A History In Connections, Part Two: BBS

I can’t remember exactly which magazine it was, but at a certain point I found out about a piece of software called Toneloc, a war-dialing program. Basically you would feed it a phone number, where some of the digits would be wildcards, and the software would dial all the numbers that fall within that wildcard.

It would then hold a log file for you, indicating at which numbers the software had connected to a modem, a fax, or a “yelling bastard,” named after the usual response when a real person picked up our war-dialer in the middle of the night and heard nothing but modem sounds.

So, I was now at the stage where I had a 14k4 modem, actually hooked up to a phone line, and by the life of me I do not remember how I got hold of the software, but after many weeks trying to understand how to even operate it, I was now dialing every single number in Amsterdam.

I could tell you the aftermath, when the phone bill came, but that part is pretty obvious when you consider I was a teenager living at home, and not paying for the bill myself, and this is also not the most interesting part of the story.

So I had a log file… I had a couple of numbers, the scan did not complete because I exited out of it, and some of them were modems.

I began dialing them with my terminal program, mostly being presented with just login prompts, nothing to indicate where I was connecting to. Until the one number…

All of a sudden random characters seemed to appear on the screen, bright and colorful, and they would soon be grouping together in the form of a picture. Art done with ANSI terminal emulation. Yes, I would later find out this was called ANSI Art.

It was a bulletin board system, a BBS… In fact, it was Snow, a BBS operated by a sysop (they were called sysops) calling himself Zanda.

What happened next is truly a story upon itself, and I will treat it as such, but basically this strange almost random sequence of events made me one of the people who would just, only just, experience the tail end of the BBS underground, before the Internet was even a thing.

qxzxq

A History In Connections, Part One: Imagination

I was thinking the other day what my first ever successful connection was, using computer to computer communication devices, which in my earlier days, where modems. I am from the time where the 14k4 ruled, though I did have a modem in my first computer, which was a 9600 baud one.

It is this first modem, the 9600 baud, that I will focus on today.

I was about twelve years old, as far as my memory serves, when I got this machine, originally an XT motherboard, but my technology genius uncle had taken the machine apart an upgraded the motherboard and hard drive. I now had a little bit more speed, and a massive storage upgrade of 10 Megabytes. The hard drive was pretty massive for its 10 Megabytes, and heavy as hell, but that might also be because I was a lot smaller back then.

The computer did contain a modem card, but my mother obviously refused to hook it up to the phone line, since she had no clue what this whole modem thing was about, and was concerned about the phone bill most of all. A fear that would be all too realized during my plays with the next system that would come in the future.

Anyway, I managed, somehow, to understand that there was this terminal program installed on the machine, of which I do not remember the name anymore, but after playing around with the program, and reading a book on modems, I started to understand that the terminal program was where I should have been able to make connections.

I had no clue at this point yet about modem numbers vs. faxes vs. Screaming Bastards, that would come a few years later, but I did figure out how to open up the dialing screen.

I entered a few numbers, mostly home phone numbers from friends, and saw the modem desperately trying to make a connection, only to tell me that there was an error while establishing the connection.

I did understand that this was because it was not hooked up to the phone line, so my young mind just started fantasizing mostly about all the machines that would be my domain as soon as a connection would one day be successfully established.

I even went as far as writing QBasic programs that I would open after playing with the modem software, that simulated the computer hacking I had seen on movie screens. In fact, just on a side note, there should be a floppy disk floating around somewhere that still has my perfect replica of The Fly’s transporter pod software.

I think I spend at least three years “playing hacker house” this way, and because of my young brain, this was perfectly acceptable. It would be about a year, or maybe two, later where I actually found myself with the 14k4 modem, this time connection at the back with that magical phone line, but that is a story I will tell you in the next part.

The one thing I did take away from my playing was a sense that there was something about all these different terminal emulations. There was a whole bunch of them: ANSI, Kermit, ZTerm, etc. Not a clue what they meant yet, but as you might have noticed, having terminology thrown at you when dealing with computers is like building little coat hangers, empty ones, in your brain, and slowly over the time you delve deeper into the subject, you start being able to hang coats, the right information that goes with the empty hanger, on them, and so you slowly fill in the gaps of your knowledge.

qxzxq

How Fast Will This Get You On Another List?

So I was wondering the other day about all the CCTV cameras spread across the city, in fact I believe that this particular city has no corner not observed.

I came across a couple of relatively easy to make jammers that would do the trick if the articles were to be believed, and I believe they were. Not that I know much about jamming a CCTV camera, but the spectrum sweeping method they described seemed plausible enough.

Then I though about something else, infrared LEDs… I remembered that I was once totally baffled, as a child, that when I held a television remote up to my camera, and pressed a button, I would actually see the LED at the front blink on and off.

I started searching around and it seems like this would actually be a very effective method to obscure any part of you, preferably the face, that is caught within the beam of infrared light, and so it seems some people have already successfully deployed this method.

My next question is: If I were to build a cap that can hide my face from the CCTV cameras, what will happen?

I shall report back on that later, once I have built and tested my infrared cap.

qxzxq

The Life On Demand Generation (Or How I Refuse To RTFM)

What strikes me as interesting, being a software developer, is that in my opinion the biggest bug in any system are its users.

I am working on a pretty high traffic project at the moment, with a user base that is particularly illiterate when it comes to technology, thus I am continuously asked to make things more “user friendly”.

I am actually bending my brain in circles within circles to try to understand, catch, and deflect any weird user behavior, and have “the system” deal with it, without confusing the user.

Now some people might think this is just the way it is. This is the way we as software developers have committed our time and energy to the paycheck we receive at the end.

But it isn’t always like that in technology… Let’s say you have a washing machine, and it comes with three buttons to operate, as most washing machines do. If you put in your wash and you press the wrong button, and nothing happens, you wouldn’t file a bug report with the company who provided you with the machine would you?

You are expected, in the case of the washing machine, to put in a little effort as the end user, a learning curve that is accepted. Some of your time is required so not everyone in the world will need individual support operating the machine, and so we can keep mass-producing, and building better machines. Comfort for everyone.

As a web developer, I take my job pretty seriously, and when I release a new feature to the masses, I expect this to be a working feature, with much of my time spent on testing what I am releasing. So there is a certain design to what I create.

But I am not allowed my design. We users refuse to put in any effort to learn a system for the most part, they do not “read the manual.”

Everybody expects a website to be this utopian world of user friendliness, that really doesn’t exist to be honest, since there are so many users wanting to use a system in so many ways.

I just wonder, what ever happened to RTFM?

qxzxq

Using YouTube as a Cloud Storage, Part One

So I have recently been experimenting with generating both video and audio from Ruby, and ran into an interesting little experiment I am involved with now.

I will soon be making a video about this, but I wanted to announce this anyway.

The main premise is to encode binary data to audio pulses, generating a little video on top of that with a white block pulsing in sync with the audio, and uploading this to YouTube, either as a private or public video.

The video can then be downloaded back from YouTube, and decoded by reversing the process that was used during encoding.

This will give you the original binary data back, which can then be converted to whatever the original data was.

That will give you unlimited cloud storage if you ask me :p You can read the data either by audio, or by video, and you could technically even build a little device that can read the data via the screen, using a photo resistor.

Another neat idea, which was actually the first angle I took while looking at this possibility, is to write a communication system around this.

Anyway, I will be back with a video on the exact process, and some Ruby code, shortly.

qxzxq

Harware Hacking the ION Film2SD (Zoran Coach 6M chip), Part One

So today’s topic is not so much about privacy, and I am diverting a little from the purpose of this blog. The reason being, I accidentally ran into the subculture of hardware hacking in my research, and this was so much fun to experiment with, I just had to do a post about it. Have a look at the video below first…

It was really not too difficult to pull this off, and something I had been dreaming of being able to do ever since I was a child. As soon as I understood my digital toys, which was at a pretty young age because I was always opening them up, I dreamed of being able to reprogram them to do the things I wanted them to do.

