“I will slaughter you” | daniel.haxx.se

Source: “I will slaughter you” | daniel.haxx.se

“I lost my family, my country my friends, my home and 6 years of work trying to build a better place for posterity. And it has beginnings in that code. That code is used to root and exploit people. That code is used to blackmail people.”

“So no, I don’t feel bad one bit. You knew exactly the utility of what you were building. And you thought it was all a big joke. Im not laughing. I am so far past that point now.”

Someone literally and directly threatens an open source maintainer’s life, and a commenter on his blog post says we should look to Apple, instead of law enforcement, to “police” his thought and action. He’s already stated that he’s lost $15M of business, and his “family, friends, country, and home” because of curl’s author. This person is obviously confused about curl, and the role it played in all the things he accuses. (It’s just a command-line HTTP agent, and can’t “hack” anything that has been properly secured.) But, sure, let’s deplatform him from a cloud provider, potentially locking him out of his personal data as well. Surely, this will assuage his murderous reaction to this string of recent misfortune.

We all know how out of touch our government is in this “Web 2.0” world, but Apple, Twitter, Facebook, Google, et. al. are not even nominally accountable to the public. On the one hand, it’s frightening to think that people are looking to corporations to safeguard society. On the other hand, I suppose that people could rationally look to them because our government is so completely ineffective in our digital world.

Unless something significant happens to rebalance power from corporations to the government again, especially with respect to the digital economic and informational challenges we face, it feels like we are headed straight for a cyberpunk, citizens-of-worldwide-megacorps future that authors have been warning us about for decades. And it will happen, not because the big, scary government mandated it, but because government stopped doing anything, and corporations just took over where government left off, and did things according to the only thing that drives them: their bottom line.

15 thoughts on ““I will slaughter you” | daniel.haxx.se”

    1. If this is really the person who sent the original email to the author of curl, then I find it a rather strange reaction, given that my main point was about corporations being cajoled to putatively deplatform people, and having personal data and services unilaterally taken away, without due process of law.

      1. Yes, thats me dipshit. I love a 7 figure defense project because of Dan’s software. Since Oct 2020. All this after the 5th attempt on my life. I am not scared, you and the people you have destroyed are real. Im not going silently into the night. You wanna see just how serious i am? call me. I will answer. I have nothing to hide unlike Dan.

    1. I get it. It’s a terrible situation. That’s why I was DEFENDING YOU (here, and on the HN thread about this story) from FURTHER harm by being possibly deplatformed from iCloud. I don’t know why you’re being beligerent towards me, and, frankly, I don’t care any more. We’re done here.

      1. Oh, shit. Im sorry. I’ve had about 40 people taking me down in every which way. They impersonate federal law enforcement and i cant tell who i am talking to most of the time. And have done this for months now, im at a point where i have no options outside physical confrontation.
        That doesnt excuse my behavior, i hope you can accept my apologies. I went off cocked on you, and you didnt deserve it. I am really in a spot where my nerves are shot and made an unfair assumption.

        1. Hey Al,

          It’s nice to say you say you’re sorry and it made me wonder if anyone has even taken the time to explain what curl is. I am starting to realize this may all just be a shitty bit of confusion. Please take the time to read my message, I mean no harm, I am just trying to explain why some of the things are happening (I don’t have answers for all the things that are). I know it is a very long message, but I do hope you will take the time to read it.

          curl is a piece of software to make web requests with. Nothing more than that. It’s like a web browser, but for the command line. Because it is a command line program, and not a graphical program, it is much easier to automate and is used in many many projects. For example, it is built into a lot of cars to download data (like for example software updates for the car) and also in systems like the Nintendo Switch for similar reasons. curl is not designed as a hacking tool, it is simply a small program to add support for downloading things from the internet in any other program.

          Now, you may still have 2 questions left:
          1. Why can curl be found in some evil programs if it’s not meant to be used for evil?
          2. Why does Daniel’s website say “haxx”, like “hacks”, like “hacking”?

          Let me try to answer those two as well:
          1. Curl is an Open Source tool. That means that anyone is allowed to use it in any project without having to talk to Daniel or buy a license or anything. The source code is also available for people to improve curl or fix issues. This makes curl very flexible and useful in many situations (like in cars and a Nintendo Switch to download software updates), but it does mean that there is no control over how people use curl. There is nothing that can be done to stop people from using curl in evil ways. You may disagree with making it so open for this reason, but it wouldn’t change much if Daniel would try to restrict curl as there are a lot of similar tools people could use instead of curl.

          2. “Hacking” wasn’t always a word that meant to access someone’s computer without permission. You can still see this if you Google “hacker meaning”. One of the definitions Google will tell you is “an enthusiastic and skilful computer programmer or user.”. Some people, like Daniel, like to use it in that way. So the “haxx” in “haxx.se” just means “I like to do cool stuff with computers”, not “I want to hack into computers”.

