Robᵉʳᵗ Graham😷, provocateur Profile picture
Created:[BlackICE,IPS,sidejacking,masscan]. Doing:[blog,code,cyber-rights,Internet-scanning]. Unethical coder.
otaria123 Profile picture Daniel Jacob Bilar Profile picture Postcards of the Hanging(s) Profile picture kiddphunk Profile picture Minh-Triet Pham Tran Profile picture 17 added to My Authors
3 May
Neither side pays attention to the science. It’s astonishing how little people pay attention to what the CDC actually says about masks.
It’s like in Germany where people are upset at the national curfew — especially the head of their medical institute who keeps pointing out how unscientific it is.
Curfews and mask mandates happen because they are the easiest to enforce not because they are the most scientific. I noticed that in the airport where everyone is masked but nobody socially distances Image
Read 18 tweets
30 Apr

How it started: This hotel has a TV with a barcode I can scan to control the TV from my phone???

How's it going:
(screenshot edited to remove most of the cookie) Image
The natural urge of hackers when they see some new networked thingy is to hack it. Simple knowledge of the TV set in the previous screenshot appears to be insufficient to control the TV, I also need the session cookie that was given by following the QRcode.
So what you see in the screenshot is the minimum HTTP request (that normally comes from browsers) that I can craft by hand to change the channel
Read 4 tweets
30 Apr
Current status: I’m in an Uber!!! First time since the pandemic started. I’m so excited.
Both the driver and I are vaccinated. I offered to take off my mask if he took off his. He wouldn’t go for it.
People suck at the social distancing at the airport Image
Read 5 tweets
30 Apr
In first grade, my mom got me a "Brainteaser" book that was way to advanced for my grade level, which I read obsessively, learning such things as the frequency of letters (ETAONS...) to solve cryptograms, among other things.
Both my parents valued learning and were reading books or taking classes all the time. They both inspired me that anything was in my grasp to learn if I tried. So I learned how things worked, including computers.
A lot of hacking is simply taking the time to learn that thing that everyone else believes to be unnecessarily or too complicated beyond their abilities. I took the time.
Read 9 tweets
30 Apr
Should I explain this magic trick and ruin it for everyone? Yea, I suppose so. There's a couple useful cybersecurity analogies. Here is goes.…
First of all, David Blain has one main trick: showing you the clip where people are amazed, not that other tricks done poorly. You feel amazed because they are amazed, even though the trick is really no more amazing than any other card trick.
Second of all, the video is cut. It doesn't show the setup ahead of time -- that's a suspicious arrangement of fruit there on the counter.
Read 16 tweets
28 Apr
Apple created this wonderfuly privacy-protecting contact-tracing app technology. Few (in the U.S.) actually installed it.

Now they want privacy-destroying vaccine passport apps imposed on people to force political correctness rather than health.
Vaccine passports aren't about health, since the almost all the danger the unvaccinated have is toward other unvaccinated people. Thus, requiring vaccine passports to attend a concert is silly.
Vaccines aren't about personal protection or individual incidents of infecting others. Instead, they are about herd immune getting the number of infections down from 50k/day to 1k/day.
Read 9 tweets
28 Apr
So I discovered that the 'ping' latency in is a lie, at least for DOCSIS cable modems. It says 10ms, but it's closer to 40ms for most people. That's the minimum latency added by cable modem technology.
In the above speed test, I opened Wireshark to capture the session, then looked at the "TCP round-trip time". As you can see, I'm getting around 25ms round-trip. This is DOCSIS 3.1 w/ AQM. DOCIS 3.0 was giving me about 45ms to the same server.
This is a known issue of DOCSIS cable-modem technology, dealing with the fact that multiple customers can't transmit at the same time. When the cable is lightly utilized, it adds 10ms latency. When heavily loaded, it can go up to 100ms.
Read 8 tweets
28 Apr
People: "You should listen to the CDC on masks"
Also people: <have no clue what the CDC says about masks>

That's demonstrated by the following story which is unaware that CDC has always recommended UNvaccinated people can jog or bike or hang out with household members outside.
Here's a page from March, for example. Outdoor activities like walking, running, and biking are safe for UNvaccinated people as long as you social distance from strangers.
Scroll down on that page and see the unmasked, unvaccinated people jogging and walking their dog.
Read 4 tweets
27 Apr
This thread completely misses the point. That's not the issue.

