Pre paid code for turbotax
Sneakerheads Unite!
2009.01.21 20:01 Sneakerheads Unite!
A subreddit for sneaker lovers.
2013.08.12 02:33 App Nana Invitation Codes
Submit your invitation codes on a thread for everyone to see!
2014.12.28 04:39 Signups For Pay
A community to sign up for some company or app in return for money.
2024.05.15 17:12 No-Physics7479 Integrated Circuits (ICs) for Memory
Function Integrated circuits (ICs) specifically designed for memory function store data in binary format. This data can include programs, data, settings, and more. Memory ICs can be classified into two main types:
- Random Access Memory (RAM): RAM stores data that can be read, written, and erased. Data in RAM is lost when the power is turned off. RAM is used to store data that is currently being used by the computer, such as running programs and data that is being edited.
- Read-Only Memory (ROM): ROM stores data that can only be read, not written or erased. Data in ROM is written into the chip during manufacturing and cannot be changed afterward. ROM is used to store the computer's boot program, BIOS, and other data necessary for system operation.
Components Memory Cell The memory cell is the basic unit of memory in integrated circuits, responsible for storing information in the form of bits (0 or 1). Each memory cell is composed of the following main components:
- Transistor: Transistors are semiconductor components that play a key role in storing and reading data. Two common types of transistors used in memory cells are MOSFETs and bipolar junction transistors (BJTs).
- Storage Structure: The storage structure is where the bit value (0 or 1) is stored. The most common storage structure is the bistable structure, which uses two stable states of the transistor to represent the two bit values.
- Access Circuit: The access circuit provides the ability to read and write data to the memory cell. The access circuit includes transistors and logic circuits to decode addresses, select the memory cell, and control data read/write operations.
Operation of Memory Cells The operation of a memory cell depends on the type of storage structure used. Here is a description of how a bistable memory cell using MOSFETs operates:
Storing Data: - To store a 1 bit, a voltage is applied to the gate of the first MOSFET transistor, causing it to conduct and create a current flow through the transistor. This current changes the voltage on the capacitor, creating a stable state that stores the 1 bit.
- To store a 0 bit, no voltage is applied to the gate of the first MOSFET transistor, causing it not to conduct and no current to flow through the transistor. The voltage on the capacitor maintains the current state, storing the 0 bit.
Reading Data: - To read data, a voltage is applied to the gate of the second MOSFET transistor. This transistor conducts and allows current to flow, depending on the voltage on the capacitor.
- If the capacitor is charged (storing a 1 bit), the current will flow through the second MOSFET transistor, generating a voltage at the output that represents a 1 bit.
- If the capacitor is not charged (storing a 0 bit), no current flows through the second MOSFET transistor, and the voltage at the output represents a 0 bit.
Writing Data: - To write data, a voltage is applied to both gates of the MOSFET transistors. This voltage changes the voltage on the capacitor, overwriting the new bit value into the memory cell.
Significance and Purpose of Memory Cells Memory cells play a crucial role in integrated circuits, enabling the storage of information essential for circuit operation. Common types of memory that utilize memory cells include:
- Random Access Memory (RAM): RAM stores temporary data that can be read and written multiple times. RAM is used to store data that is currently being processed by the CPU or other parts of the computer.
- Read-Only Memory (ROM): ROM stores fixed data that can only be read. ROM is used to store the computer's boot program, BIOS, and other data that does not need to be changed.
- Flash Memory: Flash memory is a non-volatile type of memory that can be read, written, and erased multiple times. Flash memory is used in flash drives, memory cards, and other portable storage devices.
In addition, memory cells are also used in applications such as:
- Digital Signal Processors (DSPs): DSPs use memory cells to store data and filters required for signal processing.
- Microcontrollers: Microcontrollers use memory cells to store programs and data necessary for controlling peripheral devices.
In summary, memory cells are essential components of integrated circuits, playing a vital role in storing information and supporting the operation of various electronic devices.
Address Decoder Circuit Function An address decoder circuit is a crucial component in integrated circuits (ICs) responsible for converting binary code into control signals to activate the corresponding functional blocks within the IC. With the help of an address decoder circuit, ICs can perform complex functions such as accessing memory, performing calculations, communicating with peripheral devices, and much more.
Components and Operation of Each Component - Comparator Array:
- Consists of logic comparators that compare each bit of the input binary code with the address values stored pre-programmed inside the IC.
- Each comparator has two inputs:
- Data input: Receives the corresponding bit from the input binary code.
- Address input: Receives the corresponding address value stored pre-programmed in the IC.
- The comparator output is high if the two input values match and low if they do not match.
- Logic Circuit:
- Combines the comparison results from the comparators to generate control signals for the functional blocks.
- Utilizes logic gates like AND, OR, NOT to process the comparison results and generate the appropriate control signals.
- For example, if the input binary code indicates a specific memory location, the logic circuit generates a control signal to activate the transistors that access that memory location.
- Buffer:
- Amplifies and stabilizes the control signals before sending them to the functional blocks.
- Ensures that the functional blocks receive clear and accurate signals for precise operation.
- Minimizes noise and ensures system reliability.
Overall Operation - The address decoder circuit receives an input binary code.
- Each bit of the input binary code is compared to the corresponding address value in the comparator array.
- The comparison results from the comparators are fed into the logic circuit for processing.
- The logic circuit combines the comparison results and generates the appropriate control signals for the functional blocks.
- The buffer amplifies and stabilizes the control signals before sending them to the functional blocks.
- The functional blocks receive the control signals and perform their corresponding functions.
Significance and Purpose Address decoder circuits play a critical role in controlling the operation of integrated circuits. Because of them, ICs can perform numerous complex functions accurately and efficiently. Some specific applications of address decoder circuits include:
- Memory: Selecting a specific memory location for access.
- Processor: Selecting the instruction code to execute.
- Peripheral Controller: Selecting the peripheral device to communicate with.
- Decoder Circuit: Converting binary code into analog signals.
How it works: An address decoder circuit works by receiving an input binary code and converting it into control signals for the corresponding functional blocks within the IC. The input binary code can represent a memory address, a register location, or any other information needed to identify the functional block that needs to be activated.
Significance and Purpose: Address decoder circuits play a vital role in controlling the operation of integrated circuits. With the help of address decoder circuits, ICs can perform complex functions like memory access, calculations, peripheral device communication, and much more.
Buffers in Integrated Circuits (ICs) Concept A buffer is an electronic circuit that amplifies an input signal without altering its waveform or amplitude. In other words, a buffer strengthens a weak signal so that it can be used by other circuits, while also isolating the signal from noise and loads.
Structure Buffers are typically constructed using transistors arranged in a voltage or current amplification configuration. These transistors are connected together in a specific structure to create the function of amplifying the input signal.
Operation Buffers operate based on the principle of amplifying the input signal. The input signal is applied to a first transistor, and then amplified through subsequent transistors until it reaches the desired voltage or current level. This amplification process occurs without changing the waveform or amplitude of the input signal.
