Showing posts from 2017

What Hegel would have said about Closed Source Software

Hegel if you don't know was a man who invented profoundly unique and introspective ways of thinking that are still shaking the grounds we walk our ethics on today. In this post I'll talk about how you can appreciate one mode of thinking that was inspired by his writing called dialeticism and how it can show you the utter nonsense rhetoric that motivates non-open and free-ness of software.

Dialectical deconstruction and The Halting Problem
Dialtecticism for the most part is about understanding that everything that exists; can be argued as dependent on things that define its non-existence. Essentially all existence works like a donut; the part of the donut that is missing is also part of the donut - life is only in existence because death (its complete opposite and "unexistor" must also exist). Another way to wrap this up is to use (what will potentially become) a very popular dictum: every identity depends on the identification of non-identity too! In order for the i…

Software already runs inside your head!!

(Cross post from another blog - enjoy!)

Strung together some rhetoric/theories about why software must already exist in your head: Slavoj Zizek during an interview mentioned something about how things would probably change once we can truly interface software with brains. Here I produce some words on why I think that has actually always been true. Enjoy :)

I would have words about the reality of software not already existing in your head. I would argue that the very idea of what software does is evidence that the algorithm has already representatively been ran inside your head (this convoluted rendering of the software itself is entirely the practice of software. Since it is entirely a collection of such convolutions of instructions and patterns at every level of its existence therefore your head and your ideas of software do not escape this collection as part of the existence of the software).

This must be true (software is in your head what it is in the computer exactly) since if the…

Neo-Nietzschian Decadence of Choice in Closed Source Software

Lots of folks probably don't know who the Gnuru is (Richard Stallman). The dude who's code has been in every open source operating system since before most of the noobs running around musing themselves with nonsense rhetoric about why close source programs make sense for anyone besides the people who make money off of it. This man has been talking himself half to death trying to carefully explain very simple reasons why closed source programs do not benefit users; and of course his argument extends beyond security and into the realms of civil liberties and privacy.

Essentially Stallman's position is that close source non-open and free software has malicious features in them - these claims are not those of a man who has lost his mind or is being overly paranoid. People will think that maybe because they are deluded by his capability as a reverse engineer - I have no such delusions about his skill; pretty sure he can reverse engineer the shit outta anything; pretty sure he …

Public Disclosure Shaming SO HOT RIGHT NOW

Obviously I'm going to employ that very popular zoolander meme. Because i think InfoSec (not exempt unfortunately in its vulnerability to group think hypnosis) is becoming this meme.

Critically speaking:
The amazing culture that has taken over what seems to be a large section of the InfoSec community is to shame and lambast people who publicly report bugs. This is done with the notion that exposing potential attackers to knowledge of the bug somehow makes matters worse.  (If i understand it correctly)

Couple interesting questions:

Will lambasting and shaming cause more people to make us aware of the bugs?Does it really make things worse for users?How much worse is this worse for users? Can we argumentatively determine the weight of the worse-ness for users?Is it always always better to only report to the vendor?Is every bug when reported publicly immediately worse in effect before the vendor responds? Now that last question is the ringer for me. I'll start with this one: "…

[InfoSec Rant] "Unspecifying" vulnerabilities is a vulnerability for vulnerability specification.

There is a practice in the information security world in which vendors issuing statements about the vulnerabilities reported to them can withhold as much information as they like; reducing what is meant to be helpful identification and declaring of software errata as another place for companies to save face. It is literally like someone writing a book and lying about things they got wrong so the book keeps selling- given the strong language parallels I can make here this analogy is quite applicable! Essentially capitalizing not only on software but also on the errata of their software. Which is to say they make money from making mistakes in the way the have essentially declared they will make money i.e. "We said we would sell you this wonderful software, but it turns out is completely broken and possibly doesn't do anything we initially promised it does; so in order to preserve our rights to say it does the initial stuff we promised we are not really gonna tell you why the s…

I started a youtube channel!

Hi folks!  I started a youtube chanel; check it out in the link below ;) 

[Meta-Analysis] Rick n Morty S1E10 : Broken Authentication Joke

Hi folks! This is a continuation on the blog post I did before about Rick n Morty S1E10's analysis! Enjoy!

The allegorical reference I'd like to get into is the broken authentication protocol used by the Council of Rick's Security Officers in the restaurant. The scene happens after Rick has escaped the council's trail in which he was accused of murdering a bunch of Ricks. This is where he ends up after running through a number of universes to through them off his scent.

Council Of Rick's broken authentication 
In this scene the Rick's try to claim that they are to be securely identified by a simple "X"; a marking they to that the restaurant concierge doesn't confuse them for Rick C137. What is happening is an authority is claiming they are in charge of a given means of identification "they are the only one's with the right signatures (X's)".   In a way this is an expression of something governments do all the time; that is mark p…

[Meta Analysis] Rick n Morty S3E1 : Rick's Anti-Tamper System

In Rick n Morty Season 3 Episode 1, the writers guide us through a dizzying array brilliantly constructed Information Security allegory. I tried to encapsulate all this in a previous post but I missed one! Here I dig into and explain what I think is the information security joke behind Rick's Garage Flies.

