Feeatured Articles

Latest Articles

Hainzl Delage Artists Management

About Hainzl Delage Artists Management

Hainzl Delage Artists Management is a company that believes in building long-term relationships based on trust with their partners who are artists and promoters. The founders, Franz Hainzl and Laurent Delage, have strong principles when it comes to their profession and always prioritize artistic, moral, and human values above all else. They put all their energy and enthusiasm into managing the careers of their artists without compromising their beliefs.

Franz Hainzl, one of the co-founders, hails from the Austrian region of Oberes Waldviertel. He studied opera stage direction at the University of Music and Performing Arts in Vienna and Dramatics and German Philology at the University of Vienna. During his studies, Franz gained practical experience through his involvement with Jeunesse Musicale Austria, which included tour management and artists’ support. Franz later became an assistant director and worked as a music editor for the television of ORF. Before founding Hainzl Delage Artists Management, Franz specialized in assisting, managing, and consulting opera and concert singers at Dr. Raab & Dr. Böhm, another artists’ agency.

Laurent Delage, the other co-founder, was born in Paris and received his education from EM Lyon, a top French business school. While studying in Vienna as an Erasmus exchange student, Laurent worked as a private secretary for renowned pianist Paul Badura-Skoda. Later, Laurent managed several prominent classical musicians and conductors, including Julia Varady, Sergej Larin, Alain Lombard, and Fabio Luisi. In 1999, Laurent established himself as an independent artist manager, representing singers, stage directors, conductors, orchestras, and chamber ensembles.

Hainzl Delage Artists Management represents a diverse range of world-class artists, such as Angela Maria Blasi, Miriam Gauci, Doris Soffel, Piotr Beczala, Glenn Winslade, and many others. Both Franz and Laurent take great pride in developing the careers of their artists and providing exceptional representation services. Additionally, they recently expanded their roster to include conductors.

The company holds licenses for representing self-employed artists and occupations in Austria and France, and they comply with all legal requirements necessary to operate in these countries. TPA Horwath serves as the tax consultant for Franz Hainzl, and Wolfgang Steirer provides fiscal advice for Laurent Delage.

Tina Bachmann, a member of the Hainzl Delage Artists Management team, was born in Vienna and brings extensive international experience to the company. She has worked for various organizations, including UNIDO, European Investment Bank, Austrian Airlines, Lufthansa Cargo, and served as a diplomat in Portugal, Mexico, and Libya. With fluency in German, English, French, Spanish, and basic knowledge of Portuguese, Tina assists the company with multilingual communication and administration.

In conclusion, Hainzl Delage Artists Management is a highly respected and reputable company in the classical music industry. With their unwavering commitment to artistic excellence and ethical principles, the company has built a successful practice representing world-renowned artists. Their expertise and dedication ensure that they will continue to provide exceptional service to their clients for years to come.

Artists List Biography


Peter Sonn was born in Salzburg where he completes his vocal studies at the University of Music and Performing Arts Mozarteum with distinction. Already during his studies, he made his debut with Salzburg Festival and at the Baden-Baden Festspielhaus.

In the course of his engagements at the Landestheater Coburg, the Tiroler Landestheater Innsbruck and the Staatstheater am Gärtnerplatz in Munich, he acquired the repertoire of several central roles as a lyric tenor: Belmonte (Die Entführung aus dem Serail), Don Ottavio (Don Giovanni), Ferrando (Così fan tutte), Tamino (Die Zauberflöte), Lorenzo (Fra Diavolo), Marquis von Chateauneuf (Zar und Zimmermann), Steuermann (Der fliegende Holländer), Lenski (Eugene Onegin), Nemorino (L’elisir d’amore), Alfredo (La Traviata), Arnim (Simplicius) and Camille (Die lustige Witwe). In Coburg, he was awarded the scholarship of the Richard-Wagner-Society. He also appeared in guest performances in Torino and Catania. Peter Sonn made guest appearances with Salzburg Festival 2006 (Die Schuldigkeit des Ersten Gebots – released on DVD by ‘DG’), 2008 (Die Zauberflöte) and 2011 as Jüngling (Die Frau ohne Schatten – DVD production by ‘Opus Arte’).

From 2009 to 2012, Peter Sonn was an ensemble member of the Zurich Opera where he extended his repertoire with the roles of Henry Morosus (Die schweigsame Frau), Vladimir Igorevich (Fürst Igor), The Italian Tenor (Der Rosenkavalier) and Narraboth (Salome).

Mozart’s Tamino accompanies him throughout his career; Peter Sonn made his debut with this role at the Frankfurt Opera in 2010, at the Hamburg State Opera in 2011 and at the Komische Oper Berlin in 2012 (new production directed by Barry Kosky). Sonn’s first performance at the Scala in Milan was the Jüngling (Die Frau ohne Schatten) in 2012. Already in 2011, he appeared for the first time with the Berlin Radio Symphony Orchestra as David, followed by his role debut as Walther von der Vogelweide (Tannhäuser) in 2012 – both with CD-recordings for ‘PentaTone’. Within season 2012-2013, he appeared in Hamburg, Berlin and Chicago before joining the Salzburg Festival again, singing the role of David in Wagner’s Die Meistersinger von Nürnberg. In 2014 he will make his debut with the Berlin State Opera as Walther von der Vogelweide in a new production of Tannhäuser.

Peter Sonn’s concert repertoire covers sacred music such as Mozart’s Requiem, Handel’s The Messiah, Beethoven’s C-major-Mass and Britten’s Serenade for tenor and horn as well as Lieder by Beethoven, Bellini, Bononcini, Donizetti, Mozart, Pergolesi, Scarlatti, Schubert, Schumann and Tchaikovsky. He works regularly with acknowledged conductors like Marc Albrecht, Christoph von Dohnanyi, Vladmir Fedosejev, Daniele Gatti, Michael Gielen, Marek Janowski, Philippe Jordan, Riccardo Muti, Ulf Schrimer, Peter Schneider, Jeffrey Tate, Franz Welser-Möst and Christian Thielemann as well as under the stage direction of Sven-Eric Bechtolf, John Dew, Claus Guth, Karl Ernst & Ursel Herrmann, Jens-Daniel Herzog, Barry Kosky, Harry Kupfer, Moshe Leiser & Patrice Caurier, Christof Loy and David Pountney.


In July 2016 Elsa Dreisig was awarded First Prize – Female at the prestigious singing competition “Operalia” (founded by Plácido Domingo). In 2015, within a few months, Elsa Dreisig had already been awarded both Second Prize of the Queen Sonja International Music Compertition in Oslo as well as First Prize and Audience’s Prize of the “Neue Stimmen” Competition of the Bertelsmann Foundation in Gütersloh. She was also granted the “Prix jeune soliste 2015 des radios francophones publiques” (Young Soloist’ Award 2015 of the French speaking public radio-companies) and she is the “Vocal Discovery” of the prestigious Victoires de la Musique Classique 2016. These major honours make her shine as a new star of the vocal art firmament.

Elsa Dreisig is French and Danish. She was still a child and already very keen to sing. She entered the Maîtrises (choir’s schools) of the Opéra royal de Wallonie and of the Opéra national de Lyon. She studied singing at the Conservatoire National Supérieur de Musique in Paris (class of Valérie Guillorit) and at the Hochschule in Leipzig (Regina Werner).

