placeholder

Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security

On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who partici...

Click to view the original at krebsonsecurity.com

Hasnain says:

This is nuts.

““They were able to get cryptographic secrets for single sign-on cookies and remote access, full source code control contents, and signing keys exfiltration,” Adam said.

Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.”

Posted on 2021-03-31T16:03:07+0000

placeholder

Hasnain says:

I don’t even know where to begin with this one. Not against the article, mind you, it’s very well sourced and I learnt a lot about SF crime stats and policing

““In San Francisco, VC lives matter. We’re the ones employing people, bringing business, buying properties, you know, paying property taxes,” says Ellie Cachette, one of the tech investors who wants to oust Boudin, Newsom, and other San Francisco officials, and who donated $1,000 to Calacanis’ fund. “And what are we getting in return? Nothing.””

Posted on 2021-03-31T15:50:09+0000

placeholder

You Can't Trust Amazon When It Feels Threatened - Last Week in AWS

Last week, someone behind the @AmazonNews Twitter account took a fistful of pills, washed them down with a handle of Old Grand-Dad, and started tweeting. They picked fights with Bernie Sanders and Elizabeth Warren. They also argued with Wisconsin’s congressional Representative Mark Pocan. And whil...

Click to view the original at lastweekinaws.com

Hasnain says:

“But with this tweet, that entire sentiment changes from “they haven’t lied” to “they haven’t lied about something germane to cloud in a way in which I’ve caught them doing so” because we’ve just seen them lie to the world when they’re facing something that they perceive to be an existential threat to one of their lines of business (i.e., unionization).

This teaches us that—when it’s a big enough deal—Amazon will lie to us. And coming from the company that runs the production infrastructure for our companies, stores our data, and has been granted an outsized position of trust based upon having earned it over 15 years, this is a nightmare.”

Posted on 2021-03-31T15:41:14+0000

placeholder

Hasnain says:

“A mysterious fog plunged Europe, the Middle East, and parts of Asia into darkness, day and night—for 18 months. "For the sun gave forth its light without brightness, like the moon, during the whole year," wrote Byzantine historian Procopius. Temperatures in the summer of 536 fell 1.5°C to 2.5°C, initiating the coldest decade in the past 2300 years. Snow fell that summer in China; crops failed; people starved. The Irish chronicles record "a failure of bread from the years 536–539." Then, in 541, bubonic plague struck the Roman port of Pelusium, in Egypt. What came to be called the Plague of Justinian spread rapidly, wiping out one-third to one-half of the population of the eastern Roman Empire and hastening its collapse, McCormick says.”

Posted on 2021-03-31T07:56:17+0000

placeholder

Some opinionated thoughts on SQL databases - Made of Bugs

Some opinionated thoughts on SQL databases Mar 30, 2021 People who work with me tend to realize that I have Opinions about databases, and SQL databases in particular. Last week, I wrote about a Postgres debugging story and tweeted about AWS’ policy ban on internal use of SQL databases, and had occ...

Click to view the original at blog.nelhage.com

Hasnain says:

“I have a real love/hate relationship with SQL databases. They are incredibly powerful tools, and when used well can drastically simplify architectures and help solve entire classes of consistency and durability problems. At the same time, every time I interact with one, I feel like the experience is one of a thousand avoidable papercuts, and that the experience could be so much better without losing almost any of their strengths. SQL as an API is in many ways a relic from another era, and while it’s held up remarkably well, it also feels like it shows its age. The operational problems also terrify and enrage me. Databases are always going to be challenging and sources of complexity and danger, but it feels like SQL engines barely even try to offer predictability performance or to build reliable guard rails against accidentally taking the entire site down.

Posted on 2021-03-31T06:41:11+0000

placeholder

Hasnain says:

This is horrifying.

“We have these various women coming forward and telling very credible stories about how they've been abused," he said. "And the response shows a complete tone deafness and misunderstanding of how sexual assault and sexual trauma is now being understood and treated now. Besides being horrifying, it's also completely counterproductive for the Chinese state."

The Chinese embassy in London told the BBC that China stood by its assertions that the women's accounts of rape and sexual abuse were lies, and said it was reasonable to publicise private medical records as evidence.”

Posted on 2021-03-31T06:29:50+0000

placeholder

Washington Post reverses prohibition on reporter from writing about sexual assault

The newspaper had earlier told Felicia Sonmez that she could not report on the topic because of her outspokenness about it.

Click to view the original at washingtonpost.com

Hasnain says:

I still don’t get why the post ever thought it was a good idea to do this in the first place.

“The Newspaper Guild, which represents Post employees, hailed The Post’s change of heart in a statement. “We’re glad to see The Post reverse its harmful stance and allow our colleague Felicia Sonmez to do her job,” it said. “But this decision came only after much public criticism and at the expense of Felicia’s mental health. The Post must do better. The company still has much work to do to rebuild trust — internally and externally — and cultivate an inclusive workplace for all.””

Posted on 2021-03-30T19:54:03+0000

placeholder

ongoing by Tim Bray · Topfew and Amdahl

On and off this past year, I’ve been fooling around with a program called Topfew (GitHub link), blogging about it in Topfew fun and More Topfew Fun. I’ve just finished adding a few nifty features and making it much faster; I’m here today first to say what’s new, and then to think out loud ab...

Click to view the original at tbray.org

Hasnain says:

Interesting read on profiling, benchmarking, and Rust vs Go.

“I’m here today first to say what’s new, and then to think out loud about concurrent data processing, Go vs Rust, and Amdahl’s Law, of which I have a really nice graphical representation. Apologies because this is kind of long, but I suspect that most people who are interested in either are interested in both.”

Posted on 2021-03-29T20:34:04+0000

placeholder

The Next Great Disruption Is Hybrid Work—Are We Ready?

Exclusive research and expert insights into a year of work like no other reveal urgent lessons for leaders as hybrid work unfolds.

Click to view the original at microsoft.com

Hasnain says:

Very interesting report and data; echoes some of my personal feelings and highlights some more that I hadn’t thought about.

Might need to go and read the whole additional full report and not just this post.

“2. Leaders are out of touch with employees and need a wake-up call

Many business leaders are faring better than their employees. Sixty-one percent of leaders say they are “thriving” right now — 23 percentage points higher than those without decision-making authority. They also report building stronger relationships with colleagues (+11 percentage points) and leadership (+19 percentage points), earning higher incomes (+17 percentage points), and taking all or more of their allotted vacation days (+12 percentage points).”

“3. High productivity is masking an exhausted workforce

Self-assessed productivity has remained the same or higher for many employees over the past year, but at a human cost. One in five global survey respondents say their employer doesn’t care about their work-life balance. Fifty-four percent feel overworked. Thirty-nine percent feel exhausted.”

Posted on 2021-03-29T07:02:57+0000

placeholder

How Whiteness Works: JAMA and the Refusals of White Supremacy

In late February, the Journal of the American Medical Association published an episode of its JAMA Clinical Reviews podcast titled, “Structural Racism for Doctors—What Is It?” In an …

Click to view the original at somatosphere.net

Hasnain says:

This was eye opening.

“What makes this story worth telling is not the drama of an editorial shakeup at one of the world’s top medical journals. Rather, it’s the content of the podcast itself. Now, don’t get me wrong. If your goal is to understand what structural racism is and how it harms health, look elsewhere. The podcast’s errors are so naive or absurd—No physician is racist? No Black or Hispanic people experience discrimination because that would be illegal?—that it doesn’t merit a rebuttal. And if you know from experience the toll that racism takes, you may have decided early on not to listen. At best, it is a distraction, a theft of energy and time; at worst, a form of gaslighting.

Yet the podcast does serve a purpose—just not the one JAMA intended: it illustrates rather than illuminates the problem of structural racism in medicine. And not just in medicine: The conversation between Livingston and Katz succinctly presents some of the most common ways well-meaning white people (an oxymoron, if we understand whiteness properly) uphold white supremacy when talking about race. Moreover, because the podcast carried the imprimatur of the American Medical Association, it shows how white supremacy remains embedded in powerful institutions—even ones that profess liberal values of equal opportunity and health for all.”

Posted on 2021-03-29T06:03:26+0000

placeholder

Amazon started a Twitter war because Jeff Bezos was pissed

Snarky tweets targeting Senators Bernie Sanders and Elizabeth Warren came after the CEO told execs they weren’t pushing back hard enough on critics.

Click to view the original at vox.com

Hasnain says:

This helps explain the ruckus this weekend.

“Recode has learned that Amazon CEO Jeff Bezos expressed dissatisfaction in recent weeks that company officials weren’t more aggressive in how they pushed back against criticisms of the company that he and other leaders deem inaccurate or misleading. What followed was a series of snarky and aggressive tweets that ended up fueling their own media cycles.”

Posted on 2021-03-28T23:23:22+0000

placeholder

APT Encounters of the Third Kind

A few weeks ago an ordinary security assessment turned into an incident response whirlwind. It was definitely a first for me, and I was kindly granted permission to outline the events in this blog post. This investigation started scary but turned out be quite fun, and I hope reading it will be infor...

Click to view the original at igor-blue.github.io

Hasnain says:

Really well written and engaging story of an ongoing effort to reverse engineer and identify a pretty complex security breach.

“We found a bunch of malware sitting in the network collecting PII information from incoming HTTPS connection after they are decoded in a GOlang app. The data is exfiltrated through the malware network and eventually is sent to the bad guys. We have more info but I am still working on it, expect another blog post in the future with more details, samples, etc’.”

Posted on 2021-03-28T07:52:17+0000

placeholder

Hasnain says:

This is a pretty good - and scary! recap of this whole fiasco.

“Neither Netgate's responses, FreeBSD Core's, nor the off-record responses we heard from independent FreeBSD community members lead us to believe that there was in fact any process in place that could reasonably have been expected to catch this issue prior to it going out into the world in 13.0-RELEASE.

We take some heart in the fact that FreeBSD Core team's expressed a commitment to improving processes, refining tooling, and making code reviews more effective—but it's impossible to ignore the fact that this commitment comes as an afterthought to attacking "public discourse" that highlighted the need for those improved processes, refined tools, and more effective reviews in the first place.”

Posted on 2021-03-28T00:27:02+0000

placeholder

Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy

A decision to shut down exploits being used by "friendly" hackers has caused controversy inside the company's security teams.

Click to view the original at technologyreview.com

Hasnain says:

I don’t get why this is super controversial. Operations are operations, you want to stop them before they can get out of hand in case it’s a “bad” “person” doing it right? It’s not like these bugs can stay hidden forever.

“Security companies regularly shut down exploits that are being used by friendly governments, but such actions are rarely made public. In response to this incident, some Google employees have argued that counterterrorism missions ought to be out of bounds of public disclosure; others believe the company was entirely within its rights, and that the announcement serves to protect users and make the internet more secure.”

Posted on 2021-03-26T18:24:49+0000

placeholder

Amazon Just Cut Off Warehouse Workers from a Companywide Directory

"Nobody who hears about this believes that it's for anything but union-busting," an employee said. "This has never been done before."

Click to view the original at thestranger.com

Hasnain says:

This does not sound like a good sign.

“When employees tagged the Phonetool problem as "SEV1" and logged it on an internal message board, a senior human resources manager responded by saying that employees could use workarounds other than Phonetool to do their work, and then marked the issue as resolved.”

Posted on 2021-03-26T07:44:49+0000

placeholder

It 'Might Take Weeks' To Free Ship Stuck In Suez Canal, Salvage Company Says

The CEO of the Dutch company Boskalis, which is working to dislodge the 1,300-foot-long ship, compared the vessel to "an enormous beached whale."

Click to view the original at npr.org

Hasnain says:

But the memes coming out of this situation have been so glorious I don’t know where to begin.

“But Peter Berdowski, CEO of Dutch company Boskalis, which is trying to free the ship, compared it to "an enormous beached whale" and said "it might take weeks" to get the vessel off, possibly necessitating "a combination of reducing the weight by removing containers, oil and water from the ship, tugboats and dredging of sand."”

Posted on 2021-03-26T07:34:21+0000

placeholder

Pinterest and the Subtle Poison of Sexism and Racism in Silicon Valley

What happened at Pinterest fits an unnerving pattern in the tech industry that has fallen behind even legacy industries in diversity and inclusion. Janice Mins reports.

Click to view the original at time.com

Hasnain says:

““The woman got the blame as usual,” says Ozoma. “They should all be held accountable. But you know what? They can never run away from this even when their kids look their names up online. This will always be tied to them. For that, I will forever be grateful to the Internet.””

Posted on 2021-03-26T07:16:09+0000

placeholder

Old man yells at Slack

I’ve spent basically half my adult life on the internet and as I get towards my later years I am becoming increasingly grumpy about the fact that those who fail to learn from internet history are doomed to repeat it. This week’s idiots: Slack.

Click to view the original at martinbelam.com

Hasnain says:

“User stories are a great way of designing features, but when you are designing community features on the web it is also useful to have user stories that start “I am an absolute arsehole and I want to…”, which in this case would be “troll a particular user every single time they posted a comment”.”

Posted on 2021-03-25T16:14:20+0000

placeholder

Hasnain says:

The headline says it all, really.

So disappointed - and yet, not surprised, given they have a harassment problem and blocking functionality still does not exist.

Posted on 2021-03-24T22:26:02+0000

placeholder

Matrix Multiplication Inches Closer to Mythic Goal

A recent paper set the fastest record for multiplying two matrices. But it also marks the end of the line for a method researchers have relied on for decades to make improvements.

Click to view the original at quantamagazine.org

Hasnain says:

“Over the last few decades, every improvement in matrix multiplication has come from improvements in the laser method, as researchers have found increasingly efficient ways to translate between the two problems. In their new proof, Alman and Vassilevska Williams reduce the friction between the two problems and show that it’s possible to “buy” more matrix multiplication than previously realized for solving a tensor problem of a given size.”

Posted on 2021-03-24T07:19:16+0000

placeholder

rms-open-letter.github.io

Richard M. Stallman, frequently known as RMS, has been a dangerous force in the free software community for a long time. He has shown himself to be misogynist, ableist, and transphobic, among other serious accusations of impropriety. These sorts of beliefs have no place in the free software, digital...

Click to view the original at rms-open-letter.github.io

Hasnain says:

I am glad this has so many (and growing!) signatories.

There was a time when I used to respect RMS; but that went out the window a while back and I really really do not get why the foundation brought him back. The FSF has slowly been becoming more and more irrelevant, and this decision just shows how bad the board is.

“We are calling for the removal of the entire Board of the Free Software Foundation. These are people who have enabled and empowered RMS for years. They demonstrate this again by permitting him to rejoin the FSF Board. It is time for RMS to step back from the free software, tech ethics, digital rights, and tech communities, for he cannot provide the leadership we need. We are also calling for Richard M. Stallman to be removed from all leadership positions, including the GNU Project.

Posted on 2021-03-24T06:51:29+0000

placeholder

The Diversity and Inclusion Industry Has Lost its Way

As news comes of the Royal family's desire to hire a Diversity and Inclusion consultant, Kim Tran explores how the industry is at a crossroads and if it could find its roots again.

Click to view the original at harpersbazaar.com

Hasnain says:

This was a really good read. I didn’t know that the origin for many of the DEI programs today lied in an act from Kennedy’s time.

“DEI efforts should answer not to those in glass-walled corner offices, but those most impacted by the policies it creates. Administrators, rank and file staff members, and service providers should dictate what it means to be represented, how it feels to belong, and what change means. Such a shift would radically alter who qualifies to work in DEI. Instead of people like scientists and business administrators, whose allegiances are to executives, the field would depend on union organizers, coalition builders, and activists. These are not easy—perhaps not even feasible tasks—but DEI is at a crossroads.”

Posted on 2021-03-24T06:26:39+0000

placeholder

Few Bad Apples? New Study Finds That 40 Percent of Officers in a Large Police Force Are Discriminatory - ProMarket

A new paper seeks to examine whether police misbehavior is concentrated or diffuse by identifying whether highway patrol officers in Florida are more lenient towards white drivers than minority drivers when issuing speeding tickets.  In response to the tragic murder of George Floyd at the hands of ...

Click to view the original at promarket.org

Hasnain says:

This study had a really interesting methodology - they used police department data to first identify which officers are likely not biased and then used that baseline to look into indicators of bias. And the numbers are both higher and lower than I'd expect.

"A key strength of our setting is that the average officer writes hundreds of tickets over a several-year period. The high frequency of recorded activity allows us to adapt our empirical approach to estimate the degree of discrimination for each individual officer. Doing so, we find that 40 percent of officers practice discrimination. While this figure is not the majority of officers, it is hardly a few bad apples."

Posted on 2021-03-24T06:16:08+0000

placeholder

The Medical System Should Have Been Prepared for Long COVID

COVID long haulers have been breathlessly covered, but there’s nothing surprising about medically unexplained symptoms—or the reaction to them.

Click to view the original at vice.com

Hasnain says:

This goes far beyond COVID and is an indictment of the American healthcare system. Combine overworked doctors, a lack of trust in patients, and systemic biases against funding research into diseases that don’t commonly affect certain people and, well, this is the mess that you get.

“How could top scientists and medical professionals suffer collective amnesia about this crucial piece of information? Why weren’t we being warned about two types of potential COVID complications, acute and chronic?

The answer is simple: Our medical system is radically unequipped, practically and conceptually, to serve patients whose tests come back normal and whose chronic symptoms cannot be explained with a biological diagnosis or outsourced to a specialist.

Long COVID patients are far from the only ones in this situation. Millions of people suffer from similar chronic symptoms, many of them too debilitated to work a job or even leave their bed. They, too, have been told their symptoms are psychogenic. Those I spoke with recounted how they watched in horror as the first reports of post-COVID began to surface. They saw what was coming, even if the doctors and scientists didn’t.”

Posted on 2021-03-23T05:00:49+0000

placeholder

Un-bee-lievable Performance: Fast Coverage-guided Fuzzing with Honeybee and Intel Processor Trace

By Allison Husain, UC Berkeley Today, we are releasing an experimental coverage-guided fuzzer called Honeybee that records program control flow using Intel Processor Trace (IPT) technology. Previou…

Click to view the original at blog.trailofbits.com

Hasnain says:

This is some pretty cool work.

“Honeybee takes only 3.5 seconds to do what Intel’s reference decoder does in two-and-a-half minutes, which is a 44x improvement! This is the difference between stepping away while the trace decodes and being able to take a sip of water while you wait.”

Posted on 2021-03-20T02:38:59+0000

placeholder

A Letter to My Fellow Asian Women Whose Hearts Are Still Breaking

Still and always, hypersexualized, ignored, gaslit, marginalized, and disrespected as we’ve been, I am so fortified, so alive, when I’m with us.

Click to view the original at vanityfair.com

Hasnain says:

This whole piece is so heartbreaking and moving.

“Yesterday, after the prolonged delay, I finally did talk to my mother, and I asked her to please take extra care when leaving the house. I was trying not to cry, and of course I failed, and of course my mother immediately tried to reassure me. She listed all the reasons she felt okay going to the store—she had this list ready, she’d been thinking it through—and then she started trying to convince me, the one in less danger, not to leave my apartment. If I did leave, she proposed I talk more loudly than usual in English, the hope being that racist white people would know I belonged.”

Posted on 2021-03-20T02:26:17+0000

placeholder

Hasnain says:

Definitely worth reading in full, it goes into labor issues, tech, and gender discrimination.

I also don’t really understand Scalia’s statement on one case covered in the article - he tries to say that multiple individual instances of discrimination do not show bias in the aggregate, but... that does not make sense to me.

“But the Supreme Court ultimately found it didn’t matter if there was evidence that women were being paid less across the company. Writing the majority opinion, Justice Antonin Scalia denied that systematic sexism could be assumed to be the motive force behind a pay gap. “Left to their own devices most managers in any corporation,” Scalia wrote, “would select sex-neutral performance-based criteria for hiring and promotion that produce no actionable disparity at all. Others may choose to reward various attributes that produce disparate impact… still others may be guilty of intentional discrimination.” But crucially, “demonstrating the invalidity of one manager’s discretion will do nothing to demonstrate the invalidity of another’s.” As long as each manager was inflicting independent harms, there was no basis for class action status.”

Posted on 2021-03-20T01:33:11+0000

placeholder

How we found and fixed a rare race condition in our session handling - The GitHub Blog

On March 8, out of an abundance of caution, we logged all users out of GitHub.com. In this post we share technical details of the vulnerability and steps we're taking to ensure it doesn't happen again.

Click to view the original at github.blog

Hasnain says:

So this explains why everyone was logged out of GitHub the other day. Interesting technical analysis of a bug and a reminder of how hard it is to get complex code right.

