Ciro Santilli (@cirosantilli) - New articles

sudo apt install --no-install-recommends git cmake ninja-build gperf \
  ccache dfu-util device-tree-compiler wget \
  python3-dev python3-pip python3-setuptools python3-tk python3-wheel xz-utils file \
  make gcc gcc-multilib g++-multilib libsdl2-dev libmagic1 python3-pyelftools
python3 -m venv ~/zephyrproject/.venv
source ~/zephyrproject/.venv/bin/activate
pip install west
west init ~/zephyrproject
cd ~/zephyrproject
west update
west zephyr-export
cd ~
wget https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v0.16.1/zephyr-sdk-0.16.1_linux-x86_64.tar.xz
tar xvf zephyr-sdk-0.16.1_linux-x86_64.tar.xz
cd zephyr-sdk-0.16.1
./setup.sh

The installation procedure install all compiler toolchains for us, so we can then basically compile for any target. It also fetches the latest Git source code of Zephyr under:

~/zephyrproject/zephyr

The "most default" blinky hello world example which blinks an LED is a bit useless for us because QEMU doesn't have LEDs, so instead we are going to use one of the UART examples which will print characters we can see on QEMU stdout.

Let's start with the hello world example on an x86 target:

cd ~/zephyrproject/zephyr
west build -b qemu_x86 samples/hello_world -t run

and it outputs:

Hello World! qemu_x86

The qemu_x64 on the output comes from the CONFIG_BOARD macro github.com/zephyrproject-rtos/zephyr/blob/c15ff103001899ba0321b2c38013d1008584edc0/samples/hello_world/src/main.c#L11

#include <zephyr/kernel.h>

int main(void)
{
	printk("Hello World! %s\n", CONFIG_BOARD);
	return 0;
}

The qemu_x86 board is documented at: docs.zephyrproject.org/3.4.0/boards/x86/qemu_x86/doc/index.html

You can also first cd into the directory that you want to build in to avoid typing samples/hello_world all the time:

cd ~/zephyrproject/zephyr/samples/hello_world
zephyr west build -b qemu_x86 -t run

You can also build and run separately with:

west build -b qemu_x86
west build -t run

Another important option is:

west build -t menuconfig

But note that it does not modify your prj.conf automatically for you.

Let's try on another target:

rm -rf build
zephyr west build -b qemu_cortex_a53 -t run

and same output, but on a completely different board! The qemu_cortex_a53 board is documented at: docs.zephyrproject.org/3.4.0/boards/arm64/qemu_cortex_a53/doc/index.html

The list of all examples can be seen under:

ls ~/zephyrproject/zephyr/samples

which for example contains:

zephyrproject/zephyr/samples/hello_world

So run another sample simply select it, e.g. to run zephyrproject/zephyr/samples/synchronization:

west build -b qemu_cortex_a53 samples/synchronization -t run

 Read the full article

SARS-CoV-2 E protein Updated 2025-07-16

 View more

Envelope.

As shown at pubmed.ncbi.nlm.nih.gov/16877062/#&gid=article-figures&pid=fig-3-uid-2 has transmembrane domain.

 Read the full article

The alternating groups of degree 5 or greater are simple Updated 2025-07-16

 View more

www.youtube.com/watch?v=U_618kB6P1Q GT18.2. A_n is Simple (n ge 5) by MathDoctorBob (2012)

 Read the full article

WhatsApp profile information is public by default Updated 2025-07-16

 View more

Your profile picture, name and status are public by default as of 2022!!! OMG!!!

This means that all secret services in the world have alrady scraped this information for everyone that uses WhatsApp!!!

They just have to go incrementally through the list of all phone numbers... 001 0000 0000, 001 0000 0001, 001 0000 0002, etc. and then you can deduce who has which phone number.

OMG... it is analogous to the Facebook profile face dump.

Sure, it is forbidden in theory: faq.whatsapp.com/general/security-and-privacy/about-harvesting-personal-information/.

 Read the full article

Amazon Athena Updated 2025-07-16

 View more

Google BigQuery alternative.

 Read the full article

Anomalous Zeeman effect Updated 2025-07-16

 Read the full article

ATP synthesis mechanism Updated 2025-07-16

 View more

ATP is the direct output of all the major forms of "energy generation" in cells:

 Read the full article

Geiger-Nuttall law Updated 2025-07-16

 Read the full article

Koan Updated 2025-07-16

 View more

 Read the full article

Calcite Updated 2025-07-16

 Read the full article

CC BY-NC-ND 4.0 table of contents Updated 2025-07-16

 Read the full article

CIA 2010 covert communication websites / IP and DNS metadata Updated 2025-07-19

 View more

Some dumps from us looking for patterns, but could not find any.

