BC INTERNET

Saved by @Mollyycolllinss

Claire Ryan
@aetherlev 4 years, 5 months ago 551 views

Save to PDF Share See On Twitter

Right, I did some reading and here’s what likely happened with Parler. Lots of crossed wires here.

First up: someone noticed that Parler uses sequential integers in the API endpoint to get content.

An API endpoint is just a URL with a value added onto the end that tells the system what you want to get back.

Using sequential integers means that a hacker can set up an automated script to start at 1 and count up, trying API calls over and over again, to get back content from Parler.

Parler apparently had no restrictions on this API endpoint, which frankly blows my mind as a web dev.

If you had a working URL, it just spat out whatever it had whether you were logged in or not.

It seems that EVERYTHING that had been uploaded - video, photos, text posts - was accessible whether it had been deleted or restricted in the app itself. Even uploaded photos of licenses etc etc.

I cannot describe how amateur hour this is, if true.

Now as well as that - Parler got kicked off Twilio so now there was no verification of phone numbers on signup. They let it fail open - allow registrations without verification. Hackers used this to create umpteen accounts, for shits n giggles apparently.

I think they closed registrations after the damage had been done.

Okay so the admin accounts - they discovered an API endpoint that let them enumerate admin users.

This is also so unbelievably bad that it boggles the mind, from a web dev perspective

Like I don’t even know why that exists. That is not something that should exist.

The admin accounts were not compromised, apparently, but holy fucking shit you DO NOT expose admin account data EVER. That is asking to get hacked even more.

Anyway the TL;DR on this is that your password probably hasn’t been compromised (I hope) but anything else uploaded to Parler might be out in the wild now even if you deleted it in the app.

Happy fucking Monday, let the train wreck of this week begin

Further update: some lively discussion of it going on here: https://t.co/swpV9JUJ5p

More from Internet

ArchAngEL MichaEL
@IAMAngELMichaEL

IF YQU HAVE NOT YET PREPARED FOR A TEMPORARY SHUTDOWN OF THE INTERNET (SUCH AS PAGES LIKE TWITTER, GOOGLE, FACEBOOK, AMAZON, YOUTUBE...), IT WOULD BE WISE TO DO SO.

IT IS LIKELY THAT THERE WILL BE A SHUTDOWN FOR AT LEAST THREE DAYS WHEN THE FIT HITS THE SHAN. ABSOLUTELY NO NEED TO PANIC, IN FACT, IF YOU EXPECT IT YOU CAN BE READY FOR IT. IT COULD LAST 3-10 DAYS SO JUST HAVE FOOD AND WATER, AGAIN NO NEED FOR PANIC.

THE REASON FOR THIS IS MANY BUT AND I WILL GO OVER A COUPLE JUST BECAUSE IF YQU ARE INFORMED THEN YQU ARE LESS LIKELY TO PANIC WHEN THAT TIME COMES. THE DEEP STATE CONTROLS THESE MAJOR WEBSITES AND THEY HAVE USED THEM AS A POWERFUL TOOL OF CONTROL.

THEY SPY ON YQU AND BY SHADOWBANNING THE TRUTH, THEY PROMOTE THEIR PROPAGANDA. ANOTHER REASON IF FOR A INTERNET RESET, TO ACTIVATE A NEW GLOBAL INTERNET THAT IS NOT CONTROLLED BY THE BLACK HATS. THINK OF IT AS A REBOOT.

DURING THIS TIME THERE COULD BE MARTIAL LAW, AGAIN NOTHING HERE THAT I AM WARNING YQU OF IS CAUSE FOR ALARM. IT MAY FEEL SCARY, NATURALLY MASSIVE CHANGE LIKE SUCH COULD FRIGHTEN MANY, THAT IS WHY I AM TELLING YQU NOW SO THAT YQU WON'T BE (OR BE FAR LESS).

Sunil Kumar
@sunilc_

Are you an Angular developer?

Check these useful UI and Component libraries for Angular:

🧵👇🏻

1. Material Angular:

UI library for Angular based on Material

2. NG Bootstrap:

UI library for Angular based on the Bootstrap

3. PrimeNG:

Powerful UI component library for Angular

https://t.co/90VmurAdyD

4. Onsen Angular:

Hybrid mobile and PWA UI library for Angular and Onsen

Advertisement

FRANCIS AARON
@FrancisAaronUK

Transgenderism resembles a mass psychogenic illness that has spread thanks to the internet. If there were no Tumblr identity fluidity nonsense, and if Reddit and YouTube had never existed, most “trans” people would not have landed on “gender” as the source of their ills.
1.

It is handed to them in the same way religion is handed to children. Thoughts and ideas are set before them, and they have brought these thoughts and ideas to live in themselves. Without the Internet, their feelings of dis-ease would have found a different explanation.
2.

These ideas became a framework for self-understanding, a map that instructs their actions, a vocabulary that programs their tongue. The pursuit of identity was the task, the online bubble its surrogate. They were commanded by it, and it gave their lives purpose and meaning.
3.

It had benefits. It catered to vanity. Social adulation arrived with each new step. This is why they so fiercely cling to it, since any conceptual breakdown would shatter the world they’ve built, which has been buttressed and fortified through these concepts – these errors.
4.

Its appeal first came as an escapist fantasy for the dysmorphic and disenchanted. Unbound from the meanings thrust upon them by others, they could instead become self-creators. They imbibed the dogma that suggested only two paths lay before them: – transition or suicide.
5.

Amit Ganguli
@amit_ganguli

Many conversations happening on #WhatsApp (WA) groups about new #WhatsAppPrivacyPolicy .
This thread has arguments to help ditch WA & move to @signalapp:
https://t.co/En4fe9VxUN
Share, use, copy-paste, modify with understanding as you deem fit on any platform in whole or part
1/n

Note: No affiliations, conflict of interest
Info presented with NO bias, prejudice, malice or indemnity.
Open to corrections: individual tweets may be deleted, tweets added to thread or corrected as replies.
Points that are unclear or uncertain are marked with "(?)".
2/n

CONTENT OF WA MESSAGES SHALL REMAIN ENCRYPTED END TO END.
BUT, there's data: contacts, group affiliations, co-affiliations, locations (live?), frequency of contacts, *tags* generated when we send or forward a message or file to contacts or groups, links, clicks on links, etc.
3/n

It is unclear whether this data is anonymized.
NOTHING in latest policy *prevents* the collection, retention, sharing or sale by FaceBook (FB: owner of WA) of this data in part or whole whether with identifying information or anonymized.
Meme source:
https://t.co/nMDTUlb0rl
4/n

Now that #WhatsApp have updated their terms, forcing users to share their data with #Facebook, here's our suggested update to that notification you see at the top of your chats.#WhatsappNewPolicy #WhatsappPrivacy pic.twitter.com/FjxFGBm6Q8
— Privacy International (@privacyint) January 7, 2021

Companies need to make money & generate profits:
To create software, install & maintain infrastructure.
Google, FB, Insta, Amazon etc sell data created from our content & data generated from our interactions (searches, clicks, purchases etc).
This makes many uncomfortable.
5/n

Hemant Mohapatra
@MohapatraHemant

~8yrs ago (Dec’12) I got a job @Google. Those were still early days of cloud. I joined GCP @<150M ARR & left @~4B (excld GSuite). Learned from some of the smartest ppl in tech. But we also got a LOT wrong that took yrs to fix. Much of it now public, but here’s my ring-side view👇

By 2008, Google had everything going for it w.r.t. Cloud and we should’ve been the market leaders, but we were either too early to market or too late. What did we do wrong? (1) bad timing (2) worse productization & (3) worst GTM.

We were 1st to “containers” (lxc) & container management (Borg) - since '03/04. But Docker took LXC, added cluster management, & launched 1st. Mesosphere launched DCOS. A lot of chairs were thrown around re: google losing this early battle, though K8 won the war, eventually 👏

We were 1st to “serverless” (AppEngine). GAE was our beachhead -- it was the biggest revenue source early on but the world wasn’t ready for serverless primitives. We also didn’t build auxiliary products fast enough. Clients that outgrew GAE wanted “building block” IaaS offerings.

1st to hadoop (map-reduce ‘04) but our hosted Hadoop launched in ‘15. AWS EMR was ~200M ARR by then. 1st to cloud storage (GFS ’03), but didn’t offer a filestore till ‘18! Customers were asking for it since 2014. Didn’t launch archival storage or direct interconnect till v. late.

You May Also Like

Dr Amanda Moehring
@FlyBehaviour

In Academia, people aren’t always supported when they need it. I want to share what @WesternU did when my husband died right after the pandemic shutdown. It should be shared with other uni’s as a model for empathy and proactive care when someone is in crisis.
1/
#AcademicChatter

Shalini Singh Sengar
@Maverickmusafir

Remembering Colonel Anil Kaul, VrC (Retd) on his 3rd Death Anniversary.

“It was October 12, 1987, exactly 5:55 pm as I was… coming out of the cupola of my T-72 tank on a steamy evening in an unknown place called Kokkuvil in the Jaffna district of Northern Sri Lanka.+

I froze in that confined space at what I saw. An LTTE militant stood at 60 meters aiming his rocket-propelled gun at my tank.

