Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
Thank you for calling Hotline hacked share
0:02
your strange tale of technology true
0:05
hack or computer confession Alright
0:09
I got one for you guys when
0:11
I was in high school I
0:14
went through Like
0:17
a computer face I would say with
0:19
a friend of mine we were kind of
0:21
the computer nerds for
0:23
our class and naturally we
0:26
gravitated to the print
0:28
shop and who is also our
0:30
sysadmin for the school
0:32
and befriended him and He
0:37
inadvertently challenged us saying that
0:39
we could not break into our
0:41
school's network Which
0:44
you should not do with high school boys so
0:48
My friend and I were able to
0:50
successfully compromise the network. I'm not gonna
0:52
go into details for obvious reasons But
0:56
fortunately, we're both good kids and
0:59
it didn't change grades or anything like that
1:01
But for our senior prank did modify
1:03
our school website to
1:07
reflect our Year
1:10
in school as well as play schools out for
1:12
summer By Alice
1:14
Cooper as soon as you loaded
1:16
the page, which is exceedingly irritating Then
1:22
We ended up getting caught but not for
1:24
the reasons that you think there was no technical
1:27
reason why we were caught because we were very
1:29
careful We
1:31
were the likely suspects so
1:33
the sysadmin approached my friend who
1:36
ratted me out and we served two
1:38
days of in-school suspension Fortunately,
1:41
we had No,
1:43
add history of doing
1:46
anything malicious. We were
1:48
both honor students and Didn't
1:51
have any They
1:53
didn't have any reason to really throw the book at
1:55
us fortunately But
1:57
in the meeting with the superintendent
2:00
This is admin and our high
2:02
school principal. We were given
2:04
the analogy that it was like breaking and
2:06
entering into someone's home And messing up their
2:08
closet So
2:11
hopefully enjoyed that story School's
2:16
out schools out for summer. Hey everybody.
2:19
Welcome to hotline hacked It's the calling
2:21
show where you can share your strange
2:23
tale of technology true hacker computer confession
2:28
So many things to so many things
2:30
with this one The print shop
2:32
was the sis admin is a great way into any
2:34
story I want to I want the
2:36
life story of this guy because he sounds rad He's
2:39
like I work on the technical
2:41
things the printing and the computers
2:45
And also hammers hammer is great Yeah,
2:49
I mean don't inadvertently challenge I think was
2:51
the phrase don't inadvertently challenge high school boys
2:54
to do anything because they have a Lot
2:57
to prove in a lot of time on their
2:59
hands. It's never a good move. This is I
3:04
Did this foolish to me like the
3:08
You're gonna challenge like the nerds to whether they
3:10
can do something they're gonna figure out how to
3:13
do it I'm sorry. It's like it's only you
3:15
don't like you. How do you even get mad
3:17
at these kids? Like you're the one
3:19
that you're the one that spurred them on You're
3:21
like I dare. Yeah, it's like you're the
3:23
sis admin. You just dared me to violate
3:25
your security. I'll violate your security If
3:28
you really want me to I feel like when this
3:30
happened everyone turned to each other was like who could
3:32
this have been? And that dude knew Immediately.
3:35
Oh, I mean well, I did pose
3:37
a challenge to some Nerds
3:40
with gumption that they couldn't
3:42
do the exact thing that just happened Do
3:44
we think maybe it was them? Also
3:47
a real no honor among thieves thing with
3:49
the friend immediately ratting him out. Hey, man
3:52
You know, it's if I've seen enough Hollywood
3:54
movies about nerds in my life. It is
3:57
that they crack under pressure It's
3:59
out I
4:01
will go into the details, but I had a really
4:04
similar situation in high school. It wasn't nearly
4:06
as cool as this, but it did involve
4:08
being somewhere we weren't supposed to and the
4:10
way it all shook out, no, no word
4:12
of a lie. Someone cracked under
4:15
pressure and routed everybody out. Yeah. We
4:17
got pulled into the, into the school
4:19
cop office and everyone was tight-lipped except
4:21
one person and it all fell apart.
4:25
My, uh, my in-laws are
4:27
both, uh, principals and
4:31
apparently my mother-in-law was exceptional
4:33
at getting children to crack.
4:37
She's like, yeah. What a thing
4:39
to know about yourself. Yeah, exactly. She,
4:42
she knew like the right buttons to
4:44
push and like when to lose them
4:46
to stew and like let their internal
4:48
emotions like take over and it
4:51
just like always led to like, she would reenter the
4:53
office and they'd be like, I did it. She's
4:58
like, I know I know. Standing in the
5:00
doorway. Exactly. Like we all casting a long
5:02
shadow into the room. We've
5:05
known since we've known since this morning, of course. Um,
5:07
but the walks out and someone else was like, how
5:10
did you know? She's like, we had no idea. I
5:12
just knew that kid. He was sweating bullets the moment
5:14
we brought them. I
5:18
think, uh, I think I would have a
5:20
story similar to this from my youth, which
5:23
I, you know, maybe,
5:26
maybe I have a story
5:28
similar to this, but the,
5:30
uh, yeah, a lot of, a
5:33
lot of security in school
5:35
networks. Not so great. Even
5:37
in school divisions and even in provincial
5:39
school networks, uh, you should not be
5:41
so good. Well, when you
5:43
have that many staff, a
5:47
lot of them aren't technical. Uh,
5:49
you know, security protocols can be pretty
5:52
lenient. So for
5:54
sure. It's
5:56
a, it's nice that they, I like breaking and
5:58
entering someone's home and just met. messing with the
6:00
closet. I think that's, I'm
6:03
glad that they just messed with the closet and played a
6:05
song. This just brings
6:07
up the fact that there's such a
6:09
proud history of hacking and breaking into
6:12
stuff just to play bops, just
6:14
to do a sick needle drop that the
6:16
man doesn't want you to. I feel like
6:18
there's so many great hack stories that were
6:21
just about playing a song over the radio
6:23
or the internet or a website or an
6:25
intercom. I remember there
6:29
was one a couple of years ago where the
6:31
rapper, it was a song by YG and
6:33
I think Nipsey Hussle called FDT is a
6:36
political song. It
6:38
was a South Carolina radio station
6:40
that there was like 20
6:42
minutes just looping this song on repeat.
6:47
Sunny 107.9 and someone hacked into
6:50
it because it had a internet
6:53
connected antenna. The antenna had an internet
6:55
intermediary where you sent the audio to it through
6:57
this web system and then it broadcast over the
6:59
air. They got in the middle of that and
7:01
were able to just write a song on the
7:03
loop. Brilliant. And
7:06
then the other one that I remembered and
7:08
I dug it up was
7:10
it was a British radio
7:12
station and they,
7:15
there's a song banned in 1978
7:18
in Britain called The Winkers song
7:20
by Yvor Biggin and the Red
7:22
Nose Burglar language
7:24
advisory here. The song's lyrics
7:26
are just, I'm a wanker said
7:28
36 times and someone
7:30
took over a radio
7:32
station in Britain and just
7:35
rang that song on repeat for a
7:37
little bit of time and caused
7:39
a whole bunch of trouble in
7:42
the UK. I don't know if they ever got caught,
7:46
but I guess it
7:48
made it like it caused the song to
7:50
surge a little bit in popularity in the
7:52
UK. Wow. Effect the charts shot to the
7:55
top of the billboard charts. It affects your
7:57
charts. Yes, your fun someone off them. Exactly.