Classification Based on their primary function, buffers are classified into two types:
- Voltage Buffer: Amplifies the voltage of the input signal.
- Current Buffer: Amplifies the current of the input signal.
Applications Buffers are widely used in electronic circuits, especially in integrated circuits (ICs). Some common applications include:
- Signal Isolation: Helps protect signals from noise and loads.
- Signal Strengthening: Enables weak signals to be used by other circuits.
- Impedance Conversion: Matches the impedance of the signal to the impedance of the other circuit.
- Interconnecting Different Circuits: Connects circuits with different voltage or current levels.
Examples - Operational Amplifier (Op-amp): A common type of buffer, amplifies voltage signals, inverts signals, compares voltages, and performs basic mathematical operations.
- Bus Buffer: Amplifies signals on the data bus, ensuring accurate, undistorted signal transmission.
- Output Buffer: Amplifies the output signal of an IC, providing enough current to drive the load.
Advantages - Increases signal strength.
- Isolates signals from noise and loads.
- Converts impedance.
- Connects different circuits.
- Protects signals.
Disadvantages - Introduces signal delay.
- Increases power consumption.
- May alter signal distortion.
Read/Write Control Circuit in Integrated Circuits (ICs) Detailed Structure - Address Decoder:
- Decoder Type:
- Combined Address Decoder (CCD): Utilizes logic gates to decode the binary address into control signals for rows and columns in memory or registers. Advantages: simple, saves chip area. Disadvantages: slower decoding speed.
- Hierarchical Address Decoder: Employs multiple small decoders arranged in a hierarchical manner to decode the binary address. Advantages: faster decoding speed. Disadvantages: more complex, consumes more chip area.
- Decoder Size: Depends on the memory capacity or the number of registers to be accessed. For instance, a 256-byte memory requires an 8-bit address decoder, while a 64KB memory needs a 16-bit address decoder.
- Chip Select:
- Logic Gates: Uses AND and OR gates to combine control signals from the CPU, DMA, interrupts, and other sources.
- Control Signals:
- Chip Select (CS): Enables or disables internal IC circuits upon receiving a high signal.
- Read Enable (RDEN): Allows data reading from the IC.
- Write Enable (WREN): Allows data writing to the IC.
- Read/Write Controller:
- Logic Circuit: Employs flip-flops, logic gates, and a finite state machine to generate read (RD) and write (WR) control signals.
- Access Mode:
- Synchronous: Data is transferred into or out of the IC along with the clock pulse.
- Asynchronous: Data is transferred into or out of the IC without a clock pulse.
- Single Cycle: Data access completes within one clock cycle.
- Multi-Cycle: Data access requires multiple clock cycles to finish.
- Data Buffer:
- Type:
- Register: Stores data as voltage signals on transistors.
- Flip-Flop: Stores data as the state of a latch.
- Capacity: Depends on the data bus size and the number of bytes to be temporarily stored.
Detailed Operation - Access Request:
- The CPU or external device sends an access address and control signals to the system bus.
- The access address identifies the specific location in memory or a register to be accessed.
- The control signals indicate the access type (read or write) and access timing.
- Address Decoding:
- The address decoder receives the access address and decodes it into row and column signals to determine the specific location in memory or a register.
- Chip Select:
- The chip select checks the control signals to determine if the access request is intended for the IC or an external device.
- If the request is valid, the "chip select" signal is asserted to activate the internal IC circuits.
- Access Validation:
- Other control signals (like RDEN and WREN) are checked to ensure access is allowed.
- Read/Write Control:
- The read/write controller generates RD and WR signals to control data read or write operations.
- It determines the timing and method of data access based on the memory or register access protocol.
- Data Access:
- Data is read from or written to the memory or register at the location identified by the address decoder.
- Data Buffer:
- The data buffer temporarily stores data during access to reduce noise and ensure data integrity.
- Data Transfer:
- Data is transferred from the data buffer to the system data bus for the CPU or external device to read or write.
Advanced Example of Read/Write Control Circuit Operation in an IC - Reading Data from Memory:
- The CPU sends memory address 0x1234 and a read signal (RD) to the system bus.
- The address decoder of the memory IC decodes address 0x1234 into row select 4 and column select 12.
- The chip select checks the "chip select" signal and other control signals to ensure valid access.
- The read/write controller generates an RD signal to activate the read operation.
- Data from the memory cell identified by address 0x1234 is read and stored in the data buffer.
- Data is transferred from the data buffer to the system data bus.
- The CPU receives the data from the data bus.
2. Writing Data to a Register: · The microcontroller sends register address 0xABC and a write signal (WR) along with data 0x5F to the system bus.
· The address decoder of the microcontroller IC decodes address 0xABC into the specific register select signal.
· The chip select checks the "chip select" signal and other control signals to ensure valid access.
· The read/write controller generates a WR signal and transmits data 0x5F to the selected register.
Many Sources
submitted by
No-Physics7479 to
BblackHhorse02 [link] [comments]
2024.05.15 17:10 Blanco_ice Finally hit $10k a month!
After a decade of trying different ideas with success rates varying between minimal to none, I finally found success (in my opinion) being a solopreneur and doing something I truly enjoy doing
I'll keep this as short as possible, maybe it will inspire some, or persuade others.
- Moved to NYC in 2013
- Started my first company in 2014 -Beyond Neutral, an alkaline forming juice company. (Extremely difficult category with a cold pressed, non stable, short shelf life product that costs a lot of $$ to ship)
- Started a juice shot company in 2015 - We learned some lessons from Beyond Neutral and pivoted to ShotCo. A line of gut, pre workout, probiotic, etc... type of healthy shots, we were one of three companies at the time that were doing this. We did pretty well but after 3 years shut down.
- 2018 - 2020 - Worked a shitty job I hated while trying to figure out what I'm going to do next
- 2020-2023 - Tried 5 different ideas but flopped early with all 5 for varying reasons (mismatch with co-founder, flat out bad idea, Covid, not enough capital, etc...)
- 2023 - 2024 - Started The Woof a 2x weekly B2B focused newsletter that covers all the latest in the pet space, or as one reader called us - "Morning Brew for the pet industry". I originally started it for fun, had no long term monetization strategy but more so just wanted to see if I could grow it organically. After 10 months of publishing regularly this month we've done more than the entire 9 months combined.
Entrepreneurship is hard, trying a new business is hard, self motivation is hard, marketing is hard, self promotion is hard, grinding is hard, building relationships is hard, making money is hard, scaling a business is hard. When reading all the success stories online, it makes it seem like being a millionaire is super easy, many of us get sucked into the promise of "if you just grind, you'll make it" and grinding it out definitely improves your odds, but like anything in life, nothing is guaranteed.
With that said, when you find that thing you enjoy doing, that gives you the flexibility you want and the income you desire and you start seeing how you can scale it and build it, that's super rewarding.
