"I hate this fucking place too."

My passengers ask how I like living in LA.

"I don't know. It's pretty. I work my ass off all night and day and I have nothing to show for it."

Most of them exhale in relief and say something like "I hate this fucking place too."

Trust fund kids dressed to kill. They're going off to live it up and do whatever they're off to do. I live vicariously through them as I shuttle them to various places I either can't afford or don't have the clothes for.

I've got that whole "on the outside looking in" thing going on and yet I'm learning where the street festivals are, where the great jazz and Italian spots are hidden up in the hills.

I want to go to the jazz festival.

Or that art show.

I could.

One time I got summoned up some mountain in the desert just east of Palm Springs to pick up a hiker and I was like, mother fucker, this is amazing. I want to drop this dude off, log out, change into some sneakers and hike this trail myself.

I should have.

"What is there to do in Palm Springs?"

"Uh, you can take the tram. It's awesome late at night after dark. I like to fuck off and drive around in the desert in a convertible at night. Anything else in Palm Springs, you're pretty much going to need a penicillin shot afterwards."

"You need a what?"

Whoops, I'm talking to normies.

I hate bar time.

I hate dodging drunks and aggressive idiots in sports cars at 2am.

I do kind of like people on drugs other than cocaine. Fuck coke heads, though. I hate them.

"Fuck. My edibles just kicked in!"

I just giggle and put on The Orb or Glass Candy or something.

If your roll's peaking I'll rock the wheel a little.

I've driven this fucking thing on drugs they haven't even named yet.

It makes my day when a passenger recognizes some really obscure track I'm playing.

Or they sing along.

"Dude, you're into some Rose Royce tonight?"

Fuck yeah I am.

Having lived and/or been everywhere is an asset. There's a good chance I've been to your hometown and can place landmarks and spots there.

Posted at at February 11, 2018 on Sunday, February 11, 2018 by |   | Filed under:


Sometimes I have this thing for taking in strays.

These days I am a little more cautious about who / what I take on.

I've known this one for about two years now.

He just kind of comes and goes.

He'll have a lucid moment now and again and he's like "can we go out, like on a date or something?"

Or, you know, "Can I go to a meeting with you sometime?"

You shrug and you're like sure.

And then he disappears again.

I just up and randomly kissed him in an elevator last spring, he didn't even remember who I was.

I thought it was funny.

He's a tough case when he's coming down.

Screams in his sleep.

Thinks you're out to get him.

Thinks something's out to get him.

You're laying there thinking, mmm, it probably would not be reassuring in the slightest if you said you had a Glock 42 and a Steyr within arms reach.

I've calmed him down and he kinda trusts me now and yadda yadda.

I put lotion on his cracked heels and he was suspicious as fuck that I was doing something other than applying balm to his feet.

What's in it for me?

Eh, he cuddles.

It's platonic as fuck.

Fuck my life. I have to ask myself, is this what you really want?

He stayed three nights and got geeked out again.

I knew from the first text.

Spidey sense.

You're like "ok, this is bullshit, he's ... "

There's no feelings or expectations here. This more like a "you problem."

He asked if he could stay.

I don't have it in me to deal with the night terrors and the screaming and this whole process twice in one week.

I find the thought of reassuring him that I'm not a bad dude all over again to be kind of depressing.

Posted at at February 10, 2018 on Saturday, February 10, 2018 by |   | Filed under:

"What encryption?"

Let's talk about Server Side encryption.

I will simply say that it's not even necessary to "crack" the encryption if you have elevated privileges on the server, or have backdoored either endpoint -- or if you are able to exploit weaknesses in the hypervisor or cloud platform to access processes running on a VPS, virtual machine, shared hosting, etc.

This information is for you, and to warn you about the security of your VM/VPS if you do not manage, own, or restrict access to the physical hardware. This is not to suggest this is an intelligence practice. I don’t understand what they’re doing there but unlike you I don’t think they need access to either endpoint to decrypt things.

