IndyWatch Education Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Education Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Education Feed was generated at Community Resources IndyWatch.

Wednesday, 17 October

21:45

How to start using Curl and why: a hands-on introduction "IndyWatch Feed Education"

A beautiful beast for a beautiful program. Source: Pixabay

Whether its testing the output of an API before deploying it to production, or simply fetching a response from a website (for instance, to check its not down), Curl is practically omnipresent.

As a Data Scientist Ive had to use it from time to time. However, more often than not I ended up just replacing parameters from a copied and pasted curl command that went around my teams Slack channel.

I decided I needed to understand this powerful tool better if I wanted to use it to its full potential, and now Im here to share some of the most interesting things I found in this curl tutorial.

If you have any tips or tricks youd like to add, please do so in the comments, as my understanding of this tool is still in its early stages.

Curl: What is it good for?

Curl is a command-line tool that allows us to do HTTP requests from shell. It also covers many other protocols, like FTP, though they go beyond the scope of this tutorial.

Its name stands for Client URL, and it was developed by Swedish developer Daniel Stenberg. It is an open source project, and its code can be found here, in case you feel like contributing.

You can invoke it from your favorite terminal, and it usually comes pre-installed in Linux-based OSs. Otherwise, it can normally be downloaded through apt-get on Linux, and brew on Mac.

Calling a GET method

In its most basic form, a curl command will look like this:

curl http://www.dataden.tech

The default behavior for curl is to invoke an HTTP GET method on the given URL. This way, the programs output for that command will be the whole HTTP responses body (in this case, HTML) the site returns on a GET, which will be written as given on stdout.

If you wish to read through a response without leaving the shell, Id recommend at least piping it into a less command, to be able to easily scroll through the output.

Many times well wish to direct the responses contents into a file. This is done with the -o argument, like this:

curl -o output.html www.dataden.tech

which is equivalent to:

curl www.dataden.tech > output.html

Optionally, you can specify the URL of the site you wi...

21:40

Pragmatic rules of web accessibility that will stick to your mind "IndyWatch Feed Education"

"The Paralympic Games is about transforming our perception of the world."Stephen Hawking
The same could be thought for web accessibility.

I first started to work with web accessibility back in 2015, at an American retail giant. It had just gotten a hefty lawsuit, as its website failed to comply with the Americans with Disabilities Act (ADA). After that happened, my team and I worked extensively on the ADA compliance, when I was introduced to many web accessibility principles.

However, over the next years, I found myself constantly violating such principles, even though I was regularly working with them. Somehow, I would never remember them properly while I was coding. I wouldn't admit it, but I definitely had not fully internalized these principles.

Eventually, I decided that the time had come to invest my time into boiling things down into simple, pragmatic rules which are easy to remember. I finally did just that, and they have been working quite well for me ever since.

This article has 2 sections: What is web accessibility? and 3 pragmatic rules of web accessibility. In the first section, I give a refresher on web accessibility and share my experience with it. But if you would rather cut to the chase, then just go straight to the second session: 3 pragmatic rules of web accessibility.

What is web accessibility?

As I mentioned, back in 2015 my company got sued for not complying with the ADA.

The ADA is a civil rights law that

prohibits discrimination against individuals with disabilities in all areas of public life, including jobs, schools, transportation, and all public and private places that are open to the general public.

This way, the ADA requires that businesses, state and local governments, and nonprofit services providers make accommodations for the disabled public to access the same services as able-bodied patrons. Similarly, federal government agencies are required to comply with a federal law called Section 508.

In the context of the web, any public website in the USA failing to comply with the ADA or Section 508 is in reality excluding several groups of users with varying degrees of impairments.

On the other hand, the inclusive practice of making a website's content available to everyone and its functionality able to be operated by anyone is understood as...

21:28

How to build a reactive Joystick as a single RxJS Observable stream "IndyWatch Feed Education"

We are all likely familiar with the concept of a Joystick.

We start holding the handle of the Joystick, we move the handle around, and when we release it, the handle gently goes back to its initial position.

Now, what if we want to build some sort of software component that simulates the behaviour of a Joystick in the browser?

Well, with RxJS this turns out to be pretty simple. And it is also an interesting exercise to prove your Reactive thinking. You can jump directly to the code here if you want, otherwise keep reading and see what we can do.

Which are the events we are interested in?

The behaviour of the Joystick can be seen a series of events combined together in some way.

