-------------------------------------------
Introducing Airbnb Concerts - Duration: 1:20.
What is it?
It could be a release.
It's connection.
It's about what you feel.
"Check one."
"Check check."
It's emotional.
"This is one of the coolest spaces I have ever performed in."
It allows us the opportunity to get closer to each other.
It's live, direct, in your face.
Now that's powerful.
It can take you. It can free you.
And ignites fires inside of all of us.
What is it?
It's music.
And it's my pleasure to be here with you all tonight.
-------------------------------------------
Angrath Planeslaker Deck Rebuild - Duration: 8:58.
Rebuild the Angrath Planeswalker Deck
I really like the Planeswalker decks.
They are a great place for new players to start.
Decks built around an idea that play well against each other.
There's nothing wrong with these decks.
They are a lot of fun.
Instead of just upgrading the Angrath Planeswalker deck, I wanted to take Angrath a new way.
I want to show you how to rebuild a deck.
I'm going to show you what we created with the Angrath Planeswalker deck, right now.
Reaching and teaching Young Mages of all ages.
Welcome young mage, I'm Rhino.
Before we get started, I asked you in a previous video to tell me do you think Dinosaurs and
Dragons are the same thing?
There's a reason I asked that.
It's actually from one of the cards in the Ixalan block.
Can you find which card I'm talking about?
Just put it in the comments below.
The purpose of the Angrath Planeswalker deck was to over run your opponent with pirates.
Fast pirates.
I like fast decks, but could Angrath do a bit more?
I wanted to build this deck with cards I had on hand or could easily trade for.
What if we teamed Angrath up with Kari Zev?
What would the deck look like?
I'm not going over what we took out.
This isn't just a simple upgrade, but a different idea.
We will keep the Angrath and his buddies, but use some other cards to make a new deck.
Let's start with the mana.
Angrath is Red and Black.
This is also known as Rakdos.
We will keep the colors the same and use 22 land.
I don't think we need more land.
It played really well for me.
We start with 4 Cinder Barrens from the original deck.
We will add 2 Evolving Wilds for mana fixing.
And for basic land, 8 Mountains and 6 Swamps.
But I want to add one Desert of the Fervent and one Desert of the Glorified.
These are cycle lands.
If you get them late in the game and already have enough mana, you can use them to draw
a card.
That can be really helpful.
Now for the creatures, a total of 22.
Three Daring Buccaneer A one drop for a 2/2 and you can reveal a pirate from your
hand or pay 2. It is fast and big. That is all value.
One Deadeye Tracker. One drop 1/1 this card is just great for getting rid of graveyard
synergies and it explores as well.
Three Fanatical Firebrand. A 1 drop 1/1 haste and you can tap and sac it and it deals 1
damage to target creature or player. He's great for taking out any of your opponent's
one toughness creatures. Including annoying flyers.
Three Grasping Scoundrel. A one drop with +1/+0 as long as it's attacking. I couldn't
find any other one drop black pirates. But this is really nice. A 2/1 when attacking
is still good.
Three Dire Fleet Captain. This card is just amazing. Getting +1/+1 for each other attacking
pirate is so good. He becomes an immediate target if your opponent knows what's good
for him.
Two Goblin Trailblazer. A two drop 2/1 with menace I don't see a downside. He has to be
blocked by at least two creatures. Then we get to decide where we want the damage to
go.
Two Kari Zev, Skyship Raider A 2 drop 1/3 with First Strike and Menace. Plus we get
a 2/1 monkey when we attack. The monkey does more damage and Kari Zev has a pretty big
toughness. This is a double threat.
Three Forerunner of the Coalition. It's a good pirate tutor. Whenever another pirate
enters the battlefield your opponent loses 1 life. We have lots of pirates.
And two Dire Fleet Neckbreaker. A 4 drop 3/2. I think this is the pirate lord. All
attacking pirates get +2/+0. And the Dire Fleet Neckbreaker doesn't even need to be
attacking. But when she attacks, she's a 5/2.
That's it for the creatures.
By the way, keep watching. I have a neat combo to show you.
We are running 16 spells because we want to do some fun stuff.
Two Fling. You can sacrifice a creature and deal direct damage to your opponent. This
doesn't sound too great because you lose your creature but I'll tell you a neat combo
in a moment.
Two Lightning strike. A 2 drop instant that deals 3 damage to target player, this is a
solid card. Use it before they can put up their creatures. Or just hit them at the end
when their life total is low.
Two Sure strike. A 2 drop instant that gives a creature +3/+0 and first strike it's a great
combat trick.
Three Walk the Plank. 2 drop destroy target non-merfolk creature, pretty nice. It gets
rid of just about any creature.
Two Fell Flagship. At first I didn't think this ship would be that good. But this card
is really good with this deck. Our pirates get +1/+0 and force our opponent to discard
a card. This can be super annoying… for them.
Two Kari Zev's Expertise. You get to steal one of their creatures and then you can play
something for free. We have 26 cards in this deck it can cast for free. I like it. And
here's that combo I mentioned earlier. Use Kari Zev's Expertise to steal your opponents
creature. After you attack with it, use Fling to sacrifice their creature to do even more
damage to them. They don't get their creature back.