Update: I used UnrealIRCD as an example, I can’t confirm if this works in an updated release — just use the same strace command and play with some other process, please bear in mind this is about strace being able to intercept an encrypted payload from a local process, not UnrealIRCD.

Here's a thread about the mythical "spy module," where they'll ban you from their forums and put you on their naughty list if you discuss it.

256AES ? Oh, that's cute.

Wouldn't matter if it's 512AES.


You can get cleartext unencrypted data in transit from any process with the following command:

# sudo strace -p $PID -f -e trace=network -s 32768

$PID being the process ID you want to attach to.

Eh. Encryption? What encryption?

Never heard of it.

Is your VPN running on some VPS?

Check your ingredients.

What's my point? Client to server (server side) encryption is easily decoded as illustrated. This would not work in the scenario of peer to peer encryption directly between the two clients although either endpoint could still be exploited / compromised locally on the client exactly as described here. 

Posted at at February 06, 2018 on Tuesday, February 6, 2018 by |   | Filed under:

"So, why are you still single?" Catalogue 46, volume 17.

And this one time, in band camp, a SWAT team raided my house.

I came to learn of an exchange on the air between Madison radio hosts Zak Rogers and Vicki McKenna:

"You know who that is, right?"


"That's the guy who came in here and set up our webcam in the studio."

"That guy?!?!"

She said I was sweet or something to that effect.

They were a little somber after that.

I had been dating one of the country DJs briefly and he wasn't especially impressed.

It was front page news but all traces of it quietly vanished.

The outlets reporting on it were all Lee Enterprises assets and I used to work as a contractor for them, I even made house calls to the editor of the Capital Times.

I was known to some news/radio/media people into town who didn’t immediately make the connection that I was “that guy.”

But when they did the whole story went down the memory hole. I don’t know if it was a favor or if they just would have found it embarrassing for someone to point out that I was one of theirs.

I did a bunch of ecstasy with one of their managers and fucked him so who knows who was pulling for me. I didn’t get charged and everything related to this was scrubbed off of the internet.

I love how my last evaluator scowled and wrote “raid” in BIG PRINT and “ “ air quotes “ “ like she thinks I’m a total fucking nutter and making that up.

She didn’t believe a word I said.

Posted at at February 05, 2018 on Monday, February 5, 2018 by |   | Filed under:

Spoober 💡

I’m developing a hookup app called Spoober that works exactly like Uber: It dispatches you to your next load while you’re finishing up the current one. It’ll get rave reviews in West Hollywood.

Posted at at February 04, 2018 on Sunday, February 4, 2018 by |   | Filed under:

Define “spiritual.”

“I think I know who you are. We met a few times and had spiritual sex.”
Spiritual as in, was my head spinning around while I masturbated with a crucifix and spewed green vomit and yelled "LICK ME! LICK ME! YOUR MOTHER SUCKS COCKS IN HELL!" ?
Profile information: “Looking for hung tops. Taking raw loads.”
Fuck, you know what I like. But that describes every faceless profile from La Cienega to Sunset.
No other info.
“Could you... be a little more specific?”
[No response.]

Posted at at February 04, 2018 on by |   | Filed under:


I saw a bumper sticker that says “The closer you get, the slower I go.”

I snarled and woofed.

I don’t think it means what I hope it means.

Posted at at February 03, 2018 on Saturday, February 3, 2018 by |   | Filed under:

I'm Goin' Down!

I can't help it. Every time the elevator says "going down," I bust out and sing "CAUSE YOU AIN'T AROUUUUUUUND, BABY! My whole world's UP side down!"

Posted at at February 03, 2018 on by |   | Filed under:

[No Such Agency] - Happy FISA Memo Day!

What happens in Room 641A and others like it?

Do they "tap" into your home internet connection or something?

Nope. They vaccuum up everybody's traffic whether they're a target or not.

The ISP has no way of knowing what they do with the data, whether they followed the rules or not.

The NSA has employees who are known to have abused these tools to spy on spouses and ex-lovers.

This court order for surveillance does not allow them to establish surveillance.

It's all being hoovered up already. 

