Home » Research » About » IT vs OT | When Facing The Insider Threat What Happend Free Software vs Open Source | ask me |






No one knows who I am yet and what kind
of content I produce. So why not focus a topic that 
people are 
already searching for, right?





Do you know the signs of suspicious activity? Find out. Recognizing and Dealing With Suspicious Behavior.


explain xkcd | Cueball's grandma | Small office/Home office |

Cueball’s grandma decides to install Linux on her new PC, and calls Cueball, whom she views as her personal Linux expert. The overarching joke revolves around the fact that Linux, especially home PC-based GNU/Linux, is much more often used as a "hobby" OS, as compared against a "productivity" OS such as Windows or macOS. Large numbers of people use Windows or Mac by default, because it came with their computer hardware when they bought it, and it already had the software suite they wanted to use installed along with it. Linux, on the other hand, rarely comes pre-installed on PC hardware and generally must be deliberately chosen and acquired; and while it can be set up to achieve efficient and productive workflow in virtually any area on PCs, because it often must be consciously selected, installed, and configured by users, it tends to either attract or, in a few cases, create individuals who take disproportionate pleasure in, and derive self-identification from, hacking the operating system itself. Thus, many people who are Linux enthusiasts began by not really knowing anything about it other than that it's free of cost, but the process of actually building Linux on their machines gradually led them to take an increasing interest in it, which the comic humorously likens to substance addiction.

Your Grandma on linux - explain

Xorg (officially X.Org) is an implementation of the X Window System, a program responsible for the graphical display used on Linux. If it has configuration problems, which was quite common with some video card drivers back in 2008 (especially those for ATI Radeon cards), it is often difficult and/or painful to fix (see 963: X11). Man pages are manual pages for Unix-based operating systems and software, usually accessible online but also bundled with the software itself. Considered helpful and clear by the sorts of advanced computer users who typically run Linux, the text only documentation requires a bit of a learning curve and is not generally adequate for less-technical users. Here the joke starts to build in that Cueball’s grandma, a computer novice who just wanted something to work out of the box, is now having to learn how to understand Linux documentation in order to even 'attempt' to fix her ongoing Xorg problem (likely an inability to start a graphical terminal, something a novice user would depend on). 

In the third panel we see that the grandma's problems are persisting. She may have been able to get a graphical terminal to work, but now Ubuntu's built-in auto configuration tools are failing to address another critical problem. She suggests that she is considering switching to a more "advanced" Linux distro in order to sidestep the failing autoconfig issues. A Linux "distribution" is a suite of tools and applications that provide a specific user experience on top of the core Linux operating system. Each distribution, or "distro", has a different look and feel, and different feature sets and design philosophies. Ubuntu is a very popular "beginner" version of Linux, designed to "just work" and be familiar/usable to people fresh out of Windows. Debian is a popular but somewhat more "advanced", traditionally "Unix-like", distro, with a huge and diverse base of supported software that generally requires more Linux know-how to configure and use. In fact Ubuntu is based on Debian, and under the hood they have similar features, so that it would not be considered much of a leap for a competent Ubuntu user to switch. Gentoo, on the other hand, is a very advanced distro allowing for extreme customization and optimization but requiring extensive install and setup time. It is generally considered to be extremely complex and beginner-unfriendly (to the point that its difficulty has become somewhat memetic in the Linux world), a trade-off for providing a powerful and versatile set of tools for advanced system hacking. It appears that during her six-week struggle to build her system, Cueball's grandma has started to consider that her problem would require a solution that could only be accommodated by complex tweaking. 

In the fourth panel there is a strong implication that the grandma has indeed switched to Gentoo because a hallmark of that distribution is the kernel (the basic core of the operating system) must be compiled from source code upon installation. Source code is a computer program expressed in an somewhat human-readable format, often simply as text. However, source code cannot be run directly by a computer, and instead needs to be "compiled" into low level machine instructions the computer can understand. This means that with Gentoo, instead of downloading an already functional Linux system to install and run, users download the source code for the system, customize it to their own needs, then compile the code into a runnable version of the OS, all before they can begin to use the system. The grandma has been forced to do this because whatever her problem is, the solution required a customized kernel. This could include needing the kernel to be compiled in a non-standard way not supported by more mainstream distros, incorporating experimental third party code into the kernel or modifying the kernel herself to fix the problem. Compiling a kernel with the aforementioned modifications is a tricky affair since any mistake or oversight can render the kernel, and thus the computer, non-functional. If a mistake is made or the custom kernel does not fix her problem the kernel needs to be compiled anew. The fourth panel also implies that grandma has been stuck in a Trial and error loop, compiling the kernel over and over again for the better part of 6 weeks in an attempt to fix her problem. 

