So, my thoughts on engineering performance management have always been a bit idiosyncratic, but Matt's tweets today have me reflecting, so... storytime. 1/

It's Friday, so I want to share one of the most fun projects I've ever worked on. A few years ago, I built four eight-foot-long handwriting robots. We wrote many thousands and thousands of addresses on our direct mail, and wrote personal messages for high value prospects.

v1 of Mermaid to Excalidraw library is out 🚀 Highlights: Actor creation and destruction are now supported in Sequence diagrams ✨ By Aakansha Doshi 💜

htmx sucks, btw htmx.org/essays/htmx-su…

Things I don't like seeing on github trending: AI/LLMs and CVE PoCs. What happened to normal software projects?

PSA for Cybersecurity folk: Our co-workers are tired of being "tricked" by phishing exercises y'all, and it is making them hate us for no benefit. I have many thoughts that won't fit in a (non-bluecheck) tweet, so you can find them here: security.googleblog.com/2024/05/on-fir…

Quite possibly one of the most insane defaults in SharePoint/OneDrive: Allow guests to share items they don't own 🫠 Bonus points for hiding it under "More external sharing settings" which is not expanded by default...

John Carmack dropped a take so hot I had to do a video about it, just posted!

THREAD: Show this to your IT manager on why you MUST deploy adblocking like uBlock Origin

🚨 NEW: Operations across 2 major London hospitals Guy's and St Thomas' & King's College NHS have been cancelled due to a cyber attack, with all transplant surgery at Royal Brompton and Harefield axed. Problem is affecting pathology labs incl blood transfusions. Trauma cases at Kings being sent to other sites:

Hot off the press from watchTowr Labs member SinSinology, with a nice side of silent patching from Veeam 😉 details to come later (CVE-2024-40711 and friends..). Special thanks to Soroush Dalili for his help with this exploit!

In August, watchTowr Labs hijacked parts of the global .mobi TLD - and went on to discover the mayhem that we could cause. Enjoy.... labs.watchtowr.com/we-spent-20-to…

Geekcamp is BACK! We are now opening our CFP for all geeks to come share their knowledge with us on the 7th of December! sessionize.com/geekcampsg2024 If you (or your friends or colleagues) are interested in speaking, submit your talks at the link above! CFP closes on 31st Oct.

Some Fortinet Nday.. for now.... :-) CVE-2024-23113 labs.watchtowr.com/fortinet-forti…

Great read from swyx swyx.io/create-luck

1/ Devcon is not a conference, but an experience that shows you why Ethereum is different. The strong culture and values of Ethereum were on full display throughout the week. Our Devcon team worked tirelessly to create the space, but it was not complete without every one of you

8 million requests, $400 later - we’re back. 🚀 We have demonstrated supply chain attacks that could have allowed us to trivially compromise critical infra. networks, including .gov, .mil, and more. This is real Attack Surface Management. labs.watchtowr.com/8-million-requ…

If you decide to make your software available under an address you don’t control forever, don’t be surprised when someone else takes over after you abandon it. Your users might not enjoy the surprise software updates.

Over the past year, watchTowr Labs has uncovered repeated, severe credential + secret exposures by major orgs, governments and more. We’ve been quietly working with affected orgs + (inter)national CERTs to support a coordinated response. Our latest research drops tomorrow.

In the last few weeks, we somehow surpassed 10,000 followers on X. We anticipate this to be short-lived when most people realise we publish drivel and poor-quality memes - but in the meantime, thank you! 🫡