Pondering the Worldcoin Orb + the Gang Who Cracked Outlook + Hacking Together Superconductors for Fun and Profit

Speaker 1: Sam Altman, CEO of OpenAI

Speaker 2: Chat g b t guy.

Speaker 1: Has a new project centered around a $5,000 silver spherical camera called the Orb that is used to capture biometric data and that has already sparked a black market for biometric IDs in China. So my question for you, Scott, is are you ready to ponder the orb?

Speaker 2: Is it something that needs to be pondered?

Speaker 1: Like a wizard peering into a crystal ball. It's orb ponder in time, Scott.

Speaker 2: You know my soft spot for fantasy, Jordan. So, you you know, if we've got a ponder in the orb, let's ponder in the orb.

Speaker 1: Sam Ullman's got an orb and it needs a ponder in. On this episode of Hacked, we are talking about Worldcoin. We're gonna talk about how a vulnerability in Outlook allowed storm five five eight, a Chinese hacking syndicate, to infiltrate the email systems of 25 government organizations. And while we don't normally dabble in science, there aren't normally people trying to hack together a bleeding edge superconductor out of match heads on Twitch. So I think we should talk about l k 99, the superconductor taking the Internet by storm, and I think the very cool history of amateur scientists trying to verify and contribute to big scientific discoveries.

Speaker 2: Well, I think we should hearken back to a bit of cybercrime stuff, and we're gonna talk a little bit about, sixteen shop, big phishing outfit that got shut down recently. And also talk a bit about OpenBullet, which was, is a web security tool that has found itself, hacked.

Speaker 1: All of that and more on this chatty episode of Hacked. Before we get into that, because this isn't a great way into it, how are you doing, Scott?

Speaker 2: I'm doing great. I, was away biking. I only dislocated one, part of my body. So that's great. What? Yeah. I've dislocated it.

Speaker 1: For forty five minutes, and you didn't tell me that.

Speaker 2: I fell, I fell biking on the second day of our mountain biking trip, week long mountain biking trip, and, dislocated my left thumb. And so I spent the rest of the time fishing, capital f fishing, not p h fishing. And, yeah.

Speaker 1: Need your thumb for both, though.

Speaker 2: I do. Yeah. But it was, fishing was much more, you know, much less intensive and much less risky if something goes wrong and your thumb fails you when you're fishing than when you're descending a mountain on a bike. Yep. So, yeah, it's, it's feeling better. I've been doing little physio exercises and stuff like that, so my my my hand is coming back together. I went to the driving range last night and hit a few balls to see if I could golf, and, it looks like it's gonna be okay. So I think I've got a few golf games that I've had planned for a long time coming up. So I'm happy that my thumb is not totally broken. But I got an X-ray. All good. It's been a been a wild summer for my hands. This is, I've got a sprained finger, a broken pinky, a dislocated and sprained thumb. So

Speaker 1: To heart.

Speaker 2: And my hands are hands are not loving me this summer. You know?

Speaker 1: Thumbs up for hand health, man. You gotta take care of those things.

Speaker 2: Yeah. Join my new my new, my new, charity. You know? All in for hand health. All in for

Speaker 1: hands in for hand health.

Speaker 2: Hands in for hand

Speaker 1: health. This thing writes itself. What what am I doing right now?

Speaker 2: What's that?

Speaker 1: I've been good. You've been good? Taking it easy. Just just enjoying the summer. Mhmm. Chatting about some cybersecurity with Lorenzo last week. Having a good time.

Speaker 2: Listen to the episode while I was away. Great great job. You know? I

Speaker 1: Appreciate that. Thank you.

Speaker 2: I hope that people out there value how great you are at your job.

Speaker 1: Oh, well, aren't you too kind? Aw. You as well. I know. Oh, there it is.

Speaker 2: Well, we are about to make the same transition. Do you know who does value it? New patron, Walt Spielman. Thank you, Walt. Appreciate it.

Speaker 1: Appreciate the heck out of you. Also wanna thank David Wakeley for supporting us on

Speaker 2: Patreon. Yeah. Big fan. Sean Moffitt. The one and only. Huge fan. Instant legend.

Speaker 1: One of the greatest to ever do it. JS, really appreciate your support. Thank you so much. Mhmm. Mhmm.

Speaker 2: And, Matthew Fisher? We can't forget Matthew Fisher.

Speaker 1: Oh, we're gonna forget Matthew Fisher. It's it's it is Matthew Fisher show right here. And last but certainly not least, I'm talking about big Mike.

Speaker 2: Big Mike. He might be a little Mike. We don't know. We just know that he's Mike.

Speaker 1: We just know Mike.

Speaker 2: Thank you, Mike.

Speaker 1: Just Mike. Singular. One name. Like,

Speaker 2: share Is it a Michael?

Speaker 1: Thank you, man.

Speaker 2: Is it a Mike? Who who knows?

Speaker 1: Mikey. But Who knows?

Speaker 2: Mikey? If

Speaker 1: you want to join this, prestigious group of people, you can go over to hacked podcast, a redirects to our Patreon. It's one of the best ways sports best ways to support the show, and, your support means the world to us. So we haven't talked about this yet. July 24, a little company called Tools for Humanity launches something called Worldcoin. Have you been following this story, Scott?

Speaker 2: I've seen blippets of it as it was kinda rolling through. Granted, I I was away. So I was just when I was, you know, taking the time to completely depart from being social with all the people that I was with and to stare at my phone for a while. So I did read a bit about

Speaker 1: it, but

Speaker 2: I'm not It happens. I will fully admit that I am

Speaker 1: not fully up on this. Okay. There's a lot to it. I'm gonna try and take you through it as best I can.

Speaker 2: Let's hit it.

Speaker 1: Worldcoin is a cryptocurrency based biometric ID project. I think it's probably the best way to explain it. Created by a company called Tools for Humanity that was cofounded by Alex Blania and, importantly, Sam Altman, the founder of OpenAI and the creator of ChatGPT.

Speaker 2: So they're creating a token to confirm humanity from the people that are creating the AIs.

Speaker 1: Yeah. You basically got it. So the idea here is that as AI becomes more popular and common on the Internet, it's gonna get harder and harder to figure out who is an actual human on the Internet and who is just a very sophisticated AI chatbot. And the goal is to use biometric data in order to create some sort of a verification system, this biometric ID that lets you know that this person on the Internet who was logged into this account is a real person. And then, so hold that idea in your head, biometric ID for the Internet.

Speaker 2: Mhmm. Mhmm.

Speaker 1: And then the other part is that theoretically at some point in the future, something something cryptocurrency, something something universal basic income. That this Sorry? Biometric ID would be would be used to enable a cryptocurrency token that could be the foundation of a universal basic income. If you were to have a truly global universal basic income, you would need some sort of identity verification process that transcends governments. Why not use biometric data that you've given to this project? That's the two big goals of this thing. Does that make sense?

