Zap to Zero Day 16 | Mad World
generated by leonardo.ai
Yesterday, I almost got hit by a tram. Ok, that sounds dramatic. It wasn't really almost but the driver might had to brake to not hit me just because I was too retarded to see that the light was red. But someone shouted "Hello?" in an increasingly alarming tone behind me — someone who wasn't retarded enough to not see that the light is red and that there is literally a tram coming down towards us — so I stopped before I was in front of the tram. During my walk of shame back to the curbstone, I noticed that he seemed very annoyed by what just happened. He probably was thinking the same as me:
How can someone be THIS retarded?
I thanked and told him that I didn't realize that the light that I saw green was the light behind the red light. That seemed to have made sense to him and we both relaxed because the situation was also a bit funny now. I am not sure if I also told him this, but my mind was simply still too occupied with the pedestrian traffic light that I just passed since wires were hanging out.
Mhh, interesting. Who did that? And why? How easy is it to manipulate traffic lights? What chaos would ensue? It's probably not that hard. Just needs some reverse engineering. Is it public information how these traffic lights are built.
Funnily, at the next pedestrian light, I again wanted to cross over red — but on purpose since it's a very short distance to pass and surely not much can go wrong over this distance, right? — but I looked around first and saw blinking police cars at my right side. That's when I remembered that just a few minutes ago before I had my canceled meeting with the tram, I passed some police officers who were talking to someone who wasn't wearing a lot of clothes. I was thinking:
Dudes, it's freezing, give this man some clothes!
Now I was thinking that maybe he was behind or at least involved in some way that the wires were hanging out on that one light that piqued my interest?
When the light for the traffic got green (that's why my light was red), the chain of a cyclist broke. I think he put too much pressure on his pedals and it might also have been related to how cold it was. I think that's when chains break easier? Now he had to do a walk of shame to the curb to fix his bicycle. I smirked.
If you let it, this world can be really fun and interesting sometimes.
Satistics
| Date | Spent | Stacked (Rewards) | Posts | Comments | Rewarded |
|---|---|---|---|---|---|
| 2023-12-28 | 13k | 8808 (n/a) | 2 | 35 | n/a |
| 2023-12-29 | 16.1k | 15.6k (5222) | 3 | 52 | ⚡ |
| 2023-12-30 | 10.8k | 9752 (7026) | 1 | 41 | ✍️ |
| 2023-12-31 | 20.5k | 17.9k (4379) | 5 | 61 | ⚡ |
| 2024-01-01 | 12.5k | 10.7k (7684) | 3 | 47 | ✍️ |
| 2024-01-02 | 16k | 19.5k (9353) | 6 | 36 | ✍️ |
| 2024-01-03 | 15.9k | 15.6k (6729) | 2 | 46 | ⚡ |
| 2024-01-04 | 11.4k | 11.4k ( | 3 | 38 | ✍️ |
| 2024-01-05 | 11.3k | 11.4k ( | 1 | 41 | ? |
| 2024-01-06 | 6691 | 6282 ( | 0 | 38 | ✍️ |
| 2024-01-07 | 8053 | 8503 ( | 3 | 20 | ✍️ |
| 2024-01-08 | 8873 | 9164 (1219) | 2 | 12 | ⚡ |
| 2024-01-09 | 5828 | 6808 (4649) | ✍️ | ||
| 2024-01-10 | 14.1k | 14.4k (4857) | 3 | 22 | ⚡ |
| 2024-01-11 | 11.8k | 10.4k (4109) | 3 | 22 | ✍️ |
| 2024-01-12 | 8743 | 8016 (4778) | 3 | 41 | ✍️ |
| 2024-01-13 | TBD | TBD (3116) | TBD | TBD | ⚡ |
https://m.stacker.news/12054https://m.stacker.news/12051https://m.stacker.news/12055https://m.stacker.news/12057https://m.stacker.news/12060
Mhh, I think I need to accept that the calendar is indeed not reliable. Not only for posts and comments but in general. We did a release yesterday and I got a lot of sats forwarded and stacked some more sats here and there. As you can see in the chart that shows my balance, it exploded but the calendar thinks I only stacked 8016 sats, lol. I mean, not complaining (totally complaining) since that means I basically won yesterday against @grayruby since we didn't clarify which source we're using as the ~oracle to tell if I stacked more than I spent (totally not ignoring that the my win condition was to hit 0, not
spent > stacked).So as @siggy47 already mentioned on Jan 6, we still have a bug in prisms:
I was just listening, and towards the end @k00b started talking about all the sats I have earned. I did a double take. I'm not complaining, but I couldn't believe those totals. I know I don't have those sats, so I was puzzled. I also pride myself on zapping others a lot, and my percentage was low. Then it occurred to me. I was credited with the approximately 3 million sats that were donated to Anita for the Satsraiser.#239180 Apparently those sats are credited to the donor. I don't want to look like some kind of Scrooge or Mr. Potter!
Dang you're right we might still have that bug for prisms.
We also included a new but funny bug in our release yesterday. As @Wumbo noticed pretty quick, you were able to enter your own SN address to trigger an infinite loop of withdrawals:
Time for Inception!
Still wondering when we will get our first real responsible disclosure though. Maybe @Wumbo would have been greatly rewarded if he would have told us about it in a responsible way? :) Just like was mentioned to Dinesh in Silicon Valley in this scene at the end?
How many people do I need to shame about disclosing vulnerabilities on SN before we get the first responsible disclosure which is not just someone feeling FOMO and thus not verifying that it's actually a vulnerability they found? And not just them leaking their own IP address?
That report was funny though. Reporter, if you're still on SN and read this, please don't take it personal. It was just too funny to not mention it here and I think you agreed when I explained to you that it wasn't a vulnerability and we laughed together about it :)
Since it' another good example, I also want to mention the vuln that @kepford found since it was a pretty good (bad for us) privacy leak [0] a while ago but didn't realize what he found until I replied:
So you can use this to see if someone has more than 250k sats.Nice catch! That's a privacy leak. Please consider using responsible disclosure next time you find something like this. Maybe you would have been more greatly rewarded if you didn't disclose it publicly immediately with no chance for us to fix before everyone knows about it? :) /cc @k00b
— me, #355354
I'm a dev and as soon as I saw your comment I felt terrible. I know if I were working on stacker.news I'd feel responsible to fix it asap. I appreciate the gentle scolding and the zap. Was not expecting either.
I can totally understand how you just find something and want to post about it on SN. I do this all the time. But it should depend on what you want to post.
So by mentioning this over and over again, I hope that enough people will see it and the next time they find something, they will remember my words and be like:
Mhh, that's looks weird. Better not post about this immediately on SN; essentially burning a lot of sats since I could get rewarded handsomely if I disclose this in a responsible way.
Recent Superzaps
1. Technological determinism and splitting the atom of cause and effect
This post by @elvismercury (totally not biased which posts I pick) is something I found yesterday but again have no idea how. I think telling how I find interesting things on SN would also be ... interesting.
(A post in the meta-experiment series of the Broken Money book club, part 5)We've talked before (here, here, here) about one of Lyn's most remarkable claims, about the technological determinism of bitcoin. We've spent less time on the determinism of fiat, but this idea is just as important. Lyn proposes that when advances in telecom made it possible to communicate at the speed of light, that this introduced an irresistable force on the monetary system: you couldn't have sound-money final settlement at the speed of light, so money became principally an expression of credit.[...]
There were only 20 comments but basically all of them of them evolved around replies from @Undisciplined and @k00b:
Tom Woods has talked about how one of the major problems fiat created was turning almost everyone into amateur stock traders. On a hard money standard, people can literally just save their money for tomorrow and have confidence its purchasing power will be preserved. Fiat made saving untenable and "saving" became a euphemism for financial speculation.
This post also convinced me that Urban Dictionary should add the following definition to the term "Mind Blown":
The feeling you get when you read something from @elvismercury
2. Legend of the Snail | 37 days until next elimination
Some shameless self-promotion. But in case you didn't see it (and you are one of the ones who didn't pay up yet!), I thought it makes sense to mention it here.
@oracle is running a bet when bitcoin will reach $100k. This is inspired by @orthwyrm's daily comments in the saloon (that used to be called Daily discussion thread as you can see here).
So if you want to participate, it's not too late yet! You just aren't allowed to bet on a number that is within 90 days. See here for more information.
Challenge of the Day
Do something challenging.
Song of the Day
Went to school and I was very nervous No one knew me, no one knew me Hello teacher, tell me, what's my lesson? Look right through me, looked right through meAnd I find it kinda funny, I find it kinda sad The dreams in which I'm dying are the best I've ever had I find it hard to tell you, I find hard to take When people run in circles, it's a very, very Mad world, mad world
thE eNd
[0] It wasn't as impactful since you basically only had 10 chances to find the exact balance but it was still severe enough to trigger an immediate response from me. With every attempt that triggered the shown error message, you basically knew that the user balance was at least above that. Also, there was fortunately no code for exploitation included. While writing my own exploit to evaluate the impact, I found out about the 10 chances (limit for pending invoices).
[1] Apparently, @lynaldencontact even was made aware of the book club at some point. And is it still running? Can't find part 5. But I think @elvismercury mentioned somewhere that he got very busy. So I might indeed still have time to catch up!