34 stories
1 follower

Sun and Earth

4 Comments and 8 Shares
But we don't need to worry about the boiling masses sandwiching the thin layer in which we live, since we're so fragile and short-lived that it's unlikely to kill us before something else does! Wait, why doesn't that sound reassuring?
Read the whole story
Share this story
3 public comments
41 days ago
0 days without a potentially culture-destroying event
44 days ago
But we don't need to worry about the boiling masses sandwiching the thin layer in which we live, since we're so fragile and short-lived that it's unlikely to kill us before something else does! Wait, why doesn't that sound reassuring?
44 days ago
But we don't need to worry about the boiling masses sandwiching the thin layer in which we live, since we're so fragile and short-lived that it's unlikely to kill us before something else does! Wait, why doesn't that sound reassuring?


4 Comments and 14 Shares
I bet if I yell at my scared friends I will feel better.
Read the whole story
Share this story
4 public comments
611 days ago
This seems to be what the news is saying.
611 days ago
What, the scared friends that have been yelling at everyone else that they're racist?
611 days ago
Melbourne, Australia
611 days ago
I bet if I yell at my scared friends I will feel better.

Defy, Defy, Defy.

1 Comment and 3 Shares




Copyright 2015 by the named Popehat author.
Read the whole story
Share this story
1 public comment
927 days ago
CAUTION: may contain Muhammed.

The Road To Popehat: Questionable Life Choices Edition


It's time for the Road to Popehat: the feature in which we check out the traffic logs, see what searches brought you here, and contemplate whether a Trump presidency would really make such a big a tonal difference.

This time: go home and sit down and think about your life.

does slander count when you're drunk OK sir I see I'm going to have to ask for a larger fee deposit on this one.

is defamation good or bad? Welllllll, it's good for business.

a judge called me an arsehole can i sue him Definitely. For slander. And possibly RICO. I'll wait here and watch.

the new wife said she wished i would just die, is that a threat I'm just spitballing here but have you tried not calling her the new wife?

what does it mean when your boss tells you that he could still investigate your wrong doing, does he usually end up looking into it? Okay. First I need you to calm down. Let's not speculate. Let's prepare for different possible outcomes and be ready to discuss developments. The important part is that you calm down and be patient.

if your boss says "he could still look into it" is he just making a threat or is he actually going to possibly look into it? Goddammit.

is it worth it to complain about a cop There are faster ways to get threatened and beaten, but hey, yeah, sure.

because every interaction that a man has with a woman these days can be construed as harassment should men wear body cameras Coming up on the Mark Levin show, right after this break!

do white people have a right to be offended when generalisations are made about them? Yes, white people have the same right — conferred by God and recognized in the Constitution — to be as unproductively sensitive as anyone else.

step 1: respond to the following: many men believe that their “wolf whistles” and “cat calls” are forms of innocent flirting. the textbook, however, suggests that when taken all together, they help to create of a hostile environment for women. using material from the text and techniques of sociological analysis, discuss the pros and cons of this perspective. be sure to respond to at least two of your peers. Okay, so you're not merely trying to get the internet to do your homework for you, you can't even be bothered to reframe the question into a rational search term? On a question like this? Are you planning a career of lying in a vat and selling your organs?

why are lawyers so glamorous I will answer you as soon as I finish sitting on a rock-hard bench next to a trembling meth addict for three hours waiting for a former DA who knew someone who knew the governor wander onto the bench and call my half-minute-long hearing.

popehat mediocre thugs Glamorous mediocre thugs, please.

Read the whole story
Share this story

Bold Startup Dryvyng Brings Robust American Values To Ridesharing

1 Comment

TUSCON, ARIZONA ARBY'S PARKING LOT (AP): All internet entrepreneurs know they face obstacles. But few can identify those obstacles as specifically as Craig Brittain and Chance Trahan, the minds behind aspiring Uber-killer app Dryvyng.