Speaker 2: No. It doesn't make any sense, which is why I'm immediately infuriated. This is just another and, like, we we talked so Jordan and I usually have, like, a little catch up before we start recording these episodes. You know, we don't live in the same city anymore. We don't see each other every day anymore. So we kinda, like, convene, and we were like, you

Speaker 1: know what?

Speaker 2: Maybe we today is the day where we should be less hard on crypto, but, like, this just brings me right to the depths. It's like, hey.

Speaker 1: Start with World Courier.

Speaker 2: Like, we're making a token, and its big selling feature is if you believe in UBI, universal basic income, you should get in on this token. And it's like, this is just it just feels like another marketing ploy for these people to be like, oh, you're a supporter of UBI? Yeah. Yeah. World coins for you then. You should definitely, like, invest and get in on it.

Speaker 1: Mhmm.

Speaker 2: And it's like, there is no way that this coin well, that I have a number of problems from what you just said already. One, there's no way that they're gonna be able to provide user reversal basic income from this token and camera. Two, doing online biometric verification. So let's just talk through that briefly from a technical perspective. Really, what you're doing is scanning something, eye fingerprint, whatever, turning that into digital information, which is hackle. Mhmm. And probably, you know, using some form of algorithm to generate a unique key value. Let's just call that a password for complete analogous reasons, encrypting it and then sending it across the Internet. So really what we're talking about here is that everybody's just gonna have a password that's based on some physical trait. And as we all know, passwords never get hacked and are completely super secure. You know, databases full of unique keys. Yeah. It never happens. So I have no idea, a, how they're gonna provide basic income, and, b, how any of this stuff will be secure or any more secure than anything else. Literally, a password that's stored in your head is probably harder to copy than a password that's stored by a camera because at least, you know, the you can probably create if you understood or could hack their algorithm, and lots of

Speaker 1: this

Speaker 2: code exists in the blockchain. So if you knew it's gonna generate the the token that verifies you biometrically Oh,

Speaker 1: yeah.

Speaker 2: You could take photos of these people and stuff like that and generate your own token. Like, will this be less secure than just a basic, you know, password 2023? Anyway, I I don't know what got me so turbocharged up on that, but the basic income thing because, like, I believe in basic income. I think it's like

Speaker 1: I know you do.

Speaker 2: It could be, like, a good thing for mankind, and I hate to see it being leveraged to, like, throw into a marketing pitch about a token. Just drives me up the wall.

Speaker 1: I like that I got one step into my notes, and you were like, just let me cook. Like, I got some takes.

Speaker 2: Got some takes.

Speaker 1: Oh, that's great.

Speaker 2: When do I when do I not have takes?

Speaker 1: Yeah. I mean, I should have known that the the UBI being evoked on the context of crypto would have, would have elicited a response. Okay. For anyone that doesn't know enough about this for the solve, it makes sense. The basic idea here is that, they've created these blueprints for this orb. It's this camera module thing, and it's an open source plan. People around the world are building them. And the idea is that you go to one of these orbs, they take a bunch of photos of your eyes and your face and capture a whole bunch of biometric data. That information is on the device encoded into this numeric string that I I think the way this works is that that is used to generate a hash that is then used when the world ID like, the world coin ID and corresponding token are minted on this Ethereum based blockchain they've made. So your biometric data is turned into this number that is then used to mint your your coins. You get about 50 of them to do

Speaker 2: your Call that a passphrase.

Speaker 1: You could you could sure call that a passphrase. It means there was a real human being, around at some point when the account was created, but we're gonna get into how that's not secure at all.

Speaker 2: Yeah. I was gonna say, was there? I feel like I could find enough photos of Jordan Blumen's eyes to generate a generate a basic biometric key for your eye.

Speaker 1: Well, I'm open to the idea that you can there there's types of biometric data that couldn't be fudged with a simple photograph. You get two cameras and some depth is in play, and a and a two d image isn't gonna work. However, however, as of right now, two it was 2,000,000 to 2,200,000 people have signed up and been scanned by this thing around the world.

Speaker 2: Allegedly. The tokens themselves. Scanned.

Speaker 1: Yeah. No. That's true. I honestly believe that a really big chunk of people have been scanned. Why they've been scanned is where this gets thorny, but we'll get to that. The actual tokens themselves are in varying degrees of actually being issued to people who have had their faces scans scanned based on the legality of these coins where they live. The concept of trading, like, biometric data and irascans for cryptocurrency has naturally been criticized by a lot of people already up until this point. Mhmm. Edward Snowden has come out against this idea of using biometrics for, like, identification on the public Internet.

Speaker 2: Pass phrasing?

Speaker 1: Exactly. The response of the company has been that, unless the individual specifies otherwise, the raw images captured by the orb are deleted, and only that numeric representation is kept on file. But if the numeric representation works at all, that should be functionally the same thing, in any

Speaker 2: case. Theoretically.

Speaker 1: Theoretically. The goal of this project is clearly global. So far, it has been there have been scans done in 30 different countries, five different continents. In Kenya, the government has ordered Worldcoin to stop collecting data while it reviews the project for for potential privacy and security risks. They, the communications authority there is evaluating Worldcoin due to a lack of clarity on the security and storage of those iris scans. Regulators in France, Germany, The UK are also evaluating the product. The app that you need to use it isn't available in some current countries in China. There's an unclear regulatory state in The United States. Really, at this point, like, if you were to go do it right now in a place where they could actually issue the tokens, given that this World coin ID does not currently do anything Mhmm. Really all you can do with this is like good old fashioned speculating on tokens Internet gambling.

Speaker 2: Love it.

Speaker 1: A token trades for about $2 right now, making your eyeball scan worth about 50 to 60 US dollars. I think you get, like, 25 coins. And that price helps explain why this service, those 2,000,000 people have been quite popular in some of the poorest countries on earth. There's been several bits of reporting that suggest that the people in the lineups to get their eyeballs scanned do not have a great understanding of what Worldcoin is or what it might be good for other than you will get paid to give your biometric data to this project.

Speaker 2: I don't know. It just seems I don't I just I just don't even know what to say. It just seems just seems like it seems. You know?

Speaker 1: Well, maybe the black market will make it better. To maintain privacy, the unique cash that's generated by the orb, that's used to make your tokens and create that world ID on the blockchain, it doesn't include your name or the data from the scam. It's not tied to your legal identity, only your biometric data. Yeah. Biometric ID.

Speaker 2: And your wallet.

Speaker 1: And your wallet, which is good in a sense from a privacy perspective, but bad from a commoditizing biometric data perspective. Because it means that theoretically, your unique biometric ID, at least in the current incarnation, can be sold to other people. The project is banned in China, but there have already been reports of an emerging black market for this iris data in China where people are reportedly buying detailed scans of people's irises to claim coins for the Worldcoin project. The company is claiming that it's modifying the sign up process and is using dynamic instead of static QR codes to cut down on the style of abuse, but this really seems structural to me. And now we've got a race between people trying to circumvent the system and those trying to secure it, which, famously, is very hard to do. To date, there have been other security issues with this project. And, again, it just launched July 24. So far, hackers have managed to install malware on several of the orb operators' different devices, gaining access to the Worldcoin online portal, displayed earnings sign ups gathered through device. Several orb operators login credentials have been already circulating on dark web marketplaces. There are reports that alleged that the orb operators logins didn't even necessitate two factor authentication. That's not confirmed. But if it's true, deeply disappointing for a project like this. I think this kinda brings me back at least to, like, who's who's funding this? Where is this coming from? World coin is in the middle of a $100,000,000 plus funding round according to the Financial Times. They're they're on the prowl for money for a crypto project in 2023, which is a hard, beat to be on. But it seems to be working because it has the support of Sam Altman, the sort of wonder child of modern AI.

Speaker 2: Sure.

Speaker 1: I I think, however, that as with all of these projects, it's probably worth talking about I think they call it the tokenomics of it all, AKA, is this a rug pull? For anyone that doesn't know in crypto projects, you make a crypto project, you keep 30% of the coins yourself, You hype it, hype it, hype it. People start buying them, drives the project the price of the thing up, at which point you sell off all the stuff that you originally had from founding the project, make a bunch of money, and walk away. You pull out the rug on the people left holding the coin, the bag holder.

Speaker 2: Very, very common in the crypto space.

Speaker 1: Exceptionally common in the crypto space. And I am certainly not accusing this of being a rug pull, but I think it's at this point, to be responsible, you have to engage with that question. The total supply of Worldcoin tokens is capped at initially, I think, 10,000,000,000. Three quarters of that amount will be distributed to users over the next fifteen plus years. The remainder is split between tools of humanity staff and investors who have to refrain from selling them for various periods. I think the shortest one is about twelve months. Mhmm. At launch, a maximum of about a 143,000,000 tokens, a 100,000,000 of which are loaned to third party market makers whose job is to provide liquidity. This arrangement has naturally raised concerns among certain experts in tokenomics. But what it basically means is we are looking at a project with a 15 plus event horizon, talking about, creating biometric IDs you use across the Internet and a token that becomes the foundation for a global universe universal basic income, the creators of which are allowed to sell it in about a year. That doesn't sit super great with me.

Speaker 2: This whole this whole idea of of of, like, turning any piece of information into a token and then assigning it arbitrary values and letting the market and then essentially, like, gambling occur around it. It's just Yeah. It's just it's just such a fascinating period in in time that we live in. It's like, if somebody was like, hey, we're worried about AI. We wanna start creating a database of biological identities to make sure that we can, like, license this to the governments and, like, you know, etcetera, etcetera to prevent fraud. And that's fine. Why it needs to be done under the guise of a crypto token that has essentially a market surrounding it? Very surprising to me. Like, it just it's this this desire to turn everything into a gambling chip is, like, just such a weird just an interesting time in a humanity's timeline.

Speaker 1: The ultimate goal of this, according to its founders, is to increase economic opportunity and potentially show a path to AI funded UBI. There's the larger question of whether or not you think these are goals that a crypto project could or should even take on. Being good at one thing, crypto and AI, doesn't mean you're necessarily good at another. Global wealth distribution. But that's like a big muddy philosophical thing. I have two practical questions about Worldcoin. First, is should you trust a project that is launched despite being so incomplete? The governance model is incomplete. It is in process. The actual availability of the tokens, not a given depending on where you live. The cart is firmly before the horse on this project, and it is a it's a lofty cart. The second issue is there's this idea that this is a project with a fifteen year, if not decades long time frame, but whose founders who hold a huge portion of these coins have decided they can sell theirs much sooner. The question there is, will they, and how many people will have bought into this by scanning their faces by the time they do? Those are my questions about Worldcoin amongst others.

Speaker 2: My my question is, you know, just the big why.

Speaker 1: Big why.

Speaker 2: And, like, what value what, aside from the $50 or whatever it is

Speaker 1: Mhmm.

Speaker 2: You're receiving a few of these tokens, which could be worth nothing in twelve months or four months or twenty four hours.

Speaker 1: Mhmm.

Speaker 2: You're essentially gambling with your biometric data at this point. You're not just gambling with a bit of, like, money that you made. You're gambling with, like, yeah. I'm gonna trade my biometric data for some tokens, and, hopefully, those tokens appreciate in value. I don't know. Yeah. I don't know.

Speaker 1: To the moon. To the moon. Well, it'll be good for the investors, including, I think you pointed this out when we were chatting about this before, potentially Sam Bankman Fried, who is, who is, I think, part of that $100,000,000 seed funding ground.

Speaker 2: The, I wonder how these I wonder if that's gonna compromise this project a bit. Oh, probably not. I think it's I haven't been following his trial, but I know I've heard that it's going better than it should be. Like, he's For him. He's, no. No. I mean, like, good like, it's been too good for him. Yeah. Like, they're, like, like, considering dropping charges and things like that, which to me seems

Speaker 1: Well

Speaker 2: maddening given it's what what's his what was it? Like, 11 bill?

Speaker 1: Oh, I've lost track.

Speaker 2: That. They're

Speaker 1: all just imaginary numbers now in my head.

Speaker 2: The the other thing I did see, and I I haven't done any big digging into this, but it just touches on Sam Bankman Fried, is I found or, like, saw some I'm gonna call it a Twitter thread, but it's actually an x thread now. Sure. All Internet sleuthy, you know, conspiracy theory that Sam Bankman Fried actually ran a rug pull from house arrest for the BOLD token.

Speaker 1: Oh my god.

Speaker 2: And there's, like, all of this data. It's actually so when I first saw it, it was like this one thread. I can't remember the user's name. He had put all of this random, you know, pins and pins and yarn stuff together being like, we think Almeda people, notably, the voice and tone of all the posts and chat is is very SBF y. And it would anyway, now it's been covered by, like, tons of news sources. So it's like lots of people are like, oh, did Sam Bankman Fried, you know, do a rug pull to get some extra cash to fund his lawsuit? And maybe he did, allegedly. Allegedly.

Speaker 1: I would

Speaker 2: There's I would So

Speaker 1: Yeah. I mean, I'd have to imagine that is probably, not part of his bail conditions given that he is under house arrest right now.

Speaker 2: I'm imagining it would be a large violation to execute a potential alleged financial scam for being on trial for financial scams.

