explain xkcd - User contributions [en]

73: Zeppelin

2021-07-04T12:09:39Z

162.158.203.23: /* Explanation */

{{comic
| number = 73
| date = March 10, 2006
| title = Zeppelin
| image = zeppelin.jpg
| titletext = A tribute to Buttercup Festival
}}

==Explanation==
A {{w|Zeppelin}} is a type of rigid dirigible aircraft, used in the early part of the 20th century for commercial airline traffic. They were well known for being the most luxurious, comfortable air travel of the time. The {{w|Hindenburg}} disaster, as well as World War II, led to the end of their use as commercial airliners. Also associated with the Zeppelin name is a particular design of wristwatches,[http://www.pointtec.de/zeppelin/] notable for having the word "Zeppelin" at the top of the dial, at or under where the number 12 would be. In this comic, [[Randall Munroe|Randall]] implies that, since the hour hand of the watch is pointing to the word Zeppelin, it is time for a Zeppelin to appear in the sky.

The title text refers to the webcomic {{w|Buttercup Festival}}, which, at the time of this comic, was defunct. It was later revived by the author then defuncted again in 2015 and revived, again, in 2019. As of 18/07/20, the comic is running its third series. It is a tribute to Buttercup festival in the way it interprets things in the world naïvely and literally to achieve humour, in a simple yet effective and uncontrived way.

==Transcript==
:Cueball: What time is it?
:[Picture of a Zeppelin style watch, indicating the time about 12:13 o'clock.]
:[Cueballs look up at the sky.]
:[A huge Zeppelin is visible in the sky.]

{{comic discussion}}
[[Category:Comics featuring Cueball]]
[[Category:Airships]]
[[Category:Multiple Cueballs]]
[[Category:Comics with lowercase text]]

explain xkcd:Sandbox

2021-06-15T16:13:26Z

162.158.203.23:

__NOINDEX__ [[Category:explain xkcd]]
Make changes, try things out, or just have fun with the wiki here! Just leave everything above the line alone, please. 
>[http://www.explainxkcd.com/wiki/index.php?title=explain_xkcd:Sandbox&action=edit&oldid=91667 clear sandbox]
------
[[File:Header.png|900px|center]]

[[User:Beanie|Beanie]] [[User talk:Beanie|talk]]

oh god help why is 'talk' STILL BLUE IT SHOULD BE WHITE (hex code 'DDDDDD')

Hello sandbox!

2452: Aviation Firsts

2021-04-20T09:06:58Z

162.158.203.23: /* Transcript */ added brackets to visualise checkboxes better

{{comic
| number = 2452
| date = April 19, 2021
| title = Aviation Firsts
| image = aviation_firsts.png
| titletext = Mile High Club membership [✓] [ ] Discovery of parts of Amelia Earhart's skeleton [ ] [ ] Mid-flight incident that results in safe landing on the Hudson River [✓] [ ]
}}

==Explanation==
{{incomplete|Created by a DRONE ON MARS. Put a table detailing all the events of the achievement checklist with an Earth and Mars column. Do NOT delete this tag too soon.}}
This comic is made in light of recent events of the [https://twitter.com/NASAPersevere/status/1384209173924089863 Ingenuity probe's first flight on Mars]. Now that Ingenuity has completed its first flight, it marks the first controlled powered flight on Mars. The previous categories were completed by the first space probes to reach and then land on Mars, while the remaining have only been completed on Earth, and grow steadily more bizarre and more specific, extending to the title text.

===Events referenced===
* Development of the {{w|Hughes H-4 Hercules}} (the "Spruce Goose"), a wooden airplane and the largest flying boat ever constructed. The Hercules was designed by aviation pioneer (and, laterly, famed recluse) Howard Hughes. The design was intended as a lightweight transoceanic transport for the the military, but the prototype (built out of wood because of aluminum shortages during the 1940s) was not completed until well after the end of the Second World War and only actually flew a single time in 1947
* The 1971 hijacking of Northwest Orient Airlines flight 305 by a man who bought a ticket under the pseudonym {{w|D. B. Cooper|"Dan Cooper"}} (but popularly known as D. B. Cooper). Cooper was given a $200,000 ransom and then he jumped out of the plane and was never found. (D. B. Cooper was previously mentioned in [[1400: D.B. Cooper]] and [[1501: Mysteries]].)

The title text refers to the following:
* The {{w|mile high club}} is a slang term which refers to having sex while onboard an airplane.
* {{w|Amelia Earhart}} was a female aviator who went missing in 1937 while attempting a global circumnavigation flight and has never been found. (Amelia Earhart was previously mentioned in [[1501: Mysteries]], [[950: Mystery Solved]], and [[2197: Game Show]].)
* The {{w|US Airways Flight 1549|Miracle on the Hudson}} was a 2009 incident in which a plane struck a flock of geese shortly after takeoff and lost power in both its engines. Captain Chesley Sullenberger successfully landed the plane in the Hudson River (in New York) with minimal injuries to the passengers onboard.