So is it worth 10 years of failing? That's for each of you to figure out for themselves. I look at it as tuition, I learned my lessons, took my knocks, "paid my dues" and now I can take those lessons and build upon them.
submitted by
Blanco_ice to
Entrepreneur [link] [comments]
2024.05.15 17:04 Beachlover8282 $10 Survey for Gig Economy Workers
submitted by
Beachlover8282 to
paidfocusgroupopps [link] [comments]
2024.05.15 16:59 GOZDZILLA Pre sale code for any one to use good luck one time use I am sure
2024.05.15 16:57 bookligt Pre Inked Stampers Coupon Code
Check this out for
Pre Inked Stampers Coupon Code. Find the best deals for you by looking at the current promo codes and coupons on that page. You'll always find the newest coupons, promo codes, and deals on that page. Choose one to apply to your order and save money.
submitted by
bookligt to
AceDeals [link] [comments]
2024.05.15 16:54 Outrageous_Sir_1541 Capital on Tap Business credit card - £75 referral incentive, 1% enduring cashback: referral code: 2REFP537S57
If you are the Director of a Limited Company registered on Companies House then this business credit card might will be of interest.
Once you have successfully applied and registered it is a free business MasterCard which pays 1% cashback on all purchases. If you sign up via my link and make at least one purchase then we will each get £75 credit on our accounts. Combine this with the 1% cashback on purchases and it seems a lot better than anything the ordinary consumer can get. Steps to get £75 credit to your account: I have been using for several months and all seems smooth so far. They have a good Contact Centre and it is easy to setup a DD for the monthly payment (full amount) or pay off using debit card.
This does not have any impact on your personal credit report or credit score but is against your Ltd company. Balances need to be paid off every month to avoid interest payments (in the same way as a normal credit card).
No annual fees.
On going 1% cashback, paid every month, and can be redeemed directly as a credit on the account, paid out to your bank or as Amazon vouchers (+2%) Successful applicants through my link get £75 credit on their account to spend anywhere!
Please get in touch if you want to discuss any details of this offer. For Ltd Company businesses it really is a no-brainer once you have got through the application form.Sign up through this link https://account.capitalontap.com/apps/apply (about 2 mins) and add referral code: 2REFP537S57.
Have your company details to hand.
Non-ref https://www.capitalontap.com/en/ (no £75 incentive) Wait for the card to arrive in the post. Activate the card online. Make a single purchase (£1 Amazon will suffice) Once the purchase has cleared (about 1 week, max) you will get a £75 credit that can be used against future purchases.
submitted by
Outrageous_Sir_1541 to
u/Outrageous_Sir_1541 [link] [comments]
2024.05.15 16:53 Selfaware_squirrel Pretty sure my company is screwing me but looking for a second opinion
A couple of things have happened over the course of the year that have led me to believe the company (shocker) isn’t really in it for the Account managers success. Here are the main things
- Screwed out of $15k in commissions - As a new AM I was put on a “protection period” to protect against an account cancelling but the way it worked was that it ended the day after 4 accounts renewed so I wasnt able to get paid on those renewals
- At the end of last year I wasn’t promoted because I missed my quota by .05% ($800k book of business) despite have a really intense year renewals wise
- I didn’t get a raise because I got a mediocre/bad performance rating for 2023 because I was forcibly put on a “success plan” (essentially a pre-PIP).
Realize one single instance here can be chalked up to being a fluke, but at this point, it’s simply a pattern of being screwed over by the company left and right. I brought up my concerns to Sales leadership and HR, but it’s like talking to a brick wall, honestly. Thinking of raising this to a more senior VP, but before I do wanted to share with this community for some guidance.
Last thing I’ll say is my company isn’t known for paying very well, it’s a big brand name and people come work here to pad their résumé and for internal opportunities, so I feel like they really need to pull through on this with me because as it is, I’m not getting paid industry standard.
submitted by
Selfaware_squirrel to
techsales [link] [comments]
2024.05.15 16:44 MoonshineMaven Concert Fees
I know this is a topic that people have beaten to death but I just can’t get over how much concert going has changed in my lifetime and it makes me sad that young people are being priced out of such an amazing experience. For reference I’m 30 years old and have gone to a pretty large number of shows and festivals throughout my lifetime as it’s one of my favorite things to do. I vividly remember being in middle and high school going to shows for dirt cheap. I think the most I paid for a concert ticket in high school was back in 2010 for $80 and it was a massive homecoming concert that featured California Swag District, Chrisette Michele, J. Cole who brought out Petey Pablo, Rick Ross, Drake and a host of other special guests from around that time so to say it was a bargain doesn’t even cover it. Flash forward to 2024 I just got the Amex pre sale tickets for Childish Gambino and they were $730 for two tickets and almost $300 of that was just fees. I’ve paid less to attend camping festivals and I just don’t see how this is sustainable long term. Going to shows used to be such a fun thing to do with friends but $730 is almost what we pay a month for our HOUSE so it’s crazy to me that we have hit a point where people are having to drop rent/mortgage money to see a live show. I’ve also noticed all the new financing options on ticket websites like Klarna and Afterpay, like are we really at the point where people have to finance tickets just to enjoy live music!?
submitted by
MoonshineMaven to
mildlyinfuriating [link] [comments]
2024.05.15 16:44 FockCucker Most accurate BITSAT 2024 Prediction + much more [OC]
| pre-writing opinions: Reddit's markdown support sucks ass, no LaTeX and no mermaid support, fuck u/spez Disclaimer: LONG READ. These are predicted and the opinions and results may vary for every individual, gaali mat bakna, mai thoda weak ho rakha hu abhi. Although I am pretty confident about what I found, but still, DO NOT BLINDLY BELIEVE EVERYTHING YOU SEE , you are only allowed to take notes of what could happen. Table of Contents - 5 Year score v/s cutoff v/s no. of applicants v/s seats available comparison
- Projected scores required for 2024
- Fee details broken down w/ projected costs of living, hostels and mess charges and miscellaneous
- Should you join it?
- Toughness of the courses offered
- What courses to take <-- needs personal introspection
- My remarks and need for amateur developers.