ALL of it.

The court order is what supposedly allows them to peek at it.

Even if you were not a surveillance target in the past, once an order is obtained they can go back in time and mine through whatever they've stored on you or your close contacts. See PRISM surveillance program. From that point forward they can be alerted to your future activity.

They're going to do it anyway with or without a court order.

About this FISA memo chatter -- There are allegations that the data is being abused and peeked at without proper due process (and that is 100% confirmed in at least one case by the issue with the NSA employees stalking their spouses) or in the case of this memo, based on false allegations presented to the FISA court, which we now also know to be true.

These concerns are substantiated and this is being abused, end of story. 

I am going to summarize how this works and how they accomplished that

The so-called "NSA rooms" are already publicized and/or the subject of litigation from the EFF but the rooms themselves are in practice not any more special or technically different than an undersea cable tap or any other place where interception occurs.

The so-called "NSA rooms" rooms are real by the way: I worked at the AT&T CO in Brookfield Wisconsin. They had one of those rooms as of 2007 and we were not told anything about it other than the fact that it was a spooks-only zone and they're all over the company.

Although not involved in that, the underlying mechanism is used for several other non-government / private industry applications of the same principles that I have in fact been involved with. The design and the infrastructure has the same end goal: Snooping on "free" wifi users by private entities hosting the free wifi and doing whatever the fuck they want with that data, as opposed to a government entity.

That's a whole other subject. 

What is occurring?

They probably establish a span/monitoring session for the monitored customer network and spoof the MAC address of its gateway, then configure the device spoofing the gateway for an inbound only traffic policy so that it collects (but does not acknowledge) all of the traffic destined for the other endpoint simultaneously with the intended destination.

Since there's too much traffic to be analyzed, they narrow their selection down at the collection point to data that is meaningful to them -- such as search queries, cookie/session IDs, etc. 

Updated post 10/12/2019.

They want the following:

- The TRAVELER program maps out social networks by mobile devices that travel together. And so much more. Jamie Rishaw and I owned the shit out of Manhunt and gay.com and you’d be horrified at the mapping we did and assumptions we made based on simultaneous WiFi access at a given location, and then later on with geolocation. You think the cops don’t do this? LOL

- Search terms used, there's like a rolling three day buffer on everyone and everything. Maybe your session with Google is in SSL (like that's ever stopped them before) , but the URL you requested isn't. 

As far as we know they can go back three days on this data and that is what is documented as of Snowden's leaks. It could be much longer at this point. If they're interested in what you have been up to, they will find out. They have everything you've accessed, they have everything I've accessed. Everyone is a target. And if you're interesting to them they can then go after you by convention means (NCE backdooring your device, infecting it, infecting your mobile device when you sync it via USB)

- Use a VPN service? hahahahahahahaha cute, that just makes you even more interesting to them.

- Entire contents of e-mails.

- Honeypot systems: Entire VPN providers, chatroom applets (hi there, kiwi) , URL shorteners, file sharing/upload systems created and hosted by spooks for the benefit of the public -- additional data points.

- Entire contents of IRC conversations - Private Internet Access now "sponsors" KiwiIRC (cough, spooksville, cough) and rumor has it that IRCCloud puts everything into Splunk for future analysis. (This is why I self-host Kiwi, but you're fucked anyway, there'll be 5 people vacuuming everything up to IRCCloud... this makes end to end encryption totally useless .. another argument for disabling private messages and encouraging people to not say anything they wouldn't want anyone leaning against the wall to read.)

- They will redirect a file that you wanted , to a proxied and infected copy of the same file, so you might think you're getting www.totallytrustedserver.com/cool.pdf , but when you access that URL you're getting www.nsahostedinfected.com/trojan.pdf -- this is called a QUANTUM implant.

- Let me repeat one more time for everyone in back: Everyone is a "target."

- Identify you as the user of a device: You download an app with your App Store ID, you log into a popular service, you check your e-mail, you log into something like Reddit, something to where in the cleartext they can snag one or more cookie/session IDs or cleartext logins in a URL, and go, "here's the subject using this device." Even if you're accessing another system "anonymously" they have enough correlating data points on your device to sniff out who you are. They are in everything.

- There's a scary list of shit they can do: Identify MAC addresses of those who authored/read documents and whose hands it passed through. Enumerate all users of a VPN service. If you ever used a credit or debit card in conjunction with any kind of service, you're identifiable, end of story.

- Oh, but I have end to end encryption: Aren't you precious? If they backdoor either endpoint, or the physical system hosting your VPS (the TOR relay you're on, the VPN node you're on, the cloud based system you're storing your org's data on) you're fucked. They cannot break strong encryption methods at this time but they can easily break it by raping the local process on a compromised handheld, desktop, or cloud system -- as a cloud consumer or cloud provider you would be handing everything over and not even knowing it. I can easily intercept "https" secured credit cards in transit in commerce if I have access to the physical service and in many cases these days "https" is a farce tacked on by the front end provider ie Cloudflare, you'll see a padlock icon but that protection only exists between you and Cloudflare. https://blackhole.fadingstar.net/2018/02/encryption.html

- Apple devices, compromised locally, do not even attempt to conceal that they are backdoored. They will take your "end to end encrypted" messages and shit everything into a sqlite database that gets siphoned off and shipped home. Tim Cook is a fucking anti-American cucked piece of shit, he's rabidly against jailbreaking and they're totally fucked with the recent "checkm8" exploit, Apple can't do anything to retroactively patch millions of devices. Can't wait for people to get smart enough to port tripwire to their iOS or Android installation! 

- Intelligence routinely gives this stuff to local law enforcement: They will never disclose the evidence or intelligence they used in discovery.

- Companies who have substantial foreign investment. They're mysteriously pro surveillance, pro targeting, anti privacy, pro censorship --------- Apple was one of the last ones to get on board and suck Xi's dick. Makes you wonder if China broke into the NSA's shit and has so much dirt on everyone and everything now that they're forced to act against our national interests.

COOKIES are the lifeblood of this shit -- Just when you thought these fuckers couldn't possibly get any less evil, advertising networks give the spooks everything they have on you: https://edwardsnowden.com/wp-content/uploads/2015/07/advanced-http-activity-analysis.pdf

JAVASCRIPT is one of the ways you will get redirected, raped, backdoored, and infected. It's hopeless.

And the sellers are starting to collaborate and abuse the shit out of this data to target you for sales or "personal interests." It's fucking scary that the second you accidentally click on a Facebook or Twitter URL they already know quite a lot of your life story. This needs to end.

Disable javascript/cookies where possible. If you can't or don't want to then go into parental controls and disable Safari, use the Firefox Focus browser and disable all four types of trackers.

If you want a dumb/casual reading device, get a new device, pay cash for the service, disable cookies and javascript, go into parental controls and disable access to everything. Never log into an App Store, never log into any website, never log into email. Use this device only to CONSUME content on the internet, and never to TRANSMIT into the internet.

Ideally it's a prepaid mobile device, turn off wifi and bluetooth and only use its cellular function unless you're on some free wifi you wouldn't normally use with your real device.

Have another device you use to engage with the internet -- email, popular services, etc -- use it sparingly and wisely and turn the fucking thing off when you are done with it.

TURN OFF FACETIME on your iPad/iPhone -- I am telling you that's still open in undisclosed ways. Fuck FaceTime. Worst protocol ever. Get rid of it immediately when you activate your phone.

Go read it all for yourself here: https://freesnowden.is/revelations/

You can cheat by breaking the rules of networking and there is no way to detect that this is occurring.

It's all collected and vacuumed off to... somewhere....  where it's indexed and searchable from there.

I didn't realize that what they wanted was ... just HTTP requests ... cookies, session data, and actual URL strings as of the time I wrote this but having reviewed "what they do with" what they collect on you I have a pretty good idea about some of the ways they even get it in the first place. I stand by "here's a method of interception that you can't detect as an end user or a service provider:"

If I had to take a guess at which platform would be capable of cloning the destination mac, being configured for an inbound only policy, hoovering all of that up, AND forwarding all the traffic out to a collection host my money is on the Cloud Services Router 1000V. 

