Yay, more code! If you split the view four ways and scroll each a little differently, it looks a lot more impressive. Source is: http://www.csee.wvu.edu/~cukic/CS350/Spring98/C_Ch10.txt
They C++-ified the code (ie, cout instead of printf). See leftmost pane in screenshot:
unsigned number1 = 960;
printf("\nThe result of left shifting\n");
printf("8 bit positions using the ");
printf("left shift operator << is\n");
displayBits(number1 << 8);
printf("\nThe result of right shifting\n");
printf("8 bit positions using the ");
printf("right shift operator >> is\n");
displayBits(number1 >> 8);
On the bottom, they use “reciever” and on the right, “RECIVERS“. “i” before “e” except after “c”, and don’t forget the “e”.
On the bottom, “echolator”. They probably did not have enough room for “echo locator”.
I was watching America’s Book of Secrets – S02E10 – Presidential Assassins, and @18:57, I spotted hexdump output scrolling behind the images. Unfortunately, the beginning frames had no obviously unique text:
But a few frames later, I spotted probably searchable text “rafrht Alwera”:
Here is where it becomes strange. Googling for “rafrht alwera” returns just 1 hit, a PDF file that looks like it also contains hexdump output:
Opening the file in Acrobat and searching for the text “rafrht” returns one match but not the hexdump Google found.
Oddly, hexdump on the PDF does not show any “rafrht”. So what did Google and Acrobat find?
Why are there only 16 dots (+ 2 implied) in the 24 hour clock?
I have never seen a security/firewall system like this. On the left, I see emacs or some variant of, the status line says “edit code: mySysScan.c“. And the middle bottom window says “*shell*“. The lower right is some code that I cannot make out. The rest looks familiar but I cannot identify it.
But the bigger question is, if they were looking into how somebody broke into a system, wouldn’t either/both the Security Scan or Firewall Protection Scan have alerted when the incursion occurred? And if they did not, why would a post mortem scan produce a different result?
Screen image simulated, typo not.
Ah, more source code scrolling while the computer works. What system does that?
I am impressed that the screen graphics people searched for something relevant. The code is cluster.cpp from Open Source Biometric Recognition – https://github.com/biometrics/openbr.
You would expect such perfect penmanship from Dr. Hannibal Lecter, but alas, it is a font. The improperly ligated characters, “iv”, are the dead giveaway. WhatTheFont says it is P22 Grosvenor.
There are so many things wrong with this.
- Once again, the window on the left is source code, because we always have source code up. The code is unp.h from http://socketprogrammer.blogspot.com/2009/04/unix-network-programming.html
/* OSF/1 actually disables recv() and send() in <sys/socket.h> */
#define recv(a,b,c,d) recvfrom(a,b,c,d,0,0)
#define send(a,b,c,d) sendto(a,b,c,d,0,0)
- North Korea does not have a gigabit uplink to the rest of the world.
- While none of the IP addresses are (understandably) valid (all have one octet > 255), the last few hops are multicast addresses which are not traceable. See Wikipedia – Multicast address.
- The real command is “traceroute” (or “tracert” in Windows land) and it shows you the path from the computer you are running it on to another IP address. You can trace back to a mail/web/ftp/etc. server (cpanengine.com if it actually existed), but not to an email address. Some mail servers add a header line that shows the client IP, which you can trace back to.
- If the recipient of the message was at Host A (126.55.341.66), and the sender was Host B (cpanengine.com), an investigator at Host C (shown above) cannot run a traceroute to see how Host A would talk to Host B.
- The hop times are simply replicated, 160ms/240ms 174ms/436ms alternating.
- The normal traceroute does not show the type of device, ie., wifi router, satellite, etc. It is possible to determine the type of device from its MAC address, but only the next/previous hop sees the MAC address, and it is not passed along.
- Traffic going through a satellite would be layer 1 (the satellite does not have an IP on the customer traffic side) and thus the satellite would not show up as a hop. This article is from 2008 but still valid – Identifying undersea fibre and satellite links with traceroute.
- Why would traffic bounce through 10 satellites?
- traceroute does not show the local computer’s network card as the first hop.
- Why would every window have a WiFi menu?
A real traceroute looks like this:
mcommincated communicated message from | COMSUBPAC |