BC INTERNET
Saved by @Alex1Powell

SolarWinds follow up. Very good tweet explaining what happened.

 Basically what this means is that SolarWinds itself was exploited. Someone posted an infected update as legitimate (digitally signed), leading customers to download a bad update.
“Multiple trojanized updates were digitally signed from March - May 2020 and posted to the SolarWinds updates website” https://t.co/8e3bMFWXYu
FireEye then explains that infected organizations were approached and exploited. This is a separate Step 2.
At this point, information is already going to “malicious domains” without extra intervention, after the malware does nothing for “up to two weeks”
But the cyber thieves take the opportunity to move around (“laterally”) inside the infected organization.
Bad actor = UNC42.
Trojan software = SUNBURST.
Basically the intruder tiptoes around the infected network grabbing more stuff.
As Chris Krebs pointed out, the hack is “resource intensive” because it takes a lot of work to do some of this. For example to create a malicious false domain with the same information as in the victim’s network.
What this means is that certain “choice” organizations are such significant targets that the cyber thief dwells on ensuring they can rummage around (spy on emails for example) undetected.
There is no definitive proof I have seen that Russia perpetrated this hack. Why won’t the media say that China or Iran or some other country could have done it?
Six years ago, another company

https://t.co/lzTINHgyAt
“Members of China's military systematically hacked the computers of SolarWorld USA, engaging in corporate espionage with the possible aim of advantaging SolarWorld's Chinese rivals, the US government alleges.” (May 19, 2014)
“Chinese bank forced western companies to install malware-laced tax software

GoldenSpy backdoor trojan found in a Chinese bank's official tax software, which the bank has been forcing western companies to install.” https://t.co/iEcdevXS7q
Another one from China: “execute files downloaded from a remote command and control (C&C) server, and update or uninstall itself.” https://t.co/CpTRlx3n8h
They tell us China is the biggest threat to our security and then refuse to publicly say that China could have done it, instead reflexively naming Russia. https://t.co/4ZOhYgWT03
Even the official denials are well known! https://t.co/29Hd0wJilI
“A bombshell report claims that China has been developing a massive spying operation for a few years that involved building hardware backdoors into critical server components with the help of microchips no bigger than a grain of rice or the tip of a sharpened pencil.”
“Those chips, once placed on motherboards that go into popular servers, would be able to help Chinese spies access information that would otherwise be unavailable to them.”
“Secret Backdoor in Some Low-Priced Android Phones Sent Data to a Server in China”
https://t.co/MQoZ3XEtgc
“Pompeo warns governors of Chinese infiltration into US: 'It's happening in your state'” (February 2020)

https://t.co/inXsE8UxAl
IS THE SOLARWINDS HACK RELATED TO ELECTION INTERFERENCE AS SOMEONE SUGGESTED HERE ON TWITTER (sorry I can’t find your tweet at the moment)
DID SOMEONE GAIN ACCESS TO THE STATES AND MESS WITH THEIR COMPUTERS SO THAT ELECTION DATA WAS SENT TO CHINA
THE REPORT ON FOREIGN ELECTION INTERFERENCE DROPS BY FRIDAY
Pompeo said to the governors: “The Chinese government has been methodical in the way it's analyzed our system... it's assessed our vulnerabilities and it's decided to exploit our freedoms, to gain an advantage over us at the federal level, the state level and the local level."
Pompeo warned them that we know.
“I'd be surprised if most of you in the audience had not been lobbied by the Chinese Communist Party directly."
“He said groups loyal to communist China are operating out in the open in Virginia, Minnesota, Florida and dozens of other states all around the country.”
“Other Chinese groups, however, practice their nefarious actions in the shadows in an attempt to exercise influence over U.S. citizens and lawmakers.”
Examples like “a diplomat from China, assigned here to the United States, a representative of the Chinese Communist Party, in New York City, sending a letter urging that an American elected official shouldn’t exercise his right to freedom of speech”
THEY ARE ATTACKING OUR CHILDRENS MINDS SAID POMPEO THROUGH THE SCHOOLS
“The secretary said ...that Chinese officials based in the U.S. are actively seeking to sow seeds of chaos at the state and local level -- specifically in the realm of education on college campuses and K-12 classrooms.”
“Maybe some of you have heard about the time when the Chinese consulate paid the UC San Diego students to protest the Dalai Lama. It shows depth. It shows systemization. It shows intent.”
WAKE UP WAKE UP WAKE UP REMEMBER CYNTHIA A JOHNSON PLAYING PING PONG IN DETROIT WITH THE CHINESE OFFICIAL
“Chinese Communist party officials, too, are cultivating relationships with county school boards and local politicians -- Often through what are known as 'Sister City Programs' ... This competition is well underway."
REMEMBER THE HARVARD PROFESSOR ARRESTED CHARLES LIEBER NANOTECHNOLOGY GOT PAID FROM “THOUSAND TALENTS PLAN”
“Pompeo also spoke about China's campaign to recruit U.S. scientists and academics to share vital secrets, in exchange for monetary gain through their ‘Thousand Talents Plan,’”
“a campaign that has already targeted scientists and professors on campuses such as Virginia Tech and Harvard and triggered investigations by the Department of Justice (DOJ).”
https://t.co/bozYbHtPqb
CHINA TURNS STUDENTS INTO SPIES
“He also explained how Beijing pressures Chinese students in the U.S. to keep an eye on their fellow countrymen and report back to the government about their activities.”
CHINA PROPAGANDA FLOODS KIDS MINDS AND THE AIRWAVES
“China’s propaganda starts even earlier than college. China has targeted K-12 schools around the world”
THE FAKE NEWS OWNERS DO BUSINESS WITH CHINA THAT AFFECTS OBJECTIVITY https://t.co/dnCgXIUOQg
“Pompeo then warned state governors about doing business with China and said it is common to indirectly finance communism without realizing it.”
“I want to urge vigilance on the local level too”
“I hope you will all take on board what I've said today. Don’t lose sight of the competition from China that's already present in your state. Let's all rise to the occasion and protect our security, our economy, indeed all that we hold dear."
@threadreaderapp unroll
@threader_app compile

More from Dannielle (Dossy) Blumenthal PhD

Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
They report, you decide.

Mike Pence to confirm Biden then leave the country, says report https://t.co/oIkb1SU6wX via @YahooNews
POLITICS
Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
@NPR your story “Trump Supporters Storm U.S. Capitol, Clash With Police” is date-stamped January 6, 2021 at 9:30 AM, which is 2.5 hours BEFORE President Trump spoke at the Ellipse and 4 hours BEFORE any procession to the Capitol. #fakenews


January 6, 2021, at 11:44 AM Eastern Time: The President arrives to speak.


January 6, 2021 at 12:05 PM, an hour past the scheduled start time, the President took to the podium. Again, your story was posted before anything happened. Why and how?


The crowd was reverent, not violent, mostly taking photos to capture the historic moment after waiting in frigid weather for so long.


During his speech, @POTUS says “I will march with you to the Capitol.” Here are 4 images of the President during that speech. He clearly told the crowd they would go together, peacefully but firmly, to make sure Congress did its job.
POLITICS
Advertisement
Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
Follow up thread on Eric Coomer.

New: Dominion Voting Systems employee SUES Trump campaign and allies https://t.co/7dEEapCEYI via @MailOnline
POLITICS
Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
There is no scenario where Trump lets Biden steal the election.

There is no scenario where an elected official facilitates election fraud and gets re-elected.

There is no scenario where we accept this kind of tyranny as normal.

They stole the election again in Georgia because they don’t think they can truly get caught or lose. Broken machines, extended deadlines, blocked access to observers, sudden vote flip. They don’t care.

The way this ends is going o truly shock the world. It isn’t going to be trivial. It isn’t going to depend on Mike Pence.
POLITICS
Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
Is this Ezra Cohen Watnick asking for help, was this a hack?

https://t.co/wiWCzJ4tv4


https://t.co/KKZXCLM6eI


https://t.co/226V6fr2kp


https://t.co/ECbrz0WTCJ


https://t.co/J3kqbczt4N
FOR LATER READ

More from Internet

Donald Bullers
Donald Bullers
@DonaldBullers
The Internet is at a tipping point, here’s what you’ve probably never heard coming next.

Time for a thread 👇👇👇

1) Let’s start with the users…

Today over 50% of the world is on social media AND on average we each have 70-80 usernames and passwords.

Each of these accounts are owned and controlled by the platforms.

Recipe for disaster.


2) In 2021 American adults spend over 4 hours a day online - that is half a work day.

Time is our most valuable asset, did you realize you are giving this away for free?


3) The applications we use today are built on the foundation of ‘Free + Ads’.

You get free access.

They get YOUR account, YOUR data, YOUR screen time, YOUR community.

And the worst part? This can all be taken away at any moment.


4) So where do we go from here?

It starts with self-sovereign digital identities.

ONLY the user owns their identity data online without intervention from outside parties.

