Insane Internet Dramas

Added: 2026-05-10

[00:00:00]The GitHub situation just got worse.

[00:00:02]What was bad about it in the first place?

[00:00:03]>> If you live in the world, you've probably heard about GitHub. And you've probably heard that GitHub is having a really rough month. Starting with pull requests that when pulled in would undo previous pull requests causing entire merges to get reverted and engineers to get yelled at, as well as major projects by large developers like Mitchell Hashimoto's engineers to get yelled at, as well as major projects by large developers like Mitchell Hashimoto's.

[00:00:27]>> Wait, I didn't understand that. pull requests that when pulled in would undo previous pull requests causing entire merges to get >> Is that the vernacular? I feel like that would be really confusing. Would you say a pull request pulled in? That's a merge, right? Do they say pull request pulled in? I don't [ __ ] program. I feel like did you pull? Yes. Why isn't it merged? Why I did a pull request for my own branch? I meant pulled in the pull request. Reverted and engineers.

[00:00:50]Oh, get yelled at. as well as major projects by large developers like Mitchell Hashimoto's Ghosty removing them from GitHub, saying that GitHub is no longer a serious place for serious work. Damn. Now, GitHub has responded trying to provide a solution to the problem, saying, "Sorry, that's the common vernacular, and I blame GitHub for naming it pull request instead of merge request." Oh, I would have assumed that like a pull request was like a fork request or whatever. Like you're asking to start working on your on your own branch or whatever. You request that they pull your code. Oh, that sounds super confusing. Oh well, [ __ ] me, I guess. Damn. And quoting a graph where green line go up. Now, I do want to highlight the problem that GitHub has to solve is actually very difficult. And while this is fairly comical, this is a problem that I personally could not solve. So, props to the GitHub team for trying to solve this. This is mostly in justest. But amidst all the chaos, I I saw all these articles about the GitHub saying sorry, the pull request migrations. And then in the same Twitter thread, I saw, oh, by the way, Whiz Research hacked github.com and it only took a single push, a single push to GitHub, compromised GitHub. Let's talk about how they did it. It's actually it's beautiful. It's it's fantisimo.

[00:01:59]Now, I am going to riff on an article from whiz.io, so go check out their >> What does GitHub have to do with Linux?

[00:02:03]Well, GitHub is where everything is like built for software. So Linux was like made kind of like in GitHub like GitHub is where you make code with other people and then so it goes like coders GitHub and then your compiler and then machine assembly code and then roller coaster tycoon too article for more details they did a great job here and also they have collaborated with GitHub so this bug is fixed but it's really neat what they found out to understand how this works we have to go into kind of the architecture of GitHub right what happens under the hood when you make a git push so on the left you have your user pushing data to GitHub over SSH very common use and over there and when you land in GitHub you land in this binary called Okay, wait, hold on. I'm actually confused. Wait, so what's the difference between get push and a and a pull request or when you use git push?

[00:02:43]There's no way that git push is a pull request, right? That would just be the most insane vernacular ever, right? Push is inside your own directory. They are not the same. Push sends your commits to remote. How is that different than push is an action from git? GitHub is a different Okay, hold on. Okay. Git request a pull generates a request asking your upstream project to pull changes into their tree. Upstream project means the one that you forked from. Is that correct? Call it a fork.

[00:03:11]The request printed to the standard output because of the rich. Okay. Okay.

[00:03:14]And then get push updates one or more branches, tags or other references in a remote repository from your local repository and sends all necessary data that Oh, so the master Oh, I'm sorry. I mean the what do they call it now? I don't want to be offensive. The main branch would push updates to remote branches that are being worked on, I guess. Okay, whatever. All right. Wait.

[00:03:36]No. Yes. No. Okay. Babbled. Babble D. I think Bab is actually going to be the Babbled D for routing where you use a distance vector routing protocol to figure out what node to go to. I'm assuming kind of like a load balancer.

[00:03:46]I'm not sure.

[00:03:46]>> Does GitHub use Git for their like development? What would you call it?

[00:03:49]Pipeline workflow. Does everybody basically does every major software project in the world more or less use Git now or is that not true? Yes. No.

[00:03:57]Yes. Yes. Yes. Yes. I'm going to assume yes. All right, >> that's what it's used for. But at the end of the day, you land in Babbleda.

