lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d68885cff84739d6e564ca4409959ae08cee67ec
hpr-knowledge-base/hpr_transcripts/hpr3664.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

379 lines
18 KiB
Plaintext
Raw Blame History

Episode: 3664
Title: HPR3664: Secret hat conversations
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3664/hpr3664.mp3
Transcribed: 2025-10-25 03:01:33
---
This is Hacker Public Radio Episode 3664 for Thursday the 18th of August 2022.
Today's show is entitled Secret Hat Conversations.
It is hosted by some guy on the internet and is about 18 minutes long.
It carries an explicit flag.
The summary is, you'll need your tin hat for this one.
Hello and welcome ladies and gentlemen to another episode of Hacker Public Radio.
I'm your host, some guy on the internet.
Today I'm just going to go through a quick little rambo something I've been thinking about for a while now but I never got to share.
I know you guys go read into your kitchen cabinets or where you keep your tin foil.
Go get a nice, big, you know, nice, nice long roll of it and go ahead and find a YouTube video on how to fashion a hat from it.
Now from this point, you're going to need that hat.
They're going to be probably future conversations where you're going to want that hat again.
So just, you know, be careful not to get rid of it.
You're going to just store it away somewhere where no one else can see it because they'll probably ask you questions you don't want to answer about it.
So if you're listening to this episode on a speaker, go ahead and turn it down or pause and go get a set of headphones.
Sorry, sorry about that.
Yeah, go ahead and get yourself a set of headphones.
We are going to discuss cell phones today.
Now, one of the things I've been thinking about is how the cell phone is like our greatest...
or let me not say out, let me just say my...
The cell phone is my greatest attack surface.
It's a proprietary device that I cannot walk out of the house without,
not because I need to have the cell phone as much as the next guy.
I think I need to have the cell phone, you know, for work mostly and there's obviously family as well.
But that's the rub right there, that's the catch.
Because they've convinced so many people around us to have these things,
if you, the one guy, does not carry a cell phone,
that somehow puts you at a tremendous disadvantage in society
because you aren't able to, you know, receive communications.
You can't talk to people and they can't send you messages you don't need,
like, you know, cat videos and whatever else or, you know,
tell you about the meeting that could have just have easily been an email.
You can't learn about the meeting, that is also mandatory by the way.
Now, just putting the cell phone in everybody's hand,
does it make it the attack surface?
What makes it the attack surface is the fact that we have never upgraded our phone systems,
so for instance, the phone number, the thing that is supposed to be unique to everyone can be spoofed.
So someone can call you from your mother's number,
even though they're not your mother and they're not at your mother's house.
They can be anywhere in the world and just use her phone number to contact you.
You get what I mean?
And I know you might be saying, okay, your mother's that,
that's gonna hear the voice and know it's not your mother.
But what if it's from your bank?
What if your bank calls you suddenly and tell you there's an issue
and, you know, they've got some information that seems like they're really your bank?
You haven't been made aware of that recent data leak
because companies aren't required to report it immediately,
at least not in the US.
By the time you hear about a data leak, it probably happened last year or two years ago, even.
You know what I mean?
So somebody's running around with really, really personal information about you
that truthfully, the only way they could have gotten that level of information
is if you personally gave it to them or they stole it from the person you personally gave it to.
So here's the thing, you calling me from my bank,
you've got information about me that only my bank would know about.
I mean, really personal stuff.
And I now believe this is the bank.
It's the correct number.
You've got the correct information.
I mean, why else would you have that information unless you're from the bank
and you're calling me from the bank's number?
So when you're telling me, you need me to verify who I am
and you're going to send me a code.
And I send you back that code.
And now you have confirmed who I am.
And oh, now there's no longer a problem
because I have verified who I am
and now you just, you know,
inform me on yada yada blah blah
next thing you know my bank accounts empty, completely empty.
And of course, when I go down to the bank to try to figure out what's going on
because I talked to someone and so on, they told me it was fine.
Uh, that person doesn't work here.
blah blah blah blah.
Suddenly, we got a major issue here
and there's no possible way to fix it
because the system was desiring so long ago
it was never updated.
Anybody can do this.
Anybody can just go around with whatever information they've stolen or purchase.
Maybe they didn't steal it personally, but they can purchase it from someone that stole it
and just spoof a number call you and do whatever they want.
So now I want you to take that bank scenario, fold it up nice and neat, put it in your pocket.
Keep that with you because you're going to need to remember that for future conversations.
Right? That's the bank topic
and you've now got it in your pocket.
We found a way to try and open the cell phone itself up
as much as we possibly can to try and eliminate the cell phone itself being the problem.
But it is the system that the cell phone is created for that is still the issue, the software.
So you get a pine phone, the most open device that we have at this time
that is still a development device.
By the way, I like to point, keep that in the minds of everybody.
Don't just run out.
Think you're going to get a pine phone, open it up at the box, attach it to a network
and begin using it like you could your iPhone or whatever else you have.