The first event we are interested in is when the user presses a mouse on the handle (mousedown) - the handle is just the central part of the Joystick image.

If you hold the mouse pressed, then you can move around and you see the handle move accordinglythe mousemove events of the mouse are therefore the second series of events we want to capture.

Last, we need to consider when the user releases the mouse (mouseup) since this is the event that causes the Joystick handle to go back to its initial position.

Relevant events for the Joystick case

The whole sequence can be repeated after the handle is released. The mouse is pressed on the handle, then it is moved, then it is released. Again and again.

This repetition can be seen as a stream of events. We can say that the behaviour of a joystick is governed by this stream of events.

The stream of events of a Joystick

If we are able to build such stream of events, we are in a good position to reach our objectivethat is, to implement a Joystick software component for the browser using RxJS.

The building blocks with RxJS

The browser actually provides us with the notification of the events we are interested in: the mousedown event on the DOM element representing the handle of the Joystick, and the mousemove and mouseup events at DOM document level.

RxJS, on its side, comes with the function fromEvent that allows us to create an Observable from a browser event.

Create an Observable with `fromEvent` RxJS function

Using this mechanism we can create the...

18:36

A programmers guide to managing stress "IndyWatch Feed Education"

I almost lost my mind once. It was the best thing that ever happened to me.

I almost lost my mind because I wasnt taking care of it.

Way too much crunch time for an important project, coupled with some ongoing issues in my personal life, pushed my ability to cope with day-to-day life into the red.

Too many tickets. Not enough time. Lost, so very lost, in code.

My heart raced. My mind raced. My ability to think clearlyso important when youre trying to get working software out the doorwent through the floor.

I was super, super stressed.

It affected everything, including how I felt, my relationships, my sleep and appetite, and especially my ability to do my job. It wasnt a good placeI was on the edge of somewhere nasty.

Total Burnout.

It was the best thing that ever happened to me because, while navigating my way back from the edge, I learned a whole heap about how humans work.

In particular I learned about our mental and physical limits, the nature of stress and anxiety, and most importantly, how to take care of myself so that I could stop this happening again. I want to share some of that with you here.

Its valuable information, and it applies to everyone. Programming often scores well in terms of job satisfaction, but programmers are, despite their protestations to the contrary, humans and are subject to the same limitations as anyone else.

>> This article originally appeared on www.codingmindfully.com. <<

How stress works

Programming culture emphasises excellence and ability. This can make it difficult to admit to ourselves or others that we might be having an issue with stress.

However, its literally baked into our neural and physical circuitry, so everybody has to deal with it at some point.

Stress in the mind and body

Stress is a series of physiological and mental changes that happen when our body and mind perceive a threat or challenge in our environment.

Stress and relaxation are defined by the level of physiological arousal and muscular tension in the body.

To be relaxed is to have the optimal level of physiological arousal and muscle tension for your current situation.

To be stressed or anxious is to have too much physiological arousal and muscle tension for your current situation.

T...

18:31

Global Human Rights Teach-Out "IndyWatch Feed Education"

In collaboration with the University of Michigan and Leiden University, were excited to announce the Global Human Rights Teach-Out which will take place on Coursera from October 17-20.  Over 30 academics from 19 of the worlds leading universities will discuss Global Human Rights issues. Non-governmental organizations (NGOs) like the UNHCR, World Bank, Human Rights Watch and Reprieve will also be joining the Teach-Out, which takes place alongside One Young World summit 2018, hosted in The Hague by Leiden University.

This week-long event will end with a live-stream discussion, where you can ask questions to some of the worlds most prominent human rights experts and academics as well as participants from all over the world. The Teach-out provides a unique opportunity to share perspectives and experiences, on a world-wide scale.

Why are Human Rights important at this important time in history?

No-one will claim that human rights can cure all the planets ills. But they are crucial in our struggle for human dignity, for freedom, for a decent society. Together with the rule of law with its wisdom and restraint and democracy with its vitality human rights provide the basic ingredients of good governance. Rick Lawson, Professor at Leiden University

The Declaration of Human Rights gives you everything that you would wish for yourself, your family and your friends. Why, then are they not granted to all? The answer is simple power and privilege, custom and convention. The solution is not. Richard Griffiths, Professor at Leiden University

What is a Teach-Out?