And finally we are keeping Angrath and his two fury's. It's like having 3 Angrath's
in your deck plus more damage.
What do you think of this as a Planeswalker deck?
I want it to be more competitive.
It may even win some games at Friday Night Magic.
If you want to see how this deck plays against the Rebuilt Vraska Planeswalker deck, check
the card above for the game play video.
And finally,
This isn't the only way, or best way to rebuild the deck.
I like the idea of stealing your opponents annoying creatures and attack them with it.
But pirates can do a lot of neat things.
Like Revel in Riches can give you a different way to win the game.
Or if you wanted to use Blue and Black, Hostage Taker can give you some of the same capability
and open your deck to flying pirates.
Would you want to run a pirate deck like this?
Let me know in the comments below.
I have more videos coming out soon showing you how to upgrade decks and play magic better.
So subscribe now by hitting that rhino down below.
And don't forget the bell notifications so you don't miss a single one.
These videos are possible because of my generous Patrons and sponsors.
Check out the videos on the side.
They will interest you.
I have more videos coming out soon.
So until then, Rhino out.
-------------------------------------------
Система Кастор. Хороводы звёзд - Duration: 9:28.
For more infomation >> Система Кастор. Хороводы звёзд - Duration: 9:28. -------------------------------------------
Nasıl Video çekilir ? Hangi programlar gerekir ? - Duration: 9:49.
For more infomation >> Nasıl Video çekilir ? Hangi programlar gerekir ? - Duration: 9:49. -------------------------------------------
EBM - Cyberpunk 2077 megacorporations lore - Duration: 4:35.
Greetings Earthlings!
Welcome to the MadqueenShow!
I am your host the MadQueen On today's menu we have a new Cyberpunk
2077 lore video for you, and today we're going to talk about the megacorporation EBM
The 90s were a hard decade for companies
After the world stock crash of the 94, many companies died along with world economies,
acting like some kind of purge, as only the strongest survived
One of the companies that ended past century being stronger than before the crash was Euro
Business Machine Corporation
This German megacorporation was, in the 90s, already the largest computer manufacturer
in the world, and one of the most significant corporations in existence
And when the world crisis came and went, they just wiped the dust off their shoulders and
went on, consolidating their position as one of the most powerful Megacorporations
But wiping off the dust wasn't the only thing they did, as the late 90s were greatly
profitable times for corporations that survived the economic apocalypse, as there were many
companies that succumbed the collapse to despoil and loot
Was at that time when EBM pulled off the greatest free-market hostile takeover in history
Led by Dr. Kurt Muller, this maneuver caused the merger of EBM with many other prominent
computer companies around the world, consolidating EBM's already fearsome market power
How fast can you browse the new Cyberware catalogue?
Watch a film?
Maybe check on your neural implants?
Watch the news?
Maybe sports?
The new Portable Dataterm™ moves as fast as you do
Portable Dataterm™ Faster. Smarter. Click
During the decade of 2020, the goal of the company was to consolidate as much of the
world's high tech manufacturing as possible under their label by any means
And when a megacorportion as huge as EBM says "any means", there are no means out of their list
The relationship EBM has with other megacorporations is symbiotic
They provide tech to many of the biggest Corps: the computers that run Arasaka's security
systems, Chips for Microtech, air traffic control computers for Orbital air, they are
the major provider for everybody that uses a computer and, you can guess, 2077 is full of them
Even if EBM has no direct competence and is one of the most powerful megacorporations
they don't put their guards down
Their throne is quite secure as they have one of the largest troop counts in corporate
security, incredibly huge for a company that has nothing to see with military and mercenary contracting
So you know, if you are looking for a job in 2077 and you like computers, but you don't
have what it takes to be a NetRunner, maybe you can apply to the megacorporation with
more employee count in the world and a very small rate of extraction
Because if it makes your life simpler, it's EBM
Well, folks, thanks for watching
Don't forget to visit our Cyberpunk 2077 lore playlist to know more about the dark future
See you in next videos and stay being amazing
-------------------------------------------
Cambridge Audio CXN v2 streamer/DAC/pre-amp - Duration: 11:41.
Cambridge Audio was early in discovering the importance of good filtering in digital players.
I once had an Azur 840C cd-player that used Anagramm's Q5 upsampling and sounded very
good for the beginning of this millennium.
They still use Anagramm technology in the shape of a second generation ATF2 up-sampling
to 24 bit 384 kHz in this CXN version 2 streamer/DAC/pre-amp.
Let's see what that brings.
The CXN V2 is the update of the original CXN and if you want to know whether updating to
the V2 is advisable, I can't tell you since I haven't reviewed the original version.
It has a stylish brushed aluminium front, available in silver and black, that measures
430 by 305 x 85 millimetre.
On the front, left the standby button, a USB socket for storage devices and four transport
buttons - play/pause, skip back and forward and stop.
The 4.3 inch display shows menu's or info on the track playing, including cover art.
Right of the display the infrared sensor and four buttons for menu navigation: info that
shows the track info.
On the right a rotary encoder that lets you scroll through menus.
To select you push the knob.