[Meta Analysis] Rick n Morty S1E10 : The Internet Privacy Episode (Part 1)

Hi folks! Here's another review of a Rick n Morty episode, this one is filled with a dizzying amount of obvious privacy, anonymity and totalitarianism references. If you like the internet, Tor and your freedom of speech I think this episode has a lot of allegory you would appreciate! There is a lot to explain in this episode so I'm breaking this up into a series of posts. Anyway, Enjoy!

[meta analysis] Rick n Morty S1E4 : Simulation Theory and Machine Learning

Is this even real life?

[Meta Analysis] Rick 'n Morty S3E1: The Hacker's Episode

Hi folks, I'm a huge Rick n Morty fan, sometimes when watching it i can draw strong allegories and puns that relate to security, privacy, physics, psychology and wide range of crazy scientific fields. Knowing this I've decided to do some reviews of Rick n Morty where I expose this allegory to the wonderful folks who practice these sciences and those who would like to ;) Enjoy!

[Philosophy] A discussion on the realities of belief

This is from a quora post I'd like to boast about a little on my blog because I think the rhetoric I've rendered is quiet entertaining to read :) Enjoy! 

There is no use in “belief”. According my understanding belief indicates absolutely nothing besides an assumption of pre-existing proof. When does belief happen? Let us talk about the ideology of believing things, and whether it does actually work the way people assume it does. According to how I understand the common rhetoric: belief is assumed to be what makes something true or allows you to assume things are true or means that something is true.  I am open to taking argument on my definition of the concept, this is inductive reasoning my induction will be as strictly logical (as logical as I believe i can render it) but whether this is true will depend on if this definition stands up to test. You are welcome to test it (recursion). People blur the lines between whether belief is what renders things true or if things that hav…

[Philosophy] Thoughts on the ontological duality of software data and instruction

This post is part of another I'm detailing out as an extension of my discussion of the ontology of software, I thought it might be a good idea to slip this in as a seperate post so it can be consumed in isolation and built up on / referenced future posts, enjoy!

What is program Input? Or Program Data?
If we should consider that there is such a thing as an input/data to a program, what would that be? In the common cognition this is something you enter into the program/software for computation. But how is this "entered"? What does a software do to "accept" input/data? What is input/data
Input/data is something that must change the state of a software/program deterministically and uniquely (2).  We know that a given input/data was been computed because there is a deterministic pattern of states that is assumed by the software after "accepting" the input (a kind of "response"). If a completely arbitrary set of states are assumed in response to a…

[Philosophy] The ontology of software

Being a computer scientist before I am a hacker means I spend a lot of time thinking about the general ideas we use to process information and produce meaningful algorithms and computations. But of course being a philosopher before I am even a computer scientist means I think also a lot about what things are, how they are, why the the way the are and how we manage to say the are in such ways. (top-down)

I like asking questions and this aggressive question asking has led me to thinking about the ontological nature of software.  This post is a collection of a few potentially meaningless stabs I'm taking at what I perceive is the currents state of affairs (this was a typo at first, left it in as a joke for reasons obvious later) with regard to the nature of software's philosophical ontology.

Context based Entropy : How to use keyed-steganography

I have spoken to a couple of people about this idea, those who know a little bit about steg often tell me this idea is pretty cool so I'll make it a little more public, see who catches it and starts doing interesting things before i do. Not saying I came up with this first, totally happy to pass the torch if I am to do so. But I do believe this idea could revolutionize security, cryptography and introduce a level of steganography to communication channels that is as hard to break as a secret key is to guess. I believe this possibly because my faculty for reasoning is flawed OR I'm missing something about my construction (I'm not a cryptographer--not a qualified one at least I'm just a dude who thinks about things a lot and just so happens to work in information security). 

So here I will lay out the idea, will all the notions expressed that I think make it work, and if they are true you should also agree with its advantages should it really work as i propose. 

[OPINION] How AI will change Information Security

AI is become more more prevalent in basically every single research area; that is to my mind undeniable. I remember when using neural nets use to be experimental (or hip and cool), now you can download a python package that handles building and training them for you! So there is definitely a significant up trend in the prevalence of AI and machine learning based technology in research.  I would need to be a special kind of moron to not guess that this will also spill over into information security.  The question is how will this affect us infosec people?

Why Security exceptions shouldn't exist.

There's something that happens in pentests more often than any pentester would like to admit. Security Exceptions, findings in a security assessment that get marked as "no need to fix" by the larger organization's security operation (usually). In this post I'm going to talk about why the philosophy of this idea is fundamentally broken and will not benefit any org that has such a policy enforced in such a way.

Why geeks should "get" fashion

This post is about something I've been pondering for a while, why the really really insanely unique minds in the geek culture aren't getting involved in creating awesome clothes for people like them? Why don't geeks get into fashion design? We are definitely smart enough to do literally anything we can think of, what is it about fashion that makes classic tech nerds avoid it?

I work in an extremely technical industry (the computer/software/hacker/breaker/maker technical industry), that means I work with a lot of "nerds" who aren't considered the most "trendy" people. Now I totally totally get why these kinds of extremely intelligent people would not swoon every-time supreme makes a cross over with adidas lol here are a couple of reasons:

[RANT] Why Browsers are a crazy idea

Browsers pretty much govern how we interact with the internet, people built the internet realized they needed a way to exchange documents, someone came along and built this program that is kinda only meant only to display documents on the web and only to people in the military. This was fine for a couple years and eventually people started looking at the internet as less of a library and more of a communication platform and of course communication happens for various reasons few of which the internet and by extension browsers were actually designed for!