup.com/blog/incremental/comte/20210608-100755/ Error 503 Service Unavailable<br> Service Unavailable<br> Guru Mediation:<br> Varnish cache server<br> https://www.whatsupup.com/blog/palpable/mulla/20210608-100607/ Tue, 08 Jun 2021 10:06:07 +0000 https://www.whatsupup.com/blog/palpable/mulla/20210608-100607/ [Nothing new, only with content removed] https://www.whatsupup.com/blog/tragicomedy/shampooed/20210608-082908/ Tue, 08 Jun 2021 08:29:07 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210608-082908/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132430_2023-kia-sportage-price-specs-review-photos-info">Preview: 2023 Kia Sportage takes on dramatic look</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210608-082606/ Tue, 08 Jun 2021 08:26:05 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210608-082606/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-attack/man-suspected-of-killing-canadian-muslim-family-was-motivated-by-hate-police-idUSKCN2DJ2DU">Man suspected of killing Canadian Muslim family was motivated by hate -police</a><br></p> <hr> LONDON, Ontario (Reuters) -A man accused of killing four members of a Canadian Muslim family by running them over in his pickup truck, targeted them in an attack motivated by hate, police said on Monday.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210608-063001/ Tue, 08 Jun 2021 06:30:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210608-063001/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-myanmar-politics/myanmar-junta-defends-response-to-crisis-amid-southeast-asian-criticism-idUSKCN2DK0ES">Myanmar junta defends response to crisis amid Southeast Asian criticism</a><br></p> <hr> The Myanmar junta's foreign minister had defended its plan for restoring democracy, state media reported on Tuesday, after a meeting at which Southeast Asian counterparts pressed the army to implement a regional agreement meant to end turmoil.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210608-042144/ Tue, 08 Jun 2021 04:21:44 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210608-042144/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/foreign-judges-will-remain-part-of-hks-hard-as-a-rock-judicial-system-lam-idUSKCN2DK085">Foreign judges will remain part of HK's 'hard as a rock' judicial system - Lam</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-australia-crime/australian-police-arrest-over-200-after-cracking-underworld-messaging-app-idUSKCN2DK065">Australian police arrest over 200 after cracking underworld messaging app</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210608-022603/ Tue, 08 Jun 2021 02:26:02 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210608-022603/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/perus-castillo-builds-election-lead-but-fujimori-says-wont-concede-yet-idUSKCN2DJ0YP">Peru's Castillo builds election lead but Fujimori says won't concede yet</a><br></p> <hr> Peruvian socialist Pedro Castillo widened his lead against right-wing rival Keiko Fujimori in the country's presidential vote on Monday, but she said she will not concede yet and alleged "irregularities," although without showing much proof.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-attack/man-suspected-to-killing-a-canadian-muslim-family-by-truck-was-motivated-by-hate-police-idUSKCN2DJ2DU">Man suspected to killing a Canadian Muslim family by truck was motivated by hate -police</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-colombia-protests/rights-panel-begins-colombia-visit-into-possible-abuses-during-protests-idUSKCN2DJ2KC">Rights panel begins Colombia visit into possible abuses during protests</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210608-022438/ Tue, 08 Jun 2021 02:24:38 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210608-022438/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2016/03/21/attack-of-week-apple-imessage/">Attack of the Week: Apple iMessage</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210608-002348/ Tue, 08 Jun 2021 00:23:48 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210608-002348/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-cyber-colonial-justice/u-s-seizes-2-3-million-in-bitcoin-paid-to-colonial-pipeline-hackers-idUSKCN2DJ2BN">U.S. seizes $2.3 million in bitcoin paid to Colonial Pipeline hackers</a><br></p> <hr> WASHINGTON (Reuters) -The Justice Department on Monday recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline Co, cracking down on hackers who launched the most disruptive U.S. cyberattack on record. | <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/06/07/doj-recovers-23-mln-of-colonial-pipeline?videoId=731085806&newsChannel=">Video</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/peru-socialist-castillo-extends-narrow-lead-in-polarized-vote-idUSKCN2DJ0YP">Peru socialist Castillo extends narrow lead in polarized vote</a><br> <hr> Peruvian socialist Pedro Castillo edged ahead of right-wing rival Keiko Fujimori in the country's presidential election vote count on Monday, taking a razor-thin but growing lead in the official tally on the back of a late surge of rural votes.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-attack/killing-of-canadian-muslim-family-with-truck-was-hate-crime-police-say-idUSKCN2DJ2DU">Killing of Canadian Muslim family with truck was hate crime, police say</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-northkorea-politics/north-koreas-kim-meets-senior-officials-to-address-economy-kcna-idUSKCN2DJ2MM">North Korea's Kim meets senior officials to address economy - KCNA</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210608-002331/ Tue, 08 Jun 2021 00:23:31 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210608-002331/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/us-seizes-2-3-million-colonial-pipeline-paid-to-ransomware-attackers/">US seizes $2.3 million Colonial Pipeline paid to ransomware attackers</a><br></p> <hr> Funds seized after Justice Department IDs Bitcoin wallet and obtains its private key.<br> https://www.whatsupup.com/blog/ideo/fleury/20210608-000809/ Tue, 08 Jun 2021 00:08:08 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210608-000809/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/justice-dept-claws-back-2-3m-paid-by-colonial-pipeline-to-ransomware-gang/">Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang</a><br></p> <hr> The U.S. Department of Justice said today it has recovered $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists last month. The funds had been sent to <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/">DarkSide</a> , a ransomware-as-a-service syndicate that disbanded after a May 14 farewell message to affiliates saying its Internet servers and cryptocurrency stash were seized by unknown law enforcement entities.<br> On May 7, the DarkSide ransomware gang sprang its attack against Colonial, which ultimately paid 75 Bitcoin (~$4.4 million) to its tormentors. The company said the attackers only hit its business IT networks — not its pipeline security and safety systems — but that it shut the pipeline down anyway as a precaution [several publications noted Colonial shut down its pipeline because its billing system was impacted, and it had no way to get paid].<br> On or around May 14, the DarkSide representative on several Russian-language cybercrime forums <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/">posted a message saying the group was calling it quits</a> .<br> “Servers were seized, money of advertisers and founders was transferred to an unknown account,” read the farewell message. “Hosting support, apart from information ‘at the request of law enforcement agencies,’ does not provide any other information.”<br> A message from the DarkSide and REvil ransomware-as-a-service cybercrime affiliate programs.<br> Many security experts said they suspected DarkSide was just laying low for a while thanks to the heat from the Colonial attack, and that the group would re-emerge under a new banner in the coming months. And while that may be true, the seizure announced today by the DOJ certainly supports the DarkSide administrator’s claims that their closure was involuntary.<br> Security firms have suspected for months that the DarkSide gang shares some leadership with that of <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/?s=revil">REvil, a.k.a. Sodinokibi</a> , another ransomware-as-a-service platform that closed up shop in 2019 after bragging that it had extorted more than $2 billion from victims. That suspicion was solidified further when the REvil administrator added his comments to the announcement about DarkSide’s closure (see screenshot above).<br> First surfacing on Russian language hacking forums in August 2020, DarkSide is a ransomware-as-a-service platform that vetted cybercriminals can use to infect companies with ransomware and carry out negotiations and payments with victims. DarkSide says it targets only big companies, and forbids affiliates from dropping ransomware on organizations in several industries, including healthcare, funeral services, education, public sector and non-profits.<br> According to <a rel="noreferrer" target="_blank" href="https://www.elliptic.co/blog/darkside-ransomware-has-netted-over-90-million-in-bitcoin">an analysis</a> published May 18 by cryptocurrency security firm Elliptic , 47 cybercrime victims paid DarkSide a total of $90 million in Bitcoin, putting the average ransom payment of DarkSide victims at just shy of $2 million. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/justice-dept-claws-back-2-3m-paid-by-colonial-pipeline-to-ransomware-gang/#more-55877">Continue reading →</a><br> https://www.whatsupup.com/blog/buckeroo/doubling/20210607-202533/ Mon, 07 Jun 2021 20:25:33 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210607-202533/ June 7, 2021 <a rel="noreferrer" target="_blank" href="https://drewdevault.com/2021/06/07/The-Netherlands.html">I will be moving to the Netherlands</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210607-202407/ Mon, 07 Jun 2021 20:24:07 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210607-202407/ <p>FDA approves Biogen's Alzheimer's drug despite controversy over mixed clinical trial results <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DJ10U">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-russia-politics-opposition-gudkov/kremlin-critic-dmitry-gudkov-says-his-russia-exit-is-a-tactical-retreat-idUSKCN2DJ1SB">Kremlin critic Dmitry Gudkov says his Russia exit is a tactical retreat</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-usa/bidens-to-do-list-on-foreign-trip-rally-allies-against-covid-putin-idUSKCN2DJ0E5">Biden's to-do list on foreign trip: Rally allies against COVID, Putin</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210607-182413/ Mon, 07 Jun 2021 18:24:13 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210607-182413/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132499_1970-plymouth-aar-cuda-heads-to-auction">1970 Plymouth AAR 'Cuda heads to auction</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210607-181957/ Mon, 07 Jun 2021 18:19:57 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210607-181957/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-russia-election-internet/russian-accounts-still-active-on-pro-trump-sites-researchers-idUSKCN2DJ1OA">Russian accounts still active on pro-Trump sites -researchers</a><br></p> <hr> SAN FRANCISCO (Reuters) -A group believed to be Russian has remained active on internet services favored by far-right Americans, showing efforts to interfere in U.S. politics continue after the election, according to reports from social media research firm Graphika and nonprofit Advance Democracy Inc.<br> SAN FRANCISCO, June 7 A group believed to be Russian has remained active on internet services favored by far-right Americans, showing efforts to interfere in U.S. politics continue after the election, according to reports from social media research firm Graphika and nonprofit Advance Democracy Inc.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/israeli-parliament-to-vote-on-approving-new-government-by-june-14-idUSKCN2DJ1JD">Israeli parliament to vote on approving new government by June 14</a><br> <hr> JERUSALEM (Reuters) -A vote in Israel's legislature on approving a new government poised to unseat Prime Minister Benjamin Netanyahu will be held within a week, parliament's speaker said on Monday, without setting a specific date.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/peruvian-leftist-castillo-inches-ahead-in-tight-presidential-vote-idUSKCN2DJ0YP">Peruvian leftist Castillo inches ahead in tight presidential vote</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-mexico-election/mexico-president-says-transformation-intact-after-mixed-election-night-idUSKCN2DJ0NH">Mexico president says 'transformation' intact after mixed election night</a><br> https://www.whatsupup.com/blog/trifid/ragwort/20210607-181852/ Mon, 07 Jun 2021 18:18:52 +0000 https://www.whatsupup.com/blog/trifid/ragwort/20210607-181852/ <a rel="noreferrer" target="_blank" href="https://smartcar.com/dpa/">Data Privacy Addendum</a><br> https://www.whatsupup.com/blog/boxed/modification/20210607-181716/ Mon, 07 Jun 2021 18:17:16 +0000 https://www.whatsupup.com/blog/boxed/modification/20210607-181716/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#concepts">concepts</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#metaprogramming">metaprogramming</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#templates">templates</a><br> In Bjarne Stroustrup’s paper <a rel="noreferrer" target="_blank" href="https://www.stroustrup.com/good_concepts.pdf">P0557R1 “Concepts: The Future of Generic Programming”</a> (January 2017), section 6 is titled “Concept Overloading,” which Stroustrup distinguishes from the traditional approach “using helper functions and tag dispatch.” More subtly, Stroustrup seems to distinguish between true “overloading” (asking the compiler to resolve among multiple viable overloads) and other means of giving-two-things-the-same-name:<br> Where we cannot overload, we need to use workarounds (e.g., traits,<br> enable_if<br> , or helper functions).<br> I’ll present two problems, each with two solutions (one in C++11 and one in C++20), which I think illustrate something interesting about “concept overloading” versus… other things. …<br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210607-180938/ Mon, 07 Jun 2021 18:09:38 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210607-180938/ <p><a rel="noreferrer" target="_blank" href="https://retool.com/blog/building-an-email-sender-app-with-retool-and-sendgrid/">Building an email sender app with the SendGrid Mail Send API in under an hour This tutorial is going to walk through how to build a Retool app that uses the SendGrid API to send emails to your customers – in just under an hour (yes, one hour).</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/react-native-datepicker-libraries/">The best React Native datepicker libraries that will save you time We researched and tried a handful of popular React-Native date picker libraries. In this post, we’ll walk you through our favorites and the reasoning behind each selection.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-oddbox-sped-up-customer-support/">How Oddbox matured (and sped up) their customer service using Retool When you ship tens of thousands of boxes of produce a week, issues happen. This is the story of how the PM team helped customer service deliver better user experiences using Retool.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/build-together-in-retool-with-cord-comments-and-annotations/">Build together in Retool with Cord comments and annotations In this post, we’ll walk through how to use Retool with Cord. Cord lets you add comments, annotations, and guides directly in your favorite apps.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/building-a-shopify-customer-and-order-dashboard-with-graphql-in-retool/">Building a Shopify customer and order dashboard with GraphQL in Retool We’re going to build a customer dashboard that lets you see orders and products in one view using the Shopify GraphQL API in Retool.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/isolation-levels-and-locking-in-relational-databases/">Isolation levels and locking in relational databases The realm of database locking and isolation has an almost mystic air to it. This post will hopefully make things simpler.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-to-build-great-internal-tools-jeremy-edberg-ebay-netflix-reddit/">How to build great internal tools: Jeremy Edberg (eBay, Reddit, Netflix) Jeremy Edberg has been working as an engineer in the Bay Area since 1998. He’s worked on great internal tools at eBay, as the first engineering hire at Reddit, and as the first reliability engineer at Netflix.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-retool-helped-run-a-presidential-campaign/">How Retool helped run a presidential campaign Sunil Sadasivan ran tech for Cory Booker's 2020 presidential campaign, and talked to us about the challenges of quickly scaling a team to match.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-to-build-great-internal-tools-chad-rosen-twitter-wealthfront/">How to build great internal tools: Chad Rosen (Twitter, Wealthfront) Chad Rosen has been working as a software engineer and engineering manager in the Bay Area since 2001. He has helped contribute to both the product and internal tools at companies like Good Technology, ClickShift, Twitter, and Wealthfront.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/whats-an-acid-compliant-database/">What's an ACID compliant database? Most modern SQL DBs use transactional standards like ACID to ensure data integrity and keep your users from seeing wrong or stale data, and this post explores how they work.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/erp-for-engineers/">What’s SAP? What's SAP? And why is it worth $163B?</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/building-a-listing-approval-tool-in-mongodb/">Building a listing approval tool in MongoDB In this post, we’re going to build a full featured Airbnb listing review app that reads and writes to MongoDB, with minimal code, in under an hour.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/formatting-and-dealing-with-dates-in-sql/">Formatting and dealing with dates in SQL This post will run through how you can effectively work with dates in SQL so you can resolve your issue quickly and get back to bed.</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://retool.com/blog/state-of-internal-tools-survey-announcement-2020/">Tell us about how you build your internal tools! We're running a survey about how teams build internal tools, and we'd love to hear from you about it.</a><br> https://www.whatsupup.com/blog/ideo/fleury/20210607-180730/ Mon, 07 Jun 2021 18:07:30 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210607-180730/ This appears to be the case regardless of which Russian government site you visit. According to <a rel="noreferrer" target="_blank" href="https://browser.yandex.com/help/tls/tls.html">Russian search giant Yandex</a> , the laws of the Russian Federation demand that encrypted connections be installed according to the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/GOST_(block_cipher)">Russian GOST cryptographic algorithm</a> .<br> https://www.whatsupup.com/blog/ideo/fleury/20210607-140656/ Mon, 07 Jun 2021 14:06:55 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210607-140656/ <p><a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/adventures-in-contacting-the-russian-fsb/">Adventures in Contacting the Russian FSB</a><br></p> <hr> KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service (FSB), the Russian equivalent of the U.S. Federal Bureau of Investigation (FBI). In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware.<br> The FSB headquarters at Lubyanka Square, Moscow. Image: Wikipedia.<br> The reason I contacted the FSB — one of the successor agencies to the Russian KGB — ironically enough had to do with security concerns raised by an infamous Russian hacker about the FSB’s own preferred method of being contacted.<br> KrebsOnSecurity was seeking comment from the FSB about <a rel="noreferrer" target="_blank" href="https://cybersec.org/anews/czib-fsb-rasprostranyaet-troyan-pri-obrashheniyah-pod-vidom-generatora-sluchajnyh-chisel.html">a blog post</a> published by <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Vladislav_Horohorin">Vladislav “BadB” Horohorin</a> , a former international stolen credit card trafficker who served seven years in U.S. federal prison for his role in the <a rel="noreferrer" target="_blank" href="https://www.justice.gov/opa/pr/international-credit-card-trafficker-sentenced-88-months-prison">theft of $9 million from RBS WorldPay in 2009</a> . Horohorin, a citizen of Russia, Israel and Ukraine, is now back where he grew up in Ukraine, running a cybersecurity consulting business.<br> Horohorin’s BadB carding store, badb[.]biz, circa 2007. Image: Archive.org.<br> Visit the FSB’s website and you might notice its web address starts with http:// instead of https://, meaning the site is not using an encryption certificate. In practical terms, any information shared between the visitor and the website is sent in plain text and will be visible to anyone who has access to that traffic.<br> This appears to be the case regardless of which Russian government site you visit. According to <a rel="noreferrer" target="_blank" href="https://browser.yandex.com/help/tls/tls.html">Russian search giant Yandex</a> , the laws of the Russian federation demand that encrypted connections be installed according to the <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/GOST_(block_cipher)">Russian GOST cryptographic algorithm</a> .<br> That means those who have a reason to send encrypted communications to a Russian government organization — including ordinary things like making a payment for a government license or fine, or filing legal documents — need to first install CryptoPro , a Windows-only application that loads the GOST encryption libraries on a user’s computer.<br> But if you want to talk directly to the FSB over an encrypted connection, you can just install their own client, which bundles the CryptoPro code. Visit the FSB’s site and select the option to “transfer meaningful information to operational units,” and you’ll see a prompt to install a “random number generation” application that is needed before a specific contact form on the FSB’s website will load properly.<br> Mind you, I’m not suggesting anyone go do that: Horohorin pointed out that this random number generator was flagged by 20 different antivirus and security products as malicious.<br> “Think well before contacting the FSB for any questions or dealing with them, and if you nevertheless decide to do this, it is better to use a virtual machine,” Horohorin wrote. “And a spacesuit. And, preferably, while in another country.”<br> Antivirus product detections on the FSB’s VPN software. Image: VirusTotal.<br> It’s probably worth mentioning that the FSB is the same agency that’s been sanctioned for malicious cyber activity by the U.S. government on multiple occasions over the past five years. According to the most recent sanctions by the U.S. Treasury Department , the FSB is known for recruiting criminal hackers from underground forums and offering them legal cover for their actions.<br> “To bolster its malicious cyber operations, the FSB cultivates and co-opts criminal hackers, including the <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2019/12/inside-evil-corp-a-100m-cybercrime-menace/">previously designated Evil Corp.</a> , enabling them to engage in disruptive ransomware attacks and phishing campaigns,” reads <a rel="noreferrer" target="_blank" href="https://home.treasury.gov/news/press-releases/jy0127">a Treasury assessment from April 2021</a> .<br> While Horohorin seems convinced the FSB is disseminating malware, it is not unusual for a large number of security tools used by <a rel="noreferrer" target="_blank" href="https://www.virustotal.com">VirusTotal</a> or other similar malware “sandbox” services to incorrectly flag safe files as bad or suspicious — an all-too-common condition known as a “false positive.”<br> Late last year I <a rel="noreferrer" target="_blank" href="https://twitter.com/briankrebs/status/1326235217250672641">warned my followers on Twitter</a> to put off installing updates for their Dell products until the company could explain why a bunch of its software drivers were being detected as malware by two dozen antivirus tools. Those all turned out to be false positives.<br> To really figure out what this FSB software was doing, I turned to Lance James , the founder of <a rel="noreferrer" target="_blank" href="https://www.unit221b.com">Unit221B</a> , a New York City based cybersecurity firm. James said each download request generates a new executable program. That is because the uniqueness of the file itself is part of what makes the one-to-one encrypted connection possible. <a rel="noreferrer" target="_blank" href="https://krebsonsecurity.com/2021/06/adventures-in-contacting-the-russian-fsb/#more-55809">Continue reading →</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210607-121911/ Mon, 07 Jun 2021 12:19:10 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210607-121911/ Jeff Bezos to join winner of seat on Blue Origin space flight <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSL3N2NP2OD">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit/from-vaccines-to-climate-g7-hopes-to-show-the-west-is-not-over-yet-idUSKCN2DJ0SA">From vaccines to climate, G7 hopes to show the West is not over yet</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210607-101953/ Mon, 07 Jun 2021 10:19:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210607-101953/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-usa/biden-g7-nato-to-do-list-unite-allies-fight-autocracy-attack-covid-19-idUSKCN2DJ0E5">Biden G7, NATO to-do list: unite allies, fight autocracy, attack COVID-19</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/peru-awakes-to-uncertain-future-with-polarized-vote-on-knife-edge-idUSKCN2DJ0YP">Peru awakes to uncertain future with polarized vote on knife-edge</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210607-041847/ Mon, 07 Jun 2021 04:18:47 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210607-041847/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election/peru-on-edge-as-socialist-castillo-holds-razor-thin-lead-in-polarized-vote-idUSKCN2DI05G">Peru on edge as socialist Castillo holds razor-thin lead in polarized vote</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210607-022146/ Mon, 07 Jun 2021 02:21:45 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210607-022146/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2014/06/16/anafunctors/">Anafunctors</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210607-021925/ Mon, 07 Jun 2021 02:19:24 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210607-021925/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-xinjiang-births-exclusive/exclusive-amid-accusations-of-genocide-from-the-west-china-policies-could-cut-millions-of-uyghur-births-in-xinjiang-report-idUSKCN2DJ02J">Exclusive: Amid accusations of genocide from the West, China policies could cut millions of Uyghur births in Xinjiang – report</a><br></p> <hr> Chinese birth control policies could cut between 2.6 to 4.5 million births of the Uyghur and other ethnic minorities in southern Xinjiang within 20 years, up to a third of the region’s projected minority population, according to a new analysis by a German researcher.<br> https://www.whatsupup.com/blog/gonadal/revving/20210607-002104/ Mon, 07 Jun 2021 00:21:03 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210607-002104/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2008/09/16/the-poisson-distribution-and-sterling-numbers/">The Poisson distribution and Stirling numbers</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210607-001908/ Mon, 07 Jun 2021 00:19:08 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210607-001908/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-coronavirus-vaccinations/hundreds-of-former-leaders-urge-g7-to-vaccinate-poor-against-covid-19-idUSKCN2DI0NT">Hundreds of former leaders urge G7 to vaccinate poor against COVID-19</a><br></p> <hr> One hundred former presidents, prime ministers and foreign ministers have urged the Group of Seven (G7) rich nations to pay for global coronavirus vaccinations to help stop the virus mutating and returning as a worldwide threat.