On the left the IEC power socket, the Wifi antenna, a second USB socket for storage devices,
the network socket, two digital inputs, one on Toslink and one on RCA, one digital output
on both Toslink and RCA, the USB input for audio-in with a ground lift switch and two
stereo analogue outputs, one on XLR and one on RCA.
For system integration there are two control bus RCA's and an input for an external infrared
sensor.
A few remarks here: the USB for mass storage, both on the rear and the front, are not suited
for iOS devices like an iPod.
That's no problem though since the CXN supports Airplay and - with an optional dongle - also
Bluetooth A2DP and apTX.
Roon Ready is announced as a free update, due march 2018.
The USB input for audio supports both Profile 1 and 2.
The default setting is Profile 1, which is limited to 96 kHz but works on all computers
without extra drivers.
In the audio menu this can be changed to Profile 2 so it will support 192 kHz and DSD64 too.
For use with Windows computers, the supplied driver must be installed.
All other inputs support all sampling rates up to 192 kHz but DSD is only supported over
USB.
Gapless playback is supported too.
For internet Radio the more efficient streaming MPEG-DASH and HLS-compatibility is present.
On opening the cabinet I noticed it was cleverly constructed.
It felt very sturdy when closed and only after removing many screws I got access to the inside.
There three main PCB's: one holding the linear power supply, one holding all the digital
and analoge audio and one directly behind the front to hold the display and buttons.
A number of smaller boards are used for interfacing and for instance holding the rotary encoder.
The most remarkable print is this one, which in fact is the streamer and is called Black
Marlin after the fastest swimming fish there is.
According to the press release a faster processor with extra memory should make the V2 faster
than the original.
Let's look at the audio side: Local stabilisation, Wolfson WM8740 DAC chips, N55322 op-amps and
firm mute relais.
Also note the screws that almost certainly must prevent vibrations in the PCB at this
critical point.
Not strange the measurements show very clean figures.
This all is neatly layed-out.
As with most DLNA streamers, ripping must be done on a computer.
That music then must be shared by a DLNA server, software the indexes the metadata and sends
that info and the music to devices like the CXN.
It is the server software that defines how the metadata is presented to you.
If you -for instance - like having composers indexed, you have to use DLNA server software
that does that or can be set to do that.
The DLNA player only shows what is sent to it by the server.
This also means that browsing speed depends largely on the DLNA server.
Again, that is not specific for the CXN.
I have several DLNA servers operating in the network, primarily for video.
For audio I like to use dedicated audio-only DLNA server software called MinimServer running
on an iMac that has an Intel i5 @ 3.3 GHz.
With around 10,000 albums in my library this worked quick and responsive.
There are also versions for Windows, Linux and even Raspberry Pi and several NASses.
I don't know what happens if you use a clearly slower NAS or Raspberry Pi.
But then again, if you have considerably less albums it probably will work fine.
A clear advantage is that DLNA doesn't know limitations on the number of tracks it can
index.
And, of course, that it is up to you what DLNA server software to use and what fields
are indexed.
There are several ways to operate the CXN V2: using the controls on the front or the
supplied infrared remote together with the display on the front or use an app on a tablet
or smartphone.
There are versions for Android and iOS and they come for free.
When you chose for Library, the CXN shows the DLNA server or servers in your network.
As you can see I have several running but that is only for testing.
Normally you will only see the one you installed on your computer or NAS.
From here it is simple browsing and selecting like with many streamer-apps.
On the right the play list is shown and along the bottom the player info and control.
Tap this area and you get a full player screen.
If you go to input you can choose between USB, D1 - the optical input, D2 - the RCA
input and Spotify that effectively starts up the Spotify app.
Select internet radio and you find extensive search options and an option to store your
favorites.
The Player menu option lets you select the player you want to control.
This is also where you can couple more players.
the Settings menu lets you switch between Grid and List display, audio settings - limited
to balance here, control bus settings and a positility to use the iTunes library.
All in all what you expect from a good app.
And, as said, the same can be controlled using the controls on the front or on the remote
control.
This is where the CXN really surprised me.
This is a very musical player that - given its price - sounds remarkably good.
It sounds rounded without sounding dull, is very open and has a stereo image that I didn't
expect in this price category.
The lows go deep and offer true tonality.
It really is in the upper range of my setup 2 and is absolutely tolerable in my setup
1.
A real achievement for a streamer, DAC and digital preamp for just over a grant.
Let's start with the things you might need to know to decide whether this is your choice.
First the price: 1099 euros, 799 British pounds or 999 US Dollars according to the web.
Please bare in mind European prices are including VAT - sales tax -while the US price is excluding
sales tax.Then you have to realise that only Spotify is supported while this player deserves
Tidal or Qobus high res streaming.
There is no MQA decoding.
Then there is the choice for DLNA, that might be somewhat less easier to set up, depending
on the DLNA server software you choose.
Do realise this is a complete digital pre-amp if you choose so.
Just add a power amp or active speakers, connect your tv and cd-player and even your smartphone
over Airplay or - at lower quality and using the optional dongle - Bluetooth and you're
set.
Want to switch to Roon later on, that becomes available too.
Rather have your computer connected directly?
Possible too.
