Hotline Hacked Vol. 2

Speaker 1: Thank you for calling Hotline Hacked. Share your strange tale of technology, true hack, or computer confession after the beep.

Speaker 2: Hey, Jordan and Scott. This is Andrew. I wanted to give you a feel good story for the first one I submitted. So a couple years back, I had to get, some sort of medical imaging done. And, so I went in and got that done. And to get the results, you log into a portal to, like, to see what the results were. So went in, created an account, logged in, and, saw saw my results, which were good. So nothing bad there. But then I realized, like, this website looks kinda like janky.

Speaker 3: Just pausing here quick because I love the use of the term janky here. Just just need to say that.

Speaker 4: I recently had some, like, medical tests done as well. Jankiness on a medical website is a very different feeling than jankiness on any other website.

Speaker 3: I feel and this is off topic, but I feel like fraudsters, if they understood how janky their websites were.

Speaker 5: If

Speaker 3: they were not janky, would probably have way more success.

Speaker 4: Oh, completely.

Speaker 3: Anyway, back to the story.

Speaker 2: And I don't know. I should pull up the I should pull up the developer tools in Chrome and see, like, what's going on behind the scenes. So I was looking at the network tab and saw the API requests going back and forth and, realized that one of the API requests was, I I wanna say, it was like a procedure number or something like that. And it was just an integer incrementing up, it looked like. So I thought, almost surely, they've got this you know, they got some sort of access control around this, and it just is tied to the patient. Right? So I, you know, edited the request, resent it, you know, just incremented it up by one. And suddenly, I'm looking at someone else's medical results for the imaging that they had done, And it was definitely not me.

Speaker 3: I feel like this is so common, like like, exposed REST API to, like, access data that should be behind lock and key. And just is is you made the the front end development so much quicker and easier just to, like, expose it. Be like, yeah. Here we go. This is easy. Like, nobody will ever do this. I feel like this story probably applies to, like, a thousand sites of confidential information.

Speaker 4: Especially with the just an integer going up part. Yeah. Because we have told other stories on this show where it was just like and then I tried adding one more number to that string, and boom, I was looking at someone else's, like, social insurance, like, number, their private information, or whatever it is. Totally. There's just a number going up.

Speaker 3: It's just the the unique ID in the database record, and they're sequential. So it's like it's an easy bet that if you just go up or down one, you'll probably pull another record.

Speaker 2: Bingo. I, was thinking this is bad because we've got PII here, and we've got, like, medical information here that needs to that needs to get secured up. So I wasn't sure who to call. No IT number was listed or, you know, security number was listed. So I was like, well, here's a medical records number. So I'll call them up. So I call the medical records people. I'm just like, hey. There's a problem with the portal, and I can see other people's medical records. And the lady was like, wait. I'm sorry. Do you do you need your medical records? No. No. No. No. I there's a problem with your computer system. I logged in to get my medical records, and I'm seeing other people's. I need to talk, like, to your IT director. And she goes, okay. Hang on one sec. And so the next thing I know, I'm talking to their director of information technology, and I'm relaying this information to saying, hey. I'm just a patient. I'm not trying to hack you. I'm not a sales guy. I just wanted to let you know that I'm seeing this, and you should probably do something about it. And I'm usually pretty protective of my identity because I don't want them thinking that I am a hacker and, you know, I've got the police knocking on my door after that. So, so the IT director was like, well, I'd I'd like to log in as you so that I can see what you're seeing. And

Speaker 3: I was like,

Speaker 2: alright. This guy seems like he's he's he's not gonna screw me over. So I give him my name and, he logs in while I'm on the phone. And I was like, okay, go into developer tools, flip this. And he does it and he goes, oh, this is bad.

Speaker 3: We gotta gotta say so trusting because, like, you're you're literally trusting this person on the other end of the phone that you've never met to not call the FBI and have you arrested and persecuted because that's literally what you're looking at in that case. Even though you're, like, an altruist and you're trying to do what's right, the fact that you did it makes you, like, liable for the for the crime. So it's like I I'm just like I'd I if I was in this person's shoes, I don't think I would have given my personal information. I would have been like, you are the director of information security. Like, just log make an account, log in. Here's the API call.

Speaker 4: Sure. You're you're calling in if they don't offer a bug bounty, you assume they're gonna be kind of, shady about the whole thing and you're like, I'm calling him with a voice, like, concealer. Yes.

Speaker 3: They're gonna get a voice code.

Speaker 4: I do not want you to know who I am. I don't trust that you're gonna understand this. Yeah. I get that.

Speaker 5: Like, and it's it's such

Speaker 3: a sad thing. Like, if they don't have a bug bounty program where they're like, yeah. We're, like, open to this information. Yep. It's like, you don't know which way it's gonna go. They're either gonna see you as a threat and persecute, or they're gonna see you as a savior and celebrate. And it's like, that's such a trusting moment.

Speaker 2: Okay. Thank you for telling me this. Are are you okay if if, you know, you know, if, like, do you wanna keep your anonymity? And I was like, yeah. Let's just do that. He's like, okay, well, thank you for letting me know. I'm going to take care of this now. And, so, I think within like the hour, the whole portal was, was, was taken offline. It was just, like, in maintenance mode. So, I feel like, okay. Cool. I got taken seriously. This is good. And, and then I get this email. I wanna get this you know, this is the whole point of this this call. So this is from the director of information technology of a large, medical imaging center in the city that I live. I wanted to thank you for calling to inform us of what you found. I also wanted to let you know that we have shut the site down, and the vendor is correcting the problem now, all while protecting your anonymity, which seemed to be your wish. With that being said, even with no one knowing your name, you are a popular guy around here. The CEO and the doctors have asked me to convey their thanks to you. We all appreciate you taking the time to let us know that there was a problem. It's refreshing that there are still people out there whose first impulse is to do the right thing. Sorry. I'm kinda choking up a little bit because when I got that, I was just like, oh my gosh. Like, wow. I I don't know what to say. Like, just such a such a good feeling, to get an email like that. Anyway, so that just made me think I gotta keep doing this. I gotta keep I gotta I gotta I gotta be the white hat here and, let companies know when there's when there's problems.

Speaker 3: That is, like, the bang on response you wanna hear about. You know? Like, that's exactly what you wanna hear.

Speaker 4: Thank you so much for telling us there's asbestos in our walls. Thank you so much for telling us the electrical wiring in the building is bad and is gonna, you know, result in a fire. Like, thank you for sharing this information with us. Totally. When when I first listened to this story,

Speaker 3: I got to the I got, like, I got this email, and I I'm gonna read it for you now. And I was fully expecting it to be like

Speaker 4: Put your hands up.

Speaker 3: We have notify we have notified the police. As much as we know that you were doing the right thing, this is still a computer security crime. And I was just like, oh, man. This poor guy. And then it was just not that, and I was so

Speaker 4: thankful for it. Good news story.

Speaker 2: Just wanted to pass that along. They did get the the portal back up. It was all secured. I double checked. So, anyway, there's your feel good story. Thanks for the podcast. Really enjoy listening to it, and you guys do, an amazing job with production as well as content. So keep up the good work. Talk to you later.

Speaker 3: Thanks, anonymous guy. Anonymous person. Yeah. I don't know. I love that story. That's this it's so refreshing to hear one of these situations go in a positive manner. Like, he he really did mitigate a huge risk for the company, and I love that he even went back and double checked the new portal. Like, he was so thorough in his job that he went back to verify that the vendor had done a good job, which is, like

Speaker 4: Totally.

Speaker 3: Totally unnecessary, but, like, kudos to you.

Speaker 4: Completely. I like that. You are a popular guy around here is my favorite part of that one. It's we've because we've told these stories before and it the more we tell them, it's like there's there's sort of a spectrum of responses to getting a bad news email from somewhere someone. On one side, you know, very tech focused companies know this is a huge value and so they have bug bounties. You got those on one side of the spectrum. As you brought up on the other side, you have, the only way you could have discovered this is if you broke into our system. So get them Uh-huh. Is the other end. And then this is just like a lovely little spot in the middle. They're they're not a bug bounty kinda company, but they recognize that bugs are bad and appreciate when people bring them to their attention.

Speaker 3: If if if I'm that director of information security or information services or IT or whatever his title was

Speaker 4: Yeah.

Speaker 3: I'm going to my boss and I'm asking for a for a a budget, and I'm buying this guy a gift straight up. We can't buy you

Speaker 2: a gift,

Speaker 3: so we're just gonna say good job and thanks for the call in.

Speaker 4: Completely. The, the one other so I remember when this first one when this first came in, I wanted to go look up other I was like, oh, what are some of the biggest healthcare hacks of the last, say, five years kind of thing? Like, are there any parallel stories? Is there anything worth talking about there? I think it was wild to me is that when I I went searching for that, what came up was it the craziest healthcare hacks of all time? It was the biggest healthcare hacks of 2024. It is April 26 at time of recording. We are a third of the way into the year. And if you wanna write about this problem, you need to do a shortlist. Like, oh, you want us to talk about 2024 health care leaks? We're gonna have to do a a a selection. We're gonna have to curate them

Speaker 3: Yeah.

Speaker 4: Because it is the biggest source. It's one of the biggest targets. It is one of the, like, least bug bounty ified ones. When you go digging for them, they're not the big ticket ones. And that's still that's that strikes me as odd because it's starting to kind of be revealed that they're the some of the best people to target if you're trying to get someone to pay out, and, maybe some of the least secure. Totally.

Speaker 3: And, like, just the value of the information you're getting. Like, you're getting names, you know, probably identifiers, whatever government identifier you use in the areas Yep. Wherever the hack is, etcetera, etcetera. So it's, like, very, very valuable chunk of data. So Yeah. So good job. I actually did realize that we can buy you a gift. So if you email get@hackpodcast.com, I'm gonna send you a hack podcast hoodie.

Speaker 4: Nice. Oh, I like that.

Speaker 3: Yeah. I'm gonna be your bug bounty. I think that is such a good

Speaker 4: story.

Speaker 5: I'm

Speaker 3: so thankful you called in that I'm gonna send you a hoodie.

Speaker 4: I will toss in a a visor?

Speaker 5: We did we end up making a visor?

Speaker 3: Did we end up making visors or did we end up sitting here wearing a hacked podcast?

Speaker 4: You're literally wearing it. Sick. I'm I'm drinking out of the enamel mug.

Speaker 3: Store.hackpodcast.com. Weird plug.store.hackpodcast.com.

Speaker 4: Can't recommend it enough.

Speaker 5: K.

Speaker 3: Let's jump to the next one.

Speaker 2: Let's do it.

Speaker 6: In my residing city, a recent implementation introduced a system enabling users

Speaker 5: to ride electric bicycles. To avail

Speaker 6: themselves of the service, bicycles. To avail themselves of this service, users simply needed to download a mobile application and make payment through it. Two days after the app's launch, a colleague informed me about a significant flaw in its back end. The issue stemmed from a lack of input verification, allowing users to exploit the system and ride without making the required payment. Intrigued by this revelation, I downloaded the app, extracted the APK, and attempted to decompile it. Unfortunately, my efforts resulted in nothing more than a glorified website posing as an app. I proceeded to visit the original URL on my computer. Initially, the website mirrored the app's functionality, but upon inspecting the web proxy logs, I discovered that it provided a list of users whose birthdays matched the current date. It appeared that the client side filtering was rather naive. Further exploration revealed that a specific endpoint of the web application returned a large response size. Upon investigation, I found it to be a JSON containing detailed information about all registered users. This included phone numbers, account types, full names, social security numbers, and notably, password hashes. Identifying the hash type was swift, as I possessed an account and knew the plain text. Shockingly, there was no salt associated with the hashes.

Speaker 3: That is shocking. This whole thing is shocking, but unsalted hash is more shocking.

Speaker 4: Almost as shocking as Social Security numbers on an ebike app. The the what? Why do you need that information?

Speaker 3: Let's get through this one because it's not long and, man, is it heaty.

Speaker 6: Delving deeper into the JSON, I uncovered users with administrator roles and, curiously, a test one two three four five account that seemed to be a remnant of testing. Offline password cracking quickly revealed that the password for this account was identical to the username. Logging in as test one two three four five, I discovered the account had privileged access, allowing me to view comprehensive details about every user utilizing the bicycles, including their names, ride history, and previous invoices. Concerned about the security lapse, I attempted to alert the company, but unfortunately, received no response.

Speaker 3: That is wild. A, from a, like, a software engineering Yeah. Structure of the software application. Like, it's no no surprise that there's APKs and and app store apps masquerading around that are just

Speaker 4: Web apps.

Speaker 3: Cheap web browser implementations of a crappy little mobile website. Totally. So many of those.

Speaker 4: That makes sense.

Speaker 3: But the fact that the API was returning essentially a payload of all of the user data just by default is wild to me. The software engineer in me is screaming at how poorly designed that that system would be. If that's if that if that was the ease of development, you know, path that they chose was, like, you know, it'd just be easier if we sent the entire database to the front end in a JSON query and then parse it from there. Like, that's crazy to me. And unsalted hashes

Speaker 4: Right.

Speaker 3: Like, don't even get me started. Go listen to problem with passwords. If you don't know what a salt and a hash is, but, like, that is cryptography one zero one.

Speaker 4: So they were giving out a lot of information at a point in that sort of, like, process that they shouldn't have been, and they weren't following basic best practices when it kinda came to storing passwords in the first place.

Speaker 3: Yeah. Yeah. And I it that's like, the amount and especially with, like, previous ride history, like, we're not even talking about just financial problems and, like, personal information. We're talking about, like, location data on people and habits. Like, you know, we talk about the world of privacy and security around, like, Apple AirTags and, like, making sure they're not used for stalking and etcetera, etcetera. Being able to look at somebody's e bike ride history and see that they go to the public library every Thursday at 4PM and knowing where they're gonna be. You know? Whether you're gonna go break into their house or whether you're gonna Yeah. Sure.

Speaker 5: You know,

Speaker 3: they're like there's just so much of a a confidential information violation there that it's it's blows me away.

Speaker 4: Yeah. If the information that the the caller, if all of this information was being stored by again, we're talking about, like, an e bike a e bike rental app here. The the the skimmed past social security numbers, and I don't wanna get fixated on that. But if this app was insisting on collecting that data, which I find really weird, what you basically, as you said, have a map is have is a map of where the person lives, because you can reverse engineer that for where the bike went probably if it went to the same location four or five times. That's either where they work or where they live. And now their Social Security number. Yeah. It's a key you you can reverse engineer a lot of information out of this.

Speaker 3: But it probably has their addresses, has Yeah. And and the passwords, like, and, like, a lot of people reuse passwords. We know this to be true. And now you have their email address and probably one of their common used passwords. And it's totally unsalted, easy to crack. I don't know what city this is, but I do not wanna be next time I get I'm in a foreign city and asked to sign up for an ebike program, I'm gonna be pretty skeptical.

Speaker 4: There is no city on Earth I could be in where if they ask me for my social insurance number or whatever it is. I guess social security number in this case, we can refer it's in The States, that I'm gonna be like, no. I really, really need to rip around on this dandy little scooter. Have all of my information be like, no. I'm walking. I'm taking the bus.

Speaker 3: I love that his attack trajectory or, like, his, you know, white hat, black hat, whatever you wanna say, however you wanna say it. His attack trajectory was like, I might be able to get free bike rides. There's a problem in the system. And then

Speaker 4: I would like that

Speaker 3: person to four hours later, he's like, oh my god. Like, are they are like, oh my god. There's so much information being shared here.

Speaker 4: Yeah. I wanted to go for a nice little bike ride, and now I'm doing hard identity fraud. Like, I this has escalated so rapidly. Yeah. Not that they did that. Because they like, the first caller, they called in, and this is, again, another data point on our spectrum of bug bounties to calling the police on a white hat hacker. This is the the most frustrating part of that spectrum is the you get ghosted part. It's like that that's the that's the silliest one, just to not respond whatsoever.

Speaker 3: Yeah. And then, like, the other thing is too is, like, if it is a municipal service, you could reach out to the government. But, like, the government has the worst track record of being, like, you hacked our stuff. We're calling the cops. Totally. But they should be the ones that are most concerned as if it is a municipal program

Speaker 2: Totally.

Speaker 3: They're gonna be on the hook and liable for the data breach that is active. It's not even, like, could happen. It's it's real and live.

Speaker 4: The other two things that popped into my mind about this when I was it was like, I listened to this a little while ago, and we're like, oh, let's talk about this on the show. And then it left me just thinking about these mobility networks. They don't exist in the city I live in now, weirdly. They exist where where Euless got, where, you know, I used to live. And, the two things about it, one was just the economics of it. I feel like we're almost at the tail end of these because I remember reading a piece a like, a few years ago when these mobility networks were starting to go really wide, and it was talking about how this is yet another thing where VC money is propping up a really unsustainable economic model where the lifetime, cost of the scooter like, if you take how long you can run the scooter for before it stops being usable, the cost of it, and then how many rides you can get out of it before it reaches that point, it's like you're in the red on every single one of these. Every time you see a pile of like 50 scooters, each one of those is like lifetime negative money for this company. But we got those VC bucks. We can take a loss every single time. And just the economics of it being unsustainable were really fascinating to me.

Speaker 3: Well, the the I wanna get into the economics of the scooter culture. The thing that's actually fascinated me is, like, they're not cheap. Like, for me to go jump on a portable scooter and ride it, if there's more than one person, just take an Uber. It's way cheaper even if you're going, like, six blocks. If you're trying to go any distance, it's like Uber almost Uber you know, any of the ride share services are generally cheaper than a scooter rental to do the same thing.

Speaker 4: It's not a great I've been in cities where they I mean, the city I went actually does have bikes, but I've been in cities where the bikes were much more plentiful and the bike itself didn't suck to the point that I wanted to do it. And it wasn't it wasn't a a good transportation choice. Like, if I wanted to get from A to B, there's faster moves. The bus will destroy it every time and in a lot of cases, as you said, an Uber is just gonna be better off but there's something fun and recreational about it. But they're typically not pitched as tourist things. They're typically pitched as, like, no, part of the mobility in a in a given city. It's a neat idea, but it, I'm I'm curious how the money's gonna money side of it's gonna shake out.

Speaker 3: Yeah.

Speaker 4: But the other part about hacking, like, ebikes, and this is a total tangent, is so there's scooters. Some places have scooters. Some places have ebikes. A lot of people ride ebikes where I live. Mhmm. They're very popular. You see them on the bike trails. I have no problem with that. It's it's cool. But when it comes to hacking ebikes, there's the side of hacking the actual hardware. In order to be road legal as an ebike, there's I think in The UK and The US, it's around 15 miles per hour is like the hard limit.

Speaker 3: Yeah. Speed limiters?

Speaker 4: The e bikes yeah. There's speed limiters installed on them. You can't sell them if they can go faster than that, and you definitely can't ride them on bike infrastructure if they're faster than that because it's just an electric motorcycle at that point. And I remember going down a rabbit hole reading about that being a very easy thing to overcome. It's pretty easy to hack an ebike to go they call them tuning kits. They're like these third party things that let you I mean they void the warranty, they make the thing illegal, but boy can you go fast on those things. And every so often I'll be walking down the bike trail and someone will cook it past me and I'm like, I think I don't think that's off the shelf. I think you mucked with that one. I think you act your ebike and you should probably be on the road, but they can really go.

Speaker 3: Yeah. The e scooters, a friend of mine, Stefan, has a I don't know. I I'm assuming it's road like, I'm assuming it's legal in Alberta because Alberta is the Texas of Canada. So Mhmm. I'm assuming if, you know, freedom bursts and we've given people the right to go 78 kilometers an hour on a on, like, a little tiny scooter

Speaker 4: On a sidewalk.

Speaker 3: I've tried it, and it is it goes past thrilling and exhilarating. And for somebody

Speaker 4: that Right.

Speaker 3: Bikes and does things at speed Yeah. Backcountry skis. You go quick. Totally. I like going fast. I like car racing. And it's like going 80 kilometers an hour on one of those scooters is maybe the scariest thing I've ever done.

Speaker 4: Mhmm. That's yeah. A scooter, especially, I I would feel way better doing it on a bike. But a scooter, those things are kinda squirrelly at the best of times.

Speaker 3: Exactly. Imagine dumping it at 80 k an hour. Like, you're just going to the hospital. A scooter? It might be just dead.

Speaker 4: Oh, yeah. I feel like on a bike, it's at least kinda harder to go over you can go over the handlebars on a bike, obviously, but there's some, like, bike in the way. I feel like a scooter, it's just, like, it's just gonna yeet you into a different, like, universe. Like, you're gone at 80 kilometers per hour. Yeah.

Speaker 3: You're, like, you're showing up on, like, meme accounts on Instagram at that point.

Speaker 4: Totally. That song's gonna play. You're gonna get thrown into the stratosphere. It's gonna be a great time. When those, scooters came to Edmonton, I had, like, four different I remember over the first year, a bunch of different friends making the same joke about being tempted to throw it in the river.

Speaker 3: Yeah.

Speaker 4: And I remember that sticking out in my brain that this was different people that I knew from different situations at different points in time. So it couldn't be like it was that thing ripping around on the Internet all having the same thought. The thing I really want to do is I'm cooking it across a bridge on this rental scooter is just throw the scooter in the river. I don't know what that means, but it means something.