“Taking a step back, a bug such as this is not only challenging from a technical perspective in how to identify complex interactions between multiple threads, deferred callbacks, and object sharing, but it is also a test of an organization’s ability to respond to a problem with an ambiguous cause and risk.”

Posted on 2021-03-19T03:14:58+0000

placeholder

Facebook's ‘Red Team X’ Hunts Bugs Beyond the Social Network's Walls

The internal hacking team has spent the last year looking for vulnerabilities in the products the company uses, which could in turn make the whole internet safer.

Click to view the original at wired.com

Hasnain says:

This is a pretty cool profile of a team within the security org at Facebook. The lede sums it up well:

"IN 2019, HACKERS stuffed portable network equipment into a backpack and roamed a Facebook corporate campus to trick people into joining a fake guest Wi-Fi network. That same year, they installed more than 30,000 cryptominers on real Facebook production servers in an attempt to hide even more sinister hacking in all the noise. All of this would have been incredibly alarming had the perpetrators not been Facebook employees themselves, members of the so-called red team charged with spotting vulnerabilities before the bad guys do. "

Posted on 2021-03-18T21:48:01+0000

placeholder

AAJA Guidance on Atlanta Shootings, Asian American Journalists Association

March 17, 2021 AAJA Guidance on Atlanta Shootings Contact: Naomi Tacuyan Underwood, Executive Director / naomitu@aaja.

Click to view the original at aaja.org

Hasnain says:

While I’m still processing the terrible, racist shootings in Atlanta yesterday, I found this useful - not just for journalists, but for us everyday folk learning more about this so we can empathize. I’d known a bit superficially about the history of anti-Asian racism in the US but the more I learn the more horrified I get.

“Understand anti-Asian racism and invisibility. Racism against AAPIs is highly nuanced, complex, and has remained historically invisible, and includes a long history of hypersexualization of Asian women that is rooted in Westernized and colonial perceptions of Asia.

This is inextricably linked to harassment and sexualized violence against Asian women. Women of Asian descent have reported 2.3 times more incidents of violence than AAPI men, according to a new Stop AAPI Hate report of nearly 3,800 hate incidents reported since March 2020. “

Posted on 2021-03-17T20:00:57+0000

placeholder

Exclusive: 'Landlord from Hell' Defends Terrorizing Apartment Tenants

Kip Macy, 38, and his wife, Nicole Macy, 37, were deemed "landlords of hell" by authorities for menacing the tenants of their San Francisco apartment building.

Click to view the original at abcnews.go.com

Hasnain says:

I just learnt today that this is the guy that contributed a lot of the wireguard code to pfsense and is still going strong.

Also who the hell saws their tenant’s floor?!

“Eventually he and Nicole Macy were arrested at Kip Macy's parents' house in 2008 and released on $500,000 bond, for which Kip Macy's parents drained much of their retirement savings to pay. His mother Marie even sold her jewelry to help finance their release. Once free, Kip and Nicole Macy jumped bail, fleeing to Italy, leaving Kip Macy's father and mother, potentially at a loss of half a million dollars.”

Posted on 2021-03-17T02:56:43+0000

placeholder

Atlas: Our journey from a Python monolith to a managed platform

Dropbox, to our customers, needs to be a reliable and responsive service. As a company, we’ve had to scale constantly since our start, today serving more than 700M registered users in every time zone on the planet who generate at least 300,000 requests per second. Systems that worked great for a s...

Click to view the original at dropbox.tech

Hasnain says:

“In our view, developers don’t care about the distinction between monoliths and services, and simply want the lowest-overhead way to deliver end value to customers. So we have very little doubt that a managed platform which removes operational busywork like capacity planning, while providing maximum flexibility like fast releases, is the way forward. We’re excited to see the industry move toward such platforms.”

Posted on 2021-03-16T08:36:36+0000

placeholder

30 current and former Mailchimp employees detail the conditions that led to a 'mass exodus' of women and people of color

Mailchimp employees repeatedly complained about problematic executives and bosses. They say the company turned a blind eye.

Click to view the original at businessinsider.com

Hasnain says:

What the actual.. This quote is not even the worst bit, it keeps getting worse

“Konikowski quit, but her managers — both white men — were eventually promoted to senior management. Van Aalten said the promotions troubled them because one of those managers had called them a Nazi, despite knowing they are Jewish. Multiple former Mailchimp employees also said that the manager questioned whether people with Down's Syndrome were "real people" because they inherit an extra chromosome.”

Posted on 2021-03-16T07:35:15+0000

placeholder

A Hacker Got All My Texts for $16

A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.

Click to view the original at vice.com

Hasnain says:

This attack is quite scary.

“"While text message forwarding might have legitimate applications for businesses, the particular implementation underpinning this attack is appallingly weak in security and data privacy. Telcos have different ways of authenticating their customers, obviously including text messaging. The fact that none of these authentication methods are used in this case to get consent from the owner of a forwarded phone number is shocking," Nohl added.”

Posted on 2021-03-15T23:32:14+0000

placeholder

Answers on grant reports if nonprofits were brutally honest with funders

[Image description: A cute little raccoon, standing in the grass, one paw raised. They look serious. But so cute! Admit it, this is one of the cutest raccoons you’ve ever seen. Not sure this …

Click to view the original at nonprofitaf.com

Hasnain says:

“How did you spend the grant that we provided you? The grant you gave us went into our bank account, which is used to pay for everything. Disaggregating what you paid for versus what others paid for is one of those meaningless time-wasting activities you force on us that harm our work. Here’s a detailed financial report of every expense we made this year. Look through it, and if it makes you feel better to think that you paid for books for low-income children and not staff salaries or whatever, please use your own time to craft that delusion.”