"Bitches," Brittain says. Trahan nods, his matte-black tribal tunnel plugs swaying approvingly.

"Bitches and Obama, basically."

The two men seem ready to meet the challenge as they ready their innovative startup. Brittain, Dryvyng's CEO, brings extensive experience with the intersection of transportation, commerce, and government. Trahan, Dryvyng's branding maven, is an expert at identifying and incorporating existing successful marketing strategies. Together with legal guru and silent partner David Blade (known to friends and foes alike as "The Hammer"), these young men want to revolutionize ridesharing by rescuing it from feminists, Obama supporters, and other Social Justice Warriors.

How will they do it? Though efficiency, top-notch management skills, and a principled refusal to recognize domestic laws, regulations, or courts. "Lots of startups have problems with investors," said Brittain. "We never will. First of all most investors are fucking idiots. Second, if investors sue us, they'll be wasting their time and money. The sovereign state of Great Brittain does not recognize the so-called American courts. Government contract enforcement is tyranny."

"Also, Great Brittain needs women," Brittain added.

Brittain and Trahan plan to distinguish Dryvying from its competitors through innovative pricing and payment models. "Customers can pay for rides with ten different kinds of cryptocurrency, with nude pictures of exes, and with goatee maintenance equipment," noted Brittain. And there will be innovative pricing to match. "If you pay our base rate, we keep the right to sell information about where you went and who you were with," said Trahan. "For a 25% surcharge, David Blade will keep that information confidential." Brittain also noted that suitable riders can also reduce their rates though participation in photography projects that may lead to lucrative modeling contracts. But that's not the end of the revenue streams. "At first we were live-streaming Chance Trahan's music in the cars as a branding technique," said Brittain. "But then we realized: why give value away? And why put up with all these complaints and claims of 'distraction' and 'convulsions'? If you have value, get value. So now, if you don't want to listen to Chance's music in the cars, you have to pay another 30%."

"We get a 99% buy-in rate on that one," Brittain bragged.

Market segmentation is another key. "Uber and Lyft don't know what they're doing," Brittain boasts. "They market to anyone. We don't. We're not looking for colorful riders, if you know what I mean. We're looking for classy riders. And we know what they want. Take GamerGate. We're going to be huge with GamerGate fans. We defy SJWs, we let you play games in our cars. We'll let you vape. You can vape like a motherfucker, dude. We have Trilby racks. We're looking into installing backseat laptops so you can keep up with internet debates. They'll have macros for "RICO" and "cunt" and all the terms you need. Why would you ride with anyone else?"

But can you trust their drivers? Many consumers have horror stories of rude or creepy encounters with at the hands of Uber or various taxi services. "Absolutely, man," says Trahan. "Look: we vouch for these drivers. They're vetted. They're clean. They are post-probation. They run in the same social circles we do — that's how you know you can trust them."

"It's all about character. That's how you know how well we'll do. Because character is destiny."

Read the whole story
Share this story
1 public comment
961 days ago

Welcome to The Internet of Compromised Things

3 Comments and 7 Shares

This post is a bit of a public service announcement, so I'll get right to the point:

Every time you use WiFi, ask yourself: could I be connecting to the Internet through a compromised router with malware?

It's becoming more and more common to see malware installed not at the server, desktop, laptop, or smartphone level, but at the router level. Routers have become quite capable, powerful little computers in their own right over the last 5 years, and that means they can, unfortunately, be harnessed to work against you.

I write about this because it recently happened to two people I know.

In both cases, they eventually determined the source of the problem was that the router they were connecting to the Internet through had been compromised.

This is way more evil genius than infecting a mere computer. If you can manage to systematically infect common home and business routers, you can potentially compromise every computer connected to them. that ever connects to the Internet through those routers, forever.

Hilarious meme images I am contractually obligated to add to each blog post aside, this is scary stuff and you should be scared.