Teach-Out was coined by the University of Michigan, taking inspiration from the Teach-Ins of 1965 where students and faculty would gather to discuss the Vietnam War. The Teach-Outs of today are short digital learning exper...

17:27

How to transition from being an in-office to a remote programmer "IndyWatch Feed Education"

person facing laptop inside room by Muhammad Raufan Yusup on Unsplash

My name is James, and Im a Software Engineer at a company called Yesware, based in Boston. Yesware is the fourth job Ive had in which Im paid to write code, but its the third time now that Ive transitioned from being an in-office employee to a remote one. Since Ive handled this transition a few times now, in varying degrees of complexity/difficulty, I figured I probably have at least a few words for anyone else looking to begin working remotely.

But first, a warning: survivorship bias guarantees that your mileage may vary with regard to anything I say here. Switching to a remote position has worked for me in the past, but that in no way means it will work for anyone else in the same ways. You dont often see articles entitled How I Completely Failed to Work Remotely and Botched my Dream Gig, but Im sure there are many cases of folks doing exactly that. That would actually probably be a more helpful article, so consider this an open invitation for someone to write it as a response.

Also, I talk about my place of work in this article a fair bit, but Id like to state clearly that I wasnt asked to, or otherwise encouraged to at all. Any reference I make to my employer is included only because I see it as relevant or helpful to others, so as to get an idea of how a company might support its employees.

Why Remote?

This is a question I wont dwell on too much because there are endless blogs, listicles, and books written on the subject (Remote: Office Not Required is a decent intro to the benefits of remote work, but it wont tell you how to do it. Its also roughly half pictures).

Remote work is fantastic for some personality types as it affords much more freedom. Some folks just enjoy being able to move, to be able to go where their friends/family/bucket-lists take them. Being able to take your job where you want to go is, in my opinion, less stressful than having to factor in finding another one if you decide to leave. Simply put, it resolves any dichotomies between having a job you enjoy, and anything else you want to do.

You can have your cake and eat it too.

The phrase above should always be accompanied with a resounding within reason. I suspect your employer wouldnt be too keen on the idea of using remote work as a means of somehow having another...

16:25

What is a branch in Git, and how do we use it? "IndyWatch Feed Education"

https://medium.com/media/2f6b2ed299708e8c72434d2d0dd2a9d2/href

Note: This the seventh video in the Git for beginners series. Watch the first video here.

Imagine there are parallel worlds. We have:

  1. a world where I have created this video, and youre watching it
  2. a world where I have created this video, but youre not watching it
  3. a world where I did not create this video.

In this parallel world concept, a Git branch is a parallel world.

You can have a branch that stays the same in one world. Then you branch off into a different world. Once you finish your code, you can complete the initial world by merging the changes into it.

How to create a branch

Open up your Git client. Look for the branch you want to branch from. Right click on it and select create new branch.

You can name your branch anything you want.

Usually the first branch we developers use is the development branch.

Once you name your branch, click on Create and Checkout. Checkout, in this case, means to move to the development branch.

Once you create the development branch, you can see two branches in your branches sectionmaster and development.

In the Git history, you can also see a new tag called development. This development tag is on the same commit as master and origin/master.

Why create a development branch?

Lets say you have a website thats ready for people to see. This website is on the master branch.

If you commit code to the master branch, it means you change the website directly. If you introduce any bugs, other people can see your bug immediately.

Were humans. We make mistakes. We dont want to show our mistakes to people.

So we create a new branch and work off it. When were done, and when were sure that there are no more bugsat least we try to make sure!we push the changes back to the master branch to update the website.

Thats why we use a development branch.

In this case, the master branch can...

16:19

How to Structure Code Repositories: Multi, Mono, or Organic? "IndyWatch Feed Education"

Photo by Joren on Unsplash

The newest debate in town is whether you should keep your services in a single repository or multiple small repositories.

The idea of multiple small repositories is that code for each of your apps micro service is kept in a repository of its own. With a mono-repo, you keep the all the code in a single repository and deploy the code as microservices.

So which should you use? Being too rigid about any one approachwithout considering the purpose and uses of each approachcan lead to negative outcomes in the long run. If youre aware of when to use each, it can increase your productivity and improve your project.

To bend the rules, we need to first understand why they exist.