7:59
Yeah. A proud tradition. A
8:01
proud tradition. I've never really, I
8:04
guess the thing for me is if you're going to
8:07
break into something, the second you mess up the closet,
8:09
people are going to know you were there. Sure. Where
8:11
if you break into it and you don't even mess up the
8:13
closet, maybe you go through the closet, maybe
8:16
you kind of put it back like it's supposed to be, and
8:18
then you leave. Maybe you change some grades. No,
8:21
not even change some grades, but just like take a
8:23
peek in. Usually the
8:25
nerds don't even change their grades, like let's be honest.
8:28
You're like taking a peek in and
8:30
you're like just just kind
8:32
of a little bit of a voyeur, and you just
8:34
kind of look around, take a
8:36
little detail, read some stuff you're not supposed to,
8:38
look at some schedules, do some things like that.
8:40
Got it. No, no, but then you can leave,
8:42
and then you can come back later because nobody
8:44
knows you were there. The second you put like
8:47
schools out for summer on the main website, they're
8:49
like, okay, hold up. We got a problem. Yeah,
8:53
it's the Ocean's 12 thing of the burglar
8:55
that leaves the little onyx fox behind so
8:57
that you know the night fox was here
8:59
or something. I get that temptation to just
9:01
be like, look how gosh darn clever I
9:03
am. We are the nerds, we
9:06
will inherit the earth, schools in
9:08
fact out for summer. It's almost
9:10
like that motivation is the motivation
9:12
behind this show, hotline hacked. And
9:18
with that, why don't we
9:20
spin our own, why don't
9:22
we do our own needle drop and play another one. Okay. Hi
9:26
Jordan and Scott, I'd like to share with
9:28
you a war story from back
9:30
when I was quite a lot
9:32
younger. Back in
9:34
2014, I was working for a small pan test outfit
9:36
and we'd scored a gig at a multinational and I
9:39
was sent to the London HQ. We'd
9:41
been making steady progress, or rather I'd been making
9:44
steady progress because I was doing the testing, but
9:46
I'd hit a bit of a wall. So I
9:48
started looking at ARPS spoofing. So
9:52
there I am at the European HQ of this company and
9:54
I've done a little bit of ARPS spoofing, but not got
9:56
very far. I think I've managed to grab one set of
9:58
admin creds. I decided
10:00
to widen the net of my ARP spoofing without
10:02
really thinking things through and not really anticipating the
10:04
consequences of my actions. Just
10:07
to add some technical context, which will help
10:09
explain what is actually going on, ARP
10:12
or ARP is Address Resolution Protocol.
10:15
So ARP is a way
10:17
of making sure that packets on the wire get to
10:20
where they're supposed to be. And this
10:22
is done by advertising your location information
10:24
to everybody. ARP
10:27
spoofing is when an attacker wants to impersonate
10:29
another endpoint and redirect traffic and act as
10:31
a man in the middle to read any
10:33
data crossing between host A and host B.
10:36
Tonco provided us great details here,
10:38
but so your
10:40
computer is sitting on a
10:42
network, it has an IP address. The
10:45
routers kind of look to
10:48
your hardware ID, your MAC address, and
10:50
ARP is the protocol that connects
10:53
your hardware ID with your network
10:55
ID. So it's kind
10:57
of like the glue in the
11:00
middle. And
11:02
the thing with ARP spoofing is like,
11:04
you can essentially broadcast that you are
11:06
a different hardware ID and
11:10
start getting packets routed
11:12
to you that shouldn't be routed to
11:14
you. So you can kind of man
11:17
in the middle network traffic. Right. So
11:19
that's very applicable to how and why
11:21
this story when we continue how, where
11:24
the pain point came from. It's
11:27
equivalent to putting a different address
11:29
on the front of a house and waiting for the mailman
11:31
to deliver someone else's mail kind of thing. Yeah,
11:33
and then opening the mail, looking at it, and then
11:36
taking it back and putting it in the right mailbox.
11:38
Sure. Sure, so they never know. Exactly.
11:41
I'd found three Cisco switches that looked innocent
11:43
enough, however they turned out to be Cisco
11:45
Catalyst 6500s. Big
11:48
core switches the size of a cabinet capable of
11:50
shunting up to four terabytes per second around. As
11:54
I started ARP spoofing that, it directed them
11:56
to send all of that traffic through my
11:58
little MacBook Pro's one gigabit network. card. I
12:01
didn't really get much juice so I kind of stopped and
12:03
started throughout the day. So
12:05
there's the there's the rub and you'll understand
12:07
it in a bit is
12:10
this massive you know
12:12
institutional four terabyte
12:14
a second data throughput switches
12:16
start funneling all of
12:18
their traffic through
12:21
his one gigabit Ethernet port
12:23
in his MacBook. So
12:25
essentially you're taking this massive funnel
12:28
and funneling all of the data down
12:30
to this tiny little channel which
12:33
I guess I wouldn't gigabit the Ethernet
12:35
card is a tiny channeling in comparison
12:37
to four of these monster switches. So
12:39
that's going to be very sure relevant.
12:41
So I'm just hoping to help you
12:43
understand. I was
12:45
in this room a big open plant office and I
12:47
T were on the other side of the atrium and
12:50
I noticed that there was a bit more
12:53
activity on the second day. Not really thinking
12:55
any of this increased energy. I continued
12:57
with what I was shortly to realize was
12:59
my rather reckless up spoofing attacks about
13:03
halfway through day two. I saw a group of
13:05
people threading their way to desks towards where I
13:07
was sitting. I clocked them and they
13:09
looked purposeful onto the point the
13:11
purpose appeared to be me. They
13:13
stopped at my desk. One
13:16
of the people seemed senior asked me to stand
13:18
up and a fellow checked under my desk to
13:20
see what poor eyes plugged into which became clear
13:22
was the port they identified was causing whatever purpose
13:25
or problem they were trying to solve. I
13:28
was asked what I was doing and why I was here. This
13:30
is the point you present your get out of
13:32
jail free card to say that you're authorized to
13:34
be there and do some testing. I
13:38
explained that I was trying to up spoof some
13:40
switches at which point they interrupted me and said
13:42
that my testing was causing widespread European network disruption
13:44
for the last day and a half and
13:47
politely requested that I stop what I
13:49
was doing immediately. As they were talking
13:51
the enormity of my error dawned on
13:53
me and I felt this huge hollow
13:55
hole open up in my stomach. So
13:59
now you can see like Like imagine all
14:01
that data, every time that he would
14:03
spoof and pull that
14:05
data through his computer to like
14:07
analyze it and look for, he
14:10
was looking for credentials, like unencrypted
14:12
credentials, but like every time
14:14
he would do that, like
14:16
they own those monster switches for a reason,
14:18
right? Like they have the network connectivity to
14:20
push all of this
14:22
data throughput and every time
14:25
he would hijack it, bottleneck
14:27
it so that it would just cripple
14:30
like the network connections for everybody trying
14:33
to use that information and use some
14:35
data going through those switches. So,
14:37
so he was causing intermittent hell
14:39
for this company because
14:42
just every time he turned
14:44
on like started spoofing, they would just kind
14:47
of cripple the network and then he'd turn it off
14:49
and go through the data he collected and it would
14:51
go back to normal and then two hours
14:54
later he'd turn it back on and
14:56
it just doing that repeatedly would
14:58
just become such a headache. So
15:00
they obviously traced the network load
15:03
to his Ethernet port and
15:06
went and interjected. So
15:09
to help you understand. I
15:12
was lucky enough to be spared the walk of shame
15:14
and allowed to stay until the end of the day,
15:16
but it was made very clear that I was deeply
15:18
unpopular. Thinking about it later
15:20
from their point of view, I would have been
15:22
causing that worst sort of support issue,
15:24
the intermittent problem with no obvious pattern.