==Transcript==
{{incomplete transcript|Do NOT delete this tag too soon.}}

:            Earth         Mars
:Flight      <big>[✓]</big>       <big>[✓]</big>
:Landing <big>[✓]</big>       <big>[✓]</big>
:Controlled landing<big>[✓]</big>       <big>[✓]</big>
:Controlled powered flight <big>[✓]</big>       <big>[✓]</big>
:Loop <big>[✓]</big>       <big>[ ]</big>
:In-flight meal <big>[✓]</big>       <big>[ ]</big>
:Planetary circumnavigation <big>[✓]</big>       <big>[ ]</big>
:Enormous wooden aircraft built by a reclusive billionaire that flies exactly once <big>[✓]</big>       <big>[ ]</big>
:Hijacking by someone dubbed "D.B. Cooper" who demands money and then jumps out mid-flight to an unknown fate <big>[✓]</big>       <big>[ ]</big>

{{comic discussion}}
[[Category:Mars rovers]]
[[Category:Charts]]
[[Category:Comics featuring real people]]
[[Category:Sex]]

Talk:983: Privacy

2021-01-09T04:10:06Z

162.158.203.23:

If your roommate's in a raid, he's not gonna turn around and notice you shacking up any time soon. World of Warcraft is serious business. '''[[User:Davidy22|Davidy22]]'''[[User talk:Davidy22|<tt>[talk]</tt>]] 06:55, 2 February 2013 (UTC)

Is the transcript the original one? [[Special:Contributions/108.162.216.45|108.162.216.45]] 21:51, 29 November 2013 (UTC)
:No, the name Cueball is never mentioned by Randall. But in general it is close to the original one at all.--[[User:Dgbrt|Dgbrt]] ([[User talk:Dgbrt|talk]]) 22:23, 29 November 2013 (UTC)

I don't see how the tour for visiting Nelson Mandela could be interpreted as suggesting that Nelson Mandela was in the rare book collection and the tour was going to visit him - that just seems ridiculous. It's pretty clear that Nelson Mandela's visiting the library. --[[Special:Contributions/199.27.130.143|199.27.130.143]] 13:38, 11 August 2014 (UTC)
:Agreed. I have fixed the entry to reflect the same. It's worth noting that you could have done it first, and explained your edit here. This is, after all, a wiki editable by anyone. [[User:Orazor|Orazor]] ([[User talk:Orazor|talk]]) 09:56, 12 August 2014 (UTC)

Is the fact that the roommate says Tuesday a joke on how long raids can last? That he can reply with a day of the week rather than a time? I think I have seen jokes about the lengths of raids in other places, but I'm not sure. [[User:Athang|Athang]] ([[User talk:Athang|talk]]) 21:43, 20 August 2014 (UTC)
: Well if it's WoW then Tuesday is reset and maintenance shutdown day (usually). -Pennpenn [[Special:Contributions/108.162.250.155|108.162.250.155]] 05:15, 13 February 2015 (UTC)

This is a larger idea, so I didn't want to add it without running it by people: Might it be that the visiting Nelson Mandela is a joke about the stereotypical priorities of college students? I.E. that Megan and Cueball are so engaged with the idea of hooking up that a visit from a notable figure is ignored. {{unsigned|Xkcdeal}}

At first, I thought the "other dorm" one was showing the roommate setting up a {{w|RAID}} array... [[User:Whoop whoop pull up|Whoop whoop pull up]] ([[User talk:Whoop whoop pull up|talk]]) 19:01, 28 April 2017 (UTC)

This is just applied Murphy's Law, isn't it? [[Special:Contributions/103.22.200.240|103.22.200.240]] 23:31, 13 February 2019 (UTC)

A positive consequence of this law: not desiring hookup provides large (infinite?) amount of private space. [[Special:Contributions/162.158.203.23|162.158.203.23]] 04:10, 9 January 2021 (UTC)

986: Drinking Fountains

2021-01-09T04:03:35Z

162.158.203.23: /* Explanation */

{{comic
| number = 986
| date = December 5, 2011
| title = Drinking Fountains
| image = drinking_fountains.png
| titletext = I've always wondered whether you could drink slowly enough, and eliminate fast enough, that you just sort of peed continuously. But I'm afraid to try because I worry someone might call while I'm doing it and ask what I'm up to, and I won't be able to think of a lie.
}}

==Explanation==
Here, we see [[Cueball]] using the restroom; as the title text indicates, he is eliminating the liquid waste from his body, or peeing. Some people feel a brief compulsion to urinate after drinking, even if they don't actually need to. Cueball says that he avoids the use of the drinking fountain right after peeing, because he is apparently one of these people and he is afraid that he will be forced into immediately peeing again. And as in the image above, he would be stuck in a loop. A loop is a computer science term, but also used elsewhere, to indicates going through the same steps over and over again. In this case, the bathroom and drinking fountain form an infinite loop, which, when used about computers, refers to a loop which never ends,{{Citation needed}} eventually crashing (or hanging, which might actually be worse) the computer, which is therefore a situation to be avoided at all costs.

The title text says Cueball/[[Randall]] would be embarrassed in trying to explain his experiment to someone, as an experiment of this nature seems interesting to geeks but gross to non geeks (and to geeks too, if we're being honest), and he wouldn't be able to lie about what he was doing if called by someone.

A thread on yahoo answers [https://answers.yahoo.com/question/index?qid=20081204204655AApXIEA] with a (purported) Biology major concluded that drinking from a hose and peeing at the same time would not work: the kidneys can only process so much pee at a time, and the majority of it is re-used. But since the experiment doesn't put a lower boundary on the flow that would be regarded as an ongoing pee, this objection is invalid. Constantly sipping and dripping might be possible.

==Transcript==
:[Cueball leaving a public bathroom. A water fountain is next to the bathroom door. An arrow points to the next panel.]

:[Cueball drinking from the water fountain. An arrow points to the next panel.]

:[Cueball reenters the bathroom. An arrow points back to the first panel.]

:I avoid drinking fountains outside bathrooms because I'm afraid of getting trapped in a loop.

{{comic discussion}}
[[Category:Comics featuring Cueball]]

1353: Heartbleed

2020-12-30T16:14:57Z

162.158.203.23: /* Explanation */ I don't think it would lead to destruction of information, at least, not directly

{{comic
| number = 1353
| date = April 9, 2014
| title = Heartbleed
| image = heartbleed.png
| titletext = I looked at some of the data dumps from vulnerable sites, and it was... bad. I saw emails, passwords, password hints. SSL keys and session cookies. Important servers brimming with visitor IPs. Attack ships on fire off the shoulder of Orion, c-beams glittering in the dark near the Tannhäuser Gate. I should probably patch OpenSSL.
}}

==Explanation==
The {{w|Heartbleed bug}} refers to a critical bug in the {{w|OpenSSL}} cryptographic library. This bug was publicly revealed on Monday, 7 April 2014. Due to a programming error in OpenSSL versions 1.0.1 through 1.0.1f — meaning the bug had existed for two years — attackers could read random server memory by sending specially prepared HeartbeatRequest messages to an affected server.

OpenSSL is a very commonly used library to implement {{w|SSL/TLS}}, a cryptographic protocol not only used to secure web traffic but also for mail clients and much more. Only the user and the server can read the communication. On the web the protocol is ''https://'' (HTTP Secure), instead of the open ''http://'' standard. SSL is often used to protect sensitive web traffic, such as login requests, which contains the user names and passwords in the requests. The server sends a certificate to the browser before the secure connection is established. If the certificate is registered the browser accepts it automatically, otherwise the user gets a popup to accept or reject this insecure certificate.

A vulnerability that lets an attacker read random clumps of memory on the server would possibly let an attacker find recent username/password requests, allowing them to gain unauthorized access to user accounts. Even worse, this vulnerability could read the server's private key, enabling anyone to impersonate the server and/or decrypt any future traffic that relies on that key, and any previously-obtained prior traffic also, unless a "perfect forward secrecy" cipher is used. Furthermore, the Heartbleed exploit occurs during the handshake phase of setting up a connection, so no traces of it are logged, i.e. you can be attacked and never be the wiser.

More information is available at [http://heartbleed.com heartbleed.com] or under the reference [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160 CVE-2014-0160 at nvd.nist.gov].

In the last panel, Megan interprets Cueball's question ("is '''everything''' compromised?") expansively. She responds that, being a computer bug, Heartbleed can only affect information which is stored on computers. Cueball concludes that information recorded in analog media, such as that written on paper or etched in clay tablets, is safe. Megan adds that imaginations are also unaffected by Heartbleed, and Cueball is reassured. The reader may wonder how our society would fare in the face of the leakage of all electronically stored private information, but having our imaginations intact is certainly reassuring.

The title text cites the {{w|Tears in rain soliloquy}}, the dying words of the replicant and main antagonist Roy Batty (played by {{w|Rutger Hauer}}) in the 1982 film ''{{w|Blade Runner}}'', implying that the 64KiB HeartBleed buffer is so complete it includes memories from replicant brains. This is ironic as in the soliloquy, Roy Batty stated "All those moments will be lost in time".

The title text also suggests to patch OpenSSL oneself, which might refer to the patched version of OpenSSL by Debian, which turned out to be vulnerable in 2008, and was the topic of [[424: Security Holes]].

===Heartbleed===
In addition to the below, see [[1354|xkcd's explanation]] in the next comic.

{{w|Transport Layer Security}} (TLS), the successor to {{w|Secure Sockets Layer|SSL}}, is a protocol that provides end-to-end encryption for data transmitted over the internet, and is described in [http://tools.ietf.org/html/rfc5246 RFC 5246]. The Heartbeat extension to TLS introduced in 2012 (described in [https://tools.ietf.org/html/rfc6520 RFC 6520]) provides a protocol for keeping an encrypted TLS session alive (preventing inactivity timeouts), so you do not have to do a costly TLS handshake with the server for subsequent transfer of information.

The Heartbeat protocol involves the client sending a packet with an arbitrary payload (often a random 16 to 32 byte number) that the server periodically sends back to the client to tell the client that the TLS session is still alive. When the client sends the packet to a vulnerable version of OpenSSL, the OpenSSL server reads a <code>payload_size</code> from the header sent by the client. This is a 2-byte number (0 to 0xffff=65535) that is supposed to describe the size of the payload. The OpenSSL library writes the payload to memory, but it does not check that the size of the payload written to memory matches the <code>payload_size</code> taken from the client's header. When the vulnerable server sends back the Heartbeat KeepAlive response to the client, it will readout <code>payload_size</code> number of bytes and send them back to the client. If you send a payload that is actually 16 bytes, but claims it is 0xffff bytes you will read the next 64KiB of memory of the vulnerable process starting from wherever the payload was written. An attacker can repeat this attack many times and can do this attack early in the TLS handshake, so the attack will not in any way be logged unless they are logging every incoming packet which is not typical and would result in many passwords being logged. As private keys often have an identifiable format, it is often possible for an attacker to find the private TLS key, so if they eavesdrop on network traffic they can decrypt and/or alter it. For more detailed information see: [http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html 1], [http://security.stackexchange.com/a/55117/2568 2], [https://news.ycombinator.com/item?id=7549943 3].

It is worth noting that modern operating systems use a {{w|Virtual Memory#Usage|virtual memory}} abstraction above physical memory. This means every process can only access memory assigned to it, so it would be impossible for a vulnerable web server to read memory assigned to another process (like a text editor that has erotic fan fiction stored to memory) on the same computer. For more info, see: [http://security.stackexchange.com/a/55271/2568 4].

It also should be noted that this heartbleed bug only affects certain versions of OpenSSL, and does not affect other TLS/SSL implementations, or OpenSSH which does not even use the TLS protocol, but uses the SSH-2 protocol (described in [http://tools.ietf.org/html/rfc4251 RFC 4251]). SSH is typically used for remote logins on unix and linux computers.

Vulnerable sysadmins need to update to a patched version of OpenSSL or one with the Heartbeats disabled. Unless their TLS keys were protected by hardware, they probably also need to revoke their old TLS keys, and generate new TLS keys. To learn how to do this visit [https://leo-green.com Leo Green]. There you will find all the information you need.

Users of vulnerable systems should change their passwords after the sysadmins have revoked their old key and issued new ones (as their passwords may have been compromised). Users can check whether a given website is vulnerable via a [http://filippo.io/Heartbleed/ Heartbleed test also available as open source]. The [https://lastpass.com/heartbleed/ Lastpass heartbleed diagnostic] also indicates whether the signature on the TLS key predates the publication of the heartbleed vulnerability.

The [https://github.com/openssl/openssl/commit/bd6941cfaa31ee8a3f8661cb98227a5cbcc0f9f3 vulnerable commit] was introduced Dec 31st, 2011 by Robin Seggelmann, the first co-author of the heartbeats RFC, and went live when OpenSSL version 1.0.1 was released on 2012-03-14 and the vulnerability was widely announced 2014-04-07.

==Transcript==
:Megan: Heartbleed must be the worst web security lapse ever.
:Cueball: Worst so far. Give us time.

:Megan: I mean, this bug isn't just broken encryption.
:Megan: It lets website visitors make a server dispense random memory contents.

:Megan: It's not just keys. It's traffic data. Emails. Passwords. Erotic fanfiction.
:Cueball: Is '''''everything''''' compromised?

:Megan: Well, the attack is limited to data stored in computer memory.
:Cueball: So paper is safe. And clay tablets.
:Megan: Our imaginations, too.
:Cueball: See, we'll be fine.

{{comic discussion}}
[[Category:Comics featuring Cueball]]
[[Category:Comics featuring Megan]]
[[Category:Computers]]