Sam Altman and Elon Musk are currently having an argument on social media

tldr

No idea why they're arguing. But it seems silly two profoundly wealthy and influential people are getting into an argument on social media

I also cannot remember the social etiquette on whether or not calling a person retarded is politically incorrect. I was informed it is, others have asserted it is not. A person has informed me they're disgusted that I would call people the R-slur, but I am not sure if this constitutes a slur or not because mental retardation is an actual medical diagnosis

I don't understand the world. I'm scared and confused.

Lots of nerds arguing over FFmpeg and Google stuff still.

Basically security nerds have argued that FFmpeg has a responsibility to fix any bugs in their project regardless if they call themselves a "volunteer project" or a '"vendor".

Security nerds argue that because of the size and popularity of FFmpeg, which FFmpeg proudly reps, then they should fix the issue and trying to minimize themselves as "volunteer project" is redundant

FFmpeg has responded, in summary, "stop jerking yourselves off, just submit a patch".

Security nerds retorted that it's not their job to submit a patch and FFmpeg, as the vendor or volunteer project, whatever you want to call it, is responsible for the patch.

FFmpeg and it's supporters have criticized security nerds as people who want to find CVEs to look cool and badass, rather than actually improving the security posture of a project.

We're on day 3, or day 4, of a bunch of nerds arguing about patches and stuff. It's a beautiful thing. I enjoy reading it. I think everyone makes a valid point.

I also enjoy people calling each other nasty names and insults over something they're not involved in (they don't work at Google or help FFmpeg, they're just picking their team)

Overall I give this drama a solid 7/10.

Woke up this morning to people who don't work in cybersecurity, or really do anything in cybersecurity at all, trying to tell me what's happening in cybersecurity

I'm really confused

One person commented that I'm biased because I keep calling security researchers nerds

I am profoundly confused. My confusion knows no bounds.

This started happening a few hours ago. I don't do cryptocurrency stuff (it's for nerds), but apparently someone stealing $98,000,000 is a problem, or something

Why are my tax dollars being used to schizo post from the official Whitehouse domain

https://www.whitehouse.gov/mysafespace/

Tomorrow at 6PM CST I'll be doing a talk at Dakota State University.

My first post about this I incorrectly stated I was speaking at the University of South Dakota. They're both a university, they both have the word Dakota, they're both located in South Dakota, but I have a small brain so it easy for me to misremember.

Anyway, I will be speaking on Discord while also simultaneously being broadcasted through their lecture hall (huge mistake). I am doing it online because Dakota State University is far away and I do not like going outside.

Despite given appropriate time to plan (months in advance, I said I was busy), I have no plan. I will probably babble incoherently for 90 minutes about malware stuff, or until the University bans me, or until I'm banned from their Discord, or both.

I told them my lecture fee is pizza and energy drinks. They obliged (huge mistake).

It will not be recorded. This is a one time, limited edition, ultra rare, schizo talk. I'm doing this unironically for a free meal. I will also schizo rant at your school (or work place if you want to have an HR catastrophe) for a free meal too.

I swear a lot and vape a lot.

The students are going to hear a mid-30s man babble, "Yeah, so like, it's all a bunch of bullshit, man. Like, these dumb muthafuckers think VirusTotal detection scores means the shits undetected, but that's not what the fuck that shit means, like, at all, dawg".

They will realize attending a University was a mistake when they discover I was chosen to as a speaker. Please say a prayer for the kids tomorrow.

andreee_eeeeee is restricted by EA in Battlefield 6 because their online moniker "DogWifHoodie" constitutes "harassment" and making people "feel unsafe".

The name "DogWifHoodie" was flagged by their automated system because the word "Hoodie" has the word "Die" in it.

tl;dr string.contains("die")

are we fucking serious right now?

YouTube's AI moderation system has terminated malware nerd Endermanch from YouTube

The AI system determined his account was linked to some banned YouTube account (it wasn't), so they banned him too

He tried appealing it, but unsurprisingly the appeal system is AI slop too

In a truly brilliant move, employees from DigitalMint and Sygnia, responsible for handling ransomware negotiations, were indicted for performing ransomware attacks under ALPHV ransomware group.

- Kevin Tyler Martin, ransomware negotiator from DigitalMint
- Ryan Clifford Goldberg, Digital Forensics and Incident Response manager from Sygnia
- Unnamed co-conspirator-1

The motive, per court documents, were the individuals were motivated to "get out of debt".

All 3 men began performing ransomware attacks in May, 2023 and continued performing ransomware attacks until on or around April, 2025. The attacks stopped when the United States Federal Bureau of Investigation approached Ryan Clifford Goldberg regarding the ransomware attacks.

Unsurprisingly, Mr. Goldberg initially denied having any knowledge of the ransomware attacks. However, he cracked during the interview and placed the blame on the currently unnamed co-conspirator. He stated he was recruited by him.

After the interview concluded, Mr. Goldberg and his wife purchased 1-way tickets to France (???). Unsurprisingly (again), he has been detained in France because he is not a citizen of France and France doesn't give a fuck about a non-citizen.

Mr. Kevin Tyler Martin, currently residing in Texas, spoke in 2024 at a technology conference where he spoke about his experiences defending ransomware attacks and handling negotiations.

Both Mr. Goldberg and Mr. Martin have been charged with:
- Violation of the Hobbs Act (18 U.S.C. § 1951) x2
- Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030 (x1)

Under max penalty of law, Mr. Goldberg and Mr. Martin could face as long as 50 years in prison.

tl;dr 3 dudes who handle ransomware stuff were secretly doing ransomware stuff, got caught, one of them self-snitched and fled the country. other 2 nerds panicking but not fleeing country. theyre in really big trouble

It's been two months and some dude named "Orange" is still leaking sensitive stuff from the Iranian government.

Last week he leaked credentials to various infrastructure they possess, BTC wallet addresses, etc

https://github.com/KittenBusters/CharmingKitten

Today I spoke at Dakota State University

I am now banned from Dakota State University

Just kidding (I hope)

Thank you students, and faculty, and strange people from the internet who some how found the Discord server I was speaking in. I hope my schizo rant was beneficial in some capacity.

Also, thank you to Shden (no idea how to say your name) for asking me super specific malware development and Windows internal questions. It caught me off guard and I was not prepared to have a serious conversation in any capacity. It was a reminder that I don't remember shit and all I know how to do is spam pictures of kitty cats.

Yeah, so basically I was going to do this whole write-up on @BetterTelegram because people asserted it's (probably) malware.

There was this thing where one of it's affiliates, or something, offered me money to make a post about it. I made a really, really, really goofy and borderline satire advertisement that, shockingly, this person agreed upon. However, the actual developers of BetterTelegram got really sad when they saw the post.

They said they spent a long time working on it and my satirical "ad" made them look bad. Long story short-ish, I agreed to actually look at it. I don't give a fuck about Telegram so instead I decided to poke it with a stick to determine if it's malware.

I ended up pulling it apart, poking it with a stick, poking it with a slightly bigger stick, ... and I got bored pretty fast.

It's not malware.

It's a regular problem. It's boring. BetterTelegram states they're open source and you can view the source code to their application on GitHub. They weren't lying.

The installer it distributes from it's website is a generic installer. You can unironically open it with 7z GUI and look at what's inside of without executing it. The installer is boring stuff such as:
- The binary itself (inside of a 7z though, it's compressed)
- Dumb stuff it's dependent on, like libraries
- Images the file uses

After you rip out all of the installer stuff and get the actual binary you end up with a program written in NODE.JS.

If you're unfamiliar with NODE.JS, it's very easy to revert the binary back to its original source code. Discord is written in NODE.JS. You can sneeze, shit your pants, stumble into a dark and spooky room, and accidentally get the source code to Discord (or rather, as close as possible, but lets not get overly pedantic here, okay?)

After I bonked BetterTelegram with a stick designed for NODE.JS, I very quickly found it's source code which is identical to the source code they share on GitHub. It was boring.

Funnily enough, BetterTelegram does query the BetterTelegram domain, check to see if there are any updates, and if there are updates ... it downloads the latest libraries required ... boring.

BetterTelegram, being written in NODE.JS, uses some weird ass game library thingy for some of it's stuff. BetterTelegram works by injecting a library into Telegram. Basically, it functions like a plugin. The injection library it uses is called "ffxiv-teamcraft".

Yes, you read that correctly, the API it uses to inject the plugin is from a Final Fantasy XIV modding community.

It also uses an external application called "elevate.exe" to elevate itself if need be. However, this is from something else, it's on VirusTotal, it's ... just normal goopy program stuff.

The DLL it injects (the plugin) is also virtually identical to the one on their GitHub. The plugin DLL is the thing that actually does the OTR encryption stuff. I'm not a fuckin' cryptographer, so I can't state how good (or bad) their OTR encryption and/or implementation is. I'm not going to bother even trying to fuck with that shit.

BetterTelegram is an OTR thingy they're selling as a plugin for Telegram. I'm bored with it. Many people initially seemed spooked by it ... I had kind of hoped it would something a little spooky ... but nope.

I have literally nothing else to say.

Sat here in my undies, writing this post, trying this new thing called "nic salts". This nic salt stuff will put a fucking hole in your chest.

Anyway, this is 2nd thing I've reverse engineered the past few days that ended up being regular 'ol program goop. I want spooky goop.

Nicotine salts, I guess it's different than vape juice? I dunno. The guy with pierced ears and funny hair at the store recommended it to me