Together with the pianist Lucie Sansen she deepened her knowledge of the Lied and the Mélodie being advised by Alexander Schmalcz, Jeff Cohen and Anne Le Bozec. She also studied the German vocal repertoire with the Baritone Stephan Genz, the Italian vocal repertoire with Peter Berne and the German operetta with Regina Werner. In 2014, once again together with Lucie Stansen, she took part in the “Résidence  Schubert” lead by Matthias Goerne and Markus Hinterhäuser at the Académie d’Aix-en-Provence. She also attended the Masterclass ”Schubert and Strauss” by Dietrich Henschel and Manuel Lang in the frame of the « Neue Stimmen » – Foundation as well as the Lied Academy in Heidelberg with Thomas Hampson and Thomas Quasthoff.

In 2012 she was awarded both the jury and the audience prizes at the “Des Mots et des Notes” competition, dedicated to the French repertoire. In 2014 she was awarded the first prize at the “Ton und Erklärung” competition (organized by the Club der Deutschen Wirschaft) accompanied by the MDR Symphony Orchestra. She was also awarded the audience prize, the prize of the young audience and the prize for the most promising artist at the 2015 Clermont-Ferrand competition.

In 2013/14 Elsa Dreisig made her stage debut in Der Wildschütz by Lortzing the Music Hochschule Leipzig, performed then Semiramide by Hasse at the Hochschule Leipzig and on tour in Graz. In 2014/15 she performed Les Parapluies de Cherbourg (Jenny) at the Théâtre du Châtelet with Natalie Dessay and Laurent Naouri under the baton of Michel Legrand. She also sang Madame de Folleville in Il viaggio a Reims by Rossini in Royaumont.

From 2014/15 on Elsa Dreisig is a member of the Opera Studio of the Staatsoper Berlin under the artistic direction of Daniel Barenboim. Her plans in Berlin this season are Pamina et Papagena in Die Zauberflöte, the princess in Le chat botté by César Cui and Signora Angiolieri in Mario und der Zauberer by Stephen Oliver. Further plans include Rosina in Il Barbiere di Siviglia at the Clermont-Ferrand Opera and on tour throughout France.

Further projects include Musetta (La Bohème) at the Opernhaus Zürich, Pamina (Die Zauberflöte) for her debut at the Opéra de Paris as well as at the Staatsoper Berlin and at the Opernhaus Zürich and Lauretta (Gianni Schicchi) at the Opéra de Paris. From 2017/18 on, she will also be a member of the Ensemble of the Staatsoper Berlin.

Elsa Dreisig is a member of two musical ensembles: the Franco-American contemporary music and art collective “Ensemble 101” (artistic director: Mike Solomon) and the “Ensemble 4D” (4 Dreisig) in Denmark with her mother, her aunt and her cousin, all sopranos.

She recently took part in the prestigious gala concert of the German AIDS-Foundation at the Deutsche Oper Berlin under the baton of Donald Runnicles.

She has given recitals at the Gasteig Phiharmony in Munich, at the Bronnbach monastery in Werthein and at the Konzerthaus Berlin.

Elsa Dreisig was a recipient of the “Cercle Wagner” in Paris in 2015. She is currently a recipient of the Liz-Mohn-Musik- und Kulturstiftung.

Natalia Zagorinskaya – SINGER SOPRANO

Natalia Zagorinskaya is renowned as an exquisite performer of the XX and XXI century’s music. She achieved high credit with her interpretation of vocal cycles by Edison Denisov like Les Pleurs, Stravinsky’s Les Noces, Alban Berg’s Lulu Suite,  Niccolo Castiglioni’s Terzina , Luigi Dallapiccola’s Tre Poemi and Commiato, Elliott Carter’s A Mirror on which to dwell,  Jean Barraque’s Chant apres chant,  Pierre Boulez’ Improvisation sur Mallarme I/II, as well as Luigi Nono’s Intolleranza Suite and Sul ponte di Hiroshima.

György Kurtág has a special significance in the artist’s career, as having written some of the numerous works which Natalia Zagorinskaya frequently performs especially for this artist. She sang the world-premiere of Kurtág’s Songs based on poems by Anna Akhmatova op. 41, dedicated to her by the composer, at the New York Carnegie Hall in 2009, followed by performances of this cycle in Geneva, at the Paris Palais Garnier, the Amsterdam Concertgebouw, in Budapest, Cologne and und Montreal as well as when making her debut with the Vienna Musikverein. She gave her Austrian debut in Salzburg in 2010 performing Kurgág’s Messages of the late Miss Troussova and sang this cycle then also at the Vienna Konzerthaus. In 2011 Natalia Zagorinskaya sang both cycles at the 85th birthday of the composer in Budapest. She, of course, also joins the celebration concerts for György Kurtág’s 90th birthday this year. Further to these two famous cycles she also has Kurtág’s  Scenes from a novelRequiem for a friend and Quatre Caprices op. 9 in her repertory. 

Born in Moscow, Zagorinskaya studied the piano before starting her vocal studies in Vera Kudriavtseva’s class at the Moscow Tchaikovsky Conservatory. She is a member of the Moscow Helikon Opera Theatre which she also joined on tour to the USA, Great Britain, Germany, Switzerland, Denmark, France, Spain and the Libanon. Her most recent repertory on opera stage includes Emilia Marty in Janáček’s The Makropulos Case, Blanche in Poulenc’s Dialogues des Carmélites, the title role in Dvořak’s Rusalka, Fata Morgana in Prokofiev’s The love for three oranges, Stephana in Giodano’s Siberia, Tsarevna Alexandra in Jay Reise’s opera Rasputin and Marianna in Wagner’s Das Liebesverbot, numerous of those within the first ever Russian stage-productions.

Zagorinskaya also gave concerts in Los Angeles, Paris, Lisbon, Geneva, Amsterdam, Haarlem, Edinbourgh, Aldeburgh, Helsinki, Dusseldorf, Saarbrücken, Salzburg and Vienna performing with the Ensemble Contrechamps, the Ensemble Intercontemporain, the Nieuw Ensemble Amsterdam, the BBC Symphony Orchestra, the Schönberg Ensemble, the Ensemble ‘Die Reihe’ and the Klangforum Wien among others. Her concert repertoire also comprises classics such as Bach’s B Minor Mass, Shostakovich’s Symphony n° 14, Zemlinsky’s Lyrical Symphony and Schreker’s Vom ewigen Leben.

Julien Behr – SINGER TENOR

Julien Behr started singing in a boys choir and was very early attracted by the stage. It was first the theatre stage, later the opera stage. With his “italian”, focused and radiant voice as well as his good looking, Mozart roles such as Idamante, Ferrando, Tamino, Italian roles such as Nemorino, Ernesto, Fenton and French roles such as Renaud, Gonzalve, Pâris suit him perfectly.

