0:00

Thank you for calling Hotline hacked share

0:02

your strange tale of technology true

0:05

hack or computer confession Alright

0:09

I got one for you guys when

0:11

I was in high school I

0:14

went through Like

0:17

a computer face I would say with

0:19

a friend of mine we were kind of

0:21

the computer nerds for

0:23

our class and naturally we

0:26

gravitated to the print

0:28

shop and who is also our

0:30

sysadmin for the school

0:32

and befriended him and He

0:37

inadvertently challenged us saying that

0:39

we could not break into our

0:41

school's network Which

0:44

you should not do with high school boys so

0:48

My friend and I were able to

0:50

successfully compromise the network. I'm not gonna

0:52

go into details for obvious reasons But

0:56

fortunately, we're both good kids and

0:59

it didn't change grades or anything like that

1:01

But for our senior prank did modify

1:03

our school website to

1:07

reflect our Year

1:10

in school as well as play schools out for

1:12

summer By Alice

1:14

Cooper as soon as you loaded

1:16

the page, which is exceedingly irritating Then

1:22

We ended up getting caught but not for

1:24

the reasons that you think there was no technical

1:27

reason why we were caught because we were very

1:29

careful We

1:31

were the likely suspects so

1:33

the sysadmin approached my friend who

1:36

ratted me out and we served two

1:38

days of in-school suspension Fortunately,

1:41

we had No,

1:43

add history of doing

1:46

anything malicious. We were

1:48

both honor students and Didn't

1:51

have any They

1:53

didn't have any reason to really throw the book at

1:55

us fortunately But

1:57

in the meeting with the superintendent

2:00

This is admin and our high

2:02

school principal. We were given

2:04

the analogy that it was like breaking and

2:06

entering into someone's home And messing up their

2:08

closet So

2:11

hopefully enjoyed that story School's

2:16

out schools out for summer. Hey everybody.

2:19

Welcome to hotline hacked It's the calling

2:21

show where you can share your strange

2:23

tale of technology true hacker computer confession

2:28

So many things to so many things

2:30

with this one The print shop

2:32

was the sis admin is a great way into any

2:34

story I want to I want the

2:36

life story of this guy because he sounds rad He's

2:39

like I work on the technical

2:41

things the printing and the computers

2:45

And also hammers hammer is great Yeah,

2:49

I mean don't inadvertently challenge I think was

2:51

the phrase don't inadvertently challenge high school boys

2:54

to do anything because they have a Lot

2:57

to prove in a lot of time on their

2:59

hands. It's never a good move. This is I

3:04

Did this foolish to me like the

3:08

You're gonna challenge like the nerds to whether they

3:10

can do something they're gonna figure out how to

3:13

do it I'm sorry. It's like it's only you

3:15

don't like you. How do you even get mad

3:17

at these kids? Like you're the one

3:19

that you're the one that spurred them on You're

3:21

like I dare. Yeah, it's like you're the

3:23

sis admin. You just dared me to violate

3:25

your security. I'll violate your security If

3:28

you really want me to I feel like when this

3:30

happened everyone turned to each other was like who could

3:32

this have been? And that dude knew Immediately.

3:35

Oh, I mean well, I did pose

3:37

a challenge to some Nerds

3:40

with gumption that they couldn't

3:42

do the exact thing that just happened Do

3:44

we think maybe it was them? Also

3:47

a real no honor among thieves thing with

3:49

the friend immediately ratting him out. Hey, man

3:52

You know, it's if I've seen enough Hollywood

3:54

movies about nerds in my life. It is

3:57

that they crack under pressure It's

3:59

out I

4:01

will go into the details, but I had a really

4:04

similar situation in high school. It wasn't nearly

4:06

as cool as this, but it did involve

4:08

being somewhere we weren't supposed to and the

4:10

way it all shook out, no, no word

4:12

of a lie. Someone cracked under

4:15

pressure and routed everybody out. Yeah. We

4:17

got pulled into the, into the school

4:19

cop office and everyone was tight-lipped except

4:21

one person and it all fell apart.

4:25

My, uh, my in-laws are

4:27

both, uh, principals and

4:31

apparently my mother-in-law was exceptional

4:33

at getting children to crack.

4:37

She's like, yeah. What a thing

4:39

to know about yourself. Yeah, exactly. She,

4:42

she knew like the right buttons to

4:44

push and like when to lose them

4:46

to stew and like let their internal

4:48

emotions like take over and it

4:51

just like always led to like, she would reenter the

4:53

office and they'd be like, I did it. She's

4:58

like, I know I know. Standing in the

5:00

doorway. Exactly. Like we all casting a long

5:02

shadow into the room. We've

5:05

known since we've known since this morning, of course. Um,

5:07

but the walks out and someone else was like, how

5:10

did you know? She's like, we had no idea. I

5:12

just knew that kid. He was sweating bullets the moment

5:14

we brought them. I

5:18

think, uh, I think I would have a

5:20

story similar to this from my youth, which

5:23

I, you know, maybe,

5:26

maybe I have a story

5:28

similar to this, but the,

5:30

uh, yeah, a lot of, a

5:33

lot of security in school

5:35

networks. Not so great. Even

5:37

in school divisions and even in provincial

5:39

school networks, uh, you should not be

5:41

so good. Well, when you

5:43

have that many staff, a

5:47

lot of them aren't technical. Uh,

5:49

you know, security protocols can be pretty

5:52

lenient. So for

5:54

sure. It's

5:56

a, it's nice that they, I like breaking and

5:58

entering someone's home and just met. messing with the

6:00

closet. I think that's, I'm

6:03

glad that they just messed with the closet and played a

6:05

song. This just brings

6:07

up the fact that there's such a

6:09

proud history of hacking and breaking into

6:12

stuff just to play bops, just

6:14

to do a sick needle drop that the

6:16

man doesn't want you to. I feel like

6:18

there's so many great hack stories that were

6:21

just about playing a song over the radio

6:23

or the internet or a website or an

6:25

intercom. I remember there

6:29

was one a couple of years ago where the

6:31

rapper, it was a song by YG and

6:33

I think Nipsey Hussle called FDT is a

6:36

political song. It

6:38

was a South Carolina radio station

6:40

that there was like 20

6:42

minutes just looping this song on repeat.

6:47

Sunny 107.9 and someone hacked into

6:50

it because it had a internet

6:53

connected antenna. The antenna had an internet

6:55

intermediary where you sent the audio to it through

6:57

this web system and then it broadcast over the

6:59

air. They got in the middle of that and

7:01

were able to just write a song on the

7:03

loop. Brilliant. And

7:06

then the other one that I remembered and

7:08

I dug it up was

7:10

it was a British radio

7:12

station and they,

7:15

there's a song banned in 1978

7:18

in Britain called The Winkers song

7:20

by Yvor Biggin and the Red

7:22

Nose Burglar language

7:24

advisory here. The song's lyrics

7:26

are just, I'm a wanker said

7:28

36 times and someone

7:30

took over a radio

7:32

station in Britain and just

7:35

rang that song on repeat for a

7:37

little bit of time and caused

7:39

a whole bunch of trouble in

7:42

the UK. I don't know if they ever got caught,

7:46

but I guess it

7:48

made it like it caused the song to

7:50

surge a little bit in popularity in the

7:52

UK. Wow. Effect the charts shot to the

7:55

top of the billboard charts. It affects your

7:57

charts. Yes, your fun someone off them. Exactly.