A common recommendation is to have an independent repository for every app/service. But why? Because, by having one repository for each micro-service, we gain:

  • Freedom to write code differently and independently of all other services.
  • Velocity in making code changes while fixing bugs, making updates, testing and deploying. Since changes only have to be tested in a single repository, deployment of the code is faster and more reliable.
  • Separation of code as independent units, which prevents bug leakages and performance bottlenecks between services.
  • Clear ownership of each repository and service, which is especially helpful for large teams.

But why did the need for mono-repos arise?

Clearly, the multi-repo approach has its benefits. But it also comes with its own challenges, especially in projects with a large number of microservices that use the same frameworks, language, tech stacks etc.

A few of these challenges are:

  • Enforcing standards and best practices across all repositories. With a multi-repo, changes in code standards and best practices need to be replicated across repositories. With a mono-repo, all the changes can be done in one place.

01:18

Ethereum 69: how to set up a fully synced blockchain node in 10 mins "IndyWatch Feed Education"

https://gophersland.com/p/learning-ethereum-blockchain/

Welcome in the first article of our new go-ethereum series!

In the next 10 mins you will:

  • Learn the first blockchain glossary without any necessary prior ecosystem knowledge
  • Setup your fully synced testing node (client/server) in under 10mins
  • Create your account and receive a transaction of 8ETH from the Ethereum foundation for FREE

Our motto is, practice before theoryso lets jump straight into the installation of a fully synced Ethereum testing node connected to a Rinkeby test network!

Geth

Geth is a command line interface (CLI), a compiled binary, program, and client for running a full Ethereum node implemented in Go.

We will use Geth to:

  • run a fully synced Ethereum node to connect to a test network called Rinkeby
  • create a new account to be able to send and receive transactions
  • for reading the EVM state, e.g. checking a balance of any account (want to know how much balance your girlfriend, boyfriend, wife, neighbour has? Sweet transparency!)

Installing Geth

We can install it directly from the repositories:

Mac

brew tap ethereum/ethereum
brew install ethereum

Linux

sudo apt-get install software-properties-common
sudo add-apt-repository -y ppa:ethereum/ethereum
sudo apt-get update
sudo apt-get install ethereum

Windows

Good luck :)

Verify the installation:

which geth
> /usr/local/bin/geth
geth version
> Geth
> Version: 1.8.14-stable

Running a blockchain node

Well, the devil is in the detailsbut getting started is actually simple. Kudos to the Ethereum developers.

Lets setup a new fully synced Rinkeby (Ethereum test network using the Clique PoA protocol) node.

The Rinkeby PoA implementation is much faster but significantly less secure. It is more centralised from the mainnet concensus PoW which is perfectly fine being a test network. Rinkeby manages to approve a new block with a bunch of transactions every 15s.

Ok, ok, ok...What do those words actually mean?...

01:08

The Six Week Fitness Challenge: The Details "IndyWatch Feed Education"

All right, so we got the plan. It consists of two simple parts: diet and exercise. Thats fine. Keep it simple!

For exercise, we must do at least three workouts per week at Debs gym. These are HIIT, bootcamp or cardio drumming (fun!) classes but, weirdly, the HIIT classes are 45 minutes long. I would expect them to be 20-30 minutes long. We have our first HIIT class tonight, so Ill report back on that. There is a 30 minute HIIT option on the schedule but its for people on their lunch break.

At least I hope Ill be able to do plyometric workouts at home after this. Ive been hesitant because I felt I needed to build up to them as my strength isnt stellar currently, but Ive never gotten around to making a plan to do so.

We can also do a fourth workout at her gym at no charge, which we will definitely be doing because dammit, we are getting our money back.

(Ha, have I set up a completely unhealthy dynamic here yet? Yeah. I know. At this point Im fancying myself as a Morgan Spurlock-type character, sacrificing my body to research for the sake of curiosity.)

Deb also encourages us to do two to three more workouts on our off days, for a total of six workouts each week. The other day is a rest day. This matches what I was hoping to do, with running, hiking, swimming or yoga on the off days and a walk or gentle yoga class on our actual rest day.

Now. The meal plan. This is not what I had hoped. I hadnt been too worried because I knew it would be high protein and beyond that I expected it to meet fairly regulation nutritional guidelines. But no.

Now, I feel like I could get in trouble for like, sharing a photo of the plan or something (it seems to be proprietary info) but simply put, its a diet for people training to be in body competitions. Body building bikini body that sort of thing. You know egg whites and spinach.

