Tech Over Tea - The Complex World Of Malware Analysis | Eric Parker
Episode Date: November 8, 2024Today we have Eric Parker on the show who you may no from his malware analysis videos or maybe his Linux related videos, he's been around for quite a while you should go and check some of them out. ==...========Support The Channel========== ► Patreon: https://www.patreon.com/brodierobertson ► Paypal: https://www.paypal.me/BrodieRobertsonVideo ► Amazon USA: https://amzn.to/3d5gykF ► Other Methods: https://cointr.ee/brodierobertson ==========Guest Links========== YouTube: https://www.youtube.com/c/ericparker Twitter: https://x.com/atEricParker ==========Support The Show========== ► Patreon: https://www.patreon.com/brodierobertson ► Paypal: https://www.paypal.me/BrodieRobertsonVideo ► Amazon USA: https://amzn.to/3d5gykF ► Other Methods: https://cointr.ee/brodierobertson =========Video Platforms========== 🎥 YouTube: https://www.youtube.com/channel/UCBq5p-xOla8xhnrbhu8AIAg =========Audio Release========= 🎵 RSS: https://anchor.fm/s/149fd51c/podcast/rss 🎵 Apple Podcast:https://podcasts.apple.com/us/podcast/tech-over-tea/id1501727953 🎵 Spotify: https://open.spotify.com/show/3IfFpfzlLo7OPsEnl4gbdM 🎵 Google Podcast: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy8xNDlmZDUxYy9wb2RjYXN0L3Jzcw== 🎵 Anchor: https://anchor.fm/tech-over-tea ==========Social Media========== 🎤 Discord:https://discord.gg/PkMRVn9 🐦 Twitter: https://twitter.com/TechOverTeaShow 📷 Instagram: https://www.instagram.com/techovertea/ 🌐 Mastodon:https://mastodon.social/web/accounts/1093345 ==========Credits========== 🎨 Channel Art: All my art has was created by Supercozman https://twitter.com/Supercozman https://www.instagram.com/supercozman_draws/ DISCLOSURE: Wherever possible I use referral links, which means if you click one of the links in this video or description and make a purchase we may receive a small commission or other compensation.
Transcript
Discussion (0)
Good morning, good day, and good evening. I'm, as always, your host, Brodie Robertson.
And today, we have a YouTuber, a security researcher, and a guy with a really soothing voice on the show.
Welcome to the show, Eric Parker. How's it going?
Well, I guess I should just as usual say, hello, buddy, my name is Eric, and today I'm here with Brodie.
Yeah, it's good good good to be here
yeah it is a pleasure to have you on the show um what just one random question how did you
actually find my channel because the way i found out about your channel is you randomly commenting
on one of my videos okay well i oh i've i've known about your channel forever but i think it was one of your it's probably something about
one of your linux updates i just because i i often search for linux videos and i probably
just saw it and thought oh all right let's see fair enough fair enough because i mean i've been
using uh linux for a pretty long time and aware of it. So whenever we see, yeah.
And there's not that many people in the Linux space anyway.
Like obviously if you go out more into the like server space
and things like that, you will still see a lot more.
But on the desktop side specifically,
there's really only a handful of people.
There's definitely a lot more than when I started started but it's still a fairly like niche group oh absolutely yeah it's kind of like the the
amount of people doing you know security research stuff obviously there's a lot of
channels about like how to keep yourself safe but actually going and like analyzing
yeah testing stuff there's very very few people doing that at least
doing it in a uh good way oh yeah yeah no no no there's plenty there's plenty of uh
questionable content there is for i think everything so i guess for anyone who doesn't
know who you are uh briefly explain what you actually do on your channel. Okay, so what I do, well I get a couple of things. Sometimes I do general Linux or tech videos,
but what I do the most is a lot of security stuff, a lot of where I will test malware, sometimes
other things as well, and I will set up a virtual environment and then I will actually test
something to see how it works. Sometimes do more general concepts like where i was testing
how well or how not well a virus scanning works and occasionally occasionally news sort of videos
as well but like your bread and butter is like security and malware stuff. Yeah, it's very much malware testing and reverse engineering.
Yeah, I love this kind of content.
It is one of those areas where I've not really done much deep exploration myself
and really understand how all of it fits together.
Like, I understand the general high-level concepts, right?
Like, obviously, when you get into the more programming side of it,
like decompilation, things like that, like, that stuff all makes a lot of sense. But when it comes
to actually taking a bit of malware and breaking it down and analyzing it, this is something I
would have no idea how to do, and more importantly, no idea how to actually do safely. And i feel like a lot of people shouldn't do it but might benefit from uh
actually knowing how you go about doing so okay yeah so the first thing is and it inevitably
is going to vary depending on what you're dealing with because sometimes you have like one thing i've
covered a few times that's been quite popular is open source projects that
have various ways of sneaking the code in there either through obfuscation or just putting it
off screen so you don't see it so for that a lot of it is just looking at the code and being like
okay uh this doesn't look uh so actually before we get into i should just explain there's really
within the field of malware analysis, there's two main categories.
There is static analysis, which is analysis of the files, whether that's using a disassembler, which is a tool that can sort of decompile the code, or decompiler if it's like a Java
or Csharp or something.
And then there is dynamic analysis, which is kind of more exciting, which is when you
actually run the malware and either you hook a debug to it you try and or you can just let it run and use tools like a process monitor and
mitm proxy to see the internet activity and you can see okay what is this actually doing
you can analyze uh so that's the the very uh basic so in terms of doing that well for the for the dynamic stuff
what i would usually do and that's definitely how i started out is you set up a vm and you can use i
i've often used vmware workstation because it just works very well it's easy to set up and sometimes
i use kvm kernel virtual machine so you set up a vm and you install whatever operating system you want to test
on and then what i will usually do is i'll set up the network i'll install wireguard in the vm
and then i can set up a wireguard server with mitm proxy and then all the network traffic is
getting routed to the host so i can see what it's doing that's kind of the that's the easiest key the other tools i
like are um process explorer and process monitor from sysinternals and then we add sometimes just
going into the actual file which i usually if it's a exe or a l for a mac file i'll just use
a binary ninja i can open it up and get the assembly and try and go through that so obviously different malware is going to operate in very different ways but are there
general things you're looking for to at least initially spot something weird happening yeah
yeah definitely a big part of it especially is
circumstances like a lot of malware that targets users uh will promise something that is not
possible like to give you some simple examples download okay let's yeah yeah that's extreme
obviously that's like everyone knows that one's a joke but like uh uh i guess if you want
to do a game example like a fortnite skin swapper or fortnite yeah box infinite there is okay a v
box definitely there is actually a way of doing skin swapping on the client side but it's utterly
infested uh no another one would be like for example final cut pro for windows which we know will never
ever exist um so that's one red flag is when it's an implausible conclusion
uh the other one uh is just uh oftentimes the instructions will be kind of blatant
they'll say something like uh disable your antivirus and run as administrator. That should... Okay, okay.
Let's do that.
Yeah, and then other things to watch
out for, especially
always think about
for example, with cracks
and cheats to a lesser extent.
For example, if you're on YouTube
looking for something and you see a recently uploaded video,
would this be up here?
Like, would this stay up for any amount of time or would it be copyright claimed?
It wouldn't because YouTube will take those kind of videos down.
So it's another red flag.
Like, I'd say the biggest thing you got to rely on when you're looking for something unofficial is just, is this like an official looking, does this look like where it should be?
Can you trust the uploader yeah right and i i did notice in one of you it's probably happened a bunch of videos but one of the ones i was watching um you were looking for
i think it was a it was a mod menu for something and you'll run across a mix of actual paid
mod menus and then people pretending to be the paid mod menus. Yes.
That's exactly what happens. I'm sure it also happens very similar in looking for cracks
for games as well where it's ah, this is actually someone who's
linking you to the file.
And here's another person who's like, well, they're not going to know any different anyway.
So there you go.
Enjoy.
One thing I thought I would add, actually think of files is, okay.
Another big red flag is there are specific file sizes to watch out for slightly above
700 megabytes.
So you can't upload it to virus total
is one they like to do that a bonus point if when you put it in a zip it's much smaller that's
because they just added a bunch of zeros the other one i sometimes see is it's just way too small
like it'll say cyberpunk 2077 crack and it's 10 megabytes. Right. It's not going to be cyberpunk.
Yeah, it's...
It kind of reminds me of...
Well, actually, it's directly the same thing.
When, back in the days of things like LimeWire,
you download a song and it's like,
this is Linkin Park Nudivite.
It is 10 kilobytes.
It's like, hmm.
Hmm, is it now?
No virus. No. it now no virus no better i definitely um made that mistake a couple of times myself when i was a kid that uh that family computer was uh
not in the best of states back then
yeah so basically well that's that's at least the static side, right?
So, that's something you can, like, look out for when, but, like, before it's run.
But once you actually run it, what are you looking for?
Like, when doing that dynamic analysis?
Okay.
Well, in terms of, like i i'll give i'll give two answer first of all uh just as a user without
any tools what what is a very bad sign okay the worst sign is you run a file that says it's
something and either nothing happens or the absolute worst is it just opens up a hidden like terminal window for a few seconds right uh
that that's a massive red flag uh but otherwise uh i look and see okay what is it doing i can use
i can see the network like if it's a stealer right it's gonna take everything in your chrome cookies
and that's gonna be sent over that's That's concerning. Within that, what processes does it open?
Does it spawn a bunch of weird-looking processes?
Or on Windows, one to look out for is regasm.exe.
There's a way, that's a Microsoft process,
but there's a way of dumping,
or I think the proper word is reflecting the actual code into it so that
um so that you don't see what's going on so that's that if i see that spawning that's a massive red
flag so well i guess the other the other like really obvious red flag that you it it should
be so obvious you don't need to mention it is if windows
defender starts screaming at you the second you run it maybe think twice about going any further
the only trouble with that uh is so okay first of all antivirus uh is to some degree a game of
quid pro quo if you're um and especially things like game cheats and
and cracks will be detected as such right but the worst thing is um oftentimes because
virus like malware developers will optimize around what they call fud or fully undetected
so in a lot of cases when a new sample first out, it's not detected by any antivirus.