<br> https://www.whatsupup.com/blog/phonic/shopboy/20210606-221144/ Sun, 06 Jun 2021 22:11:43 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210606-221144/ <p>Sriram Krishnan <a rel="noreferrer" target="_blank" href="https://twitter.com/sriramk">@sriramk</a><br> DAOs on GTS: We have a special ep. tonight about DAOs. @aarthir and I have a star guest line up joining us @Clubhouse.</p> <p>↳ @Iiterature of @viamirror ↳ @WillPapper + @ianIDEO of @SyndicateDAO ↳ @pplpleasr1 of @PleasrDAO ↳ @alive_eth ↳ @avichal</p> <p>Join us at 9pmPT! <a rel="noreferrer" target="_blank" href="https://t.co/0ovcYxxvB9"><a href="https://t.co/0ovcYxxvB9">https://t.co/0ovcYxxvB9</a></a><br></p> https://www.whatsupup.com/blog/twopenny/ultraism/20210606-201838/ Sun, 06 Jun 2021 20:18:38 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210606-201838/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics-netanyahu/netanyahu-alleges-israeli-election-fraud-accuses-rival-of-duplicity-idUSKCN2DI0D3">Netanyahu alleges Israeli election fraud, accuses rival of duplicity</a><br></p> <hr> JERUSALEM (Reuters) -Prime Minister Benjamin Netanyahu said on Sunday a newly formed Israeli coalition that is poised to unseat him was the result of "the greatest election fraud" in the history of democracy.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-britain-eu/before-talks-on-n-ireland-uk-calls-for-pragmatism-and-eu-seeks-trust-idUSKCN2DI0G3">Before talks on N.Ireland, UK calls for pragmatism and EU seeks trust</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-indigenous-children-pope/pope-says-canada-school-discovery-painful-but-stops-short-of-apology-idUSKCN2DI07K">Pope says Canada school discovery painful, but stops short of apology</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210606-181850/ Sun, 06 Jun 2021 18:18:49 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210606-181850/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-germany-politics-election/conservative-win-in-german-state-election-boosts-laschets-chancellery-hopes-idUSKCN2DI031">Conservative win in German state election boosts Laschet's chancellery hopes</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210606-161851/ Sun, 06 Jun 2021 16:18:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210606-161851/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics-netanyahu/israels-netanyahu-alleges-election-fraud-accuses-rival-of-duplicity-idUSKCN2DI0D3">Israel's Netanyahu alleges election fraud, accuses rival of duplicity</a><br></p> <hr> Prime Minister Benjamin Netanyahu said on Sunday a newly formed Israeli coalition that is poised to unseat him was the result of "the greatest election fraud" in the history of democracy.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210606-141849/ Sun, 06 Jun 2021 14:18:49 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210606-141849/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-indigenous-children-pope/pope-calls-for-reconciliation-healing-over-canada-school-discovery-idUSKCN2DI07K">Pope calls for reconciliation, healing over Canada school discovery</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210606-121914/ Sun, 06 Jun 2021 12:19:13 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210606-121914/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-germany-politics-election/east-german-state-votes-in-final-test-before-election-to-decide-who-replaces-merkel-idUSKCN2DI031">East German state votes in final test before election to decide who replaces Merkel</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210606-102339/ Sun, 06 Jun 2021 10:23:38 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210606-102339/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132465_someone-paid-382-000-for-a-part-from-james-dean-s-1955-porsche-550-spyder">Someone paid $382,000 for a part from James Dean's 1955 Porsche 550 Spyder</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210606-081834/ Sun, 06 Jun 2021 08:18:33 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210606-081834/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-taiwan-usa/u-s-boosts-taiwans-covid-19-fight-with-vaccines-as-senators-visit-idUSKCN2DH0OM">U.S. boosts Taiwan's COVID-19 fight with vaccines as senators visit</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210606-061823/ Sun, 06 Jun 2021 06:18:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210606-061823/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-mexico-election/mexicans-primed-to-vote-in-midterm-elections-seen-as-referendum-on-president-idUSKCN2DI03W">Mexicans primed to vote in midterm elections seen as referendum on president</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210606-042132/ Sun, 06 Jun 2021 04:21:31 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210606-042132/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2017/05/15/algorithms-lecture-notes-and-assignments/">Algorithms lecture notes and assignments</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210606-041908/ Sun, 06 Jun 2021 04:19:07 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210606-041908/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-taiwan-usa/u-s-boosts-taiwans-covid-19-fight-with-750000-vaccine-doses-idUSKCN2DH0OM">U.S. boosts Taiwan's COVID-19 fight with 750,000 vaccine doses</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210606-021855/ Sun, 06 Jun 2021 02:18:55 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210606-021855/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-taiwan-usa/taiwan-to-get-750000-covid-19-vaccine-shots-from-u-s-idUSKCN2DH0OM">Taiwan to get 750,000 COVID-19 vaccine shots from U.S</a><br></p> <hr> TAIPEI (Reuters) -The United States will donate 750,000 COVID-19 vaccine doses to Taiwan as part of the country's plan to share shots globally, U.S. Senator Tammy Duckworth said on Sunday, offering a much-needed boost to the island's fight against the pandemic.<br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210606-021731/ Sun, 06 Jun 2021 02:17:30 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210606-021731/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2016/03/01/attack-of-week-drown/">Attack of the week: DROWN</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210606-002024/ Sun, 06 Jun 2021 00:20:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210606-002024/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-taiwan-usa/three-u-s-senators-arrive-in-taiwan-to-meet-president-idUSKCN2DH0OM">Three U.S. senators arrive in Taiwan, to meet president</a><br></p> <hr> Three U.S. senators arrived in Taiwan on Sunday on a U.S. Air Force freighter and will meet President Tsai Ing-wen to discuss security and other issues, a trip that will likely irritate China.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210605-221725/ Sat, 05 Jun 2021 22:17:24 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210605-221725/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-palestinians/israel-domestic-security-warns-of-violence-as-netanyahu-faces-unseating-idUSKCN2DH0L4">Israel domestic security warns of violence as Netanyahu faces unseating</a><br></p> <hr> JERUSALEM (Reuters) -The head of Israel's domestic security service issued a rare warning on Saturday of possible violence during one of the most politically charged periods in decades, with the country on the verge of unseating Prime Minister Benjamin Netanyahu, its longest serving leader.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-johnson/uks-johnson-calls-on-g7-to-vaccinate-world-by-end-of-2022-idUSKCN2DH0MS">UK's Johnson calls on G7 to vaccinate world by end of 2022</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210605-142000/ Sat, 05 Jun 2021 14:19:59 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210605-142000/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-peru-election-inequality/left-behind-in-modern-peru-rural-poor-find-a-voice-ahead-of-election-idUSKCN2DH0BB">Left behind in modern Peru, rural poor find a voice ahead of election</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210605-121919/ Sat, 05 Jun 2021 12:19:19 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210605-121919/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-hongkong-security/hong-kong-organiser-of-tiananmen-vigil-released-on-bail-idUSKCN2DH07U">Hong Kong organiser of Tiananmen vigil released on bail</a><br></p> <hr> Hong Kong activist Chow Hang Tung was released on bail on Saturday, a day after she was detained on suspicion of promoting an unauthorised assembly to commemorate the 1989 Tiananmen Square crackdown on pro-democracy activists in Beijing.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-taiwan-usa/three-u-s-senators-to-visit-taiwan-trip-likely-to-irritate-china-idUSKCN2DH084">Three U.S. senators to visit Taiwan, trip likely to irritate China</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210605-102145/ Sat, 05 Jun 2021 10:21:45 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210605-102145/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132480_trio-of-uber-rare-iconic-aston-martins-for-sale">Trio of uber-rare iconic Aston Martins for sale</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210605-101831/ Sat, 05 Jun 2021 10:18:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210605-101831/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-indigenous-children-pope/pope-meets-canadian-cardinals-after-indigenous-school-scandal-idUSKCN2DH07N">Pope meets Canadian cardinals after indigenous school scandal</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210605-041717/ Sat, 05 Jun 2021 04:17:17 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210605-041717/ Jun 04 2021<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-el-salvador-corruption/el-salvador-ends-anti-corruption-accord-with-oas-dismaying-u-s-idUSKCN2DG2KE">El Salvador ends anti-corruption accord with OAS, dismaying U.S</a><br> https://www.whatsupup.com/blog/boxed/modification/20210605-041444/ Sat, 05 Jun 2021 04:14:43 +0000 https://www.whatsupup.com/blog/boxed/modification/20210605-041444/ <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#concepts">concepts</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#litclub">litclub</a> <a rel="noreferrer" target="_blank" href="https://quuxplusone.github.io/blog/tags/#science">science</a><br> A few weeks ago, I read René Daumal’s <a rel="noreferrer" target="_blank" href="https://archive.org/details/nightofseriousd000daum/">A Night of Serious Drinking</a> (published as La grande beuverie 1938; translated by David Coward and E.A. Lovatt 1979). I recommend it; it’s a fun and erudite satire — sort of a less political Gulliver’s Travels or a less bitter <a rel="noreferrer" target="_blank" href="https://en.wikipedia.org/wiki/Jurgen,_A_Comedy_of_Justice">Jurgen</a> . At times it made me think, “This is clearly an allegory… but of what?” and at other times “Is he satirizing bad scientists, bad writers, bad artists? or all scientists, all writers, all artists?”<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210605-021652/ Sat, 05 Jun 2021 02:16:52 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210605-021652/ (Reuters) -Microsoft Corp on Friday blamed "accidental human error" for its Bing search engine not showing image results for the query "tank man" in the United States and elsewhere after users raised concerns about possible censorship around the Tiananmen Square crackdown anniversary.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-el-salvador-corruption/salvadoran-attorney-general-ends-anti-corruption-accord-with-oas-idUSKCN2DG2KE">Salvadoran attorney general ends anti-corruption accord with OAS</a><br> https://www.whatsupup.com/blog/phonic/shopboy/20210605-021055/ Sat, 05 Jun 2021 02:10:54 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210605-021055/ Felicia Horowitz <a rel="noreferrer" target="_blank" href="https://twitter.com/FeliciaHorowitz">@FeliciaHorowitz</a><br> 6/5 at 5pm PT we will look into the crystal ball & see what’s in store for us. in the future. Tech, Gov’t, Medicine, Education, and MORE! w/@balajis @bhorowitz @FABNEWYORK @cdixon @pmarca @conniechan @DoveyWan Join us! <a rel="noreferrer" target="_blank" href="https://t.co/CFHBSqcOcH"><a href="https://t.co/CFHBSqcOcH">https://t.co/CFHBSqcOcH</a></a><br> https://www.whatsupup.com/blog/playacted/rededication/20210605-001911/ Sat, 05 Jun 2021 00:19:10 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210605-001911/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/04/technology/facebook-trump-ban.html">Facebook Says Trump’s Ban Will Last at Least 2 Years The decision denies the former president a megaphone at least through the midterm elections. The suspension was put in place after the Capitol riot in January. By Mike Isaac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210605-001716/ Sat, 05 Jun 2021 00:17:15 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210605-001716/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-microsoft-china/microsoft-says-error-led-to-no-matching-bing-images-for-tiananmen-tank-man-idUSKCN2DG2F3">Microsoft says error led to no matching Bing images for Tiananmen 'tank man'</a><br></p> <hr> (Reuters) -Microsoft Corp on Friday blamed "accidental human error" for its Bing search engine not showing results for the query "tank man" in the United States and elsewhere after users raised concerns about possible censorship around the Tiananmen Square crackdown anniversary.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-olympics-2022-canada/chinas-2022-olympics-a-chance-to-press-beijing-on-human-rights-canada-idUSKCN2DG2K6">China's 2022 Olympics a chance to press Beijing on human rights -Canada</a><br> https://www.whatsupup.com/blog/sovietizing/ohioan/20210605-000835/ Sat, 05 Jun 2021 00:08:35 +0000 https://www.whatsupup.com/blog/sovietizing/ohioan/20210605-000835/ <p><a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2021/06/04/the-van-buren-decision-is-a-strong-step-forward-for-public-interest-research-online/">The Van Buren decision is a strong step forward for public interest research online</a><br></p> <hr> Udbhav Tiwari<br> In a victory for security research and other public interest work, yesterday the U.S Supreme Court held that the Computer Fraud and Abuse Act’s (CFAA) “exceeding authorized access” provision should … <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2021/06/04/the-van-buren-decision-is-a-strong-step-forward-for-public-interest-research-online/">Read more</a><br> <a rel="noreferrer" target="_blank" href="https://blog.mozilla.org/netpolicy/2021/06/04/the-van-buren-decision-is-a-strong-step-forward-for-public-interest-research-online/">The Van Buren decision is a strong step forward for public interest research online</a> June 4, 2021<br> https://www.whatsupup.com/blog/disappear/fussy/20210604-221630/ Fri, 04 Jun 2021 22:16:30 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210604-221630/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/under-exploit-vmware-vulnerability-with-severity-rating-of-9-8-out-of-10/">This is not a drill: VMware vuln with 9.8 severity rating is under attack</a><br></p> <hr> Code execution flaw in vCenter is exploited to install web shell on unpatched machines.<br> https://www.whatsupup.com/blog/playacted/rededication/20210604-201926/ Fri, 04 Jun 2021 20:19:26 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210604-201926/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/04/technology/facebook-trump-ban.html">Facebook Says Trump’s Ban Will Last at Least 2 Years The decision denies the former president a megaphone at least through the midterm elections. The suspension was put in place after the Capitol riots in January. By Mike Isaac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210604-201747/ Fri, 04 Jun 2021 20:17:47 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210604-201747/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-indigenous-children/canadas-trudeau-blasts-catholic-church-for-ignoring-role-in-indigenous-schools-idUSKCN2DG23Y">Canada's Trudeau blasts Catholic Church for ignoring role in indigenous schools</a><br></p> <hr> OTTAWA (Reuters) -The Catholic Church must take responsibility for its role in running many of Canada's residential schools for indigenous children, Prime Minister Justin Trudeau said on Friday, after the discovery of the remains of 215 children at one former school last month.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nigeria-politics-twitter/nigeria-says-it-suspends-twitter-days-after-presidents-post-removed-idUSKCN2DG20V">Nigeria says it suspends Twitter days after president's post removed</a><br> https://www.whatsupup.com/blog/stratification/pride/20210604-201641/ Fri, 04 Jun 2021 20:16:41 +0000 https://www.whatsupup.com/blog/stratification/pride/20210604-201641/ Boing Boing is published under <a rel="noreferrer" target="_blank" href="https://creativecommons.org/licenses/by-nc-sa/3.0/deed.en_US">a Creative Commons license</a> except where otherwise noted.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210604-182023/ Fri, 04 Jun 2021 18:20:23 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210604-182023/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132479_bentley-continental-gt3-to-attack-pikes-peak-with-750-hp">Bentley Continental GT3 to attack Pikes Peak with 750 hp</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210604-181911/ Fri, 04 Jun 2021 18:19:10 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210604-181911/ <p><a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/04/technology/facebook-trump-ban.html">Facebook Says Trump’s Ban Will Last at Least 2 Years The decision puts a time frame on the former president’s suspension, which was put in place after the Capitol riots in January. By Mike Isaac and Sheera Frenkel</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/06/04/us/biden-news-today/facebook-bans-trump-for-at-least-two-years-as-part-of-an-effort-to-curb-abuses-by-politicians">Facebook bans Trump for at least two years as part of an effort to curb abuses by politicians. This was featured in live coverage. By Mike Isaac and Sheera Frenkel</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210604-181720/ Fri, 04 Jun 2021 18:17:20 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210604-181720/ Live now: Health experts discuss the latest lung-cancer research during our Twitter chat <a rel="noreferrer" target="_blank" href="https://twitter.com/i/lists/1400840512370876420">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-russia-usa-putin/putin-calls-u-s-ransomware-allegations-an-attempt-to-stir-pre-summit-trouble-idUSKCN2DG1ZV">Putin calls U.S. ransomware allegations an attempt to stir pre-summit trouble</a><br></p> <hr> President Vladimir Putin said on Friday that suggestions the Russian state was linked to high profile ransomware attacks in the United States were absurd and an attempt to stir trouble ahead of his summit this month with U.S. President Joe Biden.<br> https://www.whatsupup.com/blog/sited/implore/20210604-181657/ Fri, 04 Jun 2021 18:16:56 +0000 https://www.whatsupup.com/blog/sited/implore/20210604-181657/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/04/business/facebook-eu-uk-antitrust.html">Facebook Faces Two Antitrust Inquiries in Europe European Union and British regulators are investigating whether Facebook’s “vast troves of data” give Facebook Marketplace an unfair advantage. By Adam Satariano</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210604-162104/ Fri, 04 Jun 2021 16:21:03 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210604-162104/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132475_inkas-makes-the-latest-cadillac-escalade-bulletproof">Inkas makes the latest Cadillac Escalade bulletproof</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210604-161946/ Fri, 04 Jun 2021 16:19:45 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210604-161946/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/live/2021/06/04/us/biden-news-today/facebook-will-no-longer-exempt-politicians-from-rules-on-hateful-or-false-statements">Facebook will no longer exempt politicians from rules on hateful or false statements. This was featured in live coverage. By Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210604-161742/ Fri, 04 Jun 2021 16:17:42 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210604-161742/ <p>Exclusive: JPMorgan resumes political giving, freezes out Republicans who contested the 2020 election <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DG1UC">VIEW MORE</a><br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-myanmar-politics/myanmar-junta-opponents-say-no-faith-in-asean-as-envoys-visit-idUSKCN2DG1YG">Myanmar junta opponents say no faith in ASEAN as envoys visit</a><br></p> <hr> Opponents of Myanmar's junta said on Friday they had lost faith in Southeast Asian efforts to end the crisis in the country, as two regional envoys met the military ruler Min Aung Hlaing in the capital Naypyitaw.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-russia-politics-navalny-vote/putin-inks-law-to-ban-extremists-from-elections-amid-navalny-crackdown-idUSKCN2DG1A6">Putin inks law to ban 'extremists' from elections amid Navalny crackdown</a><br> https://www.whatsupup.com/blog/baldish/wince/20210604-160817/ Fri, 04 Jun 2021 16:08:17 +0000 https://www.whatsupup.com/blog/baldish/wince/20210604-160817/ <p>February 2020 <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/category/industry/">Industry</a><br> <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/posts/what-to-do-when-you-reach-number-1-on-hacker-news">What To Do When You Reach Number 1 On Hacker News</a><br></p> <hr> A reaction to having an article blasted across the entire internet<br> <a rel="noreferrer" target="_blank" href="https://www.jarednelsen.dev/posts/The-horrifically-dystopian-world-of-software-engineering-interviews">The Horrifically Dystopian World of Software Engineering Interviews</a><br> <hr> A Synopsis of The Current State of Software Engineering Interviews<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210604-141716/ Fri, 04 Jun 2021 14:17:16 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210604-141716/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-tiananmen/hong-kong-locks-down-tiananmen-vigil-park-amid-tight-security-arrests-organiser-idUSKCN2DF2H7">Hong Kong locks down Tiananmen vigil park amid tight security, arrests organiser</a><br></p> <hr> HONG KONG (Reuters) -Police blocked off a Hong Kong park to prevent people gathering to commemorate the anniversary of China's 1989 Tiananmen Square crackdown on Friday and arrested the planned vigil's organiser.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-belarus-politics-eu/eu-to-ban-belarus-carriers-from-midnight-as-opposition-urges-g7-sanctions-idUSKCN2DG0UE">EU to ban Belarus carriers from midnight as opposition urges G7 sanctions</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/video/2021/06/04/the-week-in-numbers-meme-stocks-and-old?videoId=730909121&videoChannel=118169">The Week in Numbers: meme stocks and old shoes</a><br> https://www.whatsupup.com/blog/stratification/pride/20210604-141625/ Fri, 04 Jun 2021 14:16:25 +0000 https://www.whatsupup.com/blog/stratification/pride/20210604-141625/ <p><a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/01/28/a-magic-box.html">"The Art of Computer Designing": stark, beautiful black-and-white images from 1993</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="http://www.osamusato.net/">Osamu Sato</a> is a talented polymath artist from Japan, known for his psychedelic video game scores and his pioneering work on computer graphics. <a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/01/28/a-magic-box.html#more-765431">(more…)</a><br> <a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/01/28/precarious-utility.html">A vase ringed with razor-sharp knives</a><br> <hr> Machinist-sculptor Chris Bathgate ( <a rel="noreferrer" target="_blank" href="https://boingboing.net/?s=%22chris%20bathgate%22">previously</a> ) has unveiled his latest: a vase ringed with razor-sharp knives ("an object that mischievously demands that it be appreciated for more than its precarious utility"). <a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/01/28/precarious-utility.html#more-765420">(more…)</a><br> <a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/01/28/carrie-tolstedt.html">"A piece of shit": Government report on Wells Fargo corruption shows top executives' direct complicity in millions of acts of fraud</a><br> <hr> Last week, the Office of the Comptroller of the Currency <a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/01/24/lock-him-up.html">handed down stiff penalties</a> for John Stumpf ( <a rel="noreferrer" target="_blank" href="https://boingboing.net/?s=%22john%20stumpf%22">previously</a> ) who was CEO of Wells Fargo during its scandal-haunted decade, <a rel="noreferrer" target="_blank" href="https://boingboing.net/2019/04/01/rip-charlie-manson.html">during which time</a> it stole from rich people, poor people, veterans, active-service military personnel, homeowners, small businesses, etc, as well as 2,000,000 ordinary customers who had fraudulent accounts opened in their names in order to bleed them of transaction fees, sometimes at the expense of their good credit and even their financial solvency. Under the deal, Stumpf will have to pay $17.5m in fines and cannot ever work in finance again (don't worry, <a rel="noreferrer" target="_blank" href="https://boingboing.net/2017/04/10/fraud-started-in-2002.html">he's still a multi-multi-multi millionaire</a> ). <a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/01/28/carrie-tolstedt.html#more-765414">(more…)</a><br> 3:19 pm Mon, Jan 27, 2020<br> <a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/01/27/podcast-the-case-for-citi.html">Podcast: The case for … cities that aren't dystopian surveillance states</a><br> <hr> For my latest podcast, I read my <a rel="noreferrer" target="_blank" href="https://www.theguardian.com/cities/2020/jan/17/the-case-for-cities-where-youre-the-sensor-not-the-thing-being-sensed">Guardian Cities column</a> , "The case for … cities that aren't dystopian surveillance states," which was the last piece ever commissioned for the section. <a rel="noreferrer" target="_blank" href="https://boingboing.net/2020/01/27/podcast-the-case-for-citi.html#more-765329">(more…)</a><br> <hr> Boing Boing is published under <a rel="noreferrer" target="_blank" href="https://creativecommons.org/licenses/by-nc-sa/3.0/deed.en_US">a Creative Commons license</a> except where otherwise noted.<br> <hr> https://www.whatsupup.com/blog/ewing/undiscernibly/20210604-141506/ Fri, 04 Jun 2021 14:15:05 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210604-141506/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/06/announcing-new-abuse-research-grants.html">Announcing New Abuse Research Grants Program</a><br></p> <hr> Posted by Anna Hupa,  Marc Henson, and Martin Straka, Google VRP Team <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/06/announcing-new-abuse-research-grants.html">Read More</a><br> Posted by Anna Hupa,  Marc Henson, and Martin Straka, Google VRP Team<br> Our Abuse Bug Bounty program has proved tremendously successful in the past three years since its introduction – thanks to our incredibly engaged community of researchers. Their contributions resulted in +1,000 valid bugs, helping us raise the bar in combating <a rel="noreferrer" target="_blank" href="http://goo.gle/abuse-risk">product abuse</a> . As a result of this continued success, today we are announcing a new experimental Abuse Research Grants Program in addition to the already existing <a rel="noreferrer" target="_blank" href="https://www.blogger.com/">Vulnerability Research Grants</a> . Similar to other Research Grant Programs, these grants are up-front awards that our top researchers will receive before they ever submit a bug. Last year, we <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2020/09/announcing-new-reward-amounts-for-abuse.html">increased our rewards</a> to recognize the important work of our community. The growth of this program would not have been possible without partners like David ( <a rel="noreferrer" target="_blank" href="https://twitter.com/xdavidhu">@xdavidhu</a> ), Zohar ( <a rel="noreferrer" target="_blank" href="https://www.ehpus.com/">ehpus.com</a> ), and Ademar ( <a rel="noreferrer" target="_blank" href="https://twitter.com/nowaskyjr">@nowaskyjr</a> ) who, on top of becoming our top research experts in <a rel="noreferrer" target="_blank" href="http://goo.gle/abuse-risk">Product Abuse</a> , regularly contribute to transparency by sharing their work, further inspiring and influencing our community of researchers. Despite the growth and success of this program, there remains more work to be done. With our new Abuse Research Grants Program, we hope to bring even more awareness to product abuse by connecting more closely with our experienced researchers – so we can all work together to overcome these challenges, prevent product abuse and keep our users safe. Here’s how the program works:<br> We invite our top abuse researchers to the program.