Infosec Press

Reader

Read the latest posts from Infosec Press.

from copies

via Jürgen Hubert – @juergen_hubert@mementomori.social

Not far from the village of Retzin, which lies about one and a half miles away from Penkun, there is a long, tall hill and beneath it lies a lake commonly known as the Leichensee (“corpse lake”). On the hill, which is now overgrown with shrubs, there used to be a bandits' castle, whose remains can be spotted now and then amidst the shrubbery. The whole hill is therefore still called the Burgwall (“castle wall”)[1]. The bandits who lived in the castle threw the corpses of those they slew into the lake, from which the lake derives its name. The murdered and the murderers are said to haunt the lake and its environs in some nights, and nobody likes to visit the area after dark. Another tale gives us more details: The Leichensee is in the middle of two spots where two castles used to stand, and where now the villages of Lökenitz and Ramin can be found. These two castles belonged to a villainous robber knight named Hans von Ramin. The river Randow, which flows through the lake, was traversable by ships in those days[2] and thus it was common for ships to pass through the lake. The knight with his bandits only waited for those moments, and he had constructed an ingenious contraption which aided him in capturing those ships. He had put down two chains across the lake which were about 50 feet apart, and which were about two inches above the water when they were stretched taut. Whenever he saw a ship approaching in the distance he and his bandits hid in the reeds at the shore of the lake and left the first chain slacken so that it would be below the surface of the water. But when the ship had passed over it, he pulled it taut again. And thus the ship was stuck between the two chains and could go neither backwards nor forwards, and he and his bandits swarmed over it, slaughtered the crew, and took all of its goods. The corpses were thrown into the lake, on the side of the long hill[3]. It frequently occurred that the bandits discovered a larger crew on the ship than they had anticipated. In these cases they rang a large bell, which they had hung up at the shore for this very purpose. Then reinforcements would arrive from both castles. This bell fell into the lake after the death of the knight. It remains there, and at noon on St. John's Day it is still possible to hear its ringing. Source: Temme, J. D. H. Die Volkssagen von Pommern und Rügen, 1840. P. 202-204.

 
Read more...

from Grimoire

“Комуникацията е жизненоважният мост между човешките съзнания – нейното отсъствие ражда бездни от недоразумения, в които се погубват мисли, чувства и намерения. Колко му е хората да започнат да си споделят повече притесненията и емоциите? “

Да споделиш е да се отвориш, да се отключиш, да се отдадеш. Всяко малко отдаване причинява страх, който все по-дълбоко копае навътре в черупката на комфорта и спокойствието. От друга страна, липсата на емоционална връзка със света те прави уязвим и склонен към крайности.

Ето какво казва Ursula K. Le Guin в The wave in the Mind за комуникацията:

The ruling concept of communication as a mechanical model

Кутия А и кутия В са свързани с тръба. Кутия А съдържа единица информация. Кутия А е предавателят, изпращачът. Тръбата е начинът, по който се предава информацията – тя е средата. А кутия В е приемникът. Те могат да редуват ролите си. Изпращачът, кутия А, кодира информацията по начин, подходящ за средата – в двоични битове, или пиксели, или думи, или каквото и да е, и я предава чрез средата на приемника, кутия В, който я получава и декодира.

А и В могат да се разглеждат като машини, например компютри. Те могат да се разглеждат и като умове. Или едната може да е машина, а другата – ум.

В повечето случаи на хора, които действително разговарят помежду си, човешката комуникация не може да бъде сведена до информация. Съобщението не само включва, то е връзка между говорещия и слушащия. Средата, в която е вградено съобщението, е изключително сложна, безкрайно повече от код: тя е език, функция на общество, култура, в която езикът, говорещият и слушащият са вградени.

В човешкия разговор, в живата, действителна комуникация между или сред човешки същества, всичко „предадено“ – всичко казано – е оформено по време на говорене от действителен или очакван отговор.

