Letters: GLORY
Hacker News
Dear 2600:
Hacking podcast Shadow Systems
Audio on actual hacking within the podcast, and phreaking.
J
We have a sad fact to reveal. Most of our letters now take this form of people not actually communicating using full sentences or anything more than 140 characters. We're sent links, words that are spelled so incorrectly that they're basically new words, and thoughts that never come to full term. We miss the old days, where so many readers would rattle off paragraph after paragraph of prose, some of it meaningless, but much of it filled with ideas that really provoked discussion and controversy. We hope to see more people return to that path.
Oh, and the link is worth checking out.
Hacker Queries
Dear 2600:
I'm recently reminded of how we live in a society where our lives are being nitpicked by various three letter agencies.
However, as a privacy conscious individual, I'm wondering if it is truly necessary for me to give away my real name and address while purchasing tickets to the HOPE conference. I'm wondering if only a working email will suffice, or is the information necessary for the delivery of the tickets?
Hopefully, this is only a matter of record keeping.
general.bills
We don't require any real info from you at all, other than your payment details and, naturally, an email address where you can receive your tickets. But if you use a credit card, the company behind it will compare your address to what they have on file and let us know whether or not it all matches. Addresses that don't match require us to follow up to make sure you're not trying to pull a fast one on us. It's the same method used by virtually every online store. The real question you should be asking is if it's necessary for you to give away your real name and address to the credit card companies. In actuality, it is and it isn't. You can use a fake name on a credit card as long as it's attached to one in your real name. But you can then use that fake name on all of your online purchases. Getting a post office box or a maildrop and having your credit card bills delivered there make that your billing address, which is what online merchants need to verify. In other words, it doesn't have to be your actual street address. And this is all accomplished while remaining completely legal. You can do a whole lot more on the other side of the law. But that's another story.
Dear 2600:
I am a computer security researcher and teacher at the Carlos III University of Madrid (Spain).
Currently, I am teaching subjects related to cyberthreats and malware. I have found that your web page offers information regarding hacking. I would like to go deeper in the matter to present students a more realistic view about it.
Thus, I feel that your knowledge could be a great key for my work. Particularly, knowing how hackers get in touch, how they communicate, and if they hide themselves on the Internet or if they have publicly available places would be useful.
Any advice on this matter will be very valuable for me. Let me thank you in advance for your precious time.
Lorena
We don't advise people thanking us in advance as they likely will be disappointed. We can't do more than suggest that you read what's in our pages and in many other hacker-related forums on the Internet. It's not really clear from your letter what particular aspect of hacker culture you're interested in pursuing. Hackers aren't living on the Internet like termites in a wall. Hackers are all around you, all the time. They communicate in every way imaginable, they know how to protect their privacy, and they have no problem meeting in public as well, although we currently don't have meetings in Madrid. A good start for you would be to disbelieve everything you've heard in the media and movies and do a little digging to see what hackers are motivated by. Whether it's the development of a new type of operating system or a battle against some proposed draconian law, the people involved will likely be more than open to talking with you about it, as long as you're willing to listen and not jump to simplistic conclusions, like so many have in the past. We wish you luck but doubt that you'll need it if you're truly interested in learning.
Dear 2600:
Have you heard about this challenge? Someone is giving away bitcoin. You just have to guess the six letter password. Can it be done?
Eric
You can read about this particular challenge at bitcointalk.org/index.php?topic=1014202 and on Reddit. There were some other challenges that were figured out, but the six character one has yet to be. In fact, much of the discussion in various forums is debating how many billions of possibilities there are and just how long this could take under what circumstances. It's an interesting conversation that can be applied to so many other security-related issues. It really all comes down to what resources are at your disposal and how much time you're willing to focus on such challenges, along with any possible shortcuts you can apply. What seems like a great password now won't be in the future because processing time will be vastly decreased. But even if you have a completely uncrackable password, using the same one for long periods of time - which many people do - not only makes it more likely someone who's been at it for a while will finally figure it out, but opens you up to the sum total of every mistake you made in that period of time, such as writing it down once, being shoulder-surfed, or so many other things that make your password completely useless.
We don't have to go nuts over this. Simply choosing a decent password and changing it on a regular basis is usually enough. But, in case it isn't, you should always be paying attention so you'll be able to tell if something changes due to another gaining access somehow.
Regarding the challenge here - assuming it's on the level - what seems like a Herculean task can be greatly simplified with a little organization and crowd-sourcing. So if, as some people are saying, this would take a thousand years to crack, how long would it take if a thousand people each took a portion of the challenge? Now imagine a government that has access to virtually unlimited resources that is motivated to crack a particular code and add that to the constantly improving technology. What appears completely secure is often only temporarily so. Our human ingenuity is the one element that can always stay a step ahead.
Dear 2600:
Greetings from prison! I am attempting to figure out how modem TVs detect a video signal through either the composite or VGA inputs. As I am in a correctional institution, I do not have access to material to research this. My goal is to connect an audio device to the television so it may be used as a speaker. However, when I connect the audio input, the no signal screen remains and I cannot seem to bypass it. So I thought I would ask you. Also, I would like to say thank you for continuing to put out an awesome magazine. I thoroughly enjoy every issue. Also, in case it matters, the TV is made by Coby.
Chris
If what you are connecting the audio input to on the TV is a 3.5 mm headphone jack, it is likely that is really an output for external speakers. This would hamper inputting audio, even if you made the TV detect some signal on another connector. Composite and VGA are older input methods, but there may be a way. VGA does not pass any audio from the input you connect. Composite would allow inputting of audio over the red and white RCA connections. If you can make or acquire an adapter for stereo RCA to whatever audio device you're using as input, it may play audio without even connecting the yellow composite input to anything at all. If it did require signal, you could take composite video output from a VCR such that blue/black screen or a video without sound played while the input of audio came through from your other source.
Dear 2600:
Where is the list with the stores that sell physical copies?
Vaseleos
That is a very good question. We are attempting to get such a list put together. We've also been saying this for years. Unfortunately, this is one of those things that's much harder to do than it should be. The list in question used to appear on our website and with it you could tell just where copies of our magazine could be found. We got the info from our distributors. Here's the challenge: distributors don't like to give out this data because they feel other distributors can come along and snatch their accounts from out under them. We think having a list of where people can buy our magazine would result in more people buying our magazine. But what do we know? The whole situation isn't helped when said distributors shut down and take the data (and our money) with them. Don't even get us started.
But since we're on the topic, we thought you might like to hear an update of one of our latest distributor woes, that being the ones that sort of went out of business but didn't really. We're referring to the company called Source Interlink that split itself into two, shut down the half that dealt with magazine distribution (while owing us close to $100,000), and renamed its other half to TEN: The Enthusiast Network (www.enthusiastnetwork.com). They continued to be wildly profitable while publishing magazines of their own like Motor Trend, which we'd bet somehow didn't get stiffed by the company's other half. Anyway, we finally got a check from them for just over two grand. Better than nothing, but nowhere close to what's right. It's not the first time we've been fleeced and it probably won't be the last. This was probably the slickest maneuver we've encountered, though. And yes, it was all completely legal.
This is how the game is played: publishers like us are always at the mercy of distributors. They aren't all bad and we've worked with some great ones over the years. But nothing illustrates how essential our reader support has been in keeping us going despite these monumental challenges.
Dear 2600: