~8yrs ago (Dec’12) I got a job @Google. Those were still early days of cloud. I joined GCP @<150M ARR & left @~4B (excld GSuite). Learned from some of the smartest ppl in tech. But we also got a LOT wrong that took yrs to fix. Much of it now public, but here’s my ring-side view👇

By 2008, Google had everything going for it w.r.t. Cloud and we should’ve been the market leaders, but we were either too early to market or too late. What did we do wrong? (1) bad timing (2) worse productization & (3) worst GTM.

We were 1st to “containers” (lxc) & container management (Borg) - since '03/04. But Docker took LXC, added cluster management, & launched 1st. Mesosphere launched DCOS. A lot of chairs were thrown around re: google losing this early battle, though K8 won the war, eventually 👏

We were 1st to “serverless” (AppEngine). GAE was our beachhead -- it was the biggest revenue source early on but the world wasn’t ready for serverless primitives. We also didn’t build auxiliary products fast enough. Clients that outgrew GAE wanted “building block” IaaS offerings.

1st to hadoop (map-reduce ‘04) but our hosted Hadoop launched in ‘15. AWS EMR was ~200M ARR by then. 1st to cloud storage (GFS ’03), but didn’t offer a filestore till ‘18! Customers were asking for it since 2014. Didn’t launch archival storage or direct interconnect till v. late.

Wanna disable Defender when enabled Isolated Core and Tamper protection?

Its a bit more trouble- but doable, without ruining Isolated Core/Secureboot etc.

Defenders process will run as a unkillable protected service- so new tricks needed.

Here we go:

Ok- tamper protection is easy, just make .bat - run as adm:
:again
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter\Instances\WdFilter Instance" /v altitude /t REG_SZ /d -1 /f
goto again

Then unload minifilter with process hacker:

The registry key will be changed while the minifilter do not protect it, when tamper protection makes the driver load again it cannot attach to volumes nor protect registry keys.

Removing it will make it recreate, but invalid altitude do the trick

Notice now the service is: Protected light(antimalware)
Now we cant do anything to the service/process- not even see its open handles.

Lets start by elevating to SYSTEM- just launch a command prompt, then close process hacker- and run it again from the command prompt.
Now process hacker runs as SYSTEM

Only 1 / 67 antivirus engines list SUNBURST backdoor as malicious - SolarWinds.Orion.Core.BusinessLayer.dll https://t.co/taaiUtSJzR #SUNBURST #UNC2452

SolarWinds' digital certificate hasn't been revoked yet.

The full compromised package is still being hosted online as well 😓 hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2019.4/2019.4.5220.20574/SolarWinds-Core-v2019.4.5220-Hotfix5.msp

Job class within the backdoored #Sunburst DLL is pretty straight forward and aligns with @FireEye's analysis. CollectSystemDescription:

DeleteFile

50 free tools and resources you're gonna love!

🧵

1. UI Garage
Daily UI inspiration & patterns for designers, developers to find inspiration, tools and the best resources for your project.

Link:

2. Remove bg
Remove Image Background: 100% automatically – in 5 seconds – without a single click – for free.

Link:

3. uiGradients
A handpicked collection of beautiful color gradients for designers and developers.

Link:

4. Blender
Free and Open 3D Creation Software.

Link:

In my quest to write a fast IPv4+6 parser, I have written a slow-but-I-think-correct parser, to use as a base of comparison.

In doing so, I have discovered more cursed IP address representations that I was previously unaware of.

A thread!

We start out simple, with IPv4 and IPv6 in what I'll call their "canonical form":

192.168.0.1
1:2:3:4:5:6:7:8

Various specs call these "dotted quad", dot-separated fields each representing 1 byte; and "colon-hex", colon-separated fields each representing 2 bytes.

