Incoming links: Security through obscurity
Ciro Santilli found out that he likes computer security researchers and vice versa.
It's a bit the same reason why he likes physicists: you can't bullshit with security.
You can't just talk nice and hope for people to belive you.
You can't not try to break things and just keep everyone happy in their false illusion of safety.
You can't do a half job.
If you do any of that, you will get your ass handed to you in a little gift bag.
All of this is closely linked to Ciro Santilli's self perceived creative personality and being naughty and creative are correlated.
Things that are not nice such as:
- Taboola, Outbrain, and other chumbox
- BLOBs
- Europe cookie law
- adhesive inside mobile phones and more generally, planned obsolescence
- Jupyter Notebook
- typographical characters that look like ASCII ones, but are not the ASCII ones, e.g. typographical quotes, em-dash. The non-breaking hyphen is not even whitespace, and by def Why not stick to ASCII when ASCII is good enough?
- excessive encapsulation
- replacement of master and slave terminology from technology
- mailing lists. And to add insult to injury, HTML on mailing list messages instead of plaintext.
- blank lines in code added by people trying to increase clarity, especially when there is already indentation for that. Every blank line must be preceded by a line comment explaining what the following block is about, or removed.
- messaging software that force you to have a mobile phone
- advertisements by telephone/SMS
- "state" such as global variables and object members, long live functional programming?
- mosquitoes, the only intrinsically bad thing about tropical countries
- projects with slow compilation times
- Microsoft Windows
- the 2019 Chinese government
- e-learning websites that only allows verified teachers to write content. Cowards who can't handle ranking algorithms.
- domain-specific language
- a build system without an out-of-tree option
- non-linear Git history: stackoverflow.com/questions/20348629/what-are-advantages-of-keeping-linear-history-in-git
- visual programming languages like Scratch. Waste of time. Text programming languages are already equally as visual due to indentation:Just make good serious gamedev libraries and integrated development environments for those real languages instead.
if x == 0: x = 1 - software that prevents you from running as root. Let me fucking shoot myself in the foot if I want to. It is better than having to deal with your hand holding bullshit, which is done in a different way for every project. E.g.: stackoverflow.com/questions/17466017/how-to-solve-you-must-not-be-root-to-run-crosstool-ng-when-using-ct-ng/53099177#53099177
- Medium
- luxury goods
- euphemism
- closed access academic journals are evil
- websites without OAuth
- shower room without a window to the exterior (mould!!!)
- single programs with their interface split across multiple windows, e.g. GIMP, ZynAddSubFX
- graphical user interfaces
- logograms
- infinitesimals. Just use limit instead, please
- country
- knowledge olympiads
- programming languages without a decent dominating package system
- closed source offline software used by millions
- exams
- security through obscurities
- dots in Gmail address
- things in websites that look like links, and behave like links, but don't let you middle click to open them on a separate tab
- K-pop
- numerical computing language
- fiscal paradises
- when the front-end of an website changes an important permanent state, but the URL does not change
- splash screens: you should show boot messages so that people will know what to Google for when things fail. Do you think computer newbies will be afraid and have nightmares?
- milk chocolate: why would you eat that instead of dark chocolate if you are older than 10?
- to talk about something without giving the real name to not scare off the audience
- mathematical symbol that looks like a Greek letter but isn't. Or perhaps mathematical notation in general
- when more than two people gather to play a board game or video game, and two or more people start chatting on and on about random subjects rather than concentrating on the game
- watching television while eating. Same for reading, or doing basically anything else but eat. The only acceptable activity is talking relaxedly, not about work.
- noises coming out of your bicycle. It is so hard to find where they come to fix them!!!
- code drop
- private cars as opposed to public transport. As a cyclist, you can just see the effect that large roads have on nearby areas, it just destroys nature.
- closed standards
- double consonants that make no difference to sound. Dilema? Dilemma? Dillema? Dillemma? Please!
- social media websites that show stuff from people you don't follow when you don't explicitly want that, including things which are not ads, just random suggestions. Twitter starting being like that cirac a 2022. Facebook got worse around that time. It is a constant fight against those stupid websites.
- socks with short legs that don't protect your ankle/lower calf from cold/scratches/dirt, e.g. liner socks
- Presta valves. Why would such a flimsy tech have become so popular compared to the infinitely superior Schrader!
In 2016 Ciro made a script downloaded Facebook profile pictures.
This was possible at the time without any login by using a 2010 profile ID dump from originally announced at: blog.skullsecurity.org/2010/return-of-the-facebook-snatchers since profile picture access was not authenticated.
The profile ID dump was downloadable through a BitTorrent named on Ubuntu 20.04 gives:This dump widely reported e.g. on Hacker News at: news.ycombinator.com/item?id=1554558.
fbdata.torrent of about 2.8GB, mostly compressed. Doing:find . -type f | xargs sha256sum | sha256sum2c9a739c9c5495e38ebab81fc67411b7c6562f139dcb8619901a3f01230efdd5At some point however, Facebook finally started to require tokens to view public profile pictures, thus making such further collection impossible, e.g. as of 2021: developers.facebook.com/docs/graph-api/reference/v9.0/user/picture mentions:This is also mentioned e.g. at: stackoverflow.com/questions/11442442/get-user-profile-picture-by-id. This major privacy flaw was therefore finally addressed at some point, making it impossible to reproduce this project.
Querying a User ID (UID) now requires an access token.
Ciro downloaded 10 thousand of those pictures, and did facial extraction with: stackoverflow.com/questions/13211745/detect-face-then-autocrop-pictures/37501314#37501314
He then created single a video by joining 10 thousand of those cropped faces which can be uploaded e.g. to YouTube. Ciro later decided it was better to make those videos private however, as sooner later he'd lose his account for it.
Companies like YouTube blocking this kind of content is the type of thing that makes companies take longer to fix such gaping privacy issues, and is a bit like security through obscurity. A video makes it clear to everyone that there is a privacy issue very effectively. But people prefer to hide and look away, and then 99% of people who know nothing about tech get their privacy busted by actual criminals/government spies and never learn about it.
But now that Facebook finally fixed it, it's fine, no need for the video anymore.
Basically the opposite of security through obscurity, though slightly more focused on cryptography.
How do you think Ciro got his rep? Just kidding.
Stack Overflow later forbade Ciro from advertising this project as described at: Section "Ciro Santilli's Stack Overflow suspension for vote fraud script 2019". Those newbs know nothing about security through obscurity.