Available now at sites like:
INTERNET
Shreyas Doshi
Shreyas Doshi
@shreyas
A thread of resources for aspiring & new Product Managers:

(should also be useful for Eng, Design, Data Science, Mktg, Ops folks who want to get better at PM work or want to build more empathy for your PM friends ☺️)

(oh, and pls also share *your* favorite resources below)

👇🏾

1/

Product Management - Start Here by @cagan
(hard to go wrong if you start with Marty Cagan’s

2/

Tips for Breaking into PM by @sriramk
(I’ve recommended this thread in my DMs more often than any other thread, by a pretty wide


3/

Top 100 Product Management Resources by @sachinrekhi
(well-categorized index so you can focus on whatever’s most useful right

4/

Brief interruption.

It’s important to understand your preferred learning style and go all in on that learning style (vs. struggling / procrastinating as you force a non-preferred learning
INTERNET
Advertisement
Cory Doctorow #BLM
Cory Doctorow #BLM
@doctorow
There are lots of problems with ad-tech:

* being spied on all the time means that the people of the 21st century are less able to be their authentic selves;

* any data that is collected and retained will eventually breach, creating untold harms;

1/


* data-collection enables for discriminatory business practices ("digital redlining");

* the huge, tangled hairball of adtech companies siphons lots (maybe even most) of the money that should go creators and media orgs; and

2/

* anti-adblock demands browsers and devices that thwart their owners' wishes, a capability that can be exploited for even more nefarious purposes;

That's all terrible, but it's also IRONIC, since it appears that, in addition to everything else, ad-tech is a fraud, a bezzle.

3/

Bezzle was John Kenneth Galbraith's term for "the magic interval when a confidence trickster knows he has the money he has appropriated but the victim does not yet understand that he has lost it." That is, a rotten log that has yet to be turned over.

4/

Bezzles unwind slowly, then all at once. We've had some important peeks under ad-tech's rotten log, and they're increasing in both intensity and velocity. If you follow @Chronotope, you've had a front-row seat to the
INTERNET
That Happy Dude
That Happy Dude
@ThatHappyDudee
1/

Thread on @signalapp:

28th Nov 2011: A deal is made.

Security researcher @Moxie Marlinspike and Roboticist Stuart Anderson's brainchild, Whisper Systems, will be sold off to Twitter for a nice sum of money. It comes as a surprise because all of Whisper System's services


Lemme know of your thoughts on this entire story of the Signal App! Also help dispel the rumors surrounding it!

Cc: @UnSubtleDesi @swati_gs @rahulroushan @bhootnath @PrinceArihan @BefittingFacts @disclosetv @TheWolfpackIN @VertigoWarrior @WarHorizon @ExSecular @RDXThinksThat
INTERNET
Fidato
Fidato
@tequieremos
Whatsapp will start forcing users to share personal data with Facebook which is it's parent company. It doesn't come as a surprise since all the major giants of Silicon valley; Google, Amazon, Facebook, Microsoft etc are deeply integrated with US intelligence agencies.

THREAD

In 2013, Edward Snowden, an employee of National Security Agency, revealed that the US govt was running a vast Internet surveillance program and tapping every major Silicon Valley platform and company— Facebook, Google, Apple, Amazon including mobile games like Angry Birds.

[1]

The most astonishing program revealed by Snowden’s disclosures is called PRISM, which involves a sophisticated on-demand data tap housed within the datacenters of the biggest and most respected names in Silicon Valley: Google, Apple, Facebook, Yahoo!, and Microsoft.

[2]

These devices allow the National Security Agency (NSA) to extract whatever the agency requires, including emails, attachments, chats, address books, files, photographs, audio files, search activity, and mobile phone location history.

[3]

Edward Snowden also revealed the Mass Metadata Surveillance System of America's National Security Agency (NSA) in his documents. Let's suppose if NSA had found someone dialing number of an al Qaeda member, and assume that this person had phoned 100 other people over the...

[4]
INTERNET

You May Also Like

Tweeting Historians
Tweeting Historians
@Tweetistorian
@ChenHuailun here. I'm adding a supplementary thread before today's scheduled one to expand on the origins and early history of the Church of the East (aka the Nestorian Church) ~ahc #jingjiao 1/


The Church of the East traces its origins to the christological position of the School of Antioch, which held that the human and divine and human essences (ουσία) of Christ were united in a single prosopon (πρόσωπον). ~ahc #jingjiao 2/


This ran against the position of the School of Alexandria, which held that the two essences of Christ were united in a single hypostasis (ὑπόστασις). In general terms, hypostasis is more inherent than prosopon. ~ahc #jingjiao 3/


One implication of the Antiochene rejection of the hypostatic union is that Mary could not accurately be called the Theotokos, or God-bearer. Instead, she is the Christotokos, the Christ-bearer. ~ahc #jingjiao 4/


These Christological debates were further complicated by Syriac terms such as 'kyana' (ܟܝܢܐ), associated with 'ousia' but later translated to 'hypostasis' by Syrian Orthodox; and 'qnoma ' (ܩܢܘܡܐ), sometimes contentiously translated as 'hypostasis' or 'person.' ~ahc #jingjiao 5/
RELIGION
XVIII Airborne Corps\U0001f409
XVIII Airborne Corps🐉...
@18airbornecorps
1 of 16: WE ARE ALL JEWS HERE: THE STORY OF RODDIE EDMONDS

One of the most moving and relevant stories of the Battle of the Bulge, or any American Soldier in any war, is that of Master Sergeant Roddie Edmonds, a Knoxville, Tennessee native, who served with the 106th Infantry.