15:28
In the report, I described the attack
15:30
and suggested that Cisco's anti-arps spoofing control
15:32
was enabled. Our boss
15:34
was good enough to not chew me out, but
15:36
I suspect he got severe bollocking by the client.
15:40
We never went back. I
15:43
was the layaway problem. I
16:00
forgot how good a storyteller he
16:02
is. There's some great, there's a
16:04
really well told story. The
16:06
metaphor I was cooking up as you were explaining
16:08
to me is it almost feels like there was
16:10
this industrial water infrastructure, so massive pipe that everyone's
16:13
drinking from. And he managed to reroute
16:15
it through a tiny little garden hose so he
16:17
could take a sample out of the water, not
16:19
realizing that a bunch of people's taps stopped working
16:21
every single time he did that. That's
16:23
a good one. Okay, so this is
16:25
a cut down version of it. I think he
16:27
sent us like 19 parts to this.
16:30
So his little tail there, like I was the
16:32
layer eight problem is like a really, is
16:35
a throwback to a joke that I didn't realize that
16:37
I didn't include in the edit of the story, StoryTonsco.
16:40
But networks are
16:42
seven layers, and layer eight
16:45
is like a technical joke to say
16:47
that it's a user problem. Like it's
16:49
like skill issue user error. So
16:52
he was the layer eight problem, is saying
16:54
I was the user that was causing the
16:56
headaches. Oh,
16:58
sure. Okay, that makes sense. So I totally,
17:00
when I listened to that there, I was like, oh man, I
17:02
missed that. But it is good. He
17:05
did provide tons of technical context and a bunch
17:07
of color and commentary about things, but it just
17:09
would have, it was like 20 minutes, I think.
17:11
So I chopped it down. I think I
17:14
kept the core part of the story, which
17:17
I'm happy about. I think we got the big idea
17:19
is that he'd been brought in to do this job
17:21
as part of this pentest outfit. He
17:23
was gathering data and just inadvertently caused
17:26
widespread European outages, which is,
17:29
it's fascinating that that's a thing a person can
17:31
sort of like walk their way
17:34
backwards into. I also like that he talked
17:36
about the idea of, and this is
17:38
true in more than just tech, but especially
17:40
in tech is that the intermittent problem is
17:42
the worst problem. Totally. If you're not getting
17:45
a signal, you're always getting a signal you
17:47
shouldn't, that's pretty easy to figure out, whether
17:49
it's regardless of what it is, you
17:51
can basically do some unplug, replugging,
17:53
and work your way back to whatever the
17:56
thing is that's causing the problem. But
17:58
when the problem's intermittent. It's
18:00
a lot harder to troubleshoot because you kind of got
18:02
to wait for it to flare up Yeah, and then
18:04
if it doesn't last long enough for you to properly
18:07
diagnose it just goes away So
18:09
like the word the term intermittent used to
18:11
be like a keyword when you dealt with
18:13
warranty support Like if you're
18:15
gonna bring this up. I'm gonna bring this up.
18:17
I think it's also how to get a new
18:19
iPhone Yeah, yeah, so like I remember
18:22
rack when I had my first iPhone I
18:24
remember I was having intermittent USB problems
18:26
like it was back before iCloud synced
18:28
everything over the over the You
18:31
just have to back up your phone to your computer
18:33
and stuff to through a cable And
18:35
every now and then it wouldn't work So I
18:37
remember booking an Apple genius bar appointment going in
18:39
there and being like I'm having intermittent USB problems
18:42
And they were just like here's a new phone No
18:46
way that it looks like it's working
18:48
fine now But there's no way that we can
18:50
prove that it's not not working. So here's a
18:52
new phone. Have a great day I
18:54
remember a friend a mutual friend
18:56
of ours This was years and years
18:58
and years ago, but telling me to do the
19:00
exact same thing It was like I had a phone and there
19:02
was something trivially wrong with it, but it was still under warranty
19:05
I wanted to take it back in and kind of just
19:07
get a new one and This
19:09
mutual friend of ours looked at me and
19:11
said it's not that there isn't a problem It's that
19:14
whatever problem there is is Intermittent
19:16
and he said it's me like I'm going to
19:18
teach you abracadabra Exactly. This is
19:20
the thing you say to the genius bar to get
19:22
them to give you a new one it's
19:25
like going in the gray market situation going
19:27
into the To the the
19:29
special doctor's office and saying I have this
19:32
thing on the page and they they give
19:34
you the thing you want Totally magic spell
19:36
totally. Yeah intermittent like as far as technical
19:38
issues go things that are like The
19:42
aren't constantly reproducible are just a nightmare
19:44
because it means that there's multiple factors
19:47
affecting what's going on and Tonscos
19:50
Larry intermittent problem here Kind
19:53
of shut down this big company. It
19:56
does make me wanna. I'm sure it's not a big
19:58
enough outage for it to ever made new but
20:00
I do want to see if I can
20:02
find some reports of an
20:04
outage somewhere in Europe because It's
20:08
fun. I want to find
20:10
out more. Great story and thank you for
20:12
sending that one in, Donzco. Totally. He actually
20:14
had a little extra story, so I'm just
20:16
gonna fire that now. Amazing. Just
20:19
as another little extra, one of my
20:21
colleagues at a different time
20:23
was using BurpSuite to test a website
20:25
and it was testing so they could
20:28
go live the next day. He had
20:30
admin creds and he'd used BurpSuite's Explore
20:32
Every Button feature within the
20:34
website. Unfortunately, one of those buttons was
20:36
delete the website and as he was
20:38
logged in as an admin user, the
20:41
website went bang just
20:43
before they had to release the next day
20:45
and they had to really hurriedly rebuild everything.
20:48
Again, it was not deeply popular with
20:50
anybody. And
20:54
the website went bang. I'm using that one
20:56
for catastrophically to start out. It just went
20:59
bang. So that's just such a
21:01
classic story about
21:03
knowing the tool you're using and understanding the
21:05
exceptions that you don't want it to do.
21:08
It's like running a testing suite
21:10
to go through a website and make sure
21:13
that all the links work and make sure
21:15
everything's functioning and make sure that the buttons
21:17
are reacting and then you
21:19
run it through the admin panel and all
21:21
of a sudden it's like creating garbage posts
21:23
and changing content and then bang it hits
21:26
the delete and
21:28
then test the verify that you want to delete
21:30
it button and then boom the whole thing's deleted.
21:34
Sure, that actually makes a
21:36
lot of sense. Yeah, you unleash these things
21:38
like test everything. It's like you want me
21:40
to test the burn this thing down button?
21:43
Exactly. I said test everything. Exactly. So
21:46
maybe if you're gonna run something like that don't point
21:48
it at the admin panel. Yeah,
21:50
sure. Sure. Also just burp
21:53
suite. Good stuff. Hey,
21:58
so I had a in
22:00
interesting interaction trying to find some
22:02
data online. I was looking up
22:04
some leads for my company,
22:10
and I found this one company that
22:12
had leads apparently for every state, tens
22:15
of thousands of leads, and they had
22:17
some sample data, which if you clicked
22:19
on the sample data, it would say
22:21
Alaska. Here is the few sample
22:24
leads we have for Alaska, and it was
22:26
kind of just like dip your toes in
22:29
and tell you a little about it, but I noticed
22:31
in the URL, it said dash
22:34
Alaska at the end. So
22:36
I tried it, and I did dash Ohio,
22:40
dash Idaho, dash
22:44
another state, and ended up being
22:46
able to find the
22:49
entire repository of data that
22:52
they were selling for tens of thousands
22:54
of dollars, all of the leads, because
22:58
all of the URLs were just plain
23:00
text, kind of easy to
23:03
find URL, but yeah, they
23:05
wanted near $10,000 for access to all of the leads, but
23:10
I was able to find all of them for free. I
23:14
wonder what the highest ticket
23:16
data that is
23:18
hiding behind a guessable URL is,
23:21
because it's sort of a fascinating question. It
23:24
evokes a treasure buried
23:26
somewhere, but there isn't a treasure map, but if you
23:28
just knew to dig there, there'd
23:30
be gold, and sales leads
23:32
feels like a pretty good potential
23:34
realm for that kind of thing to
23:37
be in, because man, our sales leads
23:39
not cheap. No, yeah, I think,
23:41
yeah, personal information for sure. Yeah,
23:43
yeah. For sure would be up
23:46
there, especially confidential personal information. Totally.
23:49
Socials, things like that. Definitely,
23:51
like the e-bike story from last
23:53
Holland hack. This
23:56
is, I threw this one in because it's in
23:58
the same regards, you know? We're
24:00
talking about people who
24:02
have built web structures that
24:05
work, but they don't
24:07
explore how they work if you just
24:09
make a few little obvious changes. Like
24:12
paywalls and web developer inspector and
24:14
you can just disable the paywall
24:17
on a website. If
24:19
the site still loads all the data and all you
24:22
have to do is take out the HTML layers that
24:24
are blocking you from seeing it and you can still
24:26
see the data. I feel
24:28
like this is the same thing. It's
24:31
just basic, basic
24:33
security solutions and people that
24:35
don't perceive the future security
24:37
problem, especially with valuable information,
24:39
which is crazy. Yeah,
24:42
this whole massive industry is built on this.
24:44
We've talked about third party data brokers before
24:46
on this show, but the third
24:48
party data broker ecosystem has
24:50
a huge subset of it that is
24:52
just dedicated to sales leads. It
24:55
is a massive way that companies find sales
24:57
leads is purchasing them from other people that
24:59
have typically purchased them from someone else. It
25:02
gets very difficult to know the genesis
25:06
of that information by
25:09
the time it gets to an end buyer. It's apparently
25:11
quite a problem. There's
25:13
a lot of over-reliance on these third party groups.
25:16
They're quite under regulated. There's
25:18
security and regulatory risks when you don't
25:20
know where the data came from. None
25:23
of that has anything to do with it being publicly
25:26
visible behind a guessable URL, but
25:28
it is a fascinating world that
25:30
this caller inadvertently weighted themselves into
25:32
just by tweaking a URL. Yeah,
25:35
totally. I can always tell when
25:38
I've been added to a new dataset
25:41
just by the flooding of garbage that I
25:43
get into my inbox. That's
25:45
a good call. Very
25:48
recently, as of recently, I've been
25:51
seeing a strongly increased presence of
25:53
phishing attacks in my inbox. So
25:56
I'm assuming something, some website where I had
25:58
an account got hacked. And
26:01
then I'm also getting just a flurry of
26:03
newsletters from companies that I've never heard of
26:05
nor have I ever signed up for So
26:08
I'm assuming I was added to another data sets and
26:10
I'm gonna report them all a
26:12
spam and get their MailChimp accounts banned, but
26:16
If you buy a giant list of names with
26:18
a disregard for where they came from You've got
26:20
to acknowledge that you're gonna piss a
26:22
lot of the people you reach out to like it I'm
26:25
not saying there aren't situations where those
26:27
third-party leads Don't make a lot
26:29
of sense, but you got to know that it's like somewhere
26:32
down the line the
26:35
The source of that data could be you know a
26:37
data leak totally it's a fascinating world
26:39
We this is a bit of a tangent, but for
26:42
anyone that doesn't know a CPM cost per
26:44
melee is the way advertising on the internet
26:46
Is monetized it's whatever a thousand impressions Costs
26:50
for the advertiser to get so if
26:52
your audience is in 10,000 people it's
26:54
10 times the CPM cost sales
26:57
leads operate on a similar system at CPL
26:59
cost per lead and The
27:02
ceiling on CPL is is Considerably
27:05
higher than CPM it bottoms out at around
27:07
10, but it maxes out at around 100
27:09
which is an exceptional If
27:11
it was a CPM would be exceptional Which
27:14
makes a lot of sense because depending on
27:16
what you're selling that audience could be worth
27:18
a ton of money Well,
27:21
I know like my brother's a real estate agent
27:23
I know the realtor world like leads
27:25
and lead development lead generation like they're
27:27
that's full thing. They're tuned into that
27:29
world and like
27:32
hot leads like if you could imagine like say you're
27:34
in like a Like
27:36
a decent real estate market where you know city average
27:38
house is 700 plus You
27:41
know your commission your realtor commission on that's
27:43
gonna be Tens of thousands
27:45
of dollars Like what is
27:47
the value to you as a realtor? To
27:50
get a hot lead somebody that's actively wants
27:52
to buy a house Like
27:55
here would you spend a thousand dollars to
27:57
make ten thousand? Yeah, it was bent two
28:00
thousand dollars to make ten
28:02
thousand? Would you spend five thousand dollars? If
28:04
it was a sure thing, you'd spend nine
28:07
thousand. Exactly. Yeah,
28:09
no, it makes a ton of sense, especially for something
28:11
like real estate where the potential margins are massive. For
28:13
a tech company trying to get a new customer at
28:15
$9.99 a month, the
28:18
scales shift a little bit. But
28:20
for an individual salesperson going after an
28:22
individual buyer that has the potential to
28:24
put five figures in their pocket, how
28:27
do you not turn to sort of
28:29
repos of information? I get
28:31
it. I really get it. This is a good
28:33
one. Yeah. Yeah.
28:35
Yeah. Why don't we
28:37
kick it over to... I think we need a name
28:39
for where we read ads.
28:42
I'm calling it. You're calling it? Okay, you
28:44
name it then. You called it. I
28:46
didn't say I had a name. I'm saying I
28:48
think we need one. A podcast I love calls
28:51
it going to the money zone. And I just
28:53
really like that. There's something nice about that. We're
28:55
going to workshop that. For
28:57
now, let's go read some ads. Hey,
29:01
Jordan. Yes,
29:03
Scott. Why do you
29:05
love Shopify? I love Notion. Why do you love
29:07
Shopify? I love Shopify because we wanted to make
29:10
merch for a really, really long time and it
29:12
seemed like a big scary bad time. And
29:14
then we actually embarked on doing it. With
29:17
Shopify, it could never have been
29:19
easier. Whether you're selling a little
29:21
or a lot, Shopify helps you
29:23
do your thing. However
29:25
you chuching. Chuching. And
29:28
Shopify is, and literally is,
29:30
the global commerce platform that helps you sell at
29:32
every stage of your business. From the
29:35
launch your online shop stage to the first real
29:37
life store stage all the way to the did
29:39
we just hit a million order stage, Shopify helps
29:41
you grow. Whether
29:44
you're selling scented soap or offering outdoor
29:46
outfits, Shopify helps you sell everywhere. From
29:48
their all-in-one e-commerce platform to their in-person
29:50
pointed sales system, wherever you are. And
29:52
whatever you are selling. Shopify. I
29:55
got you covered. Shopify helps you turn
29:58
browsers into buyers. best
30:00
converting checkout, 36% better on average compared
30:03
to other leading commerce platforms, and sell
30:05
more with less effort, thanks to Shopify's
30:07
magic, your AI-powered all-star. Does Shopify power
30:09
9% of all e-commerce in the US?
30:12
No, they power 10% of all e-commerce
30:15
in the US. They're the global force
30:17
behind Allbirds, Rothy's, Brooklyn, and millions of
30:19
other entrepreneurs of every size across 175
30:21
countries. Plus, their
30:23
award-winning help is there to support your success
30:25
every step of the way. Because business is
30:28
to grow, do it.
30:30
Because. Dunk it, put in the hoop.
30:32
Because business is to grow, grow
30:35
with Shopify. Okay, let's
30:37
get down to the brass tacks here. You
30:39
sign up for a $1 per month trial
30:41
period at shopify.com/hacked, all lowercase.
30:43
You go to shopify.com/hacked right now, you can
30:45
grow your business no matter what stage you're
30:48
in. shopify.com/hacked.
30:50
shopify.com/hacked. Cha-ching.
30:55
Scott, why do you love
30:57
Notion? I love that you just tossed this
30:59
to me because I love it so much.
31:02
Because I know you love Notion. Because I'm
31:04
reading this data and this advertising notes out
31:06
of Notion. I love it
31:08
because it's just a great place to put
31:10
things. It's a great
31:12
place to structure data. It's a great
31:14
place to build small apps. It's a
31:16
great place to use contextual
31:19
AI to facilitate my
31:22
work and personal life. Like, I store everything in
31:24
it now. I have, literally have,
31:27
Notion documents that
31:29
store all of my bikes and my wife's bikes and every
31:31
part on them so that when I have to order maintenance
31:34
pieces for them, I know exactly what
31:36
model of rear shock
31:38
it has. Like, I use
31:40
it for so many things. So I can't tell you
31:43
why I love it, I just love it. It's
31:45
just a feeling, something you feel in your heart.
31:48
When you get a really good piece of software
31:50
that combines your notes and docs into one place,
31:52
it's simple and beautifully designed with the power of
31:54
AI built right inside of it. Not another separate
31:56
tool in a different browser or tab. You
31:58
don't have 75,000. tabs running live,
32:00
you just got Notion. We used it just the other
32:02
day. We use it every day. Yeah, I was just
32:05
gonna say. There's a huge part of our workflow. Just
32:07
the other day, it's like I have two instances of
32:09
it in front of me right now. Notion
32:12
is a place where any team can write, plan, organize,
32:14
and rediscover the joy of like, it makes work feel
32:16
a little bit more playful and that's really,
32:19
really cool. It's a
32:21
workplace design not just for making progress but like, you
32:23
know, getting inspired. Like you're in the same room together.
32:26
It's also like the big thing for me is that
32:28
it's like it's
32:31
like an app building environment. Like you can
32:33
build data driven applications so quickly and easily.
32:36
Like I know lots of famous
32:38
content creators that use Notion to
32:40
like manage their workflows and projects
32:42
when they're making, you know, new
32:44
YouTube videos or podcast episodes. It's
32:46
just a great place to put data,
32:49
access data, structure data, move
32:52
processes. It's just so good for so
32:54
many things. And you know what? Our
32:57
fine, fine listeners can try Notion for
32:59
free when they go to notion.com/ hacked.
33:01
That's all lowercase letters, notion,
33:04
notion.com/hacked. You can start turning
33:06
ideas into action and when
33:09
you use our link,
33:11
that hacked link, you're supporting our
33:13
show. So when you invariably do
33:15
go to sign up for Notion
33:17
because it rips notion.com/hacked. The
33:23
delicious ice cold taste of Dr. Pepper has
33:25
a lasting effect on people. Lindsay from Sacramento
33:27
said... Pro tip, 40 degrees is the
33:29
perfect temperature for an ice cold Dr. Pepper. Why
33:32
is 40 degrees the perfect temperature for Dr.
33:34
Pepper? We brought in Sue from Duluth, Minnesota to
33:36
tell us. Oh yeah, I know a thing or two
33:38
about cold. Oh, that right there is the
33:40
perfect kind of ice cold for Dr. Pepper. I'd
33:43
share that with my friend Nancy. She likes Dr.
33:45
Pepper too, you know. My coldest... Alright, that'll
33:47
be all, Sue. Having a perfect temperature for
33:50
your Dr. Pepper? It's a Pepper thing. Inspired
33:52
by Real Fan Posts. Have you ever
33:54
experienced turbulence on a flight and wondered
33:56
why? And you can see all the terrain
33:58
around you. You've got no. with visibility
34:00
or anything? No, everything's peachy.