What I get to eat in a day is:

Breakfast: 1 serving of protein (6 egg whites; 1.5 cups of fat-free, unsweetened Greek yogurt; or any of the other allowable proteins like lean meats, cottage cheese or protein powder); 1 carb (which she translates to half a piece of fruit; 3/4 cup berries, 1/2 cup of rice or quinoa etc, 3/4 cup sweet potato or a few other options); 1 veg (not allowed? Peas, carrots, corn, squash (sob), zucchini, eggplant, pumpkin, beets).

Lunch: Same

Dinner: 1 protein, 1 veg

The proteins include 6 oz of chicken breast, lean turkey breast, pork tenderloin, 96% lean ground beef, white fish like cod or tilapia, and bison burgers.

Oh, and two snacks per day, which are, specifically, protein shakes. This trainer sells protein shakes of a specific brand. We did not buy those (although Im sure theyre fine)....

01:06

How to black box test a Go app with RSpec "IndyWatch Feed Education"

Automated testing is all the rage in web development these days and goes on across the whole industry. A well-written test dramatically reduces the risk of accidentally breaking an application when you add new features or fix bugs. When you have a complex system thats built from several components that interact with each other, its incredibly hard to test how each component interacts with other components.

Lets take a look at how to write good automatic tests for developing components in Go and how to do so using the RSpec library in Ruby on Rails.

Adding Go to our projects tech stack

One of the projects that Im working on at my company, eTeam, can be divided into an admin panel, user dashboard, report generator and request processor that handles requests from different services integrated into the application.

The part of the project that processes requests is the most important, thus we needed to maximize its reliability and availability.

As part of a monolithic application, theres a high risk of a bug affecting the request processor, even when there are changes in code in parts of the app not related to it. Likewise, theres a risk of crashing the request processor when other components are under a heavy load. The number of Ngnix workers for the app is limited, which can cause problems as the load increases. For instance, when a number of resource-intensive pages are opened at once in the admin panel, the processor slows down or even crashes the entire app.

These risks, as well as the maturity of the system in questionwe didnt have to make major changes for monthsmade this app an ideal candidate for creating a separate service to handle request processing.

We decided to write the separate service in Go, that shared the database access with the Rails application that remained responsible for changes in the table structure. With only two applications, such a scheme with a shared database works fine. Heres what it looked like:

We wrote and deployed the service in a separate Rails instance. This way, there was no need to worry that the request processor would be affected whenever the Rails app was deployed. The service directly accepts HTTP requests without Ngnix and doesnt use a lot of memory. You could call it a minimalist app!

The problem with unit testing in Go

We created unit tests for the Go application where all database requests were mocked. In addition to other arguments for this solution, the main Rails application was responsible for the database structu...

00:28

Dissecting The Six-Week Fitness Challenge: Intro "IndyWatch Feed Education"

When the free fitness challenge from a local trainer popped up on Facebook, it piqued our interest immediately. Of course we knew it wouldnt be without a catch, but the description explained that the reason she could do it for free was for the internet reviews, the use of your before and after photos and because it worked great as marketing and a lot of people choose to stay on at the gym afterward.

Andi (my partner) and I have both always been interested in fitness and nutrition, and neither of us has been really happy with our health or fitness for a few years now. The cumulative effects of stress, lack of sleep, enjoying our wine and of course, not always eating really nutrient dense foods (or, ahem, chicken nuggets for days when needed to survive).

Because Andi has an athletic background (in roller derby and kickboxing) and Ive been fascinated by nutrition and fitness for years, we felt pretty well equipped to determine whether this challenge would be a good fit for us, so we booked a consultation.

So heres the deal. You pay a $500 deposit. If you meet the goals set out by the trainer, at the end of six weeks you get all your money back. If you do not, she keeps your $500 but will put it toward a membership or classes at the gym.

Neither of us has $500 to lose (not even close). But we did our research and weighed the risks and decided to go for it. We both know that our body type responds well to exercise and we could likely meet the goals fairly easily, and we looked forward to the kick in the butt to hopefully get fired up about being active and fit again, finally.

Here are the goals you have to meet to get your money back:

  1. Attend 3-4 workouts per week at her gym.
  2. Write two online reviews upon completion of the program.
  3. Let her use your before and after photos.
  4. Lose 6% of your body fat in the six weeks.

Uh that last one though? We felt confident about the rest as those are within our control, but the last one depends on how good her plan is.