7:59

Yeah. A proud tradition. A

8:01

proud tradition. I've never really, I

8:04

guess the thing for me is if you're going to

8:07

break into something, the second you mess up the closet,

8:09

people are going to know you were there. Sure. Where

8:11

if you break into it and you don't even mess up the

8:13

closet, maybe you go through the closet, maybe

8:16

you kind of put it back like it's supposed to be, and

8:18

then you leave. Maybe you change some grades. No,

8:21

not even change some grades, but just like take a

8:23

peek in. Usually the

8:25

nerds don't even change their grades, like let's be honest.

8:28

You're like taking a peek in and

8:30

you're like just just kind

8:32

of a little bit of a voyeur, and you just

8:34

kind of look around, take a

8:36

little detail, read some stuff you're not supposed to,

8:38

look at some schedules, do some things like that.

8:40

Got it. No, no, but then you can leave,

8:42

and then you can come back later because nobody

8:44

knows you were there. The second you put like

8:47

schools out for summer on the main website, they're

8:49

like, okay, hold up. We got a problem. Yeah,

8:53

it's the Ocean's 12 thing of the burglar

8:55

that leaves the little onyx fox behind so

8:57

that you know the night fox was here

8:59

or something. I get that temptation to just

9:01

be like, look how gosh darn clever I

9:03

am. We are the nerds, we

9:06

will inherit the earth, schools in

9:08

fact out for summer. It's almost

9:10

like that motivation is the motivation

9:12

behind this show, hotline hacked. And

9:18

with that, why don't we

9:20

spin our own, why don't

9:22

we do our own needle drop and play another one. Okay. Hi

9:26

Jordan and Scott, I'd like to share with

9:28

you a war story from back

9:30

when I was quite a lot

9:32

younger. Back in

9:34

2014, I was working for a small pan test outfit

9:36

and we'd scored a gig at a multinational and I

9:39

was sent to the London HQ. We'd

9:41

been making steady progress, or rather I'd been making

9:44

steady progress because I was doing the testing, but

9:46

I'd hit a bit of a wall. So I

9:48

started looking at ARPS spoofing. So

9:52

there I am at the European HQ of this company and

9:54

I've done a little bit of ARPS spoofing, but not got

9:56

very far. I think I've managed to grab one set of

9:58

admin creds. I decided

10:00

to widen the net of my ARP spoofing without

10:02

really thinking things through and not really anticipating the

10:04

consequences of my actions. Just

10:07

to add some technical context, which will help

10:09

explain what is actually going on, ARP

10:12

or ARP is Address Resolution Protocol.

10:15

So ARP is a way

10:17

of making sure that packets on the wire get to

10:20

where they're supposed to be. And this

10:22

is done by advertising your location information

10:24

to everybody. ARP

10:27

spoofing is when an attacker wants to impersonate

10:29

another endpoint and redirect traffic and act as

10:31

a man in the middle to read any

10:33

data crossing between host A and host B.

10:36

Tonco provided us great details here,

10:38

but so your

10:40

computer is sitting on a

10:42

network, it has an IP address. The

10:45

routers kind of look to

10:48

your hardware ID, your MAC address, and

10:50

ARP is the protocol that connects

10:53

your hardware ID with your network

10:55

ID. So it's kind

10:57

of like the glue in the

11:00

middle. And

11:02

the thing with ARP spoofing is like,

11:04

you can essentially broadcast that you are

11:06

a different hardware ID and

11:10

start getting packets routed

11:12

to you that shouldn't be routed to

11:14

you. So you can kind of man

11:17

in the middle network traffic. Right. So

11:19

that's very applicable to how and why

11:21

this story when we continue how, where

11:24

the pain point came from. It's

11:27

equivalent to putting a different address

11:29

on the front of a house and waiting for the mailman

11:31

to deliver someone else's mail kind of thing. Yeah,

11:33

and then opening the mail, looking at it, and then

11:36

taking it back and putting it in the right mailbox.

11:38

Sure. Sure, so they never know. Exactly.

11:41

I'd found three Cisco switches that looked innocent

11:43

enough, however they turned out to be Cisco

11:45

Catalyst 6500s. Big

11:48

core switches the size of a cabinet capable of

11:50

shunting up to four terabytes per second around. As

11:54

I started ARP spoofing that, it directed them

11:56

to send all of that traffic through my

11:58

little MacBook Pro's one gigabit network. card. I

12:01

didn't really get much juice so I kind of stopped and

12:03

started throughout the day. So

12:05

there's the there's the rub and you'll understand

12:07

it in a bit is

12:10

this massive you know

12:12

institutional four terabyte

12:14

a second data throughput switches

12:16

start funneling all of

12:18

their traffic through

12:21

his one gigabit Ethernet port

12:23

in his MacBook. So

12:25

essentially you're taking this massive funnel

12:28

and funneling all of the data down

12:30

to this tiny little channel which

12:33

I guess I wouldn't gigabit the Ethernet

12:35

card is a tiny channeling in comparison

12:37

to four of these monster switches. So

12:39

that's going to be very sure relevant.

12:41

So I'm just hoping to help you

12:43

understand. I was

12:45

in this room a big open plant office and I

12:47

T were on the other side of the atrium and

12:50

I noticed that there was a bit more

12:53

activity on the second day. Not really thinking

12:55

any of this increased energy. I continued

12:57

with what I was shortly to realize was

12:59

my rather reckless up spoofing attacks about

13:03

halfway through day two. I saw a group of

13:05

people threading their way to desks towards where I

13:07

was sitting. I clocked them and they

13:09

looked purposeful onto the point the

13:11

purpose appeared to be me. They

13:13

stopped at my desk. One

13:16

of the people seemed senior asked me to stand

13:18

up and a fellow checked under my desk to

13:20

see what poor eyes plugged into which became clear

13:22

was the port they identified was causing whatever purpose

13:25

or problem they were trying to solve. I

13:28

was asked what I was doing and why I was here. This

13:30

is the point you present your get out of

13:32

jail free card to say that you're authorized to

13:34

be there and do some testing. I

13:38

explained that I was trying to up spoof some

13:40

switches at which point they interrupted me and said

13:42

that my testing was causing widespread European network disruption

13:44

for the last day and a half and

13:47

politely requested that I stop what I

13:49

was doing immediately. As they were talking

13:51

the enormity of my error dawned on

13:53

me and I felt this huge hollow

13:55

hole open up in my stomach. So

13:59

now you can see like Like imagine all

14:01

that data, every time that he would

14:03

spoof and pull that

14:05

data through his computer to like

14:07

analyze it and look for, he

14:10

was looking for credentials, like unencrypted

14:12

credentials, but like every time

14:14

he would do that, like

14:16

they own those monster switches for a reason,

14:18

right? Like they have the network connectivity to

14:20

push all of this

14:22

data throughput and every time

14:25

he would hijack it, bottleneck

14:27

it so that it would just cripple

14:30

like the network connections for everybody trying

14:33

to use that information and use some

14:35

data going through those switches. So,

14:37

so he was causing intermittent hell

14:39

for this company because

14:42

just every time he turned

14:44

on like started spoofing, they would just kind

14:47

of cripple the network and then he'd turn it off

14:49

and go through the data he collected and it would

14:51

go back to normal and then two hours

14:54

later he'd turn it back on and

14:56

it just doing that repeatedly would

14:58

just become such a headache. So

15:00

they obviously traced the network load

15:03

to his Ethernet port and

15:06

went and interjected. So

15:09

to help you understand. I

15:12

was lucky enough to be spared the walk of shame

15:14

and allowed to stay until the end of the day,

15:16

but it was made very clear that I was deeply

15:18

unpopular. Thinking about it later

15:20

from their point of view, I would have been

15:22

causing that worst sort of support issue,

15:24

the intermittent problem with no obvious pattern.

15:28

In the report, I described the attack

15:30

and suggested that Cisco's anti-arps spoofing control

15:32

was enabled. Our boss

15:34

was good enough to not chew me out, but

15:36

I suspect he got severe bollocking by the client.

15:40

We never went back. I

15:43

was the layaway problem. I

16:00

forgot how good a storyteller he

16:02

is. There's some great, there's a

16:04

really well told story. The

16:06

metaphor I was cooking up as you were explaining

16:08

to me is it almost feels like there was

16:10

this industrial water infrastructure, so massive pipe that everyone's

16:13

drinking from. And he managed to reroute

16:15

it through a tiny little garden hose so he

16:17

could take a sample out of the water, not

16:19

realizing that a bunch of people's taps stopped working

16:21

every single time he did that. That's

16:23

a good one. Okay, so this is

16:25

a cut down version of it. I think he

16:27

sent us like 19 parts to this.

16:30

So his little tail there, like I was the

16:32

layer eight problem is like a really, is

16:35

a throwback to a joke that I didn't realize that

16:37

I didn't include in the edit of the story, StoryTonsco.

16:40

But networks are

16:42

seven layers, and layer eight

16:45

is like a technical joke to say

16:47

that it's a user problem. Like it's

16:49

like skill issue user error. So

16:52

he was the layer eight problem, is saying

16:54

I was the user that was causing the

16:56

headaches. Oh,

16:58

sure. Okay, that makes sense. So I totally,

17:00

when I listened to that there, I was like, oh man, I

17:02

missed that. But it is good. He

17:05

did provide tons of technical context and a bunch

17:07

of color and commentary about things, but it just

17:09

would have, it was like 20 minutes, I think.

17:11

So I chopped it down. I think I

17:14

kept the core part of the story, which

17:17

I'm happy about. I think we got the big idea

17:19

is that he'd been brought in to do this job

17:21

as part of this pentest outfit. He

17:23

was gathering data and just inadvertently caused

17:26

widespread European outages, which is,

17:29

it's fascinating that that's a thing a person can

17:31

sort of like walk their way

17:34

backwards into. I also like that he talked

17:36

about the idea of, and this is

17:38

true in more than just tech, but especially

17:40

in tech is that the intermittent problem is

17:42

the worst problem. Totally. If you're not getting

17:45

a signal, you're always getting a signal you

17:47

shouldn't, that's pretty easy to figure out, whether

17:49

it's regardless of what it is, you

17:51

can basically do some unplug, replugging,

17:53

and work your way back to whatever the

17:56

thing is that's causing the problem. But

17:58

when the problem's intermittent. It's

18:00

a lot harder to troubleshoot because you kind of got

18:02

to wait for it to flare up Yeah, and then

18:04

if it doesn't last long enough for you to properly

18:07

diagnose it just goes away So

18:09

like the word the term intermittent used to

18:11

be like a keyword when you dealt with

18:13

warranty support Like if you're

18:15

gonna bring this up. I'm gonna bring this up.

18:17

I think it's also how to get a new

18:19

iPhone Yeah, yeah, so like I remember

18:22

rack when I had my first iPhone I

18:24

remember I was having intermittent USB problems

18:26

like it was back before iCloud synced

18:28

everything over the over the You

18:31

just have to back up your phone to your computer

18:33

and stuff to through a cable And

18:35

every now and then it wouldn't work So I

18:37

remember booking an Apple genius bar appointment going in

18:39

there and being like I'm having intermittent USB problems

18:42

And they were just like here's a new phone No

18:46

way that it looks like it's working

18:48

fine now But there's no way that we can

18:50

prove that it's not not working. So here's a

18:52

new phone. Have a great day I

18:54

remember a friend a mutual friend

18:56

of ours This was years and years

18:58

and years ago, but telling me to do the

19:00

exact same thing It was like I had a phone and there

19:02

was something trivially wrong with it, but it was still under warranty

19:05

I wanted to take it back in and kind of just

19:07

get a new one and This

19:09

mutual friend of ours looked at me and

19:11

said it's not that there isn't a problem It's that

19:14

whatever problem there is is Intermittent

19:16

and he said it's me like I'm going to

19:18

teach you abracadabra Exactly. This is

19:20

the thing you say to the genius bar to get

19:22

them to give you a new one it's

19:25

like going in the gray market situation going

19:27

into the To the the

19:29

special doctor's office and saying I have this

19:32

thing on the page and they they give

19:34

you the thing you want Totally magic spell

19:36

totally. Yeah intermittent like as far as technical

19:38

issues go things that are like The

19:42

aren't constantly reproducible are just a nightmare

19:44

because it means that there's multiple factors

19:47

affecting what's going on and Tonscos

19:50

Larry intermittent problem here Kind

19:53

of shut down this big company. It

19:56

does make me wanna. I'm sure it's not a big

19:58

enough outage for it to ever made new but

20:00

I do want to see if I can

20:02

find some reports of an

20:04

outage somewhere in Europe because It's

20:08

fun. I want to find

20:10

out more. Great story and thank you for

20:12

sending that one in, Donzco. Totally. He actually

20:14

had a little extra story, so I'm just

20:16

gonna fire that now. Amazing. Just

20:19

as another little extra, one of my

20:21

colleagues at a different time

20:23

was using BurpSuite to test a website

20:25

and it was testing so they could

20:28

go live the next day. He had

20:30

admin creds and he'd used BurpSuite's Explore

20:32

Every Button feature within the

20:34

website. Unfortunately, one of those buttons was

20:36

delete the website and as he was

20:38

logged in as an admin user, the

20:41

website went bang just

20:43

before they had to release the next day

20:45

and they had to really hurriedly rebuild everything.

