@behindyourback
@dakami
I was working at a theatre really late one night, and as I was leaving town a girl just got into my car. She thought I was a taxi, but she was *incredibly* drunk. It was *way* out of my way, but I drove her home, make sure she made it in, and left. There are good guys out there.
@haramgirlfriend
This documentary was great. I also like the last experiment they were running that didn’t work how they though it should either. The last words being “raise the torch up” :D
Scientist: results don’t fit hypothesis; change the hypothesis.
Flat earther: must be the equipment
@DrSepah
@Quantitativus
@aaaaathena
It’s not the undergrad degrees - it’s the research. Many SV companies sprung out of research projects, or ideas from researchers (postgrad or staff) that wouldn’t have in other environments.
@karanortman
That snippet is the key part of why this is so different. Sure there are interesting things about the malware itself but it being delivered via trusted systems management/monitoring software and practically undetectable (unless know what to look for) broke people’s threat models
@altluu
Losing institutional knowledge is somewhat like not having (enough) monitoring - it doesn’t by itself stop incidents from happening, nor fixes them, but without it makes seeing and tracking down the problem a lot longer.
@moelassus
@MalwareJake
@msftsecurity
Microsoft has some of the best detection and threat hunters in the biz - it’s what happens when you are at the scale and as much of a target as MSFT has been for decades.
@lizardbill
@ctrlshifti
Which, to be fair, can hide certain classes of bugs (Heisenbug - like memory or race conditions), but that’s a reach. Throwing tools out your toolbox that increase execution speed by reduces cognitive speed is really smart, because we know CPUs are the long-pole in development ;)
@jumpeduptelex
@RAF_Luton
I sympathize - it’s hard to recognize the F4 because with the energy crisis they can only run it at gas mark F3, so it doesn’t have that “wooooosh” sound, but more “raaaw”, which at a distance sounds quite like a Canberra, especially during mating season.
Heading to
@defcon
and will be spending the weekend teaching kids to hack at
@r00tzasylum
. A big thanks to all the volunteers, goons, and people that run villages - you guys spend time and $$$ make the con for everyone else to enjoy. Attendees, say thanks if you get a chance.
@DavidAFrench
Am I grateful to be here. Absolutely - I have a better quality of that even the 1st-world country (UK) that I came from. But I’ve worked damn hard to be here, and trudged though the (dysfunctional/antiquated) immigration system. The US us better for having immigrants, not worse.
I didn’t know anything about electric self-driving cars, so thought Elon was a genius.
Likewise, I didn’t know squat about reusable rockets, so thought Elon was a genius.
I know about software, and this man is a moron.
@pennjillette
@MrTeller
@opensea
@BullPunkNFT
I am SO disappointed that you and
@MrTeller
are doing this. Propping up this scam is the last thing I thought you’d be involved with. Plenty of other ways to share or buy any art, etc, that you’d create and a loyal following that would buy it though other means.
@alexstamos
A lot of the time, with these hugely complex systems that are undergoing some form of change *constantly*, it’s more surprising that there’s not more outages.
Testament to the people working on this - there *will* be lessons learned and it *will* be more resistant after.
@troyhunt
I was part of team behind this . There was a lot of custom software & services, but it came down to a lot of Intel NUCs running React apps (could swap out for Grafana), Apache Storm (data processing/aggregating), and Barco hardware to combine/scale inputs.
@matvelloso
Careful - she’ll get sued by an aweful, aweful, 90 year old media mogul, because of course there’s product confusion of an online storage system and a satellite broadcaster 🤷🏻♂️
@rmogull
Is anyone surprised? Companies that exploit privacy (Facebook, Google) mention more about security than privacy. Apple is its usual, brief (but pretty) self, but says the right things. Microsoft and Amazon out the gate start on data - the fundamentals.
If you aren’t paying...
@stevesi
Another example of Microsoft being too early with an idea, and on the wrong platform. I know there’s a lot of “Clippy hate” out there, but it did help people do simple tasks on complex products. Fast forward 10 years and Siri, Cortana, Google Now are Clippy impersonators.
