The Market Ticker
Commentary on The Capital Markets- Category [Stupidity]
Logging in or registering will improve your experience here
Main Navigation
Full-Text Search & Archives
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2021-03-01 07:53 by Karl Denninger
in Stupidity , 206 references
[Comments enabled]  

..... competence does not matter.

According to DDoSecrets' Best, the hacker says that they pulled out Gab's data via a SQL injection vulnerability in the site—a common web bug in which a text field on a site doesn't differentiate between a user's input and commands in the site's code, allowing a hacker to reach in and meddle with its backend SQL database. 

So Gab was coded without concern for SQL injection, which incidentally is trivially prevented by using parameterized calls to the database that prevents the injection of arbitrary commands.

In other words instead of having your code combine strings together to make up a statement like:

"Select content from postings where login = 'joe' and index = '12345'" the code instead has a static string in it that reads:

"Select content from postings where login = $1 and index = $2" and then the code puts the login and index numbers in an array of arguments that include elements $1 and $2.

The problem with the first approach is that if I can manage to get "joe" to instead be "joe\';xxxxxxxx" where "xxxxx" is a bunch of other stuff that looks to the SQL engine like two commands and what you wanted to happen isn't what you get.

Since the second setup doesn't include anything except arguments all that happens if someone tries it there is an argument typing error which returns nothing.

This has been known since, oh, roughly forever?  Who the **** in 2021 is coding up applications without using parameterized calls to a database backend?

I literally cannot count the number of attempts at this which are made against The Market Ticker on a daily basis; it's a wildly-popular thing to try to do to various web-based applications in the hope that the authors of the code were stupid.

I leave the rest of the analysis as to who was what to you; it shouldn't be all that tough to figure out.

View this entry with comments (opens new window)

2021-02-20 10:13 by Karl Denninger
in Stupidity , 397 references
[Comments enabled]  

Just remember folks, the Chinese would never do that.

Target you for death, that is.

Just like they didn't do this.

In 2010, the U.S. Department of Defense found thousands of its computer servers sending military network data to China—the result of code hidden in chips that handled the machines’ startup process. 

In 2014, Intel Corp. discovered that an elite Chinese hacking group breached its network through a single server that downloaded malware from a supplier’s update site. 

And in 2015, the Federal Bureau of Investigation warned multiple companies that Chinese operatives had concealed an extra chip loaded with backdoor code in one manufacturer's servers.

I reported on this when it first broke, if you recall.

They have been at this for at least ten years, and probably longer.

Do you think they really wouldn't attempt to do this sort of thing with trying to target the antibodies produced by our vaccines in the west, which they have banned in China itself, preferring instead to develop and use a Covid-19 vaccine that is an exact duplicate of natural infection like virtually every vaccine in history despite theirs being "inferior" in terms of protection -- or so everyone says.

If you're wrong about the Chinese targeting your computer your data gets stolen.

Let me remind you: Trump had these jabs developed at "Warp Speed", short-circuiting animal studies and human trials unlike every other licensed vaccine in the United States including Chicken Pox (varicella) which took twenty years to license.

There is no public record of any sort that shows they considered that these shots would produce a distinct antibody that nobody in the natural world would ever have, and thus that for the first time in human history an adversary could potentially target a bioweapon at that distinct antibody which could only occur in a person as a result of taking said jab.

And, of course, our CDC, State Health Departments and our President and "Covid Task Force" are all parading around telling us that the jabs are absolutely safe and well-tested, using people as human props on a daily basis playing virtue-signaling games to get you to accept prophylaxis even if you already had the disease and thus have immunity or are at such a low risk of dying from the disease you're more-likely to be killed in a car accident over the next six months.

Never mind that the United States as a whole reached herd immunity, as a matter of documented fact, and which was true in most states and locales in the nation, prior to the first shot going in the first arm and cases have continued to collapse since.  In short the epidemic was over before we delivered the very first jab and while there are people for whom despite these risks the shot probably makes sense on a risk:reward basis on the math and on the science this is not true for the vast majority of the population.

If you're wrong about the Chinese -- or anyone else that doesn't like us very much -- being able to target that unique antibody pattern we are now injecting into tens of millions of Americans, including a huge percentage of our military then  down the road you are going to witness death on a mass scale and there is exactly nothing you will be able to do about it if it happens.

That's the bet, and this is the history of Chinese actions of this general sort targeting the stupidity of our government, businesses and population.

I'm not anti-vax and never have been.

I am, however, strongly anti-stupid.

View this entry with comments (opens new window)