20:48

Again, it was not deeply popular with

20:50

anybody. And

20:54

the website went bang. I'm using that one

20:56

for catastrophically to start out. It just went

20:59

bang. So that's just such a

21:01

classic story about

21:03

knowing the tool you're using and understanding the

21:05

exceptions that you don't want it to do.

21:08

It's like running a testing suite

21:10

to go through a website and make sure

21:13

that all the links work and make sure

21:15

everything's functioning and make sure that the buttons

21:17

are reacting and then you

21:19

run it through the admin panel and all

21:21

of a sudden it's like creating garbage posts

21:23

and changing content and then bang it hits

21:26

the delete and

21:28

then test the verify that you want to delete

21:30

it button and then boom the whole thing's deleted.

21:34

Sure, that actually makes a

21:36

lot of sense. Yeah, you unleash these things

21:38

like test everything. It's like you want me

21:40

to test the burn this thing down button?

21:43

Exactly. I said test everything. Exactly. So

21:46

maybe if you're gonna run something like that don't point

21:48

it at the admin panel. Yeah,

21:50

sure. Sure. Also just burp

21:53

suite. Good stuff. Hey,

21:58

so I had a in

22:00

interesting interaction trying to find some

22:02

data online. I was looking up

22:04

some leads for my company,

22:10

and I found this one company that

22:12

had leads apparently for every state, tens

22:15

of thousands of leads, and they had

22:17

some sample data, which if you clicked

22:19

on the sample data, it would say

22:21

Alaska. Here is the few sample

22:24

leads we have for Alaska, and it was

22:26

kind of just like dip your toes in

22:29

and tell you a little about it, but I noticed

22:31

in the URL, it said dash

22:34

Alaska at the end. So

22:36

I tried it, and I did dash Ohio,

22:40

dash Idaho, dash

22:44

another state, and ended up being

22:46

able to find the

22:49

entire repository of data that

22:52

they were selling for tens of thousands

22:54

of dollars, all of the leads, because

22:58

all of the URLs were just plain

23:00

text, kind of easy to

23:03

find URL, but yeah, they

23:05

wanted near $10,000 for access to all of the leads, but

23:10

I was able to find all of them for free. I

23:14

wonder what the highest ticket

23:16

data that is

23:18

hiding behind a guessable URL is,

23:21

because it's sort of a fascinating question. It

23:24

evokes a treasure buried

23:26

somewhere, but there isn't a treasure map, but if you

23:28

just knew to dig there, there'd

23:30

be gold, and sales leads

23:32

feels like a pretty good potential

23:34

realm for that kind of thing to

23:37

be in, because man, our sales leads

23:39

not cheap. No, yeah, I think,

23:41

yeah, personal information for sure. Yeah,

23:43

yeah. For sure would be up

23:46

there, especially confidential personal information. Totally.

23:49

Socials, things like that. Definitely,

23:51

like the e-bike story from last

23:53

Holland hack. This

23:56

is, I threw this one in because it's in

23:58

the same regards, you know? We're

24:00

talking about people who

24:02

have built web structures that

24:05

work, but they don't

24:07

explore how they work if you just

24:09

make a few little obvious changes. Like

24:12

paywalls and web developer inspector and

24:14

you can just disable the paywall

24:17

on a website. If

24:19

the site still loads all the data and all you

24:22

have to do is take out the HTML layers that

24:24

are blocking you from seeing it and you can still

24:26

see the data. I feel

24:28

like this is the same thing. It's

24:31

just basic, basic

24:33

security solutions and people that

24:35

don't perceive the future security

24:37

problem, especially with valuable information,

24:39

which is crazy. Yeah,

24:42

this whole massive industry is built on this.

24:44

We've talked about third party data brokers before

24:46

on this show, but the third

24:48

party data broker ecosystem has

24:50

a huge subset of it that is

24:52

just dedicated to sales leads. It

24:55

is a massive way that companies find sales

24:57

leads is purchasing them from other people that

24:59

have typically purchased them from someone else. It

25:02

gets very difficult to know the genesis

25:06

of that information by

25:09

the time it gets to an end buyer. It's apparently

25:11

quite a problem. There's

25:13

a lot of over-reliance on these third party groups.

25:16

They're quite under regulated. There's

25:18

security and regulatory risks when you don't

25:20

know where the data came from. None

25:23

of that has anything to do with it being publicly

25:26

visible behind a guessable URL, but

25:28

it is a fascinating world that

25:30

this caller inadvertently weighted themselves into

25:32

just by tweaking a URL. Yeah,

25:35

totally. I can always tell when

25:38

I've been added to a new dataset

25:41

just by the flooding of garbage that I

25:43

get into my inbox. That's

25:45

a good call. Very

25:48

recently, as of recently, I've been

25:51

seeing a strongly increased presence of

25:53

phishing attacks in my inbox. So

25:56

I'm assuming something, some website where I had

25:58

an account got hacked. And

26:01

then I'm also getting just a flurry of

26:03

newsletters from companies that I've never heard of

26:05

nor have I ever signed up for So

26:08

I'm assuming I was added to another data sets and

26:10

I'm gonna report them all a

26:12

spam and get their MailChimp accounts banned, but

26:16

If you buy a giant list of names with

26:18

a disregard for where they came from You've got

26:20

to acknowledge that you're gonna piss a

26:22

lot of the people you reach out to like it I'm

26:25

not saying there aren't situations where those

26:27

third-party leads Don't make a lot

26:29

of sense, but you got to know that it's like somewhere

26:32

down the line the

26:35

The source of that data could be you know a

26:37

data leak totally it's a fascinating world

26:39

We this is a bit of a tangent, but for

26:42

anyone that doesn't know a CPM cost per

26:44

melee is the way advertising on the internet

26:46

Is monetized it's whatever a thousand impressions Costs

26:50

for the advertiser to get so if

26:52

your audience is in 10,000 people it's

26:54

10 times the CPM cost sales

26:57

leads operate on a similar system at CPL

26:59

cost per lead and The

27:02

ceiling on CPL is is Considerably

27:05

higher than CPM it bottoms out at around

27:07

10, but it maxes out at around 100

27:09

which is an exceptional If

27:11

it was a CPM would be exceptional Which

27:14

makes a lot of sense because depending on

27:16

what you're selling that audience could be worth

27:18

a ton of money Well,

27:21

I know like my brother's a real estate agent

27:23

I know the realtor world like leads

27:25

and lead development lead generation like they're

27:27

that's full thing. They're tuned into that

27:29

world and like

27:32

hot leads like if you could imagine like say you're

27:34

in like a Like

27:36

a decent real estate market where you know city average

27:38

house is 700 plus You

27:41

know your commission your realtor commission on that's

27:43

gonna be Tens of thousands

27:45

of dollars Like what is

27:47

the value to you as a realtor? To

27:50

get a hot lead somebody that's actively wants

27:52

to buy a house Like

27:55

here would you spend a thousand dollars to

27:57

make ten thousand? Yeah, it was bent two

28:00

thousand dollars to make ten

28:02

thousand? Would you spend five thousand dollars? If

28:04

it was a sure thing, you'd spend nine

28:07

thousand. Exactly. Yeah,

28:09

no, it makes a ton of sense, especially for something

28:11

like real estate where the potential margins are massive. For

28:13

a tech company trying to get a new customer at

28:15

$9.99 a month, the

28:18

scales shift a little bit. But

28:20

for an individual salesperson going after an

28:22

individual buyer that has the potential to

28:24

put five figures in their pocket, how

28:27

do you not turn to sort of

28:29

repos of information? I get

28:31

it. I really get it. This is a good

28:33

one. Yeah. Yeah.