After deliberating for a few days and doing a lot of digging online to figure out whether 6% body fat loss in six weeks was even possible or advisable, we decided to go ahead with it (with the caveat that I would not commit if I came in at less than 27% body fat to start, as I dont want to go below 20% and felt Id be less likely to have success with the challenge if I started out lower than 27%).

Well, I came out at 30.3% body fat, so I was safe in that regard. Overall my health metrics are pretty decent: a visceral fat rating of 4 (fairly healthy, could be better), metabolic age of 35 and a resting heart rate of about 56 beats per minute. Ill also be checking my blood pressure to start as well as s...

Tuesday, 16 October

23:23

At the eye of the storm: how I helped save people during the disastrous Kerala floods "IndyWatch Feed Education"

Image source: https://keralarescue.in/

This my perspective on the worst natural calamity experienced by the state of Kerala, and how I was able to help build the foundation upon which a great community was built. It was a humbling and also challenging experience at the same time.

Disclaimer: Ive done my best to cross check the data in this post. But I do not make any guarantees about the completeness, reliability and accuracy of this information.

11th August, 2018

I returned to my home in Palakkad from my college hostel. Palakkad, along with many other districts of Kerala, had just witnessed one of the worst floods in its history. But that was just the start of it. Little did I know what was about to come.

The All Kerala Student Congress, an event organised by IEEE Kerala Section, was cancelled. The Whatsapp group had some discussions regarding what we could do to help the people affected by the flood. As a result, we decided to build a website. I started to the work on a Django app.

1. There would be a form where the people or camps could specify their needs, like water, medicines etc.

2. There would be a contact form listing the info of 2 or 3 people from each district who would coordinate the efforts.

3. Any volunteer who would like to help should be able to view all the items that are needed at various places close to them.

4. The needs that have been taken care of should be marked as complete so that there wont be too much overlap

I delivered the site by midnight that day. I remember posting the screenshot of my shell as my WhatsApp status just to look cool.

It was the birth of a historical landmark for me. That became a platform for unprecedented collaboration that happened in 14 hours. The Minimum Viable Product was launched!

The first poster shared among student communities

12th Aug, 2018

We started getting district-wide requirements. I remember that Palakkad and Ernakulam district administrations were the first to onboard the platform. IEEE initiated WhatsApp groups per district to mobilize volunteers, which later became the control centres of young, hardworking people across Kerala. At first, we had 3 POCs who were all students who would...

19:33

How I could have hacked all Twitter accounts (and how I earned $5,040 in bounties) "IndyWatch Feed Education"

Photo by Charles Deluvio on Unsplash

Summary

This blog post is about an Insecure direct object reference vulnerability on Twitter. This vulnerability could have been used by attackers to undertake various activities. For example, they could tweet from other accounts, upload videos on behalf of users, delete pics/videos from the victims account, or view private media uploaded by other twitter accounts. All endpoints on studio.twitter.com were vulnerable.

Description

Twitter is an online news and social networking service where users post and interact with messages, called tweets, restricted to 140 characters. Registered users can post tweets, but those who are unregistered can only read them. Users access Twitter through its website interface, SMS, or a mobile device app.

Twitter launched a new product named Twitter Studio (studio.twitter.com) in September 2016. I started looking out for security loopholes after the launch.

All API requests on studio.twitter.com were sending a parameter named owner_id which was the publicly available twitter user ID of the logged in user. The Owner_id parameter was missing authorisation checks for changes, which allowed me to take actions on behalf of other Twitter users.

Vulnerable request #1 (Tweeting from other Twitter accounts.)

POST /1/tweet.json HTTP/1.1
Host: studio.twitter.com
{account_id:attackers account id,owner_id:victims user id,metadata:
{monetize:false,embeddable_playback:false,title:Test tweet by attacker,
description:attacker attacker,cta_type:null,cta_link:null},media_key:,
text:attacker attacker}

Replaying the above request with the victims ID resulted in a tweet from the victims account.

Vulnerable request #2 (Upload Media from anothers account)

POST /1/library/add.json HTTP/1.1
Host: studio.twitter.com
{account_id:attackers accountid,owner_id:victims id,metadata:{monetize:false,name:abcd.png,embeddable_playback:true,title:Attacker,description:,cta_type:null,cta_link:null},media_id:,managed:false,media_type:TweetImage}

Replaying above request with the victims owner_id uploaded media from other user accounts....

