Tech and Gamer Gear Galore: Massdrop

Daniel Clarke

Massdrop (www.massdrop.com) is a group-buy website located out of New Jersey where people commit to buying a product. Once enough people commit to buying the product, the price begins to drop. After the drop has ended, Massdrop will place an order with the manufacturer. Massdrop has several different “communities” that it uses to list like products in the same area. A few of these communities include: Everyday Carry for knives and useful tools that you can keep in your pocket, Audiophile to suit your listening needs, and Tech for gadgets like a Raspberry Pi or other devices. Those are just a few of the (currently) 13 communities that Massdrop has to offer.

As an example, we’ll look at the DXRacer OH/IS11 Iron Series Chair. The drop can be located at https://www.massdrop.com/buy/dxracer-oh-is11-iron-series-chair. You’ll need to authenticate with Facebook or create an account using an email address; we suggest anonymizing services like Mailinator.com.

Each product has different requirements for the total number of people needed in order to get the discounted price. When the chair first “dropped” or came available for purchase, it was listed for $399.99. As more people purchase the chair, the price drops by $10 with every five people until it reaches the lowest price available of $369.99.

Stages of a Drop
Gamer chairs!

If you are interested in the product but only want it if it reaches the maximum discount, you can commit to buy the product at the lowest price. IMAGE (Commit) To compare the requirements for purchase, we will look at some GMK QMX-Clip Sound Dampening Brackets (located at https://www.massdrop.com/buy/gmk-sound-dampening-brackets).

Stages of a Drop: 2
Stages of a Drop: 2

These brackets are used to dampen the sound coming from a mechanical keyboard and are much cheaper than the chair. In order for it to be cost effective for both Massdrop and GMK, more people need to purchase the clips in order to justify a group-buy discount. In this case, at least 50 people are needed to get a discount with 100 people needed to reach the maximum discount.

Now, before you rush onto the site and place a bunch of orders, there are a few issues to understand about Massdrop.

One major complaint is the amount of time that it takes to receive a package. For example, I ordered a wicked set of keycaps on September 30,2015 (https://www.massdrop.com/buy/danger-zone-sa-keycap-set). The keycaps (I know, they’re badass huh?) didn’t arrive until February 17, 2016. Four and a half months is almost unheard of to wait for a product to reach you, especially when Amazon Prime will ship me something in 2 days. One reason is that it was a custom set of keycaps that was made specifically for those who purchased it from Massdrop. The other reason is that your order doesn’t drop ship directly to your door. The manufacturer sends the entire order to Massdrop who then sorts the order and ships it to the customer. I have since purchased other products from Massdrop and both of those orders took about three weeks.

Another major complaint that I have seen, especially recently, is that for products that are not custom made (think knives, chairs, headphones, etc.) it is possible to find the exact same or very similar product for the same price (give or take $5-10) on a major online retailer like Amazon or eBay. In that case, is it worth a few dollars extra to have your product within a week, or are you ok waiting significantly longer to receive it from Massdrop?

Nevertheless, I have used and will continue to use Massdrop.com and watch for new drops that happen daily. If I feel that it is a good deal, I will do my research to make sure that I cannot find the same product for cheaper elsewhere, and if I can’t, I will buy from Massdrop. As a price-conscious consumer, it would be unwise to do differently. As a techie, how can I help myself?

[Daniel Clark is an up-and-coming IT and security consultant in Albuquerque, NM, USA. This is his first contribution to School for Hackers, with more articles on technology and related goodies to come.]

Hacking Tips from the Article, “How To Not Get Hacked, According To Expert Hackers”

Backlit keyboard

TV personality Kevin Roose asked for it, and he got it. He wanted to research how people get hacked, so he decided to invite some prominent hackers to hack him. And hack him they did, cracking into everything from his webcam (pictures every two minutes) to all his online accounts (including banks).
Personally, I wouldn’t do this. It’s all too apparent, to the hack-literate, how people get hacked; the harder part is figuring out how NOT to.
Some of the solutions he proposes are familiar, like using a password manager, which is unfortunately a sword sharp on both sides. Others were new to me: have you heard of an app called Little Snitch? It monitors your outgoing traffic for suspicious activity. (Why is my computer uploading my credit card statements to China?)
And some “solutions” are as effective for the cracker as for the person trying to protect themselves: using a VPN, for instance. You’ll see more on that subject in this space going forward.
In the mean time, give this article a look, prospective crackers, hackers and security professionals.
(Image courtesy of User:Colin at wikimedia.org)

Fedora 23 Security Lab card for Raspberry Pi 2

$29.95, shipping in the US $6.45

fedora_infinity_140x140



Note: Shipping rate is valid only in the USA. Contact us for overseas shipping rates.


The choices of OS for Raspberry Pies haven’t been many, especially since the fading of the Pidora distribution. Raspbian has stayed the top choice, among some smaller players, as well as the Debian-based Kali ARM distro.

Kali is a great tool, but learning the basics of security testing with Kali is like going to the shooting range with a bazooka. If you’re not aware of the many (many) interactions, dependencies and moving parts, it can be dangerous.

The people at Fedora both produce an up-to-the-minute ARM kernel for Pi and other ARM computers, and they also sponsor “spins,” which are specially-configured versions of Fedora for a large number of uses – including security testing. You can find some basic information at https://labs.fedoraproject.org/de/security/.

We’ve taken the trouble out of setting up the boot scripts, installing Fedora 23, setting up the Security Lab, VNC Server so you can use VNC remote desktop access, the sshd so you can SSH in immediately, and much more. The 8GB Class 10 card has room for your files and is the highest speed category.

This OS and card are for the Raspberry Pi 2.

How to Set Up Our Raspberry Pi microSD Card

You are about to have so much fun.

We assume you have a Raspberry Pi and know how to put it together. Simply place our Fedora Security Spin (FSS) microSD card into your Pi and power it up.

You’ll be prompted for a user name and password, of course. Your user name is hacker and your password is hack2live. Do not leave this password unchanged! Open a terminal and type:

passwd

and then enter a good, stout password. Twice, to prove you can. Don’t forget it; this is for-real Unix and won’t make things easy for you if your do.

Be sharp about installing updates as they become available; Fedora will let you know about these.

Notes on Fedora on Raspberry Pi

This isn’t an installer. This is a ready-to-go pre-installed FSS environment designed for hacking students and security testers.

Our Pi card ships with VNC Server already set up and running. Once you know the IP address of your Pi (an nmap scan is a nice way) you can use any VNC client and connect on port 5910.

The sshd daemon is running too, so you can ssh to your Pi’s IP address using the default credentials.

The screen saver is disabled for two reasons. First, if your Pi goes into standby, it shuts down the wifi adapter and is notoriously bad at bringing it back up. Second, because you Pi doesn’t have a BIOS/CMOS, it doesn’t know what time it is at boot until it syncs to a time server, so as soon as you log in, the screen saver will lock you out, forcing you to log in again. If the screen saver is important to you the configuration can be set up in the GUI desktop tool.

This installation uses the default Fedora ARM kernel. There are other distros available that use an out-of-tree kernel, usually based on Ada’s work, to enable things like tiny touch screens. Compatibility with some of the testing tools is problematic, my kernel developer tells me, so for the sake of a good hacking experience we’ve stuck to the mainstream kernel. This is cool. As new kernels come out you’ll get them (or refuse the update if you want, but you don’t, usually).

Hacking to Live

Gosper's Glider Gun

Hackers are clever techies.

The word “hacker” actually has nothing to do with crime: a brilliant engineer would hack out a smart solution to the problem at hand, and consider it a compliment to be called a hacker. There’s a whole culture built on this idea: see https://en.wikipedia.org/wiki/Hacker_culture.

We are a community dedicated to learning and teaching. We don’t think knowledge should be deep, dark and secret – far from it. Everyone with the interest should be free to pursue hacking. Sure, if you want to, you can learn Linux and bash and networking. But you don’t have to do all those things, or any of those things, to be a hacker.

Consider how we do higher education: you are expected to take out loans and spend years living in poverty to get a college degree that may not fit anything in the job market, or even worse, might be passed by while you’re getting it. Who makes money on this arrangement? Hint: It is not designed for your benefit. You can be a brilliant hacker by learning skills that give you power – power because you are in demand. Hack the whole system by getting someone else to pay for your education!

We don’t restrict our discussion of hacking to just Linux, programming and networking, though we do talk about those things a lot. Feel welcome to bring us food hacks, lifestyle hacks, hacks of any and every system. Because that’s what we do: hack it to learn it, and hack it to teach it.