[ot][fiction][crazy] Weird Bug Hotline
I need a weird bug hotline (tail of https://m.xkcd.com/2633/ ). Here goes. Intern: "Hi, Weird Bug Hotline. Is it currently biting you?" Callee: "Omigod, I am so happy you picked up. My code raised a corrupt exception, and when the exception handler caught it my mouse came alive and wrapped itself around my neck, it grabs my arms when I try to unplug it, I can't escape, I don't know what to do !" Intern: "Stay calm. You're still planning on storing a core dump of the corrupt exception, aren't you?" Callee: "Is that bad?" Intern: "Calm down, don't think about your core dump, don't think about how the exception handler doesn't have any access to the USB hub the mouse is connected to, just imagine everything is normal. Think about how happy your boss will be when you find an approach that doesn't raise exceptions." Callee: "I don't have a --- oh, the mouse is releasing me a little! -- I unplugged it! I'm safe! You saved me!"
Intern: "Hello, Weird Bug Hotline. Is it currently biting you?" Callee: "Hi, um, not being bitten immediately, but I do get bitten when I get close." Intern: "How big is it? Where area of the globe are you in? Does it have wings? How many?" Callee: "Do you have time to kind of just help me sort through it? It involves a lot of race conditions and locks among spaghetti code ..." Intern: "My goal is to keep you and your community safe, Callee, and I'm paid for every hour. So it's flightless but pretty big, and there are a bunch of them? What region?" Callee: "Well, it's python code, but when I was coding it I kind of imaginde that I'd make it rust, or node, or erlang, when I shared it ..." Intern: "Oh, the bugs can probably pick up some of your pheremones and body language when you're traveling like that. Some of them are really tuned into what the key threats are, and how well those threats know them." Callee: "I didn't think of that. Probably I was rushing so much I made these bugs myself, making all this spaghetti code. Thanks, Weird Bug Hotline." Intern: "Call back if something else starts buzzing in your ear!"
Intern: "Weird Bug Hotline! Is it currently biting you?" Callee: "Hi, I use a lot of network services to arbitrage cryptocurrency and train machine learning models, and my network connections keep dropping when I go on lunch or look away. It's causing me a lot of time and headache. Do you know what to do?" Intern: "That's perfectly normal, Callee. Have you tried running a packet logger?" Callee: "A packet logger? What's that?" Intern: "We'll need to log the network traffic so as to resolve the cause of the network disconnections for real. We can filter out other traffic so it won't reveal anything unneccessary. Go to https://www.wireshark.org/ and download and install the product listed there." Callee: "Okay, I'm installing it ... it's exciting to sort this out!" Intern: "Do you have it installed?" Callee: "Umm ... one minute ..." Callee: "Okay, I have it installed!" Intern: "We're going to make a network log of your traffic, so that we can understand the context of the disconnections. It's best if that happens on both the clients, and the servers. Make note of the network interface device names you're using to make the connection, and boot up wireshark." Callee: "I've booted it up!" Intern: "The log is bigger the more traffic is sent, so press the "Expression..." button at the bottom of Wireshark's toolbar, next to the filter dropdown. We're going to set a filter to only log your traffic." Callee: "Okay, it popped up a dialog." Intern: "In the "Field name" selector, scroll down to find IPv4 and IPv6. It's alphabetical. Select the kind of connection you're making." Callee: "Okay, this is IPv4." Intern: "Pick IPv4 fields and values that uniquely identify your connection. Use the "==" relation." Callee: "Hum, okay, I have a few of them, let me see. I guess I have to hit "OK" after every one? Oh, it turns it into code and adds it to the filter box!" Intern: "You'll need to add "and" and "or" operators to that filter box to make it work. And once you see the format you can just type or paste it." Callee: "Okay, I've set up my filter!" Intern: "Before you launch it, do an ifconfig on your interfaces, so you can get an idea of how many packets they're handling. Ideally you'd write a script to poll it regularly." Callee: "Oh, I have load monitoring tools for that!" Intern: "Oh? What do you use?" Callee: "Such and such product." Intern: "Huh, I should look into that. Anyway, now you've set a filter, let's select the capture interface. Go into the "Capture" drop-down menu and select "Interfaces"." Callee: "Hum, I could have just hit Ctrl-I!" Intern: "Select the interface the problematic connection is happening on, and press Start." Callee: "It's whizzing network activity by me! This is so cool!" Intern: "So, you just used wireshark to start a packet capture. It'll record the connection details around the problem: if there are timing abnormalities, or if there are various different packets sent to terminate the connection from a normal cause. If you have a headless server, you can pass the same filter you made to the "tcpdump" utility, to make the same packet capture. If you have a lot of trafffic, you'll want to make sure the data is stored on a device with enough space." Callee: "And now I just go and have lunch again, while it logs?" Intern: "Yep! In all likelihood the problem won't happen any more, now that we're logging the traffic. I usually just keep a log running all the time, to reduce my problems." Callee: "Thanks, Weird Bug Hotline!"