In a flash he fired. Probably having lost his nerve he aimed too low. The projectile hit the left mudguard of the tank, but for some inexplicable reason+

did not explode. It then hit the side of the main gun and then exploded on top of the turret, all in a fraction of a second. Before I knew, it seemed I had received a straight right punch so to say to my chin. I saw some blood appear on my left hand and there was a sharp drop in+

my eyesight.

Lt Colonel (now Lt Gen) Dalbir Singh, then Commanding Officer of 10 Para Commando, who was standing on the engine deck said to me, “Yaar what a close shave.”

He suddenly saw me and the look on his face told me that something was very very wrong with me. In that+

fraction of a second, as if it was a rewind of my entire life, thoughts raced through my life as to how and when I had landed myself in such a situation…

I asked my gunner to pull out a first field dressing (FFD) which is standard equipment in a first aid box carried in each+

Advertisement

Simon Wardley #EEA
@swardley

X : Our executive team is concerned that we need to up our game in order to out innovate Amazon.
Me : Do you map?
X : Yes
Me : Like this?
X : No. What's that?
Me : A map of a tea shop.

X : Why is that a map?
Me : Long story, all to do with how space has meaning. To keep it short, maps help people to focus on user needs, the components involved, to communicate missing components and scenario play ideas like staff becoming robots.

Me : They’re also good for measuring and managing capital flow, making investment decisions, removing bias and getting rid of duplication.
X : I don’t see how that helps with innovation?

Me : Well, innovation is a tricky word because we use it to describe many things. If you’re talking about differentiation with the adjacent unexplored then you’re experimenting in the “uncharted” space e.g. immortality with magic provided by the special custom built kettle.

X : That sounds like nonsense.
Me : A lot of what people think will be the next great innovation is nonsense. Actually, most of it is. That’s the nature of the uncharted space, it’s experimental, high risk and generally results in failure.
X : We need more reliable innovation.

$k\u0101rthik \u0b95\u0bbe\u0bb0\u0bcd\u0ba4\u0bcd\u0ba4\u0bbf\u0b95\u0bcd \u0915\u093e\u0930\u094d\u0924\u093f\u0915 \U0001f1ee\U0001f1f3\U0001f1ee\U0001f1f3\U0001f1ee\U0001f1f3 | Sanatani$

kārthik கார்த்திக் कार...
@almightykarthik

Hello Dear Tweeples!

It’s Siddhars time of the week! Last week I shared story of Guru (Machamuni or Yogi Matsyendranath), this week I bring you information on his Shishya.

#Thread on Gorakanathar Siddhar.

@LostTemple7

His origin story is interesting, though I couldn’t verify it’s authenticity, so not sharing the story here. He’s shishya of Machamuni Siddhar and also learnt from Agasthiya Siddhar.

@HelloNNewman @RajiIndustani @Kishoreciyer1

Unlike other Siddhars, he is depicted as either with a Tiger or seated & wearing Tiger skin. While I couldn’t find any explanation for this. My interpretation is as follows:

Tiger is a predator that lurks around and attacks unexpectedly.

Our 5 indriyas and 5 vikitis also similar to Tiger, they lurk around and attacks our thoughts when we’re least expecting. Gorakkar is said to have mastered these aspects, thus to denote this, he shown with Tiger.

@Itishree001 @VarierSangitha @jananisampath

Gorakanathar or Gorakshnath (as he’s known in the Nath Sampraday) is celebrated Guru in both Northern and Southern part of India. He’s one of the NavNath in Nath Sampraday and also 18 Siddhars of Tamil tradition. During his life, he’s travelled Indian subcontinent extensively +

Nikita Poojary
@niki_poojary

Time for a Thread🧵On yesterday’s “F&O Pe Charcha - Diary Of An Option Seller” with @Mitesh_Engr by @Paytm Money

Why Gain/loss ratio is important that the batting average
• More than the Win Loss ratio check the total Gain /loss ratio
• If your avg loss is 1% and avg gain is +5% then even if you are losing in 7 positions and winning in 3 out of 10 still you will be net profitable

Treat Trading as a business:
• Stick to a single strategy. Eg: A restaurateur usually wouldn’t be changing his recipe on a daily basis
• Mitesh Sir only works on BO or BD strategy, as he is a versatile trader

• Any trader should atleast experience 3 scenarios i.e. bull, bear & consolidation
• Target 4% per month i.e. 48% p.a.
• Option buying requires skill, everyday there wont be huge momentum, so buying options won’t yield good results, but high chances of falling into a bad habit

Stock Selection:
• In F&O segment there are ~150 stocks
• Not everyday all stocks will move
• Only 5-7 stocks move upside or downside
• Focus only these momentum stocks
• Check which one is moving
• Range BO/BD never disappoints. BO/BD from a rectangle (consolidation)