Good.

Maybe you’re surprised to hear that coming from me, someone who’s dedicated more than a few words to the power of crypto to change the world. Did I suddenly have a change of heart? Did I jump on the Paul Krugman bandwagon and finally realize that Bitcoin is evil? Did I join the naysayers who laugh with glee every time the price drops and arrogantly shout that Bitcoin is going to zero?

Nope.

I say good because the circus has finally left town. The cameras have packed up and gone home. The reporters are losing interest. The story is finished.

And now the crypto community can get back to doing the hard work of building the future in peace and quiet.

I’ve always said the bubble would burst and in the long run it wouldn’t matter in the least. In retrospect I think Bitcoin getting to $20,000 so fast was the worst thing to ever happen to the community. For years, Bitcoin was nothing but Internet geek money and something to laugh at, but when Bitcoin’s price rocketed higher and higher, it suddenly became something else entirely:

A threat.

Bitcoin’s furious rise scared the hell out of banks and governments everywhere. Banks saw their business models crumbling as programmable money took the world by storm and governments feared they might lose their iron-fisted control of the money supply. Authoritarian regimes raced to crush it. Regulators came out in force. The press unleashed a torrent of articles filled with fear, uncertainty and doubt.

But now as Bitcoin’s price recedes the frenzy of ignorance and fear will die with it and the community can get back to work.

It’s hard to do your work under the eye of Sauron.

When centralized powers feel like they’re under attack they lash out in fear and rage. They respond with a hundred times the firepower. There’s no way to win that fight head on. In a stand up fight, firepower always wins.

But now Bitcoin doesn’t have to win. It can go back to flying under the radar, laughed at and mocked, nothing but a toy for nerds, its critics confident it’s going straight to zero.

The powers that be can rest easy. Just like the Neanderthals who once beat back a horde of invading Homo Sapiens in the Levant, they can cheer and feel safe again. They can sleep soundly in their caves, knowing the threat has passed. They can keep using their stone and wood tools and not worry about those strange iron tools the foreign invaders had with them.

Bitcoin has a huge opportunity. It lost the first battle but it survived. Now it can retreat and regroup.

Most importantly it can evolve.

There’s an old Chinese proverb:

韬光养晦.

Hide your light, nourish in darkness.

Whether you know it or not, cryptos got a big, big break. Be grateful for the crash. Now the eye of Sauron will turn to new imaginary boogeymen.

It’s already started.

The real economy is teetering on the brink.

The DJI’s chart is starting to look exactly like Bitcoin’s right before it crashed hard.

The DJI faces whipsaw plunges and rises, the sign of a market in trouble.

A looming trade war threatens to throw the world into chaos. The tech companies that powered the modern economic miracle face a furious backlash with some people in power looking to break them. They imagine we can turn back the clock and return to a quieter, simpler age where everyone bought their books and batteries in small, local shops.

It won’t work. The cozy little neighborhood bookstore is gone forever because they’re already selling on Amazon and eBay and reaching a thousand times more customers. Even they don’t want to go back to waiting on foot traffic in the neighborhood while they desperately try to make rent.

You can’t fight the future.

During the Edo period of feudal Japan, the Shogun managed to keep guns off the island for a hundred years.

But eventually gun beats sword.

And things move much faster now. Evolution quickens with each revolution. The hunter gatherer period lasted for almost two million years, but the agricultural revolution lasted for only twelve thousand before the scientific revolution exploded onto the scene five hundred years ago and remade the very fabric of society once again.

Change is speeding up, not slowing down.

Any attempt to stop it is just stacking sandbags against a tsunami.

Despite losing hours of sleep to excitement, I interviewed much better than I’d anticipated. My interviewer (the senior project manager) and I were both very pleased with my answers. I answered confidently with minimal hesitation, and my answers were well-formed. Ultimately, I was provided an offer — but not for the position. I’ll get to that later.

Even if I were given the chance, I would not reverse time to change my answers. I answered truthfully and built rapport with my interviewer.

Here are some highlights of today’s interview.

Important Interview Questions

Question: How do you approach engineers to collaborate with your projects?

Answer: I learn from CFTs about the other projects they’re juggling, so I give engineers space to focus on higher priorities. I follow up sparingly, but I help them understand their two or three hours’ worth of effort to offload their workload to my department will rid them of further distractions.

Feedback: That was exactly what my interviewer wanted to hear. How does this work benefit the engineers? Leveraging the manager card to say it’s because you (or your boss/stakeholders) said so are poor motivators. Help them recognize the value they deliver for themselves and their projects.

Question: What have you researched and learned about the Project Manager role?

Answer: I understand it requires people skills, which is one of my strengths. There’s a balance. On one hand, I need to please my stakeholders and their demands. On another, I want to trust engineer feedback about realistic timelines and blockers.

Feedback: My interviewer interrupted me to emphasize the significance of my answer. He said I was right. The balance between pleasing stakeholders and keeping teams on track is the among the most difficult challenges for project managers, and a big contributor to failure. It is important to recognize this reality and bear the weight of pressure from both stakeholders and engineers, who all assume they know better than the project manager.

Entering Pwn2Own is a daunting endeavor. The targets selected are often popular, already picked over devices with their inclusion in the event only increasing the amount of security researcher eyes pouring over them. Not only that, but it’s not uncommon for vendors to release last minute patches for the included targets in an effort to thwart researcher findings. This year alone we see that both TP-Link and NETGEAR have released last minute updates to devices included in the event.

Unfortunately, we fell victim to this with regards to a planned submission for the NETGEAR Nighthawk WiFi6 Router (RAX30 AX2400). The patch released by NETGEAR the day before the registration deadline dealt a deathblow to our exploit chain and unfortunately invalidated our submission. A few posts on Twitter and communications with other parties appear to indicate that other contestants were also affected by this last minute patch.

That said, since the patch is publicly available, let’s talk about what changed!

While we aren’t aware of everything patched or changed in this update, we do know which flaw prevented our full exploit chain from working properly. Basically, a network misconfiguration present in versions prior to V1.0.9.90 of the firmware inadvertently allowed unrestricted communication with any services listening via IPv6 on the WAN (internet facing) port of the device. For example, SSH and Telnet are operating on ports 22 and 23 respectively.

Prior to the patch, an attacker could interact with these services from the WAN port. After patching, however, we can see that the appropriate ip6tables rules have been applied to prevent access. Additionally, IPv6 now appears disabled by default on newly configured devices.

We’d also like to point out that — at the time of this writing — the device’s auto-update feature does not appear to recognize that updates are available beyond V1.0.6.74. Any consumers relying on the auto-update or “Check for Updates” mechanisms of these devices are likely to remain vulnerable to this issue and any other issues teased over the coming days of Pwn2Own Toronto 2022.

More details can be found on our security advisory page here. We’ll have more information regarding other discovered issues once the coordinated disclosure process for them has been concluded.