Живата човешка комуникация лице в лице е интерсубективна. Интерсубективността включва много повече от машинно-медиирания тип стимул-реакция, наричан в момента „интерактивен“. Изобщо не е стимул-реакция, нито механично редуване на предварително кодирано изпращане и получаване. Интерсубективността е взаимна. Тя е непрекъснат обмен между две съзнания. Вместо редуване на роли между кутия А и кутия В, между активен субект и пасивен обект, това е непрекъсната интерсубективност, която тече двупосочно през цялото време.

Моят личен модел за интерсубективност, или комуникация чрез реч, или разговор, е амеби, които се репродуцират. Както знаете, амебите обикновено се размножават, като просто тихо се оттеглят в ъгъла и се разделят на две амеби; но понякога условията показват, че малко генетичен обмен може да подобри местната популация и две от тях се събират, буквално, и се протягат една към друга и сливат псевдоподите си в малка тръбичка или канал, който ги свързва.

fig 2

След това амеба А и амеба В обменят генетична „информация“, тоест буквално си дават вътрешни части от телата си, чрез канал или мост, който е направен от външни части на телата им. Те прекарват доста време, изпращайки части от себе си напред-назад, взаимно отговаряйки си.

Това е много подобно на това как хората се съединяват и си дават части от себе си – вътрешни части, умствени, а не телесни части – когато говорят и слушат.

Две амеби, които се съединяват по този начин, или двама души, които говорят, образуват общност от двама. Хората също могат да образуват общности от много, чрез постоянно изпращане и получаване на части от себе си и другите – тоест чрез говорене и слушане. Говоренето и слушането в крайна сметка са едно и също нещо.

Речта ни свързва толкова непосредствено и жизненоважно, защото тя е физически, телесен процес. Ако монтирате два стенни часовникови махала едно до друго на стената, те постепенно ще започнат да се люлеят заедно. Те се синхронизират взаимно, като улавят малки вибрации, които всеки предава през стената.

Всякакви две неща, които осцилират с приблизително един и същ интервал, ако са физически близо едно до друго, постепенно ще имат тенденцията да се „заключат“ и да пулсират точно с един и същ интервал. Нещата са лениви. Изисква по-малко енергия да пулсират съвместно, отколкото да пулсират в опозиция. Физиците наричат тази красива, икономична леност взаимно фазово синхронизиране, или „увличане“.

Всички живи същества са осцилатори. Ние вибрираме. Амеба или човек, ние пулсираме, движим се ритмично, променяме се ритмично; ние поддържаме ритъм. Можете да го видите в амебата под микроскоп, вибрираща в честоти на атомно, молекулярно, субклетъчно и клетъчно ниво. Това постоянно, деликатно, сложно туптене е самият процес на живота, направен видим.

Ние, огромните многоклетъчни същества, трябва да координираме милиони различни осцилационни честоти и взаимодействия между честотите в телата ни и нашата среда. Повечето от координацията се осъществява чрез синхронизиране на импулсите, чрез привеждане на ударите в главен ритъм, чрез „увличане“.

Подобно на двете махала, макар и чрез по-сложни процеси, двама души заедно могат взаимно да се фазово синхронизират. Успешните човешки взаимоотношения включват увличане – влизане в синхрон. Ако това не се случи, връзката е или некомфортна, или катастрофална.


Катастрофата се получава, когато страна А или B не е предразположена към такъв обмен и се опитва да се отскубне от връзката с тръбата, ако въобще е била поставена. Това се случва (може би) по-лесно в XXI век, тъй като масовата култура подкрепя затвореността, нишовостта, разделението.

Divide et impera!

И все пак, не можем да спрем да се опитваме да говорим с хора, а особено трябва да вземем присърце и опитите (често синоним на провалите) да комуникираме и с по-затворените хора, които често имат толкова много да кажат.


 
Read more...

from Hyperscale Security

As a profession, cyber/information security has been telling itself that it is “risk-based”, but often fails to live up to that in practice. We see this from hyping threats because they're cool and make for a good conference talk, to having to make a market for a new Gartner product category.