34:03
Maybe you've sat on the tarmac for hours wondering
34:05
why your plane isn't moving. Well, we're outside here.
34:08
They're saying the ramp is closed. They won't let
34:10
us park because of Air Force One. Listen
34:13
in on the conversations between pilots and
34:15
air traffic controllers on the air traffic
34:17
out of control podcast. 5-1-2,
34:20
we're declaring an emergency. There's smoke in the cabin. I
34:22
need to make a landing right now on 3-1-LAP. We
34:26
have the most interesting, wild, and funny
34:28
ATC recordings you will ever hear. Check
34:31
out Air Traffic Out of Control wherever
34:34
you listen to your favorite podcasts. Thanks
34:42
for listening to the Hack Podcast. This
34:44
is an episode format that we have
34:46
called Hotline Hack. You can visit hotlinehack.com.
34:49
You can email in an audio clip,
34:51
email in text clips. You can call
34:55
into our call-in number and leave us
34:57
a voicemail, which we get as an
34:59
audio file. And we will include. I
35:01
will note that if you want to disguise your voice,
35:04
we prefer that you do that on your side rather
35:07
than supplying it over to us and making us do it.
35:09
There's also an email if you want to send us a
35:11
file. Like Scott said, if you'd like your voice
35:13
concealed, please do it yourself because we
35:16
run the audio as we get it, unless
35:18
you explicitly ask us to. Some
35:20
folks have found awesome ways of concealing their
35:22
audio. So feel free to have fun with
35:24
it. Well, the next
35:26
story was actually sent in text.
35:28
And it has, so we get
35:30
this lovely AI voice. Brilliant. While
35:33
working at an ISP in Australia, we had
35:35
a cloud storage server used for clients to
35:38
store data. And I wanted to export the
35:40
list of accounts. I
35:42
connected to the Linux box via SSH using
35:44
PuTTY, logged in as root. Yes, this is
35:47
bad, I know. Ran the command to display
35:49
the list of active user accounts on the
35:51
system, highlighted the complete list of usernames, and
35:53
out of habit right clicked on the list
35:56
to copy. OK, I'm just going to chop
35:58
this one up in my own way. is a
36:00
Windows based SSH client. So
36:04
SSH is like a Unix command, like
36:06
a Unix demon that runs on Unix
36:08
servers so you can connect to do
36:10
it via text like command lines. So
36:14
when you're on Windows, back in the
36:16
day, which this story sounds like it
36:18
was, there was no Linux core running
36:20
inside of Windows so like now you have
36:22
full kind of Unix integration on the command
36:24
line. You back then didn't, so
36:27
if you wanted to connect over
36:29
SSH to, you know, Unix based
36:31
servers you had to use putty or
36:33
putty was the most common and
36:36
running anything as a root is bad.
36:39
So that's why she flagged that or they flagged
36:41
that. I guess I'm just using the gender
36:44
of the AI, which is probably
36:46
incorrect. Those
36:48
of you that use putty know that by
36:50
selecting text it automatically goes to the clipboard
36:52
and putty has right click to paste enabled
36:55
by default. Suddenly my entire
36:57
clipboard is being dumped into the server's
36:59
terminal, then my SSH session drops. Connection
37:03
lost. I stared blankly at the
37:05
screen for a moment trying to work out
37:07
what just happened. I pasted my clipboard into
37:09
notepad and reviewed the list of names and
37:11
found a user account called shutdown. That's
37:14
the day I learned that rhl slash sentos
37:16
has a default user account called shutdown and
37:19
a simple click of the mouse took down
37:21
the cloud storage server briefly. So
37:25
it's pretty common to have
37:27
a user called shutdown and
37:30
pasting just a bunch of garbage into
37:34
the command line. Sadly executed
37:36
the command shutdown, which
37:39
is truthfully surprising that
37:41
it actually shut it down because I think typically
37:43
you need like a hyphen now or something after
37:45
that to actually make it shut it down instantly.
37:47
Right. But yeah, just
37:50
a little user error. Just
37:52
a little user error. Just a
37:54
little user error to take down the entire cloud server. I
37:57
really liked my favorite point in this is, and I
37:59
know part of this is the AI's read adding
38:01
the comedic timing, but I think it was in
38:04
the story is, I logged in as root, yes,
38:06
this is bad, I know. Like the immediate awareness
38:08
of an error as it is occurring is
38:13
a timeless feeling. A
38:15
timeless, timeless feeling. Right click
38:17
to paste enabled by default seems like, this
38:20
story is so above my head technically,
38:22
but right click to paste enabled by
38:24
default feels like a weird feature to
38:26
include in anything, I've
38:30
just never heard of that. That might just be
38:32
my non familiarity with this kind of sys admin
38:34
type stuff, but that feels like a
38:37
lot of potential bad stuff could happen by having
38:39
a mouse, one mouse button
38:41
queued to paste. Yeah, I think the
38:44
gist is like when you work on
38:46
command lines, typically you only use the
38:48
mouse to select things. Right, right, okay.
38:51
Somebody was like, hey, like why don't we
38:53
just fast track this if you select something,
38:55
we're gonna auto copy it, which is like
38:58
a brilliant little user interaction. That actually does
39:00
make sense, you're never using your mouse. Granted,
39:02
it violates all user
39:04
interactions you've learned your entire life,
39:08
but it is kind of an optimal workflow.
39:11
And then right click to paste, again,
39:14
same thing, like if you're just copying things by
39:16
selecting them, if you wanted to paste something, like
39:18
say you wanted to redo a command or you're
39:21
building out some large awk query or something and
39:23
you copy something and you wanna paste it in, right
39:25
click, it's like a nice little quick paste button.
39:27
Sure. But when you
39:30
copy your bash history by
39:32
accident, which maybe you don't
39:34
know what that is, but your command line history, and
39:37
then you paste that in, that would be
39:39
brutal. One of my favorite
39:41
things of working with comms I
39:43
people, I count you amongst
39:45
this, but devs and computer engineers, any of
39:47
that type of person is
39:49
all of the genuinely smart, but
39:54
humanly unintuitive solutions that slowly
39:56
become part of a workflow.
39:59
Like the idea of, We have like, we never use the
40:01
mouse, why not make one of these buttons something
40:03
we do all the time that requires a key
40:05
command? It's like, that's very, very clever until you
40:08
inadvertently press the button you otherwise use all the
40:10
time for something else and paste something. It reminds
40:12
me of Dvorak, where it's like, this is technically
40:14
a better way to lay out a keyboard until
40:18
someone who isn't used to this tries
40:20
it, or until you try and go
40:22
use a computer that isn't laid out in Dvorak, an
40:24
alternative to QWERTY, and your
40:26
brain explodes trying to translate these
40:28
different keyboard layouts into one another.
40:30
Yes. I love those
40:32
computer engineer workarounds. Good to know.