Posted on 2021-03-14T08:38:39+0000

placeholder

Hasnain says:

“Then I started thinking about it, and realized there’s no way this happened in a vacuum. It’s unlikely that Ryan Parr saw my tweet and immediately escalated it to, “We’re sending this to our legal team.” I think it speaks a lot to their company culture that things went this far. I wonder how many people they’ve threatened with legal action like this. How many people didn’t have the time or the energy to stand up for themselves in the face of a three billion dollar company’s legal team coming after them? It honestly makes me a little sick.”

Posted on 2021-03-13T18:20:40+0000

placeholder

Hasnain says:

Interesting take on this whole story from an HR perspective

“The core of Google’s culture is to thrust ahead and discover operational flaws as the result of execution. This “move quickly and break things” approach is at the heart of many Silicon Valley firms. The paper urges restraint, research discipline, preplanning, consideration of all stakeholders and investigation of alternative approaches.

It’s hard to imagine a more sensible approach. It’s also hard to imagine a more substantive critique of the culture at Google. It is easy to understand why the company’s leadership responded as they did.”

Posted on 2021-03-12T18:59:09+0000

placeholder

Analysis | Homes in poor neighborhoods are taxed at roughly twice the rate of those in rich areas, study shows

The methods cities use to assess property values skew the final effective tax rates dramatically, according to a review of 26 million home sales.

Click to view the original at washingtonpost.com

Hasnain says:

Today I learnt CA does this very differently from other states. I’m annoyed they left CA out of the dataset but it makes sense since the inequality here is quite different; though equally bad (damn you prop 13!)

““This is an example of structural racism,” Berry said. “African Americans and other minorities are more likely to own low-priced homes. This means that minorities are more likely to be overtaxed because they are more likely to own low-priced homes.””

Posted on 2021-03-12T18:47:19+0000

placeholder

How Snobbery Helped Take The Spice Out Of European Cooking

Complex, contrasting flavors are a hallmark of Indian cooking. They used to dominate Western food, too. What changed? When spices became less exclusive, Europe's elite revamped their cuisines.

Click to view the original at npr.org

Hasnain says:

Interesting historical take. It’s not 100% clear how they went from that data to this conclusion though.

“Serving richly spiced stews was no longer a status symbol for Europe's wealthiest families — even the middle classes could afford to spice up their grub. "So the elite recoiled from the increasing popularity of spices," Ray says. "They moved on to an aesthetic theory of taste. Rather than infusing food with spice, they said things should taste like themselves. Meat should taste like meat, and anything you add only serves to intensify the existing flavors."”

Posted on 2021-03-12T18:28:46+0000

placeholder

IceCube detection of a high-energy particle proves 60-year-old theory

On December 6, 2016, a high-energy particle called an electron antineutrino hurtled to Earth from outer space at close to the speed of light carrying 6.3 petaelectronvolts (PeV) of energy. Deep inside the ice sheet at the South Pole, it smashed into an electron and produced a particle that quickly d...

Click to view the original at icecube.wisc.edu

Hasnain says:

6.3 PeV packed into one small antineutrino is amazing

“Sheldon Glashow first proposed this resonance in 1960 when he was a postdoctoral researcher at what is today the Niels Bohr Institute in Copenhagen, Denmark. There, he wrote a paper in which he predicted that an antineutrino (a neutrino’s antimatter twin) could interact with an electron to produce an as-yet undiscovered particle—if the antineutrino had just the right energy—through a process known as resonance.”

Posted on 2021-03-12T08:00:33+0000

placeholder

Hasnain says:

Very long and interesting read; mix of a human interest story, tech company origin stories, and the issues behind ethical AI and misinformation.

“Near the end of our hour-long interview, he began to emphasize that AI was often unfairly painted as “the culprit.” Regardless of whether Facebook used AI or not, he said, people would still spew lies and hate speech, and that content would still spread across the platform.

I pressed him one more time. Certainly he couldn’t believe that algorithms had done absolutely nothing to change the nature of these issues, I said.

“I don’t know,” he said with a halting stutter. Then he repeated, with more conviction: “That’s my honest answer. Honest to God. I don’t know.””

Posted on 2021-03-11T16:58:10+0000

placeholder

Hasnain says:

This was a pretty good read on how tailscale designed a new type to represent IPs in Go and various trade offs considered.

This was quite well written - it’s hard to write things that are both technically accurate and engaging at the same time, and this did both.

“Being written almost entirely in Go, the obvious choice would be for Tailscale to use the Go standard library’s net.IP address type for individual IPs and net.IPNet type for networks. Unfortunately, the standard library’s types have a number of problems, so we wrote a new package, inet.af/netaddr (github) containing a new IP type and more.”

Posted on 2021-03-11T03:40:42+0000

placeholder

Almost all young women in the UK have been sexually harassed, survey finds

Exclusive: YouGov poll reveals extent of abuse and lack of faith in authorities’ ability to deal with it

Click to view the original at theguardian.com

Hasnain says:

:| this study says 96% of women polled in the age range 18-24 had experienced some form of sexual harassment at work.