It still requires some knowledge to use.
So you got this open device and even the developers of the pine phone tell you
there's even though this device is as open as we could possibly make it.
There's still things within the device that cannot be made open.
Like I believe it was the modem or whatever.
That cannot be made open because, you know,
the people who license you to use this technology,
tell you that it must not be open, you know, for whatever reason.
You know, they just make up anything, national security to have it.
That's a good enough reason.
Isn't that the reason for anything nowadays though, right?
Like if we don't want you to know something, it's for national security.
So don't question it even if you start questioning national security,
that makes you the bad guy.
Alright, so we're back on track.
You got the open device, the most open-aid device could possibly be.
And let's pretend that it's actually market friendly.
You can just buy one, put in a SIM card, you know,
attach it to the network and begin using it like any other device on the market right now.
It still will not help you because you're still using a flawed network.
People can still perform the exact same tricks on your open device
as they could on your close source device.
So one way or another, the attack surface has not changed at all
because you're still using the device.
You still got to get the message about the mandatory meeting
that could have just easily have been a memo tucked inside of an email,
an encrypted email, and sent to all the people that's supposed to have it.
But because management can't be bothered to learn, you know, new things.
A bunch of one trick pony desk jockeys that must just demand you go to the building
and attend a lecture about complete horse excrement.
You have to have that cell phone with you.
And of course, you know, there's also family, all the people you love.
They love using cell phones because social media, et cetera, et cetera.
I'm not going to go too deep into all that.
But think about it.
Now, for those of us who have learned to use things like element,
I mean, think about how much better the world could be if we just started adopting a matrix protocol.
Imagine if, say, for instance, banks and other things were using this protocol
to communicate directly with users.
Say, say, for instance, society decides that, um, okay, users, if you want to,
you could register an account name with your local government, right?
And that account name is yours.
It's, it's, it becomes a part of your ID, your identification.
This is now attached to your registered number with the government,
because names don't matter.
You're just the number to the government.
Make sure that, that tin foil hat is on real tight now.
All right.
You don't want any of this information to be leaked out.
You don't want anybody to be able to peek into your brain and see this information right away.
All right, all right.
I'm, I've calmed down now.
We're back, we're back on track here.
So you got your ID that is on the matrix protocol.
You got a handle, if you will.
You can use any client you want, element, whatever else is out there that you want to use.
And you can receive encrypted communication because this thing has security built into it, right?
So your bank is on that network.
They've got their own instance, their own servers or whatever.
And you can federate with it.
So you can receive direct messages from your bank.
That's an encrypted channel that only your bank has access to.
And you know, trade keys or whatever.
And this is only if you want to, right?
If you don't want to, then you don't have to, right?
You can still stay with the phone system until eventually that goes away.
But right now, there's also a more secure method available.
And with this new, and we're only using element because right now, or, or matrix,
because I can't think of anything else right now.
All right.
That and the misses took the baby to the store.
So I got a limited amount of time to go ahead and get this thing recorded without a toddler climbing on the top of my head.
And the misses chatting with me about coupon. She found online.
Pro tip, when your misses decides to go to the store and you want to record an episode,
give her a call shortly after she leaves the door and say,
hey, honey, I just transferred over a couple hundred dollars over to the joint account.
Use that to go buy something.
That'll keep her gone longer than if they get an episode out.
All right. Now, where was that?
We were talking about having this, this ID that the bank has.
The bank sends you their, you know, key, the encryption key or whatever was the public key.
So that now you send your public key to them.
The keys form this link of communication.
Now all communication between you and the bank are secure.
Or however, element does it because I'm not entirely sure how the encryption works with the,
excuse me, not element matrix protocol.
I'm guessing that you exchange keys like with SSH,
but if you don't, maybe it's handled automatically.
I'm not sure.
One way or another, the keys are changed.
Communication is encrypted.
And here's another wonderful thing, even if it wasn't encrypted.
Even if it was just, you know, well, we wanted to be encrypted.
Let's just keep it as encrypted.
However, the encryption happens, you're not communicating.
Say somebody tries to pretend to be your bank.
Well, you have a contact list with your bank in it.
And if they're not on that list, they're obviously not from your bank.
As far as we know, currently you are not able to just pretend to be somebody else on matrix.
Unlike you could don't like say Facebook or whatever,
where you could shout out to a hooker once again,
who told us about, you know, member cloning Facebook accounts,
where people say that the account was hacked when in actuality,
it wasn't hacked.
It was more of a social engineering attempt where they cloned in account,
use some of the same images, et cetera, et cetera.
Just go check out a hooker and look for the show there.
A lot of great stuff.
Back on track, you can't do that with matrix at least not right now.
And it's open.
So even if somebody wanted to attempt that kind of thing,
you'd see where the flaws are,
and you can actually point them out and stop it from existing as long as it has now
with our current phone systems,
with you just being able to spoof any number,
or clone any number,
and pretend to be home ever else,
with the stolen information you're running around with.