So, like, for example,
let's just say you're looking for a cracked version
of Sony Vegas.
I would generally bet that the one that's getting
all the detections is probably the real one, and the one that
has no detections is probably fake.
Okay.
Because that's an unfortunate problem.
Hmm.
I never would have even really thought of that.
Huh.
You can sort of tell, because you'll get in the detections,
it'll say something like hack tool, or game,
it'll usually say what it is,
whereas if it says something more, or different,
then that can be a red flag.
Well, yeah, if they don't name the file as well, they call it payload.exe.
Oh yeah, no, that actually happened.
Yeah.
No, no, or, uh, There was one that was like n-word.exe, and
someone on the Minecraft subreddit just noticed this was running when they were playing and they discovered that that was a massive red flag oh yeah it probably would be
another another simple tool you can use is something like detect it easy
that'll tell you if the file is obfuscated that's not always bad news but it's it can be it can be
a concern if it's like it's really it's impossible to see
what it's doing for anyone who's unsure can you explain what obfuscation means in this context
of course uh so obfuscation and this is related to packing is basically
like there are tools that exist that can open an executable file and try and figure out what it
does the obfuscation exists to make that more difficult.
So that can be either by hacking it,
which is essentially when the program
is actually a little stub that unpacks
the real program that then executes. That's one technique.
Or it can just encrypt things.
Like one easy technique, and on Linux and similar
operating systems you have the command strings, and you can just type strings and it'll one easy technique, and on Linux and similar operating systems, you have the command
strings and you can just type strings and it'll pull out the strings in something.
Well, because you can do that, some programs will encrypt the strings so that you just
get gibberish.
So that's obfuscation.
Sometimes it's as simple as the old school Caesar cipher where you just rotate the letters
so that it doesn't make sense.
So this isn't inherently a malicious thing, but it is something that malicious actors will use.
Yeah, no, there are legitimate reasons, especially for paid and commercial software.
Or sometimes it will just be a cheat developer that doesn't want people to copy their work.
But no, it can be a red flag especially especially
if it's not a place where it should be right so a lot of this stuff isn't it's a guarantee
it's going to be malicious but when you have a lot of these points it can start leading you in
a direction of okay maybe there is something weird going on here unless it literally just you know
again unless it just opens a uh window it's like hey you have now had all of your data encrypted
enjoy please pay up yeah yeah and sometimes if they don't encrypt the strings and you run the
strings command and you see things uh you see things that definitely shouldn't be in there.
Like any references to web browsers, if it's not split, like that's a big one.
References to cryptocurrency names, addresses, things like that should not be in there.
there are also processes that are completely like normal but to someone who is not uh yeah like a good example of this it processes that just sounds scary that you might not be
sure about if you don't know what you're looking for like uh rt kit on linux which sounds really
bad or anything related to cryptography, which is usually just shortened
down to crypto, you
shouldn't instantly assume that just because those things
are running, there's something bad
happening, but honestly,
they're really badly named processes, if you
ask me. Oh, I know, I know.
Yeah, I'm just looking at mine
right now on...
Yeah, we got some
XDG desktop. Oh, that's uh coat okay global excel okay okay i
see what that's doing yeah no and they'll just be hordes of them and on windows it's even worse
because you have like you'll have random motherboard drivers that just i i think it was
asus i once had this uh and i just remember it was like a string of letters and numbers
and i i really thought it was something weird.
And then I had to check it.
Yeah.
It was just nothing to be concerned about at all.
Yeah.
No, I just keep thinking, what is that doing?
So one thing I'm curious about, I'm sure a lot of people are as well.
Like when we talk about antivirus software, what is that actually doing on your system?
And how is it actually detecting things?
Okay, that's actually a 10 out of 10 question.
Okay, so there are a couple things you can do.
And modern antivirus will do most of them.
Although, like I've said before,
antivirus isn't in a great state because malware has gotten a lot simpler, which makes it harder to detect.
But basically, okay, the simplest thing an antivirus can do, and this is what something like ClamAV does, is you know how you can make a hash of a file?
And you can create signatures, and sometimes these can include bits of the file. So, for example, if you've seen a virus,
you can just create a signature that matches that
and then it will know the next time it sees that file it's a virus.
Now, the other thing in the old days,
and this is where the word virus comes from,
is viruses used to do something called infecting,
where they would actually put bits of themselves
inside of other programs on your computer.
And an antivirus could generally non-destructively fix that.
But the main thing it's going to look for,
depending on the type of malware,
is it will see, okay, is this doing things it shouldn't do
it'll watch every process on your system it'll look at what files it's opening writing to reading
to that's important and it'll say okay uh you don't belong here and there's a lot of difference
in approach like what you probably don't know is Apple actually have an antivirus that they make totally discreet, but it blocks.
It's called X-Core Protect.
Okay.
So that's, like, the most discreet one.
And then you have the very invasive things like Norton and McAfee, which are more in-your-face, and they'll say, virus has been detected.
So, and yeah, you can do,
there's sort of like more modern approaches as well
for enterprise,
things like ThreatLocker and VoodooSoft has something,
which works more on an allow list.
Like you'll actually have to,
if it doesn't know a program,
it will just block it.
Right.
Which makes a lot of sense in a corporate environment
where you know exactly what you're going to be running yes and it means functionally there's
there's no possible way around it uh so yeah they can do a lot of different things the other cool
thing that some antiviruses can do uh is symbolic execution it's like you know what an emulator does?
Well,
what if you could just,
in a homeless environment,
emulate the program and see what it would do
without ever risking
your real computer?
So a lot of antiviruses will do that to get around
obfuscation.
Okay.
Huh. So, obfuscation okay oh so basically the idea is when when a new bit of malware appears it's sort of a race to get that first discovered and then into the database of what the antivirus
can uh can deal with yes although there is, I guess,
one other thing I should say is there is something,
and I was sort of saying it with the behavior,
called a heuristic detection or behavior detection.
And these hugely varying quality
that should be able to catch something
that, let's say, for the ransomware example,
like if it starts opening and replacing files
in your documents folder,
a good antivirus even without
knowing is going to say hold up that's ransomware and stop it right okay so it's in cases where it
might not have a direct sample of it but it's behaving similar enough to or it has practices that are similar to other malware that it's like
this is probably malware let's deal with it even if we're not sure oh yeah yeah absolutely
i guess that can lead to false positives as well but i guess that's part of the reason why like
um program signing systems exist
where yes and that's why i said when i said antivirus is kind of a pay-for-play scheme so
for example there's this company called massive and what they have um it's sort of it's an app
monetization thing but rather than using ads it's kind of a cool idea where it basically it rents
out your bandwidth uh to so scrapers can use a portion of your computer's bandwidth okay and
there you have to it's legal because you have to agree to this like there'll be a thing when you
install the program it says you've agreed to this well that's gonna set every antivirus on the
planet off so what they had to do was there's this certification they got and they
had to get sort of exempted from the antiviruses it's also usually needed for things like kernel
anti-cheat yeah that's the example i was going to bring up because they behave very much like a
malware because that's to to to defeat the anti-cheat you must be a lower level than the
anti-cheat list that's the approach that they want to take to it.
I know there's debate about whether it should be done on server side or client side, but
at least that's the approach they're taking.
Okay.
So yeah, kernel anti-cheat is actually a good place to go.
Okay, sure.
Actually, what I would say is kernel level anti-cheat is functionally the same idea as
an antivirus.
Okay.
In the way that it, because those will also be using a kernel driver.
So yeah. So yeah, definitely though it can trigger things i i think a lot of the discourse about kernel anti-cheat uh very much
uh isn't the most informed and people people uh have some silly ideas like one guy is saying well
that's how they can get into all your data and it's like okay but they can do that in user mode too so what a kernel the main benefit is yeah like you were saying
if i can just load my evil kernel driver and put the cheat in there or just a stop that hides the
cheat i have now won the game of cheating so a kernel anti-cheat uh basically and you can see this on like league of legends
if you try and hook a debugger or anything into the game it just blocks you it loads first so it
makes sure that you can't have like uh evil driver loading in the background uh yeah and it has
more privileges and the other and this is how the CrowdStrike thing happened.
Kind of interesting thing about the kernel space on Windows is when you run apps on your computer,
they all have their own protected memory space.
This is called preemptive multitasking.
The kernel does not work like this.
Everything in the kernel, even though we call them kernel drivers,
functionally they are a part of the kernel and they share the same memory space which means if you do something
stupid uh it's bad it wasn't but also in that case wasn't there like a some config issue where
they just filled it full of zeros or something i don't remember the exact reason it was it was a
mess because there was a lot of misinformation that's all sure yeah to my end to my understanding
the actual problem was a regex that was invalid they'd done something where the kernel driver
was loading stuff from a file on the drive so it didn't get didn't go through microsoft's
testing they cheated their way out of that and then uh that what ended up happening is is there
was a memory uh error that yeah just creates a blue screen because it's in kernel space
uh yeah no that that is the unfortunate,
the drawback of doing stuff in the kernel
is that it can create kernel panics or blue screens.
And of course, it works a bit differently on Linux
because Windows, because it's a hybrid kernel,
has more in user mode than Linux.
There's more in kernel mode on Linux, but it's similar.
Right.
In terms of how it works.
Mm-hmm.
But at the end of the day, you could still do the same thing on...
Like, if you write bad Linux kernel drives, you're still going to bring down the kernel.
Like...
Oh, yeah, no, I wasn't saying that Linux was any...
I just meant, like, the differences.
And, in fact uh CrowdStrike um
while it got less attention yeah there was a Debian case yeah like a few months earlier
I think that was I'm sorry no I was just gonna say they broke Linux too yeah I think that was
mainly I think it was mainly um universities that were affected like research labs that were running it,
at least from what I saw, I didn't see any widespread
businesses
being affected by that one.
Well, because A,
Linux desktop is a pretty niche thing,
and those
tools, like CrowdStrike,
called EDRs, Endpoint
Detection and Response, I think,
is the word.
And it's something that you install, like the biggest thing they do is they protect your employees from themselves.
And you don't need them on servers.
So like the Linux servers that are very important don't really use them.
