Links

Shotcut video editor website

Useful

Shortcut keys for the Shotcut video editor

C = copy

V = paste

A = duplicate

X = ripple delete

Ctrl + X = ripple delete but send to clipboard

S = split

Tip not covered in my

Podcast

Splits are not fixed and can be adjusted. Once you've split up clips

and put them in the right order on the timeline you can still adjust the

cut point even though you previously split the clip because the clip is

referenced to the original file in the playlist.

Introduction

Hello and welcome Hacker Public Radio audience my name is Mr X

welcome to this podcast. As per usual I'd like to start by thanking the

people at HPR for making this podcast possible. HPR is a Community led

podcast provided by the community for the community that means you can

contribute to. The HPR team have gone to great deal of effort to

simplify and streamline the process of providing podcasts. There are

many ways to record an episode these days using phones tablets PCs and

alike. The hardest barrier is sending in your first show. Don't get too

hung up about quality, it's more important just to send something in.

The sound quality of some of my early shows wasn't very good. If I can

do it anyone can and you might just get hooked in the process.

Well it's been almost a year since I've sent in a show. Looking at

the HPR site my last episode was back in November 2021. I suspect like

many others life has become more complicated and I find I have much less

spare time and because I have much less spare time I have much less time

to pursue my hobbies and because of this I have less to speak about and

because of this I have less time to record what I've been doing and it

all turns into to vicious circle. Fortunately I recently had some time

off work and had a lovely holiday. During the holiday I ended up

recording some video which I decided I wanted to edit. I've done some

video editing in the past using various video editing packages. The best

and most recent of which is shotcut.

Specific details and

equipment

Video resolution 1920 x 1080, Codec h264 mpeg-4, Frame rate 30 frames

per second.

Computer Dell Optiplex 780. Fitted with 4 GB of internal RAM and

onboard video graphics card.

Shotcut version 22.06.23 Shotcut is a free open-source cross-platform

video editor licenced under the GNU general public licence version

3.0

This episode will only cover basic shotcut video editing techniques.

Shotcut contains many advanced features and effects that will not be

covered in this episode. A lot of the workflow I’ll share with you today

is intended to get around limitations imposed by my low spec PC

I'll try my best to cover the video editing process in this podcast

using words alone; however I am conscious that an accompanying video

would make it easier to follow along.

Shotcut workflow

Start by creating a folder to hold all the required media files.

Audio tracks and sound effects can be added to this folder later. Make

sure all your video files are using the same frame rate in my case 30

frames per second.

Open each video file in VLC one at a time going through each video

file looking for the best portions of video. Make a note of where the

best portions of the video are by writing down the start and end points

in minutes and seconds.

I do this because the interface of VLC is more responsive than

shortcut and the resolution of displayed video is far greater than the

preview in shortcut. This makes it quicker and easier to find the best

portions of video.

Open shortcut and make sure the new project is set to the same frames

per second as the media files you're working with

I share my story about how I got in to technology.

Quantum computing

Quantum

computing is a type of computation whose operations can harness the

phenomena of quantum mechanics, such as superposition, interference, and

entanglement. Devices that perform quantum computations are known as

quantum computers. Though current quantum computers are too small to

outperform usual (classical) computers for practical applications,

larger realizations are believed to be capable of solving certain

computational problems, such as integer factorization (which underlies

RSA encryption), substantially faster than classical computers.

Today’s quantum

systems only include tens or hundreds of entangled qubits, limiting

them from solving real-world problems. To achieve quantum practicality,

commercial quantum systems need to scale to over a million qubits and

overcome daunting challenges like qubit fragility and software

programmability.

Quantum

computers, if they mature enough, will be able to crack much of

today's encryption. That'll lay bare private communications, company

data and military secrets. Today's quantum computers are too rudimentary

to do so. But data surreptitiously gathered now could still be sensitive

when more powerful quantum computers come online in a few years.

Simple

passwords can be cracked using brute force; this is where an

attacker uses tools that try every possible password until the correct

one is found. This generally done using a dictionary attack, where an

attacker will try known passwords and words until they find the one that

unlocks an account. There are databases available on the internet that

contain personal names as well as dictionary and slang words, in scores

of languages, along with passwords found in data breaches, and

more.

Encryption.

The Advanced

Encryption Standard (AES) specifies a FIPS-approved cryptographic

algorithm that can be used to protect electronic data. The AES algorithm

is a symmetric block cipher that can encrypt (encipher) and decrypt

(decipher) information. Encryption converts data to an unintelligible

form called ciphertext; decrypting the ciphertext converts the data back

into its original form, called plaintext. The AES algorithm is capable

of using cryptographic keys of 128, 192, and 256 bits to encrypt and

decrypt data in blocks of 128 bits.

The National Security Agency (NSA) reviewed all the AES

finalists, including Rijndael, and stated that all of them were secure

enough for U.S. Government non-classified data. In June 2003, the U.S.

Government announced that AES could be used to protect classified

information: For cryptographers, a cryptographic "break" is anything

faster than a brute-force attack – i.e., performing one trial decryption

for each possible key in sequence. A break can thus include results that

are infeasible with current technology. Despite being impractical,

theoretical breaks can sometimes provide insight into vulnerability

patterns. The largest successful publicly known brute-force attack

against a widely implemented block-cipher encryption algorithm was

against a 64-bit RC5 key by distributed.net in 2006.

Password Management.

Bitwarden

KeepassXC

Threat Analysis; your

attack surface.

The Hacker News

New

Chinese Malware Attack Framework Targets Windows, macOS, and Linux

Systems.

A previously undocumented command-and-control (C2) framework dubbed

Alchimist is likely being used in the wild to target Windows, macOS, and

Linux systems.

"Alchimist C2 has a web interface written in Simplified Chinese and

can generate a configured payload, establish remote sessions, deploy

payloads to the remote machines, capture screenshots, perform remote

shellcode execution, and run arbitrary commands," Cisco Talos said in a

report shared with The Hacker News. Written in GoLang, Alchimist is

complemented by a beacon implant called Insekt, which comes with remote

access features that can be instrumented by the C2 server.”

"Since Alchimist is a single-file based ready-to-go C2 framework, it

is difficult to attribute its use to a single actor such as the authors,

APTs, or crimeware syndicates."

The trojan, for its part, is equipped with features typically present

in backdoors of this kind, enabling the malware to get system

information, capture screenshots, run arbitrary commands, and download

remote files, among others.

Alchimist C2 panel further features the ability to generate first

stage payloads, including PowerShell and wget code snippets for Windows

and Linux, potentially allowing an attacker to flesh out their infection

chains to distribute the Insekt RAT binary. The instructions could then

be potentially embedded in a maldoc attached to a phishing email that,

when opened, downloads and launches the backdoor on the compromised

machine. What's more, the Linux version of Insekt is capable of listing

the contents of the ".ssh" directory and even adding new SSH keys to the

"~/.ssh/authorized_keys" file to facilitate remote access over SSH.

The Hacker News

Hackers

Using Vishing to Trick Victims into Installing Android Banking

Malware.

Malicious actors are resorting to voice phishing (vishing) tactics to

dupe victims into installing Android malware on their devices.

The Dutch mobile security company said it identified a network of

phishing websites targeting Italian online-banking users that are

designed to get hold of their contact details.

Telephone-oriented attack delivery (TOAD), as the social engineering

technique is called, involves calling the victims using previously

collected information from the fraudulent websites.

The caller, who purports to be a support agent for the bank,

instructs the individual on the other end of the call to install a

security app and grant it extensive permissions, when, in reality, it's

malicious software intended to gain remote access or conduct financial

fraud.

What's more, the infrastructure utilized by the threat actor has been

found to deliver a second malware named SMS Spy that enables the

adversary to gain access to all incoming SMS messages and intercept

one-time passwords (OTPs) sent by banks.

The new wave of hybrid fraud attacks presents a new dimension for

scammers to mount convincing Android malware campaigns that have

otherwise relied on traditional methods such as Google Play Store

droppers, rogue ads, and smishing.

The Hacker News

64,000

Additional Patients Impacted by Omnicell Data Breach - What is Your Data

Breach Action Plan?

Founded in 1992, Omnicell is a leading provider of medication

management solutions for hospitals, long-term care facilities, and

retail pharmacies. On May 4, 2022, Omnicell's IT systems and third-par

Preamble

This is a case where I came upon a thing in Bash I had never considered before and was pleased and surprised that there was a way of doing what I wanted to do! If this is completely obvious to you, apologies, but it wasn’t to me!

Overview

Many programming languages have the concept of short-circuit evaluation in Boolean expressions. What this means is that in an expression such as:

A AND B

if A is false then the whole expression must be false, and B doesn’t have to be evaluated. That is because both arguments to AND have to be true for the overall result to be true.

If A is true on the other hand, then B has to be evaluated to determine if the overall result is true.

Similarly with:

A OR B

if A is true then the whole expression must be true and B can be skipped without evaluation. This is because only one argument to OR needs to be true to return a true result.

If A is false on the other hand, then B has to be evaluated to determine if the overall result is false.

Both of these expressions are evaluated from left to right. This is not a given in all languages. Some use special operators such as 'and_then' and 'or_else' which explicitly perform short-circuiting and left-to-right evaluation.

Definition

In simple terms, short-circuiting is where the evaluation of an expression is stopped as soon as its outcome is determined.

The Wikipedia article Short-circuit evaluation defines it as:

Short-circuit evaluation, minimal evaluation, or McCarthy evaluation (after John McCarthy) is the semantics of some Boolean operators in some programming languages in which the second argument is executed or evaluated only if the first argument does not suffice to determine the value of the expression: when the first argument of the AND function evaluates to false, the overall value must be false; and when the first argument of the OR function evaluates to true, the overall value must be true.

This article contains a table entitled Boolean operators in various languages which shows details of how various programming and scripting languages cater for this feature.

Use case

I was writing a Bash script in which I wanted to ask questions about various steps - should they be done or not? Alternatively, I wanted to be able to set an option to run without interaction and assume the answer is 'yes' to all questions.

I’d encountered short-circuit evaluation before in Pascal and Perl so I wondered if I could use it in Bash.

The expression I was trying to write was:

if [[ $YES -eq 1 ]] || yes_no 'Create directory? %s ' 'N'; then

# Create directory

fi

Variable YES is being set through an option '-Y'; it’s normally set to zero but is set to 1 if the option is used.

yes_no is a function I wrote, and talked about in HPR episode 2096: “Useful Bash functions - part 2”.

The requirement was that if YES was set to 1 I didn’t want the function

Over 12 years ago, Jon "The Nice Guy"

Spriggs went to a "Pod Crawl" with (among others) Dave "The Love Bug" Lee, where he

pitched the idea of a daily music promotion show, with a twist - it

would all be automated, and use text-to-speech to introduce

everything.

The first show was released

on 2010-10-24 and the last ever show (this one) was released on

2022-10-12.

Over the twelve years, Jon would go on to meet to meet Yannick and Ken Fallon, both

of whom would go on to shape changes (big and small) to CCHits.

This year, the cracks started to re-appear in the architecture

underneath CCHits - between APIs shutting down that were used to load

tracks to CCHits, and the general framework being used to write CCHits

not receiving the care and attention it needed... and the team finally

decided to stop adding new tracks, and let the process build the last

few shows.

This podcast gives you a peek behind the curtain to the team involved

in the system, and gives you some of the high- and low-lights in the 12

years the site ran for.

Car company

A:

https://www.ford.com/

B:

https://www.chevrolet.com/

C:

https://www.dodge.com/

D:

https://www.chrysler.com/#

E:

https://www.buick.com/

F:

https://www.cadillac.com/

G:

https://www.lincoln.com/

H:

https://www.toyota.com/

I:

https://www.nissanusa.com/

J:

https://automobiles.honda.com/

K:

https://www.nytimes.com/2003/08/31/us/cries-of-activism-and-terrorism-in-suv-torching.html

L:

https://www.autoweek.com/news/technology/a36189339/solid-state-batteries/

https://www.washingtonpost.com/technology/2022/05/18/solid-state-batteries-electric-vehicles-race/

Once again we had to change plans due to some health issues that were not serious but had to be dealt with. But we finally got on the road and started traveling.

Links:

https://blog.campersinn.com/blog/ultimate-rv-packing-list-for-a-first-time-camper

https://www.palain.com/travel/changing-plans-2/

I talk about my views on how much of an impact technological jumps

used to make on gaming in previous decades vs this decade.

I struggle with insomnia, instead of dreading it - I rather enjoy it now...here's how!