28:35

Yeah. Why don't we

28:37

kick it over to... I think we need a name

28:39

for where we read ads.

28:42

I'm calling it. You're calling it? Okay, you

28:44

name it then. You called it. I

28:46

didn't say I had a name. I'm saying I

28:48

think we need one. A podcast I love calls

28:51

it going to the money zone. And I just

28:53

really like that. There's something nice about that. We're

28:55

going to workshop that. For

28:57

now, let's go read some ads. Hey,

29:01

Jordan. Yes,

29:03

Scott. Why do you

29:05

love Shopify? I love Notion. Why do you love

29:07

Shopify? I love Shopify because we wanted to make

29:10

merch for a really, really long time and it

29:12

seemed like a big scary bad time. And

29:14

then we actually embarked on doing it. With

29:17

Shopify, it could never have been

29:19

easier. Whether you're selling a little

29:21

or a lot, Shopify helps you

29:23

do your thing. However

29:25

you chuching. Chuching. And

29:28

Shopify is, and literally is,

29:30

the global commerce platform that helps you sell at

29:32

every stage of your business. From the

29:35

launch your online shop stage to the first real

29:37

life store stage all the way to the did

29:39

we just hit a million order stage, Shopify helps

29:41

you grow. Whether

29:44

you're selling scented soap or offering outdoor

29:46

outfits, Shopify helps you sell everywhere. From

29:48

their all-in-one e-commerce platform to their in-person

29:50

pointed sales system, wherever you are. And

29:52

whatever you are selling. Shopify. I

29:55

got you covered. Shopify helps you turn

29:58

browsers into buyers. best

30:00

converting checkout, 36% better on average compared

30:03

to other leading commerce platforms, and sell

30:05

more with less effort, thanks to Shopify's

30:07

magic, your AI-powered all-star. Does Shopify power

30:09

9% of all e-commerce in the US?

30:12

No, they power 10% of all e-commerce

30:15

in the US. They're the global force

30:17

behind Allbirds, Rothy's, Brooklyn, and millions of

30:19

other entrepreneurs of every size across 175

30:21

countries. Plus, their

30:23

award-winning help is there to support your success

30:25

every step of the way. Because business is

30:28

to grow, do it.

30:30

Because. Dunk it, put in the hoop.

30:32

Because business is to grow, grow

30:35

with Shopify. Okay, let's

30:37

get down to the brass tacks here. You

30:39

sign up for a $1 per month trial

30:41

period at shopify.com/hacked, all lowercase.

30:43

You go to shopify.com/hacked right now, you can

30:45

grow your business no matter what stage you're

30:48

in. shopify.com/hacked.

30:50

shopify.com/hacked. Cha-ching.

30:55

Scott, why do you love

30:57

Notion? I love that you just tossed this

30:59

to me because I love it so much.

31:02

Because I know you love Notion. Because I'm

31:04

reading this data and this advertising notes out

31:06

of Notion. I love it

31:08

because it's just a great place to put

31:10

things. It's a great

31:12

place to structure data. It's a great

31:14

place to build small apps. It's a

31:16

great place to use contextual

31:19

AI to facilitate my

31:22

work and personal life. Like, I store everything in

31:24

it now. I have, literally have,

31:27

Notion documents that

31:29

store all of my bikes and my wife's bikes and every

31:31

part on them so that when I have to order maintenance

31:34

pieces for them, I know exactly what

31:36

model of rear shock

31:38

it has. Like, I use

31:40

it for so many things. So I can't tell you

31:43

why I love it, I just love it. It's

31:45

just a feeling, something you feel in your heart.

31:48

When you get a really good piece of software

31:50

that combines your notes and docs into one place,

31:52

it's simple and beautifully designed with the power of

31:54

AI built right inside of it. Not another separate

31:56

tool in a different browser or tab. You

31:58

don't have 75,000. tabs running live,

32:00

you just got Notion. We used it just the other

32:02

day. We use it every day. Yeah, I was just

32:05

gonna say. There's a huge part of our workflow. Just

32:07

the other day, it's like I have two instances of

32:09

it in front of me right now. Notion

32:12

is a place where any team can write, plan, organize,

32:14

and rediscover the joy of like, it makes work feel

32:16

a little bit more playful and that's really,

32:19

really cool. It's a

32:21

workplace design not just for making progress but like, you

32:23

know, getting inspired. Like you're in the same room together.

32:26

It's also like the big thing for me is that

32:28

it's like it's

32:31

like an app building environment. Like you can

32:33

build data driven applications so quickly and easily.

32:36

Like I know lots of famous

32:38

content creators that use Notion to

32:40

like manage their workflows and projects

32:42

when they're making, you know, new

32:44

YouTube videos or podcast episodes. It's

32:46

just a great place to put data,

32:49

access data, structure data, move

32:52

processes. It's just so good for so

32:54

many things. And you know what? Our

32:57

fine, fine listeners can try Notion for

32:59

free when they go to notion.com/ hacked.

33:01

That's all lowercase letters, notion,

33:04

notion.com/hacked. You can start turning

33:06

ideas into action and when

33:09

you use our link,

33:11

that hacked link, you're supporting our

33:13

show. So when you invariably do

33:15

go to sign up for Notion

33:17

because it rips notion.com/hacked. The

33:23

delicious ice cold taste of Dr. Pepper has

33:25

a lasting effect on people. Lindsay from Sacramento

33:27

said... Pro tip, 40 degrees is the

33:29

perfect temperature for an ice cold Dr. Pepper. Why

33:32

is 40 degrees the perfect temperature for Dr.

33:34

Pepper? We brought in Sue from Duluth, Minnesota to

33:36

tell us. Oh yeah, I know a thing or two

33:38

about cold. Oh, that right there is the

33:40

perfect kind of ice cold for Dr. Pepper. I'd

33:43

share that with my friend Nancy. She likes Dr.

33:45

Pepper too, you know. My coldest... Alright, that'll

33:47

be all, Sue. Having a perfect temperature for

33:50

your Dr. Pepper? It's a Pepper thing. Inspired

33:52

by Real Fan Posts. Have you ever

33:54

experienced turbulence on a flight and wondered

33:56

why? And you can see all the terrain

33:58

around you. You've got no. with visibility

34:00

or anything? No, everything's peachy.