So right now, if there's a second or a third,
Ken Valley account that starts contacting me going,
hey, I lost my password.
Could you send me the password that I am about to send to you
so that I can get access to my old account?
You know how that stuff goes out there now with all these scams?
How they do that?
What is it, the TOTP codes?
Well, it's not going to work here,
because I actually have the original Ken saved,
and I could just contact him, hey, Ken, did you lose your information?
And are you trying, which I know he's not, you know?
I know that would not happen to him anyway.
I only talk to people who are involved in the Geeks fear,
so it'll probably happen with, like, say, a niece
and nephew or cousin of mine,
where they'll probably sign up today,
lose their credentials tomorrow,
and have to create a new account,
and then just say that they were hacked,
and, you know, they just actually forgot everything.
And this is the part of the episode,
where if we had sponsors,
you'd probably throw in a sponsor for a password manager,
or something like that,
but since we don't, you know, go figure it out.
Plenty of episodes out there about them.
Go check one of them out.
But I mean, just stop and think about it for just a second.
If we could actually improve our communication,
where we no longer need cell phone numbers,
but we actually had handles or IDs,
and we could eliminate the whole spoofing
and account copying that that currently happens
with the cell phone numbers,
and I give you the example by Facebook,
so you can better understand,
if you're not a complete, you know, hacker, tech junkie,
whatever you want to call it,
if you're just new to this,
if you just found out about HBR yesterday,
and you popped in and listened to this episode,
that's why the Facebook reference was in there.
For everybody else, you understand.
You'd have far more security,
just because you eliminate an old deprecated system
that's closed source,
and we don't even know if there's being new development on it.
I don't know how our network systems work,
but I can find out more about Matrix right now.
You can hear what I mean.
It's like right there.
I can just go to it and start learning about it.
I can find out who's working on it.
I can contribute documentation.
I can donate money to it.
You get what I mean?
So it's fantastic.
Pro tip, that's how you become a super hacker.
You find a project that you really like,
contact somebody that works there, say,
hey, I'll give you, you know,
a hundred bucks right now,
put my name on a wall somewhere,
and say, I contribute it.
Boom, look at that.
All jokes, all jokes aside.
But seriously, if we could have a more secure
way of communicating with one another,
I don't even phone call some of my friends anymore.
The people that I actually talk to
and hang out with outside,
I don't even call them anymore.
We chat on Discord,
because I know better than to tell them about
element and signing up for it.
I know how that's going to end.
Discord is easy for them to sign up for,
unless you were invited to the server where we chat,
you can't just really break in and,
you know, listen to the conversation.
And because most of them also understand
the same way you don't just send,
you know, private information
through a text message,
like you don't see any social security number
or anything stupid like that,
through a text message.
So you also know better than to do it through Discord, right?
But Discord is a more secure way to call each other to chat
and speak with friends.
It's also easier.
You ever tried to do a three-way call?
You know how three-way calls work,
especially when one person has to leave
for a moment or two,
because they got a call,
and then when they're done with their call,
they call you back and say,
hey, now put us back on three-way,
so you have to do it.
It's a hassle.
With Discord,
I just leave the chat,
go ahead and do the phone call thing
and then pop right back into the chat,
because it's still established.
You know what I mean?
Super easy, super simple.
Imagine if we could do that with regular cell phones,
get rid of the cell phone number
because the cell phone is actually just a computer.
How about just use it more like a computer?
All right, you know,
almost say it's a word's there,
but you know,
just use it more like a computer.
It'd be so much better if we could do that, right?
It kind of reminds me before I get out of here,
because I'm about to reach the 20-minute mark
and for these kind of rambles,
I want to keep them under 20 minutes.
There was a guy talking about the calculator
and how the old design of the calculator
was just, you know,
not, it's not modern
and we shouldn't be using it.
We should actually be using something
that looks more like an IDE
instead of the old school calculator.
But I'm pretty sure what's it called?
Texas Instruments would probably sue you
into oblivion if you tried that.
So, have a nice day, ladies and gentlemen.
That'll be our next rep patents
and, you know, coffee rights and all of that.
We'll break out the tinfoil hat again for all of that.
You guys take it easy?
And thank you for listening to another episode
of Hacker Public Radio.
I'm your host, some guy on the internet.
Now, it's safe for you to take off that hat, fold it up,
put it somewhere safe for the next episode.
You have been listening to Hacker Public Radio
and Hacker Public Radio does work.
Today's show was contributed
by a HBO listener like yourself.
If you ever thought of recording podcasts,
then click on our contribute link
to find out how easy it really is.
Hosting for HBR has been kindly provided
by an honesthost.com,
the internet archive, and our sings.net.
On this otherwise stated,
today's show is released
under Creative Commons,
Attribution 4.0 International License.
Reference in New Issue View Git Blame Copy Permalink