19:19

How to resolve Git conflicts "IndyWatch Feed Education"

https://medium.com/media/7df401e121476411886538d1c0dd6c90/href

Note: This the sixth video in the Git for beginners series. Watch the first video here.

Lets say a friend of made a change to your repository and pushed the changes to the Git remote. At the same time, you also made a change to the same line of code.

When you pull their changes into your local repository, youll notice that there is a conflict.

This is what we call a Git conflict.

Youll learn how to resolve a Git conflict today.

First, lets produce a Git conflict so you see what happens.

Producing a conflict

To produce a Git conflict, we need two sets of code. For the first set, we need someone to push code into the remote.

In our case, we edit the files on GitHub to simulate a change.

Lets say we change the text in README.md from Hello world, this is my first Github repo to Hello world, this is my second Github repo.

Were also going make a commit message that says Changed first to second to see the effects in our Git History later.

For the second set of code, you can change the same README.md file on your local repository. Instead of second Github repository, were going to say third Github repository.

Hello world! This is my third Github repo!

Were going to commit this file and set the commit message to Change first to third.

You can check for an update in your Git Client with the Fetch button. Once the fetch is completed, you can see that origin/master is on a different fork compared to master.

This happens because there are changes on the Git remote and on our local repository at the same time.

If you look at the branch on the left, you can see that the master branch says one down one up. This tells us there is one commit in the Git remote that is ahead of our master. A...

16:16

How to write a killer Software Engineering rsum "IndyWatch Feed Education"

An in-depth analysis of the rsum that got me interviews at Google, Facebook, Amazon, Microsoft, Apple, and more.

This rsum got me interviews at Google, Facebook, Amazon, Microsoft, and Apple.

2017 Senior Year Rsum

I obtained these interviews by sending my rsum to the rsum black hole, also known as applying online.

Applying online is the most common way people go about applying for a job and therefore the least effective way to land an interview due to competition. Yet that is exactly how I obtained all my interviews.

How did I accomplish this?

In this article, I will go through a line-by-line analysis of my rsum for the following purposes:

  • explaining the choices that I made in creating my rsum
  • why I believe this rsum worked to help me land those interviews, and
  • how you can create an even better rsum!

I decided to write this article because I struggled a lot with landing interviews when I first started looking for a job. It would have been extremely helpful for me to have a real-life example rsum to look at.

This article is organized into the following sections:

  1. The All Too Familiar Way of Not Landing an Interview - a short anecdote of my frustrations when I first started applying for jobs
  2. Evaluating the Options: Moving Forward - a reflection on different strategies to improve the odds of landing interviews
  3. Learning How to Write a Killer Rsum By Example - the step-by-step analysis of my rsum with each of the following sections corresponding to my rsum:

15:14

[BONUS] THE DISCOMFORT ZONE Session Three "IndyWatch Feed Education"

(AUDIO, 89 MINUTES) In this series, we will build upon and grow our strengths, highlight and improve our weaknesses, diversify and increase our personal and professional skill sets. This ongoing saga will be an open discussion allowing us to question each other's actions to help ensure we are taking the best possible steps to keep ...

The post [BONUS] THE DISCOMFORT ZONE Session Three appeared first on School Sucks Project.

13:23

Youth work that is both dead and thriving "IndyWatch Feed Education"

egg_eggshell_hen's_egg_shell_broken_open_color_eggs_color-1382049 (1)

After last weeks relatively upbeat submission from Roy in Medway to our Is Youth Work Dead series, this week we hear a different and all too familiar story of a decimated Local Authority youth service. However, our contributor does see hope in the role of voluntary youth projects. We would love to hear from you please send submissions to indefenceyw@gmail.com, comment on Facebook or below, or add to our map of open-access projects.


Im a Youth worker in an area where most people would say youth work is dead and I hate to say it but I agree with them.  The professional youth work in my tiny town is well and truly dead, trying to gain access to schools has become a near impossible task and the town Youth Club has decided to break away and try to make it on their own in a sea where you will unfortunately succumb to the rough waves and cold water.  I have spent hours sitting with the team having that discussion again about where are we going wrong and what can we do but if we do not involve young people in these discussi...

08:24

Want to learn Angular? Heres our free 33-part course by Dan Wahlin! "IndyWatch Feed Education"

Click the image to get to the course.