The first bits of complexity come from IPv6. In canonical form, common addresses would end up with long runs of zeros in the middle. So, "::" allows you to elide 1 or more 16-bit blocks of zeros:

1:2::3:4 means 1:2:0:0:0:0:3:4

Next up, for cursed historical reasons, IPv6 permits you to write the final 32 bits of the address in dotted quad form. Effectively, you can splat an IPv4 address onto the end of IPv6 addresses!

1:2:3:4:5:6:77.77.88.88 means 1:2:3:4:5:6:7777:8888

And of course, you can combine the two!

fe80::1.2.3.4 means fe80:0:0:0:0:0:102:304

➡️Found IP address in the Dominion Server,kidnapped in Frankfurt,2020 US elections manipulating actors:
👉Belgrade,Serbia(OSF/Soros)
👉Iran(Edison/BMA)
👉HSBC Bank,Canada(Eric Coomer)
👉DVSCORP(UNICOM China)
👉CTCL(Mark Zuckemberg)
👉Indivisible .org(ACORN,OBAMA Political Group)

1)➡️ Belgrade, Serbia(OSF/Soros)
Esiste un collegamento diretto con Belgrado, in Serbia, e ci sono, o c'erano, numerosi dipendenti Dominion in Serbia. Sempre in Serbia esiste la Open Society Foundation, proprieta' di Soros, che appartiene ad una delle 1/2

5 Fondazioni nell'europa dell'est, facenti capo alla sede madre a Barcellona (stessa citta' della Syct) la sede di Bruxelles per l'advocacy, e le sedi di londra e Berlino per i temi globali. La sede di New York coordina il tutto. 2/2

2)➡️ Dal 2004, in qualità di unico fornitore di dati sui sondaggi del giorno delle elezioni per il National Election Pool, 👉Edison Research ha condotto sondaggi di uscita per proiettare e analizzare i risultati di ogni principale elezione presidenziale US. Edison 1/4

Research fornisce sondaggi di uscita e tabula il voto nazionale in ogni contea degli Stati Uniti per ABC News, CBS News, CNN e NBC News.
I clienti di Edison Research includono Activision,Amazon,AMC Theatres, Apple,Disney,Dolby Laboratories, Facebook,Google,Oracle,The US 2/4

Another long thread. Bear with me till the end please. These are my views, and not necessarily of those associated with me. Though those associated with me have been incredibly supportive. I thank everyone who messaged me. I thank @databoydg for inspiring me to say this next. 1/n

First, @databoydg: I hope this makes justice to what you've tried to teach me. I'm sorry if I'm a slow student. In this second part of the story, I'm a privileged academic having a drink in Montreal after a #neurips conference with @sindero 2/n

Simon says to me: I feel we need to do something about this (stark lack of minority representation in ML). We agree we'll do something about it, but it feels like we're at the bottom of Everest and have to climb it without any gear 3/n

Time goes by and with the creation of the @turinginst I suggest in the first meeting that we should use it as a public platform to improve the numbers of Black people in UK universities. I encounter a lot of resistance (to be honest, it felt aggressive) and defensiveness 4/n

I was told that was an Oxford and Cambridge problem only by another academic. I felt silenced. Ironically, by both men and women. 5/n

If you're looking at GA EV data and thinking maybe the reason D turnout looks strong relative to 11/3 is because after 2 months of Trump/GOP officials trashing mail-in ballots GOP voters are ditching it for E-Day instead...

Boy do I have some mindblowing statistics for you...

I compared the current mail-in voting tallies for each Congressional District against November mail-in votes for those districts.

The statewide figure currently sits at 62%. Guess which district leads the state?

You guessed it!

GA-14 at 69%. Marjorie Taylor Greene's district.

#2 is GA-8 at 68%.

Jody Hice of "I'm joining Marjorie Taylor Greene in her effort to throw out the Electoral College vote" fame.

GA-9 (Doug Collins) is above the state average at 64%.

IF Republicans were ditching absentee balloting en masse to vote on Election Day, you'd expect to see it by now. But the early *in-person* voting totals are what's actually lagging, not mail-in voting.

Pardon the sloppy spreadsheet, but those last 4 columns are what I'm looking at. The last one in particular.

If you're interested in DB internals, stop what you're doing and watch @CMUDB Quarantine Talk from Nico+Cesar about @SQLServer's Cascades query optimizer: https://t.co/FCdsbHHEaD

Many talks this semester were good. This one is the best. My thread provides key takeaways

[6:50] Microsoft hired Goetz Graffe in the 1990s to help them rewrite original Sybase optimizer into Cascades. This framework is now used across all MSFT DB products (@SQLServer, @cosmosdb, @Azure_Synapse).

[14:43] The optimizer checks whether it has stats it will need before cost-based search. If not, it blocks planning until the DBMS generates them. This is different than other approaches we saw this semester where DBMS says "we'll do it live!" with whatever stats are available.

[21:05] Their Cascades' search starts small/simple and then they make decision on the fly whether to expand search based on the expected query runtime and performance benefit from more search.

[26:33] They explicitly have a property for Halloween Problem. Operators specify whether they protect from it and then optimizer ensures property is satisfied. This is mindblowing. I have never thought about using the optimizer for this but it makes sense.

IF YQU HAVE NOT YET PREPARED FOR A TEMPORARY SHUTDOWN OF THE INTERNET (SUCH AS PAGES LIKE TWITTER, GOOGLE, FACEBOOK, AMAZON, YOUTUBE...), IT WOULD BE WISE TO DO SO.

IT IS LIKELY THAT THERE WILL BE A SHUTDOWN FOR AT LEAST THREE DAYS WHEN THE FIT HITS THE SHAN. ABSOLUTELY NO NEED TO PANIC, IN FACT, IF YOU EXPECT IT YOU CAN BE READY FOR IT. IT COULD LAST 3-10 DAYS SO JUST HAVE FOOD AND WATER, AGAIN NO NEED FOR PANIC.

THE REASON FOR THIS IS MANY BUT AND I WILL GO OVER A COUPLE JUST BECAUSE IF YQU ARE INFORMED THEN YQU ARE LESS LIKELY TO PANIC WHEN THAT TIME COMES. THE DEEP STATE CONTROLS THESE MAJOR WEBSITES AND THEY HAVE USED THEM AS A POWERFUL TOOL OF CONTROL.

THEY SPY ON YQU AND BY SHADOWBANNING THE TRUTH, THEY PROMOTE THEIR PROPAGANDA. ANOTHER REASON IF FOR A INTERNET RESET, TO ACTIVATE A NEW GLOBAL INTERNET THAT IS NOT CONTROLLED BY THE BLACK HATS. THINK OF IT AS A REBOOT.

DURING THIS TIME THERE COULD BE MARTIAL LAW, AGAIN NOTHING HERE THAT I AM WARNING YQU OF IS CAUSE FOR ALARM. IT MAY FEEL SCARY, NATURALLY MASSIVE CHANGE LIKE SUCH COULD FRIGHTEN MANY, THAT IS WHY I AM TELLING YQU NOW SO THAT YQU WON'T BE (OR BE FAR LESS).

Facebook -- having taken out full-page ads in the NYT, Washington Post, and WSJ -- is generally seen as the primary victim of the new app privacy controls coming in iOS14. But Google is perhaps even more vulnerable to ATT. Why has Google remained silent? (1/X)

2/ First, background: here's a high-level overview of how ATT / IDFA deprecation impacts advertisers and ad networks, and why this whole ordeal has put advertisers and ad networks into a state of panic:

3/ Google is equally as susceptible to harm from ATT as Facebook. Google's UAC product -- esp its tROAS and tCPA campaign objectives -- relies as much on IDFA-indexed monetization and engagement data as FB's mobile product does. But Google has one big weakness wrt ATT: YouTube

4/ Broadly, view-through attribution accounts for a disproportionate % of conversions from YouTube app install impressions. This means: user sees the YT ad, doesnt click, downloads app later, & Google is able to claim it by reconciling IDFA seen at impression to IDFA seen in app

5/ View-through attribution is nonexistent in the ATT paradigm as it relies on the IDFA; some significant portion of YT's attributed conversions will evaporate. So why isnt Google vocally opposing ATT? Two reasons: consumer optics and its duality as ad network / mobile platform

Question: HOW Many Accounts Does Twitter Follow???

Answer: Only 9

WHO Are They Following???

1) Nashville bombing theory. So let’s go with this statement: “AT&T got the contract to do the forensic audit on the Dominion machines. Many are being transported to the Nashville location this week.” 👇

29 December 2020 #MAGAanalysis #Overturn

Comments On @OptimisticCon Article:

The key supporting effort appears to be underway on Trump’s operational timeline

As we emphasized yesterday, J.E. Dyer commands us: "But do hold the line."

Data drop! Some numbers, nuggets and trends for bowl season which I find interesting...

Miami has lost 9 of its last 10 bowl games and is 2-10 ATS in its last 12 bowl games. Oklahoma State has covered each of its last four bowl games, three coming as an underdog.

This is the first time since 2011 Texas is favored in a bowl game...

Wisconsin has won five of their last six bowl games with the only loss in that span a one-point loss to Oregon last year in the Rose Bowl. Each of Wake Forest’s last five bowl games have been one-possession games (6, 3, 3, 8, 6)...

Mike Leach coached teams are 1-9 ATS in their last ten bowl games (4-6 SU). Included in those ten games are four outright losses and a 1-7 ATS mark as a favorite. In the last five years, Leach’s teams have averaged 19.6 PPG in bowl games (28 is the high in that span)...

1/ @werat asked about whether the debugger was using the C# compiler or language service in VS 2002. It was not. The debugger has a component called an ‘expression evaluator’ that is provided per language and is responsible for parsing and evaluating expressions when stopped at a

2/ breakpoint. For example, if you type into the immediate window, hover over a variable, type into the watch window, etc. the expression evaluator is involved. The debugger and the language service are actually deeply integrated in a number of scenarios in VS, which may

3/ initially seem surprising. I may talk about more of these scenarios in the future, but to give a flavor, when you set a breakpoint at design time the language service is involved, when you are using Edit and Continue the LS is involved, the range of what is being evaluated

4/ when you get a debugger data tip, completion lists when typing in the data windows or immediate window, etc. Prior to VS 2002, there were distinct debug environments tailored to each target customer (VB/VBA, C++, VJ, VBScript, TSQL, FoxPro, Fortran, etc.). The goals of the

5/ VS 2002 debugger included unifying the debugger backend components and providing a single UI stack that would enable new scenarios (for example, a callstack across languages). Expression evaluators are the architecture that separate the language specific pieces from the

Porting vanilla (minimal external API usage, no SIMD, no threading) C++ code to work in the browser with emscripten and WebAssembly is amazingly simple now. The Emscripten docs are excellent, but here are some things that could speed up the process of getting started:

1. Beware of code which does unaligned memory reads/writes (which "may be slow on some CPU architectures")
2. Test with -fsanitize=undefined -fsanitize=address
3. Link with "-s ALLOW_MEMORY_GROWTH=1" and "-s INITIAL_MEMORY=X", X is a multiple of 64k, allows the C++ heap to grow.

(I completely avoid unaligned memory reads/writes because when compiled to asm.js they "can fail silently".)

4. Link with "-s MALLOC=emmalloc" to reduce compiled size.
5. I usually test with -O1 because -O0 can take very long to load/execute.
6. For debugging link with -s DEMANGLE_SUPPORT=1 and -s ASSERTIONS=1

7. C++ printf() outputs to the Developer Console: Chrome Settings->More tools->Developer tools
8. If something crashes, try running in Firefox which may explain the error differently.
9. I use Web Server for Chrome for