Robert Graham 𝕏 Profile picture
Created (BlackICE,IPS,sidejacking,masscan). Doing (blog,code,cyber-rights,Internet-scanning). @erratarob@infosec.exchange
CoolTolerance Profile picture otaria123 Profile picture Daniel Jacob Bilar Profile picture kiddphunk Profile picture Minh-Triet Pham Tran Profile picture 33 subscribed
Sep 17 8 tweets 1 min read
By the way, the energy density of C4 is 6.7 megajoules/kilogram.
The energy density of lithium-ion batteries is about 0.5 megajoules/kilogram. C4 will "detonate" with a bang.
Lithium-ion batteries will go "woosh" with a fireball, if you can get them to explode. They conflagrate rather than detonate. They don't even deflagrate like gun powder.
Jul 21 14 tweets 4 min read
I don't want to get into it, but I don't think Travis is quite right. I mean, the original 25million view tweet is full of fail and you should always assume Tavis is right ....

...but I'm seeing things a little differently.
🧵1/n 2/n
DON'T TRY THIS AT HOME

I'm a professional, so I can take the risk of disagreeing with Tavis. But this is just too dangerous for non-professionals, you'll crash and burn. Even I am not likely to get out of this without some scrapes.
Jun 18 5 tweets 2 min read
The reason IT support people are so bitter is that YOU (I mean YOU) cannot rationally describe the problem:

You: The Internet is down
IT: How do you know the Internet is down?
You: I can't get email.
IT: Is it possible that the email servers are down and the Internet is working just fine? Can you visit Twitter on your browser?
You: Yes, I can visit the twitter website.
IT: Is there any reason other than email to believe the Internet is down?
You: The last time I couldn't get email it was because the Internet was down.

The fact that IT doesn't call you a blithering idiot on every support call demonstrates saintly restraint, even if a little bit of their frustration leaks through. A lot of good replies to my tweet, but so far this is the best:
Apr 12 4 tweets 1 min read
Uh, no, by any rational measure, only Trump has had respect for the forum.

Televised debates aren't about "debate" but charisma and media training, where they craft an answer regardless of whether they believe it.

Trump is the only candidate who gives sincere answers. Trump is pure evil, the brutality of his answers appeals to ignorant brutes who reject all civilized norms.

But the yang to Trump's yin is a liberal elite like Rosen whose comfortable with the civilized norm of lying politicians who play this game of deceitful debates.
Mar 21 4 tweets 2 min read
I've read through it.

It's the same as all Ben Cotton's analysis's, looking for things he doesn't understand and insisting these are evidence of something bad, that the only explanation is his conspiracy-theory.

I can't explain the anomalies he finds, either, but in my experience as a forensics expert, I know that just because I can't explain it doesn't mean there isn't a simple explanation.

For example, he points to log messages about mismatched versions. I know from experience that such messages are very common, I even see them in software that I write. It's the norm that when you build something from a lot of different software components, that they will not be perfectly synchronized.

That he would make such claims based solely on log messages of mismatched versions proves that he's really not competent -- or at least, very partisan willing to be misrepresent things. In particular, I disagree with his description of these files. In the C#/.NET environments, creationg of new executables is common. In particular, these are represent web server files. It's quite plausible that as the user reconfigures the website, that these executables will be recreated.

I don't know for certain. I'd have to look at Dominion in more detail. I just know that if any new C#/.NET executables appear in the system that they are not automatically new software.Image
Feb 16 5 tweets 2 min read
This is an incredibly important article and Charlotte Cowles (@charlottecowles) should be praised for writing it. Everybody should read it.


People laughing at her for getting scammed are missing the point, such as what the following picture does. thecut.com/author/charlot…
Image No, I wouldn't have gotten scammed like her. For one thing, I believe every phone call is a scam, either a criminal one, or some vendor trying to waste my time getting me to pay for things.

But I hate to think what I might fall victim to.
Jul 5, 2023 8 tweets 5 min read
🧵1/n
I'm trolled by this thread. So here's my response.