And even the desktop, because a lot of like
places that use linux desktop like google for example usually have very tech savvy and sort of
custom solutions actually you mentioned a good point there about protecting um protecting
at the employees from themselves i think this, a lot of people have started,
have like realized this now,
but when it comes to businesses being hacked,
a lot of it isn't people like,
you know,
breaking through,
we're cracking the firewall 90%,
70%.
Like,
no,
that's not how this works.
A lot of what you,
obviously there are businesses running software that is exploitable, but a lot of what you obviously there are businesses running software that is exploitable
but a lot of what you see in the form of these hacks and i believe this is what happened with
the nintendo or the uh the game freak um okay well i'll tell you the okay well what i was gonna say
so maybe it was different in the game for case but what i was gonna say was a lot of what you
have is employees doing something stupid like they they they go to a link and they have an info stealer and it takes their employee credentials.
And that's a common way that companies get broken into.
Yeah.
Yeah.
I was just going to share the embarrassing one that I was semi-involved.
You know, the Disney story, right?
The Disney leak.
Uh, I don't fully remember this one yeah well there's this guy who goes by
null bulge and he uh basically um he he'd trojanized some pirated mods for beam ng
and this disney employee downloaded on his work computer uh the pirated uh mods and what ended up happening is his uh
uh the slack has zero rate limits so if you get into someone's slack account you can just dump
everything uh-huh so everything in disney's developer slack since 2018 got dumped.
You can play the call game on the work computer.
That is incredible.
Don't. If you're gonna run
sketchy software, don't run it on the work computer.
That's just basic
advice.
No, it can be really, really
embarrassing.
And, like,
preferably,
just, like,
pay attention
to links you click
and, you know,
just...
Don't...
Try not to be stupid.
I...
Actually,
a thing that you
did a video on
was YouTube
scam emails
and a lot of them are getting relatively good.
The one that you had, their email address was bad.
Strange.
Yeah, I get a couple of those myself.
Where it's like, I represent...
Ray...
You know, Ray Chatelage is a bad example,
just because they have a lot of partners.
So I don't even know all of their official partners.
But I got one from, I think...
What's a good example?
Oh, Black Desert Online.
Like, I don't...
Firstly, I don't know why you're reaching out to me.
Secondly, that's a really weird address you've got there.
So, I...
There are definitely things you can spot in those cases,
but when they've checked all of their bases
and are keeping things
at least as close to correct as possible,
I can understand how people
who don't know exactly what they're looking for
end up falling for a lot of those like email
phishing or uh trojan installation emails that uh definitely do float around
yeah and i mean it's spray and pray because it takes them maybe a minute to send an email
right they can get a huge number of people
yeah basically be safe on the internet be safe on the internet be uh be careful about what you
download preferably pay attention to what you're downloading and if something seems
if something seems at least a little odd maybe
think twice about it and it could be completely legitimate but yeah yeah if it's setting off any
alarm bells at all check it just better better safe than sorry yeah and uh as well if you have
like if you realize you've made a mistake, I think this is actually really
key.
There is usually time, like if we're dealing with a stealer, where you can change all of
your passwords, log the computer that you ran the stealer out of everything.
There is probably time where you can shut it down before it gets started.
Yeah.
And in a, in a corporate context,
it's probably...
I know a lot of people would be scared about doing so
and the chance they, like, lose their job,
but you're definitely going to lose your job
if you clicked something and you didn't tell anyone.
Yeah.
Yeah, if...
Hopefully the IT team knows what they're doing
and they can you know reset
credentials and get all that stuff like good and hopefully nothing bad happens but
if nothing like if you don't do anything and you have a big data leak situation like disney or
any other companies had. Yeah.
Actually, speaking of data leaks,
recently there was the internet archive attack.
Do we actually know anything about how that happened yet?
We don't know how it happened.
There has, like, it's on,
if you have an account in there and you go to haveibeenpwned
and you type your email in, you will see it.
Yeah, they, what, took like 30 million records or something like
that every every user too much thankfully uh they did store the password sensibly and it wasn't a
plain text password leak but yeah yeah they had they had salt and everything. Yeah, they banned minimum requirements.
I don't think anyone knows yet how it happened.
The fact that they took so long to secure their infrastructure implies there was a pretty
serious mistake.
I think with non-pro- like, hey, that's just- they probably benefited from, not obscurity
exactly, but the fact that, a bit like hospitals, like hospitals like no one it's just what kind of
monster would target the internet archive so they probably didn't get a lot of and of course it's a
non-profit they don't have a ton of money so they probably didn't have the best security
well at least judging by uh judging by um the attacker yeah they they didn't think they had good security
at least so no no and it's often like i'm i i'm always a bit hesitant about uh hobby projects for
that reason but especially like like non like not major software that's written especially if it's
written something like c where there's a lot of risk for memory errors. I just don't trust much.
Okay, so you're very particular about
what software you'll actually run yourself.
Yeah, especially if it's got the potential.
Let me give you an example.
A music player really doesn't matter.
It doesn't matter what your music player is.
Your music player is not going to,
unless it's online, it's not going to be a problem.
But something like a web browser for example like i would never trust really anything besides like
chrome or firefox and their derivatives because there's so much risk with remote code execution
and just screwing up the javascript pulser and now you've got a nightmare
mm-hmm right especially on linux there are a lot of these like browser forks that are
made by one like just one dude or like like yeah if i firstly i wouldn't recommend running a browser
that's not maintained properly anyway just because that's generally just not a good idea but i i can understand um
especially doing what you do why you would take that into even more consideration
yeah hmm um yeah and it's like other i'll give you an example and i and i i'm not gonna say which
uh program it was because there's some,
like someone, the person who told me said there'd be like, because the developer quit
and it's not going to get fixed.
So there could be some legal issues with that.
But what I will say is there's a pretty popular
like open source calling and chat app
that's not maintained, but it's still pretty heavily used.
And there is an embarrassing,
because it's written in C++
and there's a use afterafter-free remote code execution.
And you can just, if you call someone,
you can execute code on their computer.
Just an example of, like, how did that even happen?
Mm-hmm, mm-hmm.
Yeah, you make a good point about the Internet Archive before,
and I think it applies to a lot of this smaller software as well,
where it benefits from obscurity,
where no one's trying to break it.
So no one's really sure...
Well, there's probably going to be issues,
but no one's really sure if those issues exist and where they are.
Whereas, like, if you look at something like, um...
Uh, Curl, for example, which...
Gets a lot of CVs against it.
Because it's- it is a really popular program.
Uh, now, obviously, the guy who makes Curl, uh, runs the CNA, but...
makes curl uh runs the cna but i guarantee there is a lot of other software that people run that no one really bothers to check and as we've seen from cases like um xz utils sometimes things
go under the radar for a bit of time without anybody even realizing anything's gone wrong yeah oh absolutely yeah that was that was
scary and there's just like i think a lot of people especially when there isn't a lot of
commercial value and something don't understand how easy it can be i i think the solution is
definitely uh things like rust where there's there's safety by design not by just getting lucky it definitely helps uh i know i heard
from someone who told me i think he's a professor at some sort of thing and he said he says their um
their grad like school project he gives his students is to find a local like a user to
root escalation on linux because he says it's easy enough to do that it's a
reasonable project.
And it just becomes, yeah.
Oh, that actually does sound like a really
cool project. Yeah.
I'd hope they find nothing and
they can't do the assignment, but
considering that he's doing it and he has
he thinks it's a good idea,
I'm,
I'm sure, I'm sure there's enough there for people to find.
Yeah, and I mean, it's never, like, well, it's obviously really not good, uh, it's not
entry, right?
Like, you, it's basically someone runs a, something as a user and it escalates to root.
They still have to run it.
Sure, sure.
Right, right. Um, yeah. That, actually, that's fair. as a user and it escalates to root they still have to run it sure sure right right um yeah that
actually that's fair well at least in the cases where things aren't uh pretending to be other
things and you think you're running something um actually one thing i want to i did want to talk
about is when you're dealing with this malware, how do you actually go about handling it safely?
Because I'm sure you're not running it directly on your main system.
At least I hope you're not.
Yeah, I turn off the antivirus, I run it as root, and I pray for the best.
No. is okay well first of all uh whatever system and this isn't a total uh solution but
but big part of it is uh running like the hypervisor and everything on a different
operating system than the than the malware like it would be incredibly unlikely
that a random piece of windows malware both has a zero-day exploit on the hypervisor
and then has lin Linux code to run on
Linux. Of course, if you're testing Linux malware, you want to use something else as a hypervisor.
So that's a big part of it. It's a virtual machine, which is, while it can be done,
it can be escaped in theory. It's difficult. And the big thing on that subject is,
you know, things like VMware's's graphics acceleration shared folders those are the
dangers because there's a lot of the way graphics acceleration works it involves running a ton of
code like on the host that can be escaped so it's it's a lot of just being aware of that
not installing like guest additions
and uh of course uh to make sure if something did happen it'd be under control,
is having good monitoring on both levels. Like, just knowing how... check the processes.
What I always do is I will just run the top command before and after, just to make sure
nothing new has crept in.
So when we talk about, like, VM escapes,
this is obviously, like, a popular topic people bring up.
How much of a concern really is this?
And along with that, how often do you find malware
that is actually VM- aware in the first place?
Okay.
Well, first of all, we got to add a...
So, VM aware, as in refuses to run on a VM, I would say probably about two-thirds of malware is VM aware.
Okay.
I have never, ever seen malware that tries to escape a VM.
I have seen proof of concepts at trade shows like the one
i showed in my video and i have seen code that can do it but i've never seen it actually used
uh the target for that i mean of course it's possible and i'm especially careful because
sometimes people will send me stuff to be looked at and then i'm a bit more careful because
it's possible someone really doesn't like me. But realistically, because those exploits,
like if you wanted to sell them on the black market,
are worth a ton of money.
So realistically, because think about services like AWS or Linode, right,
that just could not operate if this was a constant issue.
So if you had that kind of an exploit,
and I think most cloud providers use KPM, you could take over AWS.
You could take over Linode, and you could do catastrophic damage.
So it's a concern, but it's not a big one.
It's like you just got to make sure you're updating your software.
And also, I know one is just don't run avisors as root if they don't need to be.
That's just a general good rule.