40:35
Yeah, I think we both know
40:37
who you're talking about when you're talking about
40:40
Dvorak. We sure do. And. One of my
40:42
favorite human beings. Yeah,
40:44
great guy, love him. Hate
40:47
sitting down at his computer. Hate
40:49
the Dvorak. Trying to type something on his
40:51
keyboard and immediately like, feeling like
40:53
I'm having a stroke, where it's like I'm looking
40:55
at characters showing up on the screen, and
40:58
I'm like, I don't know what's
41:00
going on. I have to back away from the situation. Hate
41:02
the Dvorak, love the sinner kind of situation there. It's just,
41:04
I can't believe that you did this. Can
41:06
you turn it off? It's a pain in the ass to
41:09
turn it off. Okay, can you type for me? Yeah,
41:11
definitely been there. Speaking of
41:13
keyboards, I got my new one built last
41:16
night. Oh, yeah. I'm not
41:18
sure how relevant it is to the podcast, but
41:20
we were talking about it. Exceptually not, but it
41:22
is fun color commentary. For everyone that doesn't know,
41:24
Scott's swinging mechanical keyboard got broken, and he was
41:26
building out a new one. That's very exciting. I
41:28
mean, while I'm still operating my lightning
41:31
port Mac keyboard that I load.
41:35
Do you have the number pad one? No,
41:37
I don't. I'm not another pad guy.
41:39
I know. I know. I'm
41:42
missing a numpad. Yeah, you're a big
41:44
numpad guy? No, I'm the standard Chiclet
41:46
Apple keyboard, and it's bad. You
41:50
can hear all about it on our consumer tech show. Let's
41:53
keep this bad boy going. I'm
41:56
submitting my audio with an AI since
41:58
my speaking English is not good. not great. I
42:01
got an accent and also so people
42:03
cannot identify me. So I
42:06
got a very powerful Command
42:08
and Control, C2C, that
42:10
is able to shut down and slow
42:12
any websites and servers, etc.
42:15
It's only built with Raspberry Pi
42:17
4 Model B+, and a plus
42:19
170 MBE fiber internet speed and
42:23
an open source software, etc. To
42:26
test it out during the pre-war October
42:28
7th in Israel, I saw
42:30
the Hamas website is still up even though
42:32
there are news that other hackers countries shutting
42:35
it down. Even though
42:37
it changed its internet protocol since the attack,
42:39
I was too able to shut it down
42:41
in minutes. I
42:43
also tried to join a bounty
42:45
program for denial of service in
42:48
Hackerone for PlayStation website, my dot
42:50
account dot sony dot com. I
42:54
was able to make it into 404, unresponsive,
42:57
but of course I didn't receive
42:59
any rewards since they don't accept
43:01
full shutdown disruption and also
43:04
no distributed denial of service, DDoS,
43:08
but only denial of service, DOS.
43:12
Also whenever I receive a message from
43:14
a scammer redirecting me to their websites
43:16
or link, I just
43:19
get the domain they are redirecting me
43:21
and shutting it down for myself, asterisk
43:23
smiley face asterisk. This
43:26
C2C botnet is very dangerous and
43:28
powerful since I tested out in
43:30
live layer 7 massive in
43:32
dstate ECC. It sends out
43:34
over 17 million requests
43:37
in just minutes, etc. So
43:39
I got a hand into a Pandora box. Got
43:42
a hand into a Pandora box. Yeah,
43:44
what a way to end a recording. I've got
43:46
a hand into a Pandora box. And
43:49
the end call. This is maybe
43:51
the least lighthearted of the classics.
43:53
So this is somebody that's got
43:56
control of a botnet
43:58
for DDoS. So distributed
44:00
denial of service. Yeah. And
44:04
you know, try
44:06
to go kind of white-hatty, join
44:10
a thing with PlayStation, but apparently they
44:12
were only looking for, you know, D.O.S.
44:14
Like just denial of service, not distributed
44:16
denial of service says, you know, obviously
44:18
that's hard to combat, but
44:21
yeah, interesting. Command and control with a raspberry
44:23
PI. Can you make sense of that for
44:25
me? Yeah, so command and control.
44:28
So there's a, there wasn't enough
44:30
detail in there to fully understand what the botnet
44:32
is, like what's actually what the bots are. Right.
44:34
But it sounds like they've set up
44:37
a raspberry PI, like essentially a invisible
44:40
computer that they can kind of carry
44:42
around. That is the control
44:44
unit for a massive botnet. At
44:47
least that's the way I took it. So that
44:49
they can kind of fire it up and point
44:51
it at things whenever they feel the need to.
44:54
Right. Does that make sense? I think so.
44:57
You're just using it as essentially a little server
44:59
for this command and control operation. Like
45:01
if you remember command and control, it's
45:03
like the, it's like a hub
45:06
and spoke kind of model where you've got, you know,
45:09
what would you say 17 million requests a
45:11
minute? So he'd have just
45:13
a flurry of bots living in the world,
45:15
and then he'd have a single unit to
45:17
control them all. So like a lot of
45:20
those D.O.S. for higher services are
45:22
set up like this, where they have
45:24
a control unit, and then they have, you
45:26
know, millions of bots or whatever, you know,
45:28
smart fridges around the world that have been
45:31
compromised. Sure. And then they
45:33
can send a command to all those
45:35
smart fridges to make requests on a
45:37
specific data, you know, IP address or
45:39
web protocol or something, and they can
45:42
just shut the server down. So it
45:44
sounds like he was successful at shutting
45:46
down PlayStation. Hmm. So,
45:49
and, you know, Hamas and a few other
45:51
things. So it sounds like they've got a
45:54
substantial little botnet. I can
45:56
see that I've got my hand in a
45:58
Pandora bot because... Right. That makes
46:00
more sense. You've just got like
46:02
all this power in your hands to be
46:04
like, I just pointed things on the internet
46:06
and they go away. Hmm. It's
46:09
like, what do I feel like pointing at today? I
46:12
don't hate the idea, especially given
46:14
the amount of phishing requests I've got lately. It's
46:17
like a lot of them point back to these
46:19
like weird server farms and like Russia and Bulgaria
46:21
and things like that. So it would be, having
46:23
the power to just be like, I'm
46:26
not gonna click on your bad link, but I'm gonna take
46:29
the server IP address and just knock it off the internet.
46:32
I can understand that motivation. I
46:36
found a Reddit thread with someone asking a
46:38
question somewhat tangibly related to this, asking, using
46:41
a Raspberry Pi 3 as a command and
46:43
control server. One of the first
46:45
comments says, it's a server, you can use it
46:47
as any other server. Since you're asking this question
46:49
and seem like you intend to use it at
46:51
home, maybe don't unless you like prison food. Which
46:54
is, it was a great comment. Proper amount of
46:57
snark. The thread then goes,
46:59
here's where you assume too much, they could just connect
47:01
it to any network and walk away, see Mr. Robot,
47:03
to which someone else replied, and then they find your
47:05
Reddit post. And if we go back up to the
47:07
top of the Reddit post, we see the user deleted
47:09
their account. So
47:11
it's a nice little closed loop. I doubt it
47:14
was this caller, but an
47:16
interesting question with some good feedback
47:18
from the hive mind. But like
47:21
the Raspberry Pilots, the micro PC
47:23
trend, I think is like,
47:25
when being a young hacker, when
47:28
you wanted to do something with computers, it
47:31
was like difficult, like laptops were, you
47:34
know, expensive and hard to come by
47:36
and often underpowered. And
47:39
now it's like, you can build, like
47:41
you could build a tiny little micro computer and
47:44
like turn it into an
47:47
ARP spoofing device and
47:49
walk into an office and jack it
47:51
in. And people won't
47:53
even notice it's there. Like it could be
47:55
very tiny or disguised to look like something
47:57
else. Yeah,
48:02
I don't know. There's a whole cool
48:06
alley of custom little micro computer hacking
48:08
device things that is out there that
48:10
would be fun to pursue. Yeah.
