Chris "Hack The Planet" Varenhorst

So I'm plotting bitrate of media files, as one does, and I see this fun graph! (#1)

Zooming in you can see it really spikes at 20m33s in... (#2)

Checking that part of the media file and I find... pure static! (#3) Cool seeing how the encoder decided to spend all those extra bits to capture static.

Interesting animation style in "Predator: Killer of Killers". Characters are animated at 12 fps, but the background is at 24fps.

In this example with a tblend visualization, you can see the background moving constantly, but the character only moving every other frame.

Whenever I see someone has a blurred out their house in Google Maps, I make a point of finding the same house in Apple Maps and staring at it extra hard. And looking up the SF assessor property records...

I'm now arriving in Chicago and shutting down free janky wifi. I had 24 total happy customers! They used nearly 30GB of cellular data. Based on bandwidth usage, seems like a lot of people have phones silently uploading their photos in the background. Need to figure out a good solution to that for v2

Chris's janky free train wifi has its first set of happy customers!

Taking the 2.5 day Amtrak sleeper train from SF to Chicago now! They don't have WiFi... so I'm running this free public service for my fellow passengers. (severely speed limit, but just enough for texting and basic comms)

LLM powered Home Assistant voice is pretty cool! But sometimes you run into funny problems like "I do not feel comfortable turning off the Chrome Anglepoise outlet without a valid reason to do so". (Claude obviously!)

Recovery a deleted file that you still have open in `mpv` or `iina` on macOS Recovery a deleted file that you still have open in `mpv` or `iina` on macOS - recovery deleted file with open FD.md

You know when you open a media file in `mpv` and then accidentally delete it? Well it can be recovered! Nothing new here but was fun doing it myself: gist.github.com/varenc/49ba1...

(requires convincing the process with the open FD to copy the file... fortunately easy with mpv's lua scripting)

Update README with instructions on how to setup a secure remote connection to your mpv instance by varenc · Pull Request #5 · oxan/home-assistant-mpv The current guidance in the README for setting up a remote connection is insecure. mpv supports a run input command that allows executing arbitrary commands, meaning anyone with access to the expos...

Securing the world by updating this README to avoid having woefully insecure and pwn-able advice: github.com/oxan/home-as... (I love that project btw, readme aside)

Kudos to the otherwise sketchy data broker, socialcatfish.com, for abiding by my CCPA request to give me my data, and then delete it! They gave me my data with Dropbox link, which gives feels like a personal touch. Also funny that they listed 'Asdasdasdo@gmail.com' as one of my emails...

This text, which links to a URL asking for my Blue Shield account password, is apparently *NOT* a phishing scam. Blue Shield literally texts you asking you to type your password into a non-official domain and you're just supposed to know it's not phishing.

The urine storage tank on the ISS, which streams metrics to the internet, is currently down to 6%! Lowest it's been in awhile. Those astronauts might need to drink more water.

metrics: iss-mimic.github.io/Mimic/

Use pISSStream to follow the ISS urine tank live: github.com/Jaennaet/pIS...

If you setup your own bespoke proxy over HTTP, all your requests to it would work as long as you had 'Host: unitedwifi.com' in the header. Of course they already allow unfiltered DNS requests and IP messaging apps, so other ways to make a proxy.

Sending an invalid Host header like "Host: unitedwifi.com www.google.com", satisfies both United and Google! Google is happy just seeing 'www.google.com' in the header. The real bug is that United permits requests to any IP as long as the Host header starts with “unitedwifi.com"

Explanation: United redirects all HTTP requests to their WiFi portal unless the Host header starts with "unitedwifi.com". Setting this as the only Host header value lets you send an HTTP request to Google, or anyone, but Google rejects it due to it not matching google.com.

Figured out how to sort of get free internet on United flights!

$ curl -H 'Host: unitedwifi.com www.google.com' 'http://www.google.com/robots.txt'

Without paying for WiFi, this lets you make a real HTTP request to Google! Explanation to follow...

The Natural History Museum in NYC gives you a ticket as a QR code. The QR codes just encode a ticket order #, which is sequential... seems like I could generate some valid QR codes for someone else's predicted order #!

HELLO BLUESKY!! Time to actually try and use social media.

Above is a gif from tshark showing the ~60 broadcast packets/sec. Which is pretty high. Public Wi-Fi networks typically isolate clients to improve security and performance. Clearly everything is mostly fine, but enabling client isolation could make it even better!

@amtrak.com Your on-train Wi-Fi network seems misconfigured. All clients can see each other and each other's broadcast traffic, leading to a broadcast packet storm. This can degrade performance, not due to high bitrate, but due to excessive airtime usage.