The sound quality is far above that of Sonos and clearly above that of Bluesound.
It also wins from the Elac Discovery that also has less functionality but does offer
the unique Roon Essentials software.
Next month the Cocktail Audio X45 will be released that offers about the same functionality
plus a hard disk option - so no need for a computer - but will be more expensive.
If you want to know when that review comes on line, subscribe to this channel or follow
me on Twitter, Facebook or Google+.
See the show notes for the links.
If you liked this video, please consider supporting the channel through Patreon or Paypal.
Just one dollar a month will do.
The links are in the show notes, just as the link to a description of my three setups.
Help me to help even more people with their stereos by telling your friends on the web
about this channel.
I am Hans Beekhuyzen, thank you for watching and see you in the next show or on theHBproject.com.
And whatever you do, enjoy the music.
-------------------------------------------
PubG Glitch / Bugs results in ban?! | PubG: Battlegrounds | Gameplay Funny Moments - Duration: 6:47.
For more infomation >> PubG Glitch / Bugs results in ban?! | PubG: Battlegrounds | Gameplay Funny Moments - Duration: 6:47. -------------------------------------------
gta 5 deu/ger wir tunen das neue fahrzeug - Duration: 37:06.
For more infomation >> gta 5 deu/ger wir tunen das neue fahrzeug - Duration: 37:06. -------------------------------------------
HAYATINIZDA EN MUTLU OLDUĞUNUZ AN NEDİR ? (RÖPORTAJ) - Duration: 6:03.
For more infomation >> HAYATINIZDA EN MUTLU OLDUĞUNUZ AN NEDİR ? (RÖPORTAJ) - Duration: 6:03. -------------------------------------------
Metal Gear Survive... NON CHIAMATELO METAL GEAR! - Duration: 1:16.
Metal Gear Survive
-------------------------------------------
Creepy Cute Flying Eye | Pastel Goth Fashion Jewellery | Polymer Clay Creations - Duration: 8:05.
For more infomation >> Creepy Cute Flying Eye | Pastel Goth Fashion Jewellery | Polymer Clay Creations - Duration: 8:05. -------------------------------------------
// How to edit photos BLACK AND WHITE in Luminar 2018 + FREE PRESET // - Duration: 8:38.
For more infomation >> // How to edit photos BLACK AND WHITE in Luminar 2018 + FREE PRESET // - Duration: 8:38. -------------------------------------------
The Best Cheap Korean BBQ in New York City || Operation $5 Lunch - Duration: 6:58.
- My name is Prez, and I work at Thrillist.
Around these parts, I'm known as the 5 Dollar Lunch Guy.
Every episode, I'm gonna put you guys onto
the very finest New York grub for $5 or less.
Korean food, we have halal,
and then you have Chinese food, right?
And then, in the middle of it, you have a triangle which --
listen man, I'm giving a presentation.
Anyways, bottom line is:
$5 illuminati confirmed.
Anyways, mission, bulgogi.
OK, so for you that don't know, bulgogi is thinly sliced,
marinated stir-fried beef,
which is a staple of Korean barbecue,
and one of the most popular Korean dishes in the US.
Now, if you've ever had Korean barbecue in New York,
you know you're gonna drop a few coins for it,
and it's always worth it.
But we can't just afford bulgogi in any random Korean spot.
So today, we're heading to Bed-Stuy
to hit up one of my local joints, Nostrand Cafe,
to have one of their amazing bulgogi tacos.
It's five bucks somewhere -- let's go!
So these are the rules of "Operation 5 Buck Lunch."
It's gotta be good, 'cause nobody wants bad food for lunch.
No big chains, 'cause that's just too easy.
It's gotta be $5 or less,
and whatever I don't use today
rolls over into the next episode.
Have you ever had Korean barbecue?
- Yes.
- No, I haven't. Never before.
- Never had Korean barbecue.
- It's one of my favorite things to eat.
- Oh, same!
What do you usually get?
- It depends, my friends and I like to switch it up.
We usually just like pork, beef,
and then we get a scallion pancake on the side.
- Usually, I get the bibimbap.
- OK.
- The spicy seafood.
- How would you describe bulgogi?
- It's not heavy, 'cause there's vegetables and meat
and everything, and it's just
a really good quick thing to eat.
- Have you ever paid under five bucks for Korean barbecue?
- No.
- What if I told you, you could have
Korean barbecue for under five bucks?
- I would say yes.
(laughs)
- Now the first time I ever had bulgogi at
a Korean barbecue joint was in K-Town in the city years ago.
And while I don't remember much about what I ate that day,
I do remember the bomb of a check
they dropped on us at the end.
Your boy was shook.
And that's why I'm so excited to put you guys on.
This place is a real gem for people who just want bulgogi,
but aren't trying to declare bankruptcy.
All right, enough talk -- let's get it.
Fun fact: If you didn't know,
or you've been living under a rock,
Bed-Stuy is Brooklyn's home of hip-hop with some of
the most prolific artists coming out of the area,
such as the legendary Jay-Z, B.I.G., Lil' Kim,
Big Daddy Kane, Fab, Mos Def, and Joey Badass.