5 Years' scores detailed review BITSAT has always seen large number of candidates giving their exams. I used 3 different regression methods for finding the projected number of candidates scoring 88% and above in BITSAT. Here's the catch, BITSAT was of 450 marks before 2021, but I noticed a linear relation whatsoever for which some blogs claim was due to the ease of solving paper which was higher as of then.[1] Projected number of candidates scoring >= 316 marks Don't worry about how I plotted the graph, for the ease of viewing I used a calculative exaggeration method, while all the calculations being done on the raw data only. Here, all the regressions have too much difference between them which throws off the ease of just averaging the three. Instead I used what is called the R-squared value to find an accurate follow-up projection for the number of candidates. The R-squared value for the three are as follows: R-squared values: Linear Regression: 0.8401621913740709 Polynomial Regression: 0.9161966003792115 Exponential Regression: 0.922505755755209 Projected next outcome using damped Exponential Regression: 15916.26589649187 Cutoff Prediction Now, the best part, cutoff prediction. Here, you need to know one more thing that all the campuses have a record of increasing the number of seats for their programs every year which has somehow worked a little to adjust to the 'population inflation' and has kept the numbers steady. AAAAAANNNND, here comes the issue, while looking at the seat matrices for BITS, the seats in all branches has remained the same since 2017 (increase in seats for CSE). (2018 for Goa campus). ALTHOUGH, due to the addition of the new Mathematics and Computing course, it can have significant impact on the No. of seats v/s Cutoff debate Seeing with the lowest marks required for joining B.Pharm at three campuses of BITS: Cutoff v/s Candidates remained consistent till 2020 [2][3][4][5] NOTE: some of you jhaatus will be paranoid about how the cutoff decreased with much higher candidates. It's due to increase in the number of seats due to the new MnC branch NOTE 2: I am speculating about the predicted number of candidates, since, the popularity has seemingly exponentially increased due to youtuber bhaiyya didis. Notice that I used a simple polynomial regression here due to having much simpler values for predicting the consecutive iterations. Why I couldn't correctly predict for CSE See, the choices of students during counselling is really complicated and after reviewing some previous year details and cutoff scores, I couldn't have a perfect idea about how the relationship is maintained. That's why I will need someone else with more free time to help me polish my code for predictions. Anyways, here's the predicted cutoff for some branches using exponential regression: Branch | Pilani Campus | Goa Campus | Hyderabad Campus | CSE | ~356 | ~312 | ~299 | MnC* | ~310-ish | ~290-ish | ~280-ish | ECE | ~300 | ~279 | ~272 | * no regression, only compared ratios with the cutoffs of IIT Roorkee (JoSSA 2023) Broken Down Fee details and Costs of Living With inflation and the enduring lust for money, the hostel charges are continuously being increased since a few years, here's the detailed breakdown for what I have observed. Academic Year | Semester fees (per sem) | Hostel + mess + elec (per sem) + advance | Summer term fee (whole) | costs of living (projected and adjusted for inflation) | 2019-20 | 1,78,000 | 22,900 + 15,000 | 62,300 | ~10,000 (covid) | 2020-21 | 1,99,000 | 24,150 + 15,000 | 69,900 | ~27,000 (covid) | 2021-22 | 2,18,500 | 25,550 + 15,000 | 78,000 | <~50,000 (post-covid inflation) | 2022-23 | 2,31,500 | 27,100 + 15,000 | 83,700 | <~50,000 | 2023-24 (CURRENT) | 2,51,000* | 28,800 + 15,000* | 87,900* | <~55,000 | * The fees are as per the archive since their webpage went down -> 2023-24 fee structure The projected 4 year B.E. course price you have to pay would not exceed ~INR 27,55,000 /- I am too lazy for finding projected for other courses. Should you join it? as a disclaimer, I am in no position to judge as I have lost hopes getting into BITS this year, since I have wasted a lot of money and seeing our house put of collateral for securing my admission into VIT I am in no way entitled to ask more money for second attempt from parents, but I can give you suggestions from what I've researched when I used to daydream about getting into BITS. Overall Culture: when it comes to projects and teams, the students get highly competent, and after finding a good partner, you could go for numerous competitions like the Mars Rover Challenge (personal favourite), which needs skills from almost all branches inclusive of chemical and materials department. Which in turn also leads to better communicative skills and a top tier social life. Imagine your parents get to see you with bunch of smart ass people just discussing about different stuff ranging from algorithms to spatial modelling of biological molecules, they will feel on top of the world. Student life: I will not talk about the zero attendance policy nor about the strictness inside campus. Here, you NEED to have a control over yourself, drug peddling is quite common although no one talks about it, even at VIT Vellore, kids find a way to get that mind numbing puff. You will have an urge to just try it for once to find what is it for real, but DON'T. I guess I don't need to elaborate more. Second, remember: Darshane Punyam, Sparshane Paapam Look at all the chics, maybe even flirt with them under limits, but don't indulge in bad stuff since you already know how horny you really are. Now, for a better part BITS hosts numerous fests varying from cultural to tech clubs, some of the highlighted as follows: Type of Event | Pilani | Goa | Hyderabad | Cultural Annual | Oasis | Waves | Fervour, PEARLS(?) | MUNs | BITSMUN | ----- | ----- | Tech Annual | APOGEE | Quark | ATMOS | Sports | BITS Open Sports Meet (BOSM) | Spree | Arena | Entrepreneurial | ----- | Coalescence | ----- | Social Service | ----- | ----- | IGNITE | Click on the campus names for detailed info about all the events. Toughness @ BITS doesn't need much of a warning, it's tough. Although, the first year will go on a cakewalk, same stuff for everyone to learn, you might have problems with the engineering physics and drawing classes** so be prepared. Maintaining 9+ GPA is really hard, you have work your arse off more than what you are doing right now. Getting scholarships is on the tougher side too, you can manage to get 10% off by little work, but getting those sweet 80% waivers can be tough, you have to ace your quizzes and assignments. By the 3rd year, you will start getting tensed about internships, their interviews, your GPA and finally your courses. You have to be ready and try to complete all the side courses (if any) by the end of the third year so you can focus more on placements the next year (only for low pointers). That's all of what I've learnt and understood from the students, there are easier aspects too but only if you are actually smart and can do more work in much less of a timeframe. What course should I take? You need to introspect yourself before asking this question, many people say to follow your interest but it's not always practical. You see, I have a friend who wants to become a physicist, and yet he isn't able to solve measly problems in physics which might need more brainpower, and even shitting himself on questions of nuclear physics when he wants to do research in that specific field. Not only about questions, he doesn't even properly know about how the Hadron Collider works, just spurts out some random Fission and Fusion chickenshit when asked about. OK, you should totally give your interests a higher ground during the counselling but ask yourself if you are actually ready for what you have to learn for the next four years, probably even your whole life. Since, it's BITS you'll be able to adapt yourself, but always take caution before every choice you're going to fill in during choice filling. Don't embarrass yourself afterwards. Here are few courses your might be interested in anyways: Interests | Skills | Course recommendation | Computers, Maths, Hardware (JOB BIASED) | Little bit of OOP, good statistical knowledge, knows how shit works | Computer Science, Mathematics and Computing, Electronics and Communication, Electrical and Electronics | Physics, Building stuff, Likes to experiment (JOBS OR