You can stop evade word bans with variants now

Some people believe that they can cheat “bad word detection” on Facebook by entering variants of a word. We’ve seen it, very much in the antivax movement lately where they obviously think “vaccine” is a banned word. Well, first of all: It isn’t. The bad thing here is actually the misinformation that is spreading, not the word itself. Ever since I saw the first “VA((INE” evade, I’ve been working – for fun – with the perfect word filtering for the vaccine. I’ve done this with regular expressions which is the ultimate weapon against stupidity.

This post has been created as an example of why you probably can stop doing those ridiculous tries to avoid being discovered by Facebook. It won’t help anyway. This tiny little regex takes most of the variants of the vaccine, regardless of what you put in the middle of the word and if you use caps lock to type it. I’ve also included another variant that is popular amongst antivaxxers: “Gift” (poison) and “injection”. I’ll leave you here, with a screen dump in the bottom so you can see the outcome of the expression.


For example, the above regex catches all of the words below.

  • vaccine
  • vaxxin
  • Vaksin
  • Va((in
  • Vakzin
  • Nervgift
  • injektion
  • vaxin
  • vacsin
  • vacksin
  • vargzin

You can try the combinations out yourself at

Posted in Uncategorized | Leave a comment

Russian hacker claims to have found a leaked 5G-database – So what did Hal Turner actually “break”?

A rumour about leaked “5G-databases from Sputnik-V” are traveling around internet. The posting speed is currently slow, since we’re in the middle of the summer. Fortunately it still seem to have lower impact in the Swedish anti-vaxxer-movement. And this is probably why I’m sitting here, writing about it – to get prepared, before it arrives.

Then what is this about?

First of all: There is this guy, Hal Turner (Harold Charles “Hal” Turner), who has this radio show. In short terms, according to Wikipedia, he’s an American far-right political commentator and convicted felon from North Bergen, New Jersey. Just so we know what we’re dealing with.

So what did he really do?

He apparently found a video recorded by a Russian “hacker” named Aleksey Kapyshev, who claims that he found a leaked database on the dark web. The database uncovers traceable vaccinated people’s data in realtime, including their GPS coordinates, whether they are asleep or awake, which firmware the injected chip has, etc. A quite sophisticated database in short terms.

Hal Turner states in his post – posted may 20 2020 – that “the video seems so compelling” and therefore “has to be passed on because it claims to show that VAX recipients can be tracked, in real time”. And we usually knows where assumptions leads us.

What he did not know, was that he probably got trolled and now helped spreading something that seem to have made parts of the antivaxxing movement quite upset. The video itself is currently unreachable from the website, but it has been reposted by a podcast called “Off grid desert farming with Paul & Adrienne”. And trust me, this is really blowing minds!

The both videos, the origin and the video from Aleksey himself is collected below if you dare to watch them.

Breaking down the “hack”

When we enter this video, we hear Aleksey starting to talk about the current situation. The absolute first thing I take note on, is the recording date, that is not really very hard to see: April 1. Great! Is this intentional? Probably.

Now, people may say that “it’s just an accidental coincidence”. But if it’s really just a coincidence, it really doesn’t make any sense that he executes ffmpeg during the first few minutes, anyway.

Most of us knows that ffmpeg does not work very well with databases, since it’s more like a swiss army knife for video and audio handling. According to the translation it also looks like the ffmpeg process is stated to be the hacked database, which makes the “intro” anything but a small talk session (some vloggers are known to play games while talking). And since there are moving data on screen, this is more than enough to consider the hack as confirmed for the antivaxxer movement.

But something is still missing! There are no personal data showing up! Just the video information from x11grab which is more about capturing the screen, than dumping a database. Oh, right. It’s not that kind of application. I remember now! Wouldn’t people actually reflect over this mismatching output? Especially since he “found all his vaccinated friends” in it?

Well. After a short while, Aleksey cancels the ffmeg-process, and says that he is about to connect to one of his friend – Ljosha – and his injected 5G chip. He states that he uses the data found in… umm.. ffmpeg?