<br> We award grants immediately before research begins, no strings attached.<br> Bug Hunters apply for the targets we share with them and start their research.<br> On top of the grant, researchers are eligible for regular rewards for the bugs they discover in scope of <a rel="noreferrer" target="_blank" href="http://goo.gle/vrp">our Bug Bounty program</a> .<br> To learn more about this and other grant programs, visit <a rel="noreferrer" target="_blank" href="http://goo.gle/grantz">our rules page</a> .<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210604-122015/ Fri, 04 Jun 2021 12:20:15 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210604-122015/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1129686_2023-bmw-x7-spy-shots">2023 BMW X7 spy shots: 7-Series styling in the cards for flagship SUV</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210604-121643/ Fri, 04 Jun 2021 12:16:42 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210604-121643/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/justice-department-tells-prosecutors-to-closely-track-ransomware-cases/">Ransomware will now get priority treatment at the Justice Department</a><br></p> <hr> Directive comes as ransomware is exposing the fragility of critical supply chains.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210604-101943/ Fri, 04 Jun 2021 10:19:43 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210604-101943/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1122220_1-of-1-bugatti-la-voiture-noire-finally-ready-for-delivery">1-of-1 Bugatti La Voiture Noire finally ready for delivery</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210604-101649/ Fri, 04 Jun 2021 10:16:49 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210604-101649/ HONG KONG (Reuters) -Hong Kong closed off a park where tens of thousands gather annually to commemorate China's 1989 Tiananmen crackdown and arrested the vigil's organiser, in what activists see as suppression of one of the city's main symbols of democratic hope.<br> https://www.whatsupup.com/blog/depository/unfitted/20210604-101358/ Fri, 04 Jun 2021 10:13:58 +0000 https://www.whatsupup.com/blog/depository/unfitted/20210604-101358/ <p><a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/essays#content">Skip to content</a><br></p> <hr> Menu<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/essays/">Essays</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/about/">Moi</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://twitter.com/searchbound">Twitter</a><br> <hr> Essays<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/part-two-i-sell-onions-on-the-internet/">part two, I sell onions on the Internet</a> : 2021<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/building-from-a-place-of-surrender/">Building from a place of surrender</a> : 2021<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/behind-the-scenes-carpet-pad-recycling-business-1997/">Behind the scenes of a carpet pad recycling business in 1997</a> : 2021<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/building-things-that-do-just-one-thing/">Building things that do [ just one thing ]</a> : 2020<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/let-go-then-go/">Let go, then go</a> : 2020<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/must-ride-mule-to-from-work-location/">Must ride mule (to & from) work location</a> : 2020<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/benevolent-uplifting-cuss-words/">Benevolent, uplifting cuss words</a> : 2020<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/give-me-grunt-work/">Give me grunt work</a> : 2020<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/dude-that-built-duderanch-com/">The dude that built DudeRanch.com</a> : 2019<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/i-sell-onions-on-the-internet/">I sell onions on the Internet</a> : 2019<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/slow-down-wander/">Slow down & wander</a> : 2017<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/window-shopping-expired-domain-names/">Window shopping for expired Domain Names</a> : 2017<br> <a rel="noreferrer" target="_blank" href="https://www.deepsouthventures.com/build-a-side-business/">Want to build a side business? Just buy a great Domain Name</a> : 2017<br> © Peter Askew & Deep South Ventures | 2021<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210604-081736/ Fri, 04 Jun 2021 08:17:36 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210604-081736/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-tiananmen/hong-kong-cordons-off-annual-tiananmen-vigil-site-arrests-organiser-idUSKCN2DF2H7">Hong Kong cordons off annual Tiananmen vigil site, arrests organiser</a><br></p> <hr> HONG KONG (Reuters) -Hong Kong closed off Victoria Park where tens of thousands gather annually to commemorate China's 1989 Tiananmen crackdown and arrested the vigil's organiser, in what activists see as suppression of one of the city's key symbols of democratic hope.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-myanmar-politics-suukyi/lawyer-for-myanmars-suu-kyi-worried-over-representation-for-secrets-case-idUSKCN2DG0L4">Lawyer for Myanmar's Suu Kyi worried over representation for secrets case</a><br> https://www.whatsupup.com/blog/depository/unfitted/20210604-081432/ Fri, 04 Jun 2021 08:14:32 +0000 https://www.whatsupup.com/blog/depository/unfitted/20210604-081432/ [Nothing new, only with content removed] https://www.whatsupup.com/blog/gonadal/revving/20210604-041916/ Fri, 04 Jun 2021 04:19:16 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210604-041916/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2020/05/30/competitive-programming-in-haskell-permutations/">Competitive programming in Haskell: permutations</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210604-041723/ Fri, 04 Jun 2021 04:17:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210604-041723/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-tiananmen/hong-kong-cracks-down-on-tiananmen-commemorations-arrests-vigil-organiser-idUSKCN2DF2H7">Hong Kong cracks down on Tiananmen commemorations, arrests vigil organiser</a><br></p> <hr> Hong Kong police arrested on Friday an organiser of annual vigils for the victims of China's 1989 Tiananmen crackdown on pro-democracy protesters, in what activists see as a suppression of one of the city's most powerful symbols of democratic hope.<br> https://www.whatsupup.com/blog/overgrazing/propellent/20210604-041622/ Fri, 04 Jun 2021 04:16:22 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210604-041622/ <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/twitters-certainty-problem">Twitter’s Certainty Problem</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/twitters-certainty-problem">Definitiveness is one of Twitter's core characteristics. Should it be?</a><br> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-skyrocketing-import-costs-are">Why Skyrocketing Import Costs Are Hammering Amazon Sellers (And You)</a> <a rel="noreferrer" target="_blank" href="https://bigtechnology.substack.com/p/why-skyrocketing-import-costs-are">Shipping one container from China to the U.S. cost $2,000 a year ago. Now it’s up to $15,000, leaving sellers scrambling and causing product prices to …</a><br> https://www.whatsupup.com/blog/bilateralistic/jungle/20210604-041030/ Fri, 04 Jun 2021 04:10:30 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210604-041030/ 04 Jun 2021 » <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/blog/2021-06-04/an-unbelievable-demo.html">An Unbelievable Demo</a><br> My <a rel="noreferrer" target="_blank" href="http://www.brendangregg.com/zones.html">Solaris 10 Zones</a> page from 2005: where I had developed models for configuring Zones (containers) with Resource Controls. This was pioneering work in the performance isolation of containers (nowadays the realm of Linux cgroups). Sun later based their official documentation on my work (without attribution! Their excuse was that company policy forbid them from listing a non-Sun source as a reference).<br> https://www.whatsupup.com/blog/playacted/rededication/20210604-021854/ Fri, 04 Jun 2021 02:18:54 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210604-021854/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/03/technology/facebook-politicians-posts.html">Facebook Plans to End Hands-Off Approach to Politicians’ Posts The social network, under pressure since barring former President Donald J. Trump, will no longer automatically give world leaders special treatment. By Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210604-021705/ Fri, 04 Jun 2021 02:17:04 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210604-021705/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-tiananmen/hk-police-arrest-prominent-organiser-of-tiananmen-vigils-on-crackdowns-anniversary-colleagues-idUSKCN2DF2H7">HK police arrest prominent organiser of Tiananmen vigils on crackdown's anniversary-colleagues</a><br></p> <hr> Hong Kong police on Friday arrested activist Chow Hang Tung, vice-chairwoman of the group which organises annual vigils for the victims of China's 1989 Tiananmen crackdown on pro-democracy protesters, two of her colleagues said.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-australia-abuse-pell-media/australian-media-fined-840000-for-gag-order-breach-in-pell-sex-assault-case-idUSKCN2DG02H">Australian media fined $840,000 for gag order breach in Pell sex assault case</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210604-001721/ Fri, 04 Jun 2021 00:17:20 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210604-001721/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-coronavirus-india-witness-wide/witnessing-covid-chaos-in-indias-hospitals-graveyards-and-crematoriums-idUSKCN2DF2IE">Witnessing COVID chaos in India's hospitals, graveyards and crematoriums</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-china-tiananmen/hong-kong-police-to-try-to-stifle-any-commemoration-of-tiananmen-crackdown-idUSKCN2DF2H7">Hong Kong police to try to stifle any commemoration of Tiananmen crackdown</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210603-221742/ Thu, 03 Jun 2021 22:17:41 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210603-221742/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-belarus-politics-blogger/opposition-decries-hostage-video-as-belarus-airs-confession-of-detained-journalist-idUSKCN2DF2DB">Opposition decries 'hostage' video as Belarus airs confession of detained journalist</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-mali-politics-france/pressuring-junta-france-suspends-joint-military-operations-with-malian-forces-idUSKCN2DF28T">Pressuring junta, France suspends joint military operations with Malian forces</a><br> https://www.whatsupup.com/blog/disappear/fussy/20210603-221733/ Thu, 03 Jun 2021 22:17:33 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210603-221733/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/attack-on-meat-supplier-came-from-revil-ransomwares-most-cut-throat-gang/">Attack on meat supplier came from REvil, ransomware’s most cutthroat gang</a><br> https://www.whatsupup.com/blog/kickback/overgeneralization/20210603-220811/ Thu, 03 Jun 2021 22:08:11 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210603-220811/ <a rel="noreferrer" target="_blank" href="https://retool.com/blog/how-oddbox-sped-up-customer-support/">How Oddbox matured (and sped up) their customer service using Retool According to Oddbox, over 3 million tons of fruits and vegetables are wasted before they even leave the farm. In fact, that’s why Oddbox exists: their mission is to fix the UK’</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210603-202049/ Thu, 03 Jun 2021 20:20:49 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210603-202049/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1131018_2022-buick-enclave-price-specs-review-photos-info">Preview: 2022 Buick Enclave brings a prettier face, added safety</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210603-201739/ Thu, 03 Jun 2021 20:17:39 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210603-201739/ <p>Exclusive: U.S. Justice Department to elevate investigations of ransomware attacks to a similar priority as terrorism <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/idUSKCN2DF26G">VIEW MORE</a><br> JERUSALEM (Reuters) -Israeli Prime Minister Benjamin Netanyahu on Thursday scorned as "dangerous" and "left-wing" a cross-partisan coalition cobbled together by his rivals to unseat him, even as the nationalist named to lead it echoed his hard line on the Palestinians.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-nuclear-talks-usa/u-s-sees-sixth-round-of-iran-nuclear-talks-and-likely-more-idUSKCN2DF28D">U.S. sees sixth round of Iran nuclear talks and likely more</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-russia-politics-opposition-gudkov/police-free-kremlin-critic-dmitry-gudkov-but-keep-him-as-suspect-lawyers-idUSKCN2DF1X3">Police free Kremlin critic Dmitry Gudkov but keep him as suspect - lawyers</a><br> https://www.whatsupup.com/blog/ewing/undiscernibly/20210603-201555/ Thu, 03 Jun 2021 20:15:54 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210603-201555/ <p><a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2021/06/new-protections-for-enhanced-safe.html">New protections for Enhanced Safe Browsing users in Chrome</a><br></p> <hr> Posted by Badr Salmi, Google Safe Browsing & Varun Khaneja, Chrome Security<br> In 2020 we <a rel="noreferrer" target="_blank" href="https://security.googleblog.com/2020/05/enhanced-safe-browsing-protection-now.html">launched Enhanced Safe Browsing</a> , which you can turn on in your Chrome security <a rel="noreferrer" target="_blank" href="https://support.google.com/chrome/answer/9890866">settings</a> , with the goal of substantially increasing safety on the web. These improvements are being built on top of existing security mechanisms that already protect billions of devices. Since the initial launch, we have continuously worked behind the scenes to improve our real-time URL checks and apply machine learning models to warn on previously-unknown attacks. As a result, Enhanced Safe Browsing users are successfully phished 35% less than other users. Starting with Chrome 91, we will roll out new features to help Enhanced Safe Browsing users better choose their extensions, as well as offer additional protections against downloading malicious files on the web.<br> Chrome extensions - Better protection before installation<br> Every day millions of people rely on Chrome extensions to help them be more productive, save money, shop or simply improve their browser experience. This is why it is important for us to continuously improve the safety of extensions published in the Chrome Web Store. For instance, through our integration with Google Safe Browsing in 2020, the number of malicious extensions that Chrome disabled to protect users grew by 81%. This comes on top of a <a rel="noreferrer" target="_blank" href="https://blog.google/products/chrome/making-chrome-extensions-more-private-and-secure/">number of improvements</a> for more peace of mind when it comes to privacy and security.<br> Enhanced Safe Browsing will now offer additional protection when you install a new extension from the Chrome Web Store. A dialog will inform you if an extension you’re about to install is not a part of the list of extensions trusted by Enhanced Safe Browsing.<br> Any extensions built by a developer who follows the <a rel="noreferrer" target="_blank" href="https://developer.chrome.com/docs/webstore/program_policies/">Chrome Web Store Developer Program Policies</a> , will be considered trusted by Enhanced Safe Browsing. For new developers, it will take at least a few months of respecting these conditions to become trusted. Eventually, we strive for all developers with compliant extensions to reach this status upon meeting these criteria. Today, this represents nearly 75% of all extensions in the Chrome Web Store and we expect this number to keep growing as new developers become trusted.<br> Improved download protection<br> Enhanced Safe Browsing will now offer you even better protection against risky files.<br> When you download a file, Chrome performs a first level check with Google Safe Browsing using metadata about the downloaded file, such as the digest of the contents and the source of the file, to determine whether it’s potentially suspicious. For any downloads that Safe Browsing deems risky, but not clearly unsafe, Enhanced Safe Browsing users will be presented with a warning and the ability to send the file to be scanned for a more in depth analysis (pictured above).<br> If you choose to send the file, Chrome will upload it to Google Safe Browsing, which will scan it using its static and dynamic analysis classifiers in real time. After a short wait, if Safe Browsing determines the file is unsafe, Chrome will display a warning. As always, you can bypass the warning and open the file without scanning. Uploaded files are deleted from Safe Browsing a short time after scanning.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210603-161708/ Thu, 03 Jun 2021 16:17:07 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210603-161708/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-syria-security-turkey-usa/millions-in-syria-face-disaster-if-aid-crossing-is-shut-un-idUSKCN2DF1E8">Millions in Syria face disaster if aid crossing is shut - UN</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-myanmar-rohingya-island/rohingya-muslim-refugees-injured-in-protests-on-isolated-island-during-unhcr-visit-idUSKCN2DF1NS">Rohingya Muslim refugees 'injured in protests' on isolated island during UNHCR visit</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210603-142044/ Thu, 03 Jun 2021 14:20:44 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210603-142044/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132457_2022-ford-maverick-price-specs-review-photos-info">Gabrielle Union to help unveil 2022 Ford Maverick on June 8</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210603-141723/ Thu, 03 Jun 2021 14:17:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210603-141723/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/netanyahu-battling-for-political-life-attacks-deal-to-unseat-him-idUSKCN2DE0K6">Netanyahu, battling for political life, attacks deal to unseat him</a><br></p> <hr> JERUSALEM (Reuters) -Israeli Prime Minister Benjamin Netanyahu on Thursday fought back against an agreement by his political opponents for a government of left-wing, centrist and right-wing parties aimed at unseating him.<br> https://www.whatsupup.com/blog/disappear/fussy/20210603-141712/ Thu, 03 Jun 2021 14:17:11 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210603-141712/ <a rel="noreferrer" target="_blank" href="https://arstechnica.com/gadgets/2021/06/attack-on-meat-supplier-came-from-revil-ransomwares-most-cut-throat-gang/">Attack on meat supplier came from REvil, ransomware’s most cut-throat gang</a><br></p> <hr> Criminals use high-pressure tactics to extort victims.<br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210603-121906/ Thu, 03 Jun 2021 12:19:05 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210603-121906/ <p><a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1126358_2022-bmw-m4-gt3-customer-race-car-ready-to-hit-the-track">2022 BMW M4 GT3 customer race car ready to hit the track</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1130930_2022-ford-ranger-spy-shots">2022 Ford Ranger spy shots: Single and Super Cab join the party</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210603-121606/ Thu, 03 Jun 2021 12:16:05 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210603-121606/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/netanyahu-fighting-for-political-life-lashes-out-at-deal-to-unseat-him-idUSKCN2DE0K6">Netanyahu, fighting for political life, lashes out at deal to unseat him</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-royals/uks-queen-elizabeth-to-meet-president-biden-at-windsor-castle-idUSKCN2DF13T">UK's Queen Elizabeth to meet President Biden at Windsor Castle</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-italy-migrants-workers-analysis/analysis-for-migrants-red-tape-turns-italian-work-permit-scheme-into-mirage-idUSKCN2DF11G">Analysis-For migrants, red tape turns Italian work permit scheme into mirage</a><br> https://www.whatsupup.com/blog/playacted/rededication/20210603-101801/ Thu, 03 Jun 2021 10:18:00 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210603-101801/ <a rel="noreferrer" target="_blank" href="https://www.nytimes.com/2021/06/03/technology/india-israel-facebook-employees.html">India and Israel Inflame Facebook’s Fights With Its Own Employees The social network wrongly bowed to government demands to take down content in the countries, employees said, in more signs of internal dissent. By Sheera Frenkel and Mike Isaac</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210603-101615/ Thu, 03 Jun 2021 10:16:14 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210603-101615/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/netanyahu-fighting-for-political-life-hits-back-at-deal-to-unseat-him-idUSKCN2DE0K6">Netanyahu, fighting for political life, hits back at deal to unseat him</a><br></p> <hr> Israeli Prime Minister Benjamin Netanyahu on Thursday fought back against an agreement by his political opponents for a government of left-wing, centrist and right-wing parties aimed at unseating him.<br> https://www.whatsupup.com/blog/twopenny/ultraism/20210603-081751/ Thu, 03 Jun 2021 08:17:50 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210603-081751/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-sri-lanka-ship/sri-lanka-readies-for-oil-spill-from-sunken-cargo-ship-idUSKCN2DF0FC">Sri Lanka readies for oil spill from sunken cargo ship</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-mexico-election-lgbt-candidates/eager-to-represent-gay-and-trans-mexican-candidates-running-in-key-vote-idUSKCN2DF0DA">Eager to represent: Gay and trans Mexican candidates running in key vote</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210603-061551/ Thu, 03 Jun 2021 06:15:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210603-061551/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-olympics-2020-japan-politics/japan-pm-suga-seen-calling-snap-election-after-tokyo-games-asahi-idUSKCN2DE2YH">Japan PM Suga seen calling snap election after Tokyo Games - Asahi</a><br> https://www.whatsupup.com/blog/gonadal/revving/20210603-041842/ Thu, 03 Jun 2021 04:18:41 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210603-041842/ <a rel="noreferrer" target="_blank" href="https://byorgey.wordpress.com/2020/06/09/anyone-willing-to-help-me-get-set-up-with-something-like-miso/">Anyone willing to help me get set up with something like miso?</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210603-001651/ Thu, 03 Jun 2021 00:16:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210603-001651/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/israels-opposition-declares-new-government-set-to-unseat-netanyahu-idUSKCN2DE0K6">Israel's opposition declares new government, set to unseat Netanyahu</a><br></p> <hr> Israel's opposition leader moved closer to unseating Prime Minister Benjamin Netanyahu when he officially told the country's president that he has reached agreements with political allies to form a new government.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-g7-summit-coronavirus/britain-hosts-g7-health-summit-amid-pressure-to-broaden-covid-vaccine-access-idUSKCN2DE2WY">Britain hosts G7 health summit amid pressure to broaden COVID vaccine access</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-climate-change-china-forest-wider-ima/china-farmers-push-back-the-desert-one-tree-at-a-time-idUSKCN2DE2WL">China farmers push back the desert - one tree at a time</a><br> https://www.whatsupup.com/blog/overinsuring/enzyme/20210603-001532/ Thu, 03 Jun 2021 00:15:31 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210603-001532/ <a rel="noreferrer" target="_blank" href="https://blog.cryptographyengineering.com/2012/02/28/how-to-fix-internet/">The Internet is broken: could we please fix it?</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210602-221637/ Wed, 02 Jun 2021 22:16:36 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210602-221637/ <p>Israel’s opposition leader Lapid has formed a coalition deal that could unseat Prime Minister Netanyahu's 12-year run<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/israels-lapid-set-to-unseat-netanyahu-form-new-government-idUSKCN2DE0K6">Israel's Lapid set to unseat Netanyahu, form new government</a><br></p> <hr> Israel's opposition leader moved closer to unseating Prime Minister Benjamin Netanyahu on Wednesday when he officially informed the country's president that he has reached agreements with political allies to form a new government.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-nicaragua-politics/nicaraguan-police-raid-opposition-leaders-home-idUSKCN2DE2L2">Nicaraguan police raid opposition leader's home</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210602-201731/ Wed, 02 Jun 2021 20:17:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210602-201731/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-canada-indigenous-children/mass-grave-reopens-wounds-among-indigenous-survivors-of-colonial-canadian-school-system-idUSKCN2DE2IU">Mass grave reopens wounds among indigenous survivors of colonial Canadian school system</a><br></p> <hr> The discovery of the remains of 215 children at a former residential school in Canada has reopened wounds for survivors of the system, they said, as the government pledged to spend previously promised money to search for more unmarked graves.<br> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-israel-politics/israels-lapid-clinches-deals-to-unseat-netanyahu-radio-idUSKCN2DE0K6">Israel's Lapid clinches deals to unseat Netanyahu -radio</a><br> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-usa-immigration-harris-guatemala-excl/exclusive-guatemalan-president-says-graft-fighter-biased-ahead-of-harris-visit-idUSKCN2DE2KE">Exclusive-Guatemalan president says graft fighter biased, ahead of Harris visit</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210602-182050/ Wed, 02 Jun 2021 18:20:49 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210602-182050/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1132448_ford-bronco-off-roadeo-school-announced-to-teach-owners-off-roading-skills">Ford Bronco Off-Roadeo school announced to teach owners off-roading skills</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210602-181723/ Wed, 02 Jun 2021 18:17:22 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210602-181723/ <p><a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-iran-nuclear-talks/iran-nuclear-deal-talks-set-to-break-for-a-week-diplomats-say-idUSKCN2DE0U5">Iran nuclear deal talks set to break for a week, diplomats say</a><br></p> <hr> <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-colombia-protests/in-colombia-protesters-march-on-as-talks-stall-and-blockades-remain-idUSKCN2DE1YG">In Colombia, protesters march on as talks stall and blockades remain</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210602-162025/ Wed, 02 Jun 2021 16:20:24 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210602-162025/ <a rel="noreferrer" target="_blank" href="https://www.motorauthority.com/news/1127964_czinger-ups-specs-for-21c-3d-printed-hypercar-promises-8-1s-quarter-mile-time">Czinger ups specs for 21C 3D-printed hypercar, promises 8.1s quarter-mile time</a><br> https://www.whatsupup.com/blog/twopenny/ultraism/20210602-161711/ Wed, 02 Jun 2021 16:17:10 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210602-161711/ <a rel="noreferrer" target="_blank" href="https://www.reuters.com/article/us-health-birdflu-china-explainer/explainer-so-far-low-risk-of-human-spread-of-h10n3-bird-flu-idUSKCN2DE0YJ">Explainer: So far, low risk of human spread of H10N3 bird flu</a><br> https://www.whatsupup.com/blog/tragicomedy/shampooed/20210602-141941/ Wed, 02 Jun 2021 14:19:41 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210602-141941/ <p><a rel="noreferrer" target="_blank" href=&#34;https://www.motorauthority.com/news/1132446_2022-toyota-supra-price-specs-review-photos-info&#34;&gt;Preview: 2022 Toyota Supra spawns A91-CF Edition limited to 600 cars&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132445_2022-jaguar-f-type-price-specs-review-photos-info&#34;&gt;Preview: 2022 Jaguar F-Type is V-8 only and priced to start from $71,050&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210602-141716/ Wed, 02 Jun 2021 14:17:15 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210602-141716/ Boeing&#39;s CEO faces a $15 billion dilemma over how to rebuild airliner sales &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/idUSKCN2DE0IZ&#34;&gt;VIEW MORE&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210602-121837/ Wed, 02 Jun 2021 12:18:36 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210602-121837/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1126101_2021-aston-martin-dbx-price-specs-review-photos-info&#34;&gt;First drive review: 2021 Aston Martin DBX is a necessary good&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132444_2022-toyota-tacoma-trail-edition-and-trd-pro-revealed-with-fresh-updates&#34;&gt;2022 Toyota Tacoma Trail Edition and TRD Pro revealed with fresh updates&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1131809_2022-toyota-86-price-specs-review-photos-info&#34;&gt;Preview: 2022 Toyota 86 redesign brings more power, more mature styling&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210602-121550/ Wed, 02 Jun 2021 12:15:49 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210602-121550/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-eu-travel/eu-agrees-to-add-japan-to-safe-travel-list-holds-off-on-britain-idUSKCN2DE1AJ&#34;&gt;EU agrees to add Japan to safe travel list, holds off on Britain&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; European Union governments agreed on Wednesday to add Japan to their small list of countries from which they will allow non-essential travel, while holding off until at least mid-June for British tourists, EU sources said on Tuesday.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-sri-lanka-ship/chemical-cargo-ship-sinks-off-sri-lanka-fouling-rich-fishing-waters-idUSKCN2DE0JG&#34;&gt;Chemical cargo ship sinks off Sri Lanka, fouling rich fishing waters&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-iran-nuclear-talks/iran-nuclear-deal-parties-to-wrap-up-latest-round-of-talks-in-vienna-idUSKCN2DE0U5&#34;&gt;Iran nuclear deal parties to wrap up latest round of talks in Vienna&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210602-101854/ Wed, 02 Jun 2021 10:18:53 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210602-101854/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132125_touring-superleggera-unveils-first-mid-engine-car&#34;&gt;Touring Superleggera unveils first mid-engine car&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132174_5-ford-bronco-sport-easter-eggs&#34;&gt;5 Ford Bronco Sport Easter eggs&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210602-101601/ Wed, 02 Jun 2021 10:16:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210602-101601/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-politics/israels-lapid-enlists-gantz-moves-closer-to-unseating-netanyahu-idUSKCN2DE0K6&#34;&gt;Israel&#39;s Lapid enlists Gantz, moves closer to unseating Netanyahu&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; JERUSALEM (Reuters) -Israel&amp;#39;s opposition leader moved closer to unseating Prime Minister Benjamin Netanyahu on Wednesday and forming a new government after agreeing terms with several parties including one led by Defence Minister Benny Gantz, a spokesman said.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-sri-lanka-ship/disaster-feared-as-chemical-cargo-ship-sinks-off-sri-lanka-idUSKCN2DE0JG&#34;&gt;Disaster feared as chemical cargo ship sinks off Sri Lanka&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210602-081557/ Wed, 02 Jun 2021 08:15:57 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210602-081557/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-israel-pfizer/israel-sees-probable-link-between-pfizer-vaccine-and-myocarditis-cases-idUSKCN2DD4R1&#34;&gt;Israel sees probable link between Pfizer vaccine and myocarditis cases&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; JERUSALEM (Reuters) -Israel&amp;#39;s Health Ministry said on Tuesday it had found the small number of heart inflammation cases observed mainly in young men who received Pfizer&amp;#39;s COVID-19 vaccine in Israel were likely linked to their vaccination.&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210602-041626/ Wed, 02 Jun 2021 04:16:26 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210602-041626/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-australia/australias-victoria-extends-melbourne-covid-19-lockdown-for-2nd-week-idUSKCN2DE05P&#34;&gt;Australia&#39;s Victoria extends Melbourne COVID-19 lockdown for 2nd week&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-hongkong-security/hks-june-4th-museum-temporarily-closes-over-licensing-probe-idUSKCN2DE088&#34;&gt;HK&amp;#39;s June 4th museum temporarily closes over licensing probe&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210602-021633/ Wed, 02 Jun 2021 02:16:33 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210602-021633/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-usa-costa-rica/u-s-to-detail-plan-for-global-distribution-of-80-million-vaccine-doses-idUSKCN2DE01B&#34;&gt;U.S. to detail plan for global distribution of 80 million vaccine doses&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210602-001609/ Wed, 02 Jun 2021 00:16:08 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210602-001609/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-usa-immigration-centam/blinken-urges-central-america-to-help-on-migrants-flags-democracy-concerns-idUSKCN2DD4SO&#34;&gt;Blinken urges Central America to help on migrants, flags democracy concerns&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; SAN JOSE (Reuters) -U.S. Secretary of State Antony Blinken urged Central American governments to do more to help contain illegal immigration and voiced concerns about the health of local democracy and human rights during a visit to the region on Tuesday.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-china-politics-media/chinas-xi-calls-for-greater-global-media-reach-idUSKCN2DD4UU&#34;&gt;China&amp;#39;s Xi calls for greater global media reach&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/kickback/overgeneralization/20210602-000743/ Wed, 02 Jun 2021 00:07:43 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210602-000743/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://login.retool.com/auth/signup&#34;&gt;Try Retool&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://retool.com/blog/how-retool-helped-run-a-presidential-campaign/&#34;&gt;How Retool helped run a presidential campaign “Within two months of announcing candidacy, the team needs to scale up to 200 people. That’s faster growth than any startup you’ve worked at.” A great tech team is now table&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://retool.com/blog/erp-for-engineers/&#34;&gt;What’s SAP? What&amp;#39;s SAP? And why is it worth $163B? Every year companies spend $41B on enterprise resource planning software, commonly known as ERP. Today, almost every large business has some sort of ERP system&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://retool.com/blog/state-of-internal-tools-survey-announcement-2020/&#34;&gt;Tell us about how you build your internal tools! TL;DR: we&amp;#39;re running a survey about internal tooling and we&amp;#39;d love you to participate. State of Internal Tools Survey Chances are you’ve spent time on internal tooling: operational, non-customer facing software&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://retool.com/blog/retool-and-firebase/&#34;&gt;Build tools on top of Firebase Contents: Background Live demo Querying data Displaying data Inputting data Input fields Automagic forms The story of software is a story of abstraction. Programming languages abstracted away the complexities of computer instructions — flip-flop&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210601-221945/ Tue, 01 Jun 2021 22:19:44 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210601-221945/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1131599_2022-bmw-ix-xdrive50-price-specs-review-photos-info&#34;&gt;Preview: 2022 BMW iX xDrive50 arrives with 516 hp, 300-mile range, and $84,195 base price&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1126050_2022-bmw-i4-price-specs-review-photos-info&#34;&gt;Preview: 2022 BMW i4 delivers up to 536 hp, starts at $56,395&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/disappear/fussy/20210601-221649/ Tue, 01 Jun 2021 22:16:48 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210601-221649/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://arstechnica.com/gadgets/2021/06/ransomware-striking-the-worlds-biggest-meat-producer-threatens-shortages/&#34;&gt;Shortages loom as ransomware hamstrings the world’s biggest meat producer&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Add meat to the list of critical supply chains disrupted by the malware scourge.&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210601-221642/ Tue, 01 Jun 2021 22:16:41 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210601-221642/ MOSCOW (Reuters) -Dmitry Gudkov, a prominent opposition politician and former parliamentarian, was detained by Russian law enforcement officials on Tuesday, TASS news agency reported, part of a broader crackdown on Kremlin critics.&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210601-201633/ Tue, 01 Jun 2021 20:16:32 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210601-201633/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-birdflu-china/china-reports-first-human-case-of-h10n3-bird-flu-idUSKCN2DD29J&#34;&gt;China reports first human case of H10N3 bird flu&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; A 41-year-old man in China&amp;#39;s eastern province of Jiangsu has been confirmed as the first human case of infection with a rare strain of bird flu known as H10N3, Beijing&amp;#39;s National Health Commission (NHC) said on Tuesday.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-russia-politics-open-russia-arrest/russia-detains-prominent-opposition-politician-in-widening-crackdown-idUSKCN2DD3EY&#34;&gt;Russia detains prominent opposition politician in widening crackdown&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-usa-immigration-border/u-s-formally-ends-trumps-remain-in-mexico-asylum-policy-idUSKCN2DD4DG&#34;&gt;U.S. formally ends Trump’s &amp;#39;remain in Mexico&amp;#39; asylum policy&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/sideswiped/tuftily/20210601-201259/ Tue, 01 Jun 2021 20:12:59 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210601-201259/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.tbray.org/ongoing/When/202x/2021/06/01/Long-Links&#34;&gt;Long Links&lt;/a&gt; · Welcome to the June 2021 issue of&lt;br&gt; , in which I curate long-form works that I enjoyed last month. Even if you think all these look interesting, you probably don’t have time to read them assuming you have a job, which I don’t. My hope is that one or two will reward your attention &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.tbray.org/ongoing/When/202x/2021/06/01/Long-Links&#34;&gt;&amp;hellip;&lt;/a&gt;&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.tbray.org/ongoing/When/202x/2021/05/15/Testing-in-2021&#34;&gt;Testing in the Twenties&lt;/a&gt; · Grown-up software developers know perfectly well that testing is important. But — speaking here from experience — many aren’t doing enough. So I’m here to bang the testing drum, which our profession shouldn’t need to hear but apparently does &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.tbray.org/ongoing/When/202x/2021/05/15/Testing-in-2021&#34;&gt;&amp;hellip;&lt;/a&gt; [7 comments]&lt;br&gt; https://www.whatsupup.com/blog/augur/cussed/20210601-200745/ Tue, 01 Jun 2021 20:07:44 +0000 https://www.whatsupup.com/blog/augur/cussed/20210601-200745/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.discord.com/discover-the-next-great-community-in-stage-discovery-8ad0b95fca46?source=collection_home---4------0-----------------------&#34;&gt;Discover the Next Great Community in Stage Discovery&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.discord.com/discover-the-next-great-community-in-stage-discovery-8ad0b95fca46?source=collection_home---4------0-----------------------&#34;&gt;Discover the Next Great Community in Stage Discovery Back in March, we rolled out Stage channels, a new type of Channel in Discord specially designed for audio events where a few users are…&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210601-181926/ Tue, 01 Jun 2021 18:19:25 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210601-181926/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132431_new-2022-toyota-4runner-trd-sport-model-aims-to-tame-on-road-dynamics&#34;&gt;New 2022 Toyota 4Runner TRD Sport model aims to tame on-road dynamics&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132433_review-update-2021-mercedes-benz-amg-e53-delivers-balanced-power-and-presence&#34;&gt;Review update: 2021 Mercedes-Benz AMG E53 delivers balanced power and presence&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210601-181630/ Tue, 01 Jun 2021 18:16:29 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210601-181630/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-usa-china-export-control-exclusive/exclusive-u-s-agency-not-doing-its-job-to-halt-tech-to-chinas-military-congressional-report-idUSKCN2DD46H&#34;&gt;Exclusive-U.S. agency not doing its job to halt tech to China&#39;s military -congressional report&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; The U.S. Commerce Department is failing to do its part to protect national security and keep sensitive technology out of the hands of China&amp;#39;s military, according to a U.S. congressional advisory report seen by Reuters.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics-court-prisoners/belarusian-prisoner-tries-to-cut-own-throat-in-court-hearing-idUSKCN2DD3P6&#34;&gt;Belarusian prisoner tries to cut own throat in court hearing&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-spain-morocco-polisario/spanish-court-rejects-custody-for-western-sahara-independence-leader-idUSKCN2DD399&#34;&gt;Spanish court rejects custody for Western Sahara independence leader&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/augur/cussed/20210601-180731/ Tue, 01 Jun 2021 18:07:30 +0000 https://www.whatsupup.com/blog/augur/cussed/20210601-180731/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.discord.com/celebrating-pride-month-with-glsen-a2e7695fb1d6?source=collection_home---4------0-----------------------&#34;&gt;Celebrating Pride Month with GLSEN&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.discord.com/celebrating-pride-month-with-glsen-a2e7695fb1d6?source=collection_home---4------0-----------------------&#34;&gt;Celebrating Pride Month with GLSEN We’re marching throughout June under a statement of purpose: Stronger Together.&lt;/a&gt;&lt;br&gt; &lt;hr&gt; Jun 1&lt;br&gt; https://www.whatsupup.com/blog/gaper/whisky/20210601-161653/ Tue, 01 Jun 2021 16:16:53 +0000 https://www.whatsupup.com/blog/gaper/whisky/20210601-161653/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://hacks.mozilla.org/2021/06/looking-fine-with-firefox-89/&#34;&gt;Looking fine with Firefox 89 →&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://hacks.mozilla.org/2021/06/looking-fine-with-firefox-89/&#34;&gt;Looking fine with Firefox 89&lt;/a&gt;&lt;br&gt; &lt;hr&gt; Firefox 89 has smartened up and brings with it a slimmed-down, slightly more minimalist interface. &lt;p&gt;Along with this new look, we get some great styling features including a force-colours feature for media queries and better control over how fonts are displayed. The long-awaited top-level await keyword for JavaScript modules is now enabled, as well as the PerformanceEventTiming interface, which is another addition to the performance suite of APIs: 89 really has been working out!&lt;br&gt;&lt;/p&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210601-161604/ Tue, 01 Jun 2021 16:16:03 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210601-161604/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-italy-sign-ciampi/red-faces-in-rome-as-street-plaque-gets-presidents-name-wrong-idUSKCN2DD3UU&#34;&gt;Red faces in Rome as street plaque gets president&#39;s name wrong&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Italian President Sergio Mattarella had to abandon a ceremony on Tuesday dedicating a Rome road to one of his predecessors, Carlo Azeglio Ciampi, after officials noticed that the name on the stone plaque was misspelt.&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210601-141924/ Tue, 01 Jun 2021 14:19:24 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210601-141924/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1129381_2023-porsche-911-gt3-rs-spy-shots-and-video&#34;&gt;2023 Porsche 911 GT3 RS spy shots and video: New track star takes to the &#39;Ring&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132430_2023-kia-sportage-teased-ahead-of-june-8-reveal&#34;&gt;2023 Kia Sportage teased ahead of June 8 reveal&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210601-141641/ Tue, 01 Jun 2021 14:16:40 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210601-141641/ JERUSALEM (Reuters) -A last-gasp legal challenge by Israeli Prime Minister Benjamin Netanyahu to thwart a bid by a rival rightist to head a new government was rejected on Tuesday as his opponents raced to seal a pact that would unseat him.&lt;br&gt; https://www.whatsupup.com/blog/disappear/fussy/20210601-141624/ Tue, 01 Jun 2021 14:16:23 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210601-141624/ Amazon&#39;s experimental wireless mesh networking turns users into guinea pigs.&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210601-121841/ Tue, 01 Jun 2021 12:18:41 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210601-121841/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1129824_rimac-nevera-production-version-of-1-914-hp-c-two-electric-hypercar-revealed&#34;&gt;Rimac Nevera: Production version of 1,914-hp C_Two electric hypercar revealed&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210601-121554/ Tue, 01 Jun 2021 12:15:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210601-121554/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-politics/netanyahu-challenge-to-legality-of-rivals-pm-bid-is-rebuffed-idUSKCN2DD2RG&#34;&gt;Netanyahu challenge to legality of rival&#39;s PM bid is rebuffed&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210601-101826/ Tue, 01 Jun 2021 10:18:25 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210601-101826/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1125742_2022-ford-fusion-active-evos-spy-shots&#34;&gt;2022 Ford Fusion Active spy shots: Fusion successor almost here&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210601-101538/ Tue, 01 Jun 2021 10:15:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210601-101538/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-china-society-population/chinas-new-three-child-policy-draws-scepticism-cost-questions-idUSKCN2DD2S7&#34;&gt;China&#39;s new three-child policy draws scepticism, cost questions&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; China&amp;#39;s decision to allow families to have up to three children was met with scepticism on Tuesday, with doubts expressed on social media whether it would make much difference, and calls for details on what promised &amp;#34;supportive measures&amp;#34; will include.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-politics/netanyahu-legal-challenge-to-rivals-pm-bid-is-spurned-idUSKCN2DD2RG&#34;&gt;Netanyahu legal challenge to rival&amp;#39;s PM bid is spurned&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210601-081555/ Tue, 01 Jun 2021 08:15:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210601-081555/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-norway-attacks/ten-years-after-breivik-attacks-survivors-seek-to-confront-far-right-extremism-idUSKCN2DD2FU&#34;&gt;Ten years after Breivik attacks, survivors seek to confront far-right extremism&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Nearly 10 years after Anders Behring Breivik tried to kill her on the Norwegian island of Utoeya, Astrid Hoem is back there to explain to a group of teenagers how she ran for her life and hid in a beach cove while Breivik murdered others around her.&lt;br&gt; https://www.whatsupup.com/blog/veld/paternal/20210601-081423/ Tue, 01 Jun 2021 08:14:22 +0000 https://www.whatsupup.com/blog/veld/paternal/20210601-081423/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.raspberrypi.org/blog/raspberry-pi-rp2040-on-sale/&#34;&gt;Raspberry Silicon update: RP2040 on sale now at $1&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; The microcontroller, perfected&lt;br&gt; Eben Upton - 1st Jun 2021 This post has &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.raspberrypi.org/blog/raspberry-pi-rp2040-on-sale/#comments&#34;&gt;2 comments&lt;/a&gt;&lt;br&gt; &lt;hr&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210601-061637/ Tue, 01 Jun 2021 06:16:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210601-061637/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-northkorea-politics/n-koreas-ruling-party-sets-up-new-post-under-leader-kim-yonhap-idUSKCN2DD2AZ&#34;&gt;N.Korea&#39;s ruling party sets up new post under leader Kim -Yonhap&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-g7-finance-japan/japan-finance-minister-does-not-expect-g7-meet-to-debate-specific-tax-rates-idUSKCN2DD28J&#34;&gt;Japan Finance Minister does not expect G7 meet to debate specific tax rates&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/gonadal/revving/20210601-041722/ Tue, 01 Jun 2021 04:17:22 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210601-041722/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://byorgey.wordpress.com/2010/08/12/on-a-problem-of-sigfpe/&#34;&gt;On a Problem of sigfpe&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210601-021537/ Tue, 01 Jun 2021 02:15:36 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210601-021537/ Indigenous groups in Canada are calling for a nationwide search for mass graves at residential school sites after the discovery of the remains of 215 children at one former school last week shocked the country.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-el-salvador-abortion/el-salvador-court-to-free-woman-given-30-years-for-death-of-fetus-idUSKCN2DD203&#34;&gt;El Salvador court to free woman given 30 years for death of fetus&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/overinsuring/enzyme/20210601-001447/ Tue, 01 Jun 2021 00:14:46 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210601-001447/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.cryptographyengineering.com/2018/01/10/attack-of-the-week-group-messaging-in-whatsapp-and-signal/&#34;&gt;Attack of the Week: Group Messaging in WhatsApp and Signal&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/sideswiped/tuftily/20210531-221230/ Mon, 31 May 2021 22:12:30 +0000 https://www.whatsupup.com/blog/sideswiped/tuftily/20210531-221230/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.tbray.org/ongoing/When/202x/2021/05/22/LP-Victory&#34;&gt;LP Victory&lt;/a&gt; · Some readers may remember &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.tbray.org/ongoing/When/201x/2019/02/23/LP-Log&#34;&gt;a February 2019&lt;/a&gt; blog post describing how I inherited 900 or so used LPs, mostly classical. As of this week, I’ve listened to all of them (or rejected them out of hand), and kept 220 or so (counting methods were imperfect). Herewith lessons and reconfigurations. Also there’s a &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.tbray.org/ongoing/When/202x/2021/05/22/Fourteen-Classics&#34;&gt;companion piece&lt;/a&gt; on sixteen albums I especially liked &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.tbray.org/ongoing/When/202x/2021/05/22/LP-Victory&#34;&gt;&amp;hellip;&lt;/a&gt; [1 comment]&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210531-201607/ Mon, 31 May 2021 20:16:06 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210531-201607/ VIENNA (Reuters) -Iran has failed to explain traces of uranium found at several undeclared sites, a report by the U.N. nuclear watchdog showed on Monday, possibly setting up a fresh diplomatic clash between Tehran and the West that could derail wider nuclear talks.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-canada-indigenous-children/indigenous-groups-call-for-canada-to-identify-graves-after-remains-of-215-children-found-idUSKCN2DC1QA&#34;&gt;Indigenous groups call for Canada to identify graves after remains of 215 children found&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210531-181546/ Mon, 31 May 2021 18:15:45 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210531-181546/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-iran-nuclear-iaea/iran-fails-to-explain-uranium-traces-found-at-several-sites-iaea-report-idUSKCN2DC1LG&#34;&gt;Iran fails to explain uranium traces found at several sites -IAEA report&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210531-101759/ Mon, 31 May 2021 10:17:59 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210531-101759/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/writer/10054534_kirk-bell&#34;&gt;Kirk Bell - Senior Editor&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210531-101516/ Mon, 31 May 2021 10:15:16 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210531-101516/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-china-society-population/three-child-policy-china-lifts-cap-on-births-in-major-policy-shift-idUSKCN2DC0HB&#34;&gt;Three-child policy: China lifts cap on births in major policy shift&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; BEIJING (Reuters) -Married Chinese couples may have up to three children, China announced on Monday, in a major shift from the existing limit of two after recent data showed a dramatic decline in births in the world&amp;#39;s most populous country.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-politics/netanyahus-disparate-rivals-try-to-nail-down-pact-to-unseat-him-idUSKCN2DC0SV&#34;&gt;Netanyahu&amp;#39;s disparate rivals try to nail down pact to unseat him&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210531-081452/ Mon, 31 May 2021 08:14:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210531-081452/ &lt;p&gt;China announces three-child policy, in a major shift after recent data showed a dramatic decline in births &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/idUSKCN2DC0HB&#34;&gt;VIEW MORE&lt;/a&gt;&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-china-society-population/china-in-major-policy-shift-announces-families-can-have-three-children-idUSKCN2DC0HB&#34;&gt;China, in major policy shift, announces families can have three children&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; BEIJING (Reuters) -China announced on Monday that married couples may have up to three children, a major policy shift from the existing limit of two after recent data showed a dramatic decline in births in the world&amp;#39;s most populous country.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-denmark-defence/u-s-spied-on-merkel-and-other-europeans-through-danish-cables-broadcaster-dr-idUSKCN2DB0I7&#34;&gt;U.S. spied on Merkel and other Europeans through Danish cables - broadcaster DR&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/gonadal/revving/20210531-041749/ Mon, 31 May 2021 04:17:49 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210531-041749/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://byorgey.wordpress.com/2008/07/29/singing-card-guts/&#34;&gt;Singing card guts&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210531-041617/ Mon, 31 May 2021 04:16:17 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210531-041617/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-hongkong-security-judges/beijings-hong-kong-office-slams-intimidation-of-judge-in-tycoon-jimmy-lais-case-idUSKCN2DC068&#34;&gt;Beijing&#39;s Hong Kong office slams intimidation of judge in tycoon Jimmy Lai&#39;s case&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210531-001551/ Mon, 31 May 2021 00:15:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210531-001551/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-denmark-defence/u-s-security-agency-spied-on-merkel-other-top-european-officials-through-danish-cables-broadcaster-dr-idUSKCN2DB0I7&#34;&gt;U.S. security agency spied on Merkel, other top European officials through Danish cables - broadcaster DR&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; COPENHAGEN (Reuters) -The U.S. National Security Agency (NSA) has used a partnership with Denmark&amp;#39;s foreign intelligence unit to spy on senior officials of neighbouring countries, including German Chancellor Angela Merkel, according to Danish state broadcaster DR.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-politics-bennett/naftali-bennett-the-right-wing-millionaire-who-may-end-netanyahu-era-idUSKCN2DB0EO&#34;&gt;Naftali Bennett: The right-wing millionaire who may end Netanyahu era&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210530-201625/ Sun, 30 May 2021 20:16:24 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210530-201625/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-politics/netanyahus-grip-on-power-loosens-as-rival-moves-to-unseat-him-idUSKCN2DB033&#34;&gt;Netanyahu&#39;s grip on power loosens as rival moves to unseat him&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; JERUSALEM (Reuters) -Far-right party leader Naftali Bennett threw his crucial support on Sunday behind a &amp;#34;unity government&amp;#34; in Israel to unseat Prime Minister Benjamin Netanyahu, in what would be the end of a political era.&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210530-181627/ Sun, 30 May 2021 18:16:26 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210530-181627/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-politics/netanyahus-kingmaker-rival-bennett-agrees-to-join-coalition-to-unseat-him-idUSKCN2DB033&#34;&gt;Netanyahu&#39;s &#39;kingmaker&#39; rival Bennett agrees to join coalition to unseat him&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; JERUSALEM (Reuters) -Far-right party leader Naftali Bennett threw his crucial support on Sunday behind a &amp;#34;government of change&amp;#34; in Israel to unseat Prime Minister Benjamin Netanyahu, in what would be the end of a political era.&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210530-161603/ Sun, 30 May 2021 16:16:02 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210530-161603/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-politics/netanyahu-may-face-imminent-end-to-long-run-as-israels-leader-idUSKCN2DB033&#34;&gt;Netanyahu may face imminent end to long run as Israel&#39;s leader&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; JERUSALEM (Reuters) -Israeli far-right politician Naftali Bennett will deliver a statement on Sunday in which he is widely expected to throw his crucial support behind a &amp;#34;government of change&amp;#34; to unseat Prime Minister Benjamin Netanyahu.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-usa-russia-biden/biden-to-press-putin-on-respecting-human-rights-in-geneva-idUSKCN2DB0CF&#34;&gt;Biden to press Putin on respecting human rights in Geneva&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-palestinians-egypt/israeli-egyptian-officials-meet-in-effort-to-solidify-gaza-truce-idUSKCN2DB0AE&#34;&gt;Israeli, Egyptian officials meet in effort to solidify Gaza truce&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/buckeroo/doubling/20210530-141622/ Sun, 30 May 2021 14:16:22 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210530-141622/ May 30, 2021 &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://drewdevault.com/2021/05/30/Come-build-your-project.html&#34;&gt;Build your project in our new language&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210530-141521/ Sun, 30 May 2021 14:15:21 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210530-141521/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-palestinians-egypt/israel-egypt-meet-in-effort-to-solidify-gaza-truce-idUSKCN2DB0AE&#34;&gt;Israel, Egypt meet in effort to solidify Gaza truce&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-britain-politics-johnson-wedding/uk-pm-johnson-marries-in-low-key-surprise-ceremony-idUSKCN2DA0G8&#34;&gt;UK PM Johnson marries in low-key, surprise ceremony&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210530-121500/ Sun, 30 May 2021 12:14:59 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210530-121500/ JERUSALEM (Reuters) -Prime Minister Benjamin Netanyahu manoeuvred on Sunday to try to dissuade opponents from forming a &amp;quot;government of change&amp;quot;, with media reports saying a deal to unseat Israel&#39;s longest-serving leader could be imminent.&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210530-101754/ Sun, 30 May 2021 10:17:54 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210530-101754/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132362_someone-turned-a-mercedes-benz-slk-class-into-an-adorable-300sl-gullwing-replica&#34;&gt;Someone turned a Mercedes-Benz SLK-Class into an adorable 300SL gullwing replica&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132414_2022-infiniti-qx60-s-upmarket-interior-teased-ahead-of-crossover-s-june-23-reveal&#34;&gt;2022 Infiniti QX60&amp;#39;s upmarket interior teased ahead of crossover&amp;#39;s June 23 reveal&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/writer/10000017_martin-padgett&#34;&gt;Martin Padgett - Editorial Director&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210530-101504/ Sun, 30 May 2021 10:15:03 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210530-101504/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-politics/netanyahu-in-last-minute-bid-to-scupper-possible-deal-to-unseat-him-idUSKCN2DB033&#34;&gt;Netanyahu in last-minute bid to scupper possible deal to unseat him&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Prime Minister Benjamin Netanyahu manoeuvred on Sunday to try to dissuade opponents from forming a &amp;#34;government of change&amp;#34;, with media reports saying a deal to unseat Israel&amp;#39;s longest-serving leader could be imminent.&lt;br&gt; https://www.whatsupup.com/blog/rubicundity/envenomation/20210530-100601/ Sun, 30 May 2021 10:06:00 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20210530-100601/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/topic/chronic-procrastination&#34;&gt;Chronic Procrastination&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210530-081525/ Sun, 30 May 2021 08:15:25 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210530-081525/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-egypt-diplomacy/analysis-gaza-truce-shifts-focus-to-egypts-regional-role-idUSKCN2DB03E&#34;&gt;Analysis: Gaza truce shifts focus to Egypt&#39;s regional role&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210530-061507/ Sun, 30 May 2021 06:15:06 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210530-061507/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-politics/end-of-netanyahu-era-could-be-in-the-cards-in-israeli-political-drama-idUSKCN2DB033&#34;&gt;End of Netanyahu era could be in the cards in Israeli political drama&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Israel was gripped by political drama on Sunday over the possibly imminent end of Prime Minister Benjamin Netanyahu&amp;#39;s record run as the country&amp;#39;s leader.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-india/india-reports-3460-more-covid-19-deaths-over-165000-new-infections-idUSKCN2DB01Y&#34;&gt;India reports 3,460 more COVID-19 deaths, over 165,000 new infections&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210530-041449/ Sun, 30 May 2021 04:14:49 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210530-041449/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-canada-shooting/one-dead-four-taken-to-hospital-after-shooting-near-toronto-idUSKCN2DB010&#34;&gt;One dead, four taken to hospital after shooting near Toronto&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/gonadal/revving/20210530-001657/ Sun, 30 May 2021 00:16:56 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210530-001657/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://byorgey.wordpress.com/2016/05/17/in-praise-of-beeminder/&#34;&gt;In praise of Beeminder&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210530-001523/ Sun, 30 May 2021 00:15:22 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210530-001523/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-britain-politics-johnson-wedding/uk-pm-johnson-marries-fiancee-in-secret-ceremony-reports-idUSKCN2DA0G8&#34;&gt;UK PM Johnson marries fiancee in secret ceremony - reports&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; British Prime Minister Boris Johnson married his fiancee Carrie Symonds in a secret ceremony at Westminster Cathedral on Saturday, the Sun and Mail on Sunday newspapers reported.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics-russia/russia-confirms-second-loan-for-belarus-raises-issue-of-detained-citizen-idUSKCN2DA0AN&#34;&gt;Russia confirms second loan for Belarus, raises issue of detained citizen&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-myanmar/myanmar-covid-19-outbreak-hits-health-system-shattered-after-coup-idUSKCN2DB001&#34;&gt;Myanmar COVID-19 outbreak hits health system shattered after coup&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/overinsuring/enzyme/20210530-001352/ Sun, 30 May 2021 00:13:51 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210530-001352/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.cryptographyengineering.com/2011/11/23/digital-fortress-i-read-it-so-you-dont/&#34;&gt;Digital Fortress: I read it so you don&#39;t have to&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210529-221436/ Sat, 29 May 2021 22:14:36 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210529-221436/ Chelsea beat Manchester City 1-0 to win Champions League Soccer final &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/idUSKCN2DA0H0&#34;&gt;VIEW MORE&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210529-201433/ Sat, 29 May 2021 20:14:33 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210529-201433/ Vietnam detected a new coronavirus variant, a hybrid that it said is airborne and &#39;very dangerous&#39; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/world/asia-pacific/vietnam-detects-hybrid-indian-uk-covid-19-variant-2021-05-29/&#34;&gt;VIEW MORE&lt;/a&gt;&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics-vilnius-march/belarus-opposition-leader-hails-world-support-after-journalist-arrest-idUSKCN2DA0GJ&#34;&gt;Belarus opposition leader hails world support after journalist arrest&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/disappear/fussy/20210529-201415/ Sat, 29 May 2021 20:14:15 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210529-201415/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://arstechnica.com/gadgets/2021/05/amazon-devices-will-soon-automatically-share-your-internet-with-neighbors/&#34;&gt;Amazon devices will soon automatically share your Internet with neighbors&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Amazon&amp;#39;s experiment wireless mesh networking turns users into guinea pigs.&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210529-181928/ Sat, 29 May 2021 18:19:27 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210529-181928/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132423_it-s-the-30th-anniversary-of-the-500-e-the-mercedes-benz-that-porsche-built&#34;&gt;It&#39;s the 30th anniversary of the 500 E, the Mercedes-Benz that Porsche built&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210529-181646/ Sat, 29 May 2021 18:16:46 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210529-181646/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-palestinians-egypt/egypts-foreign-minister-to-meet-israeli-counterpart-on-sunday-idUSKCN2DA0E1&#34;&gt;Egypt&#39;s foreign minister to meet Israeli counterpart on Sunday&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/ideo/fleury/20210529-180527/ Sat, 29 May 2021 18:05:26 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210529-180527/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/&#34;&gt;Using Fake Reviews to Find Dangerous Extensions&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.&lt;br&gt; Comments on the fake Microsoft Authenticator browser extension show the reviews for these applications are either positive or very negative — basically calling it out as a scam. Image: chrome-stats.com.&lt;br&gt; After hearing from a reader about a phony Microsoft Authenticator extension that appeared on the Google Chrome Store , KrebsOnSecurity began looking at the profile of the account that created it. There were a total of five reviews on the extension before it was removed: Three Google users gave it one star, warning people to stay far away from it; but two of the reviewers awarded it between three and four stars.&lt;br&gt; “It’s great!,” the Google account Theresa Duncan enthused, improbably. “I’ve only had very occasional issues with it.”&lt;br&gt; “Very convenient and handing,” assessed Anna Jones , incomprehensibly.&lt;br&gt; Google’s Chrome Store said the email address tied to the account that published the knockoff Microsoft extension also was responsible for one called “ iArtbook Digital Painting .” Before it was removed from the Chrome Store, iArtbook had garnered just 22 users and three reviews. As with the knockoff Microsoft extension, all three reviews were positive, and all were authored by accounts with first and last names, like Megan Vance , Olivia Knox , and Alison Graham .&lt;br&gt; Google’s Chrome Store doesn’t make it easy to search by reviewer. For that I turned to Hao Nguyen , the developer behind &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.chrome-stats.com&#34;&gt;chrome-stats.com&lt;/a&gt; , which indexes and makes searchable a broad array of attributes about extensions available from Google.&lt;br&gt; Looking at the Google accounts that left positive reviews on both the now-defunct Microsoft Authenticator and iArtbook extensions, KrebsOnSecurity noticed that each left positive reviews on a handful of other extensions that have since been removed.&lt;br&gt; Reviews on the iArtbook extension were all from apparently fake Google accounts that each reviewed two other extensions, one of which was published by the same developer. This same pattern was observed across 45 now-defunct extensions.&lt;br&gt; Like an ever-expanding &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://en.wikipedia.org/wiki/Venn_diagram&#34;&gt;venn diagram&lt;/a&gt; , a review of the extensions commented on by each new fake reviewer found led to the discovery of even more phony reviewers and extensions. In total, roughly 24 hours worth of digging through chrome-stats.com unearthed more than 100 positive reviews on a network of patently fraudulent extensions.&lt;br&gt; Those reviews in turn lead to the relatively straightforward identification of:&lt;br&gt; -39 reviewers who were happy with extensions that spoofed major brands and requested financial data -45 malicious extensions that collectively had close to 100,000 downloads -25 developer accounts tied to multiple banned applications&lt;br&gt; The extensions spoofed a range of consumer brands, including Adobe , Amazon , Facebook , HBO , Microsoft , Roku and Verizon . Scouring the manifests for each of these other extensions in turn revealed that many of the same developers were tied to multiple apps being promoted by the same phony Google accounts.&lt;br&gt; Some of the fake extensions have only a handful of downloads, but most have hundreds or thousands. A &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://chrome-stats.com/d/cfpojnimgikehbalpifbfnofalkmeikm&#34;&gt;fake Microsoft Teams extension&lt;/a&gt; attracted 16,200 downloads in the roughly two months it was available from the Google store. A &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://chrome-stats.com/d/cafffncdbdopajhdpnfpohbneabfmjef&#34;&gt;counterfeit version&lt;/a&gt; of CapCut , a professional video editing software suite, claimed nearly 24,000 downloads over a similar time period.&lt;br&gt; More than 16,000 people downloaded a fake Microsoft Teams browser extension over the roughly two months it was available for download from the Google Chrome store.&lt;br&gt; Unlike malicious browser extensions that can &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/&#34;&gt;turn your PC into a botnet or harvest your cookies&lt;/a&gt; , none of the extensions examined here request any special permissions from users. Once installed, however, they invariably prompt the user to provide personal and financial data — all the while pretending to be associated with major brand names. &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/#more-55728&#34;&gt;Continue reading →&lt;/a&gt;&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://krebsonsecurity.com/2021/05/boss-of-atm-skimming-syndicate-arrested-in-mexico/&#34;&gt;Boss of ATM Skimming Syndicate Arrested in Mexico&lt;/a&gt;&lt;br&gt; &lt;hr&gt; Florian “The Shark” Tudor , the alleged ringleader of a prolific ATM skimming gang that siphoned hundreds of millions of dollars from bank accounts of tourists visiting Mexico over the last eight years, was arrested in Mexico City on Thursday in response to an extradition warrant from a Romanian court.&lt;br&gt; Florian Tudor, at a 2020 press conference in Mexico in which he asserted he was a legitimate businessman and not a mafia boss. Image: OCCRP.&lt;br&gt; Tudor, a native of Craiova, Romania, moved to Mexico to set up Top Life Servicios , an ATM servicing company which managed a fleet of relatively new ATMs based in Mexico branded as Intacash .&lt;br&gt; Intacash was the central focus of a &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://krebsonsecurity.com/2015/09/tracking-a-bluetooth-skimmer-gang-in-mexico/&#34;&gt;three&lt;/a&gt; – &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://krebsonsecurity.com/2015/09/tracking-bluetooth-skimmers-in-mexico-part-ii/&#34;&gt;part&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://krebsonsecurity.com/2015/09/whos-behind-bluetooth-skimming-in-mexico/&#34;&gt;investigation&lt;/a&gt; KrebsOnSecurity published in September 2015. That series tracked the activities of a crime gang working with Intacash that was bribing and otherwise coercing ATM technicians to install sophisticated Bluetooth-based skimmers inside cash machines throughout popular tourist destinations in and around Mexico’s Yucatan Peninsula — including Cancun, Cozumel, Playa del Carmen and Tulum.&lt;br&gt; Follow-up &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.occrp.org/en/how-a-crew-of-romanian-criminals-conquered-the-world-of-atm-skimming/&#34;&gt;reporting last year&lt;/a&gt; by the Organized Crime and Corruption Reporting Project (OCCRP) found Tudor and his associates compromised more than 100 ATMs across Mexico using skimmers that were able to remain in place undetected for years. The OCCRP, which dubbed Tudor’s group “The Riviera Maya Gang,” estimates the crime syndicate used cloned card data and stolen PINs to steal more than $1.2 billion from bank accounts of tourists visiting the region.&lt;br&gt; Last year, a Romanian court ordered Tudor’s capture following his conviction in absentia for attempted murder, blackmail and the creation of an organized crime network that specialized in human trafficking.&lt;br&gt; Mexican authorities have been examining bank accounts tied to Tudor and his companies, and investigators believe Tudor and his associates paid protection and hush money to various Mexican politicians and officials over the years. In February, the leader of Mexico’s Green Party &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://krebsonsecurity.com/2021/02/mexican-politician-removed-over-alleged-ties-to-romanian-atm-skimmer-gang/&#34;&gt;stepped down after it emerged that he received funds from Tudor’s group&lt;/a&gt; .&lt;br&gt; This is the second time Mexican authorities have detained Tudor. In April 2019, Tudor and his deputy &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://krebsonsecurity.com/2019/04/alleged-chief-of-romanian-atm-skimming-gang-arrested-in-mexico/&#34;&gt;were arrested for illegal firearms possession&lt;/a&gt; . That arrest came just months after Tudor allegedly ordered the execution of a former bodyguard who was trying to help U.S. authorities bring down the group’s lucrative skimming operations.&lt;br&gt; Tudor’s &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.gob.mx/fgr/prensa/comunicado-fgr-192-21-fgr-informa&#34;&gt;arrest this week inside the premises of the Mexican Attorney General’s Office&lt;/a&gt; did not go smoothly, according to Mexican news outlets. El Universal &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.eluniversal.com.mx/nacion/video-me-estan-ahorcando-asi-fue-la-detencion-de-florian-tudor-en-la-fgr&#34;&gt;reports&lt;/a&gt; that a brawl broke out between Tudor’s lawyers and officials at the Mexican AG’s office, and &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://twitter.com/El_Universal_Mx/status/1398038127697141761&#34;&gt;a video released by the news outlet on Twitter&lt;/a&gt; shows Tudor resisting arrest as he is being hauled out of the building hand and foot.&lt;br&gt; A Mexican judge will decide on Tudor’s extradition to Romania in the coming weeks.&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210529-141451/ Sat, 29 May 2021 14:14:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210529-141451/ Remains of 215 children found at former indigenous school site in Canada &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/idUSKCN2D92C0&#34;&gt;VIEW MORE&lt;/a&gt;&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-hungary-accident-boat-wreath/with-bells-and-flowers-hungary-marks-anniversary-of-danube-boat-disaster-idUSKCN2DA0A5&#34;&gt;With bells and flowers, Hungary marks anniversary of Danube boat disaster&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/rubicundity/envenomation/20210529-140553/ Sat, 29 May 2021 14:05:53 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20210529-140553/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/topic/motivation&#34;&gt;How to Get Motivated&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/rubicundity/envenomation/20210529-100532/ Sat, 29 May 2021 10:05:32 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20210529-100532/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/topic/gaming&#34;&gt;How to Stop Gaming&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210529-081433/ Sat, 29 May 2021 08:14:32 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210529-081433/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-hongkong-security/hong-kong-organisers-lose-appeal-to-hold-tiananmen-vigil-idUSKCN2DA051&#34;&gt;Hong Kong organisers lose appeal to hold Tiananmen vigil&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-northkorea-labour/orphans-soldiers-students-n-korea-turns-to-volunteers-for-coal-mines-construction-idUSKCN2DA068&#34;&gt;Orphans, soldiers, students: N.Korea turns to &amp;#39;volunteers&amp;#39; for coal mines, construction&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210529-061506/ Sat, 29 May 2021 06:15:06 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210529-061506/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-hongkong-security/hong-kong-organisers-loses-appeal-to-hold-tiananmen-vigil-idUSKCN2DA051&#34;&gt;Hong Kong organisers loses appeal to hold Tiananmen vigil&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Organisers of an annual vigil to commemorate the Chinese Communist government&amp;#39;s bloody crackdown on student-led pro-democracy protests in Beijing&amp;#39;s Tiananmen Square in 1989 said on Saturday they had lost an appeal to hold this year&amp;#39;s rally.&lt;br&gt; https://www.whatsupup.com/blog/gonadal/revving/20210529-041610/ Sat, 29 May 2021 04:16:10 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210529-041610/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://byorgey.wordpress.com/2015/04/14/polynomial-functors-constrained-by-regular-expressions/&#34;&gt;Polynomial Functors Constrained by Regular Expressions&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210529-041441/ Sat, 29 May 2021 04:14:41 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210529-041441/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-philippines-china-southchinasea/philippines-protests-chinas-illegal-south-china-sea-presence-idUSKCN2DA03O&#34;&gt;Philippines protests China&#39;s &#39;illegal&#39; South China Sea presence&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210529-021537/ Sat, 29 May 2021 02:15:36 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210529-021537/ U.S. to reimpose sanctions on nine Belarus firms over forced landing of Ryanair flight and journalist&#39;s arrest &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/idUSKCN2DA014&#34;&gt;VIEW MORE&lt;/a&gt;&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-usa-belarus-sanctions/u-s-drawing-up-targeted-sanctions-on-belarus-officials-after-plane-incident-idUSKCN2DA014&#34;&gt;U.S. drawing up targeted sanctions on Belarus officials after plane incident&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; WASHINGTON (Reuters) -The Biden administration said on Friday it is drawing up a list of targeted sanctions against key members of the Belarusian government following the former Soviet republic&amp;#39;s forced landing of a passenger jet and arrest of a journalist on board.&lt;br&gt; https://www.whatsupup.com/blog/bilateralistic/jungle/20210529-020905/ Sat, 29 May 2021 02:09:05 +0000 https://www.whatsupup.com/blog/bilateralistic/jungle/20210529-020905/ 29 May 2021 » &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;http://www.brendangregg.com/blog/2021-05-29/moving-to-australia.html&#34;&gt;Moving my US tech job to Australia&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/overinsuring/enzyme/20210529-001410/ Sat, 29 May 2021 00:14:09 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210529-001410/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.cryptographyengineering.com/2011/11/10/format-preserving-encryption-or-how-to/&#34;&gt;Format Preserving Encryption, or, how to encrypt a credit card number with AES&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/augur/cussed/20210528-220731/ Fri, 28 May 2021 22:07:30 +0000 https://www.whatsupup.com/blog/augur/cussed/20210528-220731/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.discord.com/announcing-our-latest-profile-badge-the-certified-discord-moderator-908182193af8?source=collection_home---4------0-----------------------&#34;&gt;Announcing our Latest Profile Badge: the Certified Discord Moderator&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.discord.com/announcing-our-latest-profile-badge-the-certified-discord-moderator-908182193af8?source=collection_home---4------0-----------------------&#34;&gt;Announcing our Latest Profile Badge: the Certified Discord Moderator The Certified Discord Moderator badge rewards the unsung heroes who go above and beyond and make communities on Discord what they are.&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210528-201520/ Fri, 28 May 2021 20:15:20 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210528-201520/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-usa-india/blinken-says-u-s-and-india-united-in-tackling-covid-19-idUSKCN2D928K&#34;&gt;Blinken says U.S. and India united in tackling COVID-19&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-france-security/french-policewoman-stabbed-by-ex-prisoner-on-threat-watch-list-idUSKCN2D913W&#34;&gt;French policewoman stabbed by ex-prisoner on threat watch list&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/overgrazing/propellent/20210528-201415/ Fri, 28 May 2021 20:14:15 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210528-201415/ A newsletter about big tech and society by Silicon Valley-based journalist Alex Kantrowitz.&lt;br&gt; https://www.whatsupup.com/blog/gonadal/revving/20210528-181718/ Fri, 28 May 2021 18:17:18 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210528-181718/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://byorgey.wordpress.com/2011/05/18/tic-tac-toe-maps-with-diagrams/&#34;&gt;Tic-tac-toe maps with diagrams&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/traveling/splay/20210528-181631/ Fri, 28 May 2021 18:16:31 +0000 https://www.whatsupup.com/blog/traveling/splay/20210528-181631/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.nytimes.com/es/2021/05/28/espanol/astronomia-sol-clima-espacio.html&#34;&gt;Allá Afuera ¿La nueva temporada de tormentas solares será tempestuosa o tranquila? Al comenzar otro ciclo de actividad solar de 11 años, los científicos debaten cuán violento puede ser nuestro amigo estelar. By Dennis Overbye&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210528-181538/ Fri, 28 May 2021 18:15:38 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210528-181538/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics-russia/putin-offers-belarus-leader-support-against-west-in-ryanair-plane-standoff-idUSKCN2D91FI&#34;&gt;Putin offers Belarus leader support against West in Ryanair plane standoff&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; MOSCOW (Reuters) -Russian President Vladimir Putin on Friday offered his Belarusian counterpart Alexander Lukashenko support in his standoff with the West over his handling of the grounding of a passenger jet and the arrest of a dissident blogger.&lt;br&gt; https://www.whatsupup.com/blog/kickback/overgeneralization/20210528-180717/ Fri, 28 May 2021 18:07:17 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210528-180717/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://retool.com/blog/react-component-libraries/&#34;&gt;Top React component libraries (2021 edition) Get an overview of the top React component libraries looking at several factors like popularity, use cases, documentation, resources, support, etc.&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210528-161905/ Fri, 28 May 2021 16:19:04 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210528-161905/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132418_2023-mercedes-benz-amg-eqe-spy-shots&#34;&gt;2023 Mercedes-Benz AMG EQE spy shots: AMG crafts second dedicated EV&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210528-141951/ Fri, 28 May 2021 14:19:51 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210528-141951/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132415_this-964-generation-porsche-911-delivers-500-hp-zero-emissions&#34;&gt;This 964-generation Porsche 911 delivers 500 hp, zero emissions&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132373_parnelli-jones-baja-raced-big-oly-ford-bronco-sold-for-1-87m&#34;&gt;Parnelli Jones&amp;#39; Baja-raced &amp;#34;Big Oly&amp;#34; Ford Bronco sold for $1.87M&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1113484_stellantis-ceo-samples-maserati-grecale-crossover-due-in-2021&#34;&gt;Stellantis CEO samples Maserati Grecale crossover due in 2021&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/gonadal/revving/20210528-141813/ Fri, 28 May 2021 14:18:12 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210528-141813/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://byorgey.wordpress.com/2012/07/19/monads-easy-or-hard/&#34;&gt;Monads: Easy or Hard?&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/disappear/fussy/20210528-141618/ Fri, 28 May 2021 14:16:18 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210528-141618/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://arstechnica.com/gadgets/2021/05/apples-m1-chip-has-a-security-bug-but-dont-worry-its-mostly-harmless/&#34;&gt;Covert channel in Apple’s M1 is mostly harmless, but it sure is interesting&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Technically, it&amp;#39;s a vulnerability, but there&amp;#39;s not much an attacker can do with it.&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210528-141615/ Fri, 28 May 2021 14:16:15 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210528-141615/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics-russia/belarus-leader-flies-into-russia-for-talks-with-putin-amid-uproar-over-air-piracy-idUSKCN2D91FI&#34;&gt;Belarus leader flies into Russia for talks with Putin amid uproar over &#39;air piracy&#39;&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/video/2021/05/28/the-week-in-numbers-bond-market-billions?videoId=730586301&amp;videoChannel=118169&#34;&gt;The Week in Numbers: &amp;#39;Bond&amp;#39; market billions&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210528-121725/ Fri, 28 May 2021 12:17:25 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210528-121725/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132411_review-update-2021-mercedes-benz-amg-glb35-combines-power-and-practicality&#34;&gt;Review update: 2021 Mercedes-Benz AMG GLB35 combines power and practicality&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210528-121424/ Fri, 28 May 2021 12:14:23 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210528-121424/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-ethiopia-conflict-un/un-alarmed-at-soldiers-detaining-displaced-from-tigray-camps-idUSKCN2D90WZ&#34;&gt;UN alarmed at soldiers detaining displaced from Tigray camps&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; GENEVA (Reuters) -The United Nations refugee agency voiced deep concern on Friday at reports of soldiers taking hundreds of people away from displacement camps in the Tigray region of Ethiopia earlier this week, saying such sites should be a safe haven.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-nigeria-accident/boat-carrying-200-people-capsizes-in-nigeria-idUSKCN2D72FU&#34;&gt;Boat carrying 200 people capsizes in Nigeria&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210528-101752/ Fri, 28 May 2021 10:17:52 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210528-101752/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1124807_2022-volkswagen-transporter-t7-spy-shots-and-video&#34;&gt;2022 Volkswagen Transporter (T7) spy shots and video: Popular van moves to MQB&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132403_first-of-new-rear-drive-premium-mazdas-tipped-to-be-cx-50-crossover&#34;&gt;First of new rear-drive, premium Mazdas tipped to be CX-50 crossover&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/traveling/splay/20210528-101541/ Fri, 28 May 2021 10:15:40 +0000 https://www.whatsupup.com/blog/traveling/splay/20210528-101541/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.nytimes.com/2021/05/28/science/astronomy-sun-space-weather.html&#34;&gt;Out There Will the Next Space-Weather Season Be Stormy or Fair? As another 11-year cycle of solar activity begins, scientists debate how violent our stellar friend is likely to be. By Dennis Overbye&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/disappear/fussy/20210528-101443/ Fri, 28 May 2021 10:14:43 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210528-101443/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://arstechnica.com/gadgets/2021/05/microsoft-says-solarwinds-hackers-targeted-us-agencies-in-a-new-campaign/&#34;&gt;SolarWinds hackers are back with a new mass campaign, Microsoft says&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Kremlin-backed group uses hacked account to impersonate US aid agency.&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210528-101442/ Fri, 28 May 2021 10:14:41 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210528-101442/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-nato-summit-spending-exclusive/exclusive-france-resists-more-joint-funding-of-brain-dead-nato-idUSKCN2D90WT&#34;&gt;Exclusive: France resists more joint funding of &#39;brain dead&#39; NATO&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; A $20 billion plan to give NATO more flexibility in facing military threats, climate change and China&amp;#39;s rise has hit firm resistance from France, which fears the move could undermine its defence priorities, four diplomats and a French defence source said.&lt;br&gt; https://www.whatsupup.com/blog/rubicundity/envenomation/20210528-100545/ Fri, 28 May 2021 10:05:44 +0000 https://www.whatsupup.com/blog/rubicundity/envenomation/20210528-100545/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/how-to-change-for-the-better&#34;&gt;How to change for the better&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/how-to-set-goals-that-work&#34;&gt;How to set goals that work&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/how-to-finally-start-doing-something-about-your-dreams&#34;&gt;How to finally start doing something about your dreams&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/how-to-avoid-i-ll-do-it-tomorrow&#34;&gt;How to avoid “I’ll do it tomorrow”&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/case-study-why-you-should-play-factorio&#34;&gt;Case Study: Why you should play Factorio&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/the-real-benefits-of-gaming&#34;&gt;The real benefits of gaming&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/play-the-ultimate-game-your-real-life&#34;&gt;Play the ultimate game: your real life&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/the-real-reason-why-you-get-distracted&#34;&gt;The real reason why you get distracted&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/today-shouldnt-suck&#34;&gt;Today shouldn’t suck&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/4-most-common-ways-of-getting-distracted&#34;&gt;4 most common ways of getting distracted&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/how-to-be-productive-without-forcing-yourself&#34;&gt;How to be more productive without forcing yourself&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/how-to-focus-on-work&#34;&gt;How to focus on work&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.deprocrastination.co/blog/block-out-input-free-time&#34;&gt;Block out input-free time&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210528-081429/ Fri, 28 May 2021 08:14:28 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210528-081429/ BENGALURU (Reuters) -Coronavirus infections in the South Asia region surpassed 30 million on Friday, according to a Reuters tally of official data, led by India which is struggling with a second COVID-19 wave and a vaccine shortage across the region.&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210528-061602/ Fri, 28 May 2021 06:16:02 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210528-061602/ &lt;p&gt;Jailed Hong Kong media tycoon and Beijing critic Jimmy Lai was given a new prison sentence of 14 months on Friday over his role in an unauthorised assembly on Oct. 1, 2019, during one of the city&#39;s pro-democracy rallies that year.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-south-asia-cases/south-asia-crosses-30-million-covid-19-cases-as-india-battles-second-wave-idUSKCN2D90CF&#34;&gt;South Asia crosses 30 million COVID-19 cases as India battles second wave&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-ethiopia-election-media-insight/in-abiys-ethiopia-press-freedom-flourished-then-fear-returned-idUSKCN2D90FT&#34;&gt;In Abiy&amp;#39;s Ethiopia, press freedom flourished then fear returned&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/invertase/atween/20210528-060757/ Fri, 28 May 2021 06:07:56 +0000 https://www.whatsupup.com/blog/invertase/atween/20210528-060757/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/&#34;&gt;Neil Sainsbury&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/about&#34;&gt;/about&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/consulting&#34;&gt;/consulting&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/writing&#34;&gt;/writing&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://twitter.com/neilwithdata&#34;&gt;/twitter&lt;/a&gt;&lt;br&gt; I&amp;#39;m a software developer, enjoying building mobile apps and API back-ends and services. I&amp;#39;m also a &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/mathematics-self-learner&#34;&gt;math enthusiast&lt;/a&gt; with an interest in databases (check out my &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.masterywithsql.com&#34;&gt;Mastery with SQL&lt;/a&gt; course)&lt;br&gt; 2020&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/advanced-sql&#34;&gt;Advanced SQL and database books and resources&lt;/a&gt;&lt;br&gt; &lt;hr&gt; May 1, 2020&lt;br&gt; For people who&amp;#39;ve worked through Mastery with SQL, a common question I get is &amp;#34;What&amp;#39;s next?&amp;#34; If you completed the course and all 150+ exercises, at this point you&amp;#39;ll have a very strong grasp of SQL and should be comfortable writing all sorts of...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/developer-myth&#34;&gt;The myth of the developer that can&amp;#39;t code&lt;/a&gt;&lt;br&gt; &lt;hr&gt; At the time of writing, my last blog post on the subject of hiring has over 150K views and generated a lot of great discussion. It touched a nerve. Good. There&amp;#39;s lots of agreement that developer hiring is broken. But there&amp;#39;s also disagreement, or...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/developer-hiring&#34;&gt;The software industry&amp;#39;s greatest sin: hiring&lt;/a&gt;&lt;br&gt; &lt;hr&gt; One of the greatest sins in the entire software industry has got to be the way developers are hired. It is irredeemably broken and needs to be torn down and completely rebuilt. I&amp;#39;ve been a software developer now for around 15 years. In that time,...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/chrome-redirect-forget&#34;&gt;How to make Chrome forget a permanent redirect?&lt;/a&gt;&lt;br&gt; &lt;hr&gt; Recently I&amp;#39;ve been working on a project that sets up a number of permanent (HTTP 301) redirects on localhost. While that&amp;#39;s useful for that project, after stepping outside of that project these redirects got in the way of other development...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/django-sql-logging&#34;&gt;Logging raw SQL to the console in Django&lt;/a&gt;&lt;br&gt; &lt;hr&gt; When working on a Django project it can be useful to see the raw SQL queries being made to your database - you can quickly and easily identify when there are too many calls being made and look for other inefficient access patterns (queries asking...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/teams-bot-without-azure&#34;&gt;Can you build a Microsoft Teams bot without using Azure?&lt;/a&gt;&lt;br&gt; &lt;hr&gt; Yes. But also, no. Let me explain. One important concept to understand right away is that Microsoft Teams apps never directly communicate with your web services. A Teams app as installed in the client is actually just a JSON manifest file and...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/teams-app-id-password&#34;&gt;What are the Microsoft App ID and password for when building a Teams bot?&lt;/a&gt;&lt;br&gt; &lt;hr&gt; When you&amp;#39;re building an app for Microsoft Teams, or really, anything that&amp;#39;s going to end up using the Azure Bot Service, at some point in the process you have to create and manage a Microsoft App ID and password. When you first do this, it feels...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/azure-functions-post-body-js&#34;&gt;Azure Functions: How to get data from a POST body in JavaScript&lt;/a&gt;&lt;br&gt; &lt;hr&gt; When working with Azure Functions, a common thing you&amp;#39;ll want to do is get data out of the POST body inside your function. Handily, if you make your POST request in JSON format, you&amp;#39;ll be able to simply access the object properties by name,...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/azure-cli-webapp-runtime-error&#34;&gt;Command not recognized error when specifying a runtime during webapp creation with Azure CLI&lt;/a&gt;&lt;br&gt; &lt;hr&gt; Recently I&amp;#39;ve been working with Azure and have been using the Azure CLI to script up creation of a Node.js webapp (btw, the Azure CLI Tools extension is excellent for this). I found however that when scripting up the creation of the webapp, if...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/ms-teams-validdomains-error&#34;&gt;Microsoft Teams error - &amp;#39;validDomains&amp;#39; array cannot contain a tunneling site&lt;/a&gt;&lt;br&gt; &lt;hr&gt; When building your first app or bot for Microsoft Teams, one error you might come across during your development when you&amp;#39;re using the tool ngrok is in App Studio. In the Manifest Editor, when you go to the Test and Distribute tab, if you&amp;#39;ve been...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/how-i-built-bbsmart&#34;&gt;How I built the best-selling BlackBerry app of all-time&lt;/a&gt;&lt;br&gt; &lt;hr&gt; Many years ago, I built what I believe was the best-selling BlackBerry app of all-time, BBSmart Email Viewer. It feels strange to write that, and it&amp;#39;s not something I&amp;#39;d say I&amp;#39;m really known for outside of the small niche community of BlackBerry...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/mathematics-self-learner&#34;&gt;Mathematics for the adventurous self-learner&lt;/a&gt;&lt;br&gt; &lt;hr&gt; For over six years now, I&amp;#39;ve been studying mathematics on my own in my spare time - working my way through books, exercises, and online courses. In this post I&amp;#39;ll share what books and resources I&amp;#39;ve worked through and recommend and also tips for...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/using-vscode-with-psql&#34;&gt;Using Visual Studio Code with psql&lt;/a&gt;&lt;br&gt; &lt;hr&gt; A quick HOWTO to show you how to setup psql to use Visual Studio Code for interactive editing. Updating your EDITOR When you&amp;#39;re working in psql, it can be handy to jump to a richer text editor, particularly when typing up longer queries. In psql,...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/with-ties-postgresql&#34;&gt;Implementing SQL Server&amp;#39;s WITH TIES in PostgreSQL&lt;/a&gt;&lt;br&gt; &lt;hr&gt; SQL Server supports a TOP (N) WITH TIES clause which can be used to return the top N rows from a query along with any additional rows that have the same sort value as the Nth row. It&amp;#39;s handy functionality that can come in use in many situations....&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/join-using&#34;&gt;Joins: USING vs ON for join conditions&lt;/a&gt;&lt;br&gt; &lt;hr&gt; When establishing the join condition between two tables in PostgreSQL, and you&amp;#39;re performing an equality join where the columns are named the same in both tables, a nice shorthand syntax to establish the join is with USING. You might think this...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/copy-permission-denied&#34;&gt;Permission Denied error when using PostgreSQL&amp;#39;s COPY FROM/TO command&lt;/a&gt;&lt;br&gt; &lt;hr&gt; COPY FROM is commonly used to import data from a file (CSV, plain text, etc.) in to PostgreSQL. Likewise, COPY TO is used to export data from a table or a query result to a file. When you&amp;#39;re using these commands if you&amp;#39;re getting a &amp;#34;Permission...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/mastery-with-sql-launch&#34;&gt;Mastery with SQL is out now!&lt;/a&gt;&lt;br&gt; &lt;hr&gt; My new course Mastery with SQL is out now! I&amp;#39;m so thrilled with how it&amp;#39;s turned out. My goal when I set out was to build a course that&amp;#39;s exercise-centric. I&amp;#39;m an avid learner who loves studying new domains, and in my experience one of the best...&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.neilwithdata.com/using-distinct&#34;&gt;Using Distinct&lt;/a&gt;&lt;br&gt; &lt;hr&gt; The DISTINCT keyword has a bunch of interesting use-cases in ANSI SQL and offers some additional functionality when used in PostgreSQL. Let&amp;#39;s dive in and take a look with an example (you can find the full source code to reproduce this example on...&lt;br&gt; Neil Sainsbury 2020. Background pattern from &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;http://www.heropatterns.com/&#34;&gt;heropatterns.com&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/gonadal/revving/20210528-041759/ Fri, 28 May 2021 04:17:59 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210528-041759/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://byorgey.wordpress.com/2012/06/12/unsubscribing-from-wolfram-emails-rant/&#34;&gt;Unsubscribing from Wolfram emails (rant)&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210528-041620/ Fri, 28 May 2021 04:16:20 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210528-041620/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-hongkong-security/jailed-hk-tycoon-jimmy-lai-sentenced-to-14-months-for-oct-1-illegal-assembly-idUSKCN2D9024&#34;&gt;Jailed HK tycoon Jimmy Lai sentenced to 14 months for Oct. 1 illegal assembly&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; HONG KONG (Reuters) -Jailed Hong Kong media tycoon and Beijing critic Jimmy Lai was given a new prison sentence of 14 months on Friday over his role in an unauthorised assembly on Oct. 1, 2019, during one of the city&amp;#39;s pro-democracy rallies that year.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-myanmar-politics-asean/southeast-asian-nations-oppose-arms-embargo-on-myanmar-report-idUSKCN2D908K&#34;&gt;Southeast Asian nations oppose arms embargo on Myanmar -report&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/invertase/atween/20210528-040758/ Fri, 28 May 2021 04:07:58 +0000 https://www.whatsupup.com/blog/invertase/atween/20210528-040758/ [Nothing new, only with content removed] https://www.whatsupup.com/blog/overgrazing/propellent/20210528-021523/ Fri, 28 May 2021 02:15:22 +0000 https://www.whatsupup.com/blog/overgrazing/propellent/20210528-021523/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://bigtechnology.substack.com/p/why-skyrocketing-import-costs-are&#34;&gt;Why Skyrocketing Import Costs Are Hammering Amazon Sellers (And You)&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://bigtechnology.substack.com/p/why-skyrocketing-import-costs-are&#34;&gt;Shipping one container from China to the U.S. cost $2,000 a year ago. Now it’s up to $15,000, leaving sellers scrambling and causing product prices to rise.&lt;/a&gt;&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://bigtechnology.substack.com/p/well-exit-the-pandemic-with-a-more&#34;&gt;We’ll Exit The Pandemic With a More Realistic Relationship With Work&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://bigtechnology.substack.com/p/well-exit-the-pandemic-with-a-more&#34;&gt;With community in decline, we counted on work for meaning. But a year in isolation is clarifying. We’ll come out of this with more sensible expectation…&lt;/a&gt;&lt;br&gt; May 21 &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;javascript:void(0)&#34;&gt;10&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://bigtechnology.substack.com/p/well-exit-the-pandemic-with-a-more/comments&#34;&gt;Comment 2&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;javascript:void(0)&#34;&gt;Share&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210528-001611/ Fri, 28 May 2021 00:16:11 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210528-001611/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-syria-security-election-results/syrias-assad-wins-4th-term-with-95-of-vote-in-election-the-west-calls-fraudulent-idUSKCN2D82S2&#34;&gt;Syria&#39;s Assad wins 4th term with 95% of vote, in election the West calls fraudulent&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; BEIRUT (Reuters) -Syrian President Bashar al-Assad won a fourth term in office with 95.1% of the votes in an election that will extend his rule over a country ruined by war but which opponents and the West say was marked by fraud.&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210527-221538/ Thu, 27 May 2021 22:15:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210527-221538/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-syria-security-election-results/syrias-assad-wins-fourth-term-in-office-with-95-1-of-votes-idUSKCN2D82S2&#34;&gt;Syria&#39;s Assad wins fourth term in office with 95.1% of votes&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; BEIRUT (Reuters) -Syria&amp;#39;s President Bashar al-Assad won a fourth term in office with 95.1% of votes in an election that will extend his rule over a country ruined by war but which opponents and the West say was marked by fraud.&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210527-201502/ Thu, 27 May 2021 20:15:02 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210527-201502/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-palestinians-un/u-n-launches-investigation-into-whether-israel-hamas-committed-crimes-idUSKCN2D80YQ&#34;&gt;U.N. launches investigation into whether Israel, Hamas committed crimes&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210527-181820/ Thu, 27 May 2021 18:18:19 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210527-181820/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132405_2023-chevrolet-colorado-spy-shots&#34;&gt;2023 Chevrolet Colorado spy shots: Redesigned mid-size pickup on the way&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132342_2022-toyota-tundra-2022-ford-f-150-lightning-2021-acura-tlx-type-s-the-week-in-reverse&#34;&gt;2022 Toyota Tundra, 2022 Ford F-150 Lightning, 2021 Acura TLX Type S: The Week In Reverse&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210527-181521/ Thu, 27 May 2021 18:15:20 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210527-181521/ Exclusive: U.S. opens criminal probe into alleged lapses at Eli Lilly plant &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/idUSL2N2NE1JW&#34;&gt;VIEW MORE&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210527-162008/ Thu, 27 May 2021 16:20:07 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210527-162008/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132404_hyundai-hydrogen-electric-semi-to-hit-us-roads-in-2021&#34;&gt;Hyundai hydrogen-electric semi to hit US roads in 2021&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210527-161656/ Thu, 27 May 2021 16:16:55 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210527-161656/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics-nato-turkey-exclusiv/exclusive-turkey-pushed-nato-allies-into-softening-outrage-over-belarus-plane-diplomats-say-idUSKCN2D826P&#34;&gt;Exclusive: Turkey pushed NATO allies into softening outrage over Belarus plane, diplomats say&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Turkey pushed NATO allies into watering down an official reaction to the forced landing by Belarus of a passenger plane and the detention of a dissident journalist on Sunday, two diplomats familiar with the matter told Reuters.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-hongkong-security/hong-kong-passes-sweeping-pro-china-election-rules-reduces-publics-voting-power-idUSKCN2D811T&#34;&gt;Hong Kong passes sweeping pro-China election rules, reduces public&amp;#39;s voting power&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/kickback/overgeneralization/20210527-160804/ Thu, 27 May 2021 16:08:04 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210527-160804/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://retool.com/blog/jetfuel-customer-story/&#34;&gt;How Jetfuel sped up customer support by marrying data and actions with Retool This is the story of how a co-founder and CRO built internal tools that helped every team bring insights and action into the same place.&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210527-141952/ Thu, 27 May 2021 14:19:52 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210527-141952/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132400_ssc-tuatara-striker-and-aggressor-unveiled-with-up-to-2-200-horsepower&#34;&gt;SSC Tuatara Striker and Aggressor unveiled with up to 2,200 horsepower&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1117022_rolls-royce-reveals-boat-tail-as-sign-of-return-to-coachbuilding&#34;&gt;Rolls-Royce reveals Boat Tail as sign of return to coachbuilding&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/gonadal/revving/20210527-141839/ Thu, 27 May 2021 14:18:39 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210527-141839/ Write a Comment&amp;hellip;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210527-141645/ Thu, 27 May 2021 14:16:44 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210527-141645/ British Prime Minister Boris Johnson on Thursday brushed aside allegations from his former chief aide that his failings had caused tens of thousands of unnecessary deaths from COVID-19, saying &amp;quot;some of the commentary&amp;quot; bore no relation to reality.