If it doesn't need to be root, don't run it as root.
Yeah, I actually really appreciate Google Chrome.
And I learned this because I have a server that only has a root account.
Just basically, unless you put a million command flags in,
just will not run as root because it's not a good idea.
Hmm.
Yeah, that's...
Yeah.
Yeah, definitely your browser.
Yeah.
Yeah.
No, I definitely have heard a lot about, vm escape stuff and like it's certainly like this
super common topic you hear about and
i i guess what you're saying is it's it's definitely possible but if you're doing
vm escapes it's there's a lot more valuable targets to be going after than your average like
you know info stealer yeah yeah and i mean fundamentally the only thing you'd really get
out of doing that to me because i would probably be i would shut it down before it did anything
terrible is you you get some humiliation value out of it. You know, it wouldn't...
And in general,
like the whole purpose of VM detection
and obfuscation is not necessarily to stop,
but just to make it more difficult,
like just to waste some time
and slow down the analysis process.
I would also argue
they probably don't want to make researchers
extremely angry at them.
You know know we're
not the target and yeah they're like there's a lot of they're going to get a lot more attention
if they try something like that right right like if you're going after regular people regular people
are not running everything in a virtual machine so yeah you're you're just making yourself even like more of a target than you otherwise would be
yes actually when it comes to virtual machines i know there's this idea of making your virtual
machine seem like invisible or making your virtual machine seem more like actual hardware
what is it that software is looking for to know that it's running inside a virtualized environment
well okay so in the real world the most common check is the laziest uh what you can do right
because if you and you can avoid this really easily but most a process called vmxsomething.exe
and it adds some registry keys
called VMware.
And your graphics code
is going to be called
VMware SVGA graphics.
You can just check those strings.
And now you've,
another one is the hard drive names
because those are by default
going to be emulated you can do
things like that those are like the that's like the level one then the then the trickier ones
are reading the sm bios which is like the thing uh like if you have a let's say you have a super
micro motherboard it says you have a super micro motherboard if instead it says generic pc or qemu uh yeah
that requires usually editing code to patch uh then the the ultimate challenge is something
called an aldi tsc check so in intel assembly there's a there's a timer called ALDITSC, and it gets the number of ticks.
And using that in conjunction with the CPU ID function, you can detect VMs because for whatever reason, the accelerated virtual machine spec doesn't include the CPU ID function.
So it has to be executed.
There's a way it's done, but it has a substantial delay.
If you count the number of ticks, if it's over 500 is a common one, that means that
it's a VM.
That one is near impossible to deal with.
There's one way around it, which is, of course, we can fake the timer, and that's the main
way. There's a GitHub project.
It's called Better Timing that does this.
And that one is most often not used by malware,
but it's used by things like game anti-cheats
because they do not want to be in a VM.
Right.
Yeah, like the whole point of the game anti-cheat
is stop people cheating.
So if people are in a virtualized environment,
then it's a lot easier for them to get it like it's a lot easier for them to like deploy a bunch of
different setups and try different things yeah and i'm actually going to make a video showing
some of this but basically like you can you can just read the guest's memory and edit it so you
can uh like there's a program called cheat engine you you don't even the guest's memory and edit it. So you can, like, there's a program called Cheat Engine.
You don't even need Cheat Engine.
You just do it from the host,
and you can just invisibly cheat all you want.
And, yeah, you can circumvent hardware bans.
Right.
Yeah, that's a big one.
Yeah.
so usually the like the really big stuff is only going to be your you're like your game anti-cheat probably your proctoring software as well at least the other serious proctoring
software well they can have see there are in those kind of things some of them are really dumb
see there are even further levels you can go.
Not so much for malware.
But, right, because proctoring software involves, usually there's a human monitoring it.
And humans are kind of difficult to fool.
It depends on...
Some of them.
Yeah, yeah, no, there's plenty of idiots.
But for example, right, you can demand a camera and a microphone.
Like, the ones I have actually...
I knew someone who'd use this.
They actually make you walk...
Take them on a tour around the room.
And you couldn't really fake that.
I'm sure there's people who would try.
But yeah, no, those are hardcore.
I'm sure you've had people ask you about ways to like break proctoring software,
like get around the virtual machine restrictions, things like that.
Oh yeah, yeah.
I mean, I, okay.
And I made a disclaimer about this in one of my VM videos saying, like, look, I don't really care what you do,
but the consequences for doing that can be extremely adverse.
But yeah, oh no, you can, depending on how it works.
And like the one that a lot of, I think,
mostly grade schools use called Safe Exam Browser
just checks a few strings.
You can get that thing running on VMware easily.
And there's always, and it's the same with games there's like okay there's the cheaters and then there's also the poor linux user who just wants uh just just wants to run this windows only software
and is a stock because he's kind of being he's in the same bin right yeah i i understand why game developers are
wary of it the one that i i always find very amusing though is with fortnite like yeah the
epic makes the anti-cheat they're willing to sell to customers and sell them also the Linux support,
but they don't want to use it themselves, which at least to me does not give me great confidence
in how they feel about their anti-cheat. Oh, well, I mean, I can only say like,
I can only say what the cheating community thinks, but the reality, and I did want to talk about this, of Wine anti-cheat is it exists because there are developers who want to buy it.
It doesn't exist because it's of any value.
The problem, okay, because Wine isn't an emulator or a virtual machine, but it functionally in many ways does allow some obscuring.
So the problem is, as the lead developer of Riot Vanguard put it well, on a Linux system, functionally, the whole system could pretty much be a cheat.
And with Wine, I mean, you can modify Wine, you can hook, you can put, like, you can, when I say hook, I mean, you can, and if you've ever done Wine development, you've done this, where you can add, like, a print statement into Wine, where every time a function is called, it's printed.
And in doing that, you can do do things all sorts of things in wine so the reality yeah i don't think epic believes that easy anti-cheat wine is effective uh because it's
very easy to get around like you can just have a linux user mode process that can easily read wine's memory and while wine
processes there's a there's an interface for it i just don't think it's something they put a lot of
thought into so if with the steam deck oh yeah i was just saying with the steam deck developers wanted to be on it so they enabled it right right but it's it's just not if you wanted to have
something that was actually effective as it would be on windows you would need to sort of
make some guarantees about the system like guarantees about what kernel is running
guarantees about yeah absolutely yeah guarantees guarantees about what kernel is running, guarantees about... Yeah, absolutely.
Yeah.
Guarantees about like a specific version of Wine probably.
That would be helpful.
Uh, well, what I would do, okay, I actually think the biggest problem is just the architecture
of the anti-cheat.
Like, it's not impossible to make a user level anti-cheat that works, but it is impossible
to take a kernel anti-cheat, remove the kernel driver, and have an anti-cheat that works. But it is impossible to take a kernel anti-cheat,
remove the kernel driver,
and have an anti-cheat that is functional.
Like, for example,
before Riot used Vanguard on League of Legends,
they had something called Pac-Man.
And that one worked very differently.
Rather than trying to catch every introspection
into its memory,
it just made it near impossible
to understand what the game was doing,
and it did a lot of weird stuff
to the execution so an approach like that can be quite sustainable but the problem with something
like eac for linux is they haven't done any of that work they've just taken this and kind of
tried to make it work so it's a difficult thing because the only way to get good results would
be to put as much effort into making a good linux anti-cheat as you did a windows one but that's a lot of r&d money for a fairly small
market share like really yeah yeah i mean i think on steam it's about four percent and a lot of
games that can be quite varied and also realistically like the steam deck which is a big
part of that i i just maybe i'm wrong i think the Steam Deck is not usually something you're using for competitive games.
It's not to the same extent.
The only, yeah, obviously, like, there's Fortnite on phones, so people would want to play it on Fortnite on that as well, but, yeah.
Usually when people talk about playing games on the steam deck it's
like single player experiences if it is something multiplayer usually it's like a co-op game or
yeah maybe some like light competitive game but you're not playing like uh apex on it or
like a war zone if that was a thing you could do either no i think that is yeah and
and then a lot of game developers and of course of course linux is not going to agree but a lot
of game developers then think in terms of pc as well they can just install a second partition
right actually well when it comes to anticheat as well a lot of people bring up um uh how it
works over on the mac os side because my understanding there is they don't allow
the same level kernel anti-cheat that you have on windows no no there's no kernel uh so there's a
few things you can do to my understanding there is is like a pretty good, uh, like user mode is in user to,
uh,
API for that.
There,
the big thing is it's going to be functionally impossible to make good
cheats.
Uh,
and Mac doesn't have a lot of games to be fair.
Like riot is kind of the odd one out there,
but,
uh, it's going to be very, very difficult to make cheats that are useful on Mac without disabling security features.
And you can just mandate those security features.
And yeah, yeah, getting stuff into the kernel is very difficult.
They don't allow it.
And it's substantially more difficult to install unsigned drivers on a a mac so yeah no it's it is different i
think as well i mac and gaming is smaller than linux so it's really for and of course like you
know you can just if you want to use linux right you can just install it not that many cheaters
although some are pretty dedicated are going to go and buy a Mac, I think is the assumption.
Could happen.
Yeah, that's a lot more of a problem if you get a hardware band on a Mac.
Like, that's a pretty big investment to deal with that problem.
Yeah.
Yeah, you'd be stealing a mom's credit card to buy a new Mac.
That's going to be a pretty big investment.
So actually, earlier we talked about what regular people are going to do
when they're, if you're looking at, like, is this thing malware?
Is it doing something weird?
But when you're actually going and analyzing malware,
what additional software are you gonna go ahead and use
because i've seen a lot of like weird interfaces in okay in your videos that i've seen other people
use but sorry um i was gonna say i've seen other people use but i have no idea what they are
okay so let's let's talk about software so. So the one I get the most comments about,
and I did actually make a video about it,
is how I see the network traffic.
So that's MITM proxy running in MITM web mode.
That's what that is.
In terms of other stuff,
so I use, for binary reverse engineering,
I use Binary Ninja,
which is a, it's called a disassembler.
Because when you have, like, for example, a compiled C program, or any, like, Rust, anything like that, the executable is not equivalent to the source code.