@ajohnsocyber
Says the CEO who’s entire business model is getting people into offices 🤔
Next up, tobacco exec that says smoking is good for you.
WeWork was a piece-of-cr
@p
company before - looks like no difference with new CEO.
@stevesi
I also remember the joking inside MSFT (and the tech press in general) on why would anyone want a big phone (as it ran the same OS as the iPhone).
Yeah, it was crappy at the beginning, but there was a long-term vision others didn’t see. Who’s laughing now 🙂
@seaotta
Depends on what you are debugging. If it’s a distributed system, or a long-running bug, or a Heisenbug, then “debug by printf” is a reasonable strategy. Trying to wrangle these bug types in an IDE is just as crazy.
Devs should learn to drop state to *loggers* more, not UI.
@agentilis92
@mattblaze
@andy_geronimo
So, effectively, be quiet little girl and talk about posting pictures on Instagram, the fun you are going to have over the summer, the friends you are going to miss. How trite
Let the girl speak. kids are going to encounter differences of opinion in the real work, so start early
"This extension adds a quick command to search
@StackOverflow
without leaving
@Code
.
You can find the command by search, or by using the hotkeys cmd+h on Mac or ctrl+h on
@Windows
."
who built this & how can I buy you coffee
👩💻
⚙️
@0xcharlie
@elonmusk
Still works as well as ever? If you mean “the site it still up” then sure - an object in motion stays in motion (although I see a lot more perf/latency/loading issues now). But if you mean advertising, content management, HR, etc, then it’s fallen off a cliff.
@nerd_monkey
IMO, most of the hot, new, content are in podcasts and Twitter/blog threads. As far as books go though,
@rossjanderson
‘security engineering’,
@adamshostack
‘threat modeling’, and
@cigitalgem
‘building security in’ are good starting places re architecture (pushing security left)
Managed to top the “fun” tank up a bit tonight. Not full yet, but at least not running on fumes. Great night by the
#FooFighters
- thanks for playing our shiny new arena.
@ctrlshifti
So, never written anything complex enough?
Or just debug by printf?
Maybe an ML engineer (or formal methods) where if something isn’t working throw it out and start again?
Either way, IMO no “real” engineer would be proud of that statement.
@someinfosecguy
@0xbanana
@donie
Bugs are implementation flaws - you can scan code for them and they have a pattern to look for. Flaws (design or otherwise) is where the code works as intended but has unintended side-effects. Those you have to (re)do design reviews and look much more holistically for.
So, I come downstairs from my home office to make a cup of tea and grab a snack and find these…😳. I also get challenged by Tara “where’s your badge!” (She has a lanyard on and is all setup in front of the TV). I guess it’s
#ComicConAtHome2021
time.
This was a story that I used to tell my software engineering students - requirements and architectural choices tend to live around *much* longer than you expect.
A history lesson for people who think that history doesn't matter:
What's the big deal about railroad tracks?
The US standard railroad gauge (distance between the rails) is 4 feet, 8.5 inches. That's an exceedingly odd number.
Why was that gauge used?
Well, because that's the way
@bendrush
@Carnage4Life
Ah, yes, all these people sucking off the teat of BigCorps 🥱
I worked at MSFT for ~10yrs. The vast majority work hard. Not fast by any means, but impact and scope there is huge so have to get things right. Disingenuous to say things like this as good people are losing their jobs
@martin_casado
You hit on what I have found to be why in one of the tweets above - “Of course you have to be a good recruiter to find them!”
It takes a lot of kissing frogs to find those top performers. Large companies can’t often afford that so go with where they know and networks they have.
Can’t watch election results - still too disappointed that Americans still support fucktards like Cruz, King, DeSantis, and most of all Nunes
Takeaway though is where people actually have to live with other it goes blue and rural red areas vote for things that don’t affect them
@odnswim_
@Carnage4Life
One of the reasons people stay at MSFT for so long is because they can have multiple careers, doing very different things (search, games, hardware, etc) without changing company. Or they can go very deep on one thing (OS, compilers, etc) when there’s few places that also do that.
@QuinnyPig
Question is why wasn’t it free at the get-go. It’s not as if those packets were transitioning outside of the DC on fully owned and operated AWS hardware that already needed to work. I get cross-region, and *maybe* cross-AZ, but not intra-AZ.
@DavidAFrench
Amen. As a ‘immigrant citizen’ myself, we come over to the US with *no* backup that most others have - a family, or community/social/work network to go to if times are tough or just need to talk - have to build this ourselves. No wonder, as a group, we start/lead more businesses
@Carnage4Life
Ok I get it, but Arya is absolutely not a Mary Sue.
Instead if of it being too easy or not ‘deserved’, Arya earned every moment of defeating the night king. Her training, journey, experiences all led to (and foretold) that moment. John Snow would have absolutely been a Gary Stu.
@deviantollam
Umm, there’s a bunch of lines IMMEDIATELY UNDER the address, and no-one thinks “gee, that maybe something related that I can’t read - maybe I should scrawl over that as well”?
Wait until they hear of micro dots 😈
These guys aren’t the brightest tools in the box, clearly.
@sarahbrie
@dakami
I’m so sorry for you, family, and all of Dan’s friends. The outpouring of stories on Twitter yesterday really show what a one-of-a-kind Dan was. He’s going to be very, very, missed.
Please ignore the trolls - no-one needs details (although I know first hand how serious DKA is).
Member of the homophobic, ultra-conservative, Westboro Baptist Church in KS were holding a protest of the upcoming Foo Fighters concert (devil’s music), so Dave Grohl decided to roll out an epic troll by singing, “You Should be Dancin” to them the bed of a truck.
@IanColdwater
Wow, what a stupid hot take. You know the govt. and police are made up by a lot of people *WHO ALL ANSWER TO US*. It’s *US* that are the problem because we don’t hold them accountable (for doing nothing, not only on this issue it seems).
@docjamesw
@Google
@Microsoft
Test, as a profession, *is* dead, somewhat because the (monolithic) software that we used to test is also dead. Now we release small, often, and in stages. Our customers are our testers, and we (are supposed to) fail/rollback quickly. Test has been replaced with “DevOps” and SRE.
@deviantollam
Yes, not all women have an interest in InfoSec. Just like not all men have an interest in fashion. However, I don’t remember reading about Tom Ford getting criticized and ridiculed for being in a “woman’s” industry.
People like what they like - don’t assume, or get in their way.
@matvelloso
Windows Phone was great, and Cortana on it kicked ass (I may be biased 😉). The OS, from the UX to the APIs are *still* the best. It was let down though by no app developers (market forces) and sub-quality hardware vs iPhones (felt like warm pop-tarts)
@blowdart
No-one, not the insurance companies (discounts), or people without insurance (they will skip) are paying this so why the F is it priced this high!
My wife has a 15min appointment next week which will be $250 before insurance
American healthcare, top-to-bottom, is serious wrong
@mattblaze
There was a Twitter thread I saw this morning that stated “they should have a bunch of middle-aged dads standing on the bank and pointing - would have solved this ages ago”.
I wish I could find that thread again because it was hilarious.
I’ve added “Dr.” to my profile, because, FU
@WSJ
.
I don’t use my degree, nor expect others to, but if someone earns it and decides to use it it’s up to them and shouldn’t be shamed for it.
Looked cute, will delete later.
@shanselman
Trying not to
#spoiler
, but...
It’s not Nolan’s first time in non-linear timelines - I thought Memento was a better film, and there’s a great description of it here
As some people may know, I've left big corp land and doing a new startup! Already have a wicked smart team, a great problem to go solve, and VC funding. Come join us - I have both front-end and back-end positions open.
@noseratio
@Grady_Booch
Somewhat cart-before-horse here. Cortana died not because Microsoft couldn’t figure out how to monetize it (tho that was certainly talked about) but because when Windows phone was shut down there was no (usable) platform for her to be on. It didn’t get to being profit concern 😢
@docjamesw
He also ran the “scroogled” campaign, despite pretty much everyone I know at MSFT being against it. Had one interaction with him - odious little man; couldn’t have enough showers after to feel semi-clean again. Have no idea why he was hired (at anywhere)
Watching
#ScottPilgrim
along with
#WatchWithTheAcademy
, and this film gets better each time I watch it (and it’s been a good few times). Also I always forget how many people are in this film that are pretty well known now.
@SwiftOnSecurity
Funny, but it’s more likely to be called “iCant”.
Based on Apple’s inability to support anything that it doesn’t create/built itself, whenever one tries to spin up a VM running anything other than MacOS 14.x the API returns HTTP 501 - iCant
Ever want to test systems & see if your password is ever stored/sent in plaintext?
Make it: X5O!P%
@AP
[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
I am on the phone with a vendor right now because my test account is in an inoperable state.
🧐
@shanselman
I really don’t fucking get it (excuse my French there). Surely, if a country wants to restrict travelers to their shores they can. It’s worked quite well for Australia and New Zealand.
International👏travel👏is👏not👏a👏right.
Neither is access to any business or private venue
@deviantollam
If it’s private capital that is bailing them out (like in this case) then I’m fine with it - smart money will capitalize (huh, a pun) on their bad/unlucky choices (and if can fine one, then they go broke - that’s capitalism).
If it’s public money, then there will be pitchforks.
@cigitalgem
@joshtpm
@noplasticshower
@PressSec
@Acosta
I’m not sure what you are talking about. The government checked out 2yrs ago. The WH doesn’t give a crap; there is *video evidence* and they don’t care because they they have their own bubble and play to a small crowd.
I’m just hoping that finally there’s some oversight.
Every night, several times a night, Uber and Lyft drivers at Reagan National Airport simultaneously turn off their ride share apps for a minute or two to trick the app into thinking there are no drivers available---creating a price surge.
@docjamesw
You (and I) have seen this up close, so no argument here. The one thing I might add though is that during those boom-times they *think* more resources are needed to keep up (with demand, support, etc), but in reality it’s bad forward planning - service shouldn’t *need* that extra
@dakami
What Netflix is doing isn’t “dumb shit”. It is to you (and me), but their program management, and A/B testing, has that this increases engagement and follow-ok viewing. Stickiness is king on these platforms.
That it pisses of some people is an aside (to Netflix).
But SF is dumb
@RajGoel_NY
@MalwareTechBlog
Each of these have very clearly defined standards with a ton of data/modeling that helps set insurance. You have a CISSP - define a “secure” system for me (and then let
@MalwareTechBlog
show you how it’s not), and how much willing to pay, for what coverage. It’s not simple.
@someinfosecguy
@donie
@0xbanana
I don’t think we have full details yet, but from what i think is know so far it’s a (design) flaw, not a bug - a side-effect of an intended feature, not a feature working incorrectly.
I’ll help whomever I can during this period - intros, network, even if just venting over drinks. This is certainly a watershed moment, but not the end for any not many - tech is too engrained and will still grow, but it’s not the guarantee job for life at BigCo that it was 😢
@dcuthbert
I don’t get the “it’s my right to drive” attitude- sure it is hon, but also there are these things called “traffic laws” (and she’s wrong anyway, driving is not a ‘right’).
JFC - I am so done with people post-covid lockdowns - seems they have lost all semblance of society.
Anyone who calls themself a "software engineer" should be required to be licensed, have a graduate degree in engineering & carry at least $1 million in professional liability insurance.
And certain types of software should only be sold if approved by a software engineer.
If we had any doubt that
@realDonaldTrump
was a narcissistic fucktart, here it is again. First had to teargas protestors because he wanted a photo-op and dispel the “
#BunkerBaby
” story. Now he’s risking agents to go on another photo-op while he’s
#SuperSpreaderTrump
. 🤦🏻
Friday night is Brit-TV night in the
@ma
household.
#TheMashReport
had a great piece on having to buy flour on the black market and on
#Gogglebox
Dave the Dog steals the show again, just behind Sophie and Pete’s novelty mugs.