We therefore often mistake the possible for the probable, and the PoC for a Production threat we have to invest to fix. Nowhere is this more extreme than in post quantum cryptography (PQC) and the false urgency of fixing it now, just in case.

Crypto Agility and PQC

Don't get me wrong. Crypto agility and PQC are good things. It is good to know which libraries in your code provide crypto functions so you can keep them up-to-date, whether for PQC or otherwise. That is not the debate. What I have trouble with is the urgency on a problem that everybody agrees to isn't real yet. There are no working quantum computers. Estimates are 5 (optimistic) to 10 (more realistic) to 20 (maybe) years out. Are we still doing risk-based infosec if we're spending time and effort on a problem that realistically won't occur for years?

Are we, when most organizations can't even keep on top of known vulnerabilities or running an effective CSPM program? Between your phishing defense, ransomware resilience and XDR adoption, where does this rate?

“Harvest Now, Decrypt Later” isn't Real

“Oh, but adversaries could capture TLS traffic, store it till a later date and decrypt when quantum computers are viable”.

Yes. Theoretically. But TLS + storage for 10 years is not free – especially when you consider the volume of TLS traffic that runs across the internet on a continuous basis. Google Search gives me daily internet traffic volumes running from 33 exabytes to 0.4 zettabytes which is quite the range, but enough to make it clear that is “stupid scale”. Therefore, simply due to volume, any HNDL would have to be targeted. Unless you're a foreign government or critical industry, that almost certainly already puts you outside of danger.

But BGP Hijacks...

BGP hijacks do happen, where adversaries route vast traffic volumes through infrastructure they control. This is almost certainly to capture metadata, not to HNDL. Even after filtering, what worth is a snapshot of a few hours or days after a decade? At the very least you'd want a continuous stream.

BGP hijacks would be incredibly wasteful to adversaries – storing data in the hope a fragment of a conversation might one day prove useful.

What About Targeted Organizations or Journalists?

If you're a targeted organization watch your XDR and network detection! If you're a journalist, use safe modes and reboot often as surveillance tools targeting you are already on the market.

You're WRONG, I have Clearance and Know it Happens

Very good. And maybe it is, but that still doesn't mean it's a threat. Those adversaries may believe it and waste their time. And you should still start your crypto agility program if not already done, for reasons nothing to do with PQC. Either way, I am happy to admit I am wrong, if that proves to be the case a decade from now. I'll wear the badge “PQC, The One I Got Wrong”.

But I'll take those chances. At least as long as the front doors remain wide open in most of our organizations.

 
Read more...

from Bruno's ramblings

One of the symptoms I hate the most in fibromyalgia is how it messes with my internal temperature perception. Whatever the season we're in, if I'm in pain, I'm sweating. If I do something that my body interprets as physical effort, I transform into a human sweat waterfall. Sometimes, things get even worse, and I feel so hot that I have trouble breathing.

Let me use today as an example. When I woke up, I brushed my teeth and then cleaned Chico's toilet. In a matter of seconds, my t-shirt was soaked in sweat, and my eyes were burning from the perspiration dripping from my forehead and into my eyes.

But it gets worse. Sometimes, I feel so hot that I have trouble breathing. And today was another example of that.

All of this because I woke up, got out of bed, brushed my teeth, and cleaned my cat's toilet. Just this.

There's an upside to this, though [I'm trying to look on the bright side of this, ok...]. Occasionally, before I start feeling the pain increasing, I start feeling crazy hot and sweating. This allows me to at least have a few moments to prepare myself for the upcoming pain increase. Those few moments can go from a few seconds to a few minutes, but never more than that, unfortunately.

Better than nothing, though 🤷.

Always look on the bright side of life

#ChronicPain #Fibromyalgia #Pain

 
Read more...

from novaTopFlex

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

 
Read more...

from Fediverse Transition

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

 
Read more...

from novaTopFlex

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

 
Read more...

from novaTopFlex

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

 
Read more...

from Tom Tildavaan

I bought one so you don't have to. (Edit: at least until Eaton supports Matter over WiFi)

Eaton EWSW15

These devices connect to Azure IOT Platform. While I am sure Eaton has a great deal for that, it means that every time I turn the lights on or off, Azure gets paid a small amount of money.