RESEARCH) | Classical physics, mechanics, civil engineering stuff | Mechanical, Electronics and Instrumentation, MSc Physics, Civil | chemistry | chemistry | chemistry | Maths, economics, next harshad mehta | Maths (a little bit advanced is good), statistics, Economical and current affairs | MSc Economics, MSc Mathematics | Biology, chemistry | Biology, chemistry, (teeny weeny bit of Physics) | B.Pharm, MSc Chemistry | My rants, remarks and opinions Honestly, this was a ride and an escape for me to relieve a little bit of stress about how I was fcked this year. Denied EWS certificate, filed for an appeal, and no progress. Gave JEE as an OPEN candidate. Somehow got 10k rank in VITEEE, got cat 3 CSE, dad told me to leave no opportunities, now have to pay 4 lakhs tuition fee per annum, dad's income is 4 lakhs per annum. Took an educational loan from Indian Bank (13% interest + our house on collateral). Called VIT, told me they will give a full refund if withdrawn before 11th September, but have to pay a cut of interest for the loan taken (did not specify how much). I am pretty sure they will be asking easily at 2-3 lakhs, unprepared for BITS after Nanu's death on 22nd April, (my VITEEE was on 24th), went with my mom to Kerala and back the next day and then again back to Kerala with dad and my 24 year old brother who has cerebral palsy. spent about 50k on the flight tickets alone. Wouldn't get BITS in the first attempt, afraid to register for 2nd. Can't even commit suicide thinking about my brother, entitled school topper yesterday after results, teachers saying that I am not getting of what I am capable upto, really disappointed about me joining VIT instead of IITs (for god's sake). Cousin sister told me to join her in Germany, (I've learnt german from her) but the living costs so high and the amount of stress my parents would have to take for this year has concerned me enough already. No one asks for this but please dm me, tell me your stories, it's nice to have someone around to talk shit. Enough of rants, best of lucks to everyone FOR AMATEUR DEVELOPERS OR INTERESTED IN DEVELOPING/RESEARCH Since, this June and July are going to be an empty and un-exciting month for most of you, I need some amateur developers who can help me in building a college recommendation portal, which will help ease out the stresses students have to take while counselling and choice filling, I mean if not interested in joining some random dude and working your arse off, just take it as a recommendation for your next project :) [1] Find the blog here for detailed scores from 2012 [2] BITSAT 2020 Cutoff scores [3] BITSAT 2021 Cutoff Scores [4] BITSAT 2022 Cutoff scores [5] BITSAT 2023 Cutoff scores This was a high effort post btw :) Thank you to the readers who read the whole thing submitted by FockCucker to JEENEETards [link] [comments] |
2024.05.15 16:40 pole_for_hire Pin code issue on Amex
Hi fellow cc holders
I am looking forward to apply for Amex platinum travel card. But current pin code on my adhaar is of my hometown, currently i am working in NCR(my current address, with rent agreement). Can i apply for Amex cards? I heard there is some serviceable pin code issue.
Should i apply for amex? I have Infinia(paid), Sapphiro, Tata neu(paid), Scapia. My expenses are more than 10L on infinia so its free. Overall my expenses are 20L+ mostly on infinia. Plan is to shift 4L of expenses to Amex and use points for marriott. Does this make sense?
Thanks for your time
submitted by
pole_for_hire to
CreditCardsIndia [link] [comments]
2024.05.15 16:15 ibitmylip NYTimes article on sextortion scams
“Called financial sextortion, it is a uniquely modern riff on the romance scams of yesteryear in which the lonely were seduced into parting with their money by people posing as suitors.”
“This new iteration preys on young men and teenage boys, and the images are held as ransom — often for as little as a few hundred dollars, to be paid typically through cryptocurrency or even gift cards from the sender.”
“A scammer located in, say, the Ivory Coast, will create an attractive female avatar.
To find targets, he may trawl a high school football team’s social media account and “friend” all the players; those who accept the friend request are sent flirtatious messages.
Once the person has obtained a photo — one that shows both genitals and face, for more leverage — the scammer will use that list of people as well as the victim’s online friend list as a weapon, threatening to send the compromising picture to teammates, coaches and teachers.”
This link should work for anyone, even if they don’t have a subscription:
https://www.nytimes.com/2024/05/15/nyregion/social-media-scam-sextortion.html?unlocked_article_code=1.sE0.5hOb.t80A--URmLDM&smid=url-share ETA:
What to Do if You Are Threatened With Sextortion: It’s not a hopeless situation, experts said. Here are four practical steps to take.
https://www.nytimes.com/2024/05/15/nyregion/sex-scam-extortion-what-to-do.html?unlocked_article_code=1.sE0.27IZ.o5OAro1vSSji&smid=url-share submitted by
ibitmylip to
Scams [link] [comments]
2024.05.15 16:09 ExclaimerHelp Why do so many emails end up in junk?
1. Use of spam trigger words and phrases
Email content filters analyze every word in an email to see if it has common spam words. If your email has a large amount of spam words, the server will block your email or send it to junk folders.
There are certain words that will trigger spam filters, so it’s best to use these sparingly or avoid using them completely.
2. Unequal text-to-image balance
Email servers favor messages that have an equal text-to-image ratio. They don’t like emails that heavily feature images. Using more imagery than text will directly affect your email deliverability rates and make sure your messages go straight to junk folders.
Always include at least two lines of text for every image or graphic you put in your email. All images should have Alt text, and don’t use short URLs if you’re including hyperlinks.
3. Poor text formatting
Stick to using
~one font type~, one font size (below 12pt), and one font color. It’s fine to venture away from the standard black font, but don’t use multiple colors. Doing this is as bad as using spam trigger words.
Punctuation is also key; using more than one exclamation or question mark in the subject line or body of the
email is considered spam-like.
4. Not using a legitimate “From:” email address
It’s not recommended to use a free or personal email address like
Outlook.com/Hotmail or Gmail as your “From:” address. Instead, use an email address from your organization’s domain. If you don’t want to receive lots of out-of-office replies, set up an email address specifically for marketing emails and send from this address every time.
It’s also best to avoid using email addresses that begin with ‘info’, ‘noreply’ or ‘sales’. These are seen to be generic, so they will often end up heading straight to email junk folders.
5. Bad HTML code
If your code is badly written with extra tags or was designed in Microsoft Word and then copied across, spam filters will be alerted. This will affect your open rates and it’s likely your email will be blocked.
To avoid this, you can use pre-made email templates or find an experienced designer to create a branded HTML email template with properly written code.
submitted by
ExclaimerHelp to
emailtipsandtricks [link] [comments]
2024.05.15 16:05 weebverse [Opencare] 🎁 Get dental care and get 💳 $125 for it! 🎁(LIMITED TIME OFFER for US & Canada, until May 20, 2024 at 11:59PM EDT), normally $50)
submitted by
weebverse to
Referral [link] [comments]
2024.05.15 16:05 weebverse [Opencare] 🎁 Get dental care and get 💳 $125 for it! 🎁(LIMITED TIME OFFER for US & Canada, until May 20, 2024 at 11:59PM EDT), normally $50)
submitted by
weebverse to
referralcodes [link] [comments]
2024.05.15 16:04 Vr00mf0ndler Anyone managed to get tickets @ US @ pre-sale?
Tried using the pre-sale code for Madison Square Guarden on 4th of November...
Entered the waiting room 10 minutes early. Place in queue: 15800 :(
Edit: Got in after half a hour. Only single seats available, as well as tickets on the floor priced at $893(IIRC).
submitted by
Vr00mf0ndler to
DavidGilmour [link] [comments]
2024.05.15 15:56 reactHype ReacType 21.0: Your Preferred Easy-to-Use Design Tool Now With Material-UI Components
Hi Y'all! This morning, my team released ReacType 21.0, an open-source visual prototyping tool for React applications.