Go ahead and install a demo version on VMWare and poke around. There's a type of license that you can't have and it has a *cough* awfully funny name: Stingray.

You know what a Stingray is, right?

Index 31 Feature: std_10M
Index 32 Feature: std_25M
Index 33 Feature: std_50M
Index 34 Feature: std_100M
Index 35 Feature: std_250M
Index 36 Feature: std_500M
Index 37 Feature: std_1G
Index 38 Feature: std_2500M
Index 39 Feature: std_5G
Index 40 Feature: std_10G
Index 41 Feature: stingray

It is a product that "could" do all of that and have a staggering amount of traffic shoved through it. 

The "stingray" feature index appears to be capable of unlimited I/O (i.e in excess of 10 gigs a second.)

Bear in mind the telecommunications providers are willing (or at least compulsory) participants who are paid millions (?) of dollars to provide access to these traffic flows pursuant to the requirements of the surveillance program so we can safely assume they willing provided a monitor session (or equivalent) on an interface and then they ran some fiber off to a room for the NSA to do whatever the fuck they want with it.

Let's configure this in the lab.

Create a monitor session on your core router, let's say its a nexus 7k:

monitor session 1
  source interface port-channel31 both
  source vlan 123 both
  destination interface Ethernet1/24
  no shut

Then on your monitor session at interface Ethernet1/24:

interface Ethernet1/24
  description SPAN Destination
  switchport mode trunk
  switchport monitor
  no shutdown

You can skip that and export NetFlow or IPFIX packets directly from an edge router, but then its configuration would be obvious and it would need to be an active member of the infrastructure rather than a passive add-on you've socked away somewhere slurping on a connection agnostically with respect to the make/model/vendor of the two endpoints. The vCSR is suitable for this task.

About NetFlow/IPFIX: https://en.wikipedia.org/wiki/NetFlow

"Standard NetFlow was designed to process all IP packets on an interface. But in some environments, e.g. on Internet backbones, that was too costly, due to the extra processing required for each packet, and large number of simultaneous flows."

Now we have "sampled NetFlow" which can be filtered to only collect certain traffic flows that are of interest to you thereby reducing the staggering scale of what we're proposing here. This feature is only available on the Cisco 12000+ and that may not be the equipment involved.

We can't force everyone to get this kind of gear on their edge or ask for direct control of it -- and it's not like we're going to give the NSA backdoor access to your core router, your edge gateway, or your customer's edge gateway to configure or manage this. It will have to work as I describe in order to meet functional reuirements. So that's why I nominate the vCSR as an example of an add-on with that capability built in that can be tacked on to any gateway whether or not it (it and of itself) supports this feature.

What I am talking about is introducing a vCSR in parallel, which is not something that is visible to (or configurable/removable by) someone in control of the endpoints.

In my lab I'm spying on a gateway device manufactured by Lucent and it doesn't have the capabilities necessary to export NetFlow let alone sampled NetFlow.

When the vCSR is introduced it doesn't really matter what the hell the gateway device is or whether or not it supports these protocols or direct/native export of NetFlow. 

The question isn't "how do we accomplish this?" the question is "how do we come up with a consistent recipe/methodology for accomplishing this that is 100% vendor/technology agnostic, can drop into any telecommunications provider no matter what is running underneath their hood, and cannot be detected, tampered with, or disabled?" We're going to introduce the vCSR in parallel to intercept the gateway and force export of the gateway's data via NetFlow whether it likes it or not.

Instead of speculating on the NetFlow or Sampled Netflow configuration, I will use IPFIX/NBAR as an example of spying on your internet gateway by forwarding a netflow off from the vCSR to a syslog server or proprietary collector at

hostname vcsr1000

subscriber templating
flow record RECORD
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match interface output
match application name
match connection id
collect datalink mac source address input
collect datalink mac source address output
collect datalink mac destination address input
collect datalink mac destination address output
collect datalink mac source address input
collect datalink mac destination address input
collect routing destination as
collect routing next-hop address ipv4
collect ipv4 dscp
collect ipv4 id
collect ipv4 source prefix
collect ipv4 source mask
collect ipv4 destination mask
collect transport tcp source-port
collect transport tcp destination-port
collect transport tcp flags
collect transport udp source-port
collect transport udp destination-port
collect flow direction
collect flow sampler
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect application http uri statistics
collect application http url
collect application http host
collect application http user-agent
collect application http referer
flow exporter SYSLOG
description SYSLOG_SERVER
source GigabitEthernet1
transport udp 4739
export-protocol ipfix
flow monitor MONITOR
exporter SYSLOG
cache timeout event transaction-end
record RECORD
multilink bundle-name authenticated
!class-map match-all CVA
match any
policy-map TRAFFIC
class CVA
policy-map type access-control MAP
interface GigabitEthernet1
ip address
negotiation auto
interface GigabitEthernet2 
ip nbar protocol-discovery
ip flow monitor MONITOR input
ip flow monitor MONITOR output
negotiation auto
service-policy input TRAFFIC
ip forward-protocol nd

Type "show ip nbar protocol-discovery" on the vCSR after a minute or two to verify it's collecting statistics. You should now have a UDP stream flowing from to on port 4739 that is sending an outbound flow of everything from your production network on vlan123 (invisibly to the endpoints on vlan123.)

Sounds spooky. Think you'll get away with just going to Starbucks or McDonalds?


People using AT&T's "hotspot" internet have their session mirrored off over a vpn (ipsec) connection ("CALEA tunnel") to the spooks in Virginia. They're already getting everything on everyone.

Why is Randall Stephenson (AT&T CEO) suddenly all in favor of an Internet Bill of Rights as there is all this talk and speculation about what we're going to find out about FISA abuse and/or surveillance mishandling?

He never gave a shit about any of this stuff his company has contracts open with the US government to do up until now. The only way out of those contracts right now is to create legislation that makes them illegal or will force the nature of them to be renegotiated within the letter of the law.

Disclaimer: I came up with this on my own time with my own lab gear. No leaks, internal communications, or inappropriate disclosures are involved. Configuring a monitor session or a NetFlow export isn't exactly a state secret.

Cheating the rules of networking by cloning the MAC address is a lesser-known way of configuring a sniffer host for an IDS/IPS but it works.

I was (briefly) a Checkpoint Firewall/IDS administrator for a multinational bank on their 24/7 threat and intrusion monitoring dashboard about twenty years ago ... right up until security caught me doing rails of cocaine off of my desk on third shift in case you're wondering why I know how to do that.

Ironically enough, one of the products we used was called "snort!"

Posted at at February 02, 2018 on Friday, February 2, 2018 by |   | Filed under:


I went to the beach on Sunday. I had no reaction to it whatsoever.

No peace, no calm, nothing washed over me. I left.

I worked for 29 straight days last month. 

Nothing was going to un-knot me or wind down the kind of stress I'm under.

I had a stadium to myself again for a brief moment before the event came on.

I wanted to bail before doors open but my customer was like, "Hey you look stressed out. Why don't you just hang out here and relax and watch the show?"


Nobody ever does that. I am not allowed to ask for access or favors but I am allowed to accept.

I shut my laptop down and I kicked it and watched the concert.

My last year or two flashed before my eyes for a second, just what all these eyes have taken in and where I've been from point A to where I was standing right at that second. 

I have photographic and a good strong visual/spatial memory and if I really want to think about all the pictures for a second I am all but overwhelmed by visual information, landscapes, blinky flashy shit, highways and oceanfronts.


I thought about that picture perfect afternoon on Sunset Blvd when I headed home thinking it was "game over" ...

[Narrator]: It was not, in fact, over.

Posted at at February 01, 2018 on Thursday, February 1, 2018 by |   | Filed under: