Hackers Tell the Story of the Twitter Attack From the Inside (www-nytimes-com.cdn.ampproject.org)

Twiter Hack 1

Mr. O’Connor said other hackers had informed him that Kirk got access to the Twitter credentials when he found a way into Twitter’s internal Slack messaging channel and saw them posted there, along with a service that gave him access to the company’s servers. People investigating the case said that was consistent with what they had learned so far. A Twitter spokesman declined to comment, citing the active investigation.

An update on our security incident (blog.twitter.com)

The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections

Twitter Hack 2: Massively owned but it’s great to read a first pass on the post mortem.

WebGazer.js: Democratizing Webcam Eye Tracking on the Browser (webgazer.cs.brown.edu)

WebGazer.js is an eye tracking library that uses common webcams to infer the eye-gaze locations of web visitors on a page in real time. The eye tracking model it contains self-calibrates by watching web visitors interact with the web page and trains a mapping between the features of the eye and positions on the screen. WebGazer.js is written entirely in JavaScript and with only a few lines of code can be integrated in any website that wishes to better understand their visitors and transform their user experience. WebGazer.js runs entirely in the client browser, so no video data needs to be sent to a server, and it requires the user’s consent to access their webcam.

Played around with it a bit. It’s insanely accurate after a first calibration pass… and it’s written in JavaScript!

Huawei 5G kit must be removed from UK by 2027 (bbc.com)

Mr Dowden added that the cumulative cost of the moves when coupled with earlier restrictions announced against Huawei would be up to £2bn, and a total delay to 5G rollout of "two to three years".

Something you can do, but probably not solving the problem you wanted to solve.

WindowSwap (window-swap.com)

Let’s face it. We are all stuck indoors. And it’s going to be a while till we travel again. Window Swap is here to fill that deep void in our wanderlust hearts by allowing us to look through someone else’s window, somewhere in the world, for a while. A place on the internet where all we travel hungry fools share our ‘window views’ to help each other feel a little bit better till we can (responsibly) explore our beautiful planet again.

It’s brilliant!

The Future Of Workspaces Will Be Unrecognizable (forbes.com)

Many startups, ours included, have operated in an exclusively remote capacity from the start. Yet many organizations hadn’t embraced a work-from-home culture, due in part to the cost associated with establishing the infrastructure to make it work, as well as the cultural shift that running a remote team requires.

Covid-19 instantly changed that, and because the novel coronavirus has no known cure or vaccine at this time, the path back to “normal” will likely be a long one. When it does finally come time to return to the office, it likely won’t resemble anything we would recognize from before. Here’s why.

Normal is a long way away if it ever comes back. Change is the only steady thing after all. I’d be not hugely surprised of there will be 2 camps going forward: Companies that evolve and support WFH entirely and companies that seek to go back to "what always worked in the past" and force their people back into their office for better or for worse. I’m happy to work with a completely remote team 🙂

A Terrible, Horrible, No-Good, Very Bad Day at Slack (slack.engineering)

The broken monitoring hadn’t been noticed partly because this system ‘just worked’ for a long time, and didn’t require any change.

I don’t laugh about others downtime – Today it’s theirs tomorrow we’re in the rotation of something spinning out of control. Slack published 2 very good articles – This one is the technical one and a good read on the whole situation.

All Hands on Deck. What does Slack do when Slack goes… (slack.engineering)

4:51PM One of the responders declares, “we’re about to go offline, we just lost all main_wwws in the webapp pool”. This is the moment where you feel the blood drain from your face. What does Slack do when Slack goes down? In such unfortunate situations where we aren’t able to rely on Slack, we have prescribed alternative methods of communication. Following incident runbooks, we quickly moved to the incident Zoom and elevated the response to a Sev-1, our highest severity level. Executives were paged, per the runbook. A company-wide email was sent out, with links to department specific runbooks for full site outages. Our real-time client instrumentation, which sends telemetry to an isolated endpoint, showed that success rate on the clients had dipped to abysmal levels. It was all hands on deck at this point.

Post Mortems are an art form. Slack shows so many great details in this overview on handling this outage. Must-Read for Ops people.

Department of Health website saw 760% rise in traffic at peak of COVID-19 (themandarin.com.au)

The Services Australia website experienced a 650% rise in traffic. The agency worked closely with the GovCMS team to increase database capacity so the website could handle heavy traffic, according to Services Australia general manager Susie Smith. […] Meanwhile, health.gov.au experienced a 760% increase in traffic, with up to 6 million visits a day during the busiest times.

Do good and talk about it: Most of those sites run on our Platform 🎉

SUSE to Acquire Rancher Labs (rancher.com)

SUSE, the world’s largest independent open source company, has entered into a definitive agreement to acquire Rancher Labs. Based in Cupertino, Calif., Rancher is a privately held open source company, providing a market leading Kubernetes Management platform.

Ok didn’t see Suse sneaking up and buying Rancher. That’s a surprise. Guess I need to get my YAST skills back in shape.

13 lessons learned from taking 8 AWS certification tests in 4 weeks (medium.com)

Some good bits if you are taking a AWS certificate soon 🙂