But before that, I want to point out that it's by questions that we come to understand the world. There are no stupid questions. Well, there are, but it's by asking them that we get smarter.

Also, there is a lot of disagreement among economists and bankers about the cause of post-pandemic inflation and what best to do about it.

There is also a lot of disagreement among the podcaster/pundit classes. Most answers to this question come from people regurgitating their favorite podcaster/pundit.
2/n The thing that trolls me is this tweet in that thread. They say "Understood", but I don't understand, because they mention two largely unrelated concepts: short-term inflation and long-term inflation.

It's been know since Roman times that creating money causes long-term inflation. They didn't have the sophisticated understanding we have now, but they did notice that when they debased their coins (reducing gold content, putting more coins in circulation) that the value of the coin went down and consequently, the number of coins need to pay for the same good increased.

Short-term inflation can be caused by a number of things, such as the business cycle overheating, or economic shocks, both of which we've seen post-pandemic.

Such short-term inflation is then followed by short-term deflation, as it needs to bounce back to the long-term rate. For example, in 1932 we saw 10% deflation. This is considered more damaging than inflation, because it causes people to hoard cash under their mattresses, because they know that a year later, it'll be worth 10% more. In other words, deflation causes what's essentially a Ponzi scheme.

Since then, we've largely "tamed" the business cycle. Raising interest rates at the peak prevents short-term inflation, lowering interest rates after the recession prevents short-term deflation. But raising interest rates can trigger recessions, so people

So this tweet below seems to confuse two different concepts, raising interest rates to lower short-term inflation, and the cause of long-term inflation (printing money). By "Understood" I think they mean they've heard of such things, not that they understand such things.
Jun 18, 2023 4 tweets 3 min read
You can't live debate crazy, they will always win.

Live debate is just performance art. Somebody will make some new claim nobody has heard of before, and it'll be impossible to refute without having the time to go research what they just said. "Samuelsson's study from late 2021… twitter.com/i/web/status/1… Image For example, to prove my point, I opened the podcast (open.spotify.com/episode/3DQfcT…) and skipped forward to a random location, around 37 minutes into the thing (I can't bear to watch all 3 hours and debunk point by point).

At this point, he's talking about a "Lazarus Report" that said… twitter.com/i/web/status/1…
Jun 17, 2023 4 tweets 2 min read
John Cusack (just a movie star) advocates for censorship of the press while simultaneously being on the board of the "Freedom of the Press Foundation".