According to the Stack Overflow developer survey 2018, Angular is one of the most popular frameworks/libraries among professional developers. So learning it increases your chances of getting a job as a web developer significantly.

Thats why weve teamed up with one of the most renowned experts on the framework, and created a free Angular course at Scrimba.

Instructor Dan Wahlin is a Google Developer Expert whos provided training, architecture, and development services for some of the biggest corporations in the industry and created some of the most popular training courses on Udemy and Pluralsight. Hes also a regular speaker at developer conferences around the world.

...

02:09

The Benefits of Speaking at Tech Conferences "IndyWatch Feed Education"

Im a web developer. Having spoken at a few tech conferences, I thought Id share some benefits I experienced through speaking. If youre considering speaking, maybe this article can provide some extra insight.

When you decide to speak at a conference, its not just that 2040 minute talk slot youre involved with. Other factors come into play like preparation, travel and money.

There are some more obvious benefits, such as learning new technologies, getting out of your comfort zone, and personal branding. But in this article, I hope to share some of the less obvious benefits, such as traveling, easier access to future conferences, and some other aspects.

For me, the biggest benefit is travel. All-expenses-paid trips to new countries can be really great. If you want to go traveling but moneys an issue, being a speaker at an international conference can help with that.

Ive been lucky enough to explore the Netherlands (), United States (), Ireland (), Czech Republic (), Switzerland (), Poland (), Ukraine (), Romania (), Greece (), Germany () and more. All I really paid for was food and additional accommodations.

There are huge benefits to traveling in general which I wont cover here, but you can research yourself. Conference organizers are usually happy to help you explore their city in a way which makes you comfortable. They can tell you the good spots to go to without you having to read through endless TripAdvisor reviews which have questionable integrity. You can ask organizers for advice at pretty much any stage, and theyll try to accommodate you.

If you have a partner or a close friend , you may both be able to tick off traveling from your bucket lists. If you ask the organizers, your partner can probably attend the conference and speakers dinner too. They may not be interested in the conference topics, but it will still be an experience for them to see you speak. On a few occasions, I requested the organizers book a flight for my partner too, and this typically came out of my speaker payment.

Most of these visits are through conferences. Not shown: U.S. where I attended Google I/O a few times and spoke in New York

I find a good strategy is for your partner or friend to explore the city independently while youre at the conference. You can meet up afterwards. But the real benefit of the travel aspect is through the extra days you book where you dont have important commitments to attend to.

The trick is to extend the days youre located within that country. When the conference has a dec...

01:58

How to visualise the Global Exporting Network using NetworkX and D3 "IndyWatch Feed Education"

Data-Driven Documents (D3) is a JavaScript library for building powerful graphics to communicate information in datasets. It is also fair to say that for many, myself included, it has a non-standard approach to building the graphics. Often the learning curve can feel steep.

The data

I remember when I was first introduced to the CIA World Factbook, and I loved it. It holds a treasure trove of information about all of the countries in the world. It is just screaming for visualisations of the data to be made. On top of this, it has been converted to different formats on GitHub andmost importantly for usto JSON.

The data is given per country using their two character ISO encoding. Well need the continent each country is in to access the data. First well create that dictionary:

https://medium.com/media/7190adede35ac71a8d6c31a21dfdb5f1/href

The dictionary makes things a lot simpler when we want to access the URL for each countrys data.

The next step is to define a simple Country class to hold the data. While were at it, it would improve the visualisation if we could use actual country namesnot their two character codeso we can find that information and store it for later use.

https://medium.com/media/6c0e1f6335adfd33e6a8d7a3af01c036/href

And now were finally ready to add the exporter informationthis method isnt perfect but it gets a majority of the information.

Dont worry too much about the split() functions on the exporting partners. Thats just cleaning up some of the data so we only get the names and the percentages we want. Check out the GitHub page to see the extra names I had to add for the graph construction to work.

https://medium.com/media/a069a838ab95874709af383773d190fa/href

NetworkX

...

00:54

Skipping College Isnt Easy With Alex Bell [PODCAST #582] "IndyWatch Feed Education"

Alex Bell was the teenager I had mind when I first started this whole School Sucks project. Struggling through school and variety of personal challenges, he was the kind of person I hoped to reach. Unfortunately, I didn't know this until we connected in Salem, MA in 2017. He discovered School Sucks Podcast in 2009, ...

IndyWatch Education Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Education Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Education Feed was generated at Community Resources IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog