Wikipedia:Reference desk/Archives/Computing/2017 May 13

= May 13 =

Reproduce Logos for making tutorials
Is it legal to reproduce logos of famous companies for educational purpose?-- Jos   eph   04:24, 13 May 2017 (UTC)

Hacking
Is there A free Site To Learn Hacking For A begginer — Preceding unsigned comment added by 2405:204:338A:DBCF:80D6:20FD:7581:CC0E (talk) 11:11, 13 May 2017 (UTC)
 * Didn't they tell you about it in Burglary School? {The poster formerly known as 87.81.230.195} 2.122.60.183 (talk) 13:18, 13 May 2017 (UTC)


 * In September, 2016, another user asked about hacking into a camera. Today, our OP asks about hacking into a website.  Here are some of my remarks, edited slightly.
 * I would like to make a few comments on the use of the word, "hacking."
 * Don't get me wrong - I love model trains as much as the next guy, and I even flew across an ocean just to visit the world's most sophisticated instance... but don't confuse the superficial trappings of "hacker culture" with actual technical skill. Real "makers" spend years learning.  "Wannabe" hackers believe in "innate skill" and overnight  success - these people have been totally fooled by fictional ideas put forward in Hollywood films.  Even the manual for the Canon "Hacker" Developer Kit warns you about this problem: the myth of the CHDK software is an easy-to-use camera tool, while the reality of using that software is, as they phrase it, a lot of hours spent staring at broken, buggy software.  This is fun for some people!
 * There is a reason that "real hackers" like model trains. Something in their brain makes watching a toy choo-choo drive in endless circles absolutely enjoyable.  This is the exact same part of the brain that is stimulated by staring at software code for hours - repetitive, subtle, immensely technical, and very little is actually happening visibly.  The "magic" is all in your imagination, and in your brain's ability to abstract into all the details.  Most people can't do that.
 * A few people on Wikipedia have personally written to me asking for advice on "hacking" - I sometimes write a lengthy reply when the prospective "hacker" manages to pique my interest in some way. If you read what I've said in the past, I consider "hackery" to be the sign of sloppy workmanship.  Hacking is something you should be embarrassed about when you must do it - it is never something to be proud of.  I prefer to think of the etymology in the sense of the pejorative - "hack" - low quality, sloppy, rushed work.
 * I spend a great deal of time programming software for cameras. Unfortunately, more time than I would like must be spent chasing down other people and holding them accountable for their low-quality, sloppy, rushed work.  These people are hackers, of a sort, and their career prospects are sometimes cut short, after I unleash my wrath upon them and hold them accountable for the software-quality that they produce.  If you work with me and my cameras, do not "hack": you won't last long.  I do not hold such "hackers" in high regard.
 * Sometimes, people use the word "hack" to mean reverse-engineering, and especially to mean malicious reverse-engineering. I spend an unfortunate amount of time acting preventatively to keep those hackers at bay.  Most of the time I succeed.  Sometimes, they get the slip on me, and when I fail to prevent their effort, it (occasionally) makes the news.  Let it be known - I do not hold that type of hacker in high regard, either.
 * Surprisingly few people take the time to "hack" in the proper sense of the word - producing the kind of detailed, careful technical work that people like me aspire toward.  This type of "hacker" is more likely to spend their days meticulously grooming their toy train set, than trying to backdoor somebody else's - because it's about detail and perfection and technical excellence, and these are all skills that are far more important than busting up somebody else's work with a debugger.
 * So: if you're an up-and-coming software programmer, that's great! Learn everything you can about your computer, and electronics, and math theory, but spend some time building your own toys before you really try to take somebody else's toy apart.  This is a mindset that will make you better at building cameras computer websites, if that's what you want to do.
 * Somewhere, on one of my very old boxen, I have a screenshot of my terminal on the day I finally hacked in to the Project Athena computer system. How did I do it?  Well, I spent a lot of years struggling with computers and learning all I could about programming and software; I studied very hard in math and physics; I earned spectacular grades in difficult classes that taught electronics, math, and science; and one day, the fine folks at MIT handed me a login-key to the system.  In hacker-speak, this is called "social engineering."
 * Nimur (talk) 15:22, 13 May 2017 (UTC)
 * I actually 'hacked' my company's network yesterday. I changed several permissions which I nominally didn't have the ability to change so that I could re-install Acrobat Pro after a screw-up from our security vendor blocked any folder in the program files directory from being re-created after it was deleted. It was boring as shit, and basically consisted of trying something, rebooting the machine, signing on as a different user and trying to re-install. When that didn't work, I would reboot the machine, log on as a domain-admin again and repeat ad nauseum. I was hacking a network I was already connected to, which I knew very well and which was protected by a security protocol that was about as effective as a screen door on a submarine, starting with a user account that was a machine-level admin and with access to a domain-admin account, and only managed to accomplish the changing of just enough permissions that a domain-admin could change the ownership and permissions of two folders on a workstation. It took four hours. If I wanted to actually compromise the network (assuming I didn't start with access to a domain-admin account), I would have spent about ten times as long. If they had actually decent security, it would have taken twenty to fifty times as long. If I were doing this on a machine that wasn't part of the network, it would have taken a hundred times as long, and required lots of interesting-in-theory-but-boring-in-practice tools like a kali distro, mimikats and a bunch of proxy servers. Maybe even a botnet. And of course, all that is assuming I would have been able to accomplish it at all, which is far from a certainty. I don't even know where to begin setting up a botnet, though I suspect I could do it if I really wanted to. However, I really like this whole not-going-to-jail thing which I've been doing for most of my life, so I don't think I'll be trying any time soon.
 * If that's what you're interested in, a simple google search for "hacking for beginners" will make you think you're starting down the right path, but you'd be wrong. If you really want to hack? First, learn to build a computer. Then, learn how to code a desktop application. Then, learn how to do networking. Then, learn how to do cryptography. Then, learn how to develop client-server applications. Then, go back and re-learn how to do networking because so much has changed since you first learned. Then, learn how to do networking really well.
 * Once you've done all that, go back and search for "hacking for beginners" and then you'll finally be on the right track. Go watch some videos from DEF CON and you'll notice that a lot of those guys seem to know each other. You'll also notice that whenever a guy under the age of 40 or so shows up to give a talk, they either have a PhD or are currently earning one. Do you know why? Because effective hacking requires a lot of knowledge. You're not going to get that from a "H4cking 4 dummi3s" type guide.
 * Oh, and I hope you're not afraid of jail. Because if you do anything ambitious without basically having an entire hacker group to help hide your tracks, you're gonna be going to jail. However, there is some good news: Most sex in prison is consensual, so there's no need to worry too much about sharing a cell with a 350lb skinhead named "Tiny". ᛗᛁᛟᛚᚾᛁᚱPants   Tell me all about it.  20:01, 13 May 2017 (UTC)
 * I agree with everything said above: I've been programming for over 30 years, and my actual knowledge about what popular media considers "hacking"--breaking into secure systems--is minimal at best. For me, hacking is about overcoming limitations of existing technology: for example, I like to buy old handheld video game systems (like the Tiger Electronics series) and then decipher the ROMs to see how they work. I've spent several years doing this, and all my knowledge has been hard-gained (I spent months rewiring an older video game system before realizing I was actually soldering to pin 20, instead of pin 21). The gain for me (as Nimur has pointed out) is that I have a fairly deep understanding of how these systems work: that is much more enjoyable than breaking into someone else's system, where there's unlikely to be anything that actually interests me. OldTimeNESter (talk) 13:36, 14 May 2017 (UTC)
 * One more comment: at least half of what you hear reported as "hacking" in the media is just a company that forgot to shut off access to a disgruntled (former) employee, or someone shared a password they shouldn't have. Much of the rest is social engineering: you pretend to be someone you're not to get access to a system you shouldn't bave access to (the human is always the weakest element). I estimate that fewer than 10% of system intrusions actually involve technically exploiting a vulnerability: a friend of mine who worked for one of the 3-letter agencies told me that once you've gone that route, you've already lost the battle. If you still aren't deterred, www.HackThisSite.com is a good introduction to the *very* basics of system intrusion, and the beginner missions are a lot of fun (and legal!). OldTimeNESter (talk) 13:36, 14 May 2017 (UTC)
 * The point about social engineering is a good one. The vast majority of the sort of hacking (system penetration) that you see in the movies starts with someone getting a username and password when it happens in real life. So study up on running cons, too. ᛗᛁᛟᛚᚾᛁᚱPants   Tell me all about it.  14:57, 15 May 2017 (UTC)

Gold or pyrite on laptop circuit boards?
I'm taking apart some broken laptop screens I received for free so I can get the CCFLs. I figured I'd also retain any gold plated connectors which I want to save until I have enough to recover the gold and buy a burger! There are some things that are gold-coloured but I wouldn't expect to actually be gold-plated, but maybe they are? What about these circles in this photograph, below? Gold or something else? They look like some kind of contacts for testing purposes.

http://i.imgur.com/4kz0o65.jpg

Here's a photograph with things that would be mental to cover in gold like reinforcement for a screw hold and lettering...

http://i.imgur.com/Ig0Reyz.jpg Seans Potato Business 15:37, 13 May 2017 (UTC)
 * Some of it is gold, and a lot more of it is copper... but even if you do have gold contacts, you're talking about nanograms of material. Picograms.
 * Gold is magical stuff: it can form monoatomic layers. This is a really important property of the metal - it's why even over a hundred years ago, physicists could make gold foil that had thicknesses that were small and countable numbers of atoms - and could do atomic physics - just by squishing the metal with a hammer until it was only a few atoms thick.
 * When you electroplate, the chemistry is even more amazing: you probably have a handful of atoms coating that surface.
 * The moral of this story: if you want to get a hamburger's worth of gold, how much electronic waste are you going to need? A lot.
 * Think of it this way: somewhere on this planet, there is a factory where a worker drops a gold-ingot into a chemical-bath, and then dunks a bunch of parts in to get plated. How many parts can they build, per gram of input-gold-ingots, before they have to add a new one?
 * The answer is, millions. When you electroplate in industrial quantities, they don't even bill you for the gold you use, because it's such a tiny quantity, it's cheaper than the acid.  It's cheaper than the protective equipment the workers have to wear while dealing with noxious nitric acid and cyanide and exposed wet electrodes and all kinds of other hazards.  (You can price this up using your favorite "boutique" quick-turn-around PCB fabrication company - here's Omni PCB's quote calculator, and just remember that industrial-scale costs are literally exponentially smaller than the overnight-shop rates).
 * Aside - it's actually more expensive to build with aluminum than with gold, because they apparently have to use a different factory. There's actually a long history of aluminum's valuation exceeding gold!  Economics is a funny thing!
 * Use extreme caution when mucking with gold chemistry: gold is very non-reactive, which means that the nasty chemical you're gonna dump on your board to scrape the gold off is extraordinarily reactive. It won't only liberate the gold - that chemical reaction might also liberate some testy organic polymers and other heavy metals that are almost certainly in your typical printed circuit board.  So even if you get some "gold dissolver" juice - don't breathe it, drink it, leave it near your house; don't store it in plastic, don't store it in glass, don't store it in metal; don't ... well, you get the idea.
 * And while we're on the topic, use caution with the CCFL tubes - those commonly have some pretty gross inorganic and organic materials in them, too. Do you enjoy your kidneys?  Chronic exposure to low dosage mercury is known, by the CDC, to cause abnormality!
 * Nimur (talk) 15:53, 13 May 2017 (UTC)

WannaCry ransomware attack effect on technology companies
Has the WannaCry attack affected any technology company besides Telefonica? — Preceding unsigned comment added by Hofhof (talk • contribs) 20:41, 13 May 2017 (UTC)


 * It appears to be mostly affecting the public sector in most countries and large institutions that are unwilling or unable to update their computers (Banks, Hospitals, etc) (See here). Most big tech companies are more likely to run more up-to-date systems, have better security policies and carry better backups than your average too-big-to-fail institution and that might explain it. Thanks ツ Jenova   20  (email) 11:47, 15 May 2017 (UTC)