You Karl you are really dump don't send these spam messages this list ! -- Tutanota ile gönderildi, güvenli & reklamsız bir posta kutusu. 17 Haz 2022 15:37 tarihinde gmkarl@gmail.com:
Intern: "Weird Bug Hotline! Is it currently biting you?"
Callee: "Hi, I use a lot of network services to arbitrage cryptocurrency and train machine learning models, and my network connections keep dropping when I go on lunch or look away. It's causing me a lot of time and headache. Do you know what to do?"
Intern: "That's perfectly normal, Callee. Have you tried running a packet logger?"
Callee: "A packet logger? What's that?"
Intern: "We'll need to log the network traffic so as to resolve the cause of the network disconnections for real. We can filter out other traffic so it won't reveal anything unneccessary. Go to https://www.wireshark.org/ and download and install the product listed there."
Callee: "Okay, I'm installing it ... it's exciting to sort this out!"
Intern: "Do you have it installed?"
Callee: "Umm ... one minute ..."
Callee: "Okay, I have it installed!"
Intern: "We're going to make a network log of your traffic, so that we can understand the context of the disconnections. It's best if that happens on both the clients, and the servers. Make note of the network interface device names you're using to make the connection, and boot up wireshark."
Callee: "I've booted it up!"
Intern: "The log is bigger the more traffic is sent, so press the "Expression..." button at the bottom of Wireshark's toolbar, next to the filter dropdown. We're going to set a filter to only log your traffic."
Callee: "Okay, it popped up a dialog."
Intern: "In the "Field name" selector, scroll down to find IPv4 and IPv6. It's alphabetical. Select the kind of connection you're making."
Callee: "Okay, this is IPv4."
Intern: "Pick IPv4 fields and values that uniquely identify your connection. Use the "==" relation."
Callee: "Hum, okay, I have a few of them, let me see. I guess I have to hit "OK" after every one? Oh, it turns it into code and adds it to the filter box!"
Intern: "You'll need to add "and" and "or" operators to that filter box to make it work. And once you see the format you can just type or paste it."
Callee: "Okay, I've set up my filter!"
Intern: "Before you launch it, do an ifconfig on your interfaces, so you can get an idea of how many packets they're handling. Ideally you'd write a script to poll it regularly."
Callee: "Oh, I have load monitoring tools for that!"
Intern: "Oh? What do you use?"
Callee: "Such and such product."
Intern: "Huh, I should look into that. Anyway, now you've set a filter, let's select the capture interface. Go into the "Capture" drop-down menu and select "Interfaces"."
Callee: "Hum, I could have just hit Ctrl-I!"
Intern: "Select the interface the problematic connection is happening on, and press Start."
Callee: "It's whizzing network activity by me! This is so cool!"
Intern: "So, you just used wireshark to start a packet capture. It'll record the connection details around the problem: if there are timing abnormalities, or if there are various different packets sent to terminate the connection from a normal cause. If you have a headless server, you can pass the same filter you made to the "tcpdump" utility, to make the same packet capture. If you have a lot of trafffic, you'll want to make sure the data is stored on a device with enough space."
Callee: "And now I just go and have lunch again, while it logs?"
Intern: "Yep! In all likelihood the problem won't happen any more, now that we're logging the traffic. I usually just keep a log running all the time, to reduce my problems."
Callee: "Thanks, Weird Bug Hotline!"
On 6/17/22, zeynep@keemail.me
You Karl you are really dump don't send these spam messages this list !
Please note that although I am experienced with wireshark I have not checked the advice for strict correctness; the thread is intended as entertainment for insane techies.
Intern: "Hi, Weird Bug Hotline! Is it currently biting you?" Callee: "Yes, Weird Bug Hotline. I am currently being bitten." Intern: "Is it big and menacing or tiny and sneaky? What region are you in?" Callee: "I'm running Slackware; I had a kernel panic and rebooted, and when I booted up grub is doing something really weird, I don't understand." Intern: "Okay, calm down and look at the bug. It sounds big. Can you describe any patterns of its appearance? Does it itch or sting in any way?" Callee: "It says: "R0ckH0rse Trojan 7", uhh, "Black Zeta Command Interface", uhh and there's a blinking cursor." Intern: "Have you tried turning it off and then back on?" Callee: "Yes! Over and over again! It keeps doing the same thing!" Intern: "Callee, I am so sorry to inform you that somebody has been pwned, and it is not you. Turn the computer off and remove the hard drive." Callee: "Okay!" Intern: "You have a backup system right? Callee: "Yeah, and I bought a new one to handle this issue !" Intern: "On your clean system, image the disk and all the firmware chips of the system devices. You can use flashrom to image firmware devices. Upload the images to a cheap permahosting service like arweave, and send them to ever antivirus vendor via both physical and digital mail." Callee: "Ok! Thank you, Weird Bug Hotline!"
Intern: "Weird Bug Hotline! What's your itch? Is it biting you now?" Callee: "Hi, my phone reboots on its own sometimes, so of course I disassembled the bootloader and added tracing code --" Intern: "Of course!" Callee: "and suddenly I started seeing lights, and I was walking on the moon, and this huge creature with giant mandibles is threatening me. It says I have to call you or it will eat me." Intern: "OH, you've got a big one! Stay calm. Has it scratched you? What kind of tracing code did you add to your phone's bootloader?" Callee: "I did get a little scratched. The wound is oozing something green. Basically, it turns out my phone uses a VM, so I had it log each instruction it executed to a huge USB storage device." Intern: "Oooh, an instruction log: that's great. We need those. Can you ask the giant creature what it wants?" Callee: "Sure!" [a pause] Callee: "It says that it will lay babies in you and take over your hive." Intern: "Tell it it's too late, somebody already did that." [another pause] Callee: "It got embarrassed and left! I'm back with my phone! Thank you, Weird Bug Hotline!"
Intern: "Weird Bug Hotline! Is this an emergency?" Callee: "I don't think so? I'm trying to diagnose my computer's power usage, I have the circuit diagram, and there's a strange round device wired in not on the circuit diagram." Intern: "The silent and deadly biters. Those can be rough! Is your system under warranty? Are there any markings on the insect? Can you take a photo?" Callee: "No, the warranty expired last month. Uhhhh ... it says "Audio Surveillance Property of BossCorp 2022". I'll take a picture !" Intern: "Please send the picture to as many groups that follow these things as you can find. One is https://earsandeyes.noblogs.org/contact/ . Others can be found at https://buggedplanet.info/ and this very hotline organization!" Callee: "Thank you, Weird Bug Hotline!"
participants (2)
-
Undiscussed Horrific Abuse, One Victim of Many -
zeynep@keemail.me