          I hope that helps explain some things. If you’re still wondering why everyone is being so mean to you, well, you did threaten to kill Daniel even though he did nothing bad. I understand that when shit happens in life it is very easy to get angry, but it isn’t very nice to threaten people, so that is why a lot of people are upset with you.

          I hope this helps explain things a bit. Feel free to respond to this comment if anything is still unclear.

  1. I have documents proving malicious use of Windows 10 through the defaultuser0 backdoor at system installation.
    I have those screen shots you showed, that is a back hole to gain escalated access in thr Apple Iphone via a C++ IDE in the app store.

    I have a tb of Malware from Google, and and MS Hive showing a tiered privilege structure set up by falsified root certs that containerize people through WebM containerization with the use of PySpark. In the iPhone, I believe it to beca docker container. I currently boot into a serverfarm, in what i believe to be in Council Bluffs, IA which is home to a $3bil Google Server farm paid into by taxes. I was robbed and beaten near death in an attempted murder that led me to uncover a multi-tiered money laundering ring tied to front company Albeecht Financial Services and otger financial institutions in Iowa.
    I was rooted by Google OSINT Company Pulsedive through the use of Root CA’s. I was hit and what i got hit with was content agnostic.
    My breach occurred via a VA Federal Server through employee Travis Seehaver, MN Regional Office.
    I have now had multiple OIG investigations shut down. I have caught my current mortgage servicer injecting Root CA’s through redirects, falsified CRLs through A Records, Link shortners, and commands hidden in Base64 strings. The point of logarithmic expansion is an attack vector and we are extremely exposed at an assembly level.

    I have records of MS Employees posing as their auditor Convercent and sending malware through support channels.

    I have contacted the following agencies: VA, VA OIG, VA Medical Minnespolis, VA Midwest, USAF, GSA, FCC, SEC, DOI, DOJ, CFPB, HUD, AG MN, AG CT, Texas Bar Association, MN State/County/Local, CIA, FBI Federal/State Offices, MN DEED, Google, Microsoft, American Legion Centurylink, USBank, US Treasury, US Secret Service, DoD, Homeland Security.

    I reported the following:
    Federal Server Breaches, State Breaches, Malfeasance, Exteme Neglect, Fraud, Money Laundering, Racketeering at federal levels via assett manager BlackRock and Investmeng arm Goldman Sachs. That is an incomplete list.

    I have since October, had my entire life sandboxed by individual Daniel Patrick Ehrlich to find software loopholes to aid in development of SCNR, an aggregation bot for “Open Source Intelligence” tied to Subverse Media and Timothy Pool, the Journalist.

    I know the following:
    1. React JS primary utility is to obfuscate URIs to inject malicious code
    2. This code is commonly down my user agents, KHTML, primarily Favicons as they are the SVG type, and carry injectable XML.
    3. Qualcom BT Adapters and drivers are routinely hacked via the SigOver attack vector through malicious sub packet injection.
    4. HTTP is a primary attack vector through the usage pf DNS records.
    5.Javascript had a library, Clojure or now Closure. This library was a templater utilizing stochastic process to develop minified files containing a mass amount of JS boolean object comparison operators as a means if injection into binary data registers
    6. Malicious Software Consulting Company Nettleton consulting have development ties to the GSA and their malicious scripts reference endpoints in the beta.SAM.gov, System for Award Management system used for company bids.
    7. 7zip can be repurposed as Malware and have records displaying Firefox delivering the 7sfx.z (or similar spelling) ransom wear.
    8. Records showing files with classID UUIDs/GUIDs as able to establish CLSID’s within my registry.
    9. DOS Commands are used as the TYPE DOS command with delete hidden data, and i have videos and pictures of this.
    10. VB is used in different Quantum Computing Processes and AI as the main focus of the language is UI.

    Theres more, i just am tired of saying it.
    I was working to stop the caste system that is coming. Dan Stenberg has his name all over the malicious C files and utilizes C by incorporating and injecting different compilers.

    Initiant Dan Sherry and Grace Chi current owners of securitytrails actively root devices.

    I currently have an implant affected by these attacks and can be wirelessly recalibrated without any physician present by external sources

    I have since lost my email and account because an individual has hacked my account, not through deplatforming through a cacert.pem files with root keys to organizations I neither know nor authorized.

    My number is 612-209-0450
    Alex White
    No certain address as I am weighing whether I can leave knowing this filth still walks. I invite anyone to call, I will talk to whatever Agency feels like knocking on my door.

    That is a good rundown.

    Dont go to the site as Google has turned it into a malicious domain after hijacking my domain.

  2. There are a lot of people trying to post comments that are just dunks on Al, and I’m not going to approve them. This is what’s wrong with the internet: A bunch of people running around spouting off things they wouldn’t say to people in real life, because it would get them punched in the nose, and rightfully so. Maybe some of you would don the “internet tough guy” persona, and say you’d do it in real life, and, ok, maybe you ARE the kind of person who goes around starting bar fights with random strangers, but none of that is interesting.

    To everyone saying that Al needs help with his mental health, well, don’t we all. But if you really cared about his well-being, you wouldn’t include ad hominem attacks while suggesting that he get counseling.

  3. This is like blaming the creator of the chainsaw for a murdered family. We still need to be sympathetic to the family, while the creator has nothing to do with the murderer.

  4. My name and email was fake. I just wanted to let you know that I have seen several open source creators being “abused” during the years and it’s very sad. People like you contribute so much to the industry and you have some ingrates that don’t care. Just wanted to let you know that many of us do appreciate your efforts. And patience.

  5. I think it pretty clear this Al Nocai person is either totally insane or entirely out of control, to extent they aren’t even capable of rational thinking anymore, targeting someone who is basically random person “guilty” of coding some tool that some other bad person used to do something nasty.

    Just in case, curl is not “attack tool” by any standard. It merely file download utility and library used by like half of globe. So barking on Curl author just as smart as barking on hammer manufacturer because some badass used their hammer to kill somebody. Oh, sure, one can kill human with hammer if being really determined. But hammers aren’t even marketed as weapons in first place, so it’s solely agressor’s guilt they’ve killed someone using hammer. Curl pretty much like that. By no means it marketed as attack tool.

    At this point I have to admit that’s what jails and secure medical facilities for, exactly. If person is out of control to extent they go dangerous and unreasonable, they have to be isolated from society for good, on the grounds of losing ability to think rationaly.

    Additionally I have to admit I’m really surprised such an dumb and incompetent person clearly incapable of even understanding basic things has been some system administrator of some defense project in first place! Actually, Al Nocai should likely face extra charge of “criminal negligence” I guess. Because being such a dumb and ignorant person in such position is pretty much crime on its own. When such goddamn retards start to take care of defence projects world turns into far more dangerous place to be. So that’s pretty much 2nd reason to jail that moron, to ensure such dumb and ignorant persons never end up as systems administrators again. Especitlly in defense projects, dammit. Its just amazing how some lame nut not just rooted – but also manages to put blames on entirely wrong head!

    So, um, guess best thing to do is to track that Al Nocai down and report him to law enforcement agencies. That dude apparently should be jailed for good.

  6. Damn, guess I’ve been overaggressive in my reply. Still, I have to admit, that while life eventually gives sh*t on our heads, that’s a really bad reason to rush on random person in anger, it can just cause more trouble.

    And I’m sorry, but from what I’ve read, in Al Nocai’s shoes I would be happy to at least get out without facing criminal negligence charges. Because, well, getting rooted is hardly adds up to systems admin’s portfolio in first place, though sometimes attack can be just way too powerful and competent, sure. But then Al Nocai also failed to identify tool and person(s) behind it as bad as making threats on someone not related to all that. I have to admit defense projects can be quite demanding from security standpoint and it seems Al Nocai didn’t had skills to face threats of this magnitude, not to mention reasonable and rational responce.

  7. I disagree with what I perceive to be the subtext of your post (I think government officials should do their jobs rather than politicians expanding their scope: “do something” is generally meant as passing laws; I think the breakdown is over enforcing the existing laws under existing capabilities) — this apathetic collapse of our justice system and subsequent replace by “megacorporation citizenship” is by no means limited to the cyber realm.

    While it’s true that the FBI is the last entity you turn to for cyber-crime, if you’re really bored, after you’ve done their job yourself by working with the corporations in your supply chain, I’ve also seen the “real-world” counterpart when one is victimized IRL by unscrupulous-but-nonviolent individuals: my car was destroyed by an uninsured, at-fault driver; at the time, I lacked megacorporation citizenship in the form of collision coverage… but the young man gave the police fake insurance details, making it now, apparently, a “civil matter” (according to the city PD). I could not pursue this, obviously, as the car value itself was comparable to the cheapest lawyer’s retention fee, and I have no means to enforce a small-claims summon to someone who I only have a questionably-current out-of-state address for.

    The government remains, offline and online, not unable but unwilling to protect people from infringement on their property by others. It’s not as if these infringements aren’t illegal; it’s only that the law enforcement agents themselves decline to enforce the law against targets they feel aren’t worth the hunt.

Leave a Reply to H bach Cancel reply

Your email address will not be published. Required fields are marked *