How it started: This hotel has a TV with a barcode I can scan to control the TV from my phone???
How's it going:
(screenshot edited to remove most of the cookie)
The natural urge of hackers when they see some new networked thingy is to hack it. Simple knowledge of the TV set in the previous screenshot appears to be insufficient to control the TV, I also need the session cookie that was given by following the QRcode.
So what you see in the screenshot is the minimum HTTP request (that normally comes from browsers) that I can craft by hand to change the channel
In first grade, my mom got me a "Brainteaser" book that was way to advanced for my grade level, which I read obsessively, learning such things as the frequency of letters (ETAONS...) to solve cryptograms, among other things.
Both my parents valued learning and were reading books or taking classes all the time. They both inspired me that anything was in my grasp to learn if I tried. So I learned how things worked, including computers.
A lot of hacking is simply taking the time to learn that thing that everyone else believes to be unnecessarily or too complicated beyond their abilities. I took the time.
Should I explain this magic trick and ruin it for everyone? Yea, I suppose so. There's a couple useful cybersecurity analogies. Here is goes. twitter.com/i/events/13877…
First of all, David Blain has one main trick: showing you the clip where people are amazed, not that other tricks done poorly. You feel amazed because they are amazed, even though the trick is really no more amazing than any other card trick.
Second of all, the video is cut. It doesn't show the setup ahead of time -- that's a suspicious arrangement of fruit there on the counter.
So I discovered that the 'ping' latency in Speedtest.net is a lie, at least for DOCSIS cable modems. It says 10ms, but it's closer to 40ms for most people. That's the minimum latency added by cable modem technology.
In the above speed test, I opened Wireshark to capture the session, then looked at the "TCP round-trip time". As you can see, I'm getting around 25ms round-trip. This is DOCSIS 3.1 w/ AQM. DOCIS 3.0 was giving me about 45ms to the same server.
This is a known issue of DOCSIS cable-modem technology, dealing with the fact that multiple customers can't transmit at the same time. When the cable is lightly utilized, it adds 10ms latency. When heavily loaded, it can go up to 100ms.
Sure, you have a channel on #americanpolitics, but how do you handle it when one person claims to shoot guns at the range every weekend, then several others complain to HR how they now feel unsafe at work.
Basecamp's solution to political toxicity was to discourage such discussion at work. Asana doesn't say how they deal with toxicity. Sure, they have spaces for politics, but they still haven't say how you handle it when it bleeds over to work. world.hey.com/jason/changes-…
Why do we count the flu by calendar year, but the covid19 since 2019? Because the flu is endemic, happening every year. Outbreaks and pandemics are temporary, so treated as a single event even if it crosses multiple years.
Yes, yes, precise numbers are difficult because sometimes sometimes hospitals are encouraged to count things as covid19 related that may not be. But excess deaths gives us a solid numbers comparable across countries.
Well, yes, in 2000, Microsoft web servers were scalable and Linux servers weren't. It wasn't until a few years later that Linux added NAPI (scalable Ethernet drivers) and 'epoll()' (scalable TCP stack).
Microsoft already coalesced interrupts with NDIS and scaled TCP with IOC.
Today, Linux is ahead of Windows on scalability with thinks like DPDK. But in 2000, Linux was a fucking cult, because techies are far less technical than they claim and don't understand things like "interrupt coalescing".
BlackICE Guard (the first IPS) had user-space drivers on both Windows and Linux that handled it's own network stack, meaning, 99% of the CPU power was in BlackICE and not the operating-system, and people still told me "Linux would be faster".
We are not morons.
99% of the people getting vaccines do not know how they work, they aren't "smart".
Instead of intelligence they simply have faith in their leaders. Yes, some leaders are often failing their followers, but both sides kinda suck at that.
No, it's not "listen to the scientists". Scientists get corrupted by politics like everyone else. The science is much more equivocal than people think. People aren't reading the science or listening to scientists -- they are listening to their political leaders claims of science.
People have legitimate and reasonable questions. For example, a friend gets stuck in bed for 3 days after a vaccine, which makes them worry. Nobody answers their concerns-- all they get is toxic responses "SHUT THE FUCK UP AND GET A VACCINE MORON".
A good example of the Internet outrage machine. A lot of outrage at people like Juan Williams and Joy Behar for suggesting police fire warning shots. Almost no discussion why this might be a good or bad idea.
What I find most interesting is the Dunning-Krueger effect where people imagine that this is something that hasn't been considered before, as if this was something that the police officer decided on the spur of the moment, rather than something they were trained to do.
Virtually every police officer is instructed and trained so that when somebody is attacking with a knife, that you shoot that person in the center of mass. There's a lot of research on this topic.
The customer base is professionals, not the mass market. The mass market willing consumes advertising-driven "clickbait" stories. Professionals are willing to pay a lot more for quality news that isn't agenda drive or clickbait driven.
I have the same questions. Note that I am willing to accept there's good explanations, that there's some law I've missed that explicitly gives them power to do this. It's just that if there isn't, then the FBI's actions are egregious and worthy of outrage.
I deal with sides: law enforcement on one said and cyber anarchists on the other. Law enforcement hates anarchists and see themselves as inherently better, because they believe in following the law.
Except, as it appears here, they didn't. They simply ignored the law, pretending that a search warrant gives them the power to delete files from people's computers. They feel justified in this obvious misreading of the law because their cause is just.
Credit card fraud accounts for like 0.5% of all purchases. Imagine if 0.5% of votes where fraudulent. Uber is full of GPS problems (arriving and getting you to the destination), and drivers routinely game the system to get the most profitable riders.
Moreover, the most important part of the voting system is trust -- trust that the system hasn't been hacked either by foreign hackers or the elites who run/administer it. That's vastly easier to demonstrate with a paper trail than the magic of computers.