mozz

mozz, 5 months ago

Unsurprisingly, Lores' claim comes from HP-backed research. The company's bug bounty program tasked researchers from Bugcrowd with determining if it's possible to use an ink cartridge as a cyberthreat. HP argued that ink cartridge microcontroller chips, which are used to communicate with the printer, could be an entryway for attacks.

As detailed in a 2022 article from research firm Actionable Intelligence, a researcher in the program found a way to hack a printer via a third-party ink cartridge. The researcher was reportedly unable to perform the same hack with an HP cartridge.

Shivaun Albright, HP's chief technologist of print security, said at the time:

"A researcher found a vulnerability over the serial interface between the cartridge and the printer. Essentially, they found a buffer overflow. That’s where you have got an interface that you may not have tested or validated well enough, and the hacker was able to overflow into memory beyond the bounds of that particular buffer. And that gives them the ability to inject code into the device."

This is a remarkable amount of effort and money to spend trying to demonstrate the "truth" of something which everyone involved was surely aware was bullshit from start to finish. I'm honestly at a loss to figure out what was the point, unless the point was "help me help I have too much money what am I gonna do with all this money."

(I looked it up, and the bug bounty program awarded "up to" $10,000. So maybe they just made the guy sign an NDA then gave him $100 and said thanks for helping us with our lying sucker, now get lost.)

mozz, 5 months ago

It wasn't quite that; there was a buffer overflow in the code that was talking to the ink cartridge. So a malicious ink cartridge could in fact take over your printer. Of course, a web page you visit could in fact take over your browser and that's a much more realistic threat vector, and somehow we've survived all this time without limiting ourselves to HP-sponsored and security-assured web pages with a healthy cut of profit going to HP from every visit.

mozz, 5 months ago

Yes. I suspect that when they say the printers are only vulnerable via third-party cartridges, they mean that obviously no genuine HP cartridge would contain malicious software, therefore any malicious cartridge is by definition third party, therefore the printers are only vulnerable via third-party cartridges.

mozz, 5 months ago

Two different people. Hans Reiser is the filesystem developer who killed his wife, and Frederick Brennan was the 8chan creator who wrote to Reiser and got back the published letter.

mozz, 5 months ago

Oh, I got it. Yeah, I didn't know any of the 8chan saga.

mozz, 5 months ago

Yeah, around 2.2 - 2.6 time was wild. I was a lurker on LKML at the time and I remember a lot of the same. There was which crazy filesystem to use, there was Alan Cox's huge work like memory or scheduler improvements (I still remember once he started getting it really right I started like 4 compiles in the background and then just went back to working, and it was so responsive still that I forgot about them and left them running), there were whole sagas like ReiserFS or like BitKeeper and the creation of git. Or my all time favorite... CML2.

With Jeff's email, the thread was essentially moved to the lkml, an often less-than-friendly environment.

I remember observing things like Reiser or Bitkeeper play out in real time taught me a lot about how it's not enough to be technically better, you also have to be able to work with people and not be a jerk about things. That's another thing that's great about hearing from Hans, looking back on it all now through the distant lens of hindsight.

mozz, 5 months ago

Yeah the -ac kernels were for quite some time what the hep cats were all running. Alan Cox did a ton of different performance improvements that slowly made their way into the main kernel over time. I also remember they were way better if you had large amounts of memory for the time.

I also remember this weird little side note when two different teams were both working on some sort of device management subsystem, and when the kernel team selected one and not the other, someone wrote this really touchingly kind note to the other team. Like look, your system is perfectly good, it's easily deserving of getting merged and it's gonna suck that you worked hard on it and it's more or less getting thrown away, but we have to pick and standardize on only one system. But please understand that it's perfectly good and we're not saying it as any kind of value judgement and we hope this doesn't discourage you from contributing good work in the future. It was again that same kind of lesson as with Reiser or BitKeeper that you have to keep the human element in mind.

mozz, 5 months ago

I want to normalize having a sarcastic commentator making scathingly aggressive Youtube videos about people in the news who are doing unethical things.

mozz, 5 months ago

He can still make videos about The Completionist and WataGames

mozz, 5 months ago (edited 5 months ago)

What's the factual issue with what he said about Jirard? Like for example, would you say any of the big blockquotes in this story are specifically untrue?

Edit: Buried way down in the thread is my response after watching the video. TL;DR I stopped watching when after faffing around for 30 minutes, the guy finally got to the point, and almost immediately said with a straight face, "The times where Jirard has stated that funding has occurred might be obvious miscommunications or simple misstatements. Human error."

mozz, 5 months ago

I asked about the specific claims in the story I linked to.

Claim #1 can be verified by watching Jirard's video

Claim #2 can be verified by watching Jirard's video

Claim #3 is a simple statement of logic, no factual assertion

Claim #4 is a statement of what's in Jirard's video, and an argument about how the law works, no factual assertion beyond what's in the video

Claim #5 is a simple statement of logic (predicated on what's in Jirard's video)

Claim #6 is an assertion about what Jirard claims "constantly"; hard to verify without watching literally everything Jirard has published

Literally nothing in the story I linked had anything to do with anything not in the public record. I was asking about those specific claims to get a sense of what exact statements of Karl's you're talking about. Your answer doesn't give me a ton of confidence that you're being precise in your allegations about Karl.

I haven't watched your video and don't plan to for a little while because of time reasons, but I'll take a look. I am curious on the topic (why I asked you the question I did.) The only other thing I'll say on the topic is, Karl's been on the receiving end of a $100k+ lawsuit already from the subject of one of his videos; it's possible that he's saying irresponsible things without consulting with his lawyer who would otherwise advise him not to, but I think it's unlikely.

mozz, 5 months ago

he only thing he actually proved was that approximately $600k sat in a bank account that most people probably believed was being moved along more judiciously than that

The assertion was that Jirard had confirmed that some of the money was spent on things that weren't charity, and that the explanations Jirard gave for why it hadn't been given to charity after years had passed were nonsense. All of that depends just on Jirard's statements.

That said, I can buy the idea that there were other allegations in the video that shouldn't have been made because they're not provable; I'll watch your video.

a trap allowing Jirard to legitimately counter-sue

Counter-sue? Karl is suing Jirard? When did this happen?

mozz, 5 months ago

There were no legal threats from Karl's side to get lost in. There were statements about Jirard's conduct, but no threats. I'm suddenly a lot more skeptical about what you're saying, although I'll still watch the video.

mozz, 5 months ago

Okay, I've seen enough; I made it to 33:12. This video is way longer than it needs to be; Karl made some pretty specific allegations, which do line up with the legal definition of charity fraud (which is laid out in clear legalese in the video), if they're true. The most critical part is the way Jirard repeatedly on stream made very specific statements about where the money was going to go, or had gone, that turned out not to be true by his own later admission. The video could have started at 28:29 with "what is fraud, and did it happen," and done at most a couple minutes' Cliffs Notes for the rest.

I waited and waited for this to be addressed.

At 31:02, he artfully excerpts a statement from Jobst saying the behavior was "unethical and almost certainly illegal," by saying only the "certainly illegal" part. Those are two very different statements, and this was the first time my whoa-hold-the-fuck-up meter started to register.

At 31:30, he airs one of the statements by Jirard that's not really an issue, and explains that as a general statement it's not really an issue. How about the statements Karl took issue with? I was back in waiting mode.

At 33:04, he says, "The times where Jirard has stated that funding has occurred might be obvious miscommunications or simple misstatements. Human error."

Shut the fuck up Mr. Lawyer Man. You can't make a whole half hour lead up about why the whole thing is a huge misunderstanding and what a great position Jirard is in since he never actually did any fraud, and then just casually drop that "Oh yeah and those the times he lied about where the money had gone he probably just made a mistake and it's not a big deal." Especially since part of the defense is, well we were waiting before we actually gave the money for it to be enough to be able to do X Y Z fancy thing.

I am not a lawyer. There may be some additional explanation that clarifies why they were "obvious miscommunications." But I saw enough to satisfy my curiosity.

mozz, 5 months ago

I think I got so mad that I spent half an hour of my life watching this, that I replied to myself. But my response (after watching most of the video) is up there.

mozz, 5 months ago (edited 5 months ago)

Often, when I am covering a topic I lack familiarity or specificity with, I bring in an outside source—in the case of nonprofits, that meant talking to sources like lawyers and financial experts on the challenges that can face charities. (Lawyers, it should be noted, often don’t speak in absolutes about specific situations when talking to media outlets.)

Jobst didn’t do that, essentially meaning he was interpreting the documentation himself.

Citation needed. I don't know that Karl consulted with a lawyer before making this video, but given that he's right in the middle of getting sued and has spent over $100k on legal fees defending himself in that lawsuit, it'd be pretty surprising if he didn't talk to his lawyer before making this video, but instead just sort of sprung it on him as a little surprise.

I'm curious what Ernie's reason is for asserting specifically that he didn't talk to a lawyer about his video.

I can take or leave Jobst’s claims of embezzlement—I think while Khalil probably spoke a bit too loosely during IndieLand, the format is a livestream and does lead to a lot of loose talk. Dude is filling time for hours, because that’s how the format works, and that lends itself to slip-ups. It doesn’t seem like he was being intentionally misleading, for the most part. But I do think that if Khalil decides to do another livestream like this in the future, he should probably cut out the middleman. It’s clear that what they were building towards struggled from an execution standpoint, and the use of a charity tied directly to Khalil has raised too many questions.

By saying that he'd donated money he hadn't donated, he was just... filling time on his stream? "For the most part?" Doesn't that aspect of the issue deserve a little more attention than this one dismissive paragraph?

(Edit: I expanded the quote to give full context. Contrast this against how Karl "not a bad journalist -- far from it" Jobst actually showed quite a few exact clips of Jirard saying the things he was referencing to support his arguments with specifics, instead of just making vague statements about "slip-ups.")

I have more I'd like to say about other things in this article, but honestly most of it is just beside the point. Like I said, the actual situation is actually extremely extremely simple. Seeing these huge videos or articles, which talk about charity fraud but spend almost all their runtime dealing at incredible length with issues other than "Did Jirard commit the technical definition of charity fraud?", actually specifically emphasizing that it wasn't a big deal if he did for the short time they touch on it, seems very weird.

(Edit: I could actually sympathize a lot more with the "Karl went too far" narrative before I spent so much time on things people are posting in this thread. It's definitely true that he's not a journalist and he makes money running a flashy Youtube channel; I could easily believe that he publicly attacked a couple of genuinely awful people like Billy Mitchell and it worked well, and he sort of got carried away looking for the next target, and then went too far in his Completionist video. I'd only ever really heard Karl's side of the story, and I didn't care about the topic enough to look into it any more. But these two attempts at defending what Jirard did are genuinely ridiculous.)

mozz, 5 months ago

Jobst: He seems to have committed charity fraud

Video: Whoa whoa whoa, there's a very technical definition of charity fraud; you have to operate a charity and make false statements about what you're doing with the money (subject to a few additional caveats and restrictions.) This is a terribly irresponsible thing Jobst is saying without having proof of it or understanding the law as well as I do.

You: "There was no smoking gun" "He didn't prove it"

Also video: Those times Jirard clearly said untrue things about what was happening to the money, well hey, anyone could make that type of obvious innocent mistake

mozz, 5 months ago

I'm not trying to get into a big back-and-forth about this, but just to take one more stab at what I've been saying:

The Moon video, Jobst, and the article someone else sent me here all seem to be in agreement that Jirard is on video claiming to have already donated money that it turned out later he hadn't donated. I'm not sure where you're getting that there's a lack of evidence of charity fraud.

Jobst, if I remember correctly, showed the clips of him saying it. Moon said they were "obvious miscommunications or simple misstatements." Ernie said they were "slip-ups" and that he was just filling time on his stream. To me, the latter two sound like bullshit. You are, of course, free to draw your own different conclusions and judgements about any or all of this. Just the fact that he said some things doesn't automatically mean he's guilty. But it's weird to say there's no evidence when all the sources seem to acknowledge (with their own wildly differing spins on the presentation) that there is.

As for your implication that I'm just saying all this because I wasn't interested in the video, I just like Karl Jobst's videos, etc:

"Well, I haven’t ignored [evidence for creationism]; I considered the purported evidence and then rejected it. There is a difference, and this is a difference, we might say, between prejudice and postjudice. Prejudice is making a judgment before you have looked at the facts. Postjudice is making a judgment afterwards. Prejudice is terrible, in the sense that you commit injustices and you make serious mistakes. Postjudice is not terrible. You can’t be perfect of course; you may make mistakes also. But it is permissible to make a judgment after you have examined the evidence. In some circles it is even encouraged." -Carl Sagan

mozz, 5 months ago

I watched that section of the video, yes. Did you watch the section of the video after that, that I listed the timestamps of? I talked about it at some length.

mozz, 5 months ago

Actually: I've exhausted the length of time I want to spend on this. Sorry. You're right that the early section of the video spends a ton of time being derisive towards Jobst, and explaining at incredible length that charities can in general do whatever they want with their money, which is true, and throwing shade at Jobst and strawmanning his complaints a little.

After quite a long time of that, it finally gets around to acknowledging one of Jobst's core complaints, which was not just that Jirard did whatever he wanted with the money (which is his right), but that he lied about it (which is, with certain caveats and reservations, a crime.)

I pretty much gave up on the video when he finally did admit that that happens but dismissed it so airily as oh, that was a "misstatement," it's fine, instead of acknowledging it in any kind of head-on manner or making some convincing argument that Jirard wasn't actually on video lying about it.

I'm actually find with tedium; I was irritated at the video because not because it was dry (it wasn't really), but because it seemed like it was spending time obfuscating the truth and dealing with trivialities. Did a lawyer help Jirard with his apology video? Probably. Where did Jobst get the simplified explanation of charity fraud he used in his video? I don't care, as long as the conduct does match the actual definition. Why was Jirard "saving" the money? It honestly doesn't really matter -- he can, as Moon notes, do whatever he wants, as long as he doesn't lie about it. But if he does lie, all of a sudden the explanation for why he was doing what he was actually doing when he was saying something else is probably irrelevant. Just get to the point. Etc.

Anyway. That's my take on it. You've got yours. Good luck and all the best.

mozz, 5 months ago

Battlefield 1942. Vehicle combat, area-control mechanics, "realistic" shooter gameplay (before that term became an obscene word), and class-based team mechanics had all been invented before, but the way it brought them together and the degree to which it polished them to arrive at something fun as hell was nothing less than revolutionary at the time. It was so groundbreaking that (for better or worse) it basically spawned the "AAA WW2 game" genre that then lasted for decades.

Then, the sequels were so consistently mediocre that the original was more or less erased from history.

mozz, 5 months ago

Fun fact, mostly unrelated but something in your message reminded me: I once played against a guy at a Go club, and we had an enjoyable game but he beat me. He wanted to talk to me about the game afterwards, and he started replaying the game for me from memory so he could make commentary. He replayed a pretty decent chunk of the beginning; I honestly don't remember but I think around the first 25-30 moves of the game.

I later learned he was the visiting Go person who was just stopping by the club for social reasons but could demolish anyone. He was incredibly kind and polite.

mozz, 5 months ago

Mastodon, and just turn off federation and registration maybe, and wrap the whole thing in HTTP authentication or something so you don't have to worry about random people finding random holes into read-only access to the content?