The issue is that political discussion have become toxic because people cannot tolerate those who disagree with them on important matters.

This thread doesn't answer how they deal with this toxicity.
Sure, you have a channel on #americanpolitics, but how do you handle it when one person claims to shoot guns at the range every weekend, then several others complain to HR how they now feel unsafe at work.
Basecamp's solution to political toxicity was to discourage such discussion at work. Asana doesn't say how they deal with toxicity. Sure, they have spaces for politics, but they still haven't say how you handle it when it bleeds over to work.…
Read 5 tweets
26 Apr
Apparently the latest crazy conspiracy theory is that vaccinated individuals can harm the unvaccinated because they cough up evil proteins or something.

No, it's not how things work. The only animals with dangerous proteins are venomous snakes and spiders.
Yes, yes, you can't fully trust what those in power claim about the science, because they twist things.

But you can trust even less what CrazyWombat3993 claimed in that forum post that all your friends are passing around.
Conspiracy theorists are weird. They start using technical terms, correctly, that makes me think "Oh, finally, somebody who understands the science".

Then they veer off into crazy lands demonstrating they don't understand science.
Read 6 tweets
26 Apr
The think I find interesting about conspiracy theorists is how they seem blithely unaware that their talking points have been debunked.

Conspiracy theorists: please please cite the thing that debunks your arguments so I don't have to. You are just being lazy not doing this.
Why do we count the flu by calendar year, but the covid19 since 2019? Because the flu is endemic, happening every year. Outbreaks and pandemics are temporary, so treated as a single event even if it crosses multiple years.
Yes, yes, precise numbers are difficult because sometimes sometimes hospitals are encouraged to count things as covid19 related that may not be. But excess deaths gives us a solid numbers comparable across countries.
Read 9 tweets
25 Apr
Let's talk science, for a moment.

Vaccines are running at 3-million doses per day. Roughly 1/3 of the U.S. population has gotten at least one dose in the last month.

QED: any death that happens has a 33% chance for conspiracy theorists to tie to vaccines.
Science is when you take evidence, create a falsifiable theory, and try to prove the theory wrong.

Conspiracy theories are when you cherry pick things that appear to support your theory, while deliberately ignoring alternative explanations.
Anecdotally, there are a ton of deaths a few days after people get vaccines.

But statistically, the death rate of the recently vaccinated is no higher than people who haven't recently gotten vaccines.
Read 5 tweets
25 Apr
Well, yes, in 2000, Microsoft web servers were scalable and Linux servers weren't. It wasn't until a few years later that Linux added NAPI (scalable Ethernet drivers) and 'epoll()' (scalable TCP stack).

Microsoft already coalesced interrupts with NDIS and scaled TCP with IOC.
Today, Linux is ahead of Windows on scalability with thinks like DPDK. But in 2000, Linux was a fucking cult, because techies are far less technical than they claim and don't understand things like "interrupt coalescing".
BlackICE Guard (the first IPS) had user-space drivers on both Windows and Linux that handled it's own network stack, meaning, 99% of the CPU power was in BlackICE and not the operating-system, and people still told me "Linux would be faster".
Read 9 tweets
25 Apr
I still haven't delved into WhatsApp code enough, but I suspect there is a flaw that the app leaks the SHA256 hash of the unencrypted multimedia content to Facebook.
This means they still can't decrypt the content. But, if they have a copy of the multimedia thing being shared, then they could in theory know that you shared it.

Thus, if 'chatty rat' sent an image/video with a distinctive hash, they could ask Facebook for who sent that hash.
This would be great way of catching child pornographers without actually being able to decrypt anything, for example, while generally preserving most privacy.
Read 4 tweets
23 Apr
We are not morons.
99% of the people getting vaccines do not know how they work, they aren't "smart".
Instead of intelligence they simply have faith in their leaders. Yes, some leaders are often failing their followers, but both sides kinda suck at that.
No, it's not "listen to the scientists". Scientists get corrupted by politics like everyone else. The science is much more equivocal than people think. People aren't reading the science or listening to scientists -- they are listening to their political leaders claims of science.
People have legitimate and reasonable questions. For example, a friend gets stuck in bed for 3 days after a vaccine, which makes them worry. Nobody answers their concerns-- all they get is toxic responses "SHUT THE FUCK UP AND GET A VACCINE MORON".
Read 9 tweets
22 Apr
A good example of the Internet outrage machine. A lot of outrage at people like Juan Williams and Joy Behar for suggesting police fire warning shots. Almost no discussion why this might be a good or bad idea.
What I find most interesting is the Dunning-Krueger effect where people imagine that this is something that hasn't been considered before, as if this was something that the police officer decided on the spur of the moment, rather than something they were trained to do.
Virtually every police officer is instructed and trained so that when somebody is attacking with a knife, that you shoot that person in the center of mass. There's a lot of research on this topic.
Read 6 tweets
21 Apr
1/ In case you don't have the context to understand this manifesto, let me explain it to you.…
2/ Cellebrite is a product designed for law enforcement to forensically scan Androids and iPhones. Recently, they announced that they've added the ability to forensically scan the Signal app.
3/ Signal, as you'll recall, is the famous end-to-end encrypted app -- meaning that nobody in between the ends can intercept your data, not the FBI, not the NSA, and not even Signal itself.
Read 16 tweets
15 Apr
I keep seeing this appear in my timeline. I don't think people understand what Reuters is. It's a news agency. It provides news to professionals. It doesn't provide mass market news.
The customer base is professionals, not the mass market. The mass market willing consumes advertising-driven "clickbait" stories. Professionals are willing to pay a lot more for quality news that isn't agenda drive or clickbait driven.
Well, yes, it's bland vanilla. That's entirely the point. If you want reliable news, rather than ginned up clickbait, then you have to pay for it. Entertainment is cheaper than reliable information.
Read 9 tweets
14 Apr
I have the same questions. Note that I am willing to accept there's good explanations, that there's some law I've missed that explicitly gives them power to do this. It's just that if there isn't, then the FBI's actions are egregious and worthy of outrage.
I deal with sides: law enforcement on one said and cyber anarchists on the other. Law enforcement hates anarchists and see themselves as inherently better, because they believe in following the law.
Except, as it appears here, they didn't. They simply ignored the law, pretending that a search warrant gives them the power to delete files from people's computers. They feel justified in this obvious misreading of the law because their cause is just.
Read 4 tweets
12 Apr
I've boycotted the FSF for 30 years. I'm not sure what new thing that the rest of you have recently discovered that makes you want to boycott them now.
I mean, I do understand. It's the social media pile on effect where a bunch of like minded people get outraged and feel they can successfully bully the FSF into seeing things their way.
I've read letters like the following. It's garbage, indicting Stallman for being nerd, which by definition means he sees things differently.
Read 4 tweets
12 Apr
Everyone is laughing at Ted Nugent for saying "why no lockdowns for COVID-18", but people aren't likewise laughing at tech CEOs for saying "we can do X online but not vote?".

The answer is because a small amount of fraud/mistakes are acceptable for X, but not for voting.
Credit card fraud accounts for like 0.5% of all purchases. Imagine if 0.5% of votes where fraudulent. Uber is full of GPS problems (arriving and getting you to the destination), and drivers routinely game the system to get the most profitable riders.
Moreover, the most important part of the voting system is trust -- trust that the system hasn't been hacked either by foreign hackers or the elites who run/administer it. That's vastly easier to demonstrate with a paper trail than the magic of computers.
Read 6 tweets