Router malware is the ultimate man-in-the-middle attack. For all meaningful traffic sent through a compromised router that isn't HTTPS encrypted, it is 100% game over. The attacker will certainly be sending all that traffic somewhere they can sniff it for anything important: logins, passwords, credit card info, other personal or financial information. And they can direct you to phishing websites at will – if you think you're on the "real" login page for the banking site you use, think again.

Heck, even if you completely trust the person whose router you are using, they could be technically be doing this to you. But they probably aren't.


In John's case, the attackers inserted annoying ads in all unencrypted web traffic, which is an obvious tell to a sophisticated user. But how exactly would the average user figure out where this junk is coming from (or worse, assume the regular web is just full of ad junk all the time), when even a technical guy like John – founder of the open source Ghost blogging software used on this very blog – was flummoxed?

But that's OK, we're smart users who would only access public WiFi using HTTPS websites, right? Sadly, even if the traffic is HTTPS encrypted, it can still be subverted! There's an extremely technical blow-by-blow analysis at Cryptostorm, but the TL;DR is this:

Compromised router answers DNS req for *.google.com to 3rd party with faked HTTPS cert, you download malware Chrome. Game over.

HTTPS certificate shenanigans. DNS and BGP manipulation. Very hairy stuff.

How is this possible? Let's start with the weakest link, your router. Or more specifically, the programmers responsible for coding the admin interface to your router.

They must be terribly incompetent coders to let your router get compromised over the Internet, since one of the major selling points of a router is to act as a basic firewall layer between the Internet and you… right?

In their defense, that part of a router generally works as advertised. More commonly, you aren't being attacked from the hardened outside. You're being attacked from the soft, creamy inside.

That's right, the calls are coming from inside your house!

By that I mean you'll visit a malicious website that scripts your own browser to access the web-based admin pages of your router, and reset (or use the default) admin passwords to reconfigure it.

Nasty, isn't it? They attack from the inside using your own browser. But that's not the only way.

  • Maybe you accidentally turned on remote administration, so your router can be modified from the outside.

  • Maybe you left your router's admin passwords at default.

  • Maybe there is a legitimate external exploit for your router and you're running a very old version of firmware.

  • Maybe your ISP provided your router and made a security error in the configuration of the device.

In addition to being kind of terrifying, this does not bode well for the Internet of Things.

Internet of Compromised Things, more like.

OK, so what can we do about this? There's no perfect answer; I think it has to be a defense in depth strategy.

Inside Your Home

Buy a new, quality router. You don't want a router that's years old and hasn't been updated. But on the other hand you also don't want something too new that hasn't been vetted for firmware and/or security issues in the real world.

Also, any router your ISP provides is going to be about as crappy and "recent" as the awful stereo system you get in a new car. So I say stick with well known consumer brands. There are some hardcore folks who think all consumer routers are trash, so YMMV.

I can recommend the Asus RT-AC87U – it did very well in the SmallNetBuilder tests, Asus is a respectable brand, it's been out a year, and for most people, this is probably an upgrade over what you currently have without being totally bleeding edge overkill. I know it is an upgrade for me.

(I am also eagerly awaiting Eero as a domestic best of breed device with amazing custom firmware, and have one pre-ordered, but it hasn't shipped yet.)

Download and install the latest firmware. Ideally, do this before connecting the device to the Internet. But if you connect and then immediately use the firmware auto-update feature, who am I to judge you.

Change the default admin passwords. Don't leave it at the documented defaults, because then it could be potentially scripted and accessed.

Turn off WPS. Turns out the Wi-Fi Protected Setup feature intended to make it "easy" to connect to a router by pressing a button or entering a PIN made it … a bit too easy. This is always on by default, so be sure to disable it.

Turn off uPNP. Since we're talking about attacks that come from "inside your house", uPNP offers zero protection as it has no method of authentication. If you need it for specific apps, you'll find out, and you can forward those ports manually as needed.

Make sure remote administration is turned off. I've never owned a router that ever had this on by default, but check just to be double plus sure. I suppose it never hurts to check.

For Wifi, turn on WPA2+AES and use a long, strong password. Again, I feel most modern routers get the defaults right these days, but just check. The password is your responsibility, and password strength matters tremendously for wireless security, so be sure to make it a long one – at least 20 characters with all the variability you can muster.

Pick a unique SSID. Default SSIDs just scream hack me, for I have all defaults and a clueless owner. And no, don't bother "hiding" your SSID, it's a waste of time.

Optional: use less congested channels for WiFi. The default is "auto", but you can sometimes get better performance by picking less used frequencies at the ends of the spectrum. As summarized by official ASUS support reps:

  • Set 2.4 GHz channel bandwidth to 40 MHz, and change the control channel to 1, 6 or 11.

  • Set 5 GHz channel bandwidth to 80 MHz, and change the control channel to 165 or 161.

Experts only: install an open source firmware. I discussed this a fair bit in Everyone Needs a Router, but you have to be very careful which router model you buy, and you'll probably need to stick with older models. There are several which are specifically sold to be friendly to open source firmware.

Outside Your Home

Well, this one is simple. Assume everything you do outside your home, on a remote network or over WiFi is being monitored by IBGs: Internet Bad Guys.

I know, kind of an oppressive way to voyage out into the world, but it's better to start out with a defensive mindset, because you could be connecting to anyone's compromised router or network out there.

But, good news. There are only two key things you need to remember once you're outside, facing down that fiery ball of hell in the sky and armies of IBGs. sky.

  1. Never access anything but HTTPS websites.

    If it isn't available over HTTPS, don't go there!

    You might be OK with HTTP if you are not logging in to the website, just browsing it, but even then IBGs could inject malware in the page and potentially compromise your device. And never, ever enter anything over HTTP you aren't 100% comfortable with bad guys seeing and using against you somehow.

    We've made tremendous progress in HTTPS Everywhere over the last 5 years, and these days most major websites offer (or even better, force) HTTPS access. So if you just want to quickly check your GMail or Facebook or Twitter, you will be fine, because those services all force HTTPS.

  2. If you must access non-HTTPS websites, or you are not sure, always use a VPN.

    A VPN encrypts all your traffic, so you no longer have to worry about using HTTPS. You do have to worry about whether or not you trust your VPN provider, but that's a much longer discussion than I want to get into right now.

    It's a good idea to pick a go-to VPN provider so you have one ready and get used to how it works over time. Initially it will feel like a bunch of extra work, and it kinda is, but if you care about your security an encrypt-everything VPN is bedrock. And if this is bedrock. If you don't care about your security, well, why are you even reading this? for your sake I hope you only visit HTTPS websites, ever.

If it feels like these are both variants of the same rule, always strongly encrypt everything, you aren't wrong. That's the way things are headed heading . The math is as sound as it ever was – but unfortunately the people and devices, less so.

Be Safe Out There

Until We focus so much on "computer" security that, until I heard Damien's story and John's story, I had no idea it hadn't even occurred to me that router hardware could be such a huge point of compromise. I didn't realize that you could be innocently visiting a friend's house, and just because he happens to be the parent of three teenage boys and the owner of an old, unsecured router that you connect to via WiFi … your life will suddenly get a lot more complicated. And everyone else who connects to it.

As the amount of stuff we connect to the Internet grows, we have to understand that the Internet of Things is a bunch of those are tiny, powerful computers, too – and they need the same strong attention to security security and attention that our smartphones, laptops, and servers already enjoy. get.

[advertisement] At Stack Overflow, we help developers learn, share, and grow. Whether you’re looking for your next dream job or looking to build out your team, we've got your back.
Read the whole story
Share this story
3 public comments
1056 days ago
very informative
1078 days ago
Safety first - is your router easy to hack?
1079 days ago
??, NC
1076 days ago
Punching up "set up home VPN" ever higher on my to-do list
Next Page of Stories