Key Features:
- Easily Drag-and-Drop HTML Elements into a canvas
- Render your prototype to see visual feedback as you make changes
- Style your components with the customization panel
- Import and Export your code via the code-preview tab
- Work with others in collaborative sessions
New Features Version 21.0 Updates:
- Added 49 pre-styled Material UI components to enhance your prototype, covering essential categories such as Inputs, Data Displays, Feedback, Surfaces, Navigation, Layout and Utils.
- Completely revamped the code preview functionality to manage import statements, state, event handlers, and other critical elements
- Updated the UI to accommodate both new and existing components
We would really appreciate it if you could check out our
Github repo. You can also learn more on
our website and on
Medium. Please feel free to reach out with any questions! Thanks!
submitted by
reactHype to
reactjs [link] [comments]
2024.05.15 15:50 Carissa910221 I'm sure this has been asked 1000× I'm level 35 so plz bare with me. *Vamp questions* NOT LOOKING FOR BITE
So back at level like fucking 10 I had asked a player for a bite and they obliged. My dumbass didn't know I had to click on the shrine when said player said go to shrine and do the quest now. I saw a ghost and thought that was it. Finally figured it out the other day at level freaking 35. 🤣 even after all the googles.. what I'm wondering is why the hell would they make your vamp level higher when you bite someone thus making your health regeneration -100%?! I'm a mfn vampire. An OG of the UNDEAD. They got the fire issue right (I'm a dark elf so I'm not too worried) .. but WHY THE FUXK would they make the passive shit worse when you do the thing that vamps do to stay alive!?!? I do recall the shit the vengeful mother of vamps said though. Something like you don't have to be restricted by your hunger.. or something. I guess meaning they've created a way for you to be forced into a nice obedient non murdering machine vampire.
SORRY HERES MY QUESTION: so if I just stop biting ppl will my level still increase? Bc the passives are obviously the best thing. Like the sneak invisibility and all that..So i do or dont have to go around biting ppl thus making my stats and stuff go down?! Plz help! I'm too ocd to move to another character I've created bc none of my others are passed level 6 & I'm a mom of 3 so I don't have as much time as I would want to play. . I do enjoy the other classes though..bc I fucking paid for eso plus and I have the pre purchased gold road. So I have necro , warden, and arcanist and I still refuse to level up another.
submitted by
Carissa910221 to
elderscrollsonline [link] [comments]
2024.05.15 15:42 mokobill Table does not fit on one page
As mentioned in the title, I have created a long table which I am trying to get to fit to textwidth (standard margins) however I am struggling. I'm a beginner at LaTeX so any help would be greatly appreciated! Here is my code:
\begin{landscape} \begin{center} \begin{longtable}{llllllll} \caption{Characteristics of studies reviewing effects of exogenous ketone supplementation on cognitive performance. KME, ketone monoester; KS, ketone salts; TT, time trial; LIST, Loughborough intermittent shuttle test; SSM, simulated soccer match; CRT, choice reaction time; MF, mental fatiguing.} \label{tab:litreview}\\ \hline \textbf{First author, year} &\textbf{Study design} &\textbf{Supplement} &\textbf{Dosing} &\textbf{Induced fatigue} &\textbf{Nutritional status} &\textbf{Results}\\ \hline Evans, 2018 & Double-blind & KME or & 573 mg.kg$^{-1}$ & LIST & Standardised & No interaction \\ & placebo controlled, & PLA & in 3 boluses & & breakfast & or main effect \\ & randomised crossover & & & & & for KME \\ Evans, 2019 & Double-blind, & KME or & 573 mg.kg$^{-1}$ & 1h running at & Fasted & No interaction \\ & placebo controlled, & PLA & in 3 boluses & 65\% $\mathrm{\dot{V} O_{2max}}$ & & or main effect \\ & randomised crossover & & & \& 10km TT & & \\ Poff\'e, 2023 & Two-arm randomised & KME or & 25g pre- \& post- & Ultra-marathon & Standardised & Improved reaction \\ & pre-test post-test& PLA & \& 25g.hr$^{-1}$ intra- & race (60-100km) & pre- \& intra- & \& movement time \\ & comparison & & exercise & & race nutrition & (\textit{P}$<$0.05) \\ Quinone, 2022 & Double-blind & KME or& 297-398 & 45-min SSM \& & Diet was & Improved \\ & balanced & PLA & mg.kg$^{-1}$ & 40-min Stroop & recorded \& & CRT accuracy\\ & crossover & & bolus & test & repeated & (\textit{P}=0.02) \\ Waldman, 2018 & Double-blind, & KS or & 11.38g & 4-minute 100W & Fasted & Reduction of \\ & placebo controlled, & PLA & bolus & cycle \& 4x15s& & misses \\ & randomised crossover & & & Wingates & & (\textit{P}$<$0.05) \\ Waldman, 2023 & Two-arm counter & KME or & 188 & 30-min MF & Fasted & No interaction\\ & balanced crossover & PLA & mg.kg$^{-1}$ & protocol & & or main effect \\ & & & bolus & & & \\ \hline \end{longtable} \end{center} \end{landscape}
submitted by
mokobill to
LaTeX [link] [comments]
2024.05.15 15:41 throwayrealestate345 Project almost complete -- then a bomb dropped
I need some advice. I feel way out of my depth and literally have no idea how to proceed from here. Any help would be appreciated.
I invested 100k in a renovation project about 5 years ago. It had some hold-ups due to Covid, environmental issues, etc., but will soon be ready to start leasing apartments. I own roughly a 10% share of the profits, and up until very recently was led to believe that everything was progressing relatively smoothly: costs were up, yes, but rent prices would be higher, too! Daily updates of construction work were provided in videos and images. The property started listing apartments on Instagram for pre-lease. It all seemed like it was coming together. The idea is that by the project's completion, my $100k share would be worth $500k, and I would be making around $20k before taxes over the year. My unhatched chickens were counted night and night again as I began to dream of financial independence.
Then the bomb dropped.
I started asking the person in charge of the deal about tax obligations, and I noticed that they were suddenly a bit less responsive than usual. These set off warning alarms, so when they finally got back to me with half-answers, I requested a phone call.
On the phone, I was told that the project ran significantly over budget, and that two of the partners had to take out additional money to finance to project, and get an additional bank loan. As such, I was told, my ~10% share has been reduced to a ~5% share. After foufive years, the property would be sold, I would get 300k (much less than the 500k share I had been told about), and all rent collected would go toward repaying the interest on the bank loan, ie no rental income for those foufive years.