The switch, while not multi-touch capable, will wait 0.5s before turning the load on or off.

In an event of a network connection disruption, when you are back online the switch will take ~5 minutes to become available in the app. There is no local control even though the ESP32-C3-MINI1 (datasheet) module can do this. The unit is provisioned with WiFi credentials over Bluetooth but other than that Bluetooth is not used.

And when you use schedules, the status LED does not correspond to the actual state of the switch.

I am still debating whether to give Schneider Electric Matter-over-WiFi a try, but the more I read the specs the more I become convinced that Z-Wave network I already have is the best.

Edit: https://www.eaton.com/us/en-us/products/wiring-devices-connectivity/Matter.html suggests that at some point these WiFi devices will gain Matter support. If/when that happens, these switches, dimmers, and receptacles will become much more useful.

 
Read more...

from Tom Tildavaan

In case you want more #IOT in your life, Eaton ships remotely actuated circuit breakers.

The breakers are provisioned using a “BlinkUp” system through your phone. You start the provisioning on your device, then put your screen to the sensor on the circuit breaker, your screen blinks a number of times sending WiFi credentials to the device, and then the latter connects to the Electric Imp servers. Eaton is using impOs as the basis of their offering, and Electric Imp is adamant they are secure.

Now, Eaton provides API to these circuit breakers – https://api.em.eaton.com/docs, but there is no true local access – there is apparently a way to get local control, but your device must phone home weekly to receive configuration that would allow you to talk to your device locally.

 
Read more...

from Tom Tildavaan

As I was writing this I decided to scan GitHub for the URLs I found so far, and, well, people smarter than me have already written a home_assistant integration against #SEW, but it is a bit different from what I saw in the field:

I'd still like to describe how to locate the endpoints and the login process, so here we go...

This is the second post about #SEW SCM API – Smart Customer Mobile API by Smart Energy Water, this time we will learn about different APIs using real world utility websites.

It appears that there are at least two different API “flavors”. The one that uses ModuleName.svc/MethodNameMob naming convention and usually resides under PortalService endpoint, and the newer one, which lives under /API/.

So e.g. Nebraska Public Power District has endpoints at https://onlineaccount.nppd.com/PortalService/, e.g. https://onlineaccount.nppd.com/PortalService/UserLogin.svc/help. Rochester Public Utilities runs a different set of endpoints, with the root at https://connectwith.rpu.com/api.

The endpoints for the latter API can also be browsed at https://scmcx.smartcmobile.com/API/Help/.

Different utilities pay for different set of modules, and here's some of the modules I have discovered so far:

  • AdminBilling
  • CompareSpending
  • ConnectMe
  • EnergyEfficiency
  • Generation
  • Notifications
  • Outage
  • PaymentGateway
  • Usage
  • UserAccount
  • UserLogin

For /PortalService/ endpoints you can visit BASE_URL + /PortalService/ + ModuleName + .svc + /help to get the list of RPC calls you can issue. In order to find out what to send in the requests, you need to look into the calls within the apps for your utility. Note that some utilities opted out of the AES/CBC/PKCS5Padding PasswordPassword encryption, so let's hope this will be a trend forward. Currently SEW web portals talk to a completely different set of APIs to populate the interface, even though they are querying the same thing.

So to start, here's how to login to your favorite utility:

from typing import Mapping, Any

import base64
import json
import hashlib
import requests
import urllib.parse

from Crypto.Cipher import AES

BASE_URL = "https://example.com/PortalService"


def _encrypt_query(
    params: Mapping[str, str], encryption_key: str = "PasswordPassword"
) -> str:
    """Encrypt with AES/CBC/PKCS5Padding."""
    cipher = AES.new(encryption_key, AES.MODE_CBC, IV=encryption_key)

    cleartext = urllib.parse.urlencode(params).encode()

    # PKCS5 Padding - https://www.rfc-editor.org/rfc/rfc8018#appendix-B.2.5
    padding_length = 16 - len(cleartext) % 16
    cleartext += padding_length * chr(padding_length).encode()

    return base64.b64encode(cipher.encrypt(cleartext)).decode("ascii")


def request(module: str, method: str, data: Mapping[str, Any]) -> Mapping[str, str]:
    enc_query = _encrypt_query(data)
    # Or module + '.svc/'
    url = BASE_URL + "/" + module + "/" + method

    resp = requests.post(url, json={"EncType": "A", "EncQuery": enc_query})
    if not resp.ok:
        raise Exception(resp.status_code)
    return resp.json()


password_digest = hashlib.sha256("PASSWORD".encode()).hexdigest()
# Or ValidateUserLoginMob
response = request(
    "UserLogin",
    "ValidateUserLogin",
    {"UserId": "USERNAME", "Password": password_digest},
)
print(response)

response will contain some object, you will need LoginToken and AccountNumber to proceed with most of the other calls.

It's a bit awkward that different utilities have different endpoints, which makes creating a universal client challenging, so for now I am researching the ways to get info from the Usage module. The parameters are weird (“type”: “MI”, or “HourlyType”: “H”), but we will get there.

 
Read more...

from Tom Tildavaan

Once upon a time I learned about Opower HomeAssistant integration. But my utility does not use Opower, it was using something called “Smart Energy Water”.

Smart Energy Water, or #SEW is a SaaS provider, and they ship the whole thing – the backend, frontend, and the phone apps, the latter under the name SCM, which means Smart Customer Mobile.

So I embarked on a journey to figure out how these phone apps worked and, if successful, get my data out and into homeassistant.

APK

I pulled an APK of my utility from Google Play Store and found that something secret is hidden in a libnative-lib.so binary, under com.sew.scm.gcm.SecureConstant, under a few methods returning String, and some methods that decrypt these strings using a heavily obfuscated set of routines, which essentially XOR'd (in case of Android APK) the values of gcm_default_sender_id + google_app_id + Android_App_RatingConstant_File, all the values from the strings.xml within the app resources.

One of the decoded tokens contains a key for request encryption. It was ...

PasswordPassword

SCM apps use private APIs. In order to remain private and hard to use the requests are encrypted.

You urlencode the parameters into key=value&key1=value1... form, then encrypt the resulting string using AES-CBC with PKCS5 Padding (16 bytes variant) using PasswordPassword as both the key and IV.

Then you send {"EncType": "A", "EncQuery": "base64-encoded-encrypted-string"}, and receive response from one of the .../API/Module/MethodName endpoints. The response will be JSON with no extra encryption, so it is definitely a deterrent against making requests, not a security feature.

Login

Armed with that knowledge, and some help from exposed API listing on one of the utility websites I found that I need to use ValidateUserLoginMob call expecting userid and password.

However, password had to be base64-encoded result of applying a secret scheme from that SecurityConstant module above. It is always SHA256.

So my first https://utility.example.net/API/UserLogin/ValidateUserLogin was a success, I got LoginToken and AccountNumber, which was all we needed to start poking APIs.

Tada!

If your utility uses SEW SCM, i.e. one of these at https://play.google.com/store/apps/developer?id=Smart+Energy+Water, you should be able to get API listing by visiting the web interface, and appending /API/Help. Or, if your utility runs an older version of SCM, replace /portal/ with /portalservice/UserLogin.svc/help or /portalservice/Usage.svc/help. You may get the .NET API definitions.

 
Read more...

from Grimoire

רָז

(...) 14 1 17 22 7 16 14 26 18 7 2 3 14 6 6 7 21 14 7 2 1 18 26 2 5 1 22 1 20 14 17 14 26 15 18 21 18 25 17 15 18 19 2 5 18 21 22 26 14 10 2 26 14 1 16 25 2 7 21 18 17 22 1 20 14 5 26 18 1 7 6 2 19 7 21 18 6 8 1 14 1 17 14 17 22 14 17 18 26 2 19 18 26 18 5 14 25 17 8 3 2 1 21 18 5 15 5 2 10 14 1 17 8 3 2 1 7 21 18 17 22 14 17 18 26 10 14 6 22 1 6 16 5 22 15 18 17 26 12 6 7 18 5 12 14 1 17 7 21 18 21 18 14 5 7 2 19 26 14 1 7 5 18 26 15 25 18 17 22 1 7 21 18 7 18 26 3 18 6 7 14 1 17 21 18 10 14 6 8 1 14 15 25 18 7 2 8 7 7 18 5 14 10 2 5 17 19 2 5 21 22 6 18 12 18 6 10 18 5 18 15 25 22 1 17 18 17 15 12 7 21 18 15 5 22 25 25 22 14 1 16 18 14 1 17 21 22 6 26 22 1 17 16 2 8 25 17 1 2 7 16 2 26 3 5 18 21 18 1 17 7 21 18 25 18 7 7 18 5 6 8 3 2 1 21 18 5 17 22 14 17 18 26 19 2 5 26 14 1 24 1 18 10 1 2 7 12 18 7 7 21 18 6 22 20 1 6 1 2 5 8 1 17 18 5 6 7 2 2 17 7 21 18 26 18 14 1 22 1 20 2 19 7 21 18 18 1 20 5 14 9 22 1 20 6 7 21 18 1 7 21 18 10 2 26 14 1 17 5 18 10 1 22 20 21 14 1 17 6 3 14 24 18 6 14 12 22 1 20 22 14 26 18 9 18 10 21 2 6 2 18 9 18 5 3 14 6 6 18 7 21 1 2 7 7 21 5 2 8 20 21 26 18 6 21 14 25 25 1 2 7 14 7 7 14 22 1 8 1 7 2 20 2 17 7 21 18 5 18 19 2 5 18 17 22 17 26 12 16 5 18 14 7 2 5 16 14 25 25 26 18 7 21 18 26 2 7 21 18 5 2 19 7 21 18 25 22 9 22 1 20 14 1 17 14 17 14 26 5 18 23 2 22 16 18 17 21 22 6 21 18 14 5 7 10 14 6 10 14 5 26 18 17 14 1 17 14 6 26 22 25 18 17 22 17 6 21 22 1 18 8 3 2 1 21 22 6 16 2 8 1 7 18 1 14 1 16 18 1 2 10 22 7 16 14 26 18 7 2 3 14 6 6 7 21 14 7 2 1 14 16 18 5 7 14 22 1 17 14 12 10 21 18 1 7 21 18 21 18 14 7 10 14 6 20 5 18 14 7 14 1 17 18 9 18 17 22 17 17 5 22 1 24 19 5 2 26 7 21 18 10 18 25 25 6 14 7 14 1 14 22 25 3 14 6 6 18 17 7 21 5 2 8 20 21 18 17 18 1 15 2 10 18 17 2 9 18 5 7 21 18 19 2 8 1 7 14 22 1 18 9 18 17 5 14 1 24 7 21 18 21 18 26 2 19 21 18 5 20 14 5 26 18 1 7 10 14 6 25 22 19 7 18 17 14 1 17 21 18 5 25 18 20 10 14 6 19 8 25 25 12 5 18 9 18 14 25 18 17 6 14 7 14 1 14 22 25 15 18 21 18 25 17 21 18 5 25 18 20 10 21 22 7 18 14 6 7 21 18 26 22 25 24 10 21 22 7 18 16 21 14 25 16 18 17 2 1 12 14 1 17 17 18 6 22 5 18 6 7 22 5 5 18 17 10 22 7 21 22 1 21 22 6 21 18 14 5 7 17 18 6 22 5 18 15 18 20 14 7 3 14 6 6 22 2 1 14 1 17 3 14 6 6 22 2 1 25 2 1 20 22 1 20 14 1 17 19 2 5 7 21 18 19 22 5 6 7 7 22 26 18 6 14 7 14 1 14 22 25 17 22 17 12 18 14 5 1 19 2 5 14 10 2 26 14 1 10 21 18 1 2 1 18 26 2 5 1 22 1 20 18 9 18 6 25 18 3 7 15 18 1 18 14 7 21 7 21 18 6 21 14 17 18 2 19 14 20 5 18 14 7 16 18 17 14 5 6 14 7 14 1 14 22 25 19 22 5 6 7 17 22 6 16 18 5 1 18 17 7 21 14 7 6 21 18 10 14 6 19 14 22 5 19 2 5 21 18 25 2 1 20 18 17 19 2 5 21 18 5 12 18 7 6 21 8 1 1 18 17 7 2 20 14 13 18 8 3 2 1 21 18 5 19 2 5 26 14 1 17 1 2 10 21 18 15 18 21 18 25 17 21 18 5 21 18 5 25 22 3 6 10 18 5 18 14 6 16 5 22 26 6 2 1 14 1 17 21 18 5 15 5 2 10 6 17 22 17 16 14 6 7 14 9 22 2 25 18 7 6 21 14 17 2 10 8 3 2 1 21 18 5 18 12 18 6 6 21 18 22 6 19 14 22 5 4 8 2 7 21 6 14 7 14 1 14 22 25 14 1 17 21 18 17 18 6 22 5 18 17 21 18 5 14 1 17 10 21 18 1 18 9 18 14 10 2 24 18 6 14 7 14 1 14 22 25 3 5 18 6 18 1 7 18 17 8 1 7 2 21 18 5 14 9 18 6 6 18 25 19 22 25 25 18 17 10 22 7 21 23 8 22 16 18 2 19 16 8 26 22 1 14 1 17 6 18 18 17 6 2 19 26 14 1 17 5 14 24 18 6 14 1 17 7 21 18 10 2 26 14 1 25 14 8 20 21 18 17 14 6 22 1 14 17 5 18 14 26 6 21 18 25 14 8 20 21 18 17 14 1 17 16 25 2 6 18 17 21 18 5 18 12 18 6 7 21 18 1 22 1 14 17 14 13 18 6 21 18 17 5 14 1 24 2 19 7 21 18 3 2 7 22 2 1 14 1 17 7 21 18 17 5 22 1 24 10 14 6 10 14 5 26 19 5 14 20 5 14 1 7 14 1 17 22 1 7 2 11 22 16 14 7 22 1 20 14 1 17 14 6 6 21 18 17 5 14 1 24 18 9 18 10 14 6 22 20 1 22 7 18 17 21 18 5 18 12 18 6 15 18 16 14 26 18 26 2 22 6 7 14 1 17 21 18 5 20 14 13 18 20 5 18 10 17 22 26 14 6 7 21 18 25 2 2 24 2 19 14 26 14 17 26 14 1 6 21 18 16 2 8 25 17 1 2 7 5 18 6 7 5 14 22 1 21 18 5 19 25 18 6 21 14 1 17 19 2 5 7 21 18 19 22 5 6 7 7 22 26 18 6 21 18 24 1 18 10 7 21 14 7 6 21 18 10 14 6 14 10 2 26 14 1 14 1 17 6 21 18 7 21 18 1 6 8 5 5 18 1 17 18 5 18 17 21 18 5 6 18 25 19 8 1 7 2 6 14 7 14 1 14 22 25 6 21 18 12 22 18 25 17 18 17 8 1 7 2 21 22 26 15 2 25 17 25 12 14 1 17 10 22 7 21 2 8 7 6 21 14 26 18 25 22 24 18 8 1 7 2 14 10 2 26 14 1 10 21 2 21 14 7 21 24 1 2 10 1 26 14 1 12 26 18 1 14 1 17 10 21 18 1 6 14 7 14 1 14 22 25 17 18 3 14 5 7 18 17 19 5 2 26 21 18 5 6 21 18 6 7 22 25 25 10 5 22 7 21 18 17 22 1 7 21 18 7 21 5 2 18 6 2 19 21 18 5 8 1 4 8 18 1 16 21 18 17 3 14 6 6 22 2 1 14 1 17 6 21 18 16 14 25 25 18 17 8 1 7 2 21 22 26 10 22 7 21 21 18 5 20 14 13 18 14 1 17 6 21 18 5 18 26 18 26 15 18 5 18 17 7 21 18 7 8 26 8 25 7 8 2 8 6 26 14 17 1 18 6 6 2 19 26 14 1 25 12 21 14 1 17 6 15 8 7 14 19 7 18 5 7 21 18 6 22 1 6 14 7 14 1 14 22 25 19 18 25 7 10 18 14 24 14 1 17 16 2 8 25 17 16 5 18 14 7 18 1 14 8 20 21 7 21 22 6 18 12 18 6 10 18 5 18 17 14 5 24 18 1 18 17 14 1 17 18 9 18 15 18 21 18 25 17 7 21 14 7 21 18 6 8 19 19 18 5 18 17 8 3 2 1 21 22 6 19 14 16 18 10 14 6 10 5 22 7 7 18 1 14 1 8 1 24 1 2 10 1 25 2 1 20 22 1 20 14 6 2 5 5 2 10 19 2 5 6 2 26 18 7 21 22 1 20 1 18 10 14 1 17 22 20 1 2 5 14 1 16 18 3 5 18 6 6 18 17 8 3 2 1 21 22 6 6 2 8 25 14 1 17 21 18 25 2 2 24 18 17 1 2 7 8 3 2 1 7 21 18 10 2 26 14 1 10 22 7 21 18 12 18 6 2 19 17 18 6 22 5 18 14 1 17 18 9 18 10 14 6 7 5 2 8 15 25 18 17 19 2 5 6 14 7 14 1 14 22 25 21 14 17 16 14 6 7 21 18 5 14 6 22 17 18 19 2 5 21 18 10 14 6 6 7 5 2 1 20 14 1 17 21 22 6 20 14 13 18 10 14 6 14 6 7 21 18 6 8 1 14 1 17 21 22 6 24 22 6 6 15 8 5 1 18 17 25 22 24 18 14 25 22 9 22 1 20 16 2 14 25 (...)

 
Read more...

from Grimoire

Като вехтошар на спомени, аз искрено вярвам в идеята за енергията, таяща се във всяко нещо – от човека, с който разговаряш – до пръстена на баба ти, който носиш.

Но

Вещите помнят ли завинаги? Има ли давност приетата енергия? Забравят ли те имената на собствениците си, както ние забравяме имената на познати?

Или просто не можеш да усетиш енергията на някои предмети, както някои хора не те допускат до себе си веднага?


“I like this car,” Yuki spoke up after a while. “What is it?” “A Subaru,” I said. “I got it used from a friend. Not many people look twice at it.” “I don’t know much about cars, but I like the way it feels.” “It’s probably because I shower it with warmth and affection.” “So that makes it nice and friendly?” “Harmonics,” I explained. “What?” “The car and I are pals. We help each other out. I enter its space, and I give off good vibes. Which creates a nice atomsphere. The car picks up on that. Which makes me feel good, and it makes the car feel good too.” “A machine can feel good?” “You didn’t know that? Don’t ask me how, though. Machines can get happy, but they can get angry too. I have no logical explanation for it. I just know from experience.” “You mean, machines are like humans?” I shook my head. “No, not like humans. With machines, the feeling is, well, more finite. It doesn’t go any further. With humans, it’s different. The feeling is always changing. Like if you love somebody, the love is always shifting or wavering. It’s always questioning or inflating or disappearing or denying or hurting. And the thing is, you can’t do anything about it, you can’t control it. With my Subaru, it’s not so complicated.”

 
Read more...