FYI: we all have the right to foment coups based on provable lies, that's what the "free speech" and the "First Amendment" say. Image Fair. It's not polite calling people "just a movie star", implying that they are lightweights, that their political opinions have only the same sophistication as the average movie star. Image
Mar 8, 2023 7 tweets 1 min read
What really bugs me is that the C programming language is close to being a memory safe language, but I need to spend 6 months learning how to write llvm/clang extensions to demonstrate it. You can do it so that major projects like OpenSSL would still work with old compilers. You wouldn't need to fork any code, the same code would continue to compile either in an unsafe fashion -- just safe on new platforms.
Mar 7, 2023 7 tweets 2 min read
The Capitol guards had orders that they couldn't shoot people. Thus, they had no ability to stop the insurrectionists. All they could do is accompany them and make sure doors were locked, and escort them out of the building. If you can't shoot rioters and their numbers overwhelm you, then there isn't much you can do but stand by and watch. Tucker cherry picks these videos to make it look like the guards are helping the insurrectionists.
Mar 7, 2023 4 tweets 2 min read
🧵This is one of those typical "Washington Game" articles from the New York Times quoting anonymous government officials who have no reason to hide behind anonymity. It's official leaks designed to make the public believe regardless if it's true.
nytimes.com/2023/03/07/us/… There is no question the above article is an ethical swamp. The Society of Professional Journalists has a discussion of exactly this sort of article.
spj.org/ethics-papers-… Image
Mar 3, 2023 4 tweets 1 min read
I think there are two kinds of humor: one that exploits your intelligence and one that exploits your ignorance. For example, the right wing (wrongly) think people are collapsing due to the vaccine. So this humor exploits their stupidity. I mention this example after watching some recent late-night monologues. They seem to target the most superficial readings of the days news -- not what really happened, but what the masses think happened.
Mar 2, 2023 43 tweets 8 min read
🧵Biden has released his "National Cybersecurity Strategy". It's just police-state thuggery designed to kill innovation on the Internet. It says it wants innovation -- but only on their terms, with the jackboot of police-state oppression on your neck.
whitehouse.gov/wp-content/upl… Here's a quicker summary.
1. Sure, the government has an interest in protecting critical infrastructure. But the reality is that critical infrastructure is more at danger from physical attacks and accidents than cyberspace.
whitehouse.gov/briefing-room/…
Feb 28, 2023 9 tweets 2 min read
Sigh. This misconception is why we need to teach civics in school.
The Supreme Court is not deciding whether the governmetn should forgive $20k of student laons.
Instead, the Supreme Court is deciding whether this policy can be made by the President or Congress. The Constitution says it's Congress's job to make such policies, that they are the ones that make laws, not the President.
However, Congress gives some power to the President to decide how to carry out laws. Congress sets policy in broad strokes, letting the President do details.
Feb 28, 2023 4 tweets 1 min read
I disagree.
First of all, this was a media app on the desktop computer, the same threat model we've struggled with for 25 years.
Second, IoT's threat model is completely different -- sometimes safer, sometimes more threatening. The IoT threat-model is much less from external actors who generally can't access the devices, and much more from the vendor. Ultra-secure IoT devices with no open ports and fully patched are still a danger from the vendor pushing out a hostile update.
Feb 26, 2023 8 tweets 3 min read
🧵I have successfully edited my "OSI Deprogrammer" down to a mere 120 pages. I've given up trying to shorten it and make it succinct, and am now adding elaborations.

The biggest struggle is dealing with "deprogramming" bit. What's obvious to me isn't so obvious to others. Image OSI teaches that all the layers are part of a single integrated network stack.

The reality is that the Internet is independent of local networks like Ethernet or any payload like the web.
Feb 25, 2023 6 tweets 1 min read
Sigh. We have a highly regulated business climate. Some policies help, some hurt, and when the government throws money at your competitors, you can't compete unless you get some as well. And sometimes the government is a customer. There's no way anybody can be successful in today's business climate without those like Ralph Nader pointing out all the ways government helped them. They ignore all the ways government has hurt them.
Feb 20, 2023 5 tweets 1 min read
Ask Twitter: there's a theory of history that posits true change doesn't happen until those who believed in the old ways die off. We see ideas dominate by the old guard without realizing all the kids of that time believe in the new ideas.

What's the name of this theory? I ask because it's a great analogy for the Internet vs. OSI. The OSI Model is what all the experts believed back in the day. We have to wait until they get dead and buried to move beyond the nonsense.
Feb 18, 2023 6 tweets 2 min read
🧵
For all the crazies out there, this tweet is sane. Vaccines are good for providing personal protection (I've had 4 covid shots so far), but there was never a scientific basis for believing vaccines would stop the spread.
The censored tweets were true. Vaccines don't stop infections (generally). The train the adaptive immune system to respond to an infection so fast that you don't develop symptoms. How well this stops the spread is unknown and varies among vaccine types, varies among the diseases they stop.
Feb 17, 2023 9 tweets 3 min read
🧵I'm heterodox, eager to defend JK Rowling against the woke cancel culture that grips NYTimes contributors. But this isn't it. This is just garbage memes. It's not a defense of heterodoxy, but either dog whistling to transphobes or hero worship of Rowling
archive.is/4mZXC Disagreement with Rowling is legitimate. Sure, I hate the cancel culture. But the above "Defense" implies there's no good reason to disagree with Rowling. There are lots of good reasons, she's a tiny bit transphobic.
nbcnews.com/nbc-out/out-ne…