2 of 16:

Roddie was captured early on in the Battle of the Bulge, on December 19th, when Panzer forces plowed through his unit.

He, along with almost his entire regiment, was forced to surrender.


3 of 16:

The men were transported to the Stalag IX-A POW camp in Ziegenhain, Germany.

Roddie was the senior enlisted American Soldier at the site. As such, he was the conduit between all American Soldiers and their German captors.


4 of 16:

In late January, the camp’s commandant, Major Siegmann [pictured here], ordered Roddie, a Christian, to identify all Jewish Soldiers and order them to stand in formation by themselves the next day.

[Jewish Soldiers were a minority within American units]


5 of 16:

Throughout WWII, captured Jewish Soldiers were often tortured and then killed by their German captors.

In fact, Jewish Soldiers had been told to bury their dog tags before capture. The dog tag identified Jews with the letter “H” for Hebrew.
SOCIETY
Advertisement
Patrick McKenzie
Patrick McKenzie
@patio11
Most software founders, particularly in B2B, need to get radically better at sales. @Steli , who is the best person for explaining the scrappy stages in the beginning and then building out a team with scripts and processes, wrote a guide to:

For technical founders it is irrationally, obscenely hard to reverse years of programming (ba dum bum) that sales is a value-destroying activity. Sales is CLEARLY a value-creating activity, contingent on you have a value-creating product.

The world will not drop what they are doing to adopt your work. This is particularly true in B2B, where simply building a better mousetrap won't overcome the activation energy required to get people with additional non-mice problems to prioritize changing mousetraps today.

This is very non-obvious for founders because founders are not often people who *want* to be sold to. We often come from a background where trying out tools is a bit of a fun hobby. We like looking at all the options, making charts, and ripping out partially complete tests.

"This week I unsuccessfully trialed four software options for automating that thing that has been killing us. Our actual production process remains the same as last week. Don't worry; this was a great use of time." is not a thing you want to write in a progress report to manager.
TECH
Roger Grosse
Roger Grosse
@RogerGrosse
Important paper from Google on large batch optimization. They do impressively careful experiments measuring # iterations needed to achieve target validation error at various batch sizes. The main "surprise" is the lack of surprises. [thread]

https://t.co/7QIx5CFdfJ


The paper is a good example of lots of elements of good experimental design. They validate their metric by showing lots of variants give consistent results. They tune hyperparamters separately for each condition, check that optimum isn't at the endpoints, and measure sensitivity.

They have separate experiments where the hold fixed # iterations and # epochs, which (as they explain) measure very different things. They avoid confounds, such as batch norm's artificial dependence between batch size and regularization strength.

When the experiments are done carefully enough, the results are remarkably consistent between different datasets and architectures. Qualitatively, MNIST behaves just like ImageNet.

Importantly, they don't find any evidence for a "sharp/flat optima" effect whereby better optimization leads to worse final results. They have a good discussion of experimental artifacts/confounds in past papers where such effects were reported.
MACHINE LEARNING
Julien \U0001f332
Julien 🌲
@julien
1/ there is this sense when you are young that your accomplishments need to be a list of things that seem impressive to others. A list of several items you did.

This isn't actually right, so here is another suggestion.

2/ I remember being 26 and writing about reading 52 books a year. I wrote blog posts about it. They got copied. It became "a thing." Now it's in Twitter bios. It looks impressive but it's insanely useless and I shouldn't have done it.

3/ what I should have known at that time is that only young idiots like myself, with no accomplishments, find list of tiny achievements impressive. Anyone who has actually done anything of substance doesn't gaf

4/ what is actually difficult, and worthwhile, instead is to do ONE single thing for a very, very long time. It's much harder and much rarer and results in outlier outcomes much more often.

Of course you can find this out too late if you are chasing the dragon of Ted talks etc

5/ if I had only worked on a startup for a year, I would've gotten nowhere, the same way that if you lift for 3 months, it achieves nothing. Everything good in life comes from perseverance, but at the beginning, you're just like "I need to be somebody!!!"
LIFE