[00:04:02]When talking to Babbled, you're able to use push options. Push options are a part of the normal git spec where you can literally just include strings that get sent to the git server. Maybe you have a custom application that catches the commit. Maybe you have a pre-commit hook that runs that ultimately depends on some custom data. You can set up your environment to push certain data to the server that you may need to customize.

[00:04:22]Now, under the hood, what Babeld is doing is it's taking all these push options and converting them. I'm sorry I have to be this needs 100% of my brain.

[00:04:31]Hold on.

[00:04:31]>> into kind of the architecture of GitHub, right? What happens under the hood when you make a git push. So on the left you have your user pushing data to GitHub over SSH. Very common use. And over there and when you land in GitHub you land in this binary called Babel. Hold on. I'm sorry. If you're using git, does the project have to be hosted on GitHub?

[00:04:48]There's no way, right? Like you can run your own. Okay. So this is assuming you are pushing to a git on git hub I think right is that babbled d I think use a git push. So on the left you have your user pushing data to github over ssh very common use and over there and when you land in github you land this binary called babbled babbled I think babbled is actually going to be the babbled for routing where you use a distance vector routing protocol to figure out what node to go to. I'm assuming kind of like a load balancer. I'm not sure if that's what it's used for, but at the end of the day, you land in Babbleda. When talking to Babbled, you're able to use push options. Push options are a part of the normal git spec where you can literally just include strings that get sent to the git server. Maybe you have a custom application that catches the commit. Maybe you have a pre-commit hook that runs that ultimately depends on some custom data. You can set up your environment to push certain data to the server that you may need to customize.

[00:05:41]Now under the hood, what Babbled is doing is it's taking all these push options and converting them into a single HTTP header. This header is an Xstat header which is going to contain all the data inside of all of your push options. This is likely because the protocol that carries the push options is some binary protocol over SSH and we have to talk between Babeld and Git RPCD over some other protocol maybe HTTP. So to pass that same data all the push options get put into this Xstat header.

[00:06:08]Not a big deal. Ah, but enter a 30-year-old problem. Input sanitization.

[00:06:14]How do we format HTTP headers? We format HTTP headers via the RFC that says you have the header name, a colon, a space, and then the contents of that header ended by a semicolon. But what happens if Babeldu doesn't sanitize semicolons coming in from the user on a git push?

[00:06:32]Are these still like a real thing that Well, I guess they are because we're about to hear about it, huh? Well, would you >> normally when you're sending text to something or when you're programming something, you might have some I don't know any of the actual words. I'll just call this like a function, but like your function is going to have some I don't know if you could refer to it as like a string of text or whatever, but I think um when people refer to like sanitizing inputs or outputs, I think you're you're just you're ensuring that whatever is being passed through is absolutely only being passed through as some kind of like text field. You're never going to like have a program that's reading text as like commands. So, this was like it's one of those things that's like I think like Babby's first programming problem, but it like it crops up in weird ways in other things. Um, if you've ever seen the jokes of like, oh, like I named my child uh I named my child drop table or whatever. I don't even know the formatting for this. The joke being that like if um if there was a database with not with that doesn't sanitize its data inputs which shouldn't exist anymore.

[00:07:32]But like if you were to type this in whenever it's read by some program it'll just drop all of the data out of the database essentially deleting it all because it's not reading the field as text. It's only reading it as commands.

[00:07:44]But then I guess sometimes when you're working with a ton of different standards when data gets converted from like one field to another or from one thing to another for some reason there might not be some sanitization I guess might not occur which could unfortunately cause something to be read as a command and then depending on how that problem manifests you like you can trivially gain access to like the root of an entire system in like really really really stupid ways. But I I don't know if that's where but I guess that's where we're getting into here.

[00:08:16]>> Doesn't sanitize semicolons coming in from the user on a git push. Well, what you can do is insert into the Xstat header a series of push options that contain semicolons. And now contents that's supposed to arrive in the Xstat header an area that contains untrusted user data now can appear outside of the Xstat header, allowing it to look like it comes authoritatively from the Babeld server. the exam.

[00:08:41]>> Oh, okay. So, like this the Babbled server that you're routing your git commands through, there's going to be like limitations on what can come from that, I guess. So, it's going to be um like you you'll run it because you know it's good because it's coming within a within a field that you're limiting the potential options from. But, I guess as part of this um HTML header, you can pass some information that's just supposed to be like a text field. So, who the [ __ ] cares what it is? But, I guess it doesn't sanitize semicolons. So I guess when it hits this next I don't know if you'd call this a micros service or whatever it's reading the semicolons and parsing them as like a new line or something and then now you can insert I guess whatever command you want. So in a field that's usually trusted by this server that's receiving it you can just run whatever and obviously this is not trusted and I guess they use it to gain access to get or whatever or GitHub out of the xstat header allowing it to look like it comes authoritatively from the babbled server. The example here is normally what you're not allowed to do is commit large blobs. this is rejected and that rejection is enabled as a true boolean. But by doing a push option injection that contains a semicolon, they can include the data large blob rejection enabled equals false. And because it is the last header that is written, it will overwrite the previous entry of the option. By overwriting these headers, they now have arbitrary header injection from a privilege standpoint. Meaning Babe will push the data to the RPC server and XTA will only contain data that's supposed to be evil, that's untrusted. But the data on the outside is also evil. But Git RPC doesn't know. And guys, real quick before we keep going, I want to talk about today's video sponsor, Code Rabbit. I know there's a lot of AI hype out there. Okay, with AI coming online every day, there are millions and millions of lines of code generated just by AI models. One really powerful thing that I think AI can do for us is automatically review the code that's generated to look for security vulnerabilities.

[00:10:27]>> Did that happen here? Code Rabbit is an AI code review tool that will look at your poll requests, reason about your code, and then make actionable recommendations about what you can do to fix issues with your code. All I have to do is provide an access token for a GitLab user that has access scoped to the projects I want it to review. And then I can go into Code Rabbit and set up a personality or a profile for how I want it to do these reviews. Here, I said I want it to create concise release notes as a bullet list. Your main goal is to find security vulnerabilities on the back end of a server. I'm telling the code reviewer specifically what I want it to review. All I have to do is actually submit the merge request. And then Code Rabbit kicks off actively running through the code, reading all the commits, and seeing exactly what changes in the PR need to be reviewed.

[00:11:05]Code Rabbit identified some serious security vulnerabilities. Looks like my intern added a new endpoint where there are security vulnerabilities. Who wrote this feature?

[00:11:14]Oh, and if you don't want to wait until a poll request to do your code review, Code Rabbit CLI tool has you covered.

[00:11:19]Code Rabbit CLI is a code review tool that uses Code Rabbit, integrates in all of your Tui apps like >> Jader, are we using this stuff? Jer, Claude, Codeex, and Gemini. With Code Rabbit CLI, you can vibe code with confidence before the slop gets out the door. The best way to help the channel out is to go try the sponsor out. Go give Code Rabbit a shot on your repos.

[00:11:36]You can use Code Rabbit for free at the URL below. Code Rabbit, thank you for sponsoring the video. Let's get back to it. Okay, so they enabled large blobs.

[00:11:42]Who cares? Well, there are other kinds of headers that can be enabled that have really weird side effects inside of the Git environment. For example, the weird world of hooks, pre-commit hooks and postcommit hooks. Now, all this testing was occurring on GitHub Enterprise Server, a local version of GitHub that you can run to do testing or to emulate the GitHub environment. This will matter here in a second. GitHub Enterprise Server supports admined custom pre-receive hooks, scripts that run before a push is accepted. Again, normal GitHub behavior on its own if it didn't have compromised headers. By reverse engineering the pre-received binary, we discovered it has two execution paths.

[00:12:17]One controlled entirely by the Rails environment field from the Xstat header, which again, by the way, they now control both of these by injecting a nonproduction Rails environment value through the Xstat header semicolon injection technique and injecting a custom hooks directory to tell the Rails environment where to look. And also by injecting a crafted hook entry that has a path traversal, they're able to use the concatenation of those two paths inside of the Rails environment to run an arbitrary binary on the system. The Rails environment is a sandbox escape.

[00:12:47]The custom hook directory tells them where to start looking for binaries and the reproceive hooks is a path traversal that walks to the top of the active server, giving them the ability to run any binary. Ultimately, >> not good.

[00:12:58]>> Allowing them to run ID as git rce through a git push. Beautiful. Glorious.

[00:13:05]Now again, they started this on a local version of GitHub enterprise server.

[00:13:08]>> When they write these things publicly, certainly they disclose to Git first and give them an opportunity to close it, right? I imagine or they must, right? Or was this an attack that happened first and then and then somebody else reverse engineered the attack or it goes through disclosure? Okay. Wait, why was Git like publishing like an apology then or whatever? Or was that for a different problem that happened before?

[00:13:28]>> They wanted to hack GitHub. They tried to push the same exploit chain to the server. Nothing worked. After some additional re, they had to find a flag that tells the server to run in enterprise mode, effectively emulating GitHub enterprise server. Now, normally there's a flag set inside of the Xstat header that prevents the user from being able to be in enterprise mode, completely removing the ability to use these custom hooks, right? These hooks that give them the control over the server. But again, this is just a flag in the Xstat header. And because of this, they're able to override that flag and give them arbitrary command execution within GitHub. Instead of running the ID program from before, they run host name. And from the output of this, they can see that they're getting command execution in their git push.

[00:14:04]Now, you may be wondering, who cares?

[00:14:06]Who cares if they get execution as git?

[00:14:07]Git's just a no permission user on the server, right? What they actually found is because of the way that git is set up, the user is able to access not just your repos on the server, but also every other repo on that server. So, because of that, if you have maybe a private repo that lives in a certain wait, hold on. Oh, no. Hold on.

[00:14:24]>> Hey, who cares if they get execution as git? Git's just a no permission user on the server, right? What they actually found is because of the way that git is set up, the user is able to access not just your repos on the server, but also every other repo on that server.

[00:14:37]>> Not just your repos, oh that you're pushing from for your project, but every repo. So every single repo on GitHub then, right? And in this case, it would be GitHub because that's the server they're compromising. But so because of that, if you have maybe a private repo that lives in a certain git server, that git user that they landed as was able to read all of the storage nodes on that device, read or write as well, completely bypassing the ability for someone to mark the repo as private and all that nonsense because Babe didn't sanitize out their semicolons, allowing any user to inject a field into the Xstat header, allowing them to over >> read and write. Overwrite privileged headers. What a world.

[00:15:14]>> Just read.

[00:15:15]>> What a world. Now, props to GitHub.

[00:15:17]Okay, GitHub did fix this vulnerability I think in 2 hours after Wiz reported it. Whiz research reached out on 34 March 4th and the rce was confirmed by them and acknowledged and fixed within the same day which is that's actually really great from a security standpoint.

[00:15:29]Love that. Now I know what you're thinking.

[00:15:31]>> Whole companies will use GitHub in private mode. Yeah, I don't know how many repos are on like the main like GitHub website. I guess I'm not sure.

[00:15:36]>> Would Rust have fixed this? Would Rust the world >> What's between Git and GitHub? Well, Git is the thing and hub is where the gits are stored. GitHub, it's the hub for gits. What's between porn and Pornhub, dumbass?

[00:15:48]>> Most secure programming language with no vulnerabilities ever have fixed this bug. Rust, the world's most secure programming language with no vulnerabilities ever have fixes bug. No, not at all. This is this has nothing to do with memory corruption. This is not a race condition. This has nothing to do with the race conditions. Now, seriously, >> problems that Rust claims to fix. This is literally just because there is no sanitization in the way that this is parsed. So, >> Rugal, he said before it was only read.

[00:16:14]Basically, the application runs at a high enough privilege to read and write any use git repo. Are you sure if it was writing as well? It sounded like you only said read earlier, but babbled babbled babbled pushes headers into another header, but because of the way that they're delimited, you're able to arbitrarily put data into that same location and it will appear as authoritative data to the person who gets it down the line. And then on top of that, we have these privilege fields that can be taken advantage of because the data that's received into them is thought to be authoritative. He said read and write earlier. Oh, did he? I only heard read my >> ought to be done by the server, not by the user. A classic case of assumptions separately are great on their own, but when combined and exploited by >> Okay, Uni says read. I trust Uni, although Rugle has the linking trusted flare. So, >> one minor bug, the whole system comes crashing down. But again, fixed within the same day, which is a great a great thing for the world. Anyway, guys, that's it for now. Thanks for watching.

[00:17:07]I appreciate it. If you like this kind of stuff, do me a favor, let me know in the comments below. Hit subscribe and then go check out this other video about a similar bug that I think you will also enjoy. We'll see you over there.

[00:17:16]>> Wait, quick Valkyrie.

[00:17:17]>> Oh god, what? This is >> torture. This one.

[00:17:21]>> Are you thinking about, you know, how young is someone to collab with? You know what I mean?

[00:17:32]Um, Jana wanted to play games with me and she's 19 and I was like, even though she's a woman, it feels [laughter] appropriate. You know what I mean? You're 25 teen.

[00:17:48][laughter] Yeah, maybe. Yeah. Okay, maybe that's that's old enough. Is How old is Ari for reals? Yeah, Jana's 19. She's she's a beautiful baby angel that can sing and is gorgeous and she she's been wanting to play games. And I was like, man, I just don't know how to like maybe if it's like a group thing. And I'm like, what kind of game?

[00:18:20]I don't know.

[00:18:23]I don't know. I just I genuinely feel too old. Like seriously, Ben the Dawn is 40 and always collabs with Jana.

[00:18:35]Um I mean I'm not sure who that is, but is that weird? [laughter] Uh no. Oh, he's a comedian.

[00:18:52]I don't [laughter] know.

[00:18:55]Anyways, so yeah, I'm trying to figure out like what's what's appropriate for like collabs.

[00:19:02]>> Do you know why? I know why.

[00:19:04]>> I don't I I genuinely don't. It makes no sense to me.

[00:19:08]>> It's because she's insecure over her age.

[00:19:11]>> So, she doesn't want to be next to a young girl. 100 billion%. Yes.

[00:19:15]>> She doesn't want to stream next to a 19-year-old because any comment in chat's going to [ __ ] destroy her [ __ ] brain. Yeah, >> cuz she's pushing 40 or 30. I think she's 30 or older. I don't remember, but I remember >> there was that one thing where um when they were playing Amos or whatever.

[00:19:30]>> Yeah.

[00:19:30]>> And somebody mentioned her age and it was like a it was a pretty big thing.

[00:19:33]>> She started crying. Yeah.

[00:19:34]>> I don't know if she cried, but it was Yeah. Or she might have maybe. I don't remember. Yeah, >> I think she cried. It was like maybe on a different stream, but yeah, she there was a cry.

[00:19:42]>> Did she play with um with [clears throat] that Jason the guy or whatever?

[00:19:46]>> Not sure.

[00:19:46]>> Isn't that dude like 15 or something? Am I making that up?

[00:19:48]>> Rai is like the 15-year-old. I think Jason the Wii's like 20s.

[00:19:51]>> He's like 21. Okay. I don't know. [ __ ] I don't keep up with the the youngans.

[00:19:55]He's not a teen. Wait, follow-ups.

[00:19:59]>> A beautiful baby angel that can sing and is gorgeous and she she's been >> also there's oh no. There's so many crazy [ __ ] dynamics here that like just are not men don't ever think about these because we don't ever deal with this [ __ ] But if you are if you are a 20-year-old woman, your number one adversary, your number one op at the workplace is always another woman over 30. Okay? For reasons that are just so retardedly gender dynamics related and crazy [ __ ] This is like even if it sounds like comments that are nice or whatever, like, oh no, no, she's like so sweet and cute or whatever. Oh man, >> can sing and is gorgeous and she she's been wanting to play games and I was like Man, I just don't know how to >> just say no. [laughter] It's okay to just say no, guys. I'm not going to be offended. If you don't feel comfortable with the collab, just say no. Cool. But yeah, I appreciate it, though.

[00:21:03]>> But I don't think N I collab with so many different people of all ages.

[00:21:06]>> Yeah.

[00:21:07]>> Yeah.

[00:21:08]>> He's just having fun.

[00:21:10]>> Yeah. I'm just having fun.

[00:21:11]>> I I understand both sides.

[00:21:13]>> Both sides.

[00:21:14]>> How?

[00:21:15]>> How? What?

[00:21:16]>> Yeah. How does he understand both sides?

[00:21:18]>> Well, because from a guy's perspective, it can kind of sort of make sense. Like, oh, I guess maybe it would be weird to collab with somebody like super young or whatever, I guess, if you're like worried about being called a pedophile or something. But that would never that's never happened to like a girl content creator.

[00:21:30]>> No, ever.

[00:21:31]>> So, it's like Yeah. So, Valkyrie is hardcore trying to I guess trying to lean into that virtue or whatever, but it's 100% she just doesn't want to collab with the with a much much younger woman because it'll >> Yeah, I didn't think of it like that, but no, that that does make sense. Yeah.

[00:21:44]>> Sure. Jana is a precious, talented, beautiful angel that must be protected at all costs. And I'm excited to collab with her, you freaks. Yeah. I don't know. This whole thing is insanely [ __ ] cringe. I don't know why. I don't know why she would I don't She just shouldn't mention any of it publicly. I don't know why she would just even talk about this. I don't know.

[00:22:00]>> She's a return.

[00:22:00]>> True.

[00:22:01]>> Like Shrimp.

[00:22:02]>> Did you see? You were right about why Valkyrie doesn't do her collabs. Well, I'm right about everything. So, but no, I didn't. Hold on. the main point that happened this past week. So, obviously, >> I've admittedly I it's nothing I I never want to admit this, but I it really affected me over the years. Like, all the hate, all of the, you know, like, oh, you're too old for this. You you suck, you know, start a family. It actually did get to me, admittedly.

[00:22:27]>> Well, that's so sad.

[00:22:28]>> Yeah, it [ __ ] me up. Even though I don't want it to, it has, you know, cuz I start thinking like, you're right.

[00:22:35]What am I doing? And it's like, oh man, like this is like my career.

[00:22:39]>> Wait, how many [ __ ] podcasts does Lily have? Is this the same one or is this Valkyy's podcast or >> here? Like I'm having this. You have I like this.

[00:22:46]>> And so I realized, especially in the past few years, cuz I'm 34 now, I've tried to avoid situations where age might becomes the topic. Um, and so for example, I was supposed to do a collab, a collab with your age, and it was supposed to be I stream one, but I ended up I asked I was like, "Can we do like a gaming thing with a group? Do it in a group." And so we were uh we did Mario Party with extra Emily and Leslie and it was really fun. It was awesome. It was fun. I was also supposed to go to the Philippines with Jason Ween and it was like a one-on-one thing and I realized I was like, man, I I just like don't want IRL stream. Like I actually just want to stay home and be comfortable. So I ended up canceling.

[00:23:09]>> Holy [ __ ] I mind read all these people, okay? I'm in everybody's mind. I'm in everybody's brain, okay?

[00:23:15]>> Not and also the scheduling didn't work out anyways, but um and then there's this beautiful 19-year-old just incredible creator. She can sing, gorgeous. Her name is Yana. And we've been talking for a while about collabing. I didn't want to do an IRL stream, but I also wanted to like plan something that'd be appropriate. And the way I worded it on stream, it came off as if I didn't want to collab with her because she was 19, which is just simply not true. We were planning things. I think that she's so talented. I want to be someone that younger streamers can look up to and that I can help raise up.

[00:23:38]Oh god, I wish I'm just a poorly spoken person. That's a lot of [ __ ] trauma.

[00:23:41]And I feel like I'm also too open for my own good, honestly. [music] But yeah, but at the end of the day, I I realized I think I've been putting it off so long because I don't want to admit that I had a problem. Like I don't want I didn't want to leave Twitter because I didn't want them to win like push me off. You know what I mean? Which is really stupid at the end of the day because like it really is just a small bubble. It's like the worst people in the world >> bubble and their entire thing is to click farm and pokey and etc. >> Yeah. So, I was like, you know what? I'm going to get a therapist. I've got one.

[00:24:00]I'm going to actually get off Twitter. I need to stop explaining myself and I'm just going to freaking show love to people that deserve it. I know I've said this before. [laughter] I relapse sometimes, but yeah, like I it's [ __ ] up. [sighs] >> I know that like it's easy for me to say this and it's a bit of a selfish request, I guess, but like Well, no, because I do this. I I wish that people could like take a hit to kind of move things a little bit different culturally, you know, like there is a lot of pressure on women related to age.

[00:24:27]There's a lot of pressure for them to look and act younger, but like you could just buck that trend a bit. Like you will get hate for it obviously and it will be annoying to deal with, but like you also signal to the world that it's okay to, you know, have a podcast or stream or be an older woman and it's not like the end of the world or whatever, you know. But when you do stuff like this, when you let people bully you around so much, um you kind of whether you whether you want to or not, you're kind of reinforcing those trends, which is unfortunate, but yeah.

[00:24:56]>> What do you mean? Like you're giving them power by letting >> not giving them power, but you're asserting you're you're So when you support the status quo or when you adhere to the status quo, in a way you support the status quo. So, if you're nervous about appearing on stream, you know, without as much makeup or with a younger person cuz people are going to make fun of your age, in a way, you're reinforcing that idea of like, yeah, like the age is really important, you know? [clears throat] >> Yeah. I mean, that makes sense to me, but she's also like insecure about it.

[00:25:20]So, >> well, every Yeah. I mean, kind of. She's kind of insecure about it. Kind of, but she's also kind of right about it as well. Like, people do judge women much much much more harshly on age. So, like Yeah. So, you can say that like I don't know. Like would you say >> no one cares how old Dr. D disrespect is?

[00:25:37]>> Yeah, kind of. I just don't know. Like um let's say that a whole bunch of people were going to the beach and there was a guy who was like 300 lb and he didn't want to go shirtless because he thought everybody would make fun of him for being really fat. Like would you say that guy is like insecure?

[00:25:51]>> Would I say he's insecure?

[00:25:53]>> Because I feel like when we say insecure I feel like there is a heavy connotation of insecurity as being at least partially unjustified.

[00:26:03]So, like if somebody has like like um when you think of like imposttor syndrome or whatever, like oh like this person showed up at this party and they're insecure about the way they look, but they look fine, you know? Like I feel like that's a common followup. I feel like insecurity usually implies some level of um delusion or some level of like not accurately assessing where the person is. Not like 100%, but I feel like to >> I hear what you're saying, but I think if a fat guy was at the at a beach where without a shirt, I I think he would feel insecure. I think that would be the right word. What if the feeling is just that like cuz what if the guy's like, "Oh, I just don't really want people like um talking about my body, so I'm just going to wear a shirt."

[00:26:38]>> Uh >> like like take take >> I don't think I would call that insecure.

[00:26:42]>> Yeah. Yeah. Take people like two people the same way. One guy's like, "I'm really worried that if I go shirtless, people are going to make fun of the way that I look, so I think I'm just going to wear a shirt." You've got that insecure to me.

[00:26:50]>> Yeah. And then the other guy is like, "I don't really want um I just don't want people talking about my body. I'm just going to wear a shirt so people don't look at it."

[00:26:55]>> Yeah. I I agree. I wouldn't call that insecurity. I would call that something else, but I don't know what the word is off the top of my dome. Yeah, >> I would call that um >> it's still insecure because realistically no one gives a [ __ ] about the fat dude at the beach. He's scared about a social reaction that won't happen. I mean that well sure whatever.

[00:27:10]It depends on the situation, but I would say that's like [ __ ] anxiety.

[00:27:14]>> Um well I mean yeah you could use other words to describe it as well but >> yeah no I I understand what you're saying though.

[00:27:20]>> The reasoning might be rooted in insecurity though. No, I don't know. I just I feel like I feel like insecure implies some level of not good engagement with the world rather than like I don't know. I feel like there is a slight connotation with that. Like if I knew there was like a room full of girls and all of these girls were like I'm only going to date a guy that's 6 feet tall. I'm like I'm not going to bother not going to bother talking to these people cuz they clearly like I'm not tall enough for these people. Like what I consider that like an insecurity.

[00:27:45]>> So you're just being realistic.

[00:27:46][laughter] >> Yeah. Well, no. No. Yeah. Exactly. Yeah.

[00:27:48]Realistic. Right. So when Valkyrie says like, "Well, if I do a stream with like a younger girl, it's it's going to be a whole bunch of comments about age and all this bullshit." Like, that's realistic. There will be >> realistic. There will be. Yeah.

[00:27:57]>> Yeah.

[00:27:58]>> I mean, yeah, I understand that.

[00:27:59]>> Yeah. I don't know. If lookism is real, then 1,000% people give a [ __ ] about other people's bodies. All clicular is at least 20% right.

[00:28:07]>> I got a question.

[00:28:08]>> Oh boy.

[00:28:08]>> And this is going to make a lot of people mad. Hate thread. Why are men such [ __ ] [ __ ] man, when it comes to uh talking about like male issues? I feel like men are always like, "Oh my god, like we're being attacked." I I saw you had like a subreddit thing this morning cuz you said like you hate men or whatever. And there were just like a bunch of people on there [ __ ] crying.

[00:28:29]Want that