Yeah, you heard me right,
Joey Badass is on my legends list and is prolific.
If you have a problem with that, @ me, son.
Also, our place is right across the street --
like, right there.
Here we are, Bed-Stuy, Nostrand and Lafayette,
Nostrand Cafe, let's go inside.
(upbeat music)
- [Prez] Hey, Jiwon, how are you man? You all right?
- How you doing, bud?
- Yo, this is my guy.
Anyways, so for people who don't know, what do people
need to know about Nostrand Cafe?
- Nostrand Cafe, it's a coffee shop.
We have great coffee, but we have amazing Korean food.
We have bibimbap, that's the most popular,
and the bulgogi.
Yeah, me and my brother-in-law, we were thinking about
opening our shop like this, and maybe a coffee shop,
but with a twist.
- [Prez] What is your favorite thing on the menu?
- Bulgogi sandwich. It's delicious.
- Please, please, please give me one of your
bulgogi tacos.
- All right, cool.
- How much?
- It's gonna be $5.44.
- $5.44? Oh, there you go.
- Thank you very much.
- Little bit of a rollover, ain't never hurt nobody.
Thank you. A little something for the next episode.
(upbeat music)
- And here it is!
Yeah, thank you, appreciate it.
Look at that guys, come here.
Look at this thing.
All right, wow, this is like, spilling out, I can barely...
I can barely close my taco.
(camera snap) Look at all of this,
spilling out of the taco for five bucks.
(upbeat music)
I have the best job in the world.
Please, understand: ask me what my top favorite foods are,
this is No. 3.
Describing this bulgogi taco is like
describing what it's like to get a hug from your mom.
I was literally in here last night, I was in here last week,
I was in here last month eating this taco.
This thing is deep in flavor.
You're getting the sweetness of the bulgogi beef;
it's marinated overnight, put in the fridge,
and then cooked stir-fried.
You have the kimchi, which has a bit of a kick,
a bit of a heat to it, on a cold day, it's amazing.
On a date night, it's amazing.
It also has vinegar that cuts through
a little bit of the heat as well.
The avocado kind of like neutralizes any heat
that you're really getting from the kimchi.
It's not cheap to get bulgogi, and it's not an easy process
to make bulgogi, so to get it for five bucks,
it's kind of incredible.
(upbeat music)
All right guys, come here, come closer.
Let me tell you a secret, let me tell you a secret.
This place is a nice place to take a date,
a nice little first date.
Korean barbecue's not cheap; it's like 25 bucks a plate.
You take your girl here, you take your girl here,
she doesn't have to know it's five bucks, son.
The flavors in this taco, the atmosphere in this place --
Jiwon, his mom in the back making the taco.
This is all home for me.
When we go to a place, and I don't clean my plate,
because I eat like a pig, but this is damn good.
And you know the best part about this is?
As soon as this camera's off, and I go home tonight,
guess what I'm gonna eat?
Bulgogi taco.
See you outside.
Today's mission was bulgogi,
which brought us out to Bed-Stuy for the first time
to link up with my friends from Nostrand Cafe to have
their amazing bulgogi taco.
Now, to have a gem of a place like this that goes
out of their way to make food affordable
is a win for everyone.
So with that being said,
today's mission was an absolute success.
It's in budget, not a big chain, and it's damn good.
Anyways guys, gotta get back to the office.
See ya later, bye!
(camera snaps) (upbeat music)
- Hey, what's going on guys, it is your boy, Prez!
Thank you so much for watching my show.
If you have any suggestions of where we should go next time,
leave them in the comments below.
Also, are you a dog or a cat person, let me know.
I mean, for me I'm a cat guy, my cat's name is Marvel,
she's real sweet -- anyways!
Also follow me on Instagram @5dollarlunchguy,
and I'll see you guys later.
Follow, like, subscribe, bye!
-------------------------------------------
"I'm grateful for Safak!" - Elif Episode 675 | Season 4 Episode 115 (English & Spanish subtitles) - Duration: 1:48.
Welcome Jülide!
- Thanks Melek - Welcome Jülide
Thanks sister, have you been busy?
- I hope you didn't get tired a lot - We manage my dear
So what have you been up to? Any news about the house?
Unfortunately! We still couldn't find it
What about Şafak? He couldn't help you out?
He worked so hard, he even called out his friends but...
...it is also out of his hands
Don't worry Jülide...
Everything will be fine at the end
Actually we found a place...
...in fact it was exactly what I needed
Then why didn't you rent it?
Şafak didn't want because it was a bit far
Şafak didn't want it?
I mean he dissuaded me from it
He just didn't want us move away from here not because of something else
I'm really grateful to him in any case
I wouldn't want to lose you...
...especially right after I found my precious Melek again
God bless him
Isn't it Melek?
Of course, you are right but at the end I couldn't find a place still
You'll find it, don't worry!
Let me help you
-------------------------------------------
CSS Keylogger - old is new again - Duration: 11:29.
The motivation for this video comes from this CSS keylogger example shared on HackerNews,
twitter and reddit and it's incredible popular.
The github repository with this example has thousands of stars after just a day.
And I find this quite fascinating…
But before we get into this particular example, let's got back in time to 2012.
In 2012, almost 6 years ago of this video, I was still at the beginning of learning more
about security.
I was still reading and learning a lot of the very basics.
Like basic XSS vectors with <script>alert(1)</script>.
And a friend of mine invited me to a small closed hacker conference.
And so there I am, a complete noob feeling like I don't belong there watching these
talks.
And there was one talk called "Script-less attacks" - attacks in a post-XSS world by
mario.
So the premise of the talk, as you can infer from the title, is about a world without javascript
and without XSS issues.
It's a thought experiment first and foremost, because having such a situation where you
have an HTML injection with no javascript context is rare, maybe with more and more
content security policies a bit less rare, but in the grand scheme of the web, one could
argue that it's "irrelevant", or not really impressive because it might not have
much impact.
But to me this was blowing my mind.
This is research.
This is posing an interesting question and it makes you think about everything in a much
more intricate way.
You can learn the basics of XSS in an afternoon, but then pushing the boundaries and learning
how far you can take, that is where you get really good at it.
So…
What if we defeat XSS, what attack surface will remain and will it make a difference?
First of all you have to think about what even your goal is.
What would be the goal of XSS.
So in general we want to steal or access data we are not supposed to access and we wanna
do this with HTML that we can inject into the target website a victim visits.
So this talk shows a lot of different techniques and tricks using various features, to extract
different kind of information from the site.
That could be logging keystrokes or could also mean access form daya such as a CSRF
token, a password or a credit card number.
This talk is actually based on a paper with the same name and mario gave this talk several
times and I link a recording in the description.
But we had the rule for this talk, for this thought experiment, to not use any Javascript.
To not use any XSS.
So the question is now, how can we mitigate or bypass CSRF protection by just using CSS
and other inactive stuff?
Not using any javascript atl all.
Can we do this?
Well, some other people did this already some years ago, and I think there was also a bluehat
talk, and an excellent one too.
It was sirdarckcat, gareth heyes and david lindsey they already did it.
And there is still a demo out there you can have a look at.
And they also used CSS.
Cascading Stylesheet.
So what they did, they were abusing attribute selectors.
And they were saying: hey, select everything that has value, or every input element that
has a values, that is starting with a letter "a", and give it a background image, that
is indicating that we have the letter "a".
So if there was "a" as the first letter, a request was sent out.
Same with b, c, d, e, f, g.
And they could also do this with the last letter, or with some letter in between.
What they could not do, is select me the n-th character.
So they couldn't do give me an element where the second letter is actually the a,b,c or
d or whatever.
So they had to bruteforce a lot.
They had to write a lot of CSS to make this happen.
It was like loads, literally megabytes of stuff they had to inject.
So it was not very feasible.
Also didn't scale, and attackers like to scale.
And then mario shows a more efficient and more insane technique to pull this off.
But as he pointed out, this idea with attribute selectors loading background images was already
introduced previously by Eduardo (@sirdarckcat - sorry.
No clue how to say that), Gareth Heyes and David (@thornmaker).
And now let's fast forward to 2018, to a tweet I came accross in Februray by Mike Gualtieri,
who apparently rediscovered this again independently.
You can see here how he explains the CSS attribute selectors and then uses the same background-image
loading trick.
He put a lot of effort into this, wrote a detailed article calling it "Stealing Data
with CSS" and even wrote a Chrome and Firefox extension that is removing these CSS rules
as a form of protection.
I feel a little bit bad for him because I think he thought he stumbled over something
new, but it was just a rediscovery.
But yeah, this can happen and happens in security a lot.
Different teams find stuff independently and maybe years apart.
And it's such an obscure technique as well, that it's very likely you haven't heard
of it before if you don't spend a lot of time with browser client side security.
And I guess I was just lucky that I saw mario's talk in 2012.
Now a couple of days later this CSS keylogger example turns up.
I'm not sure if it's a coincidence or if it was inspired by this article, but this
person created an extension that simulates a CSS injection into a page to steal characters
entered into an input field.
You can see the injected css here.
It uses CSS attribute selector for an input password field and depending on the value,
embeds a background image from a URL, which is sending that character to a server to collect
it.
Though there is one small detail here that is quite interesting.
You see the CSS attribute selector works on the value attribute.
So this doesn't work in a plain HTML example.
Even though the entered text is available via the value property on the input element,
it's not the attribute value.
So the CSS selector doesn't kick in.
That's also why the password stealing example of the blog post actually sets the value,
of the input element it wants to extract the characters from, via a GET parameter.
So this is a technique to steal attribute data.
So another good target for this technique is the CSRF token that is usually set as a
hidden input value.
But the github example worked on intputs where you just type in?
Well that's the small detail that is quite interesting.
Essentially what is happening is, that a lot of javascript frameworks, such as react react
on events like typing into a field and automatically propagate these values to internal variables,
but also properly set the value attribute of the input element.
So essentially it can be boiled down to this example.
On each keyup event, we set the value attribute to the value property.
As a test I have defined here a single rule that only kicks in when the character X is
detected.
So when we now test it, and type something in the field, we see the value attribute updating
accordingly, and with an X the CSS rule kicks in that could be used to extract the data.