Speaker 1: My favorite part about this is that, apparently, Bankman Fried's parents so Bankman Fried, for whom that doesn't know, is under house arrest in his childhood home in California. His parents signed an affidavit stipulating that they would install, like, surveillance and monitoring software on any computer he used to restrict his access to the Internet via their home connection. The former FTX, like, executive is supposed to just be using he can't use anything more advanced than a flip phone. And I just really, really enjoy the concept of Sam Bankman's parents having to stare over his shoulder and make sure that he is not doing a massive crypto rug pull scam while he is awaiting trial in an alleged much larger crypto rug pull scam.

Speaker 2: Wow. Let's let's just for, you know, good cybersecurity chatter

Speaker 1: Sure.

Speaker 2: Let's just assume Sam Bankman Fried is technologically very competent because I feel like he would be.

Speaker 1: I think so. I think it'd be pretty hard to to keep a lock on that guy if you were trying to.

Speaker 2: Let's think about how easy it would be to bypass anything that your parents are expected to install on the computers. Like, come on now.

Speaker 1: Yeah. No. I'm just try I'm imagining that face off between me me and my parents and just trying to imagine how that would go, and it's that's that's just good stuff right there.

Speaker 2: Yeah. Yeah. Yeah. Top top notch.

Speaker 1: Are you Top notch.

Speaker 2: I would've I would've assumed they would, like, wrap his house in a Faraday cage and

Speaker 1: Totally. Like, put him inside of a Faraday cage like Magneto or something.

Speaker 2: Yeah. Cut cut cut the utility lines coming into the house. Totally. Like, just remove the computers.

Speaker 1: Yeah. There's just no computers in that house. I think it would be fair to be like, if you're going to be under house arrestor, you can have a flip phone, and that's it. And so help us, god, if we find an iPad in here, it it's over for you.

Speaker 2: Yeah. Literally. Like, everything's in the cloud these days. You just need like, you could probably you could probably run one of these things from, like, a Chromebook that you can pick up anonymously for cash at, like, the nearest Best Buy.

Speaker 1: It's true.

Speaker 2: Anyway anyway, we can transition off of crypto.

Speaker 1: Let's talk Sorry. About some allegedly state sponsored hacking. Why don't we?

Speaker 2: Is it crypto related?

Speaker 1: It's not. I think there's not a single drip of crypto in here. That's like an episode and an intro's worth of crypto. Let's let's just leave it there for the for the rest of this bad boy.

Speaker 2: I'm with you. I'm with you.

Speaker 1: So last couple years, it's been pretty good to be in the, cloud business solutions business.

Speaker 2: For sure it has.

Speaker 1: There's a lot of people working remote. And I think, generally speaking, there it's some of these services are quite popular amongst IT professionals. You don't have to manage your own security anymore if you're using Microsoft's.

Speaker 2: Yeah. Or any of the other ones? There's a bunch of them now.

Speaker 1: The downside, however, is that a sing single compromised piece of cloud based software can grant, you know, a hacker access to data from a whole bunch of organizations, some of which are very important as we will discuss. The past month, Microsoft reported that Storm five five eight, a China based hacker group known for targeting Western European governments, accessed the cloud based Outlook email systems of 25 organizations, including the US State Department and The US Ambassador to China. The full extent of this breach is still under investigation. The US Cybersecurity and Infrastructure Security Agency stated that the breach had led to the theft of unclassified email data from several of those accounts. So looking at a pretty serious government hack here. It's worth looking briefly at the mechanics of how web based cloud systems work. When you enter your credentials, as a user, you receive a little token. I'm not talking about crypto tokens. You get this little little user ID token after you enter the credentials. This token acts as like a temporary ID, enabling you to navigate throughout this cloud system without having to constantly reenter your details every single time you click. Mhmm. Those tokens are sealed with a cryptographic signature to prevent forging them. This signature uses a unique, like, key possessed only by the cloud service. That key is very important to this. While we don't know how they did it, the hackers at five five eight got a hold of one of those cryptographic keys, allowing them to produce their own authentication tokens that act as proof of a user's identity. Mhmm. They exploited this flaw some flaw in Microsoft's token validation system, signing general user tokens with this stolen key, allowing them to access more secure enterprise grade systems. One piece of coverage I really liked used the metaphor of, it's not stealing a passport, it's stealing the whole passport printing machine. Mhmm. And like a country issuing passports, Microsoft, the cloud service in question here, has a lot of citizens, including these 25 government departments.

Speaker 2: Like, if you think about how many people use Outlook and, like, Outlook's web services and Microsoft Mail, it's it's aside from the list of government departments that they've given us, the amount of places that it hits is probably outstanding. Huge. Like educational institutes, research things, defense contractors, like, you name it.

Speaker 1: Mhmm.

Speaker 2: It's probably touching touching tons of very sensitive data.

Speaker 1: Oh, completely. And

Speaker 2: when you've got the when you've got the ability to just make user credentials and just check out you know, log in and check mail, like, that's pretty like, in a in a world where knowledge is power, that's a lot of free knowledge.

Speaker 1: It's a lot and a lot of free power.

Speaker 2: Yep.

Speaker 1: Yeah. When the headline reads these 25 government organizations, including the US State Department, that means that those are the 25 that are worth

Speaker 2: talking about. Exactly.

Speaker 1: And it kinda would suggest that that token gave them access to, potentially a much larger group of people, but that as a, allegedly state sponsored hacking group, you would naturally veer towards, your ambassador, the state department of a a political rival. So in response to this, Microsoft has blocked all tokens associated with that stolen key. They've issued a new key. Mhmm. They have improved the security of the key management systems. I do not doubt for a second that their response was very significant to this. But it does bring up theories surrounding the breach. How did this happen? One theory suggests that the key might have been taken from a customer server that runs an older Outlook, setup that still had some older vulnerabilities in it. Mhmm. Another theory implies that the token sign key might have been stolen from Microsoft itself. We don't know how. Could be social engineering, could be misconfiguration, could be exploiting errors in the cryptographic process, but it could be that Microsoft is where that token signing key went out. How they got it, it's unclear. It's worth noting there have been other token based breaches. Russian hackers responsible for the SolarWinds attack also stole Microsoft Outlook tokens to extend their reach within those networks. See, but

Speaker 2: that that was, I think they just stole the actual tokens off the computers.

Speaker 1: Did they?

Speaker 2: So, like, say you have an Outlook client on your computer. It has the authentication token stored locally. If you steal it, you can essentially dupe the I think I think I don't think they signed it. Like, this is a big Sure.

Speaker 1: This is

Speaker 2: a big deal to lose signing authority. Like, you're essentially hand you're essentially handing out one of the keys. Like, the if you think of like, we talked about cryptographic keys way back, like, episodes one through five maybe. And it's like, a public a public private set of keys is, you know, everybody has the public key, but only you have the private key and know how to use it. Mhmm.

Speaker 1: Like,

Speaker 2: you have the passphrase to use it. And it's like if they lost one of the private keys that allows them to sign things that then gets validated by all the public keys, That really kicks off the ability to kind of do whatever you'd like because you're now the signing authority, and that's a big deal.

Speaker 1: That's a

Speaker 2: that's a big security breach, massive security breach in the cryptographic space.

Speaker 1: Yeah. It's an interesting question of whether or not you treat those those breaches as certainly not inevitable. But knowing that they're going to happen, do you want there to be a a big company like Microsoft in the position to act kind of unilaterally across a whole bunch of people's systems to patch it? Or do you think you maybe avoid that situation to begin with by handling your security yourself? I genuinely don't know. It seems really, really hard to build a system that would rival these massive companies in terms of security, but I I really don't know.

Speaker 2: For like, from where I sit, like, you've already given the trust to Microsoft. You need to let them patch it. Like, they that's that's a that's an on them problem. Like, there's nothing you can really do

Speaker 1: Yeah. Sure.

Speaker 2: Locally. Like, you could probably take it out of your authorized key keys list and things like that, but it's still like, that's a massive like, that's not something that, like, you wanna get the email notifying you of that at a stoplight, read the headlines, mark it as red, and forget it exists, which is a huge problem that I have in life. The that's not one of those. You know? That's

Speaker 1: That's a pull the car over.

Speaker 2: Yeah. That's a pull the car over and send some emails immediately and make some phone calls.

Speaker 1: Pretty frantically too. So Interesting. Yeah. There was another story just very briefly that's probably worth talking about. There's a there was a headline that broke this week concerning Japan.

Speaker 2: This one this one caught my interest because Japan refused to comment on it. Interesting. Which when when they initially broke it, they put a press release saying that it had happened, but they didn't want to talk about any details, which tells you that it's probably much more complex and scary than you would think. So they, apparently, they had, like, a pretty low level, pretty deep level, persistent access, so they had been ongoing. So that's, I don't know. It's it's not good

Speaker 1: Mhmm. Just

Speaker 2: to say that, but it's it's definitely changing this whole state sponsored hacking landscape. It seems like these I don't know if we're getting more coverage of it. Like, governments are being more open about it as they're beating their chest in the public media rather than just over the phone yelling at each other, which is maybe where I feel like it lived the last, like, twenty years. And now we're getting more public coverage kind of coercing and dictating public response to it and public sentiment to it. But it it seems like these are are speeding up.

Speaker 1: Yeah. I could see it being a little bit of both. Like, I could see the volume of attacks and compromises, frankly, going up. And I can also just see a a greater willingness on the kind of on behalf of different governments to admit when this happens. I think probably for a long time, there was a desire to treat this as, like, we don't talk about this. We don't even suggest the idea that any of these systems might be vulnerable. Vulnerable. We need to sort of maintain this veneer that everything at the government is exceptionally well locked down. Mhmm. But at a certain point, you've you've lost control of that story amongst the public. And, okay, we'll see if we can juice a little bit of utility out of this whole situation by talking about our enemies attacked us again. They got this this time. And it manufactures a little bit of willingness to attack them back. And it's I think it's, we're in sort of a transitional period right now between those two states.

Speaker 2: Yeah. Yeah. We're playing political games.

Speaker 1: Okay. So we've got biometric crypto projects. We've got international, state sponsored hacking. When we come back from the break, let's let's do a little little mad science. Starting something new isn't just hard. It can be downright terrifying. You put a lot of work into a thing. You're not entirely sure it's gonna work out. You're taking a huge leap of faith. I've started a few things. Now I know I was right for believing in, you know, the idea, the product, despite all of those fears and hesitations. But boy, does it sure help when you have a partner like Shopify on your side. Shopify is the commerce platform behind millions of businesses around the world and 10% of all e commerce in The US. From household names like, well, hacked podcasts merch to brands just getting started, you can get started with your own design studio with hundreds of ready to use templates. Shopify helps you build a beautiful online store that matches your brand style. Did I mention that that iconic purple shop pay button that's used by millions of businesses around the world? I don't know why I wouldn't. I should. It's why Shopify has the best converting checkout on the planet. It also helps boost conversions, meaning less carts, sort of getting abandoned in the parking lot and more sales for you. It's time to turn those what ifs into sign up for your $1 per month trial at shopify.com/hacked. Go to shopify.com/hacked. One more time, that's shopify.com/hacked.

Speaker 3: Thinking about refreshing the carpet in your home? Now's the time to do it. For a limited time at The Home Depot, get 10% off installed carpet projects on trusted brands like Lifeproof, Lifeproof with PetProof Technology, Home Decorators Collection, and Traffic Master. Plus, with installation starting at just 49¢ per square foot, upgrading your space is more affordable than ever at The Home Depot. Offer valid 06/11/2026 through 06/28/2026. Exclusions apply for licenses. See homedepot.com/license numbers.

Speaker 4: If you've got an insurance question, you could talk to your nana, but she'd probably just tell you how she insured her couch from stains by covering it with plastic. Or you could talk to your local GEICO agent. They'll give you a different kind of warm and fuzzy with personalized assistance for all your insurance needs, like how you could be saving on your policies. So let your nana cover her couch in plastic and let a local GEICO agent help cover you, but not in plastic. To find a GEICO agent near you, visit geico.com/local.

Speaker 5: You have one new message. Translating. Disney and Pixar's Hoppers is now available on Disney plus

Speaker 1: You could say that

Speaker 5: again. Critics are calling it Pixar's funniest movie ever and a wildly entertaining ride. Blizzard potato, it's certified fresh and verified hot.

Speaker 2: Now, we party.

Speaker 6: This is incredible. Wow.

Speaker 1: I am clearing the rest of the day.

Speaker 5: Disney and Pixar's hoppers. Now available on Disney plus Rated PG.

Speaker 2: I think we should talk about we're just kind of in this cybersecurity vein here, so I think we talk a little bit. You know, we've talked about phishing on this podcast pretty much endlessly, seeing as humans are the most vulnerable part of cybersecurity. Massive news this week. Interpol and a number of other agencies managed to take down the 16 shop phishing service, which was, I believe, out of Indonesia, and they managed to arrest the people that were, kind of running it. So it was a phishing as a service, so, like, essentially, a hacking service thing. They sold a bunch of tools to it really was like a

Speaker 1: I don't

Speaker 2: know what you call it, like a a major problem in the fishing world. Aside from doing it actively, they also enabled and empowered people to do it for themselves. So it's, it's good that they're gone. Do I think that they'll be replaced? Probably immediately. But but, you know, in the constant give and take war Mhmm. This is a step, a win for the good guys. A win for the good guys.

Speaker 1: Yeah. I'm so curious about this concept of, like, prepackaged. I mean, we've talked about this a lot, but the commodification of these exploits as, like, little products you can buy. Mhmm. These are fishing kits. And it's like a little email or PDF that directs to a little custom site where people just put their credit card information, hopefully, and you get to keep it. Like, it's a yeah. You're kind of, like, automating the hard part of this whole thing and leaving it up to, like, are you good at finding emails and tricking people into clicking on things?

Speaker 2: Yep. And, you know, when it when it comes to, you know, making money and getting access to information you're not supposed to have, you know, you don't need every single person that gets the email to click the link. But if you get one in a thousand, like, it's pretty cheap to send emails.

Speaker 1: Mhmm.

Speaker 2: So so they sold they sold these fishing kits to apparently over 70,000 customers across 43 countries. So there's a good chance that in your inbox right now is a phishing e phishing email from one of these kits or was enabled and empowered by one of these kits. So

Speaker 1: Interesting. Yeah. It sounds like they're all busted based on the fact that the servers were actually hosted by a company based in The United States. So suddenly, the courts have a a line into that whole operation.

Speaker 2: Yeah. Jurisdiction.

Speaker 1: Got busted. The, administrator was a 21 year old guy.

Speaker 2: Yeah. He he he saw mark

Speaker 1: Younger than I would have guessed.

Speaker 2: Saw market need, and he failed it. You know, who who doesn't want him

Speaker 1: saw market need.

Speaker 2: Who doesn't wanna be able to push a button and generate their own fake version of Amazon, you know, just just to be used for phishing or fake version of outlook.com, you know, all these things. So it's it's

Speaker 1: Yeah. Sure.

Speaker 2: Is what it is. You know? I feel like, you know, we've talked about this at great length, and it's like, I just feel like we need some brilliant people to sit down and just figure out what to do with phishing because Yeah. Sure. It's becoming it's becoming the the starting vector for so many hacks. It's like, oh, instead of back in the day, you know, we used to write exploits and and do stack overflows on email servers to try and get a root access on a shell, like a a server or something. Nowadays, you just send a bunch of phishing emails away for somebody to click you and give you their credentials, which lets you log in to their corporation. You know, it's it's way less

Speaker 1: Mhmm.

Speaker 2: Way less sophisticated and, you know, way more vulnerable. I'd say that you can fix and patch a patch a error and code pretty quick. You know, patching IT security understanding of 7,000,000,000 people is a little bit more challenging. So

Speaker 1: Oh, certainly. It feels yeah. I mean, we were talking about cloud solutions during the last section, and it's like, I don't know what email client is most popular, but it seems like it would have to start there. It has to be just a big old giant switch that says, like, please, for the love of god, stop me from clicking on a thing I shouldn't click on. Thank you. And any link being opened from an email is, like, cordoned off in a little hole. And, like and that the the trouble with that is that it just doesn't address social engineering.

Speaker 2: Wow.

Speaker 1: At the end of the day, if they've tricked you well enough to punch in your credit card information or use a login credential that you're not supposed to, like, it's not a technical thing. It's a soft social deception thing.

Speaker 2: Totally. And the the other thing is too is, like, even if you were to bundle things up and remove all links from emails and stuff, it just hits the efficacy of email as a platform to the point that it's like

Speaker 1: Oh, totally. You know,

Speaker 2: we're already seeing that with the the rise of IRC chat, AKA Slack. Mhmm. But, you know, you know, you're you're you're seeing it, like, you're seeing email losing its corporate credibility. It's still used, I think, for a lot of, like, official channels and and, you know, between organizations, interorganizational chat, but I just I just I don't know. Yeah. I I this is you know, we could do a we could do a whole week miniseries on phishing and not even cover the amount of phishing related hacks that happened in the last month, probably.

Speaker 1: Yeah. You could just have, like, a stock ticker feed of every single story, one of them going live.

Speaker 2: But when one of these groups gets shut down, it's kind of a small reason to celebrate. I'm not sure if it's a huge reason to celebrate. Yeah.

Speaker 1: It's fun. It it it it's worth talking about because it it it there's this feeling that the hacks have become endless. And every single day, you're just bombarded by messages of people, like, in a very small way trying to harm you. Like, they they're trying to deceive you into giving them something that you wouldn't have otherwise. It's like we've all kind of become normalized to that. And so it's nice when some of the people doing that aren't able to do it anymore.

Speaker 2: And it's quickly leaving, it's quickly leaving email and going to text. Like, I get probably a phishing scam via text once a Yeah. Probably once a week. So it's it's just a endless amount of small details. So anyway

Speaker 1: Yeah. If anything that we do to lock down email, it'll move over to text. And anything you do to lock down text will move over to Slack channels or something. And anything you do there, it's just gonna be on Roblox on a long enough timeline. And it doesn't matter because it's not a technical vulnerability. It's a people vulnerability.

Speaker 2: Totally. And, you know And Perfect little transition I'm gonna try here. People that are trying to protect against stuff like this have now become targeted by malware. So there's a recent, recent piece of news. So OpenBullet, which is like a web security app. Let's call it an app for lack of better terms, but essentially creates it's a piece of software that lets you test websites for a variety of potential hacks, lets you dig through the the communication channels running between the browser and the server, things like that.

Speaker 1: Okay.

Speaker 2: Anyway, somebody has figured out a way to insert malware into this. So people downloading OpenBullet, using some config file that was incorrect ended up getting a version of OpenBullet that still functioned, but it also had a remote access trojan built into it. Oh, wow. You download, like I don't wanna call them script keys, but, like, anyway that downloads this and maybe wasn't didn't go through the the hash verifications and things like that ended up getting or could have ended up getting a version of this with a remote access trojan implanted into it that was then firing notifications out to Telegram being like, yo. I'm in control of this computer now, and we what would you what would you like me to do? So just an interesting little twist on, like, you know, when the security tool that you're using to make things more secure becomes the target vector for or the attack vector for getting you hacked.

Speaker 1: So It was an open source project too, which is a bummer Yeah. Because I want things like that to work.

Speaker 2: But it does work. It just it was like a Right. Somebody had posted of it. Yeah. I think I think the way that it worked is somebody had posted a configuration file for it. So, like, OpenBullet uses configs for a lot of its attack stuff. So somebody had posted or modified a config file that then, throughout the process of it, means that it got delivered with a remote access trojan, which is, like Right. You know, sad. But

Speaker 1: Well, it's tough too because it's, like, the people that would probably be I don't know a ton about this tool, but the people that would be most likely to use those configs that have been pre created by someone else is someone that's probably not doing themselves, which would suggest less technical sophistication. So it makes sense that that's a great way to target someone.

Speaker 2: But I think

Speaker 1: This is above my head. I have nothing to comment on.

Speaker 2: That's good. I think we covered it. It was just something interesting that I wanted to touch on. So we can we can move

Speaker 1: Super interesting. Interesting.

Speaker 2: But I think we're through the Scott portion of this episode. So we can go we can go back to to fun to fun stuff. You wanna go back to fun stuff?

Speaker 1: To fun stuff? Well, I think we got I think we got one last thing that I at least wanna talk about. It's just like a hard, hard pivot. Like I said in the intro, we don't typically talk about science that much on this show. Mhmm. But it's been a weird weird week in science, and people are hacking together some stuff in their garages that they normally wouldn't. So it seems worth talking about. Have you been following the l k 99 story?

Speaker 2: I would say that I haven't been following it, but I did see, I can't remember where the research lab is that put out the tiny video that everybody was so excited about.

Speaker 1: Mhmm.

Speaker 2: And I did take a peek at that. I saw that, but I think that's that's where the end end of it ends for me. I don't think I got I didn't go fully down the rabbit hole. I don't know if there's a massive rabbit hole that is created in its wake. But I'm

Speaker 1: Oh, there's a rabbit hole. But I

Speaker 2: heard you mentioned Twitch, so I definitely didn't watch any anybody on Twitch using matches to create a a superconductor.

Speaker 1: So I,

Speaker 2: I I'm not in the rabbit hole. Take me in.

Speaker 1: Take me into the rabbit hole. I I wouldn't normally talk about, like, speculative pre publication science. This story has just dominated the Internet for the last two weeks, and I'd honestly held on for a little while of not diving into it. And then I did. So now I wanna talk about it here. So for anyone that doesn't know, superconductivity is the phenomenon where a material conducts electricity with almost zero resistance.

Speaker 2: It's a it's it's a big, big deal, especially in in transportation infrastructure. So, like, Totally. Like, you have a massive power generating facility, and it is Yes. 52 miles outside of the city. Exactly. It has to pipe that power across lines. Mhmm. And literally, as it gets to the city, it bleeds off of substantial portion of it in resistance and heat.

Speaker 1: Yeah.

Speaker 2: So the resistance inside the metal in the lines, the it's resistant to the electricity, so it actually turns it into heat, and then that heat gets kicked off into the atmosphere. So we don't notice the heat as much. It probably we have enough infrastructure in the world at this point that it could potentially I'm sure you could make an argument Sure. That it's part of climate change. You had never thought about it.

Speaker 1: Nope. Just thought

Speaker 2: about it now. But the

Speaker 1: Yeah.

Speaker 2: But the but the the loss of it is a much bigger deal. Because if you think about burning, like, you know, whatever, one cube of natural gas produces x amounts of power, but you lose half of it in the infrastructure loss as it goes to the to the point of consumption, that's a big deal. Like, we'd have to generate a considerably less power for the world if it was able to transport without loss.

Speaker 1: And we'd be much better at generating it. Yeah. Broadly speaking, you've got current flowing through a wire material. And as it's going, it's shedding electrons, that expresses itself self most commonly as heat. You're familiar with this. Like, your phone getting hot is a teeny tiny version of that exact same process. Mhmm. Superconductivity up until now, we have achieved it, but only under very, very extreme temperatures, like minus 269 degrees Celsius. Like, it's it's a hard temporary thing to do. It is when we do it, though, really important. Super high powered electromagnets, like, electromagnets like in MRI machines, maglev trains, particle accelerators. These are a couple of the instances where it is worth doing this exceptionally difficult thing. But as you said, it would change a lot of things if we had it. Room temperature superconductors are kind of a little bit of a scientific holy grail, especially those that work at, like, just any ambient temperature, transporting electricity without loss, without the need for super cooling. It would change the energy grid. It would diminish energy waste. It would mitigate global warming in to some degree. It'd be really, really cool. It'd be a very good thing if we had room temperature superconductors. I think it's why the Internet's getting so, excited about this. A little fun piece of trivia about this is fifteen years ago when the movie Avatar came out, the element that they were on that planet to mine, unobtainium, is a room temperature superconductor.

Speaker 2: There it is.

Speaker 1: Like, it's a it's a sci fi MacGuffin. You know what I mean?

Speaker 2: And look look what happened

Speaker 1: Well

Speaker 2: in the Avatar movies, Jordan.

Speaker 1: It was.

Speaker 2: Is that what happened on Twitch?

Speaker 1: She's a lot of people riding on dragons and I don't know. Something to do with ponytails. I don't remember that movie that well. Anyway

Speaker 2: So so wait. Just like if I buy world coin, there will be universal basic income. If we come up with a superconductor, I get to ride on a dragon?

Speaker 1: Yeah. No. I'm sure that the dragons will trickle down and we'll all get dragons, not just, like, seven people, that that own the whole thing. I'm sure that's exactly how it's gonna go. I'm gonna get my dragon, Scott. This brings us to l k 99. So couple weeks ago, this group of South Korean researchers post two papers to this thing called arXiv, which is like a preprint server. So this is the big massive asterisk above this whole thing. ArXiv is pre peer review. Stuff gets published to it all the time that is ultimately not true. It means something, but it is really, really importantly peer review. So they published these papers about this so called l k 99 compound, which is claiming to be a room temperature superconductor made up of a combination of relatively common things. I think it's like lead, phosphorus, oxygen, couple other things, but nothing truly, truly crazy. The researchers presented evidence of l caninine superconductivity under room temperature without any added pressure, and this sparks global intrigue. You have labs all over the world attempting to do replication. The famous video that you saw, there's this thing called the Meissner effect. When a material becomes superconductive, it sort of expels a magnetic field, and that's how you can get a little piece of it just sort of floating in the middle of a a metal dish. And this video that that they published, claims to show that.

Speaker 2: Doesn't it isn't the magnetic field, like, bimagnetic? Like, isn't it both poles? Isn't that a big part of it?

Speaker 1: Oh, cool.

Speaker 2: Trying to remember this.

Speaker 1: I

Speaker 2: Yeah. Don't Which is why it flows because it's it's it's it's both repulsed and attracted, I believe. I'm, again, by no means a physicist.

Speaker 1: Like, this whole podcast has hinged on you knowing about a thing and me sort of, like, keeping up but adding a fun storytelling vibe. And we have now wandered into a thing neither of us know jack shit about. Correct. So this is a very, big if true type situation. And as a result, and I'm glad to see this, there's immense scientific skepticism immediately. Really, this is a race to replication, to confirm if this is real. And depending on when you're listening to this, it may have been confirmed or debunked. I'm praying that doesn't happen in the five days between when we record this and when it launches, but it hasn't gone either way yet.

Speaker 2: You know what? I will happily take that is it it is confirmed.

Speaker 1: You're gonna go confirmed.

Speaker 2: Because that would be pretty amazing. That would be sick. No. No. No. Like, I'm just saying, like, you said you'd be sad if it was confirmed or denied.

Speaker 1: Oh, you make a good point.

Speaker 2: And I'm saying

Speaker 1: Yeah.

Speaker 2: Yeah. I'm saying that, like, for the good of mankind, it would be pretty amazing if this was confirmed.

Speaker 1: Yep. You make a really good point. I would not be bummed if my podcast became out of date, but we got a room temperature superconductor.

Speaker 2: There are things more important than this pod. I know it's hard to believe, but but

Speaker 1: I'll believe it when I see it. So two teams, one from India and another from China have managed to recreate a version of l k 99, but have not publicly confirmed its superconductivity. Another Chinese lab reported a levitating l k 99 sample, but, again, that doesn't necessarily confirm superconductivity. This is all still totally up in the air. This has kind of happened before. There was another prereview paper, published, I think, 2020 that was retracted in 2022. And, really, this isn't just about smashing the right ingredients together. The process by which you do that is what results in the exact atomic structure, and that atomic structure is what's really, really important here. I bring all this up because I wanna talk about the amateurs. Because right now, there are people with, obviously, scientific education and a lot of know how who are hacking together their own versions of the superconductor outside of labs. And it has made the Internet a very fun place the last two weeks.

Speaker 2: I'm totally there for it. I'm totally there for it.

Speaker 1: I I love it. So So there's a guy named Andrew McCallop.

Speaker 2: If if this if this is so simple that people are making this happen on, like, their Twitch stream, that is big. If this doesn't need to be owned and controlled by some massive conglomerate that has the ability to make this stuff, oh, that'd be massive.

Speaker 1: It it hasn't been proven to be that simple yet because it again, we have not reproduced this. But I just I love the the quest. So there's this guy named Andrew McCallop. Wired did a big piece of him. He got a lot of press coverage. He's an engineer and now Twitch streamer who became interested in replicating l k '99, as part of, like, a little startup, but a startup that doesn't really focus on this kind of thing. He, publicly I think it's on x he posted this. It's his 30 birthday, and he wants red phosphorus, which is, essential for making the superconductor. I think you need red phosphorus to make lannerkite. I'm not totally sure about that. But importantly, red phosphorus is a controlled substance because you need to use it when you're making meth. So people on Twitter start getting involved. They're suggesting different ways he could get it. He could melt down the heads of a pile of matchsticks. People are suggesting maybe he goes on Etsy to buy, like, a pure form of it where the DEA might not be looking, but it is technically for sale.

Speaker 2: Oh my god.

Speaker 1: Other people are offering connections to Eastern European suppliers, just trying to get Andrew some red phosphorus so he can try and make this thing in his, like, lab. So Andrew takes to Twitch, which means, very briefly, there were people on a Twitch stream watching a streamer doing amateurish science trying to create a room temperature superconductor, trying to create unobtanium from the film Avatar. And I just I love that. I think that's great. The process of creating l k 99 is not that straightforward clearly. No one's been able to publicly reproduce it. The paper outlines generally how it works, but there's no clear recipe. But amateurs like McCallop are forging ahead. This just briefly, and, I'll kinda wrap up here. I wanted to read a little bit more about, like, the history of amateur science people making or confirming really intense big scientific discoveries. And, I highly recommend you go down that rabbit hole.

Speaker 2: Really?

Speaker 1: Because the number of things that just random people have contributed to across the history of science is incredibly cool. Archaeology, 20,000 year old cave paintings, were confirmed to be part of a lunar calendar based on an just an amateur archaeologist. He was able to, like, crack what these things meant. You've got, over in earth sciences, fossil hunters spotted a meter long dinosaur footprint, the largest ever discovered, amateurs. And then a big one, climate science. I think back in the nineteen thirties, the first ever or one of the first ever published papers proving and or making the connection between carbon dioxide and its effect on the climate done by an amateur climatologist. There is a rich history of, like, people who have educated themselves on these things making really cool discoveries. It's not without criticism. There are situations

Speaker 2: where computer

Speaker 1: science should really take a backdoor a backseat to professional science.

Speaker 2: No. No. I should take a backdoor.

Speaker 1: Of them?

Speaker 2: Probably.

Speaker 1: Yeah. Should just not take part in it. I'm sure for

Speaker 2: for every

Speaker 1: When it is not an exceptionally high stakes urgent situation, I love this stuff.

Speaker 2: I think for every every major life changing discovery that was discovery that was helped by amateur science. I'm sure there are thousands of weird conspiracy things that were harmed by amateur science.

Speaker 1: Certainly. So be a good one if you're gonna do it. But I choose to be an optimist about this, and I think it's very fun and neat. And I hope that, a, alkaline is confirmed. I hope it's real. I think that'd be pretty cool, and I wouldn't be mad if an amateur scientist helped.

Speaker 2: Thanks again. Thanks for tuning in. I hope you enjoyed the show.

Speaker 1: Thanks for listening, everybody. Appreciate your time, and we will catch you in the next one. Cheers.

Speaker 6: This episode is brought to you by Nespresso. Life moves quickly, and taking care of yourself shouldn't feel like another chore. With the new Nespresso virtual up machine, morning routines become rituals. Whether organizing, getting the house household moving, or preparing for the day, your coffee shouldn't ask for more. With Vertuo Up, just press brew and your morning begins. Rich aroma, bold flavor, zero effort. Press to explore. Every coffee, a new world. New Vertuo Up. Shop now at nespresso.com.

Speaker 7: Lots of places can expose you to identity theft.

Speaker 5: Oh, no.

Speaker 7: That's why LifeLock monitors hundreds of millions of data points a second for threats to your identity, which is way more than anyone can do on their own. If we find anything suspicious, like new loans or changes to your financial accounts, we alert you right away, all through text, phone, email, or the LifeLock app. Get the alerts that could make all the difference. Save up to 30% your first year at lifelock.com/podcast. Terms

Speaker 8: apply. Stitch Fix. Stop shopping. Get styled. Not today, sweatpants. Somebody's wearing jeans that fit.

Speaker 1: No photos, please. I'm just a regular dad who happens

Speaker 2: to have a stylist.

Speaker 8: I really look my best when someone else makes the decisions. Hey,

Speaker 1: we can all see you two way mirrors.

Speaker 8: Just show your size, style and budget and your stylist sends personalized looks right to your door. Stitch Fix. Get started today at stitchfix.com. I wanna hug you. I'm gonna hug you. I'm coming

Speaker 1: I'm

Speaker 8: coming in for a hug.