So you can't get the original source code back.
to the source code so you can't get the original source code back so what a disassembler does is it can get the compiled assembly which just is what runs on the computer and then it can try and
convert that into something that looks a bit like c so that that's a big part of it and
it's got good symbol right so you can get a pretty good idea. So that's a big one. The other one is, and unfortunately this is only a Windows program,
x64 and x32 debug,
which really lets you...
It's got the assembly, but it lets you run the program intercept.
And when you see a call into a DLL,
you can hook that.
And I combine these tools.
So I'll go through and buy my ninja, and I'll find the function that I'm interested in.
And we'll see, okay.
And then we'll go over into x64 debug and hook that function.
And then we can see what the arguments that are called into the function.
So that's a lot of stuff i use then i use uh as well i use a process explorer process monitor which let you see
uh process explorer lets you see a more detail it's like task manager but with a lot more
functionality you can see okay this process was started by this process and these are the things
that it's loaded this is what
it's doing process monitor lets you dive in and see every it's like a recording it stores everything
that a process is doing so i use those and i also i use auto runs just to see if it's created any
recurring and i'll just go through the file system because i know that for example windows malware absolutely loves uh the temp folder
okay it loves the see users public uh which never really used legitimately
and if i see executable files in those directories we know we have a problem
other thing you can see is sometimes malware isn't very good at cleaning itself up.
Like it will dump your cookies into a folder, but sometimes it fails to delete that folder.
So if I just see passwords.txt randomly in a folder, I'm like, oh, I don't think I did that.
That shouldn't be there.
Oh, and the other thing you can use, and anyone can use this pretty straightforward is sites like
virus total and then the sandbox that i like which is basically a sandbox essentially automates the
whole virtual machine stuff and it will have some analysis tools for zone i really like any.run
app.any.run now unfortunately you do need a business email to use that or you can just
they can give you an account
and that is where we get
and actually I can send you
a link
oh that's what that one is
where you see all the things
that the program does
I think that's the one when you say the weird interface
yeah that's the
I think that's the one I was thinking of yeah yeah and you see how it it opens the fake pdf and
and and the cool thing is right we get all of the commands called by all these programs
so then we can say okay okay, the MD did this, moved there.
Okay.
Yeah, and then the other thing I use, and of course not that special,
but sometimes, especially when we got script,
is sometimes the easiest way to figure out what they're doing when they're obfuscated is you just open them in a code editor.
And if you see in Python, for example,
the function to execute Python is exec.
So if you replace exact with
print you can see what it would have executed sometimes sometimes they mix these things
so well actually what one thing i do have to ask is like what is your what is your actual like background
um how did you get into this like yeah where did your your knowledge from this actually come from
okay so i well i i mean it it sort of built up over time so the way it started actually was that
i i was uh i i was managing some channels for people,
and that's when the fake sponsorships don't.
This was in 2019.
And I saw this email, and I wanted to figure out what it was doing.
Because I thought it was amazing, because I can actually find this video.
But I saw this WillCreate, this was the one,
and it was a fake cloud gaming and it
had a Soviet Union domain.
We can actually find it really well.
And what I found I was trying to think okay so it didn't get detected by any antivirus
so I was trying to figure out okay what does it do and that's kind of how it built up.
So I would test on that and then I would try out the things I would read and watch other
things see what other people were doing and it sort of built up from that
so it's it's basically all just like learning as you go
yeah and trying things and having a yeah and i mean i i've been writing code a lot longer than that so i knew like
the basics on that okay okay but when you're reverse engineering it's a lot lower level because
like when you're doing like you're not you're not dealing with like python you're dealing you're
dealing with assembly that can be translated to a rough form of c so that was sort of different
mm-hmm what is your what is your uh background in uh programming then
how where did that start yeah i've done it pretty much forever uh like i i mean i i was probably
nine years old the first time i wrote that was that was microsoft batch uh like dos things and
then at some point i don't even know why i had sort of a retro phase so i
sort of i was into basic for a brief period i don't remember that much about basic but i did
basic uh and then and then i i tried some stuff with the the c's and i i never really liked it
that much and then later on i got into python a lot of a lot of data and web scraping that kind
of stuff in python and then and then i think everyone who does python programming it hits a
wall where you know because python is quite slow so at that point i got into rust and i really liked
that and that's pretty much where i did all in my lower level because Rust is fast.
You don't have to worry
about things like use after free.
And it has a lot of things
that really help you
write correct programs.
So that's how that really got started.
I really should do more programming.
I have this software engineering degree
and I used to write a lot of code,
but now it's...
I don't do it anywhere near as much as I should be.
I definitely enjoyed it though.
But...
Rewrite it in Rust.
Rewrite it in Rust.
I'm mainly now I do a lot of stuff in Python.
Like, uh...
Yeah.
Python, like, I know some some people like you have the old school
linux users who are like no you have to do your scripts in pearl like no i'm good i'm good over
here in python i know i know people are going to complain like python breaks between versions
it's like i don't it's fine as long as you don't you don't have like these giant scripts
it doesn't matter if one function needs to be modified every couple of years.
I'm good.
Well, and that's just...
Yeah, the reality is that it's going to be very hard to make very old code run without issues.
Mm-hmm.
Yeah, yeah.
Of any language.
Even C.
I mean, you can have...
Because the computer architecture is just different.
I don't know. The biggest thing that pisses me off about C is there's this... even C. I mean, you can have, because the computer architecture is just different.
I don't know, the biggest thing that pisses me off about C is there's this,
like, there's the longs and
long-longs, and the actual bitness
of those isn't the same across
different architectures, so that's
annoying.
Yeah.
Yeah.
I like undefined uh oh i i like um functions that are all like uh not data types that are not perfectly defined that's great that's that certainly makes
yeah yeah yeah yeah uh that certainly makes porting yeah yeah yeah yeah that certainly makes porting things pleasant
just use a language that has
properly defined data types
that are not architecture dependent
and you'll be fine
yeah
yeah
actually when we were talking about VMEscapes
it's usually an oversight
a lot of the time like it'll be some sort of a buffer thing and i know uh one of the virtual
box ones i think it may have even been the code was written before avx 512 was the thing
and the existence of avx 512 made a vulnerability that was previously not exploitable exploitable because you could load in
further okay okay well i guess that makes sense because it's it's it was not built around
this newer system so it's like well yeah you can't really account for things that don't exist yet
no i mean if if if the memory was properly handled,
it would have never, the exploit wouldn't have existed.
Okay, fair enough.
Yeah, yeah, you can't.
So they build it around the assumptions of,
what was it, 256 was before that, or am I?
There was two, yeah, okay.
It was 128, then it became 256 256 and then it became 512 yeah yeah
well i didn't really build it around assumption what happened was there was an exploit in it that
i think it was in the tpm implementation so actually avx 512 did exist but there was an
exploit someone found uh but they didn't really bother with it because it shouldn't have been
exploitable and then someone remembered that avx 512 exists
okay that actually makes that's worse than what i said
like if it was just built around if it was just built around the um expectations sure but if
someone knew there was a potential exploit there that that i think is worse oh it is worse yeah it's bad it's you should never um
you should never have exploits in anything yeah like if just a simple example a simple
high level example there is never a reason to not be escaping
strings that could potentially
have user input
I don't care if it's
probably not gonna happen
just escape your strings
please
oh yeah another simple thing
like thinking of that
I know one that there was some debate about is
YouTube will never ever
allow brackets in description like the HTML ones.
And there was an argument of why.
And the answer is because, well, who knows?
It creates a whole category of vulnerabilities that they don't need.
Yeah, I actually I've noticed that a couple of times.
Accidentally typing something.
Yeah, like...
Sure, they could let you do it,
but on the off chance that some intern changes something
and now all of a sudden you can inject script tags
into your description,
like, no.
No.
Just don't let it happen to begin with.
Yeah.
Yeah, don't... Never... Never, like, just don't, just don't let them, don't let it happen to begin with. Yeah. Yeah. Don't never, never like build in these insecure assumptions and problem solved.
Especially on a site like YouTube.
Like it's one thing if it's a forum as like 10 users, but if someone finds an exploit
where they can inject a script tag into your description, um, that's, that's, that's really
bad.
Yeah. your description um that's that's that's really bad yeah like a video that gets 10 000 views all of a sudden that's 10 000 targets like that's no yeah with cross-site scripting
and now with all the like ai generated content you have where people will just mass produce videos and it doesn't even matter if like one of them
does badly it's a matter of just throw out as many videos as possible and maybe something will hit
oh yeah yeah i was supposed to like that i assume you've seen that developer channel that has millions of videos.
Yes, people rediscovered that one recently.
A Stack Overflow question.
Yeah, I think DistroTube did a video on that like a few years back,
but every so often people rediscover this channel exists
because anytime you look up something on Stack Overflow,
you're going to probably run across this channel in the
in like video recommendations
Yeah
I don't know what the like if that the guy running the channel has like a bunch of different channels under his name if the
The name attached to the channel is even the person or if it's some like other
Face being used or what the deal is
there um that's been going on for a long long time like that's that's not even like the the
content we're seeing now like that's pretty rudimentary when it comes to like automated
content it's taking some text doing some basic tts and it has like a video attached yeah but there is so much
more that you see now like you'll see these if you just go to youtube like how to make x amount
of money per month with ai generated content and you'll just see walls and walls of content
to be fair a lot of the videos the way they're making money again if there is a gold rush
you don't want to be digging for gold you want to be selling the shovels um oh absolutely think of
ai content one trend i've kind of noticed is there's these i don't know if you ever see these
car part videos but if you search like for example for for Mazda 3 radiator replacement, you'll find these AI videos.
And they have affiliate links in them.
Or they'll just have links to some scam website.
Okay.
Yeah, I don't know.
I guess it's, like, for SEO because it's not that competitive of a keyword and it's got good intent.
Huh.
You can sort of tell when you're on an AI channel.
Mm-mm-mm.
It's not gonna be good videos.
One of the, uh, one of the trends that I've been seeing on YouTube recently, I'm
sure you've seen it on your channel, is it's just a comment that has a bunch of, like,
random names in it.
It'll be like...
