Old Bad

These are some old things I wrote that probably need to be updated. Entirely copied and pasted without rhyme or reason. Not even formatting this!

1.1. Shower Thoughts | Internet/Tor Security and Privacy

The issue is that on the Internet, nobody can be trusted - even the people that you cannot see. For example, a researcher in 2021 discovered that at minimum 25% of Tor nodes were operated by a single malicious actor, and with that actor’s position he staged sophisticated man-in-the-middle attacks to strip encryption from websites and modifying Bitcoin addresses to point to their own. Some people have theorized that this is the work of a government agency due to the impressive scale of the attack; however, this is at best speculation. Also, I don’t want to give the impression that Tor is as a whole untenable. It is likely fine for the majority of privacy-conscious users, but I want to dispel the idea that there is a silver bullet for security outside of dismantling your router.

The best thing you can do if you want to be secure is to disable Javascript. Of course, this will break most websites, but that is the price you must pay for proper security. Javascript, even when it is functioning as intended, is malicious. In 2020, pirate website 9anime turned its users computers into a virtual botnet by sending garbage AJAX requests to a competitor site because of an ongoing feud. If you visited 9anime at all during the time frame in which this code was live, congratulations! You’ve participated in a DDoS attack. Unfortunately, this is just how the Internet functions.

Another way to maliciously abuse connections is through tracking pixels. A few months back, I accidentally deleted a file and felt the urge to recover it. The tool I used performed a dangerously reckless restoration that recovered every file that was still present on my computer’s hard disk (which somehow corrupted my external hard drive, but that’s neither here nor there.). Sifting through the hundreds of thousands of junk files, including every image I had ever seen on that laptop, I noticed an inordinate amount of blank, 1x1 images. These tracking bits are simply small images hosted on a server. Your computer will automatically download the image, but to do so means that the computer must request the image from a server, which can be ANY server. So you can just add a bit of metadata to the request, serve the image across multiple different pages (perhaps through advertising?) and the server operator is capable of tracking a single user across multiple pages, allowing for things like targeted advertisements to become possible. The astute among you may recognize that there’s nothing special about a 1x1 pixel, and that any web element could be used to perform this magic trick - and you’d be right. So, it’s not a bad idea to tighten up your uBlock Origin settings to block things like remote fonts. 1.2. Shower Thoughts |Artificial Intelligence, Bioethics

It is important to note that technology rarely bows to ethical concerns. In Plato’s Phaedo, Socrates recounts the tale of the Egyptian God Thamus who denounced the invention of writing. In the movie “His Girl Friday”, a man accidentally shoots another dead. A much cleverer reporter than him guides him to the idea of “production for use”: the gun was present, and it was produced to be used, so he is not at fault. The atomic bomb has proliferated, despite being universally regarded as a tool of destruction that could bring about a self-made apocalypse - yet, because the tendency of mankind is to innovate further, there are thousands of nuclear bombs that exist. Technology does not go backwards. There has yet to be a moment where an invention became no more.

However, discussion concerning scientific topics such as eugenics and genetic modification are, at the moment, where the line is drawn; UNESCO, for example, has declared that research on the human genome should not “prevail over respect for the human rights, fundamental freedoms, and human dignity of individuals or…groups of people”. Their overall stance seems to be one of one of caution rather than outright hostility, but they understand that such transhumanist ideals could potentially wrought unintended effects upon humanity, such as expanding inequality, discrimination, or other nasty ideas.

There is still a vocal, and largely academic push towards evolving past the human limits, often going as far as to say that it is the ethical duty of mankind to pursue solutions in overcoming life’s most persistent barriers, such as death. On the flipside, its hard to take the technological utopianism (or any utopia, even those presented by politics I wholeheartedly agree with) presented by these parties as entirely in good faith, when elements of classism and eugenicism seem to pepper their beliefs. In selecting for positive attributes for children, for example, it is in effect pushing forth the idea that a parent’s love is contingent on their innate superficial attributes, and that society does believe that a people should be selected for these attributes and that nonconformers do not have the right to be born. I think this is the aspect of biohumanism that laypeople find troubling, yet inexpressible; it is an explicitly elitist ideology in a pseudo-egalitarian era.

  1. Notes On Things

2.1. Notes | Network Security

Short explanation: capture as many packets as you can, try and piece together the password. Best if you can get somebody connecting to the network while you’re listening.

Longer explanation: With the aircrack-ng suite of tools, start your wireless card in monitor mode with airmon-ng. This, if your wi-fi card supports monitoring mode, will allow your device to listen to every packet on the channel. Then, use airodump-ng - the tool that displays the information captured - to find communications with the access point. If somebody is connecting on the Finally, use aircrack-ng, passing in a wordlist to the -w flag, to obtain the passkey.

So, I would like to take this moment to say that xkcd was wrong! While “horse correct battery staple” is only a good password under the assumption that the attacker is trying to brute-force it, but in scenarios like this where the attacker only has a chance of cracking your password if you’re using vocabulary commonly found in the dictionary. 2.2. Notes | Modern C++ Consteval and Constinit

The constexpr keyword indicates that the result should be calculated at compile-time; if it can’t be then the code is unformed and the compiler will throw an error.

constexpr int square(int a) { return a * a; }

If viewing with Constinit assembly asserts that a variable has static initialization, i.e. zero initialization and constant initialization.

Consteval consteval is evaluated at compile time.

consteval int square(int n) { return n * n; }

constinit initializes variables with static storage duration, i.e. variables that are allocated

constexpr implies constinit. 2.3. Notes | Hardware Attacks: SCA

I read this in the “Hardware Hacking Handbook,” I believe.

A side-channel is an observable aspect of a system that reveals information within that system. Side-channel attacks are an increasing security concerns (I’ve seen some presentation on the IBM website about this) because most developers aren’t familiar with the hardware level of computers, and thus cannot possibly harden against these attacks. With computers, analyzing the physical process of the computer can reveal extraneous information. To paraphrase the example in the book, take a program that verifies a password by checking in order each digit of the inputted password and comparing it to the correct one. If one were to use an oscillope and time the delay between inputting a letter and the response, one could determine whether an inputted letter was right or wrong - cutting down the several thousand or so guesses needed to break this password to just 10 guesses for each digit.

  1. Misc

3.1. About Me

I’m Nathan.

I talk about computers for some reason.

I have an abandoned Mastodon account. Send hate-mail into the void at this address: