Stanley Zheng

So I guess we're migrating to 🐦 => mastodon 🦣 HMU: @stanley" target="_blank" rel="nofollow noopener">mastodon.social/@stanley

We found a public AI repo on GitHub, exposing over 38TB of private files – including personal computer backups of @Microsoft employees 👨‍💻 How did it happen? 👀 A single misconfigured token in @Azure Storage is all it takes 🧵⬇️

For more details about this exposure, as well as a breakdown of potential risks and recommendations in using SAS, read the full blog post by @hillai 👇 wiz.io/blog/38-teraby…

@byungkrs push to master. no PR review required

My dream gig is reviewing PRs and leaving feedback without attending more than 1.5 hour of meeting per day.

On Sunday, July 9, 2023, early morning UTC time, we observed a high number of DNS resolution failures — up to 7% of all DNS queries across the Asia Pacific region. Here's what happened: cfl.re/44CUS9J

@soychotic wow what in the world ⁉️ first thing that came to mind 🚩 Red flag    ⛳️Green Flag 🚩 Red flag giphy.com/clips/netflix-…

Holy shit. We finally hired another dev a few weeks ago… I gave him access to the codebase yesterday… and suddenly he up and quit today FUCK whoever made this god damn repo

long time on bird website #MyTwitterAnniversary

@Rolex_Jodieres @nycgov But even if they did and so did @NYC_GOVERNMENT pay the $8 how can you tell anyway which one is the real one if everyones subscribing for checkmarks. @nycgov will have it. @nycmayorgov will one .. @nyc_gov_official will have one.. you can just keep making up new user names..

@nycgov You pay for your check mark, as much as you want to collect taxes. Lead by example. Imagine if people/businesses would not want to pay their own taxes to the government. Besides, the government collects taxes from Twitter too. Your ego becomes a hindrance to your way of service.

(Gray) Check yourself.

Curious how many people actually signed up for Twitter Blue yesterday and today? Well, I've got the numbers and I'll be telling them to @JoyAnnReid on MSNBC in ten minutes. Here's a hint: They were net +28 between signups and cancellations. Not 2,800. Twenty-eight.

@noneck lawful evil, find nearby dock and redock it. i do it with abandoned bikes I find in neighborhoods / damaged.

Introducing acropalypse: a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to @David3141593 for his help throughout!

@bettersafetynet @N3bberz within reason plausible they setup some auth and network connectivity between work <-> home-setup (whether or not they should have). i'd like to think this explaination than a a very senior tenured eng installed plex and directly doing work on an insecure home server as a norm.

@bettersafetynet @N3bberz i was wondering this to but i know who people run thin clients as their computer but remote into a more beef home setup. (especially in the chaos of M1 macs and arm setups). it could be a case then the network connectivity or sensitive workloads were being done on their homebox

Just so I'm tracking this... They used plex to get on the admin's home machine... but then the admin did what? VPN into work while a keylogger was running? There's a lot of orgs that have that problem, right? Is the fix here never VPN in from non-corp hardware?

New details on the 2nd LastPass incident are fun: - got into Sr DevOp's home via vuln media software - installed keylogger - got master pass to corp vault (seemingly because it was being accessed from home computer) Cool to see that LastPass is sharing this level of detail. Most companies are vulnerable to an attack like this. Main post: support.lastpass.com/download/lastp… Incident 1 details: support.lastpass.com/help/incident-… Incident 2 details: support.lastpass.com/help/incident-…

@vedant_6 working for large municipal government (nyc) this is totally written into the policy. (otherwise its viewed as stealing from tax payers / wage theft 🤷‍♂️) it is bureacratic but rarely enforced but there are policy endorsed permissions slips to verify tardiness by train delay.

This is an indication that it's time to leave.

Today is the day. Web Push on iOS. webkit.org/blog/13878/web…

@EricJorgenson doing the math. quantified revenue/society impact ---- divided by --- # of people x The biggest number that is close to 1 for organizations of 2 or more. goes against the definition of an "organization"to count a single person. If a person counts then biggest number >=1 ?

What organization do you think has the highest % of extremely competent individuals?

@jamesperkins trueup.io/layoffs Quarter of a million since August

Your app is getting better. It has more features, more active users, and every day it collects more data. Your database is now causing the rest of your application to slow down.

so excited to share with you all: a new @GitHubNext addition to Copilot Labs... ✨ Code Brushes ✨ We wondered how we could make editing your code feel as tactile and easy as paint with a brush in Photoshop? writeup: githubnext.com/projects/code-… and 🧵