Sources of whois history include:

whois-history.whoisxmlapi.com/ from whoisXMLAPI. Notably they also have historical reverse WHOIS... tools.whoisxmlapi.com/reverse-whois-search but it needs credits. TODO we need to squeeze this a but further at some point.

When that data comes in JSON format as from whoisXMLAPI, we are going to just dump it in github.com/cirosantilli/media/blob/master/cia-2010-covert-communication-websites/whois.json

The vast majority of domains seem to be registered either via domainsbyproxy.com which likely intgrates with Godaddy and is widely used, and seems to give zero infromation at all about the registrar.

A much smaller number however uses other methods, some of which sometimes leak a little bit of data:

Network Solutions, LLC. These sometimes give a tiny bit of information: one name. Other times they are hidden behind Perfect Privacy, LLC. Examples>
- alljohnny.net: L. Glaze. tools.whoisxmlapi.com/reverse-whois-search "Glaze, L." has
  - webstorageforme.com. web.archive.org/web/20130917230604/http://webstorageforme.com/ broken, cqcounter.com/whois/www/webstorageforme.com.html blank
  - welcometonyc.net. Hit!
  - international-smallbusiness.com. Same IP as alljohnny.net and quite possibly hit..
  - alljohnny.com. Hit!
  - locateontheweb.com. cqcounter.com/whois/www/locateontheweb.com.html broken/test page
  - rolling-in-rapids.com. web.archive.org/web/20111101080224/rolling-in-rapids.com no archives but cqcounter.com/whois/www/rolling-in-rapids.com.html hit style! viewdns.info/iphistory/?domain=rolling-in-rapids.com puts it at:
    208.91.197.132 British Virgin Islands CONFLUENCE-NETWORK-INC 2014-01-31
    65.218.91.9 United States UUNET 2013-12-20 so matchwith welcometonyc.com but not listed at viewdns.info/reverseip/?t=1&host=65.218.91.9 because of the viewdns.info reverse IP bug!
- differentviewtoday.com: tools.whoisxmlapi.com/whois-history-search kind of empty no name
Pulley, Tammy
- golf-on-holiday.com: Pulley, Tammy. No tools.whoisxmlapi.com/whois-history-search reverse hits.
- intoworldnews.com: Benjamin McGrew. Only that hit for reverse name at tools.whoisxmlapi.com/reverse-whois-search
- magneticfieldnews.com: Sarah Lowell tools.whoisxmlapi.com/reverse-whois-search has 9 domains
  - sarahlowell.com: web.archive.org/web/20110208130657/http://sarahlowell.com/ Yoga instructor.
  - puppychallengesacademy.com
  - sarahlowelldogtraining.com
  - puppychallenges.com. web.archive.org/web/20130517151924/http://puppychallenges.com/ wordpress.
  - puppychallenges.net
  - realwomensduathlon.com. No archives of era: web.archive.org/web/20180808101430/http://realwomensduathlon.com/
  - magneticfieldnews.com. Hit.
  - highflyingagility.com. Legit? Service offer.
  - ropies.com. web.archive.org/web/20111101080224/http://ropies.com/
- medicatechinfo.com: Jason Noll. Has the following hits at tools.whoisxmlapi.com/reverse-whois-search
  - dreamschemedesigns.com. Legit
  - dreamschemedesigns.net
  - aviationturbinesinternational.com. No relevant archives.
  - garysluhan.com. Seems legit.
  - cjlogic.com: registrar Godaddy (not Network Services!) and contact:
    Noll, Jason noll.jason@gmail.com 104 Southridge Ct. Marthasville, Missouri 63357 United States (660) 441-0780 Fax --
    This image is his Gmail's current profile image as of 2025: openclipart.org/detail/19437/high-wing-airplane
  - medicatechinfo.com. Hit.
  - health-men-today.com. Hit. Holy fuck it has two hits out of 7!!!
- mydailynewsreport.com: Rebecca Melancon on tools.whoisxmlapi.com/reverse-whois-search:
  - rebecca-melancon.com. web.archive.org/web/20180808172531/http://rebecca-melancon.com/ pilates teacher
  - swlabuyahome.net
  - swlalistmyhome.net
  - rebeccaworking4yousite.com
  - mylakecharlescityguide.com
  - swlalistmyhome.com
  - rebeccaworking4you.com
  - swlabuyahome.com
  - calcasieuhouses.com web.archive.org/web/20111013212502/http://calcasieuhouses.com/. Wordpress. Copyright Rebecca Melancon, Equal Housing Opportunity.
    Message from Rebecca
    Welcome to Calcasieu Houses! Here you will find not only information about Real Estate in Calcasieu Parish & the Lake Charles area, but also information about the area itself. I am constantly adding content so please check back often. I can help you with relocation, buying, selling, as well as looking for a great restaurant or a new activity to do! There will be information on Lake Charles, Sulphur, Westlake, & Moss Bluff. If you have something you would like to see added to the website, please feel free to contact me!
  - mydailynewsreport.com. Hit.
- plugged-into-news.net: Godfrey Hubbard. Searching tools.whoisxmlapi.com/reverse-whois-search for two terms "Godfrey" "Hubbard" gives a small list of 20 domains including plugged-into-news.net. They all appear to have both words in them. Searching just "Hubbard, Godfrey" has only 3 hits:
  - hubbardgodfrey.online
  - plugged-into-news.net
  - hubbardgodfrey.com
  so it seems to match the strings exactly!
but presumably these are the names of employees of the company? We are yet to see two identical names however, which also suggests fake names. Network Solutions appears to offer both hosting and domain registration, and the CIA seems to have used this service combo a lot.
godaddy without domainsbyproxy.com: a few of the websites are registered in Godaddy without domainsbyproxy. These might be the ones that gives out the most information:
- baocontact.com

Big question: webmasters.stackexchange.com/questions/13237/how-do-you-view-domain-whois-history DomainTools also has it.

How on Earth did did Citizen Labs find what seems to be a DNS fingerprint??? Are there simply some very rare badly registered domains? What did they see!

 Read the full article

CIA 2010 covert communication websites / IP range search Updated 2025-07-16

 View more

One promising way to find more of those would be with IP searches, since it was stated in the Reuters article that the CIA made the terrible mistake of using several contiguous IP blocks for those website. What a phenomenal OPSEC failure!!!

The easiest way would be if Wayback Machine itself had an IP search function, but we couldn't find one: Search Wayback Machine by IP.

viewdns.info was the first easily accessible website that Ciro Santilli could find that contained such information.

Our current results indicate that the typical IP range is about 30 IPs wide.

E.g. searching: viewdns.info/iphistory and considering only hits from 2011 or earlier we obtain:

capture-nature.com
- 65.61.127.163 - Greenacres - United States - TierPoint - 2013-10-19
activegaminginfo.com
- 66.175.106.148 - United States - Verizon Business - 2012-03-03
iraniangoals.com
- 68.178.232.100 - United States - GoDaddy.com - 2011-11-13
- 69.65.33.21 - Flushing - United States - GigeNET - 2011-09-08
rastadirect.net
- 68.178.232.100 - United States - GoDaddy.com - 2011-05-02
iraniangoalkicks.com
- 68.178.232.100 - United States - GoDaddy.com - 2011-04-04
headlines2day.com
- 118.139.174.1 - Singapore - Web Hosting Service - 2013-06-30. Source: viewdns.info
- 184.168.221.91 2013-08-12T06:17:39. Source: 2013 DNS Census grep
fightwithoutrules.com
- 204.11.56.25 - British Virgin Islands - Confluence Networks Inc - 2013-09-26
- 208.91.197.19 - British Virgin Islands - Confluence Networks Inc - 2013-05-20
- 212.4.17.38 - Milan - Italy - MCI Worldcom Italy Spa - 2012-03-03
fitness-dawg.com
- 219.90.62.243 - Taiwan - Verizon Taiwan Co. Limited - 2012-01-11

Neither of these seem to be in the same ranges, the only common nearby hit amongst these ranges is the exact 68.178.232.100, and doing reverse IP search at viewdns.info/reverseip/?host=68.178.232.100&t=1 states that it has 2.5 million hostnames associated to it, so it must be some kind of Shared web hosting service, see also: superuser.com/questions/577070/is-it-possible-for-many-domain-names-to-share-one-ip-address, which makes search hard.

Ciro then tried some of the other IPs, and soon hit gold.

Initially, Ciro started by doing manual queries to viewdns.info/reversip until his IP was blocked. Then he created an account and used his 250 free queries with the following helper script: ../cia-2010-covert-communication-websites/viewdns-info.sh. The output of that script can be seen at: github.com/cirosantilli/media/blob/master/cia-2010-covert-communication-websites/viewdns-info.sh.

Ciro then found 2013 DNS Census which contained data highly disjoint form the viewdns-info one!

Summaries of the IP range exploration done so far follows, combined data from all databases above.

 Read the full article

CIA 2010 covert communication websites / Selected screenshots Updated 2025-07-26

 View more

This section contains some of the most interesting and a few representative screenshots of the websites found.

We intentionally omit the screenshots already reported by the Reuters article.