During the connection process, he first tries to connect to with ssh. But since he apparently forgot to edit the hosts file with that name (see the name resolution error in the dump below), he changes the hostname to which points to – or localhost – instead. Since that is set in the hosts file. Besides, is a domain registered august 2020, by a private person. So it do exist for real too.

Now, to be clear here, localhost – – is the very local computer. So in this particular case, this is his own laptop.

Another thing to reflect over here, is that he says that he “is connecting to his friend Ljosha’s chip”, but he uses his own name in the connection string. Isn’t that weird too?

At approximately 2:48, he runs a sputnik-V-control command (thanks for sparing me typing this myself), that can be easily faked with very simple scripting. Console tools are wonderful when it comes to this! When the faked processing finished, a load of data shows up on the screen. Mostly sloppy masked. But still filled with some easter eggs. Or just carefully edited address info to make the video more legit.

The CPU parts that now shows up on the screen, that is passing through Ljosha’s veins might be quite big. So if he possibly dies, it’s because of the oversized microchip. And that would’ve been happened instantly, at the first vaccination date…

The GPS tracking

The firmware that can be seen in the data-section above is pkq1.180904.001 rev 9. It doesn’t say much but it seems to be traceable to a Xiaomi OEM build for Android 9.0. If this is intentional, I don’t know. But probably.

The street address Uvarovskiy Pereulok 4 (55.830634, 37.349542), that is mentioned in the video is actually pointing to a vaccination clinic in Moscow (some people has also been discussing about the fake video here). I guess the coordinates has been placed there to make things look more legit for “true believers” – and in case that someone really looks it up, it shouldn’t just point to a desert. Meanwhile, Ljosha is sleeping at the coordinates 55.805390, 37.419156 nearby. Of course – the clock is just 3 in the morning! Only me and Aleksey are awake…


This case has also been brought up, to the surface by Noel at The Unexpected Cosmology. Noel feels sorry for Ljosha. But that is probably not even necessary, since Ljosha is probably not sleeping, but dead, due to the oversized “micro”-chip put in his veins. Besides, the help of how to destroy the chip has already been posted in the comment section.

Thanks to politifact, Facebook’s fact checking system has marked this information as “partly false information”, even though it probably should be marked as “definitely false information”.

There is a shorter undetailed description in swedish, at the below Facebook page, in case that someone don’t understand anything of the above.

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , | Leave a comment

netcurl vs PHP 8.1

Since PHP 8.1 has a alpha release in place, I also took a chance yesterday to make sure that the netcurl 6.1 release still works when 8.1 go live “for real”. As it seems, there was just a few adjustments, that probably does not affect production environment even now. But why take any risks? Version 6.1.5 is therefore prepared to be 8.1-safe.

There will be further tests on this release, before it will be entirely closed.

As of this release, both github and the old bitbucket-server will have their own issue tracking. Since Atlassian is dropping all their server support 2023-2024, there’s probably not good to wait with any migrations until then.

Posted in Uncategorized | 1 Comment

DNSBL terminology will change with upcoming API upgrades

For not long ago, Microsoft owned Github chose to rename the terms “master” and “slave” from its system as the said words are criticized for being racially insensitive. GitHub’s┬ámove came amid ongoing protests against racism in the United States, after the death of African American George Floyd last May. Likewise, Apache’s SpamAssassin made the same decision about their black- and whitlisting system and renamed them to welcomelist and blocklist. Tornevall Networks will, when upgrading the upcoming API’s have the same approach.

Posted in Uncategorized | Leave a comment

Taking a new step with an API, with focus on the real applications

I’ve been in need for a generic API tool for long now. It all started for real with v3.x, which is the first “production like” API that is still in use and actually stable, despite the fact that I always create such code with lacking documentation. In this case, however, it is more of an incomplete interface but sometimes with less consequent behaviour. Building from scratch has been preferred for a long time, but it sometimes leads to more incomplete code, especially when projects are growing. The ToolsAPI is the first API engine that is not being built from scratch. This time, we have an interface which handles all routes and all authorizations

The ToolsAPI is based on JWT, and for the moment we are no longer using basic auth and we are now focusing on the real stuff and not the time consuming problems. To make sure the project will not be mixed up with TorneAPI, the new project name is ToolsAPI, since it is more or less an API for handling different kind of network tools.

That said, I’ve summarized the plans – this far – which is also documented on the link below.

Posted in Uncategorized | Leave a comment

Real life environment issue requires actions

It was not long ago, I planned to start working with a new API. There’s currently a version 3 out, that handles most DNSBL services and some other services. However, since I am a huge Marvel fan I’ve realized that not all sites that I monitor actually runs a proper RSS flow.

FnargBlog once made a RSS-scraping tool that fetched a bunch of flows and the matched the content – to monitor content changes. The scraping was moved to Tornevall Networks, but the source quickly went outdated.

Now, as we wait for big things to happen in the Marvel Cinematic Universe since the Disney investor meeting presented the plans for 2021, I realize that there are some sites that I try to monitor that lacks RSS feeds. I can monitor a log of RSS-feeds – amongst them Google, but I stil miss important twitter flows and such.

That said, I guess I have to create a new RSS-scraper ASAP, with support for Twitter. However, this time I need to create the output rss feed myself aswell. This will hopefully in short be able to implement in API 4.0 – during a period when testing (and since there are very little user authentication mechanism in place), the feed might work as is for free.

To be continued…

Posted in Uncategorized | 1 Comment

What’s done in spare time (segment catching experiment)

This is a first live example of how to download file segments (for example video files) from a single playlist (like a m3u-manifest) by only using netcurl as a download library, and what sometimes happens on spare time.

The project can be watched at or

So what is this?

Basically, it is an example of what people can’t explain. Once upon a time, I got curious on how playlist manifests was built and how they could be downloaded and merged into one file. The most common way to do this with for example a shell script was to simply use curl from the command line:

curl -s <url> >manifest.file
cat -s manifest.file |grep -v ^#| awk '{system("curl -sS <extraUrlData>"$1 " >>merge.file")}'    

However, I quickly realized that it wan’t enough, since some playlists was delivered with multiple segments. By just downloading everything into same joined filed could simply destroy the content, or disrupt it. On this journey, I realized that I actually could use the tornelib-php-netcurl library to do the dirty work for me. So I wrote this project, to see whether it worked or now. It better, since it has been widely used in various ecommerce project, where reachability is the primary key to success. However, this was about binary files, so the expectations with netcurl project was quite high. If it, in reality, can’t handle binaries I can just throw it to the garbage.

So here we are with the first successful live example of how to use a binary safe downloader to fetch multiple segments from a playlist. The linked project has a README-file that explains more.

Posted in Uncategorized | Leave a comment

PHP 8.0 is now delivered with apt repositories

Last time I checked, PHP 8.0 RC1 had to be manually compiled so tests could join the suite. But I just discovered that PHP 8.0 is now delivered with the “ondrej PPA“. This also means that PHP 8.0 is no longer required to be manually compiled.

Posted in Uncategorized | Leave a comment

netcurl 6.1.1 is imminent and ready for PHP8

PHP 8.0 alpha3 was released 23 july and netcurl has been tested together with this release. It turns out that a few changes has been made in the core of curl that enforced a minor patch in netcurl for it to work properly again. In short, it is about how curl is presenting itself in v8.0, which is no longer as a resource. It instead returns objects on curl_init, generating a CurlHandler, CurlMultiHandler, etc.

You can read about the change at while waiting for the upgrade.

The Bamboo test suite now also includes PHP 8 tests, starting with PHP 8.0alpha3.

Posted in Uncategorized | Tagged , , | Leave a comment

database driver (tornelib-php-database 6.1.0) is now up to date

It has been planned for a long time now, and the sprint was set to be finished next year. But the project was smaller than I thought so the database connector was released yesterday. The purpose is not – again – to reinvent the wheel. It is used to autodetect best available driver on platforms it is being installed on. Instead of being forced to adapt, this driver is as netcurl; adapting to the platform. However, this version is limited to PHP 5.6 and above.

The packagist codebase has also, like many of the other packages used by composer via packagist, been moved to github to be better available on service distruptions that seems to be quite common on a bitbucket cloud. The codebase is however still self hosted at – so the github collection is just a mirror.

By all means, this also takes us a bit closer to the entire library/API we’re targeting.

Posted in Uncategorized | Leave a comment