Reinoud Van Mechelen – SINGER TENOR


Reinoud Van Mechelen, born in 1987, starts to sing at an early age in the children’s choir Clari Cantuli. In 2007 he takes his first singing classes from Anne Mertens and Nicolas Achten in Louvain, his hometown. One year later he joins the Royal Conservatory of Brussels to take up vocal studies, first with Lena Lootens and subsequently with Dina Grossberger.
Meanwhile he also takes master classes from Greta De Reyghere, Isabelle Desrochers, Frédérick Haas, Claire Lefilliâtre, Alain Buet, Jean-Paul Fouchécourt, François-Nicolas Geslot, and Howard Crook. In 2007 he participates in the ‘Académie Baroque Européenne d’Ambronnay’, where he performs ‘Plutus’ in ‘le Carnaval et la Folie’ by Destouches with Hervé Niquet. Fairly quickly he is invited as a soloist by several well-known ensembles, including l’Arpeggiata, Capilla Flamenca, Ex Tempore, Ludus Modalis, B’rock, Ricercar Consort, Il Gardellino, and the European Union Baroque Orchestra. On a regular basis, he collaborates with “Scherzi Musicali”, conducted by Nicolas Achten. As such, he contributes to several recordings that are received with great enthusiasm by international critics.

During the season 2011/2012 he performed with Ausonia in Castor & Pollux (Castor) in a tour in France and Germany, and with le Poème Harmonique in Egisto by Cavalli at the opera of Rouen.
In 2011 Reinoud is selected to take part in the 5th edition of the “Jardin des Voix”, the baroque academy of les Arts Florissants. Since then he regularly performs as a soloist with les Arts Florissants in projects under the direction of William Christie, Paul Agnew, and Jonathan Cohen.


Trained at the Conservatoire National Supérieur de Musique de Lyon and at the Opera Studio of the Bayerische Staatsoper, Prize winner of the prestigious Reine Elisabeth Competition, Anaik Morel is for sure one of France’s most promising talents. When a great voice has also a true passion for music, it makes a great voice also on concert stage and in recital. Whether she sings the German (Schumann, Brahms, Schönberg, Berg,…) or the French repertoire (Berlioz, Duparc, Poulenc, Messiaen, among others), the mezzo-soprano from Lyon fascinates her audience.

Big Red Sports Network(BRSN)

About BRSN

Big Red Sports Network (BRSN) is Cornell University’s only Entertainment and Media organization dedicated exclusively to Cornell Athletics. Entirely student run, BRSN covers Cornell’s athletic community through live broadcasts of sporting events, FM and online radio shows, written coverage of the teams and athletes, video and television projects, events on and off campus, social media, and digital media.

BRSN is dedicated to offering the best and most accurate coverage of Cornell’s athletes, coaches, and teams while providing opportunities for students interested in careers in sports and media/journalism to gain first hand industry experience. Members have acquired jobs or internships within MLB, NHL, ESPN, CBS Sports, and many other top quality sports and entertainment brands in the last year. In addition, BRSN is focused on bringing together athlete parents and families, Cornell alumni, current students, and the Ithaca community around Cornell’s sports environment.

Hey there! Have you heard about the Big Red Sports Network? It’s the official sports network of Cornell University in Ithaca, New York. If you love sports, then you’ll definitely want to check it out!

The Big Red Sports Network, or BRSN, covers all kinds of Cornell athletic events. You can watch live streams of football games, ice hockey matches, basketball games, lacrosse matches, wrestling meets, and more! BRSN has got you covered no matter what sport you’re into.

What’s even better is that BRSN is run by students at Cornell. That means that they know exactly what sports fans want to see. Plus, it gives students the chance to get some real-world experience in sports broadcasting and production. How cool is that?

If you want to watch BRSN, it’s super easy. Just go to their website and look for the event you want to watch. You can also find BRSN on other platforms like YouTube and ESPN+. Wherever you choose to watch, you’ll have a great time cheering on the Big Red!

But wait, there’s more! BRSN isn’t just about watching sports. They also have lots of other content that sports fans will enjoy. For example, they have pre-game shows, halftime reports, and post-game analysis. You can learn all about the teams, players, and strategies that make college sports so exciting.

And if you miss a game, don’t worry! BRSN usually posts highlights and recaps after each event. That way, you can still catch up on all the action, even if you couldn’t watch it live. With BRSN, you’ll never miss a moment of the excitement.

Of course, BRSN is all about supporting Cornell athletes. But even if you’re not a Cornell fan, you can still enjoy the high-quality sports coverage that BRSN provides. Who knows, maybe you’ll discover a new favorite team or player!

In short, the Big Red Sports Network is an awesome resource for anyone who loves sports. Whether you’re a student, alum, or just a casual fan, you’ll find something to enjoy on BRSN. So why not give it a try? You might just become a Big Red fan yourself!

Baseball Sweeps Yale, Splits With Brown In The First Weekend Of Ivy Action

The Big Red displayed some offensive firepower this weekend, as the team jumped out to a great start to Ivy League play. Cornell swept Yale on Sunday by scoring a total of 17 runs with 10-1 and 7-5 wins. The Big Red split with Brown after a miraculous comeback in the second of Monday’s doubleheader, as Cornell fell 5-4 and then answered with a 10-6 victory.

In game one against the Bulldogs, Brian McAfee shined, as the senior pitcher threw a seven-inning complete game to finish with only one earned run on five hits, seven strikeouts, and no walks.

The Big Red finally provided some run support to give McAfee a strong offense behind him. Cornell put up three runs in the fourth inning and a whopping seven in the sixth. Seniors Kevin Tatum and Dan Morris led the squad’s offensive efforts with two RBIs each, and Tatum went 2-for-4, while Morris concluded the game going 2-for-3.

The lone Yale run came on a mistake from senior JD Whetsel, who made his season debut after undergoing wrist surgery in the winter. He hesitated and misjudged a fly ball to centerfield, which dropped behind a diving Whetsel, allowing an inside the park home run. Whetsel showed some rust, struggling in his return as he went 0-for-8 on the day.

The Bulldogs went ahead in game two with a 5-3 lead heading into the top of the seventh inning. Cornell responded with four runs, which began with a two-run single from Sophomore Tommy Wagner with the bases loaded to bring home Tatum and Spencer Scorza. Morris then scored Ryan Karl and Wagner with a double to right field, giving the Big Red the lead for good.

Junior Michael Byrne got the start on the mound for Cornell, but had some trouble and eventually was replaced by Eric Upton after five innings pitched, allowing four hits, three earned runs, three walks, and four strikeouts. Upton conceded one earned run on two hits in three innings before giving way to sophomore reliever Paul Balestrieri in the ninth inning, who closed out the game for his third save of the year.

In the first game on Monday against Brown, the Big Red fell into a whole early, finding themselves down 5-0 through four and one-half innings. The team fought back to cut the deficit to two with three runs in the bottom of the fourth. Cornell struck again in the following inning to trail by just one run, but failed to complete the comeback in the remaining two innings.

The Big Red was led by sophomore shortstop Frankie Padulo, who hit a perfect 3-for-3 with one RBI, which came on a double in the fourth inning to score Morris and give Cornell its final run of the inning.

Big Red starting pitchers struggled in both games of the doubleheader, as Kellen Urbon lasted only 3.1 innings after giving up six hits and five runs, but only two of which were earned. However, sophomore walk-on Peter Lannoo provided a bright spot for Cornell with a terrific outing of three-inning relief for Urbon. Lannoo stuck out three batters and allowed just two hits and zero runs.

Game two started in similar fashion after the Brown Bears led the Big Red 6-3 following six innings of play. However, this time, Cornell exploded for a seven-run eighth inning response.

Brown pitcher Jake Spezial walked three consecutive batters to load the bases in the bottom of the eighth. Tatum was hit by a pitch, which drove in one run, and Scorza followed with a single to bring home Padulo and Whetsel, knotting the game at six. After another walk to Karl, Wagner hit a sacrifice fly to left-center and scored the speedy freshman Eason Recto from third base, who was inserted for Tatum as a pinch runner. Following an additional walk to Morris, freshman Ellis Bitar cleared the bases with a high, powerful fly ball that bounced off the glove of Brown right fielder Will Marcal, giving Cornell a 10-6 lead.

Nick Busto continued the trend of an off day for Big Red pitchers. The senior starter conceded three runs and six hits in just over two innings of action. Freshman Justin Lewis entered the game following Busto’s outing, but fared similarly by allowing just as many runs in 2.2 innings of work. Eventually, Ray Brewer provided some consistency, posting two strikeouts, four hits, and no runs before Balestrieri came in for the ninth inning to earn his second save in two days.

Coming Out Strong: Anastasia Bucsis and Charline Labonte Visit Cornell

There are few achievements in this world that can rival representing your country as an Olympic athlete. For many, it remains an elusive dream; for a precious few, this dream is fulfilled. Anastasia Bucsis and Charline Labonté are two who have seen this dream become a reality. They both know the rush of representing Canada and the thrill of skating in an Olympic rink—Anastasia as a speed skater, Charline as a goalie for the Canadian women’s hockey team. Both Charline and Anastasia earned a place on the long illustrious list of Olympic athletes. They also share another distinction; both have openly come out as lesbian athletes. As society in Canada and the world learns to accept homosexuality, the first line of acceptance comes from the individual. Both of these athletes had to struggle through a terrifying journey of self-discovery. They both came to Cornell to talk about this journey on Wednesday, March 25th at a panel organized by Athlete Ally, the Cornell University Programming Board and Haven.

Charline’s first love affair was with hockey, even though Greenfield Park, her hometown, had no women’s hockey team. She didn’t let her gender hold her back from her passion, and joined the men’s team. Never questioning her sexuality, she had several boyfriends growing up.

It was only after she joined a women’s team as an adult that she started to have feelings for other women. “It’s okay,” were the words she received when she called up her best friend for support. She found herself surrounded by accepting teammates and family members. Her biggest obstacle was facing herself and internalizing her new gay status. Although saying the words out loud were difficult, in the end her teammates responded, “We knew—all of us knew, we were just waiting for you to say it.”

In her sport, she realized, she was surrounded by successful people who had gone through similar struggles. After she accepted it in herself she realized, “no one cares.” Although key for understanding herself, her homosexuality didn’t alter how the world saw her. In the end, her brother simply said, “Who cares? It’s you.”

For Anastasia, the truth of her sexual orientation was one that she struggled with for some time. Growing up in Alberta—as she put it, “the Texas of Canada”, she was afraid of rejection. Even as she became increasingly aware of her homosexuality, she struggled with fully admitting it to herself.

She remembers having a breakdown as she changed into her suit for an event soon after qualifying for the Vancouver Olympics. Thinking about the larger-than-life Olympics heroes she had looked up to, she didn’t feel like she matched up to this ideal: “I’m not an Olympian, I’m 20 years old, I’m not going to win a medal…Oh my god, and I’m gay—and I bawled my eyes out.” She couldn’t love herself, when she didn’t know who she was.

As she prepared for the upcoming Olympics she threw herself into her sport, started dating a boy, and tried to distance herself from her sexuality. She wanted to prove to herself that she was straight, because she had no one to tell her that it was okay. With no role models in speed skating to look up to, she felt isolated and like she was in a tail spin. In January 2013, she was diagnosed with clinical depression.

However, she found solace online and eventually came to accept and love herself. This struggle led her to her long-time girlfriend Charline and also pushed her to become the role model she had lacked, in hopes of guiding other LGBTQ athletes to the calm after the storm.

Both women stressed the importance of reaching out and having someone there.  Their clear message to all LGBTQ athletes, Olympians, and fans, as Anastasia put it: “First and foremost, it’s so cliché, but it really does get better.” She also added, “If you’re not comfortable enough to find a physical community or the support isn’t there, go on the internet.” Charline said, “It’s just a matter of being comfortable with who you are, and finding those resources around you that are going to help you get to that point. There are a lot of people online or on campus…don’t be scared to reach out, or think that you’re the only one, because there are a lot of people that are in the same situation.”  

There will be a time when you feel alone, consumed by your own uncertainties. You are only as isolated as you make yourself. The monsters under your bed are always scarier when you face them alone.  Do not be afraid to reach out to those around you. This was a lesson that was hard-learnt for both these athletes. One faced the fear of a conservative community, the other the difficulty of deciphering personal truths. However, they both were able to face this internal turmoil and emerge triumphant.

Charline is a gold medal-winning Olympian who participated in four Olympic games: Salt Lake City, Turin, Vancouver, and Sochi. Anastasia also had the honor of representing her country in the Vancouver and Sochi games. “You blink and you’re there,” says a humble Charline, as she comments on her path to the Olympic ice.

It’s clear that these women are dedicated to their sports and fellow athletes. Even in Sochi, surrounded by anti-gay propaganda, they came as athletes, ready to try their hardest for their country. While they were aware that the world was looking at the games through a social lens, to them it was still about pushing themselves to be their best. Charline knew it was time to come out in public, but she didn’t want to divert the focus of the media.

She didn’t want to become the “Face of women’s hockey,” because it was still about the team and the game. However, after competition was over, she felt like the time was right to make a public statement.

For these modest women the fact that they were some of the best athletes in the world was not a big deal; the fact that they were gay was even less. Once they accepted their identities, the rest was “a piece of cake.” Their only concern is that some sports have a façade of homophobic and sexist language. They hope this will soon fade away, as people understand that everyone should feel safe and accepted. They are athletes first and everyone has the right to play.

Sinthetic Labs | Breaking the surface

About Sinthetic Labs

Sinthetic Labs is a security research group which aims to make the web a safer place by taking an offensive approach to security. Focusing mainly on web security, we take on the role of a malicious hacker who wants to destroy your life and cause you financial/emotional ruin. There are millions (billions?) of vulnerabilities and security issues which exist due to years of poor programming, ignorance, and laziness. Watch as we discover, exploit, and disclose these issues.

Along with our web security research we also dabble with reverse engineering, OSINT, penetration testing, software auditing, and software development (primarily security related tools). Every so often we open-source some of our tools for the community to use. These tools can be found on our Github page and you can report bugs there too. For updates, new releases, and lots of other information you can follow us on Twitter.

Often we perform Internet-wide automated scans to gather data on services facing the Internet and vulnerable software. We do try to minimize the impact of these scans, and we do appreciate some organizations don’t want us scanning their IP ranges. We (rightly) view the web as a freely accessible resource for everyone to use. Each IP we scan is public with the implication that it can be accessed by anyone. Services which don’t need to face the Internet shouldn’t face the Internet. If you’re a defense contractor and I can access the control panel for your military drones, you’re doing something wrong. You’re always free to drop our requests but the research we do will help build a better, more secure Internet in the future.

A lot of the data we collect we give back to the security community to help understand, mitigate, and risk assess attacks and vulnerabilities. You can find more information and even download this data on our Twitter for updates. If you’re a security guy and want to share data or collaborate on projects, send us a message. We’d love to see what you’re working on.

A look inside Facebook’s source code

Note: None of the code in this post was obtained illegally, nor given to me directly by any Facebook employee at any time.

I’ve always been a fan of Facebook from a technical point of view. They contribute a lot to the open source community and often open source their internal software too. Phabricator, libphutil, and XHP are great examples of that. For a while I contributed a bit to both Phabricator and XHP, and I ended up finding out a lot more about Facebook’s internals than I intended. Read on…

It was mid-2013 and I was busy fixing a few bugs I had encountered while using Phabricator. If my memory serves me correctly the application was throwing a PhutilBootloaderException. I didn’t have much knowledge of how Phabricator worked at the time so I googled the error message. As you’d expect I came across source code and references, but one specific link stood out. It was a Pastebin link.

Of course, this intrigued me. This is what I found…

[emir@dev3003 ~/devtools/libphutil] arc diff --trace
>>> [0] <conduit> conduit.connect()
<<< [0] <conduit> 98,172 us
>>> [1] <exec> $ (cd '/home/emir/devtools/libphutil'; git rev-parse --show-cdup)
<<< [1] <exec> 13,629 us
>>> [2] <exec> $ (cd '/home/emir/devtools/libphutil/'; git rev-parse --verify HEAD^)
<<< [2] <exec> 17,024 us
>>> [3] <exec> $ (cd '/home/emir/devtools/libphutil/'; git diff --no-ext-diff --no-textconv --raw 'HEAD^' --)
>>> [4] <exec> $ (cd '/home/emir/devtools/libphutil/'; git diff --no-ext-diff --no-textconv --raw HEAD --)
>>> [5] <exec> $ (cd '/home/emir/devtools/libphutil/'; git ls-files --others --exclude-standard)
>>> [6] <exec> $ (cd '/home/emir/devtools/libphutil/'; git ls-files -m)
<<< [5] <exec> 73,004 us
<<< [6] <exec> 74,084 us
<<< [4] <exec> 77,907 us
<<< [3] <exec> 80,606 us
>>> [7] <exec> $ (cd '/home/emir/devtools/libphutil/'; git log --first-parent --format=medium 'HEAD^'..HEAD)
<<< [7] <exec> 16,390 us
>>> [8] <conduit> differential.parsecommitmessage()
<<< [8] <conduit> 106,631 us
>>> [9] <exec> $ (cd '/home/emir/devtools/libphutil'; git rev-parse --show-cdup)
<<< [9] <exec> 9,976 us
>>> [10] <exec> $ (cd '/home/emir/devtools/libphutil/'; git merge-base 'HEAD^' HEAD)
<<< [10] <exec> 13,472 us
>>> [11] <exec> $ (cd '/home/emir/devtools/libphutil/'; git diff --no-ext-diff --no-textconv --raw '00645a0aec09edc7f0f1f573032991ae94faa01b' --)
>>> [12] <exec> $ (cd '/home/emir/devtools/libphutil/'; git diff --no-ext-diff --no-textconv --raw HEAD --)
>>> [13] <exec> $ (cd '/home/emir/devtools/libphutil/'; git ls-files --others --exclude-standard)
>>> [14] <exec> $ (cd '/home/emir/devtools/libphutil/'; git ls-files -m)
<<< [11] <exec> 19,092 us
<<< [14] <exec> 15,219 us
<<< [12] <exec> 21,602 us
<<< [13] <exec> 43,139 us
>>> [15] <exec> $ (cd '/home/emir/devtools/libphutil/'; git diff --no-ext-diff --no-textconv -M -C --no-color --src-prefix=a/ --dst-prefix=b/ -U32767 '00645a0aec09edc7f0f1f573032991ae94faa01b' --)
<<< [15] <exec> 28,318 us
>>> [16] <exec> $ '/home/engshare/devtools/libphutil/src/parser/xhpast/bin/xhpast' --version
<<< [16] <exec> 11,420 us
>>> [17] <exec> $ '/home/engshare/devtools/arcanist/scripts/phutil_analyzer.php' '/home/emir/devtools/libphutil/src/markup/engine/remarkup/markuprule/hyperlink'
<<< [17] <exec> 490,196 us
>>> [18] <exec> $ '/home/engshare/devtools/arcanist/scripts/phutil_analyzer.php' '/home/engshare/devtools/libphutil/src/markup'
>>> [19] <exec> $ '/home/engshare/devtools/arcanist/scripts/phutil_analyzer.php' '/home/engshare/devtools/libphutil/src/markup/engine/remarkup/markuprule/base'
>>> [20] <exec> $ '/home/engshare/devtools/arcanist/scripts/phutil_analyzer.php' '/home/engshare/devtools/libphutil/src/parser/uri'
>>> [21] <exec> $ '/home/engshare/devtools/arcanist/scripts/phutil_analyzer.php' '/home/engshare/devtools/libphutil/src/utils'
<<< [18] <exec> 498,899 us
<<< [19] <exec> 497,710 us
<<< [20] <exec> 517,740 us
<<< [21] <exec> 556,267 us
>>> [22] <exec> $ '/home/engshare/devtools/libphutil/src/parser/xhpast/bin/xhpast'
<<< [22] <exec> 10,066 us
 LINT OKAY  No lint problems.
Running unit tests...
HipHop Fatal error: Uncaught exception exception 'PhutilBootloaderException' with message 'The phutil library '' has not been loaded!' in /home/engshare/devtools/libphutil/src/__phutil_library_init__.php:124\nStack trace:\n#0 /home/engshare/devtools/libphutil/src/__phutil_library_init__.php(177): PhutilBootloader->getLibraryRoot()\n#1 /home/engshare/devtools/arcanist/src/unit/engine/phutil/PhutilUnitTestEngine.php(53): PhutilBootloader->moduleExists()\n#2 /home/engshare/devtools/arcanist/src/workflow/unit/ArcanistUnitWorkflow.php(113): PhutilUnitTestEngine->run()\n#3 /home/engshare/devtools/arcanist/src/workflow/diff/ArcanistDiffWorkflow.php(1172): ArcanistUnitWorkflow->run()\n#4 /home/engshare/devtools/arcanist/src/workflow/diff/ArcanistDiffWorkflow.php(225): ArcanistDiffWorkflow->runUnit()\n#5 /home/engshare/devtools/arcanist/scripts/arcanist.php(257): ArcanistDiffWorkflow->run()\n#6 {main}

Okay — so this isn’t exactly source code. It’s just some command line output. But it does tell us some interesting information.

  • The person who, likely, posted this was “emir”. This may be the person’s first name, or it could be their first initial and then their surname (E. Mir). It’s clear this output was intended to be seen by another engineer at Facebook, so posting it on Pastebin probably wasn’t the smartest move. This person may have made other slip ups which could make them a target if an attacker sees an opportunity.
  • “dev3003” is the name of the machine emir was working on at the time. This tells us Facebook has at least 3,000 machines reserved for development (assuming “3003” increments from 1, which I’m quite sure it does).
  • `/home/engshare/devtools/` is the path where libphutil and arcanist are installed. `/home/engshare/` is shared between the development machines via NFS if I remember correctly. Nothing overly interesting here, but there are likely other internal scripts located in that directory.
  • There’s also some information about execution times and Git hashes which could be of use but nothing I’d personally look in to.

After this find, I went ahead and tried to similiar pastes which had to been made. I was not disappointed.

[25/10/2013] Promoting The Meme Bank (1/1) - Campaign Update Failed: Campaign 6009258279237: Value cannot be null (Value given: null) TAAL[BLAME_files,www/flib/core/utils/enforce.php,www/flib/core/utils/EnforceBase.php]

Now, this looks to be an exception which was caught and logged. What’s interesting here is it shows us file names and paths. “flib” (Facebook Library) is an internal library which contains useful utilities and functions to help with the development. Let’s go deeper..

[ksalas@dev578 ~/www] ./scripts/intl/intl_string.php scan .
Loading modules, hang on...
Analyzing directory `.'
Error: Command `ulimit -s 65536 && /mnt/vol/engshare/tools/fbt_extractor -tasks 32 '/data/users/ksalas/www-hg'' failed with error #2:

warning: parsing problem in /data/users/ksalas/www-hg/flib/intern/third-party/phpunit/phpunit/Tests/TextUI/dataprovider-log-xml-isolation.phpt
warning: parsing problem in /data/users/ksalas/www-hg/flib/intern/third-party/phpunit/phpunit/Tests/TextUI/dataprovider-log-xml.phpt
warning: parsing problem in /data/users/ksalas/www-hg/flib/intern/third-party/phpunit/phpunit/Tests/TextUI/log-xml.phpt
warning: parsing problem in /data/users/ksalas/www-hg/scripts/sandcastle/local_testing/script_for_test_commits.php
warning: parsing problem in /data/users/ksalas/www-hg/lib/arcanist/lint/linter/__tests__/hphpast/php-tags-script.lint-test
LEXER: unrecognised symbol, in token rule:'
warning: parsing problem in /data/users/ksalas/www-hg/scripts/intern/test/test.php
warning: parsing problem in /data/users/ksalas/www-hg/scripts/intern/test/test2.php
Fatal error: exception Common.Todo
Fatal error: exception Sys_error("Broken pipe")

Type intl_string.php --help to get more information about how to use this script.

Now we’re getting to the good stuff. We have ksalas on dev578 running what seems to be a string parser. `intl_string.php` tries to run `/mnt/vol/engshare/tools/fbt_extractor`, so we know for sure there are some other scripts in `/mnt/vol/engshare/`. We can also see they use PHP Unit for unit testing, and “www-hg” shouts Mercurial to me. It’s well known they moved from Subversion to Git — I’d put money on it that they’ve been expiermenting with Mercurial too at some point.

“That’s still not god damn source code!” I hear you cry. Don’t worry, someone posted some on Pastebin too.

Index: flib/core/db/queryf.php
--- flib/core/db/queryf.php
+++ flib/core/db/queryf.php
@@ -1104,11 +1104,12 @@
  *  @author rmcelroy
 function mysql_query_all($sql, $ok_sql, $conn, $params) {
+  FBTraceDB::rqsend($ok_sql);
   switch (SQLQueryType::parse($sql)) {
     case SQLQueryType::READ:
       $t_start = microtime(true);
       $result = mysql_query_read($ok_sql, $conn);
       $t_end = microtime(true);
       $t_delta = $t_end - $t_start;
       if ($t_delta > ProfilingThresholds::$queryReadDuration) {

The file in question is `flib/core/db/queryf.php`. At first glance we can tell it’s a diff of a file which contains a bunch of MySQL-related functions. The function we can see here, `mysql_query_all()`, was written by rmcelroy. From what I can see in the code it’s pretty much a simple function which executes a query, with a little custom logging code. It may be more complex but unfortunately we may never know. 🙁

I’ll post a few more example of code I’ve found, all of which (and more) can be downloaded from the bottom of this post.

diff --git a/flib/entity/user/personal/EntPersonalUser.php b/flib/entity/user/personal/EntPersonalUser.php
index 4de7ad8..439c162 100644
--- a/flib/entity/user/personal/EntPersonalUser.php
+++ b/flib/entity/user/personal/EntPersonalUser.php
@@ -306,13 +306,15 @@ class EntPersonalUser extends EntProfile

   public function prepareFriendIDs() {
-    // TODO: add privacy checks!
     return null;

   public function getFriendIDs() {
-    return DT('ReciprocalFriends')->get($this->id);
+    if ($this->canSeeFriends()) {
+      return DT('ReciprocalFriends')->get($this->id);
+    }
+    return array();

@@ -397,6 +399,7 @@ class EntPersonalUser extends EntProfile
+        PrivacyConcepts::FRIENDS,
         // Note that we're fetching GENDER here because it's PAI
         // so it's cheap and because we don't want to add a prepareGender
         // call here if we don't have to.
@@ -418,6 +421,10 @@ class EntPersonalUser extends EntProfile
     return must_prepare($this->viewerCanSee)->canSee();

+  protected function canSeeFriends() {
+    return must_prepare($this->viewerCanSee)->canSeeFriends();
+  }
# update your local master branch
  git checkout master
  git pull --rebase

# never do any work on master branch
# create & switch to new branch instead
  git checkout -b my_branch

# rebase 'my_branch' onto master
  git checkout my_branch
  git rebase master

# list branches
  git branch

# delete 'my_branch' branch
  $ git branch -d my_branch

# shows status
$ git status

stage file, also remove conflict
  $ git add <file>

revert file to head revision
  $ git checkout -- <file>

commit change
  $ git commit -a --amend
    -a       stages all modified files
    --amend  overwrites last commit

show all local history (amend commits, branch changes, etc.)
  $ git reflog

show history (there is lot of options)
  $ git log
  $ git log --pretty=oneline --abbrev-commit --author=plamenko
  $ git log -S"text to search"

show last commit (what is about to be send for diff)
  $ git show

get the version of the file from the given commit
  $ git checkout <commit> path/to/file

fetch & merge
  $ git pull --rebase

resolving conflicts:
  use ours:
    $ git checkout --ours index.html
  use theirs:
    $ git checkout --theirs index.html

commit author:
  $ git config --global user.name "Ognjen Dragoljevic"
  $ git config --global user.email plamenko@fb.com

  After doing this, you may fix the identity used for this commit with:
  $ git commit --amend --reset-author

commit template:

rename a branch:
  $ git branch -m old_branch new_branch

interactive rebase
  $ git rebase -i master
    make changes
    $ git commit -a --amend
    $ git rebase --continue
    $ arc diff
    $ arc amend
    $ git push --dry-run origin HEAD:master // remove dry-run to do actual push

to update commit message in phabricator
  $ arc diff --verbatim
# Creates a new www sandbox managed by git.
# Usage: git-clone-www [dirname]
# dirname defaults to "www-git".



# Are we running on a machine that has a local shared copy of the git repo?
if [ -d /data/git/tfb ]; then
  # Yes. Reuse its objects directory.
  echo "Cloning the local host's shared www repository..."
  # Nope, copy the NFS server's objects locally so as not to be dog slow.
  echo "Copying from the shared www repository on the NFS server..."

if [ ! -d $HOME/local ]; then
  echo "You don't seem to have a 'local' symlink in your home directory."
  echo "Fix that and try again."
  exit 1

cd $HOME/local
if [ -d "$DIRNAME" ]; then
  echo "You already have a $DIRNAME directory; won't overwrite it."
  echo "Aborting."
  exit 1

# We clone the shared repository here rather than running "git svn clone"
# because it's much, much more efficient. And the clone has some options:
# -n = Don't check out working copy yet.
# -s = Reference the origin's .git/objects directory rather than copying.
#      Saves gobs of disk space and makes the clone nearly instantaneous.
#      We don't do this if there's no local-disk shared repo.

git clone $SHARE -n "$PARENT" "$DIRNAME"


# If we're sharing a local repository's objects, use the NFS server as a
# fallback so stuff doesn't break if we use this repo from another host
# that doesn't have a /data/git/tfb directory.
if [ -s $ALTERNATES ]; then
  echo $NFS_REPO/.git/objects >> $ALTERNATES

# We want to use the same remote branch name ("remotes/trunk") for git-svn
# and for fetches from the shared git repo, so set that up explicitly.
git config remote.origin.url "file://$PARENT/.git"
git config remote.origin.fetch refs/remotes/trunk:refs/remotes/trunk
git config --remove-section branch.master

# Enable the standard commit template
git config commit.template /home/engshare/admin/scripts/templates/git-commit-template.txt

# Enable recording of rebase conflict resolutions
git config rerere.enabled true

# Now fetch from the shared repo. This mostly just creates the new "trunk"
# branch since we already have the objects thanks to the initial "git clone".
git fetch origin

# Blow away the "origin/" branches created by "git clone" -- we don't need them.
rm -rf .git/refs/remotes/origin

# Now it's time to turn this plain old git repo into a git-svn repo. Really
# all we need is the svn-remote configuration (installed above) and a
# metadata file with some version information. git-svn is smart enough to
# rebuild the other stuff it needs.

echo ""
echo "Synchronizing with svn..."

git svn init -itrunk svn+ssh://tubbs/svnroot/tfb/trunk/www

# Now tweak the git-svn config a little bit so it's easier for someone to
# go add more "fetch" lines if they want to track svn-side branches in
# addition to trunk. This doesn't affect any of the existing history.
git config svn-remote.svn.url svn+ssh://tubbs/svnroot
git config svn-remote.svn.fetch tfb/trunk/www:refs/remotes/trunk

# Let git-svn update its mappings and fetch the latest revisions. This can
# spew lots of uninteresting output so suppress it.
git svn fetch > /dev/null

echo ""
echo "Checking out working copy..."

# We use git reset here because the git svn fetch might have advanced trunk
# to a newer revision than the master branch created by git clone.
git reset --hard trunk

if [ ! -d "$HOME/$DIRNAME" ]; then
  echo ""
  echo "Making home dir symlink: $HOME/$DIRNAME"
  ln -s "local/$DIRNAME" "$HOME/$DIRNAME"
  echo ""
  echo "$HOME/$DIRNAME already exists; leaving it alone."

echo ""
echo "All done. To make this your new main sandbox directory, run"
echo ""
echo "    rm -rf ~/www"
echo "    ln -s ~/$DIRNAME ~/www"
echo ""

Lastly, I wanted to share something which I found quite amusing. Facebook’s MySQL password. This came from what seems to be a `print_r()` of an array which made its way in to production a few years ago.

array ( 'ip' => '', 'db_name' => 'insights', 'user' => 'mark', 'pass' => 'e5p0nd4', 'mode' => 'r', 'port' => 3306, 'cleanup' => false, 'num_retries' => 3, 'log_after_num_retries' => 4, 'reason' => 'insights', 'cdb' => true, 'flags' => 0, 'is_shadow' => false, 'backoff_retry' => false, )
Host: (Private IP)
Database Name: insights
User: mark
Password: e5p0nd4

Okay, so it’s not the most secure password. But Facebook’s database servers are heavily firewalled. Though if you do manage to break in to Facebook’s servers, there’s the password.

Edit: Mark Zuckerberg was an officer at the Jewish fraternity Alpha Epsilon Pi. The motto on their coat of arms is “ESPONDA”. 🙂

So what have we learnt today? I think the main thing to take away from this is you shouldn’t use public services such as Pastebin to post internal source code. Some creepy guy like me is going to collect it all and write about it. Another thing is to make sure debug information is never pushed to production. I didn’t put much effort in to this but there will be more of Facebook’s source code floating around out there.

Again I’d like to stress that everything I have posted here was already available on the Internet. All I needed to do was search for it. And here’s the download:

URL: facebook_source_code.zip
Password: sintheticlabs.com

If you enjoyed this post and want to see more, follow @SintheticLabs on Twitter.

Public HackerOne bug reports.

Public HackerOne bug reports.

4,419 Bug Reports – $2,030,173 Paid Out
Last Updated: 12th September, 2017
★ 1st Place: shopify-scripts ($441,600 Paid Out)
★ 2nd Place: Uber ($208,700 Paid Out)
★ 3rd Place: HackerOne ($142,700 Paid Out)

Highest Bounty Paid: $20,000 by shopify-scripts for Type confusion in mrb_exc_set leading to memory corruption

Show Bounties Only

Team Bounty Title
Legal Robot design issue exists on login page
Legal Robot Coding error !
TTS Bug Bounty {REDACTED}.data.gov subdomain takeover.
Legal Robot Insufficient Security Configurability-Weak Registration Implementation-Allows Disposable Email Addresses
Legal Robot I cant login to my account
TTS Bug Bounty Email Spoofing – SPF record set to Neutral
TTS Bug Bounty Email Spoofing – SPF record set to Neutral
Legal Robot Improper error message
Legal Robot Email Length Verification
TTS Bug Bounty federalist.18f.gov vulnerable to Sweet32 attack
TTS Bug Bounty Subdomain take-over of {REDACTED}.18f.gov
Legal Robot Name can’t be numbers or email
Gratipay Reflected XSS – gratipay.com
HackerOne ★ IDOR on HackerOne Feedback Review
Gratipay Gratipay rails secret token (secret_key_base) publicly exposed in GitHub
Legal Robot Password Restriction On Change
Legal Robot UX: JS error on Password Safety link
Gratipay xss
Unikrn $200 HTML injection in email in unikrn.com
Legal Robot Information disclosure
Rockstar Games $500 dom based xss in http://www.rockstargames.com/GTAOnline/ (Fix bypass)
Legal Robot Special characters are not filtered out on profile fields
Legal Robot Change password session fixed
Legal Robot Weak Cryptography for Passwords
Legal Robot $20 No length limit in invite_code can cause server degradation
Legal Robot $20 CSP script-src includes “unsafe-inline”
Legal Robot $20 Improper validation of parameters while creating issues
Legal Robot $100 Update any profile
Legal Robot Invalid Email Verification
Legal Robot $20 first name and last name restrictions bypass
Legal Robot $20 TabNabbing issue (due to taget=_blank)
Legal Robot Tampering the mail id on chatbox
Legal Robot $20 Incorrect error message
Legal Robot $20 Incorrect email content when disabling 2FA
Legal Robot $20 Lengthy manual entry of 2FA secret
Trello $128 A CRLF injection into the redirect URL of https://trello.com/1/authorize can be used to cause a denial of service when later redirected to
Udemy No password length restriction
ownCloud owncloud.com open redirect
Quora $500 [Quora Android] Possible to steal arbitrary files from mobile device
WordPress Clickjacking – https://mercantile.wordpress.org/
Snapchat $5,000 RCE/LFI on test Jenkins instance due to improper authentication flow
Gratipay Sub domain take over in gratipay.com
Ruby Open aws s3 bucket s3://rubyci
Udemy CSRF Token
Legal Robot $40 Code injection
Khan Academy Weak Bithdate Validation Implemented on Sign Up
WakaTime Impersonation of Wakatime user using Invitation functionality.
ownCloud This is not the security issue.
Legal Robot $20 User enumeration from failed login error message
Udemy Violation of secure design principle
Udemy Weak Password
Legal Robot Mixed Content over HTTPS
Brave Software $200 URL Spoof / Brave Shield Bypass
Khan Academy Password Functionality not working correctly
Legal Robot $20 Change password logic inversion
Legal Robot $20 Profile fields validation bypass
arxius No Email Verification and No email sent on Forget Pasword
Phabricator Credential gets exposed
Legal Robot LUCKY13 (CVE-2013-0169) effects legalrobot.com
WakaTime Failure to check password history
Legal Robot Create Api Key is not working
Legal Robot $20 Profile shows incorrect account creation date
Legal Robot Password Reset page Session Fixation
Legal Robot Lack of input validation in e-mail & user name, job title, company name field
Legal Robot SSL : breach compression attack (CVE-2013-3587) effects legalrobot.com
Coinbase Device confirmation Flaw
Rockstar Games $500 dom based xss in https://www.rockstargames.com/GTAOnline/
Bitvise $100 The POODLE attack (SSLv3 supported)
Unikrn $50 Escaping images directory in S3 bucket when saving new avatar, using Path Traversal in filename
Boozt Fashion AB $60 Password reset token issue
Legal Robot $20 [Cross-domain Referer leakage] Password reset token leakage via referer
Automattic $225 XSS Vulnerability in WooCommerce Product Vendors plugin
Rockstar Games $600 CSRF Vulnerability allows attackers to steal SocialClub private token.
Dropbox Missing URL sanitization in comments can be leveraged for phishing
Phabricator Hyper Link Injection In email and Space Characters Allowed at Password Field.
Tor [Android org.torproject.android] Possible to force list of bridges
Legal Robot $20 Token leakage by referrer header & analytics
Zomato $500 Restaurant payment information leakage
Unikrn $40 Flash CSRF: Update Ad Frequency %: [cp-ng.pinion.gg]

Good Measure LA – Wine Bar & Restaurant in Atwater Village

About Good Measure LA

Good Measure is a wine-centric restaurant featuring farm-to-table/wine country cuisine from around the world. We have a rotating by the glass program that represents wine from up to 12 wine producing countries, and a bottle list ranging back to the 1950s. 6 beers on draft are available, as well as a small bottled/canned beer list. Our kitchen closes nightly at 10pm.

At Good Measure we have a few different seating options: 2 top/4 top/6 top tables, bar seating, our Somm Bar counter, and our outdoor patio bar seating. please contact the restaurant directly if you would like to speak about large parties!

Status of Good Measure

Permanently closed

Rating: 4.7/5

A relaxed, upscale wine bar with dinner & brunch menus featuring California-inspired cuisine.

Address: 3224 Glendale Blvd, Los Angeles, CA 90039, United States

Phone: +1 323-426-9461

Customers Reviews

“Delicious and Nutritious! I recently tried Good Measure bars and I am hooked. The peanut butter and dark chocolate flavor is my favorite – it satisfies my sweet tooth without spiking my blood sugar. Plus, the robust online tracking system makes it easy to stay on top of my health goals. Highly recommend!”

Sarah M., Yelp

“As a bariatric patient, I often struggle to find convenient and healthy snack options. Enter Good Measure bars! Not only do they taste great, but their online platform really helps me keep track of my nutrition intake. Two thumbs up!” –

Tom W., Bariatric Foodie

“I had the pleasure of dining at Good Measure restaurant in LA and was blown away by the delicious food and stunning atmosphere. Their grilled octopus dish was incredible and the Albariño wine recommendation was spot on. Can’t wait to go back!”

Javier Nava, Google

“I was hesitant to try another protein bar, but Good Measure exceeded my expectations. The almond blueberry flavor is unique and satisfying, and I love that it’s low in sugar. The texture is also spot on – chewy and filling. Definitely recommended!”

Emily L., CVS Review

“Just received my order of Good Measure bars from their website and I couldn’t be happier. The snack bar variety pack is perfect for trying all the flavors and finding my favorites. They’re a great option for busy days when I need something quick and nutritious.”

Rachel S., Sam’s Club Review

Good Measure LA Menu

Item Name Price Description
House-Pickled Vegetables $5.00 Olive oil & sea salt
Olives & Almonds $6.00 Herbs, smoked sea salt
Brussels Sprouts $7.00 Toasted walnuts, dates, sherry vinegar, parmesan
Chickpea Fries $8.00 Harissa, yogurt, cucumbers
Lamb Meatballs $9.00 Labneh, crispy bulgur
Shaved Cauliflower Salad $13.00 Turnip, radish, carrot, golden raisins, pine nuts, olive bagna càuda
Persimmon, Speck & Burrata Salad $16.00 Wild baby arugula, olive oil, balsamic vinegar
Crispy Chicken Confit $11.00 Garlic/honey/chili glaze, pickled corn, shaved fennel & persimmon
Grilled Octopus $16.00 Charred carrots, eggplant purée, shishitos, red pepper aioli, Za’atar
Mushroom Risotto $19.00 Mixed mushrooms, arborio rice, parmesan
Spaghetti Bolognese $19.00 Handmade spaghetti, pork & beef, parmesan

Additional Info


Good Measure is located on Larga Avenue in Atwater Village. You can find us at the cross street of …

Hours of Operation:

Tuesday – Sunday, 5:00 PM – 10:00 PM

Price Range:

Our prices range from $31 to $50 per person.


We specialize in farm-to-table, Californian, and French cuisine.

Dining Style:

The dining style at Good Measure is casual elegant, perfect for any occasion.

Dress Code:

Our dress code is casual, so come as you are!


There are several parking options available for our guests, including free public lot, neighborhood street parking with city meters, and nearby paid lots.

Payment Options:

We accept AMEX, Diners Club, Discover, Mastercard, and Visa.

Executive Chef:

Our Executive Chef is Mike Garber.


Good Measure offers banquet, bar/lounge, beer, corkage fee, counter seating, non-smoking, patio/outdoor dining, private room, wheelchair access, and wine.


Make a reservation by visiting our website or calling us at (323) 426-9461.

Private Parties:

For private parties, we have a private table in our wine cellar that can accommodate up to 8 guests. This option is available Thursday, Friday, or Saturday evenings. Please contact Sophie at (818) 519-4509 for more information.