Other guises used by social engineers are to pose as a computer aide or helper, and try to gain information as you fix the computer.  This technique, however, relies on the assumption that there is something wrong with the computer system. By posing as a helper, the legitimate user will be less suspicious and more willing to answer your inquisitive questions. Another form for the attacker to take is that of a system operator for the network itself. The potential hacker will pretend that an error in all the accounts has been made, and the he needs to reset the accounts. In order to do that, he needs the old passwords of the users. If the employee is naive enough, he or she will divulge the information, thinking that they are doing their company a service. Although there are many other methods and techniques, these previous examples account for most recorded incidents of social engineers.

GNU Users Who Have Never Heard of GNU by Richard Stallman and Priscilla to be continued

To many such advanced users, their installation of Linux is like a hobby sports car: A never-ending project, constantly tweaked and cleaned and adjusted to improve performance, that spends far more time sitting around with its hood open than actually being used for its ostensible purpose. However, for more typical users who are interested in a functional computer system instead of a toy or project system, Gentoo can be highly frustrating or plainly unusable. By week 12, Cueball's grandma is likely suffering from the Sunk cost fallacy, in that she believes that since she has put in so much time she needs to see it through. She might also be optimistically underestimating how much additional work will be required since at each point Linux does at least offer potential solutions due to its customizability. Finally there could be an element of Target fixation, in that the grandma has become so focused on the problem, she has forgotten about her original plans for the computer or that Windows is still an option. 

In the fifth panel, Randal riffs on the old anti-drug message "Parents, talk to your kids about drugs before someone else does", with the meaning being if a responsible adult does not educate their kids about the dangers of drugs (or Linux), then someone else (likely a peer) might convince them that drugs (or Linux) is a good idea. This brings us to the overall theme of the comic in that Linux might 'seem' like a good idea for the average, less-technical user, but in reality will open up a world of pain that will hinder their ability to be a computationally functional member of society. There is an additional call to the theory of gateway drugs where mild drugs like alcohol or cannabis will lead to harder drugs like cocaine and heroin. In the comic, Cueball's grandma starts out with Ubuntu, a "gateway" version of Linux. However it quickly leads to harder and harder versions, all in a futile effort to solve her problem, with the end result being her vanishing for weeks inside her house like a junkie hopelessly hooked on drugs. 

insider threat tactics - you are here e-waste by Priscilla

The title text continues the joke about Linux's poor support for many Wi-Fi cards common in 2008, a device that is not only well supported on Windows, but was typically seen as making networking easy for less technical users. 

While the comic primarily pokes fun at the difficulties in using Linux (circa 2008), it indirectly shows some of the advantages. The first one is that it is a freely available alternative to Windows and the second is that it provides users the tools to make fixing problems possible, whereas with Windows the only problems that are fixed are the ones Microsoft chooses to fix. The comic is also somewhat anachronistic as over time hardware support in Linux has become much more robust. It is currently unlikely that Cueball's grandma would wind up in kernel compile hell to enable basic functions such as graphics and Wi-Fi. The world's most popular operating system, Android, is a flavor of Linux and the growth of web-based applications have pushed much of even the desktop user experience into the browser. As of 2017 it would be unlikely that the grandma would even consider a desktop computer, instead relying on her Android phone or tablet. 

Home » Research » About » IT vs OT | When Facing The Insider Threat What Happend Free Software vs Open Source | ask me |

Insider threat tactics: making choices

Social engineer: Where people work alone, I took the wrong turn. Not once, but several times, not for a short period of time, but over a longer period of time.

Priscilla: [it quickly leads to harder and harder versions].

passwords are now more vulnerable to insider attacks by e.g. family members, close friends, or co-workers. 




 1000: 1000 Comics (talk | history)

 1286: Encryptic (talk | history)

 1348: Before the Internet (talk | history)

 1388: Subduction License (talk | history)

 149: Sandwich (talk | history)

 1508: Operating Systems (talk | history)

 1688: Map Age Guide (talk | history)

 1700: New Bug (talk | history)

 1912: Thermostat (talk | history)

 198: Perspective (talk | history)

 2138: Wanna See the Code? (talk | history)

 2176: How Hacking Works (talk | history)

 225: Open Source (talk | history)

 239: Blagofaire (talk | history)

 256: Online Communities (talk | history)

 272: Linux User at Best Buy (talk | history)

 344: 1337: Part 4 (talk | history)

 345: 1337: Part 5 (talk | history)

 416: Zealous Autoconfig (talk | history)

 424: Security Holes (talk | history)

 434: xkcd Goes to the Airport (talk | history)

 456: Cautionary (talk | history)

 526: Converting to Metric (talk | history)

 565: Security Question (talk | history)

 619: Supported Features (talk | history)

 676: Abstraction (talk | history)

 722: Computer Problems (talk | history)

 743: Infrastructures (talk | history)

 792: Password Reuse (talk | history)

 806: Tech Support (talk | history)

 873: FPS Mod (talk | history)

 981: Porn Folder (talk | history)

 Thing Explainer (talk | history)