Now fair enough, what I accomplished in the video is only such a small step towards my ultimate goal, to make a Super 8 camera that uses a digital film plate, but nevertheless it is a step in the right direction all the same.

What I am really looking for now is how to get the firmware off of the NAND flash, and into a state where I can look at the actual software, and hopefully make the changes I want to make to turn this into the device I need it to be.

I think my next step though, will be to find my multi-meter and get to grips with how to attach a speaker and microphone to the board, since I already have the option of putting the device into film mode, so having sound with that would be an absolute plus.

As always, I will keep you all updated on my progress, and will hopefully have a new video out on this project soon.

qxzxq

TRLOR: The Real Life Onion Router, Part One

I have been thinking more and more about privacy, and the great lengths some of us go through trying to gain anonymity on The Internet, and even in the real world.

Sure, by now most of us have installed Tor, maybe you’ve even gone as far as installing something like Tails Linux, which already provides a pretty strong Operating System that tries its very best to keep you off the grid, and even fights you store anything to disk.

Why is it then that we still hear every day of hackers being arrested, Silkroads being shut down, and the governments of the world don’t seem to be very impressed with our efforts to secure our privacy?

I believe it’s the human element that is failing us here. You can onion route your connection all day long, in the end you are still creating a pattern, leaving tracks behind, because it’s just you behind the keyboard doing the things you’re not “supposed” to be doing.

I believe there would be a real power to start thinking about putting “onion routing” to work for us in real life. What do I mean by that? Well, let me explain.

What if there was a project management tool, something in the likes of Pivotal Tracker or the likes, hosted as a distributed system, much like a Git repository, or Torrent. Some system that allows any individual node to drop out with no real impact to the system.

The project management tool would be filled up with Epic stories, a common objective of the community described as a high level goal. This Epic would then be broken down by the community into individual smaller Stories that describe the steps needed to complete the Epic. And, in true Pivotal fashion, each individual story would have a task list assigned to it.

Now, any member of the community can pick up a task from the list, and start working on this individual task, bringing the community closer to the goal of completing an Epic.

What’s the benefit? Simple, no one member of the community can be held responsible for any given result of completing an Epic.

This idea is young in my mind, and I haven’t had the proper time to think this through any further than this, but I really believe there’s something to this. Obviously new tools and processes would have to be developed to support this method, but I think it can be done.

qxzxq

Spying on Medical Pagers with SDR

So… Software Defined Radio, a new pet project of mine. While I continue my investigation into my own privacy, and inherently, the privacy each of us experiences in this day and age I suddenly stumble onto SDR, or Software Defined Radio.

First, it didn’t really grab my attention. When I was a lot younger, in the 90s, there was a big wave of CB and RF people around, and it kind of has a bit of a negative inclination. But soon I would find that radio frequencies is actually where it’s at when it comes to our privacy, and the potential of spying on people. In the end, most technology will eventually turn into some form of radio signal, and tapping into those is sometimes easier than you might expect.

What if I was to tell you it takes no effort at all, and only a very very minimal investment money wise to listen into the medical pager system? You know those pagers on medical shows, those little text devices that actually make doctors and nurses move from place to place? Those little devices pretty much seem to dictate where medical personnel is positioned in the world.

What if I was to tell you that not only can you read along with the messages sent over this paging system, but with a little more effort you would actually be able to disrupt this system quite easily?

In the video above I go over all my findings so far, as a complete novice getting into radio hacking. I am by no means an expert, but I was able to quickly set up a system that allows me to just read what is going on in the city, and most of the area around the city as well, and I don’t even have very good reception on the cheap default antenna that came with my $10 device.

I am using a DVB-T module from Terratec that was, as I mentioned, $10 to buy and two free programs to achieve all this. While recording the video above I was even surprised to see a message come by from some hosting provider’s engineer, which leaked some sensitive personal details like email address and phone number.

I don’t think I have even scratched the surface on this particular area, and I am looking forward to see what else I can achieve with the Software Defined Radio, and I am even more curious to see what kind of proof-of-concept attacks I can set up using the information gained from this.

qxzxq

Passive Chat, Active Obsession, Part One

It has been a very active obsession of mine to interact with social media, though I might be using it a little differently to your every day status updates, friend requests, and publicity fails.