And you can easily observe this behaviour on the instagram login form as well.
So IF instagram had an HTML injection, and for some reason couldn't execute javascript,
you could use that to steal input form data.
Pretty neat behaviour right?
Ok… so I don't want to talk down this research.
And I'm definitely not saying this research was stolen or anything.
I give them the benefit of the doubt, especially Mike seems to be very genuine and discovered
it by himself, which I think is impressive and is proof that he is very creative in his
thinking.
I mean, I didn't come up with this, and I'm not sure if I ever would have, I just
knew about it because I had heard it in a talk.
But I think it's an amazing example of, research that has been done in the past and
is rediscovered or resurfaces in a way.
The numbers of people interested in the CSS keylogger example shows that a ton of people
have never heard about it, didn't realize it was possible.
And so now more people learn about it.
And that's awesome.
So I hope I made it clear that there is research contribution I acknowledge and I don't want
to be one of those people who bolster themselves for having heard of it already in 2012.
However I want to put this also into perspective and I have to criticise a few things.
The name.
CSS Keylogger.
Okay, maybe the person who created it didn't anticipate how popular it will get, it's
a short descriptive name somewhat fitting, but daaamn, this is so easily misinterpreted
by most people and is fearmongering.
When we hear keylogger we usually think of a malicious malware running in the background
recording every keystroke, and that is terrifying.
Then sometimes we hear about browser keyloggers, and that is already a bit more nuanced because
it usually refers to keystrokes captures on ONE particular website via javascript, which
usually is also fearmongering by piggyback riding on the "keylogger malware" term,
because in such a context it's not a system wide keylogger and the javascript could do
other stuff that is worse than just logging keys.
And now this CSS example is even less impactful than that.
This specific example can only capture attribute values and usually only CSS injection, no
XSS, is quite rare.
Like mario already stated in 2012, it's more of a thought experiment and an interesting
research question, rather than something realistic.
There are some interesting edgecases, for example how about reddit that doesn't allow
javascript but CSS customization, and so you should know this technique exists when you
are looking for security issues, but it's pretty much irrelevant for most of the world.
The real world impact might be low, but like I already said it is a mindblowing idea.
It's maybe comparable to the discovery of a new distant planet in a habitable zone,
many people say "who the f' cares about this here on earth" we have real problems.
But it is awesome research, it is pushing the boundaries of technology, it is helping
us understand the world better, and so these CSS attacks help us understand web technology
and threats better and that in itself is already awesome!
But it's a problem when this travels so far and gets so popular, scaring so many people.
This and many more techniques have been known for like a decade and that is proof that this
is not a problem or an attack you have to worry about.
So just chill, look at the underlying technical data, ignore the FUD about de-anonymizing
TOR users or "keyloggers" and just appreciate how you can twist CSS to do insane stuff.
-------------------------------------------
How to Navigate Your Boat Using a Smartphone | BoatUS - Duration: 3:09.
Hello!
I'm Lenny Rudow here, back with you again for BoatUS Magazine.
Today, let's talk about this little device: the cellphone.
Now, let me be 100 percent straight up with you folks, you should never, ever depend on
this for navigation.
But, the truth of the matter is, your cellphone with a navigation app can come in really handy
if, say, your chartplotter dies.
Or when you're on a little boat like this, which is navigated visually and you don't
have the electronics.
It can be quite helpful, which is why I preloaded the SeaPilot app on my phone.
And another phone here with the Navionics app.
The actual navigation is very similar to using a chartplotter.
You can pinch to zoom in and out.
You can make a waypoint.
And you can navigate to it or choose from a number of different options.
Alright!
I'm ready to navigate.
[THUMP OF PHONE HITTING DECK].
Uh, oh!
Don't worry, folks.
Actually, this is an empty case.
I took my cellphone out before I did that because I knew darn well that the biggest
problem with navigating via cellphone on a small boat like this is that a phone tends
to get dropped, bounce off the deck.
Heck, sometimes it even goes over the side.
So, navigating with a cellphone on a small boat does require some very real care.
Uhp, now here's a problem.
The sun is blanking out the screen, and this is always an issue when you're using a cellphone
in the outdoor environment.
So naturally you just have to turn and shade the screen.
But, still, this little screen is much tougher to navigate with than a big-old chartplotter
at the helm, right?
Well, here's a tip.
This might be a common scale I'd use if I was on a boat with a chartplotter in this
little creek, but on this tiny little screen you can barely see it, so zoom in.
Always be sure to zoom in as close as you can, and that will give you a much better
view of your boat and the immediate surroundings.
One more thing, folks.
When you're running at planing speeds, don't even try and navigate by staring at this tiny
little screen.
It doesn't work very well.
What you really need to do is focus on a point of land far away and keep your eyes out there.
If you ever question your course, use your phone to check it once again.
And if you're on a larger boat, you should have a compass at the helm, so you can glance
down at the compass after you get your compass course from the phone.
We hope you've enjoyed this video.
And we hope you'll go to BoatUS.com and check out our other videos and articles on the website.
And, folks, please feel free to let us know if there are any other topics you'd like us
to touch on.