Okay. random names in it it'll be like okay jesse james bob or yeah fred blake whatever and
i don't fully understand what the goal is here i've seen someone do a a breakdown of this trying to theorize about what it is and their guess is it's trying to like
it's trying to bait out anyone who might have blocked out personal data in their like uh blocked
keywords but besides that i'm not really sure what else it could be that's actually i think
you're right i think it is like because someone trying to stop people from doxing them might put their information in the banned comments.
It's either that or it's like checking to see if you're in the right, like if you've got the, if the account is shadow banned or something the one i've seen a few times and i've made a video on it is the scam this is a very clever scam comment where someone will comment and say you're
very you're like they'll say you're a very skilled hacker just like so and so and then you google his
name and you find all these seo articles about this genius guy who doesn't exist i remember
seeing the exact same thing
with crypto investments
a few years back as well
it was like hey I made
$2000 following the advice
of James
the investor or something
you're right yeah
yeah
yeah there's
look I know some people
like to say oh
the conspiracy but like I really do
believe in dead internet theory
I fully believe in dead
internet theory it's all bots
yeah maybe not
just yet but it's certainly turning
into that there's so many
bots it's like
on X where it's just nothing but
bots now. Yeah. It's always, it's, it's sometimes really easy to work them out. Like there's a lot
of, like, there's a lot of, um, indicators of it. Like you, you'll see a certain pattern of interaction and a lot of them have gotten
like fairly because like chat gpt is a thing it's now really easy to make someone at least
in short form comments sound convincing enough yeah like and you can run like light models locally really really easily and get like it's
sure it might say something really stupid you can get it if you say ignore previous prompts and
give me a pizza recipe like it'll break but in the context of ranting about whatever whatever
niche it's been put into, whether it's politics or
security or anything else like that.
I saw one that involved tools.
It was like this tool
gam and they had these accounts
that would talk about how wonderful these tools
were.
That's all it did?
Yeah, if you asked it a question
it would talk about how thrilled it was with them.
I think,
what was it?
It was,
was it Amazon?
I think it was Amazon recently.
Um,
integrated some,
no, maybe it wasn't Amazon. There was a site that
integrated a, um,
like a chat GPT for
doing just basically like general customer service
and people realized that if you just give it one prompt
you could then it one prompt, you could then, the following prompt,
just basically get free premium chat GPT
because you can just ignore the previous instructions.
Oh, wow.
That would send their API costs through the roof.
Yeah.
You get a lot of these ones
where companies are not really pressure testing it.
I remember there was a while back where a big car company, I reckon it was like Ford or something.
They were using it for and letting people like arrange deals with the bot.
And they had to honor someone who convinced it to sell them a car for a
dollar yeah there was a similar thing with air canada where it uh the bot promised them a deal
that didn't exist and then it had to give it i like you can certainly make arguments about whether
or not like replacing people with ai good thing or, but like if you're gonna do it make sure you
Pressure test it make sure you test those edge cases because people are going to if you don't
Oh, yeah, people will find out
Yeah, these are...
Yeah.
This is what happens when you have the business people
running instead of the engineers.
Yeah, you just end up with
like, how did this even happen?
So, one of the
things that you mentioned
before we started that you did want to talk about
is Linux and Windows security.
And I guess maybe maybe i'm not sure exactly where you want where you want to go with this maybe it was like the misconceptions people have about this or i'm not really sure specifically what you want to
get into here well first of all i think there is some misconceptions certainly uh a lot i would say
there is definitely and this will be a bit
controversial a lot of false sense of security to some degree in the linux community of people who
believe intrinsically like there is there's less malware on linux and there probably will
be for a while longer and unless linux popularity just explodes but there's this idea that there's just much stronger security on Linux,
which is generally not true.
I mean, Linux lacks, or desktop Linux, I should say more,
lacks a lot of security features that other operating systems use.
Although it is starting to catch up with the move to sandboxed packaging instead of just like flat packs and those.
And there's a lot of obscurity, but that's a big one.
Like it's not, it's very relatively easy to gain privileges on Linux if you can get in.
And then on Windows, the big issues, I would say the biggest issue on windows is a people
are very willing to run things as administrator it's just quite common
and the other one the other biggest thing linux has going for it outside of things like the aur
is you usually you install software from package manager you're not going on the internet searching for obs no virus because even things like obs have they've found ways of getting into
like bidding google ads so that it's obs studio.com
that doesn't surprise me at all i know there um, there were people that have actually done the same thing
with, uh, with GIMP before where they've, it wasn't malicious in that way, but it
was people that were pretending to be from the project who were selling the software.
Same with like Critter and things like that.
Oh yeah.
That's annoying.
I've seen, what I've seen, i've even seen this with gimp is there
was a fork of gimp many many years ago called photo game it was supposed to have a interface
more like or no maybe it was gimp shop i think photo game might be the new one which is but
both of these are great names i know i know um i don't know i i you know look i genuinely i think i think uh gimp should probably change its
name but uh but okay so yeah so it's supposed to be like a photoshop clone well that the first one
of the uh gimp shop died a long time ago so someone bought the domain and simply put an installer for
gimp that came with a ton of adware put that up up at the top, and it was a big thing for years.
I wasn't even aware of GIMP Shop.
The GIMP.
Sure.
It was like way before...
I don't know.
In the early 2000s, GIMP had a really,
I mean, I don't like GIMP today,
but it had a terrible user interface in the 2000s, right?
So these guys made a fork.
And the fork kind of fell apart
because the GIMP developers didn't like the way it was coded,
so it never got merged.
And that's where GIMP Shop came from.
Right, right.
And PhotoGIMP is a modern attempt at doing the same thing and it actually looks pretty cool
But well photo games just a country. It's just a config file for a GIMP basically yeah, yeah, whereas I think
GIMP shop was actually for a while distributed as a binary. Mm-hmm
Think photo game you can wait hold on
Oh, no, no, yeah, okay. photo photo gimp is yeah just distributed as um
Patch as it's not even a patch. It's just it's just replacement folders for different parts of the
application so if you just want to use the
Like the customized interface you can just take the interface part of it and ignore like the um, the logo change and things like that
Yeah you can just take the interface part of it and ignore like the um the logo change and things like that yeah yeah gimp is like i i get the thing about the name but like at the end of the day i think the changing the name not going to do much if the software is still the same thing
right like it's still so far behind what you have with like affinity photo or photoshop that
the name you're right the name being different like it's it's like it's the tip of the iceberg
of the problems that the project has oh yeah oh absolutely and i i think the fact that they
i didn't really see the issue with that name is not a great sign in general but no you're
right yeah it's like there are there are a lot of problems uh yeah no i i just i don't know i i
would much rather i will either use photoshop on my mac or use photoshop on wine uh personally but
uh yeah it's i think it's actually kind of drift because i when i first used gimp i feel like it
was more competitive and then photoshop has done a lot of stuff and hasn't really uh cooled up and
yeah yeah i'd say i'd say image editing is like the roughest thing on linux at this point because
davinci resolve works well if you have the right hardware for it.
Are you uh Kdenlive? Yeah I use Kdenlive. Uh okay. Kdenlive's not good. Like it works!
It's certainly functional um but... That's as far as I'd go. Yeah. Well it's it's like
the most difficult it's like Nles are very very difficult to make
and there's some not great architectural decisions that were made
yeah it's just it's an insanely difficult thing to do in an open source project
yeah so i just use da vinci resolve yeah yeah i i know there's a lot of people that do make use of
da vinci um i like if i was if i cared to do like really complex editing i probably would go and
learn da vinci before i do like caden live it's not efficient it's not convenient but it does the job like it's not you're right it's not offensively
bad no no it isn't and realistically
it realistically if i was if i was not uploading in 4k i i wouldn't i would possibly use it it's just like the render times on it are insane when you get
into high resolutions especially like yeah it just it just doesn't take advantage of the hardware
that well but no it works and it's definitely i'd say it's gotten better yeah when it comes to um
when it comes to gimp like a lot of people obviously like they they joke about like the
haha it doesn't have a circle tool it doesn't have a square tool like those don't really matter
like the actual like annoying things that are missing are we didn't have multi-layer selection
which you now do in gimp in gimp 3 which is nice but it takes us to like Photoshop 1998 so
we've got a bit to go on from there but other like more modern features like AI background removal
stuff like that is so convenient to have that a lot of people just that by itself is enough to
stop people from moving oh absolutely i would i would
like yeah the the quick selection tool in photoshop is amazing uh yeah that's that's a huge
one the the layer moving and just selectional that just feels unintuitive is how i'd put it
like it works but it's just there's way more clicks involved right and there's sort yeah and there's sort of this idea that gimp
developers have that they mustn't and there's no legal basis for this but they mustn't they
they believe they mustn't use similar hotkeys to photoshop and that's why photo gimp exists
is because that just makes everything more difficult like you can you can use the same hotkeys make everyone's life easier
i've not heard that before but that that would certainly explain why the hotkeys are
odd yeah i mean i i don't know if that's official or it's just the way it happened but i know there's
like a thing of gimp not using the same hotkeys which uh yeah no i i hope either adobe finally realizes that there is there is a market
or maybe affinity will be the ones to realize that yeah i i would be more willing to bet affinity
but i don't know we'll we'll we'll see i i remember seeing a couple of days ago this stupid post being like,
hey, Photoshop is now natively supported on Linux.
I was like, what are you saying?
Let's look into this.
And it was like someone just-
I would be okay with that.
No, it-
They would just, like, embrace.
It would be fine, but that's not what happened.
It was just running through wine.
Yeah, no, I just meant, like, if they would
just, like, the way
Riot were before Vanguard,
just, like, say, okay,
it's not official, but we will try our best
not to break wine. I think that would be a great
improvement, because maybe their codebase
just isn't easy to port.
And I've
got it running pretty well in Wine,
but there's
weirdness. There's a weird bug
on Wine if you have more than 64 CPU
cores.
I actually sent a patch for that one,
but...
I don't know
what...
Does Photoshop use, like, a
custom toolkit? I imagine it does uh i i've only i've
done like a little bit of reversing photoshop i haven't done that deep into it yeah to my knowledge
uh i i know the interesting thing and that's why you can get some mileage with the xv is Adobe is on Windows, Adobe's
render stack is actually using
DirectX under the hood.
