Letters: Proclamations

Ideas

Dear 2600:

I have been toying with an article for some time.  The idea initially occurred to me after the fallout from the Edward Snowden affair.  I have sought an unbiased publisher, but the government rags (in which its publication might actually do some good for Uncle Sam) are too wedded to incompetent vendors.  The article has to do with why our information security capabilities are in the state that they're in and what could have been done about it - if our government cared one whit.  Developments make it crystal-clear that they have already surrendered their technological and military superiority to China and, moreover, are expending ever less effort on even putting on a "show" to caring about computer security.  Meanwhile, each "expert" we see is more readily buffaloed than the previous buffoon: an RSA "consultant" was on Fox News the other day who (a) didn't know what RSA stands for and (b) explained a recent hack as - get this - the attackers "went into" the system.  "Went into."  Here's an attached resume to indicate that I'm not some abject moron.  Something tells me you will find it as unique as I know my written perspective is.  Trust me, I'm nothing like the others, and I long since tired of lifting a finger to help our government.  From a technical perspective, I won't go into the details of ad hoc hacking techniques as it were, but I have plenty to share on the underpinnings of high-assurance military systems, which - I guarantee - are way beyond the lion's share of your readers, both from the historical exposure perspective and the formal mathematics perspective.  Don't be so quick to dismiss everything that comes from DoD because Joe Schmuck leaves a guest account undeleted.

      Name Deleted

We've gotten a few such letters, but what we really want to get our hands on is an article!  Resumes aren't necessary.  just write about what you know and submit it.  The community will thank you.

Dear 2600:

America should nuke the evil Commie Chinks, which kill Falun Gong members, persecute dissidents, and occupy East Turkestan, and Tibet!  Blessed be Lord Our God, George Yahweh Washington, Saint Thomas Jefferson, Saint Thomas Paine, Saint Patrick Henry, Saint John Hancock, Saint Benjamin Franklin, Saint Paul Revere, Saint Betsy Ross, Saint Martha Washington, and Christ Baden-Powell, Our Lord!  May the American Master Race rule the cosmos/omniverse forever and ever!  Amen!

      Name Deleted

And then we get these.  Readers, please help drown this drivel out with some intelligent discourse.  We have so much of note to focus upon and you have some of the most enlightened perspectives currently out there.  Most of you, anyway.

Dear 2600:

I'm loving the magazine, and keep it up!  I have a couple of articles I would love to send in, but I want to make sure no one has written them yet.  I have one about OPSEC (Operational Security), and one about how to access the root user on a Mac - getting admin privileges in the process (without needing a different admin password).

      NerveGas Jr.

Trust us, you won't be duplicating the efforts of others.  He who hesitates is lost and never winds up getting published.

Dear 2600:

Seems like this could be a hot topic for 2600 - how to effectively combat junk/spam/robo phone calls.

They are a monumental pain in the ass.  There are (at least!) a dozen or more websites devoted to "reporting" them and (helplessly) screeching about them.  They too often sucker some naive recipients into scam deals - sometimes (often) even extracting life savings from some hapless victims.  At the least, residential landline phone users could/should be protected.  Ditto for at least non-biz cell users.  There have been recent Senate subcommittee hearings about them!

There are some partial - maybe total - solutions to them (aside from making them "illegal," which is about as effective as making petty theft illegal).  Some, but not all, involve "forcing" the telecom cartel to do something easy (e.g. verify calling numbers before passing along fake Caller ID, etc.).

Other possible partial or total solutions are techie/gadget-based.  They would surely be of interest to entrepreneurs (as well as white-hatted black hatters).

Just a thought.  Although I'm a 50-year geek, I am not an expert in this area!

      jim

While we share the impatience and concern over such annoyances and hazards to the easily convinced, we must also be wary of solutions that ultimately cause more harm than good.  Losing the ability to disguise one's phone number would inevitably make it much harder to communicate anonymously.  Despite what we're taught, this is a valuable skill to have.  It's of particular use to whistleblowers as well as anyone who's trying to avoid unpleasant people - as well as those of us who simply value our privacy.  There will always be those who use technology for sleazier purposes who will stop at nothing to make a quick buck.  There are numerous clever ways to not let such people gain the upper hand, just like there are in every facet of the Internet.  We agree with the idea of making solutions through technology because that allows for customization and evolution without falling victim to a bunch of Draconian laws.

Article Feedback

Dear 2600:

Really liked the Metrocard article.  I've looked into this in the past a bit, but was always turned off by potentially wasting money on a reader (glad I didn't!).  I grew up in Queens, so work is especially interesting to me.  Is there any way I can help?  It would be cool to extend the project to other systems as well in other cities.

      Josh

All it takes is research and the interest to pursue the subject, as well as the desire to tell the world what you learn.  We don't expect people to know everything about a particular subject.  The only way we learn is by sharing what we do know and encouraging others to fill in the gaps.  All too often, we encounter people who doubt the value of their input and wind up delaying their participation until after the info is fresh.  Or they lose interest and never submit anything.  Countless times we've learned that getting the conversation started is what leads to a fuller understanding.  And, as you see, that conversation can last for a very long time.

Dear 2600:

Regarding a discussion in the Summer 2015 "Letters" section, child pornography is documentation of actual acts.  As Asia Argento, director and star of her own real-sex feature, Scarlet Diva, once said, the point of watching porn is to have the "this really happened" experience.  Ergo, it's a bit hard to stomach the filing away of the legitimately-worth considering sorts of distinctions - i.e., erotic paintings featuring nymph-like children; the first-ever conviction in America for "obscenity" of Boiled Angel cartoonist Mike Diana in the later 1990s to scant attention in even the alternative media; the "ruining" of "lives" erotic photographer Richard Kern describes, of clearly over-18 girls who model for hardcore porn - into the intellectual dustbin (as happened in this discussion) along with the exceptions which have no ambiguity about them whatsoever.

Entrapment's entrapment, as a crime practiced by law enforcement officers; similarly, degrees of crime sentencing should be, in a sane society, debated as to proportion vis-a-vis other violent, damaging-to-others crimes.  If this is not the case, however, one feels a little queasy about the "benefit of the doubt" being extended to consumers - as though the age-old "coke users should feel guilty about fueling cartels' profits south of the border" bromide, for instance, doesn't apply to something that is, quite frankly, ethically behind the pale.

Pete Townshend, it turned out (for those of us who heard later), had posted on his website a warning to people who knew him and knew of him that he fully intended to run the risk of downloading massive files of child porn to explore, research, and pursue the perpetrators and distributors - and did, in fact, have to face the music for this daring feat - no pun intended.  (As any fan of Tommy with knowledge of Townshend's conceding in interviews that he, too, had suffered from such abuse as a child, this sort of priority on his part was hardly surprising.)

Heaping additional scorn on offenders out of spite isn't worth doing, and only feeds a blackness of the heart; that, too, should go without saying.  But - in the opposite sense of the way the phrase is usually invoked - let's just leave them be, okay?

No, it's not minor.  Files aren't just files if their very existence is a crime.

Leave that at that!  (Other than that, your journal's irreplaceable, for what it's worth!)

With what I hope is only-the-appropriate paranoia, I've asterisked words that won't make my email and address crop up in some Fed's filter for assholes.  As text, I'd intend the words to run in full; if you're going to run this letter, please know I'd rather it read with the full words, intact.  Can you blame me?

      Smiley McGrouchpants

That last bit really illustrates the point we were making in that issue.  When you can't even write the words "child pornography" out of fear, that's something that needs to be looked at.  Yes, the files are reprehensible, no question.  But we can't simply make everyone who finds a way to copy such files, regardless of the reason, guilty of the crime involved in their production.  If we do, then why don't we also make it a crime to possess videos of people being beheaded?  That is a reprehensible action as well and its distribution certainly helps to encourage the perpetrators.  Yet we turn a blind eye towards the easy availability of such material.  The point is if people want to see such content, that's a problem that needs to be addressed head on.  We don't solve this by ignoring it nor by classifying everyone with the same broad brush.  And we definitely don't get anywhere by being afraid to discuss it.

Dear 2600:

I bet the cover of the Summer 2015 magazine generated some interest.  Looks like some USA federal government employees are finally earning their fat salaries and pensions.  What is the back story?  Did it come from the CIA, DIA, or NSA?  The symbol inside the star basically means "sneaking in."  What is the significance of the three-concentric-circle symbol?  The latitude and longitude were helpful in locating the building housing these Chinese military government employees.  (Whoa... we have a spy versus spy comedy forming here.)

Didn't Premier Xi say recently that China would never condone government sponsored hacking?  I will take a democratic republic funded by a capitalistic economy over communism any day.  How can we help the Chinese revolutionaries in Hong Kong?

      Webspider

We appreciate your noticing the details.  But we can't really discuss it until the digital digest for this volume comes out in mid-2016.  (All covers get explained in each year of the digest, incidentally.)  And the best way to help people anywhere is to pay attention to what's going on with them and to get the word out to those who will listen.  We often have much more power in that department than we realize.

Dear 2600:

This is about the article explaining security issues in Brazilian voting machines (32:1).  I just met Diego de Freitas Aranha, a researcher from the University of Campinas, SP, Brazil, who helped to check some issues with Brazilian voting machines.  After some talk, I sent him the article and he emailed me back some remarks and corrections (though there were good things there).  Here is the text which I translated, which includes some important mistakes:

"The voting machine has run GNU/Linux for a long time and the software is no longer produced by Diebold (only hardware).

"The University of Brasilia was not 'hired,' but won a public tender competition with other institutions.  The attack on the secrecy of the vote was mounted on public information without a need to change the source code because the restrictions imposed by the TSE prevented that.  I coordinated the team."

"There is no evidence that 'Rangel' in fact changed election results - there is much politicking in the case."

He also send me this link with the English version of his report, concerning software vulnerabilities in the Brazilian voting machines, available at: sites.google.com/site/dfaranha/projects/report-voting.pdf (English) and sites.google.com/site/dfaranha/projects/relatorio-urna.pdf (Portugese).

      Derneval Cunha

Dear 2600:

I am writing to provide some clarification to you and your readers on the .mil domains listed in the Ashley Madison article in issue 32:3 (Autumn 2015).  Looking at these "domains," it becomes obvious that many are not at all domains.  Many of these are the username portion of .mil email addresses.  The military has changed over to a new email address naming convention.  FirstName.M.Lastname.mil@mail.mil for military folk.  They use similar setups for civilians and contractors: FirstName.M.Lastname.civ@mail.mil for civilians and FirstName.M.Lastname.ctr@mail.mil for contractors.  This makes it very easy to quickly remove many of the items as username portions of email addresses just by looking for the username pattern.

Someone with a .mil email account could very easily run through the ones that look to be email usernames and verify them against the address book that is available to users.  Someone on the outside could also send test messages looking for bounces or lack thereof by adding @mail.mil to the end of any that look like email address usernames.

Nobody should fear that I'm giving away some state secrets here as all this info can be easily found with a bit of searching the web.  For example: gcn.com/Articles/2011/02/04/Army-Begins-Move-to-Enterprise-Email.aspx

I was happy to see that I didn't recognize any of the email address usernames.

Enjoy.

      Phreak480 from Long Island
      The Home of 2600 Magazine

To clarify, we knew from the start that many of the so-called domains were simply what people typed in on the Ashley Madison site, which provided no verification.  If there are people dumb enough to use that site as well as enter their real names, then it stands to reason there are people dumb enough to give out some juicy top-level .mil domains as well.  At least, that was our hope.

Dear 2600:

I was excited to get my Fall 2015 issue of 2600 and see what I thought was a picture I emailed you folks years ago and was surprised to see you needed to do detective work to find out where it was because I had already told the whole story.  (That's what gave away the fact that it wasn't mine.)

Specifically, that motel is on Lincoln Avenue on the far north side of the city.  Along that stretch of Lincoln Avenue is a series of tacky motels (some of which have been torn down but with the signs still intact) that today probably offer hourly rates but were undoubtedly gold mines in the summer in the days before interstate highways.

Might not be the best place for a convention; I recommend staying at the Hotel Penn for now.  But what I did find sly was that one of the former sites of the Chicago 2600 meetings was at the Boys & Girls Club, which is bordered on the west by Rockwell Street, which in the Chicago street addressing system would be 2600 West.

The More You Know

      Edgewater Sean

It's truly amazing that so many people are literally looking out for us.

Dear 2600:

Learning to obey the laws of the land is an uphill battle considering who my teacher is.  You are continually putting good stuff in 2600.  Re: 30:1, the Raspberry Pi article is my type of thing.  So when are Beowulf jackets going to show up?  In "A Lost Promise" we can't disregard the lesson it relates.  The paragraph starting "Recognizing the signs of someone in trouble" speaks by relating to me aspects of myself.  I have been dreaming in UNIX: rm -r *.*.  The SCDC rules changed, saying we can't place pen-pal ads.  Prison is prison.  The main thing I am grateful for is we can correspond with anyone except for fellow prisoners.  We need people who will step it up, be our advocates and proxies.  Few people are assisting us.  We're last in line for most.  Extra-legal harassment is an institutionalized art form with guards delivering panoramic displays.  "Hypercapitalism and Its Discontents" point s to the common need for support for important global issues.  Everyone should pick a message that needs to be told, then do it.  Don't assume the facts you see on public display tell the whole story.  The establishment counts on you to see things their way.  Look past the open/closed community debate and consider.  Are we ready and willing to change?  The future, multi-generational, self-sustaining, constantly changing, multi-faceted, networked networks, connected/disconnected, anonymous, and public.  Today is the future's black-and-white TVs.  I do wonder if I'm finished now!

      Cypher2x aka James E. Anderson #283022
      Tyger River Correctional Institution
      200 Prison Rd Unit 6-9B
      Enoree, SC 29335

Dear 2600:

In response to Joshua's artificial intelligence letter to the editor in 31:4, I should make the comment that a human baby has only two hard-wired words to it.  Those words are "mom" and "cup."  All further XML statements depend upon the parsing of phrases to these two words.

There is a temporal value that the human brain holds in long-term memory.  The human body is the computer, holding the hard drive that is the brain with primary input the eyes, and primary output the larynx.  So the input and the output are fuzzy.  The emotions are of the spine.  So can the body endure with strength, spineless or otherwise.

There was an interesting feature in the original Apple II microcomputer that Steve Wozniak designed.  Upon power up, after all internal housekeeping was set, the microprocessor ran the BASIC program named "START" so a basic program could execute.  This was a powerful feature to streamline user applications.

When Joshua is run, "mom" and "cup" is the equivalent of the Apple II "START" - a self-programming computer that knows the spinal scheduling emotional subsystem of itself could "goto" and "let" to its heart's content.  The heart of such the interrupts and the reset hard and soft.

The heart of the computer?  Simply the quartz crystal that is at the center of synchronization timing that oscillates (for the Apple II, one megahertz) (at today's clock speeds in the many gigahertz) for the benefit of resonant data.  The same quartz that is at a center for new age activities.  The same quartz that converts mechanical energy into electrical energy, and from electrical energy to mechanical energy.  All computers use clocks, and clocks are of vibrating quartz; therefore, all computers use vibrating quartz.

The computer could self program for the benefit of its own clock.  In this way does the computer have heart.  And the heart; then, of love, which is what we all need, want, and desire anyway.  The "request to parse request" somehow in its own resonance.

      John

"Cup?"

Humble Requests

Dear 2600:

I have checked and found that someone is trying to misuse my personal detail as given on different websites.  I request you to please remove all from Google.  URL is given below.

      Vipin
      West Delhi

We don't know what people are saying about us over there, but we can assure you we do not at present have the power to "remove all from Google."  We have no idea how these things get started.

Dear 2600:

I am a new subscriber but I have no experience in hacking or computer programming at all.  I am desperate to learn and I was wondering if you could teach me or tell me the best way to learn.  Thank you.

      The Prince

Apart from people thinking we have super-human abilities, we also often get requests like this.  We want to be encouraging, but we also have to be quite clear that hacking isn't something you just teach.  Computer programming is.  So if it's the latter you're after, you'll find answers in classes and tutorials, both online and in person.  But as for the hacking part, that is something that has to come from within.  There's no class in the world that teaches you that.  If you have the passion and curiosity, that is what you build upon with the knowledge you gain from exploring technology, asking lots of questions, and never giving up.  Diving into these pages will at least give you a sense of what that's all about.

Dear 2600:

I have attended a couple of meetings, but it has been some time since I have been to one.  A client of mine needs some work done on her computer that would require your expertise.  I am hoping you could help her out - I couldn't imagine it being too terribly hard for you with all your knowledge.  It pays.  Please call me as soon as you can to discuss further.

      Jacob

And then there are countless letters of this type, which is a variation on the first one.  We don't know everything and we're not always interested in doing this sort of thing in the first place.  But you might very well find someone at your local meeting which seems a much better place to ask this sort of thing than here.  For that matter, you can find bright people who can work on computers all over the place.  If it's some sort of "hacker" magic you're asking us for, you'll need to be more specific so we can mock you with better accuracy.

Dear 2600:

I was wondering who I need to talk to about permission to create a static copy of the 2600 meeting information to distribute in Cuba.

We are hosting an ICT Security conference in Havana this winter and thought it would be great to start a 2600 meeting there and present your meeting information as a White Paper in the conference proceedings.

      L.

That's a great idea and we've sent you the info you need to pursue this.  Hopefully others will think of equally creative ways to open up the hacker world even more.

Dear 2600:

Please block the word "Puti" and "puti lado" from Google Instant while I search words starting from "P" or "Pu" because these words are not accepted in our society.

Thank you.

      Kalyan
      Nepal

And we're back to this.  A number of years ago, we discovered that Google Instant (that feature that finishes words for you in the Google search bar) wouldn't finish a number of words that Google apparently considered controversial.  So we printed a whole list of them.  (You can see the list we made before we lost interest and got back to our lives at www.2600.com/googleblacklist.)  Words like assmunch and swastika wouldn't yield any additional suggestions for the search, although the search itself worked.  Somehow this revelation morphed into people somehow thinking we were in charge of this and a whole bunch of requests like this one.  Again, there's nothing we can do, other than help teach the world another couple of words never to say when in Nepal.

Meeting Mania

Dear 2600:

I've been attempting to resurrect the Melbourne, Florida 2600 meeting.  I've gone, as proscribed, to the proper location at the proper time twice in the last three months.

The first time I was a little late so I went around and bothered every group of people I saw at the coffee shop, but none of them were even aware of a thing called "2600."  Not only that, but I'm a bit outside of the age demographic for that coffee shop at that time of day, so I got to look like a slightly creepy old man attempting to hit on college kids.  One of them even called me "sir!"

The second time - just this past Friday - I got there early.  I set up shop in a prominent location, booted up my Kali Linux laptop, and placed a couple of 2600 magazines out in the open.  One individual did approach me, pointed at the magazines, and asked, "What is that?"  A second or two into my explanation, it became clear he was actually more interested in the bowl of hummus and pita that was waiting right next to the magazines.

Although I did enjoy my time at the coffee shop and got quite a bit of work done on a new article for 2600, I was hoping to actually interact with some like-minded souls.

      Mike

This does happen on occasion and it's a part of the whole community-building process.  It can often take time and patience for a group to actually form.  Sometimes existing groups disband without new ones taking their place.  Most frustrating is when groups move to other locations and forget to tell us!  Whatever the situation, we try and provide every opportunity for the community to grow.  Obviously, we don't wait forever.  We hope this one works out - please keep us updated.

Dear 2600:

I am the founder of Proto Makerspace.  I am wondering if you all will allow me to host a 2600 meeting henceforth at our space in north Houston.  The 2600 scene is not active in Houston any more and I wanted to revive it.

      Roo

We're glad to see the interest.  But right now the Houston group has a web page up that continues to show updates for the original location.  If we hear otherwise from a number of people, then we can consider the change.  We do advise meeting in a public space that fosters conversation, not only between existing attendees, but entirely new ones who may have never seen a hacker before.  Going to a hackerspace or equivalent afterwards combines the best of both worlds.  This is merely our suggestion, however.

Dear 2600:

Is there an active chapter in Edmonton still meeting on Whyte Avenue?  Is there a contact member I can speak with here?

      Ken

That meeting is active from what we can tell.  We don't give out any personal information for anyone involved in them, however.  If a group has a webpage, there may be contact info there.  We are also building a Twitter network of meetings around the world, so following www.twitter.com/@2600Meetings might be the best way to establish contact with people involved in local meetings.

Dear 2600:

For the most recent November meeting for 2600 in Chicago, I went to the specified meeting location.  The proprietors of the establishment had never heard of the meeting, and I couldn't find anyone there.  I did see a couple of people that could possibly fit the bill, but I didn't want to harass anyone just having dinner.

Is the 2600 meeting still happening there at 6 pm?  Or do you know how to get in touch with the meeting organizer or how to be able to tell if a particular group is with 2600?  I was looking for the magazine, but I didn't see anyone with it on the table.

      pi

As you may know by now, that meeting has changed to a new location and is listed in this issue.  Since we come out quarterly, we may sometimes have inaccurate info if such a move takes place.  We hope to have quicker updates online.  (For the record, it's always a good idea for at least one meeting attendee to have a copy of the magazine out or a hacker shirt on so people can make contact more easily.)

Splotchgate Comments

Dear 2600:

I would like to comment on your issue with Getty Images (owner of Trunk Archive).

First, this is a practice Getty Images has engaged in for years.  A client several years ago received a demand letter from Getty Images for a thumbnail image used on his website.  The image was part of a design that had been properly licensed from another party.  Getty Images refused to accept that license as indication of "good intent" or to take action against the (larger) company that had sold the template and license.  The amount demanded was much more than it would have cost to license the image from Getty Images to begin with and the client ended up shutting down the business to avoid paying this ransom amount.  I have heard similar stories from other web designers (purchasing legitimately licensed images).

Second, Getty Images used to be only one (overpriced) player in a diverse market.  They have been buying up many of the stock image providers and raising the price of stock images across the board.  It also means that they can apply their "infringement" tactics across a much larger set of images.  It sounds like this is the reason 2600 got caught in their net.

Third, it would be technologically feasible for Getty Images to provide an infringement search on their website that webmasters and graphic artists could use to ensure they didn't run afoul of Getty Images.  Obviously this wouldn't be as profitable for Getty Images.  They actually stand to profit more from these demand letters and it stands to reason Getty Images intends to freeze out the competition (as clients of competing stock image providers will fear being targeted by Getty Images).

If 2600 has the appropriate legal counsel (or can recruit an organization like the EFF), I would favor a suit against Getty Images.  A class action lawsuit would be ideal as it would (hopefully) put an end to this snowball that is growing into an avalanche against small businesses and individuals.  Otherwise, I sympathize.  For what it's worth, the amount demanded of 2600 is much less than they were asking from my client.

      Matthew

We are down for the challenge and we know many others are too.  We are well aware of how most cases aren't as comical as ours and that many have had livelihoods and businesses adversely affected or even destroyed by these types of actions.  In the end, the creative process is crippled out of fear and an overabundance of caution.  Incidentally - and we know it's awfully confusing - but it seems that Trunk Archives and Getty Images aren't technically related, other than the fact that they both use something known as PicScout which we believe is owned by Getty Images and also the fact that they share the same address.  (We have lots more of this on page 34.)

Dear 2600:

According to the DMCA rules, a claim shown to be false shall be penalized.

If you send a DMCA takedown notice that is both false and meant in bad faith (such as to harass, or doesn't state a real claim), you have committed perjury.  Though unlikely, if the party you sent the takedown notice to decided to pursue this in court, you could face all of the consequences that your state imposes on people who lie in court.

Pitiful.  Pathetic.  Trolls.

Respect the process.  Vote.

      Bill

This is probably why they don't actually use a DMCA takedown letter, but instead simply send an invoice.  A team of lawyers with principles and some free time could help turn these practices into history.

Dear 2600:

I came across your brief and ridiculous confrontation with your image troll on a Techdirt thread.  I read the quote, "Art has always been derivative and transformative."  I have been working on grants, applying, etc., for the last nine months, and love this definition.  I would like to use it.  May I?

      Monday

We're sorry but our quotes are ours alone and may not be requoted.  In fact, your letter makes unauthorized use of the quote and an invoice has already been sent.  (We half assume your question was as sarcastic as our answer.)

Random Thoughts

Dear 2600:

I've got a great story that I've been working on.  It would be a great perspective piece.  Hacker meets Hackee.  Let me know if your interested.

Sent from my iPhone

      Tommy

This all seemed to start off normally enough.

Dear 2600:

I don't need to remain anonymous.  My family and I have been humiliated, degraded, and tortured for months.  I already know that you are aware of who I am, where I live, and what has happened.  I have been relentlessly studying your phishing tactics, codes, follow patterns locations, addresses, third-party loopholes, etc. for months over end.  I even phish myself to better understand the tactics.  There is no other story that falls in line with the mounds of evidence that I have been collecting over this past "Winter."  I have written several statements that already support what is shown in this magazine.

I lost my job at a the telecommunications company that you hacked, over a game and entertainment.  I have a few people that will be very interested in this magazine seeing as it's an exact timeline of events which I have already told to FBI, Charter Cyber Security, and local sheriffs.  Or we can make a deal for this sick form of entertainment and part ways forever.

Sent from my... You already know phone.

      Tommy

O.K... this letter is in first place for the Incomprehensible Award of this issue.  We've never been accused of having phishing tactics before, so this is definitely new territory for us.

Dear 2600:

Uhhm maybe I should have read this all the way through before replying.  This appears to be phished to me indirectly, correct?  Guy in the orange shirt dropped it off and knew I would find it is what I'm guessing.

Sent from my iPhone

      Tommy

He clearly has a real fascination with phishing.  And he's certainly not the first to believe that an entire issue was written with him specifically in mind.  But nobody around here wears orange.  So something clearly doesn't add up.

Dear 2600:

Holy Shit!  You guys are f*cking good!!  I want in.

Sent from my iPhone

      Tommy

What he didn't realize at this point was that he was already in and that what he really wanted was to get out.

Dear 2600:

I apologize for my threats.  It can be squashed now.

Sent from my iPhone

      Tommy

This came as a relief to all of us.

Dear 2600:

You ought to know my persona by now.  I would never harm anyone nor want to.  I need your help to become a better person and like always I skip through shit and don't read thoroughly.  This I will read several times thoroughly.

Sent from my iPhone

      Tommy

We've often been told that reading our magazine several times has a soothing effect.  Reading it only once can have precisely the opposite effect.

Dear 2600:

I jumped to conclusions before giving 2600 the respect it deserved and at the least apologize for my brashness, regardless of what you do.

Sent from my iPhone

      Respectfully,
      Tommy

All's well that ends well.

Dear 2600:

PFACNHK BASEHIT NASDAQ AKA HUMPY DUMPTY

      Edward T

Dear 2600:

Set C_N_R_M_F on your Radar right now!  Its Poised to take off!  Anticipating great reports!

      [phone number deleted]

It's these coded messages that really help get us through the day.

Experiences

Dear 2600:

Have you guys run across the Google "foo.bar" code challenges?

I was working on a bit of Python code for a 2600 article and did a Google search on some Python arcana.  I got my search results, but then my Firefox window sort of split and rotated down to reveal a page "behind" the page.

This page simply said, "You speak our language, would you like to take a challenge?"  There were three boxes, "Yes", "Maybe Later", and "Don't show me this again."  I clicked "Yes" and was taken to a web-based command line interpreter that controls a programming challenge system.

I completed two code challenges and found them entertaining.  No doubt they get much harder as you progress, but I wanted to get back to my work.  I've got no idea if the challenge will appear again and have deliberately not Googled it this evening to see if others are talking about it.

What does it lead to?  If I finish all the "Level 5" challenges, will Google offer me a job?

The initial problems seemed harmless enough, but I bet they get a lot harder.  Do they eventually become commercially useful?  Or close enough that Google engineers might crib my code without telling me?

Has Google really opened a Python and Java sandbox for random folks to run arbitrary code on their servers?

Anyway, it was a very interesting experience and I wondered if others in the community had come across it.

      Mike

This is indeed a real thing and we've heard a number of similar reports.  The google.com/foobar page is the starting point, but you won't get anywhere if you haven't been invited and particular Python code is what seems to trigger things.  It's really clever and interesting, but it also serves as a reminder that what you search for can trigger something somewhere to launch into action.  For now that's a positive thing.

Dear 2600:

I was listening to an aired Off The Hook from either late September or October, and you were discussing whether people in their 30s had used rotary phones.  I think the topic was regarding how a few kids were given rotary phones and some didn't know how to use them.

I wanted to mention that we only had rotary phones in our household until the mid-1990s, and I'm 34.  What I remember most about the phones was how frustrating it was if you misdialed your number and had to start over!  Do that a few times and your finger would fall off.

Also, you were talking about the Touch-Tone charge - up here in Toronto, from what I recall, we still had that charge up into the late-1990s.  A friend of mine still had a pulse dial until Bell Canada finally forced users over to Touch-Tone; his father refused to pay Bell the extra charge for Touch-Tone dialing.  Every time I dialed home from his place, I would have the number dialed but would then have to anxiously wait for the pulse tone to catch up.  And yet, I miss those days.

By the way, my parents have one of those huge wooden crank phones, intact with the guts.  I'll have to get some more back story, but it was handed down from my grandfather who was an electrician and grabbed it from a restaurant that was closing.

      David

That crank phone is a great find - never let it go.  Your friend's dad was quite wise to not yield to paying the phone company's fee for nothing.  It's amazing how long they got away with that little scheme.  To clarify one point, phone companies didn't cut off pulse service to customers - in fact, they should still work today on all POTS lines.  What you described was their tactic of forcing customers to use Touch-Tones and pay an additional fee by upgrading equipment in the central office so Touch-Tones could be detected and then ignored if the fee wasn't paid.  (Some Touch-Tone phones had a switch that allowed the buttons to be used in pulse mode, which is what you describe above.)  Older phone switches simply accepted Touch-Tones by default because they were considered standard equipment.  Only the newer technology had the ability to differentiate and thus take advantage of the consumer.  They could just have easily have charged extra if you hit the star (*) key on your phone.  This little history lesson teaches us something about the motivation of (((phone companies))) everywhere.

Suggestions

Dear 2600:

The new store looks good and ordering went smoothly.  If it is possible and cost effective, please think about adding vinyl stickers to the items you carry.  I would definitely deface/improve various things I own with stickers of your logo and other designs available on the clothing.

      Emilie

We will consider this.  We're also open to design ideas.

Dear 2600:

I plan on buying the "Blue Box" t-shirt, but wish you would have made the text blue, not white.

      Toby

If enough people want that, we'll consider it for our next run.

Observations

Dear 2600:

I work for a company that deals with merchant branded reward cards and, upon scanning a card with a strip, there is a number on one of the many lines that comes back.  The first digit in this string of numbers tells the little box in most retail stores if the card has an EMV chip or not.  If your card has this EMV technology, then the number is a 2 - at least that's what we have seen.  If it's a plain old strip card, then the number is a 0.  Here is the fun part.  If you have a reader/writer and clone a credit card with a strip/chip combo and simply change the number from a 2 to a 0, the credit card goes right through as normal without requiring the chip reader.  This could be used as interesting malware to circumvent the requirement for the chip reader to an unknowing consumer.

      Code Jester

This is fascinating as it defeats one of the major purposes of switching people over to the chip cards, which was to cut down on the epidemic of duplicated cards.  It's much harder to duplicate a chip card than it is a mag strip card.  But if it's possible to tell the machine to simply ignore the chip using the method above, we suspect this will become a huge issue in very short order.

Dear 2600:

Wanted to let you know that 2600.wrepp.com is an author index and is up to date as of October 2015 with no plans to stop (have a lifetime subscription).  I would suggest, though a work in progress, it's a bit more than an author index - it includes info on every article published including links (most with local GNU Wget copies), addendum (i.e., notes issue/page of author letters published concerning their article), is searchable, data may be downloaded, and has details on The Best of 2600 book.  Also, nychacker did email me and I honored his request in the July 2015 update.  Author feedback is always welcome.

      William R. Epp

This is a great service for our readers and we all thank you for dedicating the time to it.

Dear 2600:

As a watcher and reader of Internet news and entertainment, my hackles always rise when I see any reference to hacking.  I recently saw a story about JPMorgan and many other banks being "hacked."  I am referring to an article in The Hacker News.  "The three men... were charged with 23 counts including hacking, identity theft, securities fraud, and money laundering, among others."

The accused are charged with as many as 23 crimes and the first listed by the magazine is "hacking."  Is it really a crime?  I thought a crime was a crime and hacking was an activity or hobby.

I will continue to educate myself and make as many people as will listen aware.  I live in a rural area of Oklahoma.  I talk every day about how dangerous it is to leave your info on a company or bank website.  The company I work for insists on direct deposit, so the people here trying for "off the grid" living are being forced into exposure.

The story referenced above is listed as the largest information theft in history.  An estimated 100 million plus persons' information was stolen.  Aren't the banks partly at fault?  Where is their security?

      metal_cutter

These are all good questions.  But to address the first point, hacking itself is considered by many to be a crime, even though by most actual definitions it isn't.  It may seem trivial but it really isn't, as people accused of hacking are often being accused of merely experimenting or asking too many questions.  If we tie those healthy thing s to crime, we're only helping to perpetuate myths and build a very unhealthy society.

Dear 2600:

I have enjoyed 2600 for years.  Until recently, I exclusively read the Kindle edition since your magazine is difficult to get at bookstores and reading e-books is more convenient.  However, I have been feeling guilty because of Amazon's labor practices.  I also have privacy concerns.  Amazon knows as least how much of any book/magazine/newspaper you read and probably which articles as well.  Since you are now offering digests in EPUB format, I have canceled my 2600 subscription with Amazon and will buy the 2016 Hacker Digest in EPUB format when it becomes available (I already have all the 2015 issues).  It's a shame that you don't offer magazine subscriptions in EPUB format.  I would prefer to give all of my subscription money to you instead of partly to some middle-man.  If small science fiction and fantasy magazines such as Lightspeed Magazine can offer EPUB formats from their WordPress website, I'm surprised that 2600, whom I assume has greater technical prowess is unable to do so.  Otherwise, keep up the good work!

      Vernon

Right now, EPUB is the least popular of all of he formats we offer for our digests.  This surprises us since so many people were clamoring or it.  We have so much digitizing to do and so many formats to support, so right now we're trying to do what makes the most people happy.  We undoubtedly will be expanding even more soon.

Questions

Dear 2600:

I was wondering to what email address do I send images with "2600" in them?  I searched the site and, sadly, I don't have a copy of the mag in front of me or I wouldn't have to bother you.  Thanks for any help.

      Arthur

It's perfectly O.K. to bother us, though if you still I don't have a copy in front of you, this may be difficult to convey.  The address is the same as when you're sending in an article, which is articles@2600.com.

Dear 2600:

Are you only accepting articles and submissions, or do you accept fiction, too?  If you do, what email address would I send my story to?  Thanks much.

      Robin

Yes, not only do we accept fiction, but we've printed a good amount of it.  We even have a popular fiction series we've been running, the latest chapter of which appears in the back of this issue.  The address is, again, the same as for articles, which is articles@2600.com.

Dear 2600:

Hey, this is my second time emailing you - I haven't gotten a response from you.  I am running out of time.  Can you please respond and tell me to F off, or that you can help me or anything.  just please tell me something.  This is my life and I don't know who to tum to for help.  I went to the last 2600 meeting and met a guy that was going to help me, but my sister got into a car wreck and I had to leave abruptly and forgot to exchange info.  I can't wait another month to link up with him again.  So please at least talk with me.

      s

We don't want to appear callous, but this is not our purpose.  We hope your sister's O.K. and that you solve whatever unspecified problem you were working on.  We publish a magazine.  We're not detectives, counselors, or problem solvers.  You can probably find all three and more at our meetings, something you seem to already know.  Good luck.

Dear 2600:

I remember an article from one of the 1990s or early-2000s issues of 2600 that did an excellent job explaining how a quantum computer could find the factors of the product of two large prime numbers.  I don't remember anything more than that.  Could someone please look that up in the archives and tell me which year/month edition it was in?

      Owen

Going to our store and typing in the word "quantum" will yield the names of all issues that had such an article.  The same trick also works for other words.

Dear 2600:

Hello, I am part of a small group of Canadians who have discovered the art of the mail system.  Would you be able to help me locate some literature or articles pertaining to this?  Thank you much.

      Mike M

Another thing we're not is a library.  We've printed articles on postal hacking, though none on the Canadian postal system that we know of.  We would certainly like to and it sounds like you may one day be in the position to write a piece on this and help satisfy the curiosity of many others.

Dear 2600:

Hello friends, I cannot access the link for the Off The Hook DVDs on your store.  Is there any other link to use?

      Lucio

We no longer offer this in DVD format, which is why the link no longer works.  We're considering a thumb drive version for people who don't want to spend a lot of time downloading all of the shows that are on our website.

Dear 2600:

Is the paper edition of the Autumn 2015 edition available online?

      jeffrey

No, but the digital version is.  We haven't yet achieved the level of magic required to put actual paper online yet.

Dear 2600:

I really need some help with finding the right crowd, and I believe you can point me in the right direction.

For a school in Holland, I need to contact some people to help me hack the old beamers/projectors.  The school has received new touchscreen monitors for use in the classroom.  The old projectors that were used for this are now obsolete.  We would love to use them for projecting interactive games on the floor and walls of the school - simple things like Pong or Pacman, or simple racetracks , thing s of that sort...

Please, please, pretty please with cherry on top - can you help me find some people who can help me with ideas, software, and/or experience in this?  Thanks for even considering to try and help us.

      Rob

This shouldn't be too difficult with a little experimentation.  We suggest reaching out at a local meeting or hackerspace and finding people that might have a little knowledge in this field who would be willing to do some experimenting.  Failing that, looking up your specific model online along with a wish list of what you want to accomplish may prove useful.  The important thing is to get a number of people together who see this as a worthwhile challenge.  That is a powerful force to have on your side and it usually results in something positive.

HOPE Tickets

Dear 2600:

Wow!  That sold out pretty quickly.  I refreshed the page, added two tickets, hit checkout, and I got a cart with the message that all the tickets were sold out.  I clicked on continue and my cart was empty.  Can't believe that really happened in less than three seconds into 11:11.  Hope there are more tickets for sale soon.

Good luck with The Eleventh HOPE!

      Jalil

Thanks for the support and we're sorry you didn't get tickets in the first batch (released on 11/11 at 11:11).  By the time you're reading this, we will have had one more semi-discounted offering and the normally priced tickets will be on sale hopefully for a while to come.

Dear 2600:

This was upsetting.  I was online at 11:11 and kept adding tickets to the cart for ten minutes straight to only see them automatically being removed.

If there are still tickets available at $100, I would like to purchase two.

      Vladimir

We only offered 100 tickets at that low price.  All kinds of weird things can happen when that many people are trying to do the same thing at the same time.  It's nothing personal.

Dear 2600:

I was on this from just before 11:11 until 11:25 or so.  I tried to order immediately once the button stopped being grayed out, but although it let me add a ticket to my shopping cart, when I went to check out I was told the item had sold out and my cart had been emptied.  When I went back to the order page, the item still showed as being available.  I tried several times and got the same results.  Did the tickets really sell out in a few seconds, or was this a glitch with the store?

      Vladimir

Probably a little of both.  We were afraid we'd break the whole thing.

Dear 2600:

I bought tickets to HOPE in 2014 and flew to New York City for it, but then couldn't even get inside because it was too packed.  Why would I ever buy tickets again?

      S.

While we had a lot of crowded talks, there was never an instance where the entire conference was too packed for people to go inside.  There are always going to be rooms where the laws of physics and public safety make it impossible for everyone to be able to get in.  In those cases, we provide as many overflow areas as we can.  But a good rule of thumb is to never plan your entire trip around a couple of talks.  There is so much else going on throughout the conference that it's almost a challenge not to find something interesting to take part in.

Dear 2600:

Hi.  Myself and a few others tried repeatedly to purchase tickets and they kept being remove d from our cart at checkout, even when the site still showed inventory.

      Lauren

Most likely tickets were selling faster than the software could update the inventory.  The only chance you'd have at that stage would be if a sale were canceled.

Dear 2600:

Not sure what happened, but I was diligently reloading the page waiting for the ticket sale, was able to add several tickets to my cart, but was unable to check out.  I was going through a loop for about four or five minutes.  It appeared as if I had three tickets reserved, I was able to get them into my cart repeatedly, but would then error out.  I would go back to the page and get a message stating that there were two or three tickets left.  Multiple browsers were confirming that tickets were available and allowing me to add them to the cart.

I would really appreciate if the order I can demonstrate here and which is corroborated by the server logs would be honored.  I attempted several browsers: Firefox, Chrome, and Edge, running from Windows 10.

      Robert

We don't doubt your account.  But the same thing happened to scores of other people.  Merely adding tickets to the cart is only the first step.  You don't actually have the tickets until the sale is approved.  It was likely more luck than skill that determined who got through, just as with any event involving a massive amount of people.  If there was any skill used, we'd sure like to know what it was as nobody here succeeded in getting through either.  And we knew the instant the button was pushed, so we had a big advantage.

Dear 2600:

Let me first say I love the hacker quarterly.  I wish it was released monthly - the articles are great and I always learn something, if not a plethora of new things!

Anyway, on to the meat and potatoes of this letter: I am interested in attending The Eleventh HOPE conference.  I have heard nothing but great things about previous events.  My co-workers went to HOPE X and still talk about how awesome it was.  I checked the site a few weeks ago and could not find anything about the next one.  I just checked back and it looks like pre-sale tix are already gone!

I really don't want to miss out on The Eleventh HOPE, so can you please, please tell me when the next ticket sale will be and how they are purchased?

You guys are amazing!  Thanks for your time!

      Melissa

Thanks for all of the praise - it helps to fuel us.  We took the liberty of adding you to the HOPE announcement mailing list so you get notified whenever a new ticket sale comes along.  Good luck!
Return to $2600 Index