34:03

Maybe you've sat on the tarmac for hours wondering

34:05

why your plane isn't moving. Well, we're outside here.

34:08

They're saying the ramp is closed. They won't let

34:10

us park because of Air Force One. Listen

34:13

in on the conversations between pilots and

34:15

air traffic controllers on the air traffic

34:17

out of control podcast. 5-1-2,

34:20

we're declaring an emergency. There's smoke in the cabin. I

34:22

need to make a landing right now on 3-1-LAP. We

34:26

have the most interesting, wild, and funny

34:28

ATC recordings you will ever hear. Check

34:31

out Air Traffic Out of Control wherever

34:34

you listen to your favorite podcasts. Thanks

34:42

for listening to the Hack Podcast. This

34:44

is an episode format that we have

34:46

called Hotline Hack. You can visit hotlinehack.com.

34:49

You can email in an audio clip,

34:51

email in text clips. You can call

34:55

into our call-in number and leave us

34:57

a voicemail, which we get as an

34:59

audio file. And we will include. I

35:01

will note that if you want to disguise your voice,

35:04

we prefer that you do that on your side rather

35:07

than supplying it over to us and making us do it.

35:09

There's also an email if you want to send us a

35:11

file. Like Scott said, if you'd like your voice

35:13

concealed, please do it yourself because we

35:16

run the audio as we get it, unless

35:18

you explicitly ask us to. Some

35:20

folks have found awesome ways of concealing their

35:22

audio. So feel free to have fun with

35:24

it. Well, the next

35:26

story was actually sent in text.

35:28

And it has, so we get

35:30

this lovely AI voice. Brilliant. While

35:33

working at an ISP in Australia, we had

35:35

a cloud storage server used for clients to

35:38

store data. And I wanted to export the

35:40

list of accounts. I

35:42

connected to the Linux box via SSH using

35:44

PuTTY, logged in as root. Yes, this is

35:47

bad, I know. Ran the command to display

35:49

the list of active user accounts on the

35:51

system, highlighted the complete list of usernames, and

35:53

out of habit right clicked on the list

35:56

to copy. OK, I'm just going to chop

35:58

this one up in my own way. is a

36:00

Windows based SSH client. So

36:04

SSH is like a Unix command, like

36:06

a Unix demon that runs on Unix

36:08

servers so you can connect to do

36:10

it via text like command lines. So

36:14

when you're on Windows, back in the

36:16

day, which this story sounds like it

36:18

was, there was no Linux core running

36:20

inside of Windows so like now you have

36:22

full kind of Unix integration on the command

36:24

line. You back then didn't, so

36:27

if you wanted to connect over

36:29

SSH to, you know, Unix based

36:31

servers you had to use putty or

36:33

putty was the most common and

36:36

running anything as a root is bad.

36:39

So that's why she flagged that or they flagged

36:41

that. I guess I'm just using the gender

36:44

of the AI, which is probably

36:46

incorrect. Those

36:48

of you that use putty know that by

36:50

selecting text it automatically goes to the clipboard

36:52

and putty has right click to paste enabled

36:55

by default. Suddenly my entire

36:57

clipboard is being dumped into the server's

36:59

terminal, then my SSH session drops. Connection

37:03

lost. I stared blankly at the

37:05

screen for a moment trying to work out

37:07

what just happened. I pasted my clipboard into

37:09

notepad and reviewed the list of names and

37:11

found a user account called shutdown. That's

37:14

the day I learned that rhl slash sentos

37:16

has a default user account called shutdown and

37:19

a simple click of the mouse took down

37:21

the cloud storage server briefly. So

37:25

it's pretty common to have

37:27

a user called shutdown and

37:30

pasting just a bunch of garbage into

37:34

the command line. Sadly executed

37:36

the command shutdown, which

37:39

is truthfully surprising that

37:41

it actually shut it down because I think typically

37:43

you need like a hyphen now or something after

37:45

that to actually make it shut it down instantly.

37:47

Right. But yeah, just

37:50

a little user error. Just

37:52

a little user error. Just a

37:54

little user error to take down the entire cloud server. I

37:57

really liked my favorite point in this is, and I

37:59

know part of this is the AI's read adding

38:01

the comedic timing, but I think it was in

38:04

the story is, I logged in as root, yes,

38:06

this is bad, I know. Like the immediate awareness

38:08

of an error as it is occurring is

38:13

a timeless feeling. A

38:15

timeless, timeless feeling. Right click

38:17

to paste enabled by default seems like, this

38:20

story is so above my head technically,

38:22

but right click to paste enabled by

38:24

default feels like a weird feature to

38:26

include in anything, I've

38:30

just never heard of that. That might just be

38:32

my non familiarity with this kind of sys admin

38:34

type stuff, but that feels like a

38:37

lot of potential bad stuff could happen by having

38:39

a mouse, one mouse button

38:41

queued to paste. Yeah, I think the

38:44

gist is like when you work on

38:46

command lines, typically you only use the

38:48

mouse to select things. Right, right, okay.

38:51

Somebody was like, hey, like why don't we

38:53

just fast track this if you select something,

38:55

we're gonna auto copy it, which is like

38:58

a brilliant little user interaction. That actually does

39:00

make sense, you're never using your mouse. Granted,

39:02

it violates all user

39:04

interactions you've learned your entire life,

39:08

but it is kind of an optimal workflow.

39:11

And then right click to paste, again,

39:14

same thing, like if you're just copying things by

39:16

selecting them, if you wanted to paste something, like

39:18

say you wanted to redo a command or you're

39:21

building out some large awk query or something and

39:23

you copy something and you wanna paste it in, right

39:25

click, it's like a nice little quick paste button.

39:27

Sure. But when you

39:30

copy your bash history by

39:32

accident, which maybe you don't

39:34

know what that is, but your command line history, and

39:37

then you paste that in, that would be

39:39

brutal. One of my favorite

39:41

things of working with comms I

39:43

people, I count you amongst

39:45

this, but devs and computer engineers, any of

39:47

that type of person is

39:49

all of the genuinely smart, but

39:54

humanly unintuitive solutions that slowly

39:56

become part of a workflow.

39:59

Like the idea of, We have like, we never use the

40:01

mouse, why not make one of these buttons something

40:03

we do all the time that requires a key

40:05

command? It's like, that's very, very clever until you

40:08

inadvertently press the button you otherwise use all the

40:10

time for something else and paste something. It reminds

40:12

me of Dvorak, where it's like, this is technically

40:14

a better way to lay out a keyboard until

40:18

someone who isn't used to this tries

40:20

it, or until you try and go

40:22

use a computer that isn't laid out in Dvorak, an

40:24

alternative to QWERTY, and your

40:26

brain explodes trying to translate these

40:28

different keyboard layouts into one another.

40:30

Yes. I love those

40:32

computer engineer workarounds. Good to know.

40:35

Yeah, I think we both know

40:37

who you're talking about when you're talking about

40:40

Dvorak. We sure do. And. One of my

40:42

favorite human beings. Yeah,

40:44

great guy, love him. Hate

40:47

sitting down at his computer. Hate

40:49

the Dvorak. Trying to type something on his

40:51

keyboard and immediately like, feeling like

40:53

I'm having a stroke, where it's like I'm looking

40:55

at characters showing up on the screen, and

40:58

I'm like, I don't know what's

41:00

going on. I have to back away from the situation. Hate

41:02

the Dvorak, love the sinner kind of situation there. It's just,

41:04

I can't believe that you did this. Can

41:06

you turn it off? It's a pain in the ass to

41:09

turn it off. Okay, can you type for me? Yeah,

41:11

definitely been there. Speaking of

41:13

keyboards, I got my new one built last

41:16

night. Oh, yeah. I'm not

41:18

sure how relevant it is to the podcast, but

41:20

we were talking about it. Exceptually not, but it

41:22

is fun color commentary. For everyone that doesn't know,

41:24

Scott's swinging mechanical keyboard got broken, and he was

41:26

building out a new one. That's very exciting. I

41:28

mean, while I'm still operating my lightning

41:31

port Mac keyboard that I load.

41:35

Do you have the number pad one? No,

41:37

I don't. I'm not another pad guy.

41:39

I know. I know. I'm

41:42

missing a numpad. Yeah, you're a big

41:44

numpad guy? No, I'm the standard Chiclet

41:46

Apple keyboard, and it's bad. You

41:50

can hear all about it on our consumer tech show. Let's

41:53

keep this bad boy going. I'm

41:56

submitting my audio with an AI since

41:58

my speaking English is not good. not great. I

42:01

got an accent and also so people

42:03

cannot identify me. So I

42:06

got a very powerful Command

42:08

and Control, C2C, that

42:10

is able to shut down and slow

42:12

any websites and servers, etc.

42:15

It's only built with Raspberry Pi

42:17

4 Model B+, and a plus

42:19

170 MBE fiber internet speed and

42:23

an open source software, etc. To

42:26

test it out during the pre-war October

42:28

7th in Israel, I saw

42:30

the Hamas website is still up even though

42:32

there are news that other hackers countries shutting

42:35

it down. Even though

42:37

it changed its internet protocol since the attack,

42:39

I was too able to shut it down

42:41

in minutes. I

42:43

also tried to join a bounty

42:45

program for denial of service in

42:48

Hackerone for PlayStation website, my dot

42:50

account dot sony dot com. I

42:54

was able to make it into 404, unresponsive,

42:57

but of course I didn't receive

42:59

any rewards since they don't accept

43:01

full shutdown disruption and also

43:04

no distributed denial of service, DDoS,

43:08

but only denial of service, DOS.

43:12

Also whenever I receive a message from

43:14

a scammer redirecting me to their websites

43:16

or link, I just

43:19

get the domain they are redirecting me

43:21

and shutting it down for myself, asterisk

43:23

smiley face asterisk. This

43:26

C2C botnet is very dangerous and

43:28

powerful since I tested out in

43:30

live layer 7 massive in

43:32

dstate ECC. It sends out

43:34

over 17 million requests

43:37

in just minutes, etc. So

43:39

I got a hand into a Pandora box. Got

43:42

a hand into a Pandora box. Yeah,

43:44

what a way to end a recording. I've got

43:46

a hand into a Pandora box. And

43:49

the end call. This is maybe

43:51

the least lighthearted of the classics.

43:53

So this is somebody that's got

43:56

control of a botnet

43:58

for DDoS. So distributed

44:00

denial of service. Yeah. And

44:04

you know, try

44:06

to go kind of white-hatty, join

44:10

a thing with PlayStation, but apparently they

44:12

were only looking for, you know, D.O.S.

44:14

Like just denial of service, not distributed

44:16

denial of service says, you know, obviously

44:18

that's hard to combat, but

44:21

yeah, interesting. Command and control with a raspberry

44:23

PI. Can you make sense of that for

44:25

me? Yeah, so command and control.

44:28

So there's a, there wasn't enough

44:30

detail in there to fully understand what the botnet

44:32

is, like what's actually what the bots are. Right.

44:34

But it sounds like they've set up

44:37

a raspberry PI, like essentially a invisible

44:40

computer that they can kind of carry

44:42

around. That is the control

44:44

unit for a massive botnet. At

44:47

least that's the way I took it. So that

44:49

they can kind of fire it up and point

44:51

it at things whenever they feel the need to.

44:54

Right. Does that make sense? I think so.

44:57

You're just using it as essentially a little server

44:59

for this command and control operation. Like

45:01

if you remember command and control, it's

45:03

like the, it's like a hub

45:06

and spoke kind of model where you've got, you know,

45:09

what would you say 17 million requests a

45:11

minute? So he'd have just

45:13

a flurry of bots living in the world,

45:15

and then he'd have a single unit to

45:17

control them all. So like a lot of

45:20

those D.O.S. for higher services are

45:22

set up like this, where they have

45:24

a control unit, and then they have, you

45:26

know, millions of bots or whatever, you know,

45:28

smart fridges around the world that have been

45:31

compromised. Sure. And then they

45:33

can send a command to all those

45:35

smart fridges to make requests on a

45:37

specific data, you know, IP address or

45:39

web protocol or something, and they can

45:42

just shut the server down. So it

45:44

sounds like he was successful at shutting

45:46

down PlayStation. Hmm. So,

45:49

and, you know, Hamas and a few other

45:51

things. So it sounds like they've got a

45:54

substantial little botnet. I can

45:56

see that I've got my hand in a

45:58

Pandora bot because... Right. That makes

46:00

more sense. You've just got like

46:02

all this power in your hands to be

46:04

like, I just pointed things on the internet

46:06

and they go away. Hmm. It's

46:09

like, what do I feel like pointing at today? I

46:12

don't hate the idea, especially given

46:14

the amount of phishing requests I've got lately. It's

46:17

like a lot of them point back to these

46:19

like weird server farms and like Russia and Bulgaria

46:21

and things like that. So it would be, having

46:23

the power to just be like, I'm

46:26

not gonna click on your bad link, but I'm gonna take

46:29

the server IP address and just knock it off the internet.

46:32

I can understand that motivation. I

46:36

found a Reddit thread with someone asking a

46:38

question somewhat tangibly related to this, asking, using

46:41

a Raspberry Pi 3 as a command and

46:43

control server. One of the first

46:45

comments says, it's a server, you can use it

46:47

as any other server. Since you're asking this question

46:49

and seem like you intend to use it at

46:51

home, maybe don't unless you like prison food. Which

46:54

is, it was a great comment. Proper amount of

46:57

snark. The thread then goes,

46:59

here's where you assume too much, they could just connect

47:01

it to any network and walk away, see Mr. Robot,

47:03

to which someone else replied, and then they find your

47:05

Reddit post. And if we go back up to the

47:07

top of the Reddit post, we see the user deleted

47:09

their account. So

47:11

it's a nice little closed loop. I doubt it

47:14

was this caller, but an

47:16

interesting question with some good feedback

47:18

from the hive mind. But like

47:21

the Raspberry Pilots, the micro PC

47:23

trend, I think is like,

47:25

when being a young hacker, when

47:28

you wanted to do something with computers, it

47:31

was like difficult, like laptops were, you

47:34

know, expensive and hard to come by

47:36

and often underpowered. And

47:39

now it's like, you can build, like

47:41

you could build a tiny little micro computer and

47:44

like turn it into an

47:47

ARP spoofing device and

47:49

walk into an office and jack it

47:51

in. And people won't

47:53

even notice it's there. Like it could be

47:55

very tiny or disguised to look like something

47:57

else. Yeah,

48:02

I don't know. There's a whole cool

48:06

alley of custom little micro computer hacking

48:08

device things that is out there that

48:10

would be fun to pursue. Yeah.

48:14

That's an interesting world of tiny ...

48:16

Like a Raspberry Pi 3 is about

48:18

50 bucks. The

48:21

idea of there being a thing that can function as a server, but

48:23

50 dollars isn't disposable and no

48:25

tech should be regarded as disposable for a

48:28

bunch of other reasons. But the

48:31

fact that there's a thing that you could theoretically

48:33

just sort of leave behind somewhere without a fingerprint

48:35

on it is ... There's a reason

48:37

Mr. Robot made a whole bunch of subplots based

48:39

on that very premise. Yeah. Because

48:41

it's interesting and compelling and is, as this caller

48:43

referred to, quite the Pandora's box. Yeah, totally.

48:45

Like 20 years ago, if you wanted to

48:47

build something like that, it would be ...

48:49

You'd be building a

48:52

small computer and then you'd have to have a power

48:54

supply and walk in and plug it in. It's

48:57

like nowadays with USB power, you pretty

48:59

much ... If you

49:01

really wanted to and you were a big

49:03

hardware engineer, you could probably build something that

49:05

you just slide into a USB slot that

49:07

was a fully functioning computer with radio antennas

49:10

and yeah, I don't know. Totally.

49:13

Like look at the Flipper Zero and it's like a tiny little 100

49:16

dollar device or a $150 device.

49:19

Yeah. I think that world of little

49:21

hacker computers and you got me on the cyber decks, that

49:23

fascinating community of people building from

49:26

scratch little computers.

49:30

I think for as much as we're pushing the

49:32

boundary of what a $3,000 computer can get you

49:34

and what

49:36

a $1,500 smartphone can get you, the floor

49:38

too raises and we start figuring out, well,

49:41

what's the most a $50 thing can do?

49:44

That's just as interesting a question.

49:48

I think of game emulators too, those tiny

49:50

little devices that can suddenly ... For

49:52

$45, look what they can

49:55

do. Well, I was about to say

49:57

the micro device world is ... is

50:00

a fired up,

50:03

you've got like the tiny little

50:05

Android devices, like so many things. I just

50:07

got a new bike computer for cycling and

50:10

it is a full Android phone essentially.

50:13

It's just a dedicated Android device. We

50:16

were talking about the Rabbit R1 which has

50:18

gotten more press. Yeah.

50:21

Are we going to talk about that

50:23

so time? The

50:27

Rabbit R1 is essentially just a micro Android

50:29

device and it's like all of these things and like

50:31

they're cheap. They're tiny little

50:33

pieces of hardware. The game emulators are great

50:35

because one of my game

50:37

emulators is literally a Linux computer and

50:39

if you think about that, that's a

50:41

full blown Unix computer. I could plug

50:44

a keyboard into it and

50:46

I have essentially, it has

50:49

Wi-Fi chips, it has everything

50:52

and it's essentially a micro computer and it

50:54

cost me like $39. Has

50:58

a screen, has like a full color screen. I

51:01

have another one that has an outlet in it. I

51:05

don't know, crazy. The

51:07

micro device market is very cool,

51:10

maybe a bit wasteful if we want to

51:12

talk about waste. I think very cool and

51:15

especially from a hacking perspective, just the amount of

51:17

things that you can do with these things now.

51:22

If you talk to a 17-year-old me and

51:24

ask me if I would love to have a Linux computer that

51:26

was in my pocket, I would have

51:28

loved that. Especially

51:31

something with the battery life that some of these small

51:34

emulators have. They have 8 hours, 10 hours of battery.

51:38

When I was a kid, the best

51:40

battery life you'd hope for on a computer was like

51:42

45 minutes on a laptop, maybe an hour

51:44

and a half. I imagine if we could talk to

51:47

a 17-year-old you right now at time of recording, you

51:49

would be trying to play schools out for summer. Somewhere

51:51

where you're not supposed to be. No,

51:54

no, no. I was White Glove

51:56

Service. I never went to White Glove Service. That

52:00

was pretty good. I just went, yeah, I was more of

52:02

a, more of an explorer

52:04

than I was a disruptor. Well, I

52:06

was flipping power

52:09

breakers and getting dragged into the office.

52:13

But that's a story for another time. And

52:15

if you want to hear it. Power breakers. You Batman.

52:18

The thing they were most mad about was

52:20

that our school had a vending machine with

52:22

those weird milkshakes,

52:24

like bottled milkshake-y type drinks. Oh no,

52:26

and you soiled a bunch of them.

52:29

And we didn't. That was the funny

52:31

part is that they're shelf stable. Oh my God.

52:33

But they do have refrigeration in the thing. And

52:36

I remember a police officer yelling at me,

52:38

do you know what could have happened to

52:40

the milkshake vending machine? Like that line, can

52:42

you imagine what would have happened to the

52:44

milkshake vending machine? It's like, like

52:47

barked at me by a guy in a

52:50

cop uniform, will forever burned

52:52

into my mind. If

52:54

you want to hear more stories like

52:56

that, feel

52:59

free to support the show however

53:01

you can. hackpodcast.com redirects towards our

53:03

Patreon. If you go towards our

53:05

store, pick up some merch, buy a hat. That

53:08

helps us out. Anything

53:10

else? Anything I'm missing? I don't know. No,

53:13

I don't think so.

53:15

Store.hackpodcast.com, hackpodcast.com Patreon, hotlinehack.com,

53:17

submit your story. I

53:20

think that's it. I think that's it. Is that it

53:22

for us? School's out for summer? School is

53:25

in fact out for, I don't know

53:27

enough about Fair Use to know if

53:30

we can end this episode with that

53:32

song. But

53:36

we'll find out before the episode goes live.

53:38

So if you don't hear that right now,

53:40

it means it's because you can't use it.

53:42

And if you do, it's because school's out

53:44

for summer. Well, it is Memorial Day weekend.

53:47

We're recording this on Memorial Day weekend. And

53:49

Memorial Day is the demarcation

53:51

for summer. It

53:53

is. Oh, that's fun. Good

53:55

timing. Good timing. School's

53:57

out for summer. Call in with your

53:59

story. hotlinehack.com, that's

54:02

another one in the bucket. Thanks for listening everybody.