-------------------------------------------
Introducción a Sigfrido de Wagner (1876) - Duration: 10:03.
For more infomation >> Introducción a Sigfrido de Wagner (1876) - Duration: 10:03. -------------------------------------------
Super brain breathing exercise | techniques benefits focus concentration memory energy power boost - Duration: 6:44.
For better decision-making you need to think better and in that process your
breath holds the key. Your breath is one of the best tool to control your mind
and awaken that super higher consciousness within. Right way of
breathing rank higher than right food water and exercise. Welcome all. I'm Jyoti
Khatri, holistic health and wellness expert. Due to stress and irregular
lifestyle habits most of the time we breathe irregular and shallow. Hardly
utilizing a tenth of lung capacity. Normal breathing rate is about sixteen breaths per minute but
when you are under stress your breathing rate double. In this video I'm going to
show you how to breathe in right way all the time, will introduce long deep breathing
technique and discuss its benefits. Watch the video till the end as it covers the
essentials of right way of breathing that helps to improve your life and
boost your brainpower magnificently. Subscribe now to the Samaya yoga youtube channel
so that you don't miss any of these amazing videos that helps to improve your life naturally.
Let's get started.
one of the ancient secrets of Yogi's for healthy and long life is to consciously
reduced breath rate of about four breaths per minute. Ancient Yogi's said
that in order to master or have control over your own time of death
bring your breath rate down to four breath per minute. It sounds difficult
but remember it's a gradual process, first work on consciously bringing your
breath to eight times per minute and then four. Scientific study findings
report that 80% of disease are stress-related. Poor breathing increases
the stress and other illnesses. One of the most common physiological response
of the body towards stress be it physical or psychological is to increase
the breath rate. Shallow upper chest breathing with faster breath rate leads
to chronic stress and tension which weaken the nerves and act as a root of
many illnesses and disease. That is why along with good healthy diet and
exercise one should pay more attention to their breath too. Before introducing
the breathing technique let's see the benefits of long deep breathing. Long
deep breathing is a perfect way to relax and calm yourself down. It comes under
the active form of relaxation which will help to retune and reset your brain to
make correct decision automatically in difficult situations. When you fill the
lungs to maximum capacity you are feeding your electromagnetic field, This
helps to revitalize and readjust your magnetic field and protects you from
negativity. It also reduces the risk of illnesses or accidents.
You will feel instant energy boost due to the lifeforce (prana) in oxygen and
helps to pump the spinal fluids to the brain thereby giving you great clarity
positivity, increases alertness and awareness. It helps in breaking
subconscious undesirable habit patterns and addictions. Reducing the sense of
insecurity and fear. Your brain becomes super strong and you can condition it to
learn or develop new things faster. As the lung capacity increases so
does the secretion of the pituitary gland which is known as a master gland
and your mind will begin to develop the intuition of power. This breathing
technique helps to cleans the blood. Regulate the body's pH level and you
will be able to handle a stressful situation at ease. It helps reduce and
prevent toxic will they are caused by not clearing the mucus lining of the
small air sacs of the lungs. By the practice of this breathing, it helps
stimulate the production of chemical endorphins in the brain which eliminate the
tendency to depression. By using this breathing technique it activates and
cleanses nerve channels. Helps in releasing blockages in Meridian energy
flow, speed up the healing process and promote physical and emotional health. It
not only will restore the aura but also gives the ability to control your
negative thoughts and emotions. Now let's move on to the technique of long deep breathing
how to do long deep breathing efficiently long deep breathing is
simple complete and proper efficient breathing technique, using the lungs
properly the way it is made to be used. It is also known as diaphragmatic
breathing or abdominal breathing. The diaphragm is a circular barrier of
muscular tissue that separates the lung cavity from the abdominal cavity. The
breathing technique is simple. Let's begin by exhaling first. As you exhale
your abdomen contracts or shrinks. This pushes up on diaphragm creating a
pressure in the lung cavity which causes the air to be expelled. When you inhale
your abdomen expands the muscles of the abdomen draw the diaphragm down
This downward movement of the diaphragm creates a vacuum in the lung cavity so
air automatically flows into the lungs. To understand it better you visualize a
balloon when you feel the air in, it expands. In the same way when you inhale
your abdomen that is your navel area should expand. Likewise when you draw the
air out of the balloon it shrinks similarly as
exhale abdomen should contract or shrinks. Let's try it again. Place your
right hand on your abdomen now exhale and contract your abdomen to the fullest
as you do it you can observe the moment of your hands it goes in. Now as you
inhale your abdomen expands you will see your hands moves up. It is always best to
empty out your lungs first before you inhale so that more oxygen can come
inside the body. Practice it as often as possible for as long as you can. I hope
you liked this video. Hit the like button down below. Be sure to share it with your
friends or anyone who might benefit from this video. Also subscribe to Samaya yoga
YouTube channel to get more amazing videos like this. Comment down below what
you want to see next. I'll see you in the next video
-------------------------------------------
Jon Batiste | Who's in the Lobby at Juilliard? - Duration: 0:48.
♫ ♫ ♫ [swinging piano and melodica jazz music]
[applause as music fades]
Không có nhận xét nào:
Đăng nhận xét