48:14
That's an interesting world of tiny ...
48:16
Like a Raspberry Pi 3 is about
48:18
50 bucks. The
48:21
idea of there being a thing that can function as a server, but
48:23
50 dollars isn't disposable and no
48:25
tech should be regarded as disposable for a
48:28
bunch of other reasons. But the
48:31
fact that there's a thing that you could theoretically
48:33
just sort of leave behind somewhere without a fingerprint
48:35
on it is ... There's a reason
48:37
Mr. Robot made a whole bunch of subplots based
48:39
on that very premise. Yeah. Because
48:41
it's interesting and compelling and is, as this caller
48:43
referred to, quite the Pandora's box. Yeah, totally.
48:45
Like 20 years ago, if you wanted to
48:47
build something like that, it would be ...
48:49
You'd be building a
48:52
small computer and then you'd have to have a power
48:54
supply and walk in and plug it in. It's
48:57
like nowadays with USB power, you pretty
48:59
much ... If you
49:01
really wanted to and you were a big
49:03
hardware engineer, you could probably build something that
49:05
you just slide into a USB slot that
49:07
was a fully functioning computer with radio antennas
49:10
and yeah, I don't know. Totally.
49:13
Like look at the Flipper Zero and it's like a tiny little 100
49:16
dollar device or a $150 device.
49:19
Yeah. I think that world of little
49:21
hacker computers and you got me on the cyber decks, that
49:23
fascinating community of people building from
49:26
scratch little computers.
49:30
I think for as much as we're pushing the
49:32
boundary of what a $3,000 computer can get you
49:34
and what
49:36
a $1,500 smartphone can get you, the floor
49:38
too raises and we start figuring out, well,
49:41
what's the most a $50 thing can do?
49:44
That's just as interesting a question.
49:48
I think of game emulators too, those tiny
49:50
little devices that can suddenly ... For
49:52
$45, look what they can
49:55
do. Well, I was about to say
49:57
the micro device world is ... is
50:00
a fired up,
50:03
you've got like the tiny little
50:05
Android devices, like so many things. I just
50:07
got a new bike computer for cycling and
50:10
it is a full Android phone essentially.
50:13
It's just a dedicated Android device. We
50:16
were talking about the Rabbit R1 which has
50:18
gotten more press. Yeah.
50:21
Are we going to talk about that
50:23
so time? The
50:27
Rabbit R1 is essentially just a micro Android
50:29
device and it's like all of these things and like
50:31
they're cheap. They're tiny little
50:33
pieces of hardware. The game emulators are great
50:35
because one of my game
50:37
emulators is literally a Linux computer and
50:39
if you think about that, that's a
50:41
full blown Unix computer. I could plug
50:44
a keyboard into it and
50:46
I have essentially, it has
50:49
Wi-Fi chips, it has everything
50:52
and it's essentially a micro computer and it
50:54
cost me like $39. Has
50:58
a screen, has like a full color screen. I
51:01
have another one that has an outlet in it. I
51:05
don't know, crazy. The
51:07
micro device market is very cool,
51:10
maybe a bit wasteful if we want to
51:12
talk about waste. I think very cool and
51:15
especially from a hacking perspective, just the amount of
51:17
things that you can do with these things now.
51:22
If you talk to a 17-year-old me and
51:24
ask me if I would love to have a Linux computer that
51:26
was in my pocket, I would have
51:28
loved that. Especially
51:31
something with the battery life that some of these small
51:34
emulators have. They have 8 hours, 10 hours of battery.
51:38
When I was a kid, the best
51:40
battery life you'd hope for on a computer was like
51:42
45 minutes on a laptop, maybe an hour
51:44
and a half. I imagine if we could talk to
51:47
a 17-year-old you right now at time of recording, you
51:49
would be trying to play schools out for summer. Somewhere
51:51
where you're not supposed to be. No,
51:54
no, no. I was White Glove
51:56
Service. I never went to White Glove Service. That
52:00
was pretty good. I just went, yeah, I was more of
52:02
a, more of an explorer
52:04
than I was a disruptor. Well, I
52:06
was flipping power
52:09
breakers and getting dragged into the office.
52:13
But that's a story for another time. And
52:15
if you want to hear it. Power breakers. You Batman.
52:18
The thing they were most mad about was
52:20
that our school had a vending machine with
52:22
those weird milkshakes,
52:24
like bottled milkshake-y type drinks. Oh no,
52:26
and you soiled a bunch of them.
52:29
And we didn't. That was the funny
52:31
part is that they're shelf stable. Oh my God.
52:33
But they do have refrigeration in the thing. And
52:36
I remember a police officer yelling at me,
52:38
do you know what could have happened to
52:40
the milkshake vending machine? Like that line, can
52:42
you imagine what would have happened to the
52:44
milkshake vending machine? It's like, like
52:47
barked at me by a guy in a
52:50
cop uniform, will forever burned
52:52
into my mind. If
52:54
you want to hear more stories like
52:56
that, feel
52:59
free to support the show however
53:01
you can. hackpodcast.com redirects towards our
53:03
Patreon. If you go towards our
53:05
store, pick up some merch, buy a hat. That
53:08
helps us out. Anything
53:10
else? Anything I'm missing? I don't know. No,
53:13
I don't think so.
53:15
Store.hackpodcast.com, hackpodcast.com Patreon, hotlinehack.com,
53:17
submit your story. I
53:20
think that's it. I think that's it. Is that it
53:22
for us? School's out for summer? School is
53:25
in fact out for, I don't know
53:27
enough about Fair Use to know if
53:30
we can end this episode with that
53:32
song. But
53:36
we'll find out before the episode goes live.
53:38
So if you don't hear that right now,
53:40
it means it's because you can't use it.
53:42
And if you do, it's because school's out
53:44
for summer. Well, it is Memorial Day weekend.
53:47
We're recording this on Memorial Day weekend. And
53:49
Memorial Day is the demarcation
53:51
for summer. It
53:53
is. Oh, that's fun. Good
53:55
timing. Good timing. School's
53:57
out for summer. Call in with your
53:59
story. hotlinehack.com, that's
54:02
another one in the bucket. Thanks for listening everybody.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More