&lt;br&gt; https://www.whatsupup.com/blog/overinsuring/enzyme/20210527-141456/ Thu, 27 May 2021 14:14:56 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210527-141456/ Write a Comment&amp;hellip;&lt;br&gt; https://www.whatsupup.com/blog/boxed/modification/20210527-141409/ Thu, 27 May 2021 14:14:08 +0000 https://www.whatsupup.com/blog/boxed/modification/20210527-141409/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://quuxplusone.github.io/blog/tags/#conferences&#34;&gt;conferences&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://quuxplusone.github.io/blog/tags/#cpp-on-sea&#34;&gt;cpp-on-sea&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://quuxplusone.github.io/blog/tags/#training&#34;&gt;training&lt;/a&gt;&lt;br&gt; The schedule for C++ on Sea 2021 has been announced! The “conference day” involves two tracks of five talks each, plus a keynote by Barbara Geller and Ansel Sermersheim. The two “workshop days” offer… well, you should sign up for my own two-day training class, at which point the other offerings are moot. But, just for the record, the two available two-day classes are:&lt;br&gt; Arthur O’Dwyer’s &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://cpponsea.uk/2021/sessions/workshop_modern-stl-programming-algorithms-containers-iterators.html&#34;&gt;“Modern STL Programming”&lt;/a&gt;&lt;br&gt; Anthony Williams’ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://cpponsea.uk/2021/sessions/workshop_more-concurrent-thinking-in-cpp.html&#34;&gt;“More Concurrent Thinking in C++”&lt;/a&gt;&lt;br&gt; If you don’t do a two-day class, then on Wednesday you can choose among these options: …&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210527-122216/ Thu, 27 May 2021 12:22:15 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210527-122216/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1089319_2023-porsche-911-safari-spy-shots-and-video&#34;&gt;A modern Safari? Porsche tests high-riding 911&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132402_mclaren-adds-windshield-option-to-elva-speedster&#34;&gt;McLaren adds windshield option to Elva speedster&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210527-121926/ Thu, 27 May 2021 12:19:25 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210527-121926/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-britain/no-relation-to-reality-uk-pm-johnson-brushes-off-ex-aides-claims-idUSKCN2D80UV&#34;&gt;No relation to reality: UK PM Johnson brushes off ex-aide&#39;s claims&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/traveling/splay/20210527-101548/ Thu, 27 May 2021 10:15:48 +0000 https://www.whatsupup.com/blog/traveling/splay/20210527-101548/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.nytimes.com/2021/05/27/science/black-hole-names-holley-bockelmann.html&#34;&gt;Out There What to Name a Bunch of Black Holes? You Had Some Ideas. Recently, astronomers asked aloud which plural term would best suit the most enigmatic entity in the cosmos. The responses were plentiful. By Dennis Overbye&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210527-101508/ Thu, 27 May 2021 10:15:07 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210527-101508/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-taiwan-china/taiwan-says-request-to-drop-word-country-preceded-biontech-vaccine-deal-collapse-idUSKCN2D810T&#34;&gt;Taiwan says request to drop word &#39;country&#39; preceded BioNTech vaccine deal collapse&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210527-081518/ Thu, 27 May 2021 08:15:18 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210527-081518/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-china-australia-trial/china-keeps-diplomats-out-of-espionage-trial-of-australian-yang-hengjun-idUSKCN2D72SK&#34;&gt;China keeps diplomats out of espionage trial of Australian Yang Hengjun&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210527-061508/ Thu, 27 May 2021 06:15:07 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210527-061508/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-hongkong-security-jimmylai-exclusive/exclusive-hong-kong-security-chief-threatens-tycoon-lais-bankers-with-jail-if-they-deal-in-his-accounts-idUSKCN2D80EM&#34;&gt;Exclusive: Hong Kong security chief threatens tycoon Lai&#39;s bankers with jail if they deal in his accounts&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-australia/australias-victoria-state-to-enter-covid-19-lockdown-after-highly-infectious-outbreak-idUSKCN2D72XY&#34;&gt;Australia&amp;#39;s Victoria state to enter COVID-19 lockdown after &amp;#39;highly-infectious&amp;#39; outbreak&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/overinsuring/enzyme/20210527-061343/ Thu, 27 May 2021 06:13:42 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210527-061343/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.cryptographyengineering.com/2019/02/11/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function/&#34;&gt;Attack of the week: searchable encryption and the ever-expanding leakage function&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210527-041554/ Thu, 27 May 2021 04:15:53 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210527-041554/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-china-usa/chinese-embassy-in-u-s-says-politicising-covid-19-origins-hampers-investigations-idUSKCN2D8023&#34;&gt;Chinese embassy in U.S. says politicising COVID-19 origins hampers investigations&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Politicising the origins of COVID-19 would hamper further investigations and undermine global efforts to curb the pandemic, China&amp;#39;s U.S. embassy said after President Joe Biden ordered a review of intelligence about where the virus emerged.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-china-australia-trial/australian-yang-hengjun-to-face-court-in-beijing-on-espionage-charges-idUSKCN2D72SK&#34;&gt;Australian Yang Hengjun to face court in Beijing on espionage charges&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/kickback/overgeneralization/20210527-040742/ Thu, 27 May 2021 04:07:42 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210527-040742/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://retool.com/blog/best-postgresql-guis-in-2020/&#34;&gt;Best PostgreSQL GUIs in 2021 (Updated) psql is nice, but nobody wants to write their queries in the command line. This post walks through the best GUIs available for querying your Postgres data.&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210527-021844/ Thu, 27 May 2021 02:18:43 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210527-021844/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics-aviation-safety-anal/analysis-pressure-grows-for-sensitive-belarus-air-safety-probe-idUSKCN2D726Y&#34;&gt;Analysis: Pressure grows for sensitive Belarus air safety probe&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/overinsuring/enzyme/20210527-001450/ Thu, 27 May 2021 00:14:50 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210527-001450/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.cryptographyengineering.com/2011/12/01/how-not-to-use-symmetric-encryption/&#34;&gt;How (not) to use symmetric encryption&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/boxed/modification/20210527-001400/ Thu, 27 May 2021 00:14:00 +0000 https://www.whatsupup.com/blog/boxed/modification/20210527-001400/ Previously on this blog:&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://quuxplusone.github.io/blog/2021/05/19/after-you-no-after-you/&#34;&gt;“A metaprogramming puzzle: Overly interoperable libraries”&lt;/a&gt; (2021-05-19)&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://quuxplusone.github.io/blog/2021/05/22/after-you-part-two/&#34;&gt;“Overly interoperable libraries, part 2”&lt;/a&gt; (2021-05-22)&lt;br&gt; Jason Cobb has sent me a proposal that I think meets all the requirements and therefore qualifies as a complete solution!&lt;br&gt; Unlike the ideas in my previous posts, Jason’s solution doesn’t depend on “GUIDs” at all. It’s based on a simple idea that is, in hindsight, quite obvious. …&lt;br&gt; https://www.whatsupup.com/blog/disappear/fussy/20210526-221532/ Wed, 26 May 2021 22:15:31 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210526-221532/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://arstechnica.com/gadgets/2021/05/exploitable-security-bug-remains-in-ios-and-macos-3-weeks-after-upstream-fix/&#34;&gt;No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210526-221528/ Wed, 26 May 2021 22:15:27 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210526-221528/ (In 11th paragraph adds missing first name of attorney to read Zach Thornley)&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-palestinians-strife-analysis/analysis-as-gaza-fighting-ebbs-israels-communities-eye-each-other-warily-idUSKCN2D712X&#34;&gt;Analysis: As Gaza fighting ebbs, Israel&#39;s communities eye each other warily&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/kickback/overgeneralization/20210526-220714/ Wed, 26 May 2021 22:07:14 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210526-220714/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://retool.com/blog/nacho-iacovino-on-the-future-of-internal-tools/&#34;&gt;Why the future of internal tools will lead to less coding from scratch for developers A guest post from Nacho Iacovino, developer advocate at Clerk, who recently chatted with us about the findings from our 2021 State of Internal Tools report and where he thinks internal tool development is going.&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210526-201526/ Wed, 26 May 2021 20:15:25 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210526-201526/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics-protasevich/detained-journalist-broke-his-own-rule-never-fly-over-belarus-says-friend-idUSKCN2D72IZ&#34;&gt;Detained journalist broke his own rule - Never fly over Belarus, says friend&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/disappear/fussy/20210526-201516/ Wed, 26 May 2021 20:15:16 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210526-201516/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://arstechnica.com/gadgets/2021/05/exploitable-security-bug-remains-in-ios-and-macos-3-weeks-after-upstream-fix/&#34;&gt;Exploitable security bug remains in iOS and macOS 3 weeks after upstream fix&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; WebKit bug that was fixed upstream has yet to find its way into Apple products.&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210526-181804/ Wed, 26 May 2021 18:18:03 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210526-181804/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132392_lamborghini-huracan-super-trofeo-evo2-gets-an-aggressive-makeover&#34;&gt;Lamborghini Huracan Super Trofeo Evo2 gets an aggressive makeover&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210526-181503/ Wed, 26 May 2021 18:15:02 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210526-181503/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-britain/uk-pms-ineptitude-led-to-tens-of-thousands-of-deaths-ex-aide-says-idUSKCN2D62VU&#34;&gt;UK PM&#39;s ineptitude led to tens of thousands of deaths, ex-aide says&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; British Prime Minister Boris Johnson&amp;#39;s inept handling of the COVID pandemic led to tens of thousands of unnecessary deaths, and officials even feared he would ask to be injected with the virus on television to show it was benign, his former chief adviser said on Wednesday.&lt;br&gt; https://www.whatsupup.com/blog/ewing/undiscernibly/20210526-181308/ Wed, 26 May 2021 18:13:07 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210526-181308/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://security.googleblog.com/2021/05/introducing-security-by-design.html&#34;&gt;Introducing Security By Design&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Posted by Jon Markoff and Sean Smith, Android Security and Privacy Team &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://security.googleblog.com/2021/05/introducing-security-by-design.html&#34;&gt;Read More&lt;/a&gt;&lt;br&gt; Posted by Jon Markoff and Sean Smith, Android Security and Privacy Team&lt;br&gt; Integrating security into your app development lifecycle can save a lot of time, money, and risk. That’s why we’ve launched &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://playacademy.exceedlms.com/student/path/63550-security-by-design&#34;&gt;Security by Design&lt;/a&gt; on &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://playacademy.exceedlms.com/student/catalog&#34;&gt;Google Play Academy&lt;/a&gt; to help developers identify, mitigate, and proactively protect against security threats.&lt;br&gt; The Android ecosystem, including Google Play, has many built-in security features that help protect developers and users. The course &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://g.co/playacademy/security?utm_source=google&amp;utm_medium=blog&amp;utm_campaign=Security&amp;utm_content=androidblog&#34;&gt;Introduction to app security best practices&lt;/a&gt; takes these protections one step further by helping you take advantage of additional security features to build into your app. For example, &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://developer.android.com/topic/security/data&#34;&gt;Jetpack Security&lt;/a&gt; helps developers properly encrypt their data at rest and provides only safe and well known algorithms for encrypting Files and SharedPreferences. The &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://developer.android.com/training/safetynet/attestation&#34;&gt;SafetyNet Attestation API&lt;/a&gt; is a solution to help identify potentially dangerous patterns in usage. There are several common design vulnerabilities that are important to look out for, including using shared or improper file storage, using insecure protocols, unprotected components such as Activities, and more. The course also provides methods to test your app in order to help you keep it safe after launch. Finally, you can set up a &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://developers.google.com/android/play-protect/starting-a-vdp&#34;&gt;Vulnerability Disclosure Program&lt;/a&gt; (VDP) to engage security researchers to help.&lt;br&gt; In the next course, you can learn how to integrate security at every stage of the development process by adopting the &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://playacademy.exceedlms.com/student/activity/69287-introduction-to-the-security-development-lifecycle&#34;&gt;Security Development Lifecycle&lt;/a&gt; (SDL). The SDL is an industry standard process and in this course you’ll learn the fundamentals of setting up a program, getting executive sponsorship and integration into your development lifecycle.&lt;br&gt; Threat modeling is part of the Security Development Lifecycle, and in this course you will learn to think like an attacker to identify, categorize, and address threats. By doing so early in the design phase of development, you can identify potential threats and start planning for how to mitigate them at a much lower cost and create a more secure product for your users.&lt;br&gt; Improving your app’s security is a never ending process. Sign up for the Security by Design &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://playacademy.exceedlms.com/student/path/63550-security-by-design&#34;&gt;module&lt;/a&gt; where in a few short courses, you will learn how to integrate security into your app development lifecycle, model potential threats, and app security best practices into your app, as well as avoid potential design pitfalls.&lt;br&gt; Labels: &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://security.googleblog.com/search/label/android&#34;&gt;android&lt;/a&gt; , &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://security.googleblog.com/search/label/android%20security&#34;&gt;android security&lt;/a&gt; , &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://security.googleblog.com/search/label/app%20security&#34;&gt;app security&lt;/a&gt; , &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://security.googleblog.com/search/label/encryption&#34;&gt;encryption&lt;/a&gt;&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://security.googleblog.com/search/label/encryption&#34;&gt;encryption&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/jigging/witherer/20210526-161621/ Wed, 26 May 2021 16:16:21 +0000 https://www.whatsupup.com/blog/jigging/witherer/20210526-161621/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://themarkup.org/citizen-browser/2021/01/19/facebook-said-it-would-stop-pushing-users-to-join-partisan-political-groups-it-didnt&#34;&gt;Citizen Browser Facebook Said It Would Stop Pushing Users to Join Partisan Political Groups. It Didn’t According to Citizen Browser data, the platform especially peppered Trump voters with political group recommendations January 19, 2021 08:00 ET&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210526-161600/ Wed, 26 May 2021 16:16:00 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210526-161600/ Several killed in rail yard shooting in San Jose, California, police say shooter is dead &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/idUSKCN2D7208&#34;&gt;VIEW MORE&lt;/a&gt;&lt;br&gt; Belarusian President Alexander Lukashenko said on Wednesday a journalist pulled off a plane that was forced to land in Minsk had been plotting a rebellion, and he accused the West of waging a hybrid war against him.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-syria-security-election/syrias-assad-votes-in-former-rebel-town-site-of-chemical-attack-idUSKCN2D70A1&#34;&gt;Syria&#39;s Assad votes in former rebel town, site of chemical attack&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210526-141821/ Wed, 26 May 2021 14:18:21 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210526-141821/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1131251_2022-genesis-g90-spy-shots&#34;&gt;2022 Genesis G90 spy shots: Redesigned flagship sedan in the works&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1122220_1-of-1-bugatti-la-voiture-noire-spotted-testing&#34;&gt;1-of-1 Bugatti La Voiture Noire spotted testing&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210526-141532/ Wed, 26 May 2021 14:15:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210526-141532/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-britain/uk-pm-johnson-considered-having-covid-injection-in-early-2020-ex-adviser-says-idUSKCN2D62VU&#34;&gt;UK PM Johnson considered having COVID injection in early 2020, ex-adviser says&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; LONDON (Reuters) -British Prime Minister Boris Johnson was disastrously slow to impose a lockdown in 2020 because he thought COVID-19 was a scare story and even considered getting injected with coronavirus on live television to show it was benign, his former chief adviser said.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics/belarus-leader-says-detained-journalist-was-plotting-bloody-rebellion-idUSKCN2D717U&#34;&gt;Belarus leader says detained journalist was plotting &amp;#39;bloody rebellion&amp;#39;&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/video/2021/05/26/getting-up-close-with-cicadas?videoId=730484187&amp;videoChannel=118169&#34;&gt;Getting up close with cicadas&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/video/2021/05/26/tasmanian-devils-born-on-australian-main?videoId=730483199&amp;videoChannel=118169&#34;&gt;Tasmanian Devils born on Australian mainland after 3,000 years&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210526-121840/ Wed, 26 May 2021 12:18:39 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210526-121840/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1129268_2022-mercedes-benz-amg-s63e-spy-shots-and-video&#34;&gt;2022 Mercedes-Benz AMG S63e spy shots and video: Plug-in hybrid super sedan on the way&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132387_rolls-royce-revives-coachbuilding-business&#34;&gt;Rolls-Royce revives coachbuilding business&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210526-121559/ Wed, 26 May 2021 12:15:59 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210526-121559/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-britain/uks-johnson-dismissed-covid-19-as-a-scare-story-ex-chief-adviser-says-idUSKCN2D62VU&#34;&gt;UK&#39;s Johnson dismissed COVID-19 as a &#39;scare story&#39;, ex-chief adviser says&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; LONDON (Reuters) -Prime Minister Boris Johnson and the British state failed to appreciate the deadly threat from the novel coronavirus as it raced across the world in early 2020 and were disastrously slow to impose a lockdown, his former adviser said on Wednesday.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics/defiant-belarus-leader-accuses-west-of-waging-hybrid-war-idUSKCN2D717U&#34;&gt;Defiant Belarus leader accuses West of waging &amp;#39;hybrid war&amp;#39;&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-palestinians-blinken-egypt/blinken-meets-egypts-sisi-as-u-s-seeks-to-secure-gaza-ceasefire-idUSKCN2D70WA&#34;&gt;Blinken meets Egypt&amp;#39;s Sisi as U.S. seeks to secure Gaza ceasefire&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210526-101703/ Wed, 26 May 2021 10:17:02 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210526-101703/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1130916_2022-hyundai-ioniq-5-price-specs-review-photos-info&#34;&gt;Preview: 2022 Hyundai Ioniq 5 electric crossover arrives with retro looks, handy tech&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210526-101419/ Wed, 26 May 2021 10:14:18 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210526-101419/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-usa-vote-charges/u-s-steps-up-pursuit-of-far-right-activists-in-2016-voter-suppression-probe-idUSKCN2D7125&#34;&gt;U.S. steps up pursuit of far-right activists in 2016 voter suppression probe&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; SAN FRANCISCO The indictment of a far-right internet activist on charges of interfering with the 2016 U.S. election reflects a strategic shift by the Department of Justice and sets the stage for new cases against more prominent right-wing actors, according to people familiar with the matter.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/whatsapp-india-lawsuit-exclusive/whatsapp-sues-indian-government-over-new-privacy-rules-sources-idUSKCN2D707P&#34;&gt;WhatsApp sues Indian government over new privacy rules - sources&lt;/a&gt;&lt;br&gt; &lt;hr&gt; WhatsApp has filed a lawsuit in Delhi against the Indian government seeking to block regulations coming into force on Wednesday that experts say would compel Facebook&amp;#39;s messaging app to break privacy protections, sources said. | &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/video/2021/05/26/whatsapp-sues-indias-government?videoId=730473852&amp;newsChannel=&#34;&gt;Video&lt;/a&gt;&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-britain/uks-johnson-failed-disastrously-in-covid-19-crisis-ex-chief-adviser-says-idUSKCN2D62VU&#34;&gt;UK&amp;#39;s Johnson failed &amp;#39;disastrously&amp;#39; in COVID-19 crisis, ex-chief adviser says&lt;/a&gt;&lt;br&gt; &lt;hr&gt; LONDON (Reuters) -British Prime Minister Boris Johnson&amp;#39;s former chief adviser said his ex-boss failed in the COVID-19 crisis and ministers fell &amp;#34;disastrously short&amp;#34; of the standards the public had a right to expect during the most devastating global pandemic in decades.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-palestinians-blinken-egypt/blinken-visits-cairo-as-u-s-seeks-to-secure-gaza-ceasefire-idUSKCN2D70WA&#34;&gt;Blinken visits Cairo as U.S. seeks to secure Gaza ceasefire&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics-lukashenko/belarus-leader-accuses-west-of-using-plane-incident-to-try-to-undermine-him-idUSKCN2D70UX&#34;&gt;Belarus leader accuses West of using plane incident to try to undermine him&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/kickback/overgeneralization/20210526-100708/ Wed, 26 May 2021 10:07:08 +0000 https://www.whatsupup.com/blog/kickback/overgeneralization/20210526-100708/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://retool.com/blog/join-the-retool-developer-community/&#34;&gt;[Launch] Join the Retool developer community! The Retool community is the best place to get help, share what you&#39;re building, and level up your Retool skills.&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210526-081742/ Wed, 26 May 2021 08:17:42 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210526-081742/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1125565_2023-mercedes-benz-amg-c63-wagon-spy-shots&#34;&gt;2023 Mercedes-Benz AMG C63 Wagon spy shots: More power, fewer cylinders&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210526-081504/ Wed, 26 May 2021 08:15:03 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210526-081504/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/uk-whatsapp-india-lawsuit-exclusive/exclusive-whatsapp-sues-india-govt-says-new-rules-mean-end-to-privacy-sources-idUSKCN2D707P&#34;&gt;Exclusive: WhatsApp sues India govt, says new rules mean end to privacy - sources&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; WhatsApp has filed a lawsuit in Delhi against the Indian government seeking to block regulations coming into force on Wednesday that experts say would compel the California-based Facebook unit to break privacy protections, sources said.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/whatsapp-india-lawsuit/exclusive-whatsapp-sues-india-govt-says-new-media-rules-mean-end-to-privacy-sources-idUSL2N2NC366&#34;&gt;EXCLUSIVE-WhatsApp sues India govt, says new media rules mean end to privacy -sources&lt;/a&gt;&lt;br&gt; &lt;hr&gt; * Delhi suit argues rule violates constitutional privacy protection -sources&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-congo-security-ambassador-insight/a-botched-ransom-attempt-ambassadors-death-in-congo-may-not-be-what-it-seemed-idUSKCN2D70LC&#34;&gt;A botched ransom attempt? Ambassador&amp;#39;s death in Congo may not be what it seemed&lt;/a&gt;&lt;br&gt; &lt;hr&gt; At around 10:00 a.m. on Feb. 22, seven men, some armed, stepped onto a road in eastern Congo and forced two cars belonging to the United Nations World Food Programme to stop.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-russia-politics-navalny/jailed-kremlin-critic-alexei-navalny-appears-in-court-via-video-link-idUSKCN2D70O2&#34;&gt;Jailed Kremlin critic Alexei Navalny appears in court via video link&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-britain/uks-covid-disaster-to-be-laid-bare-by-pm-johnsons-ex-chief-adviser-idUSKCN2D62VU&#34;&gt;UK&amp;#39;s COVID &amp;#39;disaster&amp;#39; to be laid bare by PM Johnson&amp;#39;s ex-chief adviser&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210526-061732/ Wed, 26 May 2021 06:17:31 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210526-061732/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-asia-storm-india/powerful-cyclone-yaas-hits-land-in-eastern-india-idUSKCN2D70E8&#34;&gt;Powerful cyclone Yaas hits land in eastern India&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-syria-security-election/syrians-go-to-the-polls-in-election-that-assad-is-set-to-win-idUSKCN2D70A1&#34;&gt;Syrians go to the polls in election that Assad is set to win&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/playacted/rededication/20210526-041711/ Wed, 26 May 2021 04:17:11 +0000 https://www.whatsupup.com/blog/playacted/rededication/20210526-041711/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.nytimes.com/2021/05/25/technology/whatsapp-india-lawsuit.html&#34;&gt;WhatsApp Sues India’s Government to Stop New Internet Rules The rules, which would require WhatsApp to make people’s messages traceable, would violate people’s privacy, the messaging service said. By Mike Isaac&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210526-041527/ Wed, 26 May 2021 04:15:26 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210526-041527/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-whatsapp-india-lawsuit-exclusive/exclusive-whatsapp-sues-india-government-says-new-media-rules-mean-end-to-privacy-sources-idUSKCN2D707T&#34;&gt;Exclusive: WhatsApp sues India government, says new media rules mean end to privacy - sources&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; WhatsApp has filed a legal complaint in Delhi against the Indian government seeking to block regulations coming into force on Wednesday that experts say would compel the California-based Facebook unit to break privacy protections, sources said.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-myanmar-politics/myanmar-cardinal-appeals-for-fighting-to-end-after-fatal-church-attack-idUSKCN2D7098&#34;&gt;Myanmar cardinal appeals for fighting to end after fatal church attack&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210526-001950/ Wed, 26 May 2021 00:19:50 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210526-001950/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132380_2022-bmw-m4-competition-convertible-price-specs-review-photos-info&#34;&gt;Preview: 2022 BMW M4 Convertible arrives with 503 hp, AWD&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210526-001655/ Wed, 26 May 2021 00:16:54 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210526-001655/ (Corrects name of woman detained to Sapega instead of Sagega, paragraphs 17,20 and 22)&lt;br&gt; https://www.whatsupup.com/blog/disappear/fussy/20210525-221539/ Tue, 25 May 2021 22:15:38 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210525-221539/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/&#34;&gt;Vulnerability in VMware product has severity rating of 9.8 out of 10&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Remote code execution flaw in vCenter Server poses &amp;#34;serious&amp;#34; risk to data centers.&lt;br&gt; https://www.whatsupup.com/blog/augur/cussed/20210525-220742/ Tue, 25 May 2021 22:07:41 +0000 https://www.whatsupup.com/blog/augur/cussed/20210525-220742/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.discord.com/how-trust-safety-addresses-violent-extremism-on-discord-c15613dae03a?source=collection_home---4------0-----------------------&#34;&gt;How Trust &amp;amp; Safety Addresses Violent Extremism on Discord&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.discord.com/how-trust-safety-addresses-violent-extremism-on-discord-c15613dae03a?source=collection_home---4------0-----------------------&#34;&gt;How Trust &amp;amp; Safety Addresses Violent Extremism on Discord We dive into our history with violent extremists on the platform and how our response has improved since the 2017 Charlottesville incident.&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.discord.com/welcome-to-policy-at-discord-e3f189139023?source=collection_home---4------0-----------------------&#34;&gt;Welcome to Policy at Discord!&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.discord.com/welcome-to-policy-at-discord-e3f189139023?source=collection_home---4------0-----------------------&#34;&gt;Welcome to Policy at Discord! We’ll be sharing more regularly what our Policy team is working on, listen to the feedback you may have, and improve our approach to…&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210525-201540/ Tue, 25 May 2021 20:15:40 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210525-201540/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics-media-insight/death-threats-and-arrests-belarus-opposition-media-struggles-at-home-and-abroad-idUSKCN2D62MB&#34;&gt;Death threats and arrests: Belarus opposition media struggles at home and abroad&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/sited/implore/20210525-201502/ Tue, 25 May 2021 20:15:01 +0000 https://www.whatsupup.com/blog/sited/implore/20210525-201502/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://myaccount.nytimes.com/auth/login?response_type=cookie&amp;client_id=vi&#34;&gt;Log In&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210525-181846/ Tue, 25 May 2021 18:18:45 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210525-181846/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132355_musk-claims-new-tesla-roadster-will-do-0-60-mph-in-1-1s-with-spacex-rocket-option&#34;&gt;Musk claims new Tesla Roadster will do 0-60 mph in 1.1s with SpaceX rocket option&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210525-181548/ Tue, 25 May 2021 18:15:48 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210525-181548/ &lt;p&gt;Reports of gunshots at intersection where George Floyd died, at least one wounded with non-life-threatening injury, police say &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/idUSKCN2D624S&#34;&gt;VIEW MORE&lt;/a&gt;&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics/airlines-re-route-to-avoid-belarus-opposition-says-journalist-beaten-idUSKCN2D617K&#34;&gt;Airlines re-route to avoid Belarus, opposition says journalist beaten&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics-mother-interview/mother-of-detained-belarus-bloggers-girlfriend-hopes-for-a-miracle-idUSKCN2D62CH&#34;&gt;Mother of detained Belarus blogger&amp;#39;s girlfriend hopes for a miracle&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-palestinians-usa-blinken/blinken-announces-u-s-aid-to-gaza-pledges-to-reopen-jerusalem-consulate-idUSKCN2D60CS&#34;&gt;Blinken announces U.S. aid to Gaza, pledges to reopen Jerusalem consulate&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/sited/implore/20210525-181529/ Tue, 25 May 2021 18:15:28 +0000 https://www.whatsupup.com/blog/sited/implore/20210525-181529/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.nytimes.com/2021/05/25/business/amazon-dc-lawsuit.html&#34;&gt;D.C. Accuses Amazon of Controlling Online Prices The District of Columbia said in a lawsuit that Amazon had stopped merchants that use its platform from charging lower prices for the same products elsewhere online. By David McCabe, Karen Weise and Cecilia Kang&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/ideo/fleury/20210525-180534/ Tue, 25 May 2021 18:05:33 +0000 https://www.whatsupup.com/blog/ideo/fleury/20210525-180534/ Last week, someone began posting classified notices on LinkedIn for different design consulting jobs at &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.geosyntec.com/&#34;&gt;Geosyntec Consultants&lt;/a&gt; , an environmental engineering firm based in the Washington, D.C. area. Those who responded were told their application for employment was being reviewed and that they should email &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.linkedin.com/in/troygwin&#34;&gt;Troy Gwin&lt;/a&gt; — Geosyntec’s senior recruiter — immediately to arrange a screening interview.&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210525-162101/ Tue, 25 May 2021 16:21:00 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210525-162101/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132372_preview-2022-bentley-bentayga-s-sharpens-v-8s-focus&#34;&gt;Preview: 2022 Bentley Bentayga S sharpens V-8&#39;s focus&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210525-161810/ Tue, 25 May 2021 16:18:10 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210525-161810/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics/airlines-re-route-to-avoid-belarus-opposition-says-journalist-tortured-idUSKCN2D617K&#34;&gt;Airlines re-route to avoid Belarus, opposition says journalist tortured&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; KYIV/VILNIUS (Reuters) -Airlines re-routed flights to avoid Belarus&amp;#39;s airspace on Tuesday and Belarusian planes faced a possible ban from Europe, as international outrage mounted over Minsk forcing down a jetliner and arresting a dissident journalist on board.&lt;br&gt; https://www.whatsupup.com/blog/ewing/undiscernibly/20210525-161600/ Tue, 25 May 2021 16:16:00 +0000 https://www.whatsupup.com/blog/ewing/undiscernibly/20210525-161600/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://security.googleblog.com/2021/05/introducing-half-double-new-hammering.html&#34;&gt;Introducing Half-Double: New hammering technique for DRAM Rowhammer bug&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Research Team: Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu &amp;amp; Mattias Nissler Today, we are sharing details around our discovery of &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://github.com/google/hammer-kit/blob/main/20210525_half_double.pdf&#34;&gt;Half-Double&lt;/a&gt; , a new Rowhammer technique that capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory. &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://security.googleblog.com/2021/05/introducing-half-double-new-hammering.html&#34;&gt;Read More&lt;/a&gt;&lt;br&gt; Research Team: Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu &amp;amp; Mattias Nissler Today, we are sharing details around our discovery of &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://github.com/google/hammer-kit/blob/main/20210525_half_double.pdf&#34;&gt;Half-Double&lt;/a&gt; , a new Rowhammer technique that capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory. Rowhammer is a DRAM vulnerability whereby repeated accesses to one address can tamper with the data stored at other addresses. Much like speculative execution vulnerabilities in CPUs, Rowhammer is a breach of the security guarantees made by the underlying hardware. As an electrical coupling phenomenon within the silicon itself, Rowhammer allows the potential bypass of hardware and software memory protection policies. This can allow untrusted code to break out of its sandbox and take full control of the system. Rowhammer was first discussed in a &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://users.ece.cmu.edu/~yoonguk/papers/kim-isca14.pdf&#34;&gt;paper&lt;/a&gt; in 2014 for what was then the mainstream generation of DRAM: DDR3. The following year, Google’s Project Zero released a working privilege-escalation &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html&#34;&gt;exploit&lt;/a&gt; . In response, DRAM manufacturers implemented proprietary logic inside their chips that attempted to track frequently accessed addresses and reactively mitigate when necessary. As DDR4 became widely adopted, it appeared as though Rowhammer had faded away thanks in part to these built-in defense mechanisms. However, in 2020, the &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.vusec.net/projects/trrespass/&#34;&gt;TRRespass&lt;/a&gt; paper showed how to reverse-engineer and neutralize the defense by distributing accesses, demonstrating that Rowhammer techniques are still viable. Earlier this year, the &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.vusec.net/projects/smash/&#34;&gt;SMASH&lt;/a&gt; research went one step further and demonstrated exploitation from JavaScript, without invoking cache-management primitives or system calls. Traditionally, Rowhammer was understood to operate at a distance of one row: when a DRAM row is accessed repeatedly (the “aggressor”), bit flips were found only in the two adjacent rows (the “victims”). However, with Half-Double, we have observed Rowhammer effects propagating to rows beyond adjacent neighbors, albeit at a reduced strength. Given three consecutive rows A, B, and C, we were able to attack C by directing a very large number of accesses to A, along with just a handful (~dozens) to B. Based on our experiments, accesses to B have a non-linear gating effect, in which they appear to “transport” the Rowhammer effect of A onto C. Unlike TRRespass, which exploits the blind spots of manufacturer-dependent defenses, Half-Double is an intrinsic property of the underlying silicon substrate. This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down. Distances greater than two are conceivable.&lt;br&gt; Google has been working with &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.jedec.org/&#34;&gt;JEDEC&lt;/a&gt; , an independent semiconductor engineering trade organization, along with other industry partners, in search of possible solutions for the Rowhammer phenomenon. JEDEC has published two documents about DRAM and system-level mitigation techniques (JEP &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.jedec.org/standards-documents/docs/jep300-1&#34;&gt;300-1&lt;/a&gt; and JEP &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.jedec.org/standards-documents/docs/jep301-1&#34;&gt;301-1&lt;/a&gt; ). We are disclosing this work because we believe that it significantly advances the understanding of the Rowhammer phenomenon, and that it will help both researchers and industry partners to work together, to develop lasting solutions. The challenge is substantial and the ramifications are industry-wide. We encourage all stakeholders (server, client, mobile, automotive, IoT) to join the effort to develop a practical and effective solution that benefits all of our users.&lt;br&gt; Labels: &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://security.googleblog.com/search/label/Rowhammer&#34;&gt;Rowhammer&lt;/a&gt; , &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://security.googleblog.com/search/label/Security&#34;&gt;Security&lt;/a&gt;&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://security.googleblog.com/search/label/Rowhammer&#34;&gt;Rowhammer&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210525-141919/ Tue, 25 May 2021 14:19:19 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210525-141919/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1131558_uber-rare-ford-gt-mk-ii-sells-for-1-87m-at-auction&#34;&gt;Uber-rare Ford GT Mk II sold for $1.87M at auction&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1131353_2022-mercedes-benz-c-class-price-specs-review-photos-info&#34;&gt;Preview: 2022 Mercedes-Benz C-Class arrives with mild-hybrid turbo-4, simplified trim levels&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132130_superb-1930-duesenberg-model-sj-rollston-convertible-sells-for-almost-3m&#34;&gt;Superb 1930 Duesenberg Model SJ Rollston Convertible sold for almost $3M&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210525-141636/ Tue, 25 May 2021 14:16:35 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210525-141636/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics/airlines-start-shunning-belarus-opposition-leader-says-journalist-tortured-idUSKCN2D617K&#34;&gt;Airlines start shunning Belarus, opposition leader says journalist tortured&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; KYIV/VILNIUS (Reuters) -Airlines shunned Belarus&amp;#39;s airspace on Tuesday and Belarusian planes faced a possible ban from Europe as international outrage mounted over Minsk forcing down a jetliner and arresting a dissident journalist who was on board.&lt;br&gt; https://www.whatsupup.com/blog/disappear/fussy/20210525-141557/ Tue, 25 May 2021 14:15:56 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210525-141557/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://arstechnica.com/gadgets/2021/05/hackers-exploit-a-macos-0day-that-allows-them-to-screenshot-infected-macs/&#34;&gt;Actively exploited macOS 0-day let hackers take screenshots of infected Macs&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210525-121835/ Tue, 25 May 2021 12:18:34 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210525-121835/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132357_review-update-the-2021-porsche-911-turbo-s-cabriolet-swipes-right-on-summer&#34;&gt;Review update: The 2021 Porsche 911 Turbo S Cabriolet swipes right on summer&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/disappear/fussy/20210525-121538/ Tue, 25 May 2021 12:15:37 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210525-121538/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://arstechnica.com/gadgets/2021/05/disk-wiping-malware-with-irananian-fingerprints-is-striking-israeli-targets/&#34;&gt;It’s ransomware, or maybe a disk wiper, and it’s striking targets in Israel&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Dubbed Apostle, never-before-seen wiper masquerades as ransomware.&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210525-121535/ Tue, 25 May 2021 12:15:34 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210525-121535/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics/airlines-shun-belarus-opposition-leader-says-journalist-tortured-idUSKCN2D617K&#34;&gt;Airlines shun Belarus, opposition leader says journalist tortured&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Airlines shunned Belarus&amp;#39;s air space on Tuesday and Belarusian planes could soon be banned from Europe, potentially isolating the land-locked country apart from its border with Russia after it forced down a jetliner and arrested a dissident journalist.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-palestinians-usa-blinken/blinken-pledges-u-s-support-to-rebuild-gaza-prevent-return-to-war-idUSKCN2D60CS&#34;&gt;Blinken pledges U.S. support to rebuild Gaza, prevent return to war&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210525-101759/ Tue, 25 May 2021 10:17:59 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210525-101759/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132309_jay-leno-meets-a-16-year-old-who-daily-drives-a-1965-mustang&#34;&gt;Jay Leno meets a 16-year-old who daily drives a 1965 Mustang&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/gonadal/revving/20210525-101650/ Tue, 25 May 2021 10:16:50 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210525-101650/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://byorgey.wordpress.com/2013/04/25/random-binary-trees-with-a-size-limited-critical-boltzmann-sampler-2/&#34;&gt;Random binary trees with a size-limited critical Boltzmann sampler&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210525-101514/ Tue, 25 May 2021 10:15:14 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210525-101514/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-palestinians-usa-blinken/blinken-vows-u-s-support-to-rebuild-gaza-prevent-return-to-war-idUSKCN2D60CS&#34;&gt;Blinken vows U.S. support to rebuild Gaza, prevent return to war&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; U.S. Secretary of State Antony Blinken pledged on a Middle East mission on Tuesday that Washington would rally support to rebuild Gaza as part of efforts to bolster a ceasefire between its Hamas Islamist rulers and Israel.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-usa-race-georgefloyd/a-year-since-george-floyds-murder-americans-reflect-on-his-legacy-idUSKCN2D612Q&#34;&gt;A year since George Floyd&amp;#39;s murder, Americans reflect on his legacy&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics-kremlin/kremlin-dismisses-notion-of-alleged-russian-involvement-in-belarus-plane-incident-idUSKCN2D610Y&#34;&gt;Kremlin dismisses notion of alleged Russian involvement in Belarus plane incident&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/gonadal/revving/20210525-061811/ Tue, 25 May 2021 06:18:10 +0000 https://www.whatsupup.com/blog/gonadal/revving/20210525-061811/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://byorgey.wordpress.com&#34;&gt;Follow&lt;/a&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://byorgey.wordpress.com&#34;&gt;Following&lt;/a&gt;&lt;br&gt; Already have a WordPress.com account? &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://byorgey.wordpress.com&#34;&gt;Log in now.&lt;/a&gt;&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://byorgey.wordpress.com/wp-admin/customize.php?url=https%3A%2F%2Fbyorgey.wordpress.com%2F&#34;&gt;Customize&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://wordpress.com/start/&#34;&gt;Sign up&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;http://en.wordpress.com/abuse/&#34;&gt;Report this content&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://subscribe.wordpress.com/&#34;&gt;Manage subscriptions&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://byorgey.wordpress.com&#34;&gt;Collapse this bar&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210525-061637/ Tue, 25 May 2021 06:16:36 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210525-061637/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-israel-palestinians-usa-blinken/blinken-begins-middle-east-mission-to-bolster-gaza-ceasefire-idUSKCN2D60CS&#34;&gt;Blinken begins Middle East mission to bolster Gaza ceasefire&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; U.S. Secretary of State Antony Blinken began a Middle East visit in Israel on Tuesday, hoping to bolster its ceasefire with Gaza&amp;#39;s ruling Hamas militants and help speed humanitarian aid to the devastated Palestinian enclave.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-china-politics-anniversary/chinese-visit-red-sites-ahead-of-100th-communist-party-anniversary-idUSKCN2D60IL&#34;&gt;Chinese visit &amp;#39;red&amp;#39; sites ahead of 100th Communist Party anniversary&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210525-041652/ Tue, 25 May 2021 04:16:51 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210525-041652/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-health-coronavirus-australia/masks-social-restrictions-return-to-australias-melbourne-after-fresh-outbreak-idUSKCN2D6025&#34;&gt;Masks, social restrictions return to Australia&#39;s Melbourne after fresh outbreak&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-colombia-protests/colombia-government-strike-committee-reach-pre-agreement-in-protest-talks-idUSKCN2D51M6&#34;&gt;Colombia government, strike committee reach &amp;#39;pre-agreement&amp;#39; in protest talks&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210525-022320/ Tue, 25 May 2021 02:23:20 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210525-022320/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1129766_2022-genesis-gv70-price-specs-review-photos-info&#34;&gt;Preview: 2022 Genesis GV70 looks to add sporty flair to GV80’s looks and luxury for $42,045&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132360_1970-plymouth-cuda-440-6-heads-to-auction&#34;&gt;1970 Plymouth &amp;#39;Cuda 440-6 heads to auction&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1132361_audi-to-test-the-waters-with-ev-charging-station-you-can-book-in-advance&#34;&gt;Audi to test the waters with EV charging station you can book in advance&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/disappear/fussy/20210525-022042/ Tue, 25 May 2021 02:20:42 +0000 https://www.whatsupup.com/blog/disappear/fussy/20210525-022042/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://arstechnica.com/gadgets/2021/05/hackers-exploit-a-macos-0day-that-allows-them-to-screenshot-infected-macs/&#34;&gt;Actively exploited macOS 0day let hackers take screenshots of infected Macs&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Apple patches vulnerability that malware used to bypass macOS privacy protections.&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210525-022038/ Tue, 25 May 2021 02:20:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210525-022038/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics/belarus-faces-new-sanctions-over-jetliner-state-piracy-arrest-of-journalist-idUSKCN2D50QW&#34;&gt;Belarus faces new sanctions over jetliner &#39;state piracy,&#39; arrest of journalist&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; BRUSSELS/KYIV (Reuters) -Western powers prepared to pile sanctions on Belarus and cut off its aviation links on Monday, furious after it scrambled a warplane to intercept a Ryanair aircraft and arrest a dissident journalist, an act one official denounced as &amp;#39;state piracy&amp;#39;.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-protests-father-interview/this-is-total-insanity-says-father-of-detained-belarusian-journalist-idUSKCN2D528G&#34;&gt;&amp;#39;This is total insanity,&amp;#39; says father of detained Belarusian journalist&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-mali-politics/military-detain-malis-president-prime-minister-and-defence-minister-idUSKCN2D51ZD&#34;&gt;Military detain Mali&amp;#39;s president, prime minister and defence minister&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/phonic/shopboy/20210525-021527/ Tue, 25 May 2021 02:15:26 +0000 https://www.whatsupup.com/blog/phonic/shopboy/20210525-021527/ Due to unforeseen circumstances, we will not have our One On One show tonight &amp;ndash; we&#39;ll see you all soon! &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://t.co/Laslcp07qH&#34;&gt;&lt;a href=&#34;https://t.co/Laslcp07qH&#34;&gt;https://t.co/Laslcp07qH&lt;/a&gt;&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210524-142017/ Mon, 24 May 2021 14:20:17 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210524-142017/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1078735_briggs-cunningham-corvette-that-raced-at-le-mans-sells-for-785-500&#34;&gt;Briggs Cunningham Corvette that raced at Le Mans sells for $785,500&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210524-141746/ Mon, 24 May 2021 14:17:45 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210524-141746/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics/europeans-threaten-to-restrict-air-traffic-over-belarus-after-state-piracy-idUSKCN2D50QW&#34;&gt;Europeans threaten to restrict air traffic over Belarus after &amp;quot;state piracy&amp;quot;&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; KYIV/VILNIUS (Reuters) -European leaders threatened on Monday to limit international air traffic over Belarus and possibly restrict its ground transport, after a Ryanair passenger plane was forced to land in an incident denounced by Western countries as &amp;#34;state piracy&amp;#34;.&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210524-121803/ Mon, 24 May 2021 12:18:03 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210524-121803/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.motorauthority.com/news/1115876_2023-bmw-x8-spy-shots&#34;&gt;2023 BMW X8 spy shots: Flagship crossover in the works&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/buckeroo/doubling/20210524-121615/ Mon, 24 May 2021 12:16:15 +0000 https://www.whatsupup.com/blog/buckeroo/doubling/20210524-121615/ May 24, 2021 &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://drewdevault.com/2021/05/24/io_uring-finger-server.html&#34;&gt;Using io_uring to make a high-performance&amp;hellip; finger server&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/twopenny/ultraism/20210524-121538/ Mon, 24 May 2021 12:15:37 +0000 https://www.whatsupup.com/blog/twopenny/ultraism/20210524-121538/ &lt;p&gt;&lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-belarus-politics/europeans-threaten-to-limit-belarus-air-traffic-after-state-piracy-idUSKCN2D50QW&#34;&gt;Europeans threaten to limit Belarus air traffic after &#39;state piracy&#39;&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; European leaders threatened to limit international air traffic over Belarus and possibly target its ground transport as well, after a Ryanair plane was forced to land in an incident denounced by Western countries as &amp;#34;state piracy&amp;#34;.&lt;br&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-scotland-usa-trump-exclusive/exclusive-court-action-seeks-probe-of-trumps-scottish-golf-course-buys-idUSKCN2D50VZ&#34;&gt;Exclusive: Court action seeks probe of Trump’s Scottish golf course buys&lt;/a&gt;&lt;br&gt; &lt;hr&gt; &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.reuters.com/article/us-iran-nuclear-iaea/iran-and-iaea-extend-monitoring-deal-averting-crisis-in-nuclear-talks-idUSKCN2D50T7&#34;&gt;Iran and IAEA extend monitoring deal, averting crisis in nuclear talks&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/overinsuring/enzyme/20210524-121407/ Mon, 24 May 2021 12:14:07 +0000 https://www.whatsupup.com/blog/overinsuring/enzyme/20210524-121407/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://blog.cryptographyengineering.com/2012/02/02/multiple-encryption/&#34;&gt;Multiple encryption&lt;/a&gt;&lt;br&gt; https://www.whatsupup.com/blog/veld/paternal/20210524-121329/ Mon, 24 May 2021 12:13:28 +0000 https://www.whatsupup.com/blog/veld/paternal/20210524-121329/ &lt;a rel=&#34;noreferrer&#34; target=&#34;_blank&#34; href=&#34;https://www.raspberrypi.org/blog/announcing-the-raspberry-pi-poe-hat/&#34;&gt;Announcing the Raspberry Pi PoE+ HAT&lt;/a&gt;&lt;br&gt;&lt;/p&gt; &lt;hr&gt; Power (over Ethernet) to the people&lt;br&gt; https://www.whatsupup.com/blog/tragicomedy/shampooed/20210524-101700/ Mon, 24 May 2021 10:16:53 +0000 https://www.whatsupup.com/blog/tragicomedy/shampooed/20210524-101700/ <