I am more active at the back end, the underlying structure of the social media platforms, commonly referred to as the Application Program Interface, or A.P.I.

Take Twitter for example… I love how there is this continuous waterfall of messages is just thrown out into the world, all right there in the open to scoop up and play with. Twitter even enables you to access their A.P.I. directly, all you have to do is register as a developer and create an app, simple. You’ll get all the consumer tokens, access tokens, and secret tokens respectively.

The one thing that Twitter requires these days though, which they didn’t in the past, is that you have a phone number attached to your Twitter account, and this phone number can not be in use on another account already, which sucks for me since I am all out of phones to use…

This problem is amplified by my decision not to own or use a mobile phone myself, for reasons that will become all to clear as this website progresses. I will tell you all about mobile phones and the mobile network soon enough, since this is primarily focused on my own, and your, privacy.

Anyway, let’s not get off topic here. Once you have set yourself up to be able to connect to the Twitter A.P.I. you have two choices to connect and start receiving data from Twitter, and even start manipulating the Twitter data directly.

One more thing before we get started on some code… Obviously there is no way Twitter is ever going to let you do anything via their public A.P.I. that you couldn’t do using the service normally. This is merely an ongoing effort of automation and experimentation.

For this, part one on the subject, I will be writing a simple, and quite silly program I came up with that tried to cheat my way into a chat bot. Remember those “psychiatry” bots on the Commodore 64? Or, remember “Eliza”?

Let’s connect to the Twitter A.P.I. first… These code examples are all in Ruby, the full source code to this article is hosted on github.

Firstly, let’s install Sferik’s excellent Twitter Gem:

gem install twitter

Next create a new Ruby script and require the gem:

require 'twitter'

Connect to the REST A.P.I.:

 @client = Twitter::REST::Client.new do |config|
   config.consumer_key        = consumer_key
   config.consumer_secret     = consumer_secret
   config.access_token        = access_token
   config.access_token_secret = access_secret
 end

Note: Replace the consumer_key, consumer_secret, access_token, and access_secret with the details you received when creating your Twitter app.

Now we start an infinite loop, and things get a little weird… I will explain, but have a look at the following code first:

 loop do
   printf '>'
   msg = gets.gsub("\r", '').gsub("\n", '')
 
   if msg.upcase == 'QUIT'
     exit
   else
     @client.search(msg).each do |tweet|
       if tweet.reply?
         begin
           puts @client.status(tweet.in_reply_to_tweet_id).text.to_s.gsub(/\B[@#]\S+\b/, '')
           break
         rescue Twitter::Error::NotFound
           puts 'Whatevs...'
         end
       end
     end
   end
 end

Basically what we’re doing here is, take some input from the keyboard, so any kind of “conversation” starter. Then we search all of Twitter for some tweet by anybody which matches what we just said to the computer. Next we look through any matching tweets to see if this tweet was in reply to another tweet, and if so we feedback the tweet that our matching tweet was in reply to, to the user that is chatting to our bot.

So in a way, you are now passively chatting with all users on Twitter, sort of turning Twitter into one collective personality, or entity, or some thing. It’s a bit difficult to describe, and it sort of sits at the fringe of experimental and insane…

I wonder if you caught the logical mistake in this system though… Ever since Twitter updated their A.P.I. we have lost one important particular piece of functionality that forces me to currently have this huge reversal of the logic in this script, which makes a significant difference as to how this bot should work, and how it does work…

If you can spot it, good on you, otherwise I will be back to talk about this “bug” soon…

qxzxq

Hello world!

This is not really a post, but since WordPress created this by default, I feel the need to edit it.

I am qxzxq, and I will be using this page to tell you all about my findings as I investigate my own privacy, both in the digital and in the analogue world.

I am also interested and active in the field of combining technology with art, and have been known to create schizophrenic robots from time to time…

That’s all.

qxzxq