Episode 23: Hacker Loadouts

Transcript

Justin Gardner Rhynorater (00:01.66)
Alright, we're rolling. Man, I just feel like somebody stabbed me in the heart with a knife, man.

Joel Margolis Teknogeek (00:03.338)
Yo yo

Joel Margolis Teknogeek (00:09.122)
Yeah, what did you just get do there's something what happened?

Justin Gardner Rhynorater (00:11.912)
I just got a message on one of my reports for the live hacking event that's like, hey, there's like this mitigating factor to your most impactful report. And it just like, and it just hit right before the pod too. So I'm like, oh, so now I'm just, I can't stop thinking about like, how am I gonna bypass that? How am I gonna bypass that? But you know, it happens. It's the life of a bug bounty hunter.

Joel Margolis Teknogeek (00:35.302)
Yeah, yeah, man, that's rough. That sucks. I hate it when that happens. We should maybe have a new policy that you shouldn't check your email but right before the pod. Ha ha.

Justin Gardner Rhynorater (00:42.472)
Ah, yeah, that's a good idea. Yeah, I gotta, I don't know, man, I get the push notifications on my phone, obviously, for my email, and then as soon as I see it's like from Hacker One related stuff, it's like crack. Like, I gotta open that shit right away, you know? And, but sometimes it comes across pretty hard, and, man, my fickle heart.

Joel Margolis Teknogeek (01:04.062)
Yeah, I had one of those yesterday morning too. I was just waking up, I was going through my inbox and I was like, Oh hey, they finally updated the report that I reported before the weekend. I go and I check and they're like, Oh, actually this is informative. I was like, Oh no.

Justin Gardner Rhynorater (01:06.362)
if.

Justin Gardner Rhynorater (01:11.014)
Mm-hmm.

Justin Gardner Rhynorater (01:14.778)
Yeah.

Justin Gardner Rhynorater (01:17.96)
Yeah, ah, hate it. Still happens, still happens, man. Actually, you know, I don't know what's up with this event and I'm glad my sort of QA process caught it, but I've actually had two or three false positives this event that I was getting ready to submit. And I was like, wait, maybe I should just run through this again. And then I run through it again and it's, you know, I got something messed up and it's like, ah, it just takes the wind out of you so bad.

Joel Margolis Teknogeek (01:41.158)
I hate that. Yeah, we had that happen a couple times as well where it's like things were behaving like super weird and we're like Maybe this is like a bug. We should probably report it. Let's just double-check it and like run it through It just doesn't work again and so confusing I'm working with a bunch of different people and just like little different things Yeah, it's just like little bugs like if they have like one thing that they want to like work on We'll like go jam on that and then like I'll go and I'll mess with something by myself And then I'll hop over to somebody else

Justin Gardner Rhynorater (01:46.363)
Yeah.

Justin Gardner Rhynorater (01:52.024)
Yeah. Are you working with someone for this event?

Justin Gardner Rhynorater (01:57.904)
Just collabing around.

Justin Gardner Rhynorater (02:07.596)
Nice, nice. Yeah, I've got, I think we're like five or six days into the event now and I've got like four or five bugs. And I hope this impactful one that I kind of, you know, rabbit hold on, I hope I can figure it out because if I can't, that's gonna be painful for sure. But it's a little bit slower than usual, but the scope for this event is a little bit tricky, so I'm happy with it.

Joel Margolis Teknogeek (02:25.419)
Nice.

Joel Margolis Teknogeek (02:31.706)
Yeah, yeah, it's really interesting. I was just commenting to somebody else that, uh, like these big events are, are fun, but also like not as fun, I think, but just because for one, like there's so much scope that it's almost hard to like figure out what you should be looking at and trying to optimize. And then usually the larger events have more hackers, which is more intimidating. There's more reports like right now. I won't say who, but like one of the, one of the targets, there's two targets. One of the targets has like.

Justin Gardner Rhynorater (02:41.965)
Yeah.

Justin Gardner Rhynorater (02:48.112)
Yeah.

Justin Gardner Rhynorater (02:51.836)
Mm-hmm. Yeah.

Justin Gardner Rhynorater (02:59.301)
Mm-hmm.

Joel Margolis Teknogeek (03:00.862)
150 reports or something already the other one has like 80 and like one person alone has like 70 reports on one of the Target so it's like yeah Yeah, there's like a lot a lot so for me like the imposter syndrome and they're like, oh man I'm just gonna do whatever that's like huge right now, but you got to like figure out ways to navigate through that

Justin Gardner Rhynorater (03:04.509)
Yeah.

Justin Gardner Rhynorater (03:08.844)
Yeah, it's kinda crazy.

Justin Gardner Rhynorater (03:19.189)
Yeah. It's events like these where you got to really stick to the tips that you preach on the pod. Like I come on the pod and I'm like, really, you know, you just got to stay in your lane, pick your target, you know, pwn it, just go for it. Don't worry about it. But then when you get in the situation, applying it is so much different, you know? And so I definitely feel that. But the other thing about these bigger life hacking events is that.

Joel Margolis Teknogeek (03:24.11)
Hehehe

Joel Margolis Teknogeek (03:34.346)
Yeah.

Justin Gardner Rhynorater (03:40.848)
There's so much scope. In the beginning, you can't really do due diligence on everything to see like, all right, this is where I should go hack because it takes too much time. So for this event, there's probably.

Justin Gardner Rhynorater (03:55.9)
There's probably 15 applications that I could spend the whole event on and in scope for this, for this event. Right. And so really you just got to pick your one and you got to stick to it and you got to do it, right. But it's also kind of a crap shoot then because you, you could just pick the wrong app, you know, the app that's just not as vulnerable.

Justin Gardner Rhynorater (04:15.444)
and you do your best to do your due diligence at the beginning, but that's just how the cards lie sometimes. I'm having fun with my app, and as long as I make my little nut that I need for the month or whatever, then I think it'll be good.

Joel Margolis Teknogeek (04:28.97)
Yeah, yeah, that's awesome. Yeah, I had a very similar experience where like, before the event started, before the kickoff calls, I was like, okay, I'm gonna focus on this thing. Like specifically, I'm just gonna spend all the time like hacking this one thing, and I'm gonna find some sick bugs, gonna take me some time. Then like two days in, I was already hacking the other target. I was like, I was like, I was like, you man, like, I need to like go hack this other stuff. Like, ugh, I'm not finding what I want here. I need to like switch it up. Like, yeah.

Justin Gardner Rhynorater (04:38.599)
Mm-hmm. Yeah.

Justin Gardner Rhynorater (04:46.488)
You got derailed, didn't you? Damn it, Joel!

Justin Gardner Rhynorater (04:54.48)
Yeah.

Justin Gardner Rhynorater (04:55.716)
This is one of the reasons I think I enjoyed our last little collab that we did together over the previous lifehack event. Because I think one of my things is I will actually stick to the target that I commit to. And I won't get derailed, won't go look at anything else, I'll just stick to it. And I think you have the capability to jump around from different target to target and still find bugs. But I think if I can just direct you, and just like, no Joel, we're going to focus on this. This is the thing. Let's do it right now.

Justin Gardner Rhynorater (05:26.13)
and so yeah

Joel Margolis Teknogeek (05:26.954)
It's true. I've been told this in other aspects of my life as well. That it's like I'm like a car that's like speeding forwards, but I have like really bad turning. And so like if somebody could just like steer it in the right direction, it's just like full speed ahead. But.

Justin Gardner Rhynorater (05:35.562)
Yeah.

Justin Gardner Rhynorater (05:39.628)
Yeah, keeping the analogy though, you are moving quicker than most people are though. So I think it works for you. You still get where you're going, even if you're not taking the most efficient path.

Joel Margolis Teknogeek (05:51.069)
Yeah, yeah, we'll get there in the end, you know? Cool. Alright, let's dive into some news, yeah?

Justin Gardner Rhynorater (05:53.612)
Yeah, for sure.

Justin Gardner Rhynorater (05:56.94)
Yeah, yeah, what's on the first up on the docket?

Joel Margolis Teknogeek (05:59.882)
Okay, so I was scrolling through Twitter this morning. I literally like, I woke up, I wake up like crazy early, it's like five o'clock in the morning. I'm like, open Twitter, and like, I have this notification, it says like, new tweet from InfoSecAU. I'm like, oh, here we go. And like for the record, I love shrubs. I don't have tweet notifications turned on, which means that this is like a popular enough tweet that I got sent to me.

Justin Gardner Rhynorater (06:03.484)
Mm-hmm. Yep.

Justin Gardner Rhynorater (06:12.32)
Oh man, here we go.

Joel Margolis Teknogeek (06:21.502)
Okay. Like by Twitter and I opened it up and it's like, Oh yeah, I was working on this like crazy research with, with ZLZ and Brett's I and resell more. And yeah, here's a blog post and I like open it up and it's like hacking like root TLD servers that I'm like, Oh, okay, cool. So they hacked the internet. Got it. They did it again. Um,

Justin Gardner Rhynorater (06:21.632)
Yeah, yeah, yeah.

Justin Gardner Rhynorater (06:31.372)
Yeah... Oh man... Dun dun da da!

Justin Gardner Rhynorater (06:40.728)
Yeah, dude, it's so funny you say that because that's literally the exact same thing that happened to me. Like, I mean, it's minus the whole waking up at, you know, crack of dawn thing. You know, I woke up at 6 30 rolled over, hit snooze, woke up at 7 30. Then I.

Joel Margolis Teknogeek (06:50.71)
Uh, uh, uh.

Justin Gardner Rhynorater (06:58.736)
And then I picked up my phone and Twitter had bumped, you know to my notification list this amazing Amazing thing and I opened it right away and just read through, you know I was I was like, oh man like good morning to me and then I see this tweet and then you know before I know it I'm halfway through my eyes are wide open. I'm like, you know your heart heartbeats racing, you know following this story that they got in here So it's pretty sick. Not gonna lie

Joel Margolis Teknogeek (07:17.144)
Hehehe

Joel Margolis Teknogeek (07:23.614)
Yeah, I love these little, these posts, because every once in a while, like, there's a, there's this group of people, especially Sam, um, ZlZ and Zayat, like, those two are...

Justin Gardner Rhynorater (07:29.068)
Yeah. They're the common denominator across all the different groups, I think.

Joel Margolis Teknogeek (07:34.718)
Yeah. And generally it'll be like, there'll be like a couple of months, like things will be just like going by, like nothing's happening and then out of nowhere, like there'll be like, uh, a five page blog post that's like detailing how they hacked some core infrastructure within like the global internet or something. It'll be like, we hacked undersea cables. We had TLDs. We hacked all the car like start like engine remote start, stop. Shit. Like it's like, it's crazy.

Justin Gardner Rhynorater (07:51.289)
Yeah.

Justin Gardner Rhynorater (07:59.54)
Yeah, dude. Yeah, it's crazy. I mean, we talked about that sort of tendency on episode 17. You know, the live episode that we did in LA, and it just some particularly Sam has an uncanny ability to just find critical internet infrastructure and like destroy it. So it's kind of nuts.

Joel Margolis Teknogeek (08:17.482)
Yeah, like these, I like to think that I have these same kinds of thought processes, but then they end kind of where I'm like, huh, that's interesting, I wonder how that works, and then I just move on.

Justin Gardner Rhynorater (08:25.268)
Yeah, yeah, or they don't have a bug bounty program. Move along. You know, like, I feel like I'm too, I feel like I'm too focused on that. Like, I feel like, I don't know. And it's also a little bit of a ballsy thing. You know, like, I haven't done a lot of just, let's call it good faith security research, right? I think that's the term that they use in the, you know, computer fraud or whatever act.

Joel Margolis Teknogeek (08:29.501)
Yeah.

Joel Margolis Teknogeek (08:45.394)
Yes, yes, that is the modified term, yes.

Justin Gardner Rhynorater (08:48.456)
Exactly, yeah. And so like, I haven't done a lot of good faith security research, um, and you know, just for fear of, you know, crossing boundaries, causing people a nightmare, that sort of thing. But, um, you know, every time they drop a blog post about the stuff they've done, you know, I think man.

Justin Gardner Rhynorater (09:06.392)
like if somebody else had done this, this would have been a nightmare for the whole internet. And at this point, Sam and Squad have saved the internet like six times, so I have to respect that, whether or not I agree with going out of scope or not.

Joel Margolis Teknogeek (09:23.422)
Yeah, yeah, no, it's true. I think like now we're starting to get into an era where that type of work is a lot more like, okay, and allowed and stuff. But, you know, five, 10 years ago, this wouldn't have been like, if you did this, there was actual serious risk that something really bad could happen. Like you just get charged by like, you know, and like sent to jail. Yeah. I'll tell you, you know, like, you know, you're hacking like such core infrastructure that this stuff can be taken the wrong way, but I think.

Justin Gardner Rhynorater (09:30.712)
Yeah.

Justin Gardner Rhynorater (09:37.732)
Yeah.

Justin Gardner Rhynorater (09:40.46)
Allah doggy G. Yeah.

Joel Margolis Teknogeek (09:49.142)
We're finally starting to get to a point, and especially with the laws and everything that have changed, that security research, especially ethical, like white hat security research is a lot more accepted and mainstream. And so, coming from that approach, I think Sam, especially with all the experience Sam has, Sam has done this so many times with so many other companies. And I don't mean that in a negative way, that's just his jam, and that's cool.

Justin Gardner Rhynorater (09:59.096)
Yeah, love to see it.

Justin Gardner Rhynorater (10:06.149)
Mm-hmm.

Justin Gardner Rhynorater (10:13.697)
Sim just hacks whatever man.

Joel Margolis Teknogeek (10:15.742)
Yeah, he sees something interesting. He's like, I'm going to hack that. And that's like it, you know, once he's going to hack it, he's going to hack it. And so I think he has figured out the right ways to communicate that with companies in a way that such that he doesn't come across as like threatening or like anything like legal. I don't think he's even said privately only a handful of times, like literally like a couple of times has it ever even edged towards like the case where like things would be going negatively in the communications and it never actually ended up that way. It was just kind of like.

Justin Gardner Rhynorater (10:29.145)
Yeah.

Justin Gardner Rhynorater (10:40.012)
Right.

Joel Margolis Teknogeek (10:45.807)
This is sketchy communications. Let's just like, you know, move on and get sober with.

Justin Gardner Rhynorater (10:51.128)
Yeah, yeah, for sure, man. No, I respect that. And I will confess, I recently succumbed to the temptation and hacked a cool target that I wanted to hack. And I have not gotten any response back despite following Sam's template. And I didn't put any, but you know.

Justin Gardner Rhynorater (11:08.324)
the way that, cause I hit Sam up, I was like, all right, Sam, like I did the thing. How do I, how do I tell people about it? Right. And Sam's like, all right, you should do this, this. And so I followed his instructions and, uh, I really like the way that he approaches it because it's very non-threatening. It's very, um, it's very.

Justin Gardner Rhynorater (11:25.508)
professional and, you know, cards on the table forward, you know, and, uh, and so I really, I really liked that. Um, we should definitely, we should have them on the pod and to talk about that specific thing. I'll note that down for a future topic because that, that is a pretty cool, unique feature of Sam, Sam at all. Uh, uh, you know, going after these sort of out of scope things and, and the way that they deal with it, I think is something that the community could benefit from.

Joel Margolis Teknogeek (11:50.21)
Yeah, for sure. This was actually reminding me, now that we're thinking about it, that we're talking about like contacting website owners and stuff, there is a really interesting repo that popped up on my Twitter feed and we'll link this in the show now, it says by John Keegan and it's called Behind This Website. And it's essentially a checklist. It's on GitHub. And it's a checklist of things that you can go through to try and identify who actually owns a website. So it's stuff like, are there authors listed?

Justin Gardner Rhynorater (11:56.418)
Mm-hmm.

Justin Gardner Rhynorater (12:02.49)
Mm-hmm. Mm.

Justin Gardner Rhynorater (12:06.771)
Mmm.

Joel Margolis Teknogeek (12:18.934)
What is the local time of the website? Does it have an RSS feed? Do they have links to like Facebook and Twitter? If so, do they have contact info on the Facebook page? Here's where you can find it, all that kind of stuff. And I think for like security research, especially if you're hacking like a website that doesn't have a bug bounty program, may not have like a security contact or something like that, this is probably a good way to try and get some of those other direct lines of contact. Cause I know this is something that Sam struggles with. Like it's very hit or miss.

Justin Gardner Rhynorater (12:19.9)
That's cool.

Justin Gardner Rhynorater (12:37.774)
Yeah.

Justin Gardner Rhynorater (12:44.71)
Mm-hmm.

Joel Margolis Teknogeek (12:46.29)
some of the websites that he'll be hacking, like he'll try and reach out to somebody and it's impossible to get through. You have to like go to LinkedIn, you have to go to Twitter, he'll have to hit up like random employees who are working at the company on like random social media. So this, this might be something that's useful if you're not getting a lot of traction with your, with your initial email.

Justin Gardner Rhynorater (12:49.561)
Yeah.

Justin Gardner Rhynorater (12:53.788)
It's all over the place.

Justin Gardner Rhynorater (13:03.628)
Yeah, send it over. I definitely want to check it out. And I think like I've kind of poked around on, on like LinkedIn and some other places trying to find, you know, the right person to come in contact with. And I think, I think the other thing is that I don't know what Sam's LinkedIn presence is, but I feel like if you had a bigger LinkedIn presence, you know, I feel like that might help because you could just kind of like, you know, reach out to your network and we're all like, you know.

Justin Gardner Rhynorater (13:28.544)
seven degrees away from like some obscure person on the other side of the world. So I'm sure somehow you could, you could get in contact with the right people if you had a big enough presence and sort of a professional network.

Joel Margolis Teknogeek (13:40.042)
Yeah, for sure. I was actually I was wondering this the website, you know, we got a little derailed here, but the website that posted this blog post hack compute.com. First of all, never heard of them. And I was looking into it. And I have a feeling we might be hearing more from this group in the future because they have nothing posted on this blog except for a forward from January six months ago. That's like talking about how

Justin Gardner Rhynorater (13:45.913)
Mm.

Justin Gardner Rhynorater (13:50.133)
Yeah, I saw that. Yeah.

Justin Gardner Rhynorater (14:00.474)
Yeah.

Joel Margolis Teknogeek (14:07.318)
The industry has changed and all this stuff. And, you know, we like, you know, now we just hack stuff for like good and, uh, yeah, how this group will like focus on really high impact stuff. And then six months later, they post this, this blog about hacking the TLD, CCTLD, you know, root servers.

Justin Gardner Rhynorater (14:23.744)
Yeah, I kind of feel like this group of people, you know, Sam, Brett, Reese, and Shubs, they're just like, hey, let's make this cool hacker group and then like, pwn the internet. And they're like, cool, what's the most crazy thing we could go for? Okay, well, what if we could control every single domain in the whole internet? You know, like, and then they just, you know, it takes them what, T minus five months? Not even, probably, because they're probably having this conversation way before that. So, it's crazy.

Joel Margolis Teknogeek (14:35.51)
Yeah.

Joel Margolis Teknogeek (14:42.948)
Yeah, yeah, exactly.

Joel Margolis Teknogeek (14:51.55)
Yeah, yeah, 100%. Super, super cool. Yeah, but

Justin Gardner Rhynorater (14:54.72)
Oh my gosh dude, look at this. If you look at the, I just saw this, if you look at the telegram communication they were having with this guy about halfway through the hacking EPP server's blog post, it says January 14th is when they're having that conversation, so. When did they post this? They posted January 15th? Oh did they really? Okay, gotcha, gotcha. So they, yeah, maybe it was the other way around. Maybe they were just like, oh, what if we hacked the whole internet?

Joel Margolis Teknogeek (15:07.566)
Oh, I see. January 18th. Well, they know, but they created their initial forward on January 18th.

Joel Margolis Teknogeek (15:24.474)
Yeah. As a cool security group, yeah. So I'm hoping to see some more stuff from this group. These are some real heavy hitters. And I'll be curious if it's just going to be like that core group of people or if they're going to branch out and just do like just blog posts with anybody who's doing this kind of hacking or what it is. But yeah, but yeah, definitely give that blog post to read. It's super consumable. It's very straightforward and it's an awesome example of just the

Justin Gardner Rhynorater (15:24.942)
as a cool security group. You know? I like it.

Justin Gardner Rhynorater (15:33.402)
Yeah.

Justin Gardner Rhynorater (15:40.698)
Yeah.

Justin Gardner Rhynorater (15:43.62)
would be interesting to see for sure.

Joel Margolis Teknogeek (15:52.962)
old, outdated, vulnerable infrastructure that's all over the place on the internet.

Justin Gardner Rhynorater (15:57.496)
Yeah, for sure. So speaking of consumable blog posts, another banger that Shubz tweeted out is this one that just popped up this morning actually. So I'm really glad we recorded the pod today because Shubz tweeted, Shubz et al. tweeted the crazy EPP server thing last night. And then this morning he tweeted this and I'm just like, man, these are like right top of the list. So this next one we wanted to talk about was a write up by a group apparently called summoning.team.

Joel Margolis Teknogeek (16:20.588)
Yeah.

Justin Gardner Rhynorater (16:26.996)
I guess that's the name of the company. And this is on a couple of CVEs that were released earlier this year for VMware vRealize Network Insight. And this was a really cool vulnerability. And I just love stuff surrounding NGINX configurations after my life and death experience with the NGINX configuration files with Sam Erb last year that we presented on at Defcom.

Justin Gardner Rhynorater (16:56.6)
So I love reading Nginx related stuff. And as Shub said in his tweet, this is like a crazy, cool little twist on Nginx reverse proxies. So essentially the TLDR of this, I don't know, did you get to review it or not? Oh, nice, okay, cool. Yeah, so the TLDR of this was, it's a pretty straightforward command injection. And you actually see this, the...

Joel Margolis Teknogeek (17:14.219)
Yeah, I reviewed some of it.

Justin Gardner Rhynorater (17:25.064)
procedure that they used to get it was create support bundle. And this is something that I've actually seen a lot in enterprise software, is like there's normally some sort of weird endpoint somewhere that allows you to create a bundle for support so that you know they can send off all the logs and stuff like that to you know the team to provide support for the product.

Justin Gardner Rhynorater (17:45.68)
And of course, you know, the way that these sort of like dev-oriented, back-end functionalities get implemented is of course just calling stuff straight from the command line. So you get a pretty textbook command injection there, but I think the cool part was the Nginx bug. And it took me a second to sort of realize what was going on here, but the reverse proxy that they have in place is supposed to be filtering out a specific route.

Justin Gardner Rhynorater (18:15.32)
which is this SAS rest to SAS servlet location. And for the first time I looked at it, I don't know if you had the same thing, Joel, but I was like, man, I feel like this should be really obvious to bypass, but it's not, you know? Because they're just like reverse proxying to the same location on the backend. But what ended up doing it was, you know, this sort of, it's not really an off by slash sort of thing. It's pretty close to that, but just abusing the sort of dot.

Justin Gardner Rhynorater (18:44.996)
um, dot functionality in directories and the way that engine X takes care of that to be able to hit the same endpoint on the backend that you would have only been able to hit via the first little location snippet there. Um, and, and so it's kind of hard to explain over, over audio, but it's, it's a really cool bypass. So we'll link it down in the show notes and definitely check it out if you enjoy engine X configuration stuff.

Joel Margolis Teknogeek (19:08.098)
Yeah, so basically like when you have like nginx configs, you have these location, like routes that basically say like anything under this path or maybe matching this regex should be handled like by this route, like by these rules. And if apparently this is something new to me, I didn't know this, but yeah, if you put like a dot slash before your path, that's equivalent in routing, it's equivalent to like going to that path, but it gets handled differently by the nginx config.

Justin Gardner Rhynorater (19:15.612)
Mm-hmm.

Joel Margolis Teknogeek (19:38.198)
That lets you bypass like the nginx config rule, but still hit that path and be able to hit the path that you weren't supposed to access with no auth. So crazy.

Justin Gardner Rhynorater (19:44.876)
Yeah, yeah, it is pretty cool. I really like it a lot. So definitely some.

Joel Margolis Teknogeek (19:49.154)
Yeah. And it looks like the person behind this blog, by the way, I was looking a little bit in the about section on the summoning team and it says that, I don't know if it's a team of people, if it's just this one person, but it says their name is Sina and they're a vuln researcher and they link out to their Twitter, SinSynology. They are a Pwn2Own participant. They work on Microsoft MVR. So yeah, it seems like somebody who knows their stuff and is definitely not their first time around this type of stuff. So this is pretty dope.

Justin Gardner Rhynorater (19:55.077)
Yeah.

Justin Gardner Rhynorater (20:18.872)
Nice dude, that's pretty rad. I just followed them on Twitter. Definitely gonna try to keep up with that. I definitely want to, I definitely want to at some point participate in Pwn2Own. Like I think that's just gonna be on the bucket, the bucket list item for a while. You know, HackerOne keeps us pretty busy with the live hacking events that we run here. But at some point I may have to be like, you know what? I'm just gonna take the next couple months and focus on Pwn2Own related stuff because that'd be a cool bucket list item I think.

Joel Margolis Teknogeek (20:30.254)
same.

Joel Margolis Teknogeek (20:47.69)
Yeah, yeah, 100 percent. I have the same the same goal. Cool.

Justin Gardner Rhynorater (20:51.378)
Yeah.

Justin Gardner Rhynorater (20:51.884)
All right. Um, so that's, let's see. Uh, oh yeah. The only other thing I wanted to bring up in the news section for today was, um, literally right before this, this call again. So once again, the news killing it. I'm glad we decided to record when we did. Um, Roy from zoom, the guy that runs the zoom bug bounty program, tweeted out a zoom's new sort of vulnerability impact scoring system. Um, and Joel and I were privy to this because we, uh, they're actually

Justin Gardner Rhynorater (21:22.092)
We'd heard about it before through some channels, but you know, they just released it and essentially it's a new it's a replacement for CVSS and I don't know man. What do you think about it? It's kind of.

Joel Margolis Teknogeek (21:39.254)
This is trying this is like, you know, they're like, do you know what a backer name is a backer name, okay a backer name is like when you when you yeah, it's like when you take like You have an acronym that you want and you come up with words that fit that acronym that describe it

Justin Gardner Rhynorater (21:45.869)
A what?

Justin Gardner Rhynorater (21:48.505)
A BACRONYM?

Joel Margolis Teknogeek (21:58.066)
Right? So it's like, you'll see this a lot with like congressional bills and stuff where they'll have like a fancy like short name for it. That's like pronounceable, like a real word or something. And then each letter stands for some like ridiculously long. Yeah.

Justin Gardner Rhynorater (21:59.279)
Okay. Oh yeah, for sure.

Justin Gardner Rhynorater (22:06.553)
Yeah.

Justin Gardner Rhynorater (22:11.524)
but it doesn't like perfectly correlate to the concept. Like you're like definitely started with the, with the acronym and then worked back. I like that, backronym. That's good.

Joel Margolis Teknogeek (22:14.71)
Oh, yeah, it's like, yeah. Yeah, exactly. Yeah. So it's called a backer. This feels like a backer name for like trying to figure out how you're supposed to codify bounty payments, you know what I mean? Like it's not just looking at it and be like, this is this impact and we should be paying this much because it's that bad. According to a table, you're like, all right, we have to like break this down into like, like completely consistent across the board.

Justin Gardner Rhynorater (22:27.977)
Mm-mm.

Joel Margolis Teknogeek (22:42.442)
segments that we can then like plug into a uniform system and get like reliable output results back and like that's awesome But that is like I feel like it's trying to over complicate us like a solution for a problem that doesn't really exist

Justin Gardner Rhynorater (22:57.42)
Yeah, yeah, man. I mean, I don't know. I feel like there is a problem. Like I feel like CVSS is definitely not amazing. But it's something that we've become used to. And I think VSS or VSS, which is the thing that they named it.

Justin Gardner Rhynorater (23:14.348)
I don't know, just for me as a book bounty hunter, it increases my risk and my friction for using, you know, for reporting bugs to Zoom. Because it's like, okay, now I've gotta go read this whole spec that you invented. So you know, so you've definitely got the upper hand here, right? And you know, I don't know anything about any of the metrics, you know, like I don't, you know. No, it's not, it's a long spec. Yeah, and so.

Joel Margolis Teknogeek (23:28.023)
Yes.

Joel Margolis Teknogeek (23:35.914)
It's not like a small spec either, by the way. It's like, yeah, it's a long spec. It's very complex. It's probably as dense or more dense than CDSS itself.

Justin Gardner Rhynorater (23:45.9)
Yeah. And so, you know, on one hand, I like to see a good stab taken at, you know, CVSS and the current vulnerability, you know, metric system. But on the other hand, I feel like this misses the mark on the, on the side of simplicity, you know, maybe this covers, you know, everything that they wanted it to cover, but for me as a bug bounty hunter, um, my risk just doubled or tripled, you know, to, to report a bug here. So I think overall it will negatively impact their.

Justin Gardner Rhynorater (24:15.984)
their Bug Bounty program, just from a participation perspective. And then, yeah, I don't know. I guess we'll see how it plays out. If more people adopt it, that could not be the case, but we'll kind of see.

Joel Margolis Teknogeek (24:23.938)
Yeah.

Joel Margolis Teknogeek (24:29.15)
Yeah, I mean, I've seen a couple other programs try and do similar stuff to this. Even when I worked at Uber, Uber tried to do a similar thing to this. And we found that it was just like really, really complicated to try and do it for all bugs. There were certain things where we could like certainly codify the bounties. Like generally speaking, XSS was something that you could like.

Justin Gardner Rhynorater (24:52.054)
Mm-hmm, sure.

Joel Margolis Teknogeek (24:52.074)
you know, depending on what type of XSS. And then maybe there was a modifying factor if it's like particularly sensitive or the report shows additional impact or something like that. But, you know, generally speaking, like we would be able to pay an XSS the same, like across the board, but that's not the case for every kind of bug. And trying to do that for, for like everything uniformly, every single type of bug within one system is very, very difficult. Um, so I'll be interested to see how this actually pans out. I think.

Justin Gardner Rhynorater (25:01.218)
Mm-hmm.

Justin Gardner Rhynorater (25:15.192)
Yeah, totally agree.

Justin Gardner Rhynorater (25:18.949)
Same.

Joel Margolis Teknogeek (25:19.43)
using this as like part of their calculation would be a great idea, but using it for the whole calculation just leaves a lot of room for like, oh, the calculator says this, even though we don't agree with it, we're going to pay it because the calculator says that and that's consistent, right? And I don't think that is going to land great.

Justin Gardner Rhynorater (25:37.868)
Yeah, I agree, man. And who knows, you know, I think hackers are gonna hack.

Justin Gardner Rhynorater (25:45.248)
you know, someone will probably read through this whole spec and figure out, okay, how can I, you know, EECA, hire a crit out of something that I find on a pretty regular basis, you know, with the configuration tenants, with the different metrics in this guy. So, you know, um, maybe it'll work out in the favor of the hacker. I just, I just feel pretty, uh, being on the hacking side, I feel, I feel apprehensive. So.

Joel Margolis Teknogeek (26:05.516)
Yeah.

Joel Margolis Teknogeek (26:09.802)
Yeah, you just have to figure out how to game the calculator so that you get the highest score possible with the least effort and then just be like, the calculator says it.

Justin Gardner Rhynorater (26:17.304)
Yeah, that's what the guys, you know, that's when, you know, whenever programs stick very, you know, intensely to CVSS, I know a couple people that will just not, on a specific, very high paying program that just will hold onto their bugs and figure out like some weird, fringe way to affect like integrity, even if it's a confidentiality bug. And then like, you just get that extra bump, which is like,

Justin Gardner Rhynorater (26:45.944)
you know, at that point it's like 10 grand and you're like, cha-ching, so yeah, it was pretty good.

Joel Margolis Teknogeek (26:49.61)
Yeah, yeah, exactly. Cool. Um, I see you have a note in here that says, do you ask yourself why on black box testing? And I was curious what that meant.

Justin Gardner Rhynorater (26:56.94)
Yeah. All right, let me explain this. And there's a tweet going out about this later today. It'll land before the pod drops, but on this live hacking event scope that we're working on, I've run into a bug or two that really, I decided, I feel like I move too quickly sometimes on these sort of things. I like, oh, cool, a bug. And then I like report it and then, you know.

Justin Gardner Rhynorater (27:24.584)
And not that I necessarily move on, but that I'll just keep searching. But I think I need to pause for a second. I really need to put some CPU cycles into, by that I mean brain energy, into why did that work? What does this bug tell me about the mistakes that companies will be making in their infrastructure and in their coding practices? And...

Justin Gardner Rhynorater (27:51.192)
what can I determine about that might help me find similar bugs? And I just, I don't, you know, I've heard people sort of talk about this before, but I'm not sure I've ever sat down and actually put like five minutes of thought into, all right, well, you know, if this, you know, happens here, then maybe, you know, this is what's happening on the backend, and just kind of worked through that whole thought progression. And because I did that this time, I found some interesting stuff. So I just wanted to see what your thoughts were on this.

Joel Margolis Teknogeek (28:16.438)
Yeah, no, that's really interesting. Um, I think that's a great approach because oftentimes when something goes wrong, it's a systemic problem. It doesn't mean that it's like implemented like in one place and it's affecting multiple things. That could be what it is, but oftentimes it's that like a developer has seen a pattern somewhere else and they're just copying that pattern or maybe, uh, the, you know, they just literally made like a single one-off mistake and that happens to where it's only in one spot and it may not be a common issue, but trying to understand what.

Justin Gardner Rhynorater (28:23.59)
Mm.

Joel Margolis Teknogeek (28:46.39)
you know, what led them to make that, you know, logical leap or whatever, to actually write that error into the code, like trying to figure that out and then play on that like later down the line, even if it's not within the same field. So say it's you find an IDOR through some specific case, you can test that IDOR with the same ID, the same type of ID in other places, but I would also test that same IDOR like method or whatever with other IDs in other places, because it could be that it's not.

Justin Gardner Rhynorater (29:13.083)
Mm.

Joel Margolis Teknogeek (29:16.214)
like specific to a user ID, for example, it could be that it's also working on group IDs or whatever type of IDs exist, right?

Justin Gardner Rhynorater (29:23.532)
Yeah, absolutely. No, I love that tip. And I think this is where being in your shoes as a, as someone who reads, you know, large corporation backend code on a regular basis, I think that really helps for mapping out like what, what could possibly be happening and why a specific vulnerability would be in place. Cause like for me, I did like, you know,

Justin Gardner Rhynorater (29:46.216)
a year of PHP dev when I was 18 years old at a startup incubator. That's the extent of my knowledge of backend writing code processes. I don't have much to lean on there, but I feel like if you have a little bit more of an understanding of how things might be implemented, especially when companies release these docs that talk about their backend architecture. By the way, I did check.

Justin Gardner Rhynorater (30:15.14)
we can release who's in this live hack event. This is Zoom and Salesforce, yeah. And, you know, I'll just call them, I'll just give them a shout out right away. Salesforce, you know, they dropped some really, really nice public documentation. They put it all in a doc for us during this event, and it made it so much easier to understand what's happening, you know, in the backend. And I kind of read through a bunch of that, and...

Joel Margolis Teknogeek (30:18.094)
Cool. Awesome.

Justin Gardner Rhynorater (30:40.204)
I think when I found bugs and I started correlating it to the way that their infrastructure is designed, things started to become a little bit more clear. And that's the kind of stuff you like to have when you're trying to find all these bugs.

Joel Margolis Teknogeek (30:53.066)
Yeah, for sure. I mean, some of these companies have way better documentation than others. Um, you know, Salesforce, uh, I mean, let's say specifically what the like things within it are. Okay. So you, uh, you can imagine what I'm talking about here, but one of them has pretty good documentation, but then a lot of the endpoints that I'll be looking at that seem fairly basic. I'll look it up and I'll expect to find docs and there's nothing for it. Yeah. So, so it really varies, but

Justin Gardner Rhynorater (31:03.06)
Yeah, I wouldn't. I wouldn't. Yeah. I know what you're talking about though. Yeah.

Justin Gardner Rhynorater (31:14.937)
Yeah.

Justin Gardner Rhynorater (31:17.484)
Yeah.

Joel Margolis Teknogeek (31:21.006)
I, that's also like one of the awesome things is if a company has extensive documentation, read through it and try and find things that are inconsistent or sound like weird functionality, because it might be something that's vulnerable by design that you can exploit to your advantage, or it might just be something that doesn't line up with how it's actually behaving in the real world. And then that's a perfect use case where you can say, Hey, the docs say it should be behaving this way. It's actually not. Bounty.

Justin Gardner Rhynorater (31:43.948)
Yeah, the vulnerable, the vulnerable by design thing sort of just, I don't know, man, I I've gotten burned on that a couple of times because there are some really poor architecting decisions happening at like a very large level with some of these big companies that we're hacking on all the time, right? And, and I, as I try to point some of these out, they're like, yeah, that's what we told the dev team when they wrote the project, so internal dupe.

Joel Margolis Teknogeek (32:09.278)
Yeah.

Justin Gardner Rhynorater (32:10.98)
but I'm like, okay, but you still let them make the product. You know, like, I don't know, maybe security just doesn't have enough sway in these larger corporations, but you know, you hate to see stuff like that because it, I mean, it puts users at so much risk and it also pisses off both bounty hunters.

Joel Margolis Teknogeek (32:28.166)
Yeah, yeah, it's like a weird state because some of some of it is accepted risk. It's like, you know, they know that this is an issue, but it's not like an issue that they consider to be an issue. So it's like, you know, if it becomes public, then that doesn't really matter to them. And maybe they'll change it then. But, you know, a lot of the time, there's just not enough effort to.

Justin Gardner Rhynorater (32:44.92)
Yeah, an accepted risk is one thing, but like, and if they say that, then that's fine, and I'm gonna blog about it, you know, because at least some of the stuff that I'm thinking of right now, you know, you can see me, Joel, I'm getting, I'm, deep, deep breathings, you know, like, yeah, and so, oh man, my heart's gonna explode, Joel, damn. But yeah, you know, if they, I think the users need to be,

Joel Margolis Teknogeek (32:59.407)
Justin's holding himself back, he's like, his blood pressure is 180 over 30.

Joel Margolis Teknogeek (33:07.86)
Yeah.

Justin Gardner Rhynorater (33:14.78)
The company can accept the risk, but users need to be able to make an informed decision about if they accept that risk when utilizing a certain service provider. I think that's where a little bit of a disconnect comes because I can write my blog all I want. As a medium-sized player in the security world, maybe 50,000 people or 100,000 people will read it or something like that on a good day. That information is not trickling all the way down to...

Justin Gardner Rhynorater (33:43.888)
the users that are making the decision to use that service provider on a daily, weekly basis. There's a little bit of a disconnect there. This is the ramblings of a frustrated security researcher, but there's not a really great solution out there in our current state, and that is what it is.

Joel Margolis Teknogeek (34:03.498)
Yeah. Cool. All right. You want to hit the main topic for this episode?

Justin Gardner Rhynorater (34:08.928)
Yeah, man, I think that was the longest news segment we've ever done. And it was news plus bug bounty revelations or whatever. But yeah, we'll keep it a little tight today because we're both in the live hacking event and just kind of chilling on pod stuff and focusing on hacking stuff. But the thing that we wanted to talk about today was doing some, I don't know, just dropping some cool...

Joel Margolis Teknogeek (34:16.149)
Yes.

Justin Gardner Rhynorater (34:38.16)
physical setup stuff that we've got. I've got a pretty cool hacking setup from my perspective, but I realized recently, you know, the perspective you're getting in the background might need some work. Because if you look at like Stalk and Jhaddix and some of the other guys, like, you know, when you hop on a video call with them, it's like, boom, you know, like in their, like in their hacker den with the lights coming on, you know, and like cool things spinning in the background. And so I think I need to kind of level up on that front.

Joel Margolis Teknogeek (34:57.536)
Yeah.

Joel Margolis Teknogeek (35:07.082)
I know me too. I like I see some of those like nom as well. He has like, you know, all these people have like really amazing, like backgrounds that are like set up and like designed to get like little like trinkets and stuff that like fill the space. And I just got like 15 posters behind me.

Justin Gardner Rhynorater (35:10.932)
Oh yeah, no homesick as well for sure.

Justin Gardner Rhynorater (35:26.94)
Same bro, same. Yeah, I ought to hit Stoke up, because I want to say I saw something somewhere about someone flying Stoke out somewhere to help them design their sort of like hacker setup, you know? And unfortunately Stoke doesn't make it over to the East coast very often, but maybe I'll do like a virtual consulting session with him and be like, Stoke, how do I make this cool? You know?

Joel Margolis Teknogeek (35:41.622)
Oh, that's awesome.

Joel Margolis Teknogeek (35:50.602)
Yeah. Yeah, for sure. Yeah. So to that end, you know, basically, as people who spend all day at a computer and at a desk, like generally speaking, we think it's very worthwhile to put your money where your butt is. Right. And so that that's like your keyboard, your mouse, your monitors, your desk, your chair, your environment that you're working in, like all that stuff. Like, you know, if it's where you're spending.

Justin Gardner Rhynorater (35:59.873)
Mm-hmm.

Joel Margolis Teknogeek (36:18.674)
eight plus hours a day, a third of your life, then you should probably make an investment, right? It's just like a bed, right? Buy a good mattress, buy good, you know, if you're walking a lot, buy good shoes. If you're sitting a lot, buy a good chair. Right? If you're using your computer a lot, buy a good computer.

Justin Gardner Rhynorater (36:34.028)
Yeah, no, for sure, man. I totally agree. And I had a little anecdote that I wanted to share on this behalf. When I was in college, I was pretty busy. I interned at a big company, Dominion Energy in Richmond. And so I was biking back and forth from Dominion to my school on a regular basis. So I was staying pretty active. And I graduated and I got my first hacking job. And I feel like...

Justin Gardner Rhynorater (37:02.764)
you know, a year and a half, two years, just kind of blew by. And then I remember sitting at my apartment, you know, and realizing like, man, I'm not very active right now. Like, why do I have, what is this fat that's on the lower side of my bed? You know, like, what is going on here? And I was like, you know what, you know, it's fine. I'm probably not too far along. Let me just go like hit the treadmill for a little bit. And so I hit the treadmill and I ran like, you know, 0.25 miles and I was like, you know, I was dying. And so it's like,

Joel Margolis Teknogeek (37:17.358)
Hehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehehe

Joel Margolis Teknogeek (37:30.953)
gasping for air.

Justin Gardner Rhynorater (37:32.608)
Yeah, and I just also, you know, I realized my posture had sort of changed from staying at the desk just for just from like a year and a half. And I think I was just kind of blinded by, you know, the new career, the new setup, you know, sort of grinding on book bounty and hacking stuff at the time. And I totally put out the window, you know, the personal fitness and the posture and that sort of thing.

Justin Gardner Rhynorater (37:54.248)
investments that needed to be made to save me some time and energy. And since then, I've remediated a lot of those issues and we can talk about some of the stuff that I've done to do that today. But I just wanted to say this for anyone listening that kind of finds themselves in that similar scenario. The longer you wait on this, the harder it gets.

Justin Gardner Rhynorater (38:14.24)
I don't care if you've been doing this for 10 years. If you do it for 15 years, if you do it for 11 years, if you do it for 10 years and six months, it's gonna be harder than it was at 10 years. So you need to make those lifestyle changes ASAP, and it doesn't have to be drastic, but it should be intentional, I think, because it's all too easy to kinda let it go and then have it become unmanageable.

Joel Margolis Teknogeek (38:17.11)
this.

Joel Margolis Teknogeek (38:23.435)
Yeah, for sure.

Joel Margolis Teknogeek (38:35.638)
Yeah, for sure. Um, have you always been like a computer person, like sitting and like using computers growing up? Okay. Yeah.

Justin Gardner Rhynorater (38:40.436)
Oh hell yeah dude, yeah. I mean I started really getting into computers when I was like 10, you know?

Joel Margolis Teknogeek (38:45.086)
Yeah, same. Okay. So I don't know if it's similar for you, but like I'm in my mid 20s. I have lower back pain already, like just from sitting all day. Like, you know, if I sit too much or if I'm hunched over at my desk for like, even for like one day, if I have like a long day where I'm particularly like heads down and I'm like bent over like my back, I'll feel it for sure. And I have to do like certain stretches and stuff to like stretch out my lower back.

Justin Gardner Rhynorater (38:54.137)
Yeah.

Justin Gardner Rhynorater (38:59.355)
Mm-hmm.

Justin Gardner Rhynorater (39:02.361)
Yeah.

Justin Gardner Rhynorater (39:06.278)
Wow.

Justin Gardner Rhynorater (39:09.376)
Yeah, I don't know man. I haven't had lower back quite as much. Um

Justin Gardner Rhynorater (39:14.148)
But I do notice that my posture suffers for sure. I definitely have computer neck sometimes, and I've got my neck forwarded, that sort of thing. And I've always been, I think I sort of shouted Corbin out on the pod when he came on, but if you look at any of the HackerOne media, Corbin's a good looking guy for sure. So that helps as well. But I think he shows up in a lot of HackerOne photos because he's just got such a.

Joel Margolis Teknogeek (39:18.462)
Oh yeah. Yes.

Justin Gardner Rhynorater (39:40.716)
Like he's got good posture, he's got a good build, you know, like in any of the, yeah, it's, yeah, he doesn't have the gamer neck, you know, and it's because he's putting in the reps at the gym, man. I've talked to him about that. I was like, you know, what kind of exercises are you doing and stuff like that? And he, he attributes a lot of that to deadlift and, and stuff like that. So I don't know, you know, I do deadlift. Do you, do you deadlift?

Joel Margolis Teknogeek (39:41.766)
Yeah. Yeah, he's got good. He doesn't have the gamer neck.

Joel Margolis Teknogeek (39:52.747)
Yeah.

Joel Margolis Teknogeek (40:04.23)
I used to a little bit. Honestly, my main concern is injuring myself. Um, like I think if I was going to do, I was going to talk about this. So yeah, like doing workouts and stuff that are specific to your work environment is something that's super helpful, right? Like again, you sit all day. Do like ab core, like lower back workouts and stuff like that. That's going to build those muscles because inherently by sitting and not using them, those muscles aren't getting worked and they're not going to be as strong as the rest of your muscles. Right? We're going to have like, you know,

Justin Gardner Rhynorater (40:05.487)
Yeah.

Justin Gardner Rhynorater (40:07.874)
Yeah.

Justin Gardner Rhynorater (40:16.848)
Mm-hmm.

Justin Gardner Rhynorater (40:22.926)
Yeah.

Joel Margolis Teknogeek (40:33.39)
pretty like good muscles and like our arms and whatever from like typing and like using, you know, our eyes, we're not going to get eye strain to the same effect and all that kind of stuff. But like, you know, the other areas are where it's going to suffer. So I think targeting those areas and it doesn't have to be dead lift. So you can do like, there's other squads and you can do like, uh, like presses and whatever, like, you know, there's, there's lots of stuff that you can do to build those, those muscles.

Justin Gardner Rhynorater (40:38.288)
Sure, whatever, yeah.

Justin Gardner Rhynorater (40:42.227)
Yeah.

Justin Gardner Rhynorater (40:56.876)
So you've got a standing desk, Rachel.

Joel Margolis Teknogeek (41:00.362)
I do, yeah, I should actually fucking use it.

Justin Gardner Rhynorater (41:02.368)
I was gonna say, I feel like every time I record the pod, whenever I'm recording the pod, there's just a certain amount of energy that I wanna put into it. And I just feel like that matches standing way better than sitting. So like 90% of the time when we're recording the pod, I'm standing at my desk. And I do, I stand at my desk maybe like...

Justin Gardner Rhynorater (41:20.412)
Maybe like once or twice a day, you know, normally when I'm just doing hacking and just working on normal stuff. Um, dude, that, that actually looks, that looks better with your background too. You know, if you get that lamp out of there though, and you just kind of get it locked in, you've actually got a pretty good setup, I think that works well. How, how tall are the ceilings in your, in your room? This standard height, just normal eight feet.

Joel Margolis Teknogeek (41:31.486)
Yeah, yeah, cut some of it out. Yeah. Yeah, it's not bad. Maybe I should be standing more.

Joel Margolis Teknogeek (41:42.438)
There eight feet I think yeah

Justin Gardner Rhynorater (41:46.048)
Nice. Now that looks good. Sorry. Sorry, a few people actually listening to the podcast via audio. Yeah. Doesn't hit the top. Um, yeah. So, I mean, what, uh, I've, for me, I use, um, uplift desks and I think they're great, man, it's worth it. You're uplift as well. Yeah. I think, uh, I think it's really nice. And I did want to do a shout out to Mariah here. Um, you know, I, uh, I have an L uplift desk, so I bought, you know, I've had it.

Joel Margolis Teknogeek (41:47.306)
Yeah. No, I'm not. I'm not tall enough. Yeah. Yeah, exactly.

Joel Margolis Teknogeek (42:00.919)
Same.

Justin Gardner Rhynorater (42:15.556)
You know, I bought one of their, their fully designed products and had it sent to me, but Mariah actually just bought the, she has an uplift desk as well. And she just bought the legs and she went to Home Depot and got a butcher block top and oiled it up and like, you know, got it looking pretty. And then I just, you know, we just screwed it on top of the, yeah. And it looks super good. Um, way better than mine that I just bought directly from uplift. So.

Joel Margolis Teknogeek (42:34.926)
Do you just screw it in?

Joel Margolis Teknogeek (42:38.987)
Yeah.

Justin Gardner Rhynorater (42:42.512)
That's a really good opportunity as well, and I think it only costs her like 150 bucks total so

Joel Margolis Teknogeek (42:46.57)
Yeah, yeah. So it really depends on the size that you're going for. Um, the legs, like just buying the legs, like independently like that. It's like a great solution, especially maybe you already have a desk or a desktop that you like, and you can take it off. Um, for me, I wanted a huge desk. Like I like having a lot of space on my desk. I keep a lot of stuff on my desk. I have like speakers and monitors and my PC is on my desk and all that kind of stuff. So, um, I like having like as much space as I could. When I was looking at standing desk, uplift desk had the largest.

Justin Gardner Rhynorater (43:03.589)
Mm.

Justin Gardner Rhynorater (43:07.398)
Mm-hmm.

Joel Margolis Teknogeek (43:15.766)
a standing desk that I could find. And I think it's like 84 inches or something long. It's like, it's, it's huge. Yeah. So it's great. Like I have much more space than I would ever need. Um, and the top, you know, if you buy the top directly from them, like finding a piece of, you know, hardwood material or something like that, that that's that large to get shipped to you is about the same price and hard to find. So, um, I ended up just getting the top with them, but I think.

Justin Gardner Rhynorater (43:21.284)
Wow, dude. Sada. Dang.

Justin Gardner Rhynorater (43:39.012)
Yeah. And did you get an L or did you get a?

Joel Margolis Teknogeek (43:43.366)
No, no, I have a fully straight one. I have a friend who has like the L shape with like, it's a long portion and they have a shorter like L portion. And I had really thought about that, but it's, it really depends on the room. Like that, that's what I found. I moved with this desk one or two times and depending on what your office layout is, is going to depend on whether or not that desk is really going to work in the room. So I didn't want to have to keep like buying, rebuying desks and all that kind of stuff. So I.

Justin Gardner Rhynorater (43:47.29)
I've got the L.

Justin Gardner Rhynorater (43:50.084)
Mm-hmm.

Justin Gardner Rhynorater (44:06.245)
Mm-hmm. Yeah.

Joel Margolis Teknogeek (44:12.502)
just stuck with like a straight long desk. But I will probably eventually replace this and I'm not sure if I'll do the same.

Justin Gardner Rhynorater (44:13.156)
went with strain. Yeah, my.

Justin Gardner Rhynorater (44:20.452)
I've got like the five by four, I think, is what it, and I'm not gonna lie, it's a little tight, I think. I think it could be, and it fits my room perfectly, so I'm glad I bought it.

Justin Gardner Rhynorater (44:33.968)
And I'm not planning on moving much. I think maybe I'll move, you know, one or two times in my, in the rest of my life, probably. Um, and so I didn't, you know, I decided to buy the desk for this space. Um, but yeah, I think, I think next time I would go with a six. No, this is actually a six. This is a six by, this is a six by four. Um, I think, I think next time I would go a little bit bigger though, because it does help to have that additional room over to the side and especially when you've got an L shape, you're

Justin Gardner Rhynorater (45:02.972)
and I've got my monitor set up, which I'll talk about in a second, which I absolutely love by the way. You know, it takes up a good chunk of the desk and I need some more, some workspace as well. Like for example, when we were doing the hardware hacking stuff, I had to set up this little table, you know, behind me here to get the hardware hacking stuff at a good spot because if I was trying to do it on this table, everything just got too crowded.

Joel Margolis Teknogeek (45:18.219)
Yeah.

Joel Margolis Teknogeek (45:23.966)
Yeah, well, that's actually a tip that I didn't write it down, but I think that's a good one. I have... Let me see if I can hold this up.

Justin Gardner Rhynorater (45:32.524)
Yeah, yeah. Oh, nice.

Joel Margolis Teknogeek (45:34.414)
So I have this portable table. It's got a little knob up here. So you can basically, you can raise and lower it as you want and it's on wheels. It's on these casters. And essentially I keep it underneath my desk all the time. And then if I ever need extra space, I just wheel it out. I raise it up to the height I want, lock it. Portable table, good to go. You can lock the wheels if you want. And I have one or two of those. I keep one of them in my office. I keep another one somewhere else in the house.

Justin Gardner Rhynorater (45:40.981)
Oh nice dude.

Justin Gardner Rhynorater (45:44.236)
Oh, sick.

Justin Gardner Rhynorater (45:49.851)
Mm-hmm.

Joel Margolis Teknogeek (46:04.266)
When I'm doing like the hardware hacking stuff, for example, even I don't have enough room on my desk for, you know, all that hardware, like all the, all the tools and stuff.

Justin Gardner Rhynorater (46:10.671)
Mm-hmm. Ha! Mr. 7-foot desk over here doesn't have enough room on his desk. Yeah.

Joel Margolis Teknogeek (46:15.43)
That's great. So even with my seven foot, I don't have enough. I don't have enough room for it. So I like having those extra portable, like flexible spaces. And I actually have another one right back here. I don't know if that's in frame, but yeah, that also is like sort of like a portable tabletop that I can pull out. I use it for like eating. I'll use it for various things, but having that available is awesome. This one's not on wheels, but the other one does. Yeah, it has locking wheels.

Justin Gardner Rhynorater (46:23.256)
Yeah. Yeah, I can see it. Yeah.

Justin Gardner Rhynorater (46:34.908)
Do the wheels lock on it?

Justin Gardner Rhynorater (46:40.452)
Yeah, that's cool. I hadn't really thought about getting a little side table like that. That's, that's, you know, flexible for the space. That's, that's not a bad idea. I like that.

Joel Margolis Teknogeek (46:47.754)
Yeah. And it's sort of like flexible, like, you know, tabletop space is really useful so that you don't have to like reorganize your desk if you want to do something big.

Justin Gardner Rhynorater (46:54.968)
Yeah, for sure. Okay, so dude, I just, yeah, let's talk monitors because I just, you know, we said earlier.

Joel Margolis Teknogeek (46:56.886)
Cool. Monitors.

Joel Margolis Teknogeek (47:03.914)
I feel like most people don't realize that like you're in front of a fucking space station.

Justin Gardner Rhynorater (47:09.252)
Dude, I am man, and it's so freaking great. It's like, this is literally a childhood dream fulfilled. Okay, so let me lay this out for you, okay? So like I mentioned, I have been into computers since I was like, you know, 10, 12, that sort of range, right? And I have pretty, you know, I don't have a great memory of my like childhood. It's just all kind of like, oh yeah, that was pretty good, you know? So, especially timelines, you know, it wasn't great. So it's like somewhere back in most of the time that I can remember, I was in love with computers, but.

Joel Margolis Teknogeek (47:30.529)
Yeah.

Justin Gardner Rhynorater (47:38.796)
I do remember the point when I became in love with computers, and I've talked about this on the pod before, but it was just one time this guy from my church came over and he typed into a black command line box and fixed the internet so I could play my games. And I was like, dude, that was really cool. I got to learn how to do that. So anyway, I'd see him every Sunday because we were going to church every Sunday. And so I'd start asking him, hey, how can I learn about this? Blah, blah, blah. And being the awesome guy that he is, he brought me to his work, which was a university.

Justin Gardner Rhynorater (48:08.38)
uh, the university that I ended up going to, by the way. Um, and, uh, and he was like, check out like the setup, right? So I walk into his office and you know, he's like a sys admin or something like that. I think he's higher up now, but, and the guy has six monitors and it's like, you know, three on the top, three on the bottom, just like massive array. There's like graphs going off on all of them. He's like monitoring this and that and the other thing. And I was like, dude, this is sick.

Joel Margolis Teknogeek (48:12.535)
Nice.

Joel Margolis Teknogeek (48:38.614)
That's awesome.

Justin Gardner Rhynorater (48:38.616)
And from that moment on, I was like, I know someday I'm gonna have that, I gotta set it up. And then finally, when we moved back from Japan, I'm like, all right, I might actually stay in this house for more than a year, which we hadn't done since I was like 17 at that point. And so I invested and I bought a, and right as I was getting ready to build this setup, dude, I went to, do you guys have like the ReStore near you? Do you know what that is? The ReStore, it's the name of a store.

Joel Margolis Teknogeek (49:02.722)
restore. Oh, like, like the furniture store? Yeah, yeah, yeah. Yep.

Justin Gardner Rhynorater (49:07.076)
The Habitat for Humanity thing at the ReStore. Yeah, yeah. So dude, most people, I think they listen to the pod, know I do real estate stuff on the side. So I was going to the ReStore to get some stuff for my real estate projects, and I walk in there, and I see like 12 27 inch 4K HP monitors sitting there, and I'm like, what the heck? And I walk over there, and they're 40 bucks each.

Joel Margolis Teknogeek (49:28.878)
Okay.

Joel Margolis Teknogeek (49:33.506)
Dude.

Justin Gardner Rhynorater (49:34.128)
Dude, these are $400 monitors. They're selling for $40. So I said, I run over to the desk, I'm like, I'm buying all of those, and I just slam my wallet down on the counter, and I'm like, I'm buying all of those. And he's like, okay, all right, you know, we'll get someone to help you move them to your car. And I was, dude, just take it, shut up and take my money, man. Because he was like, oh, I was so happy. And so, you know, I walk out of there, so some of them weren't 4K or whatever, so I was like, I don't know.

Joel Margolis Teknogeek (49:51.286)
Just as the real version of the fry, shut up and take my money.

Justin Gardner Rhynorater (50:04.688)
We'll leave those. But I think I ended up getting seven or eight 27 inch 4K monitors, man. And I was thrilled. So what I'm looking at right now is I've got an uplift sort of monitor mount set up. I've got four 27 inch monitors, 4K monitors in a square. And I realized after I got this, I was like, man, I don't have a computer that can.

Joel Margolis Teknogeek (50:05.944)
Yeah, yeah.

Joel Margolis Teknogeek (50:15.246)
crazy.

Justin Gardner Rhynorater (50:31.088)
picking the handle for, so I ended up having to buy this crazy computer that we'll talk about later. But I finally got it set up and it's like, I have full vision of all of them and man does it help with testing because you can just segment your different accounts to a different monitor and it's like, man, it's so much easier to keep your session straight. So yeah, I think it's really, really great for a bug bounty hunter.

Joel Margolis Teknogeek (50:32.238)
Ha!

Joel Margolis Teknogeek (50:52.504)
Nice.

Joel Margolis Teknogeek (50:55.742)
That's awesome. Yeah, I am nothing close to that. I have I have I'm nothing like no not like I'm like if I I'm a yes I'm like an elementary school child compared to just instead of I have two 1440p monitors. They're both this they're both 27 inches What yeah, yeah ones of 75 Hertz the other one is 244 Hertz

Justin Gardner Rhynorater (50:59.588)
He says, I am nothing.

Justin Gardner Rhynorater (51:05.32)
In my presence.

Justin Gardner Rhynorater (51:09.109)
Oh my gosh.

Justin Gardner Rhynorater (51:15.128)
Nice. It's a good number, man. 27. Feels good.

Joel Margolis Teknogeek (51:22.99)
The main, like my main one in front of me is the 244 hertz. So it's like a really nice, like you can do like gaming and it's like super high refresh rate. So it looks great. It's IPS. So it has really accurate colors, all that kind of stuff. So that's like my main, like straight, straight on monitor. And then to my side, I have just for like, that's the 75 hertz for everything else. Then I also, it's not really a monitor, but it's like my laptop. I have, it's like a monitor arm, kind of like what I use for my microphone here. It's like a pneumatic arm.

Justin Gardner Rhynorater (51:29.135)
Yeah.

Justin Gardner Rhynorater (51:33.626)
Nice.

Justin Gardner Rhynorater (51:50.462)
Mm-mm.

Joel Margolis Teknogeek (51:51.894)
But on the end of it, it has a flat laptop plate that I can just put my laptop on and it just holds my laptop in the air and it's mounted to my desk. So if I move my desk up, laptop comes with me. If I move my desk down, laptop comes with me. All the cables and everything are like tethered to this. I can just like pull it closer to me if I want. I can move it further away, just on an arm. It just floats there. Yep.

Justin Gardner Rhynorater (51:57.356)
Oh, that's cool.

Justin Gardner Rhynorater (52:10.592)
And you use a Mac, right? So, I mean, when you, do you have, how do you mount that into your setup? Do you have like a mounting station or is there like just single cord or what?

Joel Margolis Teknogeek (52:21.834)
Yeah, so depending on what I'm doing, I'll use like a hub. For the most part, I don't have to plug like so much stuff in. My router is like right here. So I get like crazy fast speeds over Wi-Fi as it is. So I really don't need to be plugged in over ethernet. But if I do, I have a switch right behind my PC, which is right next to it and I can just plug it in. I have like a ethernet cable that's just not plugged in. It's just right here and I can just plug it in if I need to.

Justin Gardner Rhynorater (52:28.578)
Mm-hmm.

Justin Gardner Rhynorater (52:34.764)
Sure. Use ethernet, yeah.

Justin Gardner Rhynorater (52:48.901)
Nice.

Joel Margolis Teknogeek (52:49.93)
Behind my monitor, I have like a clamshell dock, because I have two laptops, actually. I have a work laptop, my personal laptop. So it has two slots, and then that will plug into my main monitor. So it's a little bit of a complex setup.

Justin Gardner Rhynorater (53:02.26)
What is a clamshell dock? What is that? Oh, he's gonna try to go get it, man. Here we go. Oh. No way, dude.

Joel Margolis Teknogeek (53:08.334)
I'm gonna get it. It's this. It's this, I actually 3D printed this. I designed it 3D printed this. Yeah, yeah, yeah. So this, it's just, it holds two laptops like this. You just slot them in, you know? And then they just like sit on their edge and when they're plugged in, they'll still work and stuff but you don't have to have them open. So I have it set up so that if I want to use a laptop on my monitor setup, I'll put it in clamshell. I'll just like put it in my stand. I'll plug in an HDMI cable. I have a button on my stream deck.

Justin Gardner Rhynorater (53:18.837)
Oh nice.

Joel Margolis Teknogeek (53:38.55)
which I use to set my PC to only display on the secondary monitor. Okay. This is like, it's a little hacky. Okay. But basically like windows, you can have it mirror or extend or display only on one or only on the other. Right. So I tell it, okay, only display on one monitor. My, the main monitor in front of me then goes, oh, there's no input on DVI. I'm going to fall back to whatever has an input, which is the laptop that's plugged in on HDMI. And then I have, I have this, yes. And then I have this piece of software.

Justin Gardner Rhynorater (53:50.073)
Right, right.

Justin Gardner Rhynorater (54:03.89)
Oh man, that is hacky.

Joel Margolis Teknogeek (54:07.638)
It's amazing. It's by a company called Simless and it's called Synergy. It's been around for a while. It's basically a software KVM and it allows me to configure all of my computers with like a client server thing. The server runs on my PC and then I have a client on my laptops and I can seamlessly move my mouse and keyboard across screens to different computers. It'll share my clipboard. It's instant.

Justin Gardner Rhynorater (54:14.042)
Mmm, I've heard of this.

Justin Gardner Rhynorater (54:32.708)
Does it work that well though?

Joel Margolis Teknogeek (54:35.658)
Like there's no latency, no nothing. I've used this for like years and it's, yeah. Yeah, it's amazing. Yeah. Yeah, I use it on the daily basis. Like I have, I don't even notice it. Like every once in a while, if there's like network stuff going on internally, then I'll have like maybe like a jump or something on the mouse, but like, it's generally latency-less. So I can use the same mouse and keyboard across everything.

Justin Gardner Rhynorater (54:39.372)
No way. Dude, that's pretty freaking cool.

Justin Gardner Rhynorater (54:54.32)
Sure. Wow, so hold on, let me just confirm this here. So you've got two laptops, your work laptop and your personal laptop. And then you've got a desktop computer. And then, and that runs Windows, okay. And so you run Synergy on the desktop computer, you have Synergy running on your client, running on your laptops, and that allows you to, you know, sort of pull the display onto your desktop, and then you can just kind of seamlessly jump between all of these.

Joel Margolis Teknogeek (55:04.458)
Yep. Yep, and that runs Windows.

Joel Margolis Teknogeek (55:23.862)
Yeah, so basically I can use the same keyboard and mouse from my PC. I can even do like rebindings and stuff. So for example, like Mac uses command, right? So I have synergy set up to automatically rebind my like command key and my option keys such that I don't have to change like my hand position on my keyboard when I cross OS. So if I do like control C or whatever, it's in the same spot as it would be on a Mac. And I just, my brain just does the back and forth.

Justin Gardner Rhynorater (55:25.048)
Wow, that's pretty freaking sick.

Justin Gardner Rhynorater (55:40.974)
Mmm.

Joel Margolis Teknogeek (55:51.018)
So yeah, that's what I use. I just use one keyboard and mouse from my PC across to my other devices. And then I use my same two monitors. If I ever wanna show a laptop, I'll just plug it into the main monitor, cut my PC over to a single screen, and then I can still use my PC on the secondary monitor and I can just move my mouse back and forth, even across to my laptop that's on the stand here.

Justin Gardner Rhynorater (56:12.944)
Dang dude, that's pretty sick. I've always wanted sort of like that synergy sort of set up to work across multiple different computers and having one mouse, but I haven't really ever gotten anything to work that well. So I'll have to check out Synergy. I think...

Joel Margolis Teknogeek (56:28.426)
Yeah, Synergy is pretty solid. I've been using it for a number of years now. I've tried a couple other different pieces of software. I think there's an open source version of it somewhere as well. That's like not terrible. But yeah, this one has been pretty much the best one that I've found and the most consistent in terms of like performance and usability and all that kind of stuff.

Justin Gardner Rhynorater (56:49.924)
So I have in the notes as well, you have a capture card, don't you, that you use for some sort of, what do you do with that?

Joel Margolis Teknogeek (56:55.338)
Yeah, yeah. Yeah. So one, I bought a capture card for like playing games or something. Honestly, the biggest advantage that I found with it is that a capture card is essentially a software display, right? So if you download the capture software, and you have a capture card plugged in, it has an HDMI input that you can use. And normally it would you can like record off of it or display it in your stream or whatever you're going to do with it. But

Justin Gardner Rhynorater (57:01.317)
Mm-hmm.

Justin Gardner Rhynorater (57:07.597)
Yeah.

Justin Gardner Rhynorater (57:17.372)
share.

Joel Margolis Teknogeek (57:19.21)
You can also just open the software and you can display whatever's going on the input. So I'll take a Raspberry Pi. If I need to see something on the display, I'll plug it in. Or if I need to debug something with a, with a temporary display, I'll just plug it into my, my capture card. And then I'll just pull the software up and I don't have to have like an extra monitor or something that, that I have lying around that I use just for those things.

Justin Gardner Rhynorater (57:40.632)
Yeah, that's that right there. That's my extra monitor that I used to plug in my Raspberry Pi. That's pretty sick, dude. Actually, especially for that specific.

Joel Margolis Teknogeek (57:45.064)
Yeah

Justin Gardner Rhynorater (57:50.156)
you know, circumstance that you talked about where you're trying to have the Raspberry Pi displayed, that's something that I've been like, ah man, I'd like, especially with the monitor mounts that I've got, I'm putting my hand right in front of my webcam here, especially with the monitor mounts that I've got up, like it's such a pain in the ass to like get behind it and plug in stuff. And so, you know, I just am using this other, one of my other $40, you know, 4K monitors that I've got, but I think a capture card would be a really nice addition. And I actually think...

Justin Gardner Rhynorater (58:16.54)
Because Mariah was doing streaming for a while, and I think we've got one somewhere. So I ought to go see if I can track that down and try to use it to do stuff like that, because that'd be really handy to have it all in one spot.

Joel Margolis Teknogeek (58:28.854)
Yeah, for sure. Keyboard and mouse. I use a custom keyboard. It's called a V.

Justin Gardner Rhynorater (58:33.644)
I was gonna, uh, Joel, I could feel it. I knew you were a keyboard junkie. Like, come on, man.

Joel Margolis Teknogeek (58:37.798)
Yes, I'm a keyboard junkie. Hold on, I'll give you a little sound test here.

Justin Gardner Rhynorater (58:41.536)
Oh my gosh. Ah, dude, it's like ASMR right there. Like that, ah. That's nice.

Joel Margolis Teknogeek (58:48.298)
Yeah, pretty good. So yeah, it's called a Vega. They're like impossible to get, but I have a friend who had one and I got it for like crazy cheap. So anybody who knows keyboards will probably be like losing their mind. But yes, I have a Vega. It's all white. And for my mouse, I use the G Pro Super Light. It's like super, super crazy lightweight. The main reason I really like that is because it has this. Yes, the main thing I like is that it has this little puck here.

Justin Gardner Rhynorater (59:11.204)
Really? You like that?

Justin Gardner Rhynorater (59:14.489)
I don't know.

Joel Margolis Teknogeek (59:16.294)
And this puck is called Lightspeed. And essentially Logitech has this software, and I bought into this a little while ago. They have a mouse pad that has like a coil inside of it. And that coil communicates with this little puck here to charge your mouse wirelessly through the mouse pad. So I never, ever plug my mouse in. It's fully wireless. And it has sub one millisecond response time because it was made for gaming. It uses like a 2.4 gigahertz receiver. And

Justin Gardner Rhynorater (59:37.307)
What?

Justin Gardner Rhynorater (59:40.344)
Are you kidding me?

Justin Gardner Rhynorater (59:45.16)
Damn, Joel, you have the coolest shit, man. I swear, like...

Joel Margolis Teknogeek (59:48.402)
Yeah, so I used to have like a heavier gaming... it was like a G903 or something, I think is what it was. And that was pretty good for a while, but it had extra buttons and it just was heavier than I wanted. And I found out that the Superlight has support for the little charging puck and I already had the mouse pad and I wanted to keep that because I don't like plugging stuff in. So I've been using that and that's been amazing.

Justin Gardner Rhynorater (01:00:08.911)
Yeah.

Justin Gardner Rhynorater (01:00:11.388)
Dude, it's so funny, like, for some reason, literally every time my mouse dies, I'm in a League of Legends game, like, without fail, and I'm like, in the middle of a team battle, and like, all of a sudden it's like, oh, I can't move, like, help, cover me, you know? I do, yeah. The Logitech, for those of you actually listening to our podcast, it's the Logitech MX Master 3 is the one I use.

Joel Margolis Teknogeek (01:00:27.171)
That's terrible. But I saw I saw you had one of these. Yes. So so that's my this was my main mouse for a long time.

Joel Margolis Teknogeek (01:00:39.498)
Yeah, so I've got the original. This is the first version, but yeah, I love my MX master as like a daily, like comfort, like just daily driver mouse. If you don't care about like lightweight mouse and any of that, like wireless charging and all that kind of stuff. MX master is such a good, such a good mouse. I have the MX anywhere as well, which is there like mini MX mouse for like travel. And that was also awesome.

Justin Gardner Rhynorater (01:00:41.818)
Yeah.

Justin Gardner Rhynorater (01:00:55.808)
So good, man.

Justin Gardner Rhynorater (01:00:59.476)
Mm-hmm. Yeah.

Justin Gardner Rhynorater (01:01:03.736)
Yeah, dude, I just, I love the scroll bar on this guy. Like, you know, it just, it's, yeah, and it's, it's got like, you can really like spin it if you really want to, and then you can also push on it, and then it's got like a nice click when you, it's, it's great, I love it. Yeah, it's, it's real good. So I really like this guy. I do have an ergonomic mouse as well, one that kind of is upright, and you know, you kind of hold it like that, and it's, yeah, vertical mouse, and it's like,

Joel Margolis Teknogeek (01:01:07.518)
Oh yeah, that it can unlock. It's so nice.

Joel Margolis Teknogeek (01:01:16.558)
Yeah, there's my infinite scroll of my dirty mouse.

Joel Margolis Teknogeek (01:01:28.494)
Mm-hmm. I think it's called a vertical mouse.

Justin Gardner Rhynorater (01:01:33.948)
pretty good, but I actually haven't felt any wrist issues. I say that into my wrist, like, I don't know if you can hear it, like, you know, but it's like, it's like cracking like crazy. But you know, man, this is kind of enlightening, actually, maybe I should. But you know, I could never really get used to it. And it's such a pain when you're trying to, like, you know, get do your job. And then you just got like a bunch of needless friction, you know, that's derailing your thought process. So I was just kind of reverted back to the MX master because it's really handy. So

Joel Margolis Teknogeek (01:01:39.892)
Yeah, it's cracking.

Joel Margolis Teknogeek (01:01:56.78)
Yeah.

Joel Margolis Teknogeek (01:02:02.838)
Yeah, for sure. For something like that, I think it's really just like, what's your personal preference? Uh, man, I almost missed the, oh God. Thank you. Well, not okay. That yeah. Yes. So as I was saying before, I got dad joked out of existence.

Justin Gardner Rhynorater (01:02:05.408)
See what I did there? The MX Master is really handy.

Justin Gardner Rhynorater (01:02:10.612)
Yeah, you're welcome. You know, I thought you'd wanna, I thought you'd wanna know, okay. Sorry, continue. Ha ha ha.

Joel Margolis Teknogeek (01:02:23.027)
Yeah, mice are really, it's really personal preference. It's up to you, like what feels comfortable. So like I know people who have like wrist problems and they swear by those like vertical mice or like the ergonomic, like the ball mice or that kind of stuff. And, you know, for me, I just if it feels good, I don't think about it too much. And, you know, it is what it is.

Justin Gardner Rhynorater (01:02:32.374)
Oh really? Okay cool.

Justin Gardner Rhynorater (01:02:42.56)
Yeah, for sure. Okay, so we're already at the hour mark here. Wanted to cover a couple things, so I wanna talk about, we're gonna eliminate the rest of the things on the list here, but I think we should talk about our computer setup, our chairs, and then what was the, oh yeah, I wanted to talk about my newest little Chromebook, my little Chromebook setup that I've got. Yeah, yeah, so actually I'll do that now. It's right here actually, it's an Acer, what is it? That guy right there. It's an Acer.

Joel Margolis Teknogeek (01:02:47.264)
Yeah.

Joel Margolis Teknogeek (01:02:55.947)
Sure.

Joel Margolis Teknogeek (01:03:00.45)
your PC. Oh your Chromebook. Oh cool cool.

Justin Gardner Rhynorater (01:03:13.124)
R841T series. And I think it's got like eight gigs of RAM or something like that. It was only like, I wanna say 600 bucks. Extremely lightweight, two pounds. And it doesn't have a ton of RAM, but it kinda gets the job done. And it's a 13 inch, is it a 13 inch? Might be an 11 inch, so somewhere in that range. I feel like it's very portable, and that's kinda how I wanted to be able to...

Justin Gardner Rhynorater (01:03:41.86)
to feel when I was using it. I wanted to be able to just throw it in my little mini backpack, my little Explorer backpack that I've got and feel like it's not even there and then pull it out when I need it. To just do some quick typing for content creation or even for hacking. And I brought it on a trip with me to Maine to see Mariah's family. And it worked great for super lightweight hacking. You know, like in the evenings we were sitting around like watching a show or something and I was like, oh, you know, maybe I'll just fiddle around with something. And I powered up Zero Tier for your recommendation.

Justin Gardner Rhynorater (01:04:11.216)
connected back to my home network, and I had a Kaido instance running on my PC at home, and I used a zero tier, and Kaido's remote sort of feature to connect into that. I could proxy all my traffic through it, and it was really, really nice. It worked really well, and I could do all of my sort of basic testing that I wanna do at a basic level, nothing crazy.

Joel Margolis Teknogeek (01:04:11.723)
Nice.

Joel Margolis Teknogeek (01:04:18.379)
Nice.

Justin Gardner Rhynorater (01:04:37.02)
you know from the from the Chromebook and I didn't have to lug around my big you know eight pound laptop that I normally have to use to use burp.

Joel Margolis Teknogeek (01:04:44.726)
Yeah, that's crazy. Are you running anything like custom on it or is it just the stock OS?

Justin Gardner Rhynorater (01:04:48.804)
Well, Chromebook added support for Linux, so you literally just kind of go in there and just turn on Linux, and then you've got a Linux command line. They still don't have key bindings, which is kind of crazy to me, so I couldn't, I normally like to hit, I have my open a terminal bound to Windows key enter on my main computer, right? And so I can just boom, and now I'm in the terminal, bam, and it takes two or three.

Joel Margolis Teknogeek (01:05:02.862)
Good.

Justin Gardner Rhynorater (01:05:18.016)
I guess keystrokes on the device to get it to open up the terminal. But once it's in, it's pretty much like WSL. It's running a little internal Docker container that runs Linux, and it's pretty functional. And I was actually even, I was just kind of playing around with it. I was able to install Kaido on the device itself, actually.

Joel Margolis Teknogeek (01:05:37.878)
Yeah, I was going to ask, so did you just proxy directly to your Kaido IP at home or like, what did you?

Justin Gardner Rhynorater (01:05:42.932)
I proxied through my Kaido IP at home primarily, but I also at one point installed Kaido on the device and started using it there, but it got a little overrun, even with Kaido being as efficient as it is. It got a little overrun with that. So I reverted back to the setup from before of just kind of having it open as a tab in my browser.

Joel Margolis Teknogeek (01:06:02.478)
Cool, cool. That's awesome. Yeah, I've always thought about doing like a Chromebook. I'm running an old Intel 2018 MacBook, but my work laptop is an M1. And I think for my next laptop, I'll probably go with the Apple Silicon either. I'm actually thinking about maybe a MacBook Air because the MacBook Air stats, first of all, they're way cheaper, but also they have an M2 and the newest MacBook Air and it starts at like...

Justin Gardner Rhynorater (01:06:13.988)
Yeah.

Justin Gardner Rhynorater (01:06:28.922)
Oh, do they really?

Joel Margolis Teknogeek (01:06:30.73)
Yeah, like the cheap one, the M1 13 inch starts at a thousand bucks starts at 999. And then like even the 15 inch brand new M2 starts at like 1200, 1300. So it's not like that bad because of the price is so much lower with the Apple Silicon and those chips are insane. They're like, they're workhorses. They use like no battery. They're crazy, crazy quick. Um, I have basically no complaints except for some of the very, very like edge case

Justin Gardner Rhynorater (01:06:40.688)
Wow, that's not bad at all.

Joel Margolis Teknogeek (01:07:00.65)
64 emulation stuff that comes with Rosetta 2, but you can you can look up that stuff if you're curious about that

Justin Gardner Rhynorater (01:07:07.748)
Yeah, no, I was kind of, so I held off on buying the setup for a while, because it was like, ah, I really kind of wanna wait. Well, first of all, like, I'm pretty anti-Apple, to be perfectly honest, and it's not necessarily founded. Like, I feel like there are a lot of, you know, respected hackers and technologists, you know, yourself included, that use Apple as their primary, you know, system, and that's fine. It's just not for me. Like, I just, I don't like the feel.

Justin Gardner Rhynorater (01:07:36.452)
you know, the branding, I don't know. So I've been kind of waiting for people to come out with a competitor to the M1 because I love the idea of using a system like that, so efficient and so battery efficient, but they're just not doing it, you know? And it's just not happening. And Apple's already releasing M2 and there's not even a competitor to the M1 out there. And I'm like, come on guys, get it together.

Joel Margolis Teknogeek (01:07:56.116)
Yeah.

Joel Margolis Teknogeek (01:08:03.64)
Yeah.

Justin Gardner Rhynorater (01:08:06.06)
So anyway, at some point I was just like, it's great, it's 600 bucks, I'm not gonna like, you know, it's definitely worth it to have something light and portable with me all the time and reduce that friction to simple hacking and content creation. So I went ahead and bought it, but I'm definitely gonna keep my eye out for an ARM-based PC that will come out in the near future.

Joel Margolis Teknogeek (01:08:06.399)
Yeah.

Joel Margolis Teknogeek (01:08:27.926)
Yeah, for sure. Cool. All right. Let's talk about chairs real quick. This is I mean, this was super easy. I think chairs I see you have a DX racer. I don't know what your take is on that. But but my take is Herman Miller or bust. I had an air on for probably about seven years. And then I switched over to Herman Miller and body, which is like a better, I guess, in my opinion, better version. It's got better back support and stuff.

Justin Gardner Rhynorater (01:08:31.706)
Yeah.

Justin Gardner Rhynorater (01:08:36.972)
I do, yeah. It's... Where's my...

Joel Margolis Teknogeek (01:08:56.478)
Also by Herman Miller and that I've been on that one for maybe six months now. And yeah, that one's also awesome. I used it when I used to work in the office at my last job. And so I got one for home finally.

Justin Gardner Rhynorater (01:09:06.536)
Mm.

Justin Gardner Rhynorater (01:09:09.932)
Nice dude. Yeah. I, um, I bought this DX racer like when I graduated college. So I haven't, I haven't, you know, changed it at all since I, since I bought it. But, um, to be honest, I mean, it does the job for me. It's adjustable. You know, um, the, the neck support and back support is pretty, lower back support is pretty good. Uh, it's not as adjustable as it could be, but you know, it's pretty good. Um, and it's something that I haven't, I haven't spent a lot of time.

Justin Gardner Rhynorater (01:09:37.104)
Um, optimizing, but I think at some point I will go ahead and buy Herman Miller because everyone raves about them. Um, and, but like I said, you know, I don't actually feel a lot of aches and pains from sitting and I saw a quote recently that was from a respected, you know, posture physician of sorts, you know, uh, and they were saying that the best posture for you to have is one that changes every day.

Justin Gardner Rhynorater (01:10:00.836)
15 minutes essentially, you know, like as long as you're not leaning, you know, if you've got your foot up on your desk and you're like, you know, head crank to the side, that's fine for 10 minutes, you know, and then you kind of got to move. So as long as you're not staying stagnant in one position for, you know, a long time, it's not too big a deal, I don't think. Plus I use the standing desk feature of my desk on a pretty regular basis. So I think the chair is a really good investment for most people that spend a lot of time there. For me, it's a little bit lower on the punching list.

Joel Margolis Teknogeek (01:10:03.244)
Yeah.

Joel Margolis Teknogeek (01:10:10.669)
Yeah.

Joel Margolis Teknogeek (01:10:31.222)
Yeah, for sure. Based on what I've read, those racing chairs are like the worst for your back. But yeah, your mileage may vary. Some people have just like, you know, either they change their position a lot or it doesn't bother them because they have a strong back or whatever it is. So, you know, whatever works for you. If you want some good chair reviews, there's a YouTube channel that I really like. It's honestly A-H-N-E-S-T-L-Y. We'll link it down below. A-H-N-...

Justin Gardner Rhynorater (01:10:36.122)
Mm-hmm. Uh-oh. Hey. Boom.

Justin Gardner Rhynorater (01:10:54.232)
Mm.

Justin Gardner Rhynorater (01:10:57.144)
Wait, wait, wait. Spell it one more time. A.

Joel Margolis Teknogeek (01:11:01.518)
honestly, yeah, like a HN EST. Yeah, ESTLY. Yeah. And yeah, interesting spelling on honestly, but yeah, no, he, he does like, that like chair reviews, but like videos, and it goes like very in depth, he compares them to like other high end chairs and all that kind of stuff. He'll talk about like the drawback. So it's like, you know, if you're looking at getting a chair,

Justin Gardner Rhynorater (01:11:03.764)
AHN ESTLY honestly, that's kind of interesting. Pun.

Justin Gardner Rhynorater (01:11:12.688)
Yeah.

Justin Gardner Rhynorater (01:11:25.38)
What a niche, man.

Joel Margolis Teknogeek (01:11:26.694)
Nice chairs are expensive. You know, it's like 1500, $2,000 for a nice chair. And it's an investment that you're going to be sitting in for many, many years. So I would recommend, um, do some research on it. I bought actually during the pandemic, I bought a chair and I used it for like six months and I hated it so much that I went back to my old chair, my old, my old Aeron. I switched from an Aeron to like an office mat master, something, something or other. It was like 500 bucks. And I was like, Oh, this will be great. It's got a headrest and all this stuff.

Justin Gardner Rhynorater (01:11:45.673)
No way. Wow.

Justin Gardner Rhynorater (01:11:52.26)
Yeah.

Justin Gardner Rhynorater (01:11:55.579)
Yeah.

Joel Margolis Teknogeek (01:11:55.722)
and I used it for six months and it was like creaking and it was like hard to use and it wasn't comfortable and I was like, screw this and I went back to my Airon and I used that for another like two years before I got my body.

Justin Gardner Rhynorater (01:11:58.539)
Yeah.

Justin Gardner Rhynorater (01:12:02.712)
Nice.

Justin Gardner Rhynorater (01:12:05.612)
Nice dude, yeah. It's so funny to me all these little niches that are all over the place, man. This guy honestly has like 52k subscribers and like, it's just chairs. It's just like, he's the chair guy, you know? Like, that's hilarious. All right, man, that's a wrap on what we had in the doc. You got anything else before we bounce?

Joel Margolis Teknogeek (01:12:12.814)
It's just chairs.

Joel Margolis Teknogeek (01:12:17.163)
He's the chair guy. It's crazy.

Joel Margolis Teknogeek (01:12:24.294)
No, I don't think so. I could rant on and on about why I bought what I bought, so we should probably end it before...

Justin Gardner Rhynorater (01:12:29.972)
Yeah, we're going to cut it here. That's great. All right, man. Well, good luck in the, uh, in the live hack event this week and yeah, I'll catch you next time. All right. Peace.

Joel Margolis Teknogeek (01:12:37.726)
Yeah, you too. Catch you later. Peace.

Episode 23: Hacker Loadouts

Listen On

Recent Episodes