“Bates pointed to TUC/Everyday Sexism research that found 52% of women had experienced sexual harassment at work, and of the one in five who had reported it, three-quarters said nothing had changed, while 16% said they were treated worse as a result.”

Posted on 2021-03-10T17:19:10+0000

placeholder

Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals

A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.

Click to view the original at bloomberg.com

Hasnain says:

Ouch.

“In a video seen by Bloomberg, a Verkada camera inside Florida hospital Halifax Health showed what appeared to be eight hospital staffers tackling a man and pinning him to a bed. Halifax Health is featured on Verkada’s public-facing website in a case study entitled: “How a Florida Healthcare Provider Easily Updated and Deployed a Scalable HIPAA Compliant Security System.””

Posted on 2021-03-10T03:08:12+0000

placeholder

Why I Did Not Go To Jail - Andreessen Horowitz

BY BEN HOROWITZ A lot of people have been asking me what my upcoming book, The Hard Thing About Hard Things, will be like. Here's a piece that I wrote for the book that did not make the cut. I still think it's a pretty good story and gives you a flavor. I just tell the truth so I'm cool in every hoo...

Click to view the original at a16z.com

Hasnain says:

This was an interesting little anecdote. I’m also surprised the SEC went after so many companies for an issue like this. Trying to leave a quote without spoilers:

“In retrospect, the only thing that kept me out of jail was some good luck and an outstanding General Counsel, and the right organizational design.”

Posted on 2021-03-09T06:47:27+0000

placeholder

Remembering Allan McDonald: He Refused To Approve Challenger Launch, Exposed Cover-Up

NPR > Obituaries Remembering Allan McDonald: He Refused To Approve Challenger Launch, Exposed Cover-Up By Howard Berkes Sunday, March 7, 2021 • 3:09 PM EST On Jan. 27, 1986, Allan McDonald stood on the cusp of history.McDonald directed the booster rocket project at NASA contractor Morton Thiokol. ...

Click to view the original at text.npr.org

Hasnain says:

If only more engineers were this ethical.

“The focus of the commission's investigation shifted to the booster rocket O-rings, the efforts of McDonald and his colleagues to stop the launch, and the failure of NASA officials to listen.

Morton Thiokol executives were not happy that McDonald spoke up and demoted him.”

Posted on 2021-03-08T07:40:37+0000

placeholder

Complaints to Google about racism and sexism met with therapy referrals

“I can think of 10 people that I know of in the last year that have gone on mental health leave because of the way they were treated,” said one employee.

Click to view the original at nbcnews.com

Hasnain says:

“Workplace diversity and inclusion experts say it is common for human resource officials to use mental health and well-being as a tactic to ignore discrimination — and even participate in it.

“The broader pattern of HR not being supportive, continuing to make the person who was discriminated against the problem in some way rather than the discrimination and the perpetrator of the discrimination as the problem — those are patterns that we have seen in our research,””

Posted on 2021-03-07T18:11:19+0000

placeholder

Hasnain says:

“There’s a very simple moral to this story, which Americans won’t want to hear. Capitalism destroyed their lives. It has destroyed their kids in so, so many ways. Making them suffer the trauma of “active shooter drills,” Making little seven year old girls set up lemonade stands to pay for brain cancer operations. Making little kids pay “lunch debt” — or go hungry. But perhaps the worst way of all that capitalism has hurt America’s kids is by making it impossible to have kids. Yesterday’s kids, who are today’s millennials, are on the cusp of an adulthood they can never reach. Their jobs don’t pay enough, they can’t afford homes of their own, where is there decent to work anyways — so who can have kids? Capitalism exploited yesterday’s kids so badly that today’s can’t have them, should they want them.”

Posted on 2021-03-05T21:36:01+0000

placeholder

There and back again: My journey through the world of RDMA and fast RPCs

Editor’s notes: We invite SIGOPS award winners to write about backstories behind the award-winning work. In this article, Anuj Kalia shares his journey of his PhD dissertation--"Efficient Remote Procedure Calls for Datacenters"--which received the Honorable Mention for the 2020 Dennis M. Ritchie A...

Click to view the original at sigops.org

Hasnain says:

Pretty good read on systems research and one person’s journey through their PhD.

“Although eRPC builds on top of many research results, I could have in theory built eRPC in my first year. For several years, I mistakenly—but for good reason—believed that RDMA and/or lossless networks were necessary for good performance. I and other researchers did not consider end-to-end designs that do not rely on in-network support because we believed that such designs would not perform well, in part because we had not found all the required optimizations. In the end, we re-discovered an essential lesson from the end-to-end arguments paper: “Using performance to justify placing functions in a low-level subsystem must be done carefully. Sometimes, by examining the problem thoroughly, the same or better performance can be achieved at the high level.” “

Posted on 2021-03-05T08:29:01+0000

placeholder

Commentary: A Farewell to Ithaca College after 18 years | The Ithacan

It’s our contingent and NTEN faculty who are engaged in some of the most innovative, intersectional, progressive teaching on campus.

Click to view the original at theithacan.org

Hasnain says:

This is short and depressing - but worth reading; and please try to avoid going “WTF” at the end (you have been warned)

“The good news: after a year of planning and writing, I got the grant.

The bad news: both faculty co-chairs of the Climate Action Group are now among those losing their jobs as a consequence of Academic Program Prioritization, which, as far as I can see, is disaster capitalism for higher education.”

Posted on 2021-03-05T08:20:45+0000

placeholder

Multimodal Neurons in Artificial Neural Networks

We’ve discovered neurons in CLIP that respond to the same concept whether presented literally, symbolically, or conceptually.

Click to view the original at openai.com

Hasnain says:

This attack is amazing - need to read the paper more in depth later. The tool recognizes an apple properly, but if you write “iPod” on it the model suddenly thinks it’s an iPod.

“We refer to these attacks as typographic attacks. We believe attacks such as those described above are far from simply an academic concern. By exploiting the model’s ability to read text robustly, we find that even photographs of hand-written text can often fool the model. Like the Adversarial Patch,22 this attack works in the wild; but unlike such attacks, it requires no more technology than pen and paper.”

Posted on 2021-03-04T23:19:46+0000

placeholder

Tesla called her a criminal. Her fight could be a milestone for employees' rights

Former engineer says Tesla forced her out and then libeled her. Her lawsuit against the company is testing the limits of the arbitration agreements that bind millions of American workers.

Click to view the original at latimes.com

Hasnain says:

This is horrible - I hope the fight for employees rights succeeds here.

“The success of the Model S project was the top priority at Tesla in April 2014, when Balan was walked into that security office. According to Balan’s recollection, the HR manager strongly suggested she drop her complaints about the supplier contracts. Balan said no. “OK, this is your exit interview,” Balan recalls being told. She was handed resignation papers and asked to sign them. When she protested, she said, a Tesla official threatened to have her led outside in handcuffs and told her, “This is what happens if you don’t know how to keep your mouth shut.””

Posted on 2021-03-04T18:31:17+0000

placeholder

Hasnain says:

This whole thing has been blowing up on Twitter, and I agree with this take here. This seems like a fairly straightforward way to provide evidence of an extraordinary claim.

“Show Me the Factors

According to the claims in Schnorr’s paper, it should be practical to set significant new factoring records. There is a convenient 862-bit RSA challenge that has not been factored yet. Posting its factors, as done for the CADO-NFS team’s records, would lend credence to Schnorr’s paper and encourage more review of the methodology.”

Posted on 2021-03-04T03:27:39+0000

placeholder

O11ycast | Ep. #34, Diminishing Complexity with Jaana Dogan of AWS | Heavybit

In episode 34 of o11ycast, Charity and Liz speak with Jaana Dogan of AWS. They discuss Jaana’s career journey, life before observability tools, and reducing system complexity within large organizations.

Click to view the original at heavybit.com

Hasnain says:

This was a pretty engaging read (/ podcast, but I read the transcript), from folks who are doing industry leading work in this space.

“You know, if you're not coming to a small team, working on a small project, most of the time you're looking at this huge code base with so many different components and you don't necessarily have a great big picture understanding of what actually it does, plus how it behaves.”

Posted on 2021-03-03T05:52:45+0000

placeholder

On The Experience of Being Poor-ish, For People Who Aren't

Meta-Note: I’m sorry it’s been so long between articles; for better or worse writing here is something that I do for fun, and sometimes work and family get in the way. In this case, I was spending a lot of time trying to learn SQL; you will be pleased to note I am now able to pad my resume with ...

Click to view the original at residentcontrarian.substack.com

Hasnain says:

Very insightful, I learnt a bunch from this perspective.

“When someone is telling me they are or have been poor and I’m trying to determine how poor exactly they were, there’s one evergreen question I ask that has never failed to give me a good idea of what kind of situation I’m dealing with. That question is: “How many times have they turned off your water?”.”

Posted on 2021-03-02T04:44:18+0000

placeholder

Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses

Abstract The “eternal war in cache” has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict javaScript features deemed essential for carrying out attacks. A recent proposal following...

Click to view the original at orenlab.sise.bgu.ac.il

Hasnain says:

This paper will be fun to read when it’s out...

“We follow a line of research that perform website fingerprinting attacks. We develop a sequence of attacks with progressively decreasing dependency on JavaScript features, culminating in the first browser-based side-channel attack which is constructed entirely from Cascading Style Sheets (CSS), and therefore works even when script execution is completely blocked.”

Posted on 2021-03-01T06:46:01+0000

placeholder

First vaccine to fully immunize against malaria builds on pandemic-driven RNA tech

Consistently ranked as one of the leading causes of death around the world, malaria doesn’t have an effective vaccine yet. But researchers have invented a promising new blueprint for one — with properties akin to the novel RNA-based vaccine for COVID-19.

Click to view the original at academictimes.com

placeholder

Weird architectures weren't supported to begin with

It’s also been rewritten 2½ times, and (I think) reads confusingly in places. But I promised myself that I’d get it out of the door instead of continuing to sit on it, so here we go.

Click to view the original at blog.yossarian.net

Hasnain says:

Very good take on open source ecosystems; support; and the whole Rust fiasco going on with python’s cryptography package.

“I put this one last because it’s flippant, but it’s maybe the most important one: outside of hobbyists playing with weird architectures for fun (and accepting the overwhelming likelihood that most projects won’t immediately work for them), open source groups should not be unconditionally supporting the ecosystem for a large corporation’s hardware and/or platforms.”

Posted on 2021-03-01T02:56:39+0000