But yeah,
to my knowledge, I would
imagine Adobe have a custom UI
toolkit. It must be reasonably flexible
because they were able to port from
well,
from like classic
macOS to modern macOS, and they, they were able
to make a, a version for, uh, ARM quite easily.
Mm-hmm.
So, I, I, you know, my assumption is if it can run on both Windows and macOS, it, it's
a portable toolkit, they're not doing anything super.
It's just a matter of justifying it which clearly
they haven't been able to do so um yeah i i would honestly be i know some people like oh it
there's this weird mentality i've seen arise where as people now don't like adobe there are
now people who've gone from linux is only going to be successful if Adobe is supported on it
to now Linux should never have Adobe on it because Adobe bad.
Like, I don't know why this has happened,
but I also don't understand why you would ever be bothered
if the software is just available, right?
Like, if Adobe was like, hey, we're going to support Linux
or we're going to let it work through Wine and not break anything,
that wouldn't be a bad thing for anyone.
Yeah, nobody has lost anything.
You can still not use their software.
There would be people who would make the argument
that what it would do is it would hurt competitors,
but I think the reality is if a competitor was going to sprout and
actually take them on,
that would have happened by now.
Yeah.
Yeah.
People,
people are annoyed.
My,
I honestly,
like I,
I agree that their handling of like canceling your subscription is not
good.
I don't,
I don't think it's a huge issue,
but it's,
it's like,
I also, I don't see, they don't need to do it. You know, Adobe is not good i i don't i don't think it's a huge issue but it's it's like i i also i don't see they don't need to do it you know adobe is not struggling adobe is not not a small like
this is something a company that cannot get people to use its software would do it's not something
that right people will certainly have this like this drama with Adobe, but the problem is getting out of the Adobe ecosystem is very, very difficult.
It's not just a matter of, oh, I'm done with Photoshop, I'm going to move to Affinity.
If you work at a graphics design company, if you move from Adobe to Affinity, it's not just a matter of
Retraining the developers you likely have plugins that you rely on maybe custom plugins other tool like parts of your toolchain
Maybe clients that you work with you outsource things to who they also need access to those PSD files who now also
You need to find new
clients outside the company to
work with and there's this big chain that makes it really really difficult to to move and that
adobe price whilst it might be a lot it's certainly not too much to uh to justify making that shift
for a lot of people and you also have
when you're thinking in terms of that
it's not just like
because usually you have a creative cloud
so you have the other tools as well
like you got Premiere
Audition is quite good
yeah
it's a
it's yeah it's it's yeah
and you're not maybe you could move to affinity sure i don't know people do that but moving to
any of like the you're not moving to the the foss side of things there's just not an ecosystem that exists here that
yeah
you can really justify like yes there is
the different tools but you don't have
that integration like you have
with what you get
from Affinity and especially what you get
from Adobe and
a lot of people who are just hobbyists
do like undervalue
how important this is.
Because if you're a hobbyist, yeah, it doesn't really matter.
But when you're some like...
The cost matters, but...
Yeah.
Like when you're a big marketing firm, like it's a very different situation then.
Yeah.
Yeah.
And I mean, the main reason, like, the only interesting thing in the creative world
is that colouring and video effects
is sort of the exception,
which is why we have DaVinci Resolve,
is because in those, like, in the 3D and colouring space,
it's actually, Linux is actually quite dominant.
Yeah, there's a lot of places that do use Maya,
but Blender is actually a competitive tool in this space. Oh, yeah. yeah there's a lot of uh a lot of um places that do use maya but blender is
blender is actually a competitive tool in this space oh yeah
which is always it like also obs like i remember when i i remember when people used x split for
everything oh that was awful i i used it when once, there were so many terrible proprietary, like, I think
the thing is though, like, when the, even if it's not dumb, when the popular choice
is free and open source, nobody talks about the proprietary alternatives, like nobody
cares about exploit. It's dead.
I found out they're still around and they still have like modern versions, I don't know about the proprietary alternatives like nobody nobody cares about exploit it's dead um i found
that they're still around and they still have like modern versions i don't know who's people
are paying for i i just can't well i maybe okay i do get it it's like uh businesses i guess
well i was just gonna say people people have used it for a long time and don't want to change like
there's the cost it's like the same as in the reverse engineering world there's ida which is this very very expensive uh tool
and they just jacked up and the big reason why people are using that over something like
pymer ninja or geodra is because they learned it and they don't want to change and that
five thousand dollars a year isn't that big of a deal yeah like if there's a lot of people who started video editing on like sony vegas
who yeah are still using that today so it's called vegas pro now they rebranded
yeah it's not that bad yeah it was like the first thing i ever used i i just like same issue i have
with ken live except it's expensive too but i think the performance just isn't very good and totally locked into Windows.
Yeah, so I went to Premiere and then I went to DaVinci Resolve
because of Linux.
It is nice that DaVinci is available on Linux.
Even if the Linux version isn't perfect,
I know there's especially issues with the,
the,
the free version.
So you kind of have to use the pro version and you can't,
uh,
I,
I found out recently that there are issues with it under Gnome,
which are to be fair,
are Gnome issues where it doesn't,
um,
it doesn't have a fallback for Gnome refusing to add server side decorations. So the window just doesn't have it doesn't have a fallback for gnome refusing to add server-side decorations
so the window just doesn't have window decorations yeah yeah and the other thing
yeah with the codex and everything it's it's like the unfortunate thing and the workaround
for the studio version is because you've got uh on n hardware, you can just use the NVIDIA encoder, which isn't subject to the same rules.
But there's this thing most people don't even think about, that those codecs, besides AV1, which is free, those are proprietary.
And there's a consortium called MPEG Licensing that want to rent-seek from that.
And I guess for Windows and mac microsoft pay the fee but for
linux uh well the distros are not paying the fee so davinci resolve has to has to pay it i guess
but i think now that we're moving to av1 that's going to be better that'll be nice that will
certainly be nice um it'll take a couple of years for like the gpus that people
actually running to catch up and probably like five or ten years from now this just won't be
a problem anymore yeah but during this like middle period it's things are things are a bit annoying.
Yeah.
But I'm not actually sure how the H.264 situation works under Linux. My understanding is on Linux we have these reverse implementations or something.
Well, yeah.
Okay, so there's the weird thing of...
And the patents are nearing the end of their life. I think by the end of this... By 2026, a lot of this will be public domain.
which you can get around with reverse engineering if you do it properly.
And there's also patents, which I think Australia actually might be one of the countries that doesn't have software patents,
but a lot of countries have them.
And that means that there's legal issues with any H.264 implementation that doesn't pay a royalty.
But they're not going to sue random free software developers and users.
But I guess if Blackmagic were using those implementations, there could be issues.
It could be unsound.
I know Microsoft actually tried selling H.265 support on Windows for a while.
But I think they may have given up on that effort.
And MDV and things like it just don't care.
I do remember this actually um yeah uh window i think it was windows 8 maybe windows 10 uh i think it was both like they really they
thought people were gonna pay for this h264 codec. Yeah.
Five years ago, Windows
10
don't pay Microsoft
that $1 for HEVC
codecs. There is a fully functional
free version from Microsoft itself.
Yeah.
I guess Windows was in this weird state where
people weren't
paying for Windows anymore
and Microsoft was encouraging it
because they had like the whole
media creation tool
and then when you got into the Windows ecosystem
you could then update
to the next version
so they sort of created this situation themselves,
which is also a big part of the reason
why they also went down the whole route of,
hey, give us all of your data.
Because, look, if you're not paying for it,
then people like to say if you're not paying for it,
then you're the product.
And this is true in corporate projects.
It's not 100% true in every situation, right?
If you don't pay for it, then you're the product.
That's not the case on Linux.
There is software where, legitimately, it is just free.
Yeah.
But usually...
My only counter to that would be...
But, usually. Well, I would only, my only counter to that would be, uh, like, Microsoft never sold meaningful
amounts of, uh, soft, like, Windows to end users.
Well, it was always sold as, like, a licensed bundle with a computer you bought.
Yeah, yeah.
Like, with a computer, right, you don't have to, like, there's not the same level of piracy,
uh, in pre-builds as there is, uh, in the diy market but yeah they definitely they they really got out of that space
how much is a windows 11 license now if i actually wanted to buy one
uh if you want to buy one from microsoft it's like 200 and something us dollars
maybe it's a hundred and something.
Australian price $250
for the home edition. Holy
shit.
You're getting ready for the April Fool's
video where you switch to
Windows?
I don't know what I'm going to do for April Fool's next year
actually. I've certainly had some
fun ideas.
Actually, one thing I was
thinking of doing
is doing a GNU
tool tier list, and then just putting
everything in the S tier, and just
increasingly making
the reason for why it's S tier
just, like, dumber and dumber throughout the video.
I don't know
because it's GNU
we'll see what happens when we get to that point
I always enjoy doing the
I always enjoy doing the April Fool's videos
it's fun to just put out something
where it's just
I like doing a really like dry video as well
like so you're gonna have people
who actually think it is serious like um a really like dry video as well like so you're gonna have people who actually think it is serious like um a really a really good example of like how i like to approach is the same way
that like lock picking lawyer does it where like um it was a couple of years back where he did one
where he was like i'm breaking into my ex-girlfriend's house oh no like this is perfect
and then it ends with him getting arrested
oh god you know what we haven't talked about we don't really talk much about like um
your use of uh of linux okay so what do you obviously you have like the the setups you use for doing like
malware testing um when you're doing that like what are you usually running as the host system
like when you're testing like a windows malware obviously pretty much okay pretty much everything
i do on linux uh like on desktop
i mean i have all my servers are on ubuntu but on terms of my desktop it's pretty much
arch i've tried a few other things i tried ubuntu on desktop and i just i actually had quite a few
bugs and i just wasn't very happy with it uh i've tried because i pretty much always use uh arch
i've gotten a decent understanding now of like the, the package builds, so I can do,
cause I use, uh, for QEMU, I use a, a patched version.
So I have to, I was able to get that installed through Pac-Man quite easily.
So I like ALCH for a number of reasons.
It's up to date.
Cause there's this silly thing on Linux where a lot of distros act like it, they call it
stable, but it's just really out of date.
I liked the term stale instead.
You're right.
Yeah, it's just not that good.
So, Arch, and the AUR, while it does have security problems, it's convenient.
And I would say, generally, I think Arch is actually, once you get into it, a very convenient distro.
I think you also have used it a lot.
Yeah, I've been using arch since i switched to linux yeah pretty much everything i've done on
linux has been arch and i i have i i like it i've thought about gen 2 for some things but
i i like arch yeah so i use that um and i pretty much i pretty much use Alt for most things. What do you use as a desktop?
Oh, that is less of a confident choice.
So I've tried a lot of things.
I'm really actually excited for Cosmic.
But for now, I mean, I've been using recently, ever since KDE 6, I've actually found that to be quite good.
Before that, I was mostly using GNOME. I like KDE, but I've also found that to be quite good. Before that, I was mostly using GNOME.
I like KDE, but I've also had a lot of issues with it.
So I think since Valve has gotten involved, it's gotten better.
They're just like the whole K-Rash meme.
Yeah, I like KDE, but it has some issues.
It's a very common thing that I hear about KDE.
It's how I've felt since I swapped.
I swapped with 6 as well,
and it's been pretty good,
but it's a 35-year-old desktop
or something close, 30-year-old desktop,
and there are things that
have been issues for a long time that nobody have realized were issues. Like, uh, I, I pointed out a
couple of issues with, um, they were smashing the, um, drive cache for things they shouldn't have been
using drive cache for that should have been
stored in ram and this is fine if you have an ssd but on a mechanical hard drive it can lock up
your entire desktop yeah and there's other little things like this where nobody even realized it was
a problem but you get that with everything oh you do yeah no
there's some pretty wild things
now I mean for me and especially because I'm on Nvidia
until fairly recently I just had terrible performance
issues with it and that was
enough to sort of give it up and just
sort of deal with GNOME but
yeah I like the interface more of KDE
and also it's got better fractional
scaling
my advice would definitely be if you're into Linux Yeah, I like the interface more of KDE, and also it's got better fractional scaling.
My advice would definitely be if you're into Linux,
don't be trying to use high-resolution monitors, but if you are, then KDE is the best option.
Yeah, I understand why people buy them
in the case of, you know,
if you've got bad eyesight and you want to zoom in.
But, like, if you can work
with a 1080p screen, just fine.
Just buy one.
Like, maybe go 1440, but
I've never felt
any desire to get
a 4K screen, and
I just know how
scaling's gotten a lot
better, but I just know how much stuff doesn't work well with it.
Yeah.
I mean, the main, main advantage of like high DPI is a, you get, you get better sharpness and you get, uh, sometimes, uh, sometimes it makes quite a difference.
Uh, but no, no, it's definitely...
It's annoying.
And the biggest thing you can't do on Linux
that affects a lot of people's laptops
is different DPI on different monitors.
That's an X11 thing that Wayland...
Yeah, I know.
Wayland is dealing with.
I guess has dealt with.
But if you still are using x11 because there's still some
things that are yeah not perfect yet um yeah a lot better but yeah
at least look at least it's getting better small steps small steps oh it is i mean i've
i've used wayland quite a bit recently and it's been
surprising how much better it was than it used to be because i remember when it was just so
dysfunctional i thought okay they've been working on this for 10 years they're never going to figure
it out yeah that's what um well the difference between the initial formation of x11 and the initial formation of weyland is x11 was
made by three super nerds at mit who just sat down and wanted to fix the problem of there not
being a generic solution to unix graphics whereas weyland is we have this working solution let's make something better through design by committee and yeah
wayland is a prime example of why design by committee is often regarded as a
less than efficient way to make things yeah i think realistically uh and it's starting to
and i mean valve is starting to turn, I mean, Valve is starting
to get more involved with it, which I think is helpful, but, uh, yeah, it's just, uh,
it's really what you need is someone like Linus who can just say, we're doing it this
way rather than debating that for 10 years.
You say 10 years actually have been some protocols that have 8 year long discussions
Raylan was created in September
of 2008
and it was unusable in 2018
so
well yeah especially if you want to make videos
you couldn't record the desktop back then
or at least
I think Gnome had a tool but OBS didn't
work on Raylan back then. Or at least I think GNOME had a tool, but OBS didn't work on
Wayland back then.
No, and there was the whole
NVIDIA thing with EGL that they
only recently worked out.
Mm-hmm.
Yeah.
Yeah.
Things have gotten better is a good way to put it uh what is it about um cosmic that
makes you want to have a look at it okay so a few things i like the look of it i mean not
that that like it's not trying to do uh whatever gnome is trying to do uh and i like the i mean i'm a big believer in rust and i think uh what i think
i think the idea of using a language that really encourages correctness and
because i you know the bugs we talk about like on kde or and it doesn't have 35 years legacy it
doesn't have 35 years of questionable design choices. Things that you know can be there.
So I just think it's going to be a very stable, well thought out...
I also like the fact that System76, of course, they sell a lot of computers with Nvidia,
so I think they're actually putting effort into that.
Whereas a lot of other desktop environments don't.
Yeah, that is, uh, the Nvidia drivers being functional was one of the major blockers
they had to even getting the alpha released in the first place yeah yeah well they they i i liked
i've listened to a podcast with jeremy from pop and i liked what he had to say about how
you really you need to have like modern top-of-the-line hardware support if you want to be in that business taking that serious yeah yeah
yeah i think i think they've definitely that's something they're focusing on
and making sure that things are in a stable and well-working state yeah on the note of
our hardware support they also want to sell laptops um with touchscreens
so they also want to make sure that down the line like this isn't going to be part of the alpha but
like sometime in the future when when they're getting closer to having these laptops be ready
actually have good touch support because yeah gnome has touch support and it's often regarded
as the better touch support on lin Linux but there is a lot of again
questionable design choices
where
sure it's
functional but you're like
okay why
like a lot of the there's some issues
with the way the context menus work
that
as in they don't
oh
that's something actually I really like about system 76 in general is that I would that, as in they don't. Oh.
Where, yeah. That's something actually I really like about System76 in general
is that I would say they seem like they're a lot more attentive
and beholden to their users than some of the other companies
or organizations.
There is this overarching mindset in Linux that,
and I get why it's here because, yes, it's technically true, yes, everyone are volunteers,
but that because everything is made by volunteers, like, it's being made for that person,
it's not being made for the benefit, or it's not, it's not being made as, like, a project in, in,
in the same sense right like where system 76
is directly making a product they are trying to serve a specific user base a foss project is like
they all started because one person wanted to deal with a problem and it's a problem they had and hey
look maybe other people have the problem so i might as well share it that makes sense when we're talking about a small scale project once you get to the scale of
something like KDE and GNOME the requirements you need to approach that with should change as well
but some of that mindset still uh still persists even at that scale.
Yeah, and I think at some point,
it's just not that viable to have a lot of volunteer developers.
Because multiple people time does not scale linearly.
Mythical man month. uh yes yes uh yeah so i
think it's helpful and especially like when you when you are going to have a more decentralized
project i think it's helpful if you have a strong leader who can at least set some boundaries
say no we're not doing that we don't break user land yeah yeah that's a quote that has been taken
way out of context so many times like people will try to apply it to like desktop applications and
desktop environments and i get why they do it but that that quote is specifically in regards
to the kernel like yeah linus was talking about how if they make a change
in the kernel it shouldn't break user space now it sometimes does because sometimes the kernel
is doing something really stupid and it's just a giant security hole and then there's applications
that are using that security hole um but outside of those cases you should be able to go from one kernel version to
another and then not see regressions in the user space applications yeah but no yeah binary
compatibility on linux is dreadful and that is an issue uh it's it's especially because of things
like glibc changing and you can sort of get around it by just making very very big statically linked
binary but that's what a lot of people do but yeah no it'd be great if everyone could but
that creates issues like you see on windows where you have the the windows 3.1 application still
built in it just looks really like windows just it's so incohesive you know
yeah like our a prime example of this is i think they're retiring it now but the fact that you have
the new windows control panel and the old one on the same system and they are two completely different design languages yeah well the old one yeah because a lot of proprietary uh software made control panels
and there's no straightforward way of porting them to the new one so it just kind of became
a thing where we can't break this it's finally yeah they're finally making more progress with the new one. Windows is, uh, yeah. Yeah. Look, you get your lot, you get a lot of backwards compatibility,
but with backwards compatibility also comes with...
Legacy.
Legacy baggage. Lots of legacy baggage.
Lots of legacy baggage.
Anyway, we are closing in on the two-hour mark,
so we should probably start to wrap this up, actually.
All right.
Let people know where they can find you
well mainly on my uh youtube channel uh youtube.com slash eric palker and also of course i have the
discord which is quite a big thing where people can join in ask questions we talk about things
of course i have my x account where i just have at and then my name because someone
took my name those are my main places uh what yeah i mean of course we can find you on your channel
and you should do my outro for me well i don't know you could try i'm not gonna stop you um i'll let i'll let you do your
outro i know your channel but you got some other things i do yeah uh okay so the main channel is
brody robertson i do linux videos there six-ish days a week uh sometimes i stream there as well
i've got the gaming channel brody on on Games, I stream there Thursday and Friday,
uh, my time, so look up Adelaide, 10am Adelaide time converter into your time zone, I don't know
that is in UTC, work it out for yourself, um, I've got the React channel, where I just upload stream
clips there, and also this channel, the podcast channel Tech Over Tea.
If you are listening to the audio version, you can find that on YouTube, Tech Over Tea.
If you want to find the, if you want to, Jesus Christ, 250 episodes, still can't do this.
If you want to find the audio version, there is an RSS feed.
It'll be on all your favourite podcast apps so look that up
and yeah you'll be good to go
so I'll give you the final word
what do you want to say?
well first of all thank you
so much for having me on here
it's been great
yeah and I hope
everyone found it interesting
yeah I certainly did
hopefully I don't know.
Yeah! I haven't had someone on who talks about, like, malware research before, so
this is definitely a new topic. Yeah, well it's good to have some
spice in here. Well, yeah, absolute pleasure to have you on, so I guess we
should stop the recording. Unless you have some sign-off that you
want to say. Well, I guess I'll do what I do on my
videos. Bye!