However, in the operating agreement we signed, it says:
In the event that the Members determine that additional Capital Contributions are needed in excess of the aggregate Capital Contribution contributed by the Members pursuant to Schedule A hereof (any such additional Capital Contributions being referred to herein as an “Additional Capital Contribution”), then each Member shall have the right, but not the obligation, to make a Capital Contribution in an amount not to exceed such Member’s percentage ownership (as set forth in Schedule A) held times the amount of the Additional Capital Contribution. The election to make such a Capital Contribution in accordance with this Section 2.2 shall be made within fifteen (15) days of receipt of any request therefor made by the Members. If a Member (a “Noncontributing Member”) fails to pay all or any portion of his Additional Capital Contribution to the Company by the due date (the “Unpaid Proportionate Share”), the Manager shall deliver to all other Members (the “Other Members”) written notice of the Noncontributing Member's failure (the “Deficiency Notice”). The Deficiency Notice shall specify the amount of the Unpaid Proportionate Share which the Noncontributing Member failed to pay and the date on or before which such funds are required by the Company, which date shall not be earlier than three (3) days after the date the Deficiency Notice is given. Each of the Other Members shall have the right, but not the obligation, pro rata, in proportion to his or her Percentage Interest to pay the Unpaid Proportionate Share. Other Members who paid any portion of the Unpaid Proportionate Share shall have their Capital Accounts increased by the amount of the Unpaid Proportionate Share paid by them. Such increases shall be apportioned among such Other Members in the ratio of the amount of the Unpaid Proportionate Share paid by each such Other Member. The percentage interests of all Members shall then be adjusted based upon their respective Capital Accounts.
At no point was I ever informed that I could contribute more to the project to maintain my ~10% share. At no point did I ever receive a deficiency notice, or any other such document. I also never received any information about an additional loan being taken out.
On another note, I recently contributed an additional $100k to separate real estate project managed by the same person, and I'm starting to question that decision.
So, what should I do? Should I contact a lawyer who deals with real estate issues? An investment advisor? I really have no idea where to proceed from here. Any help is welcome. I'm at a complete loss. FWIW I'm a non-resident and non-US citizen.
submitted by
throwayrealestate345 to
RealEstateAdvice [link] [comments]
2024.05.15 15:39 BlackPheonix9 I got access to a 2.69 Million Dollar Crypto Account (Pt 1)
A couple of days ago I got a text from an unknown number on WhatsApp, usually they're people I know and I just haven't got their number until then, but this time it wasn't anyone I could envision. It was a foreign number with the +2-- something. I assume it was African as I had seen multiple country code numbers start with a 2 and the country's name sounded like it was from there(I am African by the way). I was given a welcome text that you usually get from a service related to forex and crypto. The text wasn't for me as the name wasn't mine and I had made no account with the service details. The person who sent it got the wrong number (somehow) and didn't send any additional information or P.S'. At first I thought it was complete bull as I actually got into forex through Meta trader (MT5) and ever since my phone's personalized ads have added it to the content I see. I waited until I got to a focused space to investigate.
To crush my hopes it wasn't login details for MT5 which I have gotten to know quite well, but there was the website to log into included. I typed it in, used the details and without much barriers, Login Successful, I was allowed in, no two factor authentication or nothing, I thought it was quite a quite lousy way of security but I wasn't going to complain.
Just to be clear, I will not say every little detail so I won't get finessed by a hacker smarter than I, as I believe just bits and pieces of information is all someone needs to pinpoint the details for themselves, yes what I did could be depicted as stealing but it is what it is.
I proceeded to navigate through the site, finding out this person who the details were meant to be for had not only 2.69 Million dollars worth of a crypto and around more than half a mill in USDT. With prior knowledge I knew the layout would have a withdrawal option and a crypto wallet to send to the section. So I got one of them that was connected to my bank for quick and easy withdrawals. I decided to do some rounding, and do little mercy and take +98% of the money in there, although I know I'm on the way to get rich on my own, I'll choose a shortcut over a hardworking and persevering story any day, I'm clearly not an Anime MC. It was all going well, a little too well, there had to be a catch, there was!
A Key, a digital key, I could not find it in the text or the website, the key was a passcode that only the original creator knows, I did some research and found not even the hash method would work, only he has it, but I was determined... kinda. I replied back to the original text asking how to use my key and precisely sent it in a way I believed the owner would have said it in; And in the meantime while waiting on the reply I took to google and researched how to use password hackers. I came across Passgan but none of the sites had any download options and I was losing motivation, I had work coming up. I had attempted the key many times already seeing if I could guess some obvious ones but it wouldn't budge, but I knew the brute force method was sure to work eventually. I found a software that did what I expected, so I had put in who what when where and why's type of whatnot of the password I needed unlocked, and good thing there was somehow seemingly unlimited attempts.
I activated it, put my device away and let it do its work. I had gone to make some cordial and run random quick errands out of excitement, weird what humans do when they feel like something will go their way for once. When I returned to my device it had shown the funds at a different balance to pre withdrawing, I couldn't believe it wasn't there. I waited another span of time, a bit longer than the first time because I assumed a transfer of that size would take a couple of hours at least. I checked the wallet I sent it to. It was 7 figures higher than what I had before.
In around 2 seconds, thoughts of how my life would change flooded my head more than any fantasy I could ever have connected. I've seen enough movies to know 1 mistake could make the whole operation topple down so I continued to keep it in until the job was actually done. The last step was to have it go from my digital crypto wallet to my bank account. I knew sending 7 figures to my bank would trigger suspicion for sure so I decided to only send feeble amounts at a time, but even this method wouldn't be enough for me. In the country I'm in, unexplained wealth is grounds for arrest as I've seen on the news a few times.
I thought to just do my whole thing real slow, I wanted nothing more than to quit my job, but hadn't yet found a suitable alibi to unexplained wealth. You don't just go from the lowest tax bracket to the largest in a few days.
I decided I will withdraw just around a band or two to a high interest savings account every week and have it make me money. The one I settled with which I was already familiar with had a rate of +4%. I decided that I would quit work and just say my family had been supporting me while I study something that pays really nicely, a ticket in advanced construction and some aged care or disability work and claim to have simply been working a fuck ton saving almost every possibly dime using some nonsense Andrew Tate motivation, they would surely buy that story, well for anyone who came looking. Then I should be able to sneak in my money and the other money together and hide it once more within a family business that would gladly help me out.
The things in the last paragraph haven't happened yet but so far it looks like it is going to go my way,
Why would a millionaire take to reddit and not twitter or something? Again I'm trying to hide this money but I so badly want to tell the story and I need to make a lot of money fast, I won't jeopardize myself that stupidly, even this story could mess things up but I doubt it. Just making this, using Ai to make a brain rot video out of it should bring in a couple thousand views to add to the money. So that basically 3 Million in a year or so can be justified on paper if it comes to it.
I don't even use reddit like that, but I had known most of the stories on my tik tok come from her, it was the first thing to come to my mind. My phone is dead too and the charger was bugging, so somehow as a millennial or Gen Z whatever or the fuck I'm in am able to sit and write this down in 1 Sitting is wild. I will write part two if it is interesting enough to y'all. (May 2024 is where this all unfolded.)
submitted by
BlackPheonix9 to
stories [link] [comments]
2024.05.15 15:29 Tycho_Jissard MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution - PATCH: NOW
MS-ISAC CYBERSECURITY ADVISORY MS-ISAC ADVISORY NUMBER: 2024-056
DATE(S) ISSUED: 05/14/2024
SUBJECT: Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
OVERVIEW: Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution.
- Mozilla Firefox is a web browser used to access the Internet.
- Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
- Mozilla Thunderbird is an email client.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
THREAT INTELLIGENCE: There are no reports that these vulnerabilities are being exploited in the wild
SYSTEMS AFFECTED: - Firefox ESR versions prior to 115.11
- Thunderbird versions prior to 115.11
- Firefox versions prior to 126
RISK: Government: - Large and medium government entities: High
- Small government entities: High
Businesses: - Large and medium business entities: High
- Small business entities: High
Home users: Low TECHNICAL SUMMARY: Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution. Details of the most critical vulnerabilities are as follows:
Tactic:
Initial Access (TA0001): Technique:
Drive-by Compromise (
T1189)
: - Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. (CVE-2024-4764)
- A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. (CVE-2024-4367)
- Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. This issue only affects Firefox for Android. Other versions of Firefox are unaffected. (CVE-2024-4765)
- Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have lead to potential user confusion and spoofing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. (CVE-2024-4766)
- If the browser.privatebrowsing.autostart preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox and Thunderbird. (CVE-2024-4767)
- A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. (CVE-2024-4768)
- When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. (CVE-2024-4769)
- When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. (CVE-2024-4770)
- A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. (CVE-2024-4771)
- Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2024-4777)
Additional lower severity vulnerabilities include:
- An HTTP digest authentication nonce value was generated using rand() which could lead to predictable values. (CVE-2024-4772)
- When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. (CVE-2024-4773)
- The ShmemCharMapHashEntry() code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. (CVE-2024-4774)
- An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running. (CVE-2024-4775)
- A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. (CVE-2024-4776)
- Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2024-4778)
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
RECOMMENDATIONS: We recommend the following actions be taken:
- Apply the stable channel update provided by Mozilla to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
- Safeguard 7.5 : Perform Automated Vulnerability Scans of Internal Enterprise Assets: Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.
- Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
- Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
- Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
- Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
- Restrict use of certain websites, block downloads/attachments, block JavaScript, restrict browser extensions, etc. (M1021: Restrict Web-Based Content)
- Safeguard 9.2: Use DNS Filtering Services: Use DNS filtering services on all enterprise assets to block access to known malicious domains.
- Safeguard 9.3: Maintain and Enforce Network-Based URL Filters: Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
- Safeguard 9.6: Block Unnecessary File Types: Block unnecessary file types attempting to enter the enterprise’s email gateway.
- Block execution of code on a system through application control, and/or script blocking. (M1038: Execution Prevention)
- Safeguard 2.5 : Allowlist Authorized Software: Use technical controls, such as application allowlisting, to ensure that only authorized software can execute or be accessed. Reassess bi-annually, or more frequently.
- Safeguard 2.6 : Allowlist Authorized Libraries: Use technical controls to ensure that only authorized software libraries, such as specific .dll, .ocx, .so, etc., files, are allowed to load into a system process. Block unauthorized libraries from loading into a system process. Reassess bi-annually, or more frequently.
- Safeguard 2.7 : Allowlist Authorized Scripts: Use technical controls, such as digital signatures and version control, to ensure that only authorized scripts, such as specific .ps1, .py, etc., files, are allowed to execute. Block unauthorized scripts from executing. Reassess bi-annually, or more frequently.
- Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior. (M1040: Behavior Prevention on Endpoint)
- Safeguard 13.2 : Deploy a Host-Based Intrusion Detection Solution: Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/or supported.
- Safeguard 13.7 : Deploy a Host-Based Intrusion Prevention Solution: Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. (M1017: User Training)
- Safeguard 14.1: Establish and Maintain a Security Awareness Program: Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 14.2: Train Workforce Members to Recognize Social Engineering Attacks: Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.
REFERENCES: Mozilla: https://www.mozilla.org/en-US/security/advisories/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/
CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4367 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4764 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4765 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4766 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4767 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4768 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4769 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4770 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4771 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4772 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4773 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4774 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4775 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4776 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4777 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4778 submitted by
Tycho_Jissard to
k12cybersecurity [link] [comments]
2024.05.15 15:29 Tycho_Jissard MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Siemens Ruggedcom Crossbow Could Allow for Arbitrary Code Execution - PATCH NOW
MS-ISAC CYBERSECURITY ADVISORY MS-ISAC ADVISORY NUMBER: 2024-055
DATE(S) ISSUED: 05/14/2024
SUBJECT: Multiple Vulnerabilities in Siemens Ruggedcom Crossbow Could Allow for Arbitrary Code Execution
OVERVIEW: Multiple vulnerabilities have been discovered in Siemens Ruggedcom Crossbow, the most severe of which could allow for arbitrary code execution. Siemens Ruggedcom Crossbow Access Management solution designed to provide cybersecurity compliance for industrial control systems. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
THREAT INTELLEGENCE: There are no reports of these vulnerabilities being exploited in the wild.
SYSTEMS AFFECTED: - Ruggedcom Crossbow prior to Version 5.5
RISK: Government: - Large and medium government entities: High
- Small government entities: Medium
Businesses: - Large and medium business entities: High
- Small business entities: Medium
Home users: Low TECHNICAL SUMMARY: Multiple Vulnerabilities have been discovered in Siemens Ruggedcom Crossbow, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:
Tactic:
Initial Access (
TA0001):
- The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges.(CVE-2024-27939)
- The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database.(CVE-2024-27940)
- The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database.(CVE-2024-27941)
- The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation. (CVE-2024-27942)
- The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. (CVE-2024-27943)
- The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. (CVE-2024-27944)
- The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. (CVE-2024-27945)
- Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges. (CVE-2024-27946)
- The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client.(CVE-2024-27947)
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
RECOMMENDATIONS: We recommend the following actions be taken:
- Apply appropriate updates provided by Siemens to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
- Safeguard 7.7: Remediate Detected Vulnerabilities: Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.
- Safeguard 9.1: Ensure Use of Only Fully Supported Browsers and Email Clients: Ensure only fully supported browsers and email clients are allowed to execute in the enterprise, only using the latest version of browsers and email clients provided through the vendor.
- Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
- Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
- Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
- Restrict execution of code to a virtual environment on or in transit to an endpoint system. (M1048: Application Isolation and Sandboxing)
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
- Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
- Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. (M1021: Restrict Web-Based Content)
- Safeguard 9.2: Use DNS Filtering Services: Use DNS filtering services on all enterprise assets to block access to known malicious domains.
- Safeguard 9.3: Maintain and Enforce Network-Based URL Filters: Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
- Safeguard 9.6: Block Unnecessary File Types: Block unnecessary file types attempting to enter the enterprise’s email gateway.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. (M1017: User Training)
- Safeguard 14.1: Establish and Maintain a Security Awareness Program: Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 14.2: Train Workforce Members to Recognize Social Engineering Attacks: Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.
REFERENCES:
submitted by
Tycho_Jissard to
k12cybersecurity [link] [comments]
http://rodzice.org/