Speaker 3: I think that my first experience with these things was I was in in Miami, and this was years and years and years. These are right when they showed up, like the years zero of these things.

Speaker 4: Sure.

Speaker 3: And they were street litter. Like, they were everywhere, and they were in piles, in hedges. Like, they were it was literally street litter. There's no better way to describe it. They were everywhere. They were none of them were, like, lined up and organized nicely and set aside. They were, like, ghost ridden into, like, buildings and bushes. Like, they just, like it was a mess, and I was like, oh my god. Like, this is what society does when given this power.

Speaker 4: If you wanna see the most extreme version of this, I was in, like, I was in Mainland China a few years ago, and I remember seeing this Google image bike sharing graveyard. If you wanna get a sense of what it looks like when you take, like, oh, that 30 scooter pile, it's, like, 50,000. Imagine 50,000 bikes in a pile. And they're identical bikes too, which makes it really insidious. It's it's it's pretty shocking when you see an image of it.

Speaker 3: I'm looking at it right now, and it is shocking.

Speaker 4: Right?

Speaker 3: Correct.

Speaker 4: It's pretty crazy. It's It's like an oversupply problem of, like, the only way to get this off the ground is, again, to inject a ton of capital to it and operate it at a loss until people get used to it and it becomes a part of your day and your life and how you get around. If it doesn't play, however, you just have 50,000 bikes to figure out what to do with.

Speaker 3: You've been, you've been in Montreal. Right? We're totally off tangent here, but you've been in Montreal. Right?

Speaker 4: Yes. I have. Yeah.

Speaker 3: Have you ridden the Bixies there? Because I feel like that is a place where they got it early enough.

Speaker 4: Right.

Speaker 3: And it it they built it into their infrastructure well enough, and it was actually widely adopted. They changed bylaws so you didn't need to ride with a helmet, etcetera, etcetera. Like, it became it became a public service that people I knew actually used. It was cheap enough, and I have never seen it in another place implemented as well as it was in Montreal. So kudos, at least had been. I'm not sure what the current state of it is. It could be total chaos. But

Speaker 2: this

Speaker 3: but, kudos to you, Montreal.

Speaker 4: Meanwhile, there's a a 50,000 tall bike pile in the middle of the Montreal.

Speaker 5: Yeah. Yeah.

Speaker 3: Yeah. The Mount Royal is just covered in bikes.

Speaker 4: It's Mount Royal is built on top of an old pile of bikes the way they do with tire fires and stuff. Like, just build a hill on it.

Speaker 3: That's what the It's

Speaker 4: all bikes are.

Speaker 3: It's made of old bixies. Should we get back to topic?

Speaker 4: Let's let's kick it over to a commercial break. We also, welcome to Hotline Hacks. We're so good at podcasting. We're really good at the basics of our job. Welcome to Hotline Hacked. We're gonna kick it over to a break, and when we come back, a couple more messages from y'all.

Speaker 3: We I think we nailed it. You know, we got a little plug in for the store.hackpodcast.com. We got

Speaker 4: a little plug

Speaker 3: in for for Patreon to be plugged in. Hey. Go to go to hackpodcast.com, redirects to our Patreon because we, you know, big heart. Love our patrons.

Speaker 5: We're great.

Speaker 4: We're great. And now messages from our sponsors after these messages from us.

Speaker 3: I assume that would be after the the ad break comes back. But

Speaker 4: That's probably the way to do it. And we'll find oh, man. We're creating an editing nightmare for me right now. We sure are.

Speaker 3: We sure are. You just let Loogle in, make HoLion hacked just, like, totally rogue.

Speaker 4: HoLion hacked. It's loose. It's loose.

Speaker 3: We're very loose. It's loose. Looser than normal, Hotline hacks.

Speaker 4: Starting something new isn't just hard. It can be downright terrifying. You put a lot of work into a thing. You're not entirely sure it's going to work out. You're taking a huge leap of faith. I've started a few things. Now I know I was right for believing in, you know, the idea, the product, despite all of those fears and hesitations. But boy, does it sure help when you have a partner like Shopify on your side. Shopify is the commerce platform behind millions of businesses around the world and 10% of all e commerce in The US. From household names like, well, hacked podcasts merch, to brands just getting started, you get started with your own design studio with hundreds of ready to use templates. Shopify helps you build a beautiful online store that matches your brand style. Did I mention that that iconic purple shop pay button that's used by millions of businesses around the world? I don't know why I wouldn't. I should. It's why Shopify has the best converting checkout on the planet. It also helps boost conversions, meaning less carts, sort of getting abandoned in the parking lot, and more sales for you. It's time to turn those what ifs into sign up for your $1 per month trial at shopify.com/hacked. Go to shopify.com/hacked. One more time, that's shopify.com/hacked.

Speaker 7: No one goes to Hank's for spreadsheets. They go for a darn good pizza. Lately though, the shop's been quiet, so Hank decides to bring back the $1 slice. He asks Copilot in Microsoft Excel to look at his sales and costs and help him see if he can afford it. Copilot shows Hank where the money's going and which little extras make the dollar slice work. Now Hanks has a line out the door. Hank makes the pizza. Copilot handles the spreadsheets. Learn more at m365copilot.com/work.

Speaker 8: If you've got an insurance question, you could talk to the butcher at your local grocery store. He'd probably talk about trimming the fat, but it'd be about your brisket, not your insurance policies. Or you could talk to your local GEICO agent. They offer personalized assistance in finding the choicest cuts of coverage for all your insurance needs, which means more money for filet mignon. Or if you're a vegetarian, tofu lay mignon. To find a GEICO agent near you, visit geico.com/local.

Speaker 5: Take this as your sign to go. Just get out there and go. This summer at Best Western, get 1,000 bonus points and a chance to win 250,000 bonus points. Life's a trip. Make the most of it at bestwestern.com. No additional purchase necessary for sweeps. See bonus point t and c's and sweeps rules for details.

Speaker 4: Okay. So this next call that we got from a caller, we're just gonna call him p. Didn't have any audio included, but it came in as text. So I'm gonna read this one to you, Scott. I'm very curious for your thoughts on this because it's it is relevant. Here's an idea for a story that occurred in Scott's territory almost half a century ago. Mhmm. This is not an incident that I was directly involved with, but I believe this would be one of the first incidents of computer hacking. It certainly did make legal history. This incident of computer hacking took place in Edmonton in 1977. Go Oilers. That was me. That's on part of

Speaker 2: the email.

Speaker 3: A little before my time. Just gonna note that.

Speaker 4: A little before your time. I was living in Edmonton at the time and recently purchased an Altair computer, which was assembled from, like a kit of parts. There was a group formed in Edmonton at the time called EACH, Edmonton Area Computer Hobbyist. This was before the days of Apple, Radio Shack, etcetera. Floppy disks were only for the rich. Many thought that bubble memory would be the next breakthrough. Remind me to ask you what that is. I became a close friend of one of the members who also owned an Altair. He was taking computer science at the University of Alberta. He was also a close friend of Michael McLaughlin even though, although he was in no way involved in the hacking. He told me that Michael's main goal in hacking the computer was to alter the billing for computer usage. Michael did have an account on the computer, but the usage charges were very high. In those days, from memory, he was using an IBM Selectric typewriter terminal using dial up access to the computer. This would be 300 bps or less. I did meet meet Michael briefly at a house party in 1984. He told me his legal costs for being the charges were quite high. If you'd like to research it further, here are a few links that could help. So what is our dear friend, Pete, talking about here? Clicked on some of the links that he provided. There's, like, an old Edmonton Journal article, and there's a bunch of court transcripts. But what it sounds like happened here is in 1977 at the University of Alberta in Edmonton, three students, Bruce, Michael, Bruce, Michael, and Arnold, who were 19, 19, and 22 respectively, were some of the first people ever charged with, I think the charges were mischief, theft of computer time, and use of a computer as a telecommunications facility. Bruce was convicted of theft. Michael, I think, was convicted, and Arnold was acquitted of both charges. It sounds like what they did was the U of A had this $9,000,000 computer, that builds time to it. If you wanted to use the computer, you had to pay. There was an account and they went digging around, to try and get unauthorized access, to change the billing system so they could use the computer more than they were supposed to. In doing so, they caused this $9,000,000 computer system to crash five times in one week.

Speaker 3: I just wanna jump in and say I'm sure back in those days, a computer crash was much more significant than

Speaker 5: it is today. We just,

Speaker 3: like, reboot it. I'm sure it was much more of a headache.

Speaker 4: Totally. So Christiansen, one of the three, gets caught using this terminal that p was describing. And there's apparently, it was a redhead. I think there was evidence of tampering and possessing, like, the IDs and profiles of, I think, about a 100 of the users. They found computer prints out and tapes at McLaughlin's residence, which means they raided his residence over this. Mhmm. Mhmm. Asscel admits to planning the scheme, but there's no evidence of execution around. Anyway, they were some of the first people people ever to be charged in regards to hacking in Canada, and it happened in, in Edmonton.

Speaker 3: As a graduate of the University of Alberta's computer science program, this is definitely my territory.

Speaker 4: A quiet salute.

Speaker 3: The yeah. Wild. I'd I'd actually had no idea. Truthfully, I had no idea this had happened Right. In in Edmonton and was I can see in 1978 how this would be a defining piece of legal trial because

Speaker 4: Oh, totally.

Speaker 3: Networking is kind of, like, just starting to happen. So, like, the whole idea of network computer security and network computing hacks is probably not really, like, a big deal then. So, like, you know, people trying to use a computer is, like, what the hack is. And, like, that's, I don't know, a little wild to me.

Speaker 4: Mhmm. It sounded like in order to render, like, a legal outcome of this, they had to I used the phrase telecommunications facility. I I found that I I went through some of the court document. It's very long, but I I found the relevant parts, and it sounds like the legal response to this was basically saying, okay. This computer is akin to a telecommunications facility. It's a machine, but we can think of it like a building where there's, phone stuff happening and what you basically did was you broke into that building and you caused that infrastructure to stop working. That was kind of how they were charged. Like, it wasn't a computer crime because that didn't exist. It was akin to you broke into the phone switching building and mucked with it. And now we have to spend I think it was 300 k a year was the number they said after this. So, like, we're gonna dedicate money to hiring people to stop people from doing this in the future Yep. Inadvertently birthing cybersecurity in the prairie provinces of Canada.

Speaker 3: Yeah. It's it's like the now cybersecurity is like a major expense line on every company's, you know, income statement. Back then, it was probably a it why I assume it was a total afterthought. You know? Like, they would have had, yeah, basic networking, you know, pretty pretty primitive computer systems running, you know, probably early versions of Unix. You know, BBSs were maybe just kinda kicking around at that point. A little bit of dial up here and there. So it would have been it would have been, yeah, would have been, like, the genesis of, like, computer crimes. You know? It would have been a would have been a really interesting time to be alive and be a hacker because the puzzles would be a lot more basic. Let's just say that. Mhmm.

Speaker 4: The last detail I noticed in the court documents I found interesting, and I'm I had a hard time parsing the exact timeline of this, but this is the sense I got, was that at the time that they infiltrate that they access the system, I think either Christensen or McLaughlin were actually not supposed to be accessing it. My gut is that part of why this happened was that for some reason, they weren't supposed to use this system and the attempt to gain access to these profiles, and the billing back end was to give themselves access to the system again. Sure. Which raises the question, if I am right, what did you do? This isn't actually the first computer crime. What was the real one? What was the reason you got booted off in the first place that you had to go and do this?

Speaker 3: Like, couldn't it be like, my my first gut feeling is that they probably use that computer for a specific class. And then when the class finishes, they get removed from it. But the utility of having access to a $9,000,000 supercomputer that's probably one one hundredth of what our iPhones are today was so valuable that they didn't wanna lose access to it. So I I can I can perceive that as being the main reason why they wanted to get back into it? But it's really interesting that, like

Speaker 4: Sure.

Speaker 3: Like, when you talk about the the parallels between utilities, you know, telephones and things like that, charge for use services and computing, You know, this was essentially a utility. It took power and converted it into computation, which is what computers do. But it was so primitive that it probably consumed a lot of power to the point that they charged people for that computation. Mhmm.

Speaker 5: So it's just such a such a it's a it's

Speaker 3: a cool look back in history.

Speaker 4: Yeah. The the last little detail that sort of clarifies that moment in time is that when they were arrested, it was Christiansen. All of the it it was still paper notebooks. Like, he had a a physical paper notebook that had the IDs of a 100 other users, like, hand transcribed into it, and a bunch of, like, profiles he created. So it was like, you you do this sort of first ever in Canada computer hack, but you're still writing it down by hand in a pen and paper notebook because like what device are you gonna store it on? The only computer you have access to is a $9,000,000 one or whatever it is, that probably weighs a couple tons at your university. So you gotta you gotta scribble them down on paper, and that's what the cops found when they when they arrested them.

Speaker 3: An IBM Selectric typewriter terminal.

Speaker 5: If you

Speaker 3: don't know what I'm what those are, they're essentially like dumb boxes that have a keyboard, AKA the typewriter, and then there's a terminal, which is literally, like, probably a monochrome screen

Speaker 4: Sure.

Speaker 3: That they would dial into this computer to access it. Like, most it's fascinating how much of, like, the UNIX system, because it's from, like, 1969, still has like, the infrastructure of the UNIX operating system still supports, and you can see how it was built to deal with things like one mainframe with a bunch of terminals connected to it.

Speaker 4: Oh, cool.

Speaker 3: Because that's kind of how it used to work. Sure. So it so it's like a lot of the pieces that build up the, like, Unix OS are, like like, terminals in them. Like, the like, all come from, like, this generation where, like, yeah. We're Forbes company, and we have a $10,000,000 supercomputer, and we have 13 terminals in the company that connect to it. And it's like like, the the computer on your desk was was nothing except for a way to dial in our network and connect to the, like, mainframe. Mhmm. It's like a hub and spoke model for computing.

Speaker 4: Well, that same basic metaphor has, like, in some cases, persisted to this day. Every time we have a a technical jump, I think of cloud gaming Yeah. Is what I'm working my way around to, where it's like, nope. You it doesn't matter the device. The device is just a a system for interacting with all of the processing that's happening way over here. We're handling all of that. We're doing all the computing. You just need a a way to engage with that system. And that's why I only cloud game on an IBM Selectric, typewriter computer.

Speaker 3: Typewriter. Yeah.

Speaker 4: Twenty seven forty one. I like that. It's the way to game.

Speaker 3: The only way to game.

Speaker 4: It's the only way to game.

Speaker 3: You could be you could be playing, like, MUDs

Speaker 4: Yeah.

Speaker 3: Like, old multiplayer text games. Like, that could be that could be your world. You could use your Steam Deck OLED to connect. I'm sure there's probably a

Speaker 4: A bet.

Speaker 3: A lot of mud servers still kicking around out there in the world. There's gotta be people that are obsessed with this old style of gaming. So

Speaker 4: It it honestly does sound pretty fun. You you get a little generative AI peppered into that, and you got a little a little text based dungeon master all your friends can jump into. Pretty good time.

Speaker 3: It's like a choose choose your own adventure books, like, but, like, in computer land.

Speaker 4: Totally. So this next call maybe demands a little bit of preamble. And I guess all I'll say is pay attention to the voices. We were sent two different audio files, They're the same content, the same words, but the voice that was used to filter and kind of conceal the original speaker is different in each one. And I'm curious if you recognize them, Scott.

Speaker 5: Okay.

Speaker 3: Hello, Jordan. Hello, Scott. I hope this message reaches you well. I also hope that you do not feel the sudden urge to sue me instantly for doing this. I'm working as an AI researcher, and I value privacy, and I did not want to publicize under my real name. So I wanted to provide you with an alternative that you can use for playback. That way, I decided to use your voices, but no worries. This is not eleven Labs. It's not run on a public cloud, just a local machine, and the models are already deleted. I thought that was the ethical right way to do it in this case. I was like the first couple words, I was like

Speaker 4: Wait.

Speaker 3: Did this guy break his nose 13 times too? Because he sounds he sounds nasally like me.

Speaker 4: I feel spin. Yeah.

Speaker 3: Sure. Different. Notably different, but kinda the same.

Speaker 4: So something similar going on there. It's sort of an accent. What accent do you think it is?

Speaker 5: We just gotta

Speaker 3: we we just gotta do it now and jump over and hear yours. But what accent do I think it is?

Speaker 4: Well, no. Play mine first. That that might help. Okay.

Speaker 3: Give me give me a better state space to make this call.

Speaker 4: But now that I did it, I realized that it might be confusing for your listeners to hearing your voices when it's actually not yours, but a guest. I'll see how you sort it out. We could also redo this with a third non Jordan, non Scott voice for clarity. Just contact me for that. And in this, I'll send you a version of broken voices, so you can choose what you want to edit together.

Speaker 3: Or, like, Polish maybe?

Speaker 4: I I flip flopped because I I listened to this. So for context, this caller called him with three stories. They're all pretty fun. We'll probably only end up talking about one of them here. There's moments later in the recording where I was like, oh, maybe it could be like a Polish or German. I'm relistening to the beginning. I'm 90% sure this is Irish hacked. This is Irish Scott and Jordan, empowered by AI because they don't think I can do an Irish accent. And if you're worried about getting sued, do not be. This is fun. Yeah, that you said to us, don't go do this for other things, and don't do this without people's consent generally. But, for the purposes of this, kudos.

Speaker 3: I think, I think we're gonna stay on Jordan's audio track here because I think we all know Jordan has the better voice.

Speaker 4: And now it's Irish. The third thing is about something that you have already, yeah, let's say, touched in some of your shows. It's it's about resellers and the, like, GPU scalpers or console scalpers. Three years ago coinciding with, COVID and the whole chip shortage, the global chip shortage, I decided I wanted to get my hands on a GPU. And and funny enough, I knew a friend who knew a friend who was very much involved in, like, the sneakerheads, sneaker shots, whatever you call it, like like resetting sneakers for tremendous for insane margins. And I wrote my friend, yep, tell the guy that they should get into GPUs, chip shortages coming and little did I know that they were on this way earlier than me. So he so my friend who knew that friend, thought that I should have a chat with his friend just because it might be interesting and boy was it interesting. So after a couple of minutes talking with that friend's friend, I realized that that guy had an operation running that was absolutely beyond my imagination. It was not just one person who was doing some reselling. I thought that person might have some bots for shooting, for sniping, couple of shoes. No. There was a whole community, completely organized over Discord, like with membership fees, $30 per month, various channels where bots were frequently crawling various websites for when something new appears and sometimes they could even predict when a new, like they call it a drop happened of a certain product like new PlayStation fives are coming on this and that websites like in two days. Be ready. They were insanely well organized.

Speaker 3: Can we talk briefly about the loss of economic utility as a species that gets spent on shit like this? Oh,

Speaker 4: for sure.

Speaker 3: Like, when I listen to that, all I hear is like, there's so many people. Like, sure, they can make a living doing it. It's kind of insane that they can make a living doing it. But it's like, if if we could just direct all of this utility that mankind spends on shit like this. I don't know what you mean. Describe it. We could, like, we could, like, cure cancer. Like, the plot.

Speaker 4: It's it's it's interesting how a really old fashioned economic process getting applied to a new thing in a weird situation sort of throws into sharp relief how odd it is. Like, this is just escrow like, you're you're buying something over here and you're selling it somewhere over here for more money. And the thing happens to be GPUs and it happened to be during the pandemic and you happen to be using a bot to do it. So it all feels very new, but it's like it's not really any different than, like, buying barley from where they have too much and selling it for more where they don't. It's the same basic process, but it has this fun cyberpunk spin to it.

Speaker 3: It's true. It's true.

Speaker 4: And talking with that friend's friend, he also told me, yeah, you you do some programming, I heard. Would you be interested in creating some Chrome plugins for us? I denied that request because I'm not that well of, web dev. But it turned out that there is a real market for these things. Like, that friend's friend who ran the whole operation told me so I don't know if, we can take his word for granted, but he said that he has bought, like, several tens of thousands of dollars in various shopping bots who help him with sniping these shoes and GPUs and consoles. And these, these plugins are not just one file that you get, but it's proper license management that you have to pay the checks over the web whether it's legit or not. And there is even an after selling market for these plugins. So when you don't need it and if you get your hands on better stuff, you can sell these things to other scalpers that will be very happy in buying these since there is actually artificial scarcity for these things. So the developers just issue maybe 5,000 licenses of when they find one exploit for a website so they can avoid, staying in the queue. And that whole operation was insane. And these people were very crafty just not just on the tech side, but they were also scouting, like, in the real world for business opportunities. So it was COVID and, in our region, it was very evident that the first winter won't have any gastronomy open, so bars will be closed. But we'll be allowed to have some drinks outside in winter. And what will people need in winter when they cannot stay inside? They will need these outdoor heaters. So they figured out in autumn that they should buy all available heaters of the area so that they then could resell these for, I think it was 30% more than their store price. Just because these things will be rare in winter because everyone is getting these. And the following summer, they realized that outdoor pools will be closed. So what will all families need? They will need pools for their gardens. They scouted every available shop like the Walmarts and Costcos and what's around and just bought these things like crazy. And the demand was just high enough so that they could upsell these things for 50% or even a 100% more. So just I call these crafty business So so is this ethical? I think it is. I mean it's just high demand and they fulfill the demand of people with a premium. But, yeah, one could argue with this and especially with the GPU scalpers who everybody hated at the moment.

Speaker 3: I believe it's called the invisible hand. Right?

Speaker 4: That's the name of one of the bots.

Speaker 3: I wouldn't doubt it.

Speaker 4: It's actually a pretty good name for a bot that does that. Spools in summer and heat lamps in winter for restaurants. That is wild. That is like buying and selling, like, a food commodity on the markets because you know that there's gonna be, like, a drought in some country level of, like, chess mastery four d kind of thing. That's wild to me.

Speaker 3: They've just they've taken commodity trading and forecasting to, like, micro commodities.

Speaker 4: Totally wild. Besides everything, I can just encourage you to to, research and get into these communities because I think there is a lot to unpack in these communities, like these scalpers and people who shop online and resell. These are crazy crafty people. So, yeah, that was it for me. I hope you found something interesting on my stories. Thank you for a podcast. Thank you for doing all this. It's I really enjoy it every time you release a show. Thank you very much. See you around.

Speaker 3: It's like part of capitalism, you know? They, like, figured out loopholes. Like, I I'm not even gonna lie. Like, I recently bought something. I needed six tools that you have to buy in a set of, like, nine things. And the ones that I didn't need are the most expensive. So I just wanted the cheaper six, but you can't really buy them. And they they do sell them single, but you they're hard to find. So there's literally eBay stores that just buy the full sets, break them down to the most commonly purchased groupings, and then resell them at a bit of a premium. So instead of me spending $300 for the full set, I managed to get the six that I needed for 110. But all in all, the the people that broke it down probably sold the whole thing for, like, $450. And it's like, I got a better service out of it. I got exactly what I needed. They made money doing it, and they provided literally a service by buying something and breaking it down and selling the the component parts. So it's like, how can you be mad at it?

Speaker 4: I'll find a way. The best defense of it is that I I called it escrow. I got that wrong. It it's like it is just it's arbitrage, like, we've known forever, maybe kind of ramped up a little bit, but that it's the same basic thing. Yeah. The best accusation is that it is bringing the tedium and price inflation of scalping that is usually reserved for, like, a couple of products, like concert tickets. It's bringing that

Speaker 3: Yeah. Totally.

Speaker 4: To just anything. It's like, oh, everyone seems to need the new iPhone switched to USB c, and so USB c cables are more popular, so let's just buy a bunch of them and ratchet up the like, it's just taking I mean, it's it's bringing commodities trading to every commodity. Maybe that's a better way of putting putting it. It's like micro scarcity. And, like, art it's weird.

Speaker 3: It is it is it is interesting. I bet there is a lot to unpack in those in those communities. I bet there's tons of stuff.

Speaker 4: I would like to get into one of those Discord channels. I I'm not sure what which one to start with. So if caller, you know of some that are cool, feel free to to reach back out because I am genuinely curious to learn more about this. The number of people that if you if you narrow your search to, like, twenty twenty one ish talking about, like, learning how to program bots just to try and get a GPU, it really speaks to the amount of desperation people have for trying to get a hold of these things and the amount of money people were willing to spend on these bot services to pay. I'm looking at the prices, conservatively double what their MSRP is. Like, launch price on a gigabyte RTX 3,070 was $5.69, and it was selling on Amazon for about $1,300.

Speaker 3: The I I think another thing that it well, it also, like, classic COVID economics here, but, like Mhmm. I think it honestly demonstrated to companies that they were undervaluing products that they were selling. Like, NVIDIA's, like, 30 series GPU GPUs were expensive, but their 40 series were, like, very expensive. And it's like, I think Yeah.

Speaker 5: Right.

Speaker 3: The reseller market showed them that they could charge more. It's like kinda what goes on in concert and sports tickets. Like, you know, the hockey playoffs are on. The cheapest ticket you can buy face value to a game is, like, $300 or more. But the the there's actually the opposite thing happening now where, like, the other day, we were looking at tickets to go see the Edmonton Oilers play in the playoffs, and I could get seats thirty minutes before the game, people fire sailing them for, like, a $125 a seat. So, like, the the people purse like, saw that COVID boom, raise their prices, and now we're kind of in the low recession piece behind the boom, and people are not willing the demand's just not there anymore. Like the like the NVIDIA 50 series GPUs, I could see them coming out at a lower price because I just don't think that many people could justify $2,500 for a GPU. Mid COVID, sure. Like, everybody was, like, trying to get their hands on a thirty ninety, and and they were spending buttloads of money to get them. So NVIDIA capitalism worked. It pushed the prices up. Next thing you know, the demand's not there for it at that price point, so it's gonna correct back down and such as, you know, the market function.

Speaker 4: Yeah. It's the market did function. It's this weird thing where, like, it let's just talk, I guess, about how lucky NVIDIA is that a Lucky. Global event that cost people, I would say lucky if you like, look at the timeline. They were profitable before COVID. Mhmm. COVID locked people indoors, so the thing they wanted to do is game. Mhmm. And through that process and through stuff like this collar, the actual value of the product was revealed to be much higher than they had been pricing it for. Mhmm. Again, during the years where they were still profitable, they weren't operating at a loss. They were making a profit on each of these things. They was just revealed that they were much higher. The price of Nvidia starts to go up as a company. Right as that's supposed to be stopping, and the market would be like, oh, you know what? Let's start bringing these prices back down. The demand isn't, like, quite as intense anymore. Boom, AI. Like, AI just pops off right as that line would have started to go down. AI starts happening, and we are looking at an NVIDIA that is, I think, the third biggest company by market cap in The United States Correct. Which was not the case before those two things that happened in rapid succession happened.

Speaker 3: Well, the the the one thing you're leaving off that timeline is crypto mining. So so Good call. Yes. Nvidia used to always have substantial benefit from the crypto miner market. They bought tons of these. That's true. Part of the demand that led to the 30 series GPUs going up was the increase in crypto prices that happened during COVID. So all of a sudden, mining was in super high demand, so people were buying so much, like, so much capacity to mine. They were shooting up the prices of GPUs.

Speaker 4: That's true.

Speaker 3: That that kind of went away to some portion, with Ethereum, and it totally cut the knees out from the demand that had come from the crypto space. There were still some there, but it wasn't nearly what it was before. And then the prices were too high. Like, you can actually see this arc in their stock chart as it goes from, like, you know, a $135 up to $315, and then kind of waddles down over the, like, $20.22 to, like, a $120. And then you can just see AI hit, like, May 2023.

Speaker 4: Yeah. Right.

Speaker 3: Boom. Go from $300 up to, like, 950. Anyway, digressions aside.

Speaker 4: It's it's fascinating. Like, Jensen Huang is obviously an exceptionally talented business person. Mhmm.

Speaker 5: And

Speaker 4: they make a product like the it it's the pickaxe metaphor. Like, they're making the pickaxe. I totally get that. But it does definitely feel like a person who jumped off a roof onto a trampoline, bounced really high up into the air, and right as they start coming back down, the next trampoline delivery people show up and place the next trampoline below them in the form of and they bounce off that one again, and then right as they start coming back down again, the next trampoline delivery people come in and place another trampoline in front of them, and they bounce off that one called AI. It is this, like, wow. Like, you just keep getting higher and higher. It's impressive.

Speaker 3: The commercial in your I love your sports metaphors. You know, you got the sprinter with the needle full of steroids. You got the trampoline kids. That's great.

Speaker 4: That one I I was laying down the track as I was going on that one. It felt a little shaky. So I appreciate you saying that.

Speaker 3: But but the the real like, as a as an avid investor, the real question becomes like and we were digressing hard here, but like Sure. Is there gonna be another trampoline, or is, like, NVIDIA gonna land in the treetops? And it's like or are they gonna fall to the ground? Like, the commercial orders for, like, massive AI computer systems powered by NVIDIA is huge. Like, Facebook, I think, is spending. Like, all of those big, you know, tech companies are probably spending more money with NVIDIA now than, like, anybody else. Mhmm. Like like, they're they've gone from, like, a consumer graphics card company to, like Yep. A like like, from one of our stories, like, a massive supercomputer company. Like, I bet if I just Google Facebook, NVIDIA super computer

Speaker 2: For sure.

Speaker 4: Oh, for sure.

Speaker 3: They I'll get some story about Facebook spending, like, you know, $17,000,000,000 on some supercomputer.

Speaker 4: I think the other thing that could happen is more people get thrown onto the trampoline. Like, it's only a matter of time until I literally yesterday, Apple released, on device AI models that are obviously running on Apple Silicon. Like

Speaker 5: Mhmm.

Speaker 4: We're gonna get stuff running on AMD. We're gonna get stuff running on a bunch of on, like, Qualcomm. We're gonna get stuff running on things that aren't just NVIDIA GPUs. Because if this really is gonna be how we like, a core part of how we do all our computing moving forward, it's not just gonna be bound to that one, one manufacturer. That doesn't mean they're not gonna keep being a massive part of it, though.

Speaker 3: Well, there's some and, like, we're just talking consumer tech here, but, like, there's some really interesting stuff going on in the, like, Qualcomm, like the Snapdragon X Elite chips. Like the like, AMD finally like, Intel is not AMD's main rival anymore. It's it's gonna be Qualcomm. Like, the the new Microsoft Surface Pro are coming out with Qualcomm Snapdragon X Elites, which are essentially, for lack of a better comparison, they're Mac

Speaker 4: chips. Like system on chip. Super Totally.

Speaker 3: Yeah. They're super power efficient, super high processing units. So it's like, and they've come from the self world where they needed to worry about power use. They needed to worry about size. They needed to worry about all those things, and now they're building them into laptop and tablet chips. You know, and they're they're gonna be when when I don't know if you follow the chip world at all, but, like, Intel's new line of chips are having nothing but thermal throttling issues, like, to the point that people are delidding them, like, they're taking the metal processing chip, which is, like, risky. Sure. But they they're so thermally bound. Where then you go to something like a Mac, like, I'm sitting in front of my Mac laptop right now, and it's got boatloads of processing power, and it doesn't even have a fan in it. Like, it doesn't doesn't create that much heat.

Speaker 4: Mhmm.

Speaker 3: So I think it's gonna be an interesting, like, you know, five, ten years in the chip space to see who comes out as the winner. Like, Intel used to be big blue and be the leader, and then AMD was kind of the little, you know, punchy sidekick. And now it's like it's kinda shifting around, and you're not quite sure who's gonna be at the top.

Speaker 4: I think it's only a matter of time before some of those other chip manufacturers managed to try and, if not catch up with what Apple's doing with that system on a chip stuff on Mac, Get very very close because it was like they they had this massive jump forward. They took out a huge lead, and the thing that was holding it back is like Windows, you've been able to run Windows on ARM for several years now. I think it was Windows RT or something. It was just by all accounts not very good. Not because it didn't work well, but because nothing every almost every piece of software that wasn't Windows had to run-in an emulation layer, like, layer in order just to work on it.

Speaker 3: Mhmm. They still have that.

Speaker 4: And so everything is just inadvertently slower. But, you know, that's just a software bra. It's like, eventually, most of that stuff That's solvable. That's solvable. And eventually, if more and more of those computers start getting sold, software manufacturers will have an incentive to rebuild their stuff in it, and, eventually, they'll catch up. We're we were talking about NVIDIA on our cybersecurity show. We have drifted, and I stand by it.

Speaker 3: Well, one one last one last thing on the NVIDIA thing is the chat. I just actually found Facebook's some analyst has done an evaluation of approximately approximately what just Facebook is gonna spend at NVIDIA this year. So, apparently, they're looking to buy 650,000 h 100 cards.

Speaker 4: Oh, wow.

Speaker 3: Long term. But just in this year, they're looking to spend approximately $9,000,000,000 on GPUs from NVIDIA. That's just I think that's meta.

Speaker 4: It I think that honestly makes a ton of sense. Like, I don't Yeah. See how you try and keep that company afloat without building a bunch of headroom in. Like, to me, that's a that's a headroom acquisition. It's just like whatever we do next, we're probably gonna need these.

Speaker 7: I remember

Speaker 5: I don't

Speaker 4: know if I read it or heard it, but I remember hearing about how, say, the the process of serving people content that they actually wanna see on a vertical video platform like Instagram reels or TikTok gets way, way, way, way, way better the more processing power you have because it's the amount of, like, potential videos that we know you would like that we can have ready to go. So the second you scroll, we have it ready. Uh-huh. That is deeply bottlenecked by the amount of these things that you have. If you buy more, it's like, well, we used to be able to have a thousand videos ready to go based on your behavior. Now we can have, like, 50,000,000 videos ready to go based on what you do and go, okay. It's this one that they're gonna wanna watch next. It has weird applications.

Speaker 3: Totally. Should we end our random digression there?

Speaker 4: I think so.

Speaker 3: Call it a day?

Speaker 4: I think I think we call it there. If you wanna submit your call and spark a giant tangent, you should go to hollymhack.com, where you can share your strange tele technology, your true hack, or computer confession. We have a phone number that you can call, +1 (888) 281-8869, or you can go to the site to submit audio, or you can, use the email there and submit it that way. Submit however you want. Submit it as text, call in, submit a AI version of us with a accent. That person used the term gastronomy to refer to restaurants, and that feels like a clue.

Speaker 3: Yeah. Yeah. Keep going. Keep going.

Speaker 4: I I and I I'm, like, German, French? Like, it I I I feel like I have a German friend who I heard use that once, and it totally shifted my guess of where they're from. I don't know.

Speaker 3: I think listening to the entire thing and not to snap judgments and the Yahweh, I think I'm going here's my order. I'm going hard Dutch. Like, 85% of me believes Dutch. And then the other 15% is is gonna be the, you know, Germanics. It's gonna be Swiss German or it's gonna be, you know, high German. Mhmm. But I'm I'm thinking Dutch.

Speaker 4: Yep. I I can see that. Watchi's from Manitoba, and we're just really, really bad at accents. Share your call. Call in. We wanna hear from you. If you wanna support the show, hackedpodcast.com redirects to our Patreon. It's a great way to support it. We're deeply appreciative. And then since you made it to the end of this bad boy,

Speaker 3: a thing that would mean

Speaker 4: a lot to us right now is just tell someone you think would like Hacked about Hacked, all the classic Internet show stuff. Jump in and give us a real good rating and a little comment. It all it all helps a ton to get the show in front of new people, and it means a lot to us. Totally. We love you all. We love you all. We'll catch you in the next one.