#LearnLockpickingWithAlice lesson 11 (part two): DIY padlock shims!

Who wants to spend a $5 on fancy padlock shims, when you can make shitty ones for the price of a soda can (and maybe a finger or two)?

Today, I'm going to teach y'all how to turn a soda can into like 6 disposable padlock shims.

⚠️ Soda cans are razor sharp on the cut edges, please be careful; your fingers will thank you 🫶

1. To start, get yourself an empty can of soda, beer, energy drink, etc.

2. Using some scissors you don't care about, cut the top and bottom off along the bevel. You should now have a tube that is open at both ends.

3. Cut the tube down one side and flatten it out into a rectangle, then cut it into 2.5" x 1" strips.

4. Take a strip and (with a marker) divide it into a 4x4 grid.

5. Then cut an "M" shape out of the bottom half of the 2.5" x 1" rectangle.

6. Fold the top ¼ of the rectangle down.

7. Fold the legs of the "M" up and over the top on each side.

8. Shape the shim around a lock shackle.

9. Shim something.

#AlicePics #DIY #Locksport #BypassTechniques #AltText

MLA-ACLS-AHA Depositions (6.81 GB)

AKA The DOGE Depositions

Censored depositions of two members of the Department of Government Efficiency (DOGE), Justin Fox and Nathan Cavanaugh, along with two members of the NEH, Adam Wolfson and Michael McDonald.

https://ddosecrets.org/article/mla-acls-aha-depositions

Help us keep publishing: https://donorbox.org/ddosecrets

FOX NEWS IDIOT: If you thought the masked "Former Antifa Member" Jesse Watters had on last week looked familiar, there's a reason for that... #OMG...He was also the masked "former gang member" and masked "Gaza resident" Watters had previously interviewed.

#FACTS... Every person you see on Fox News in a mask is just Robert O'Neill, retired Navy Seal and occasional Fox News contributor.....

#LOL... He's the former Antifa, former Gazan, former gang member... #SMH...His eyes are very unique.....

Apparently theres a new wave of people joining mastodon, and with them a new wave of self-appointed cops "welcoming" them with long lists of mostly fictitious "rules" they need to follow.

This is a social media platform, with many different ways to use it. It's fine. Mostly, just try to be decent to other people, just like you should try to be everywhere else.

Making fun educational shorts about how Trump low-key made it easier to get away with slavery on farms haha yay

https://youtube.com/shorts/THHLR1wa8Qo

Some random rambling about a Windows / AMD software bug:

Ever since I built my new PC, I always had the issue that sometimes at midnight, a blank "AMDAutoUpdate.exe" cmd window would open and do absolutely nothing. (See picture 1)

Googling it, I found a lot of people complaining about it. The exe is part of AMDs "Ryzen Master" utility that my motherboards "GCC" tool installed for me. The commonly accepted solution is to just disable the auto update service through the windows task scheduler. But that sounded too easy for me, tonight I actually went through the efforts of finding the root cause.

My first thought was: What is so broken about my hardware / setup that this random tool is just broken, it surely can't just be broken for everyone... right?

Right?....

Well... The tool in question is written in .net, this is very good because

A) .net is easy to decompile / reverse

B) I have written .net code a few years ago

So I went ahead and reversed what the tool does (or at least, what it is supposed to do).

The tool will attempt to download the file "VersionInfo.xml" from some URL that's stored within it's .exe.config file. Looking into that, hilariously enough there are two URLs, one being labeled "Production", the other being labeled "Develpment" (not a typo on my end), you can guess which of the two is commented out :P. However, this does not appear to be the issue, since both files appear to be the same in practice, let's dig deeper.

I noticed the downloaded file ends up being 0kb, so obviously something went wrong.

For downloading they use the "WebClient" class, they set a completion callback in which they call a different method to parse the file and display update option based on it's content. They also wrap the whole "WebClient" invocation into a try/catch block, but since no error is being logged, it doesn't seem there is an exception happening. (See picture 2)

However, I noticed the callback is being fired with an object of the type "AsyncCompletedEventArgs" and looking at the documentation, this object has an "error" property that they unfortunately do not check for, nor log. Instead, if there is an error, the program will simply try to open the 0kb xml, fail and deadlock forever, with absolutely nothing being done in the background.

Using a .NET debugger, I was able to retrieve the error:

ERROR: The request was cancelled: A protected SSL/TLS channel could not be created

Long story short, it turns out that WebClient by default sends a TLS 1.0 request to the server and the server at some point was updated to only support TLS 1.2 and 1.3.

This also means, it is in fact, BROKEN FOR EVERYONE. IN PRODUCTION. FOR POSSIBLY YEARS...

Using a .net recompiler (man .net really has some fancy tooling...), I was able to add the line
ServicePointManager.SecurityProtocol = (SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12);
which fixes the issue and I'm probably the first person in probably years to see the proper "update available" dialog (see picture 3), lmao.

So who's to blame here?
AMD? Microsoft?

I really don't know why this .net API doesn't try newer TLS versions if the older fail and instead requires an explicit flag to be set. On the other hand, AMDs tool is really shitty, doesn't do proper error checking and I would argue this cmd window should never open to begin with, which it wouldn't if they configured the task correctly.

Did Snopes really create an account here?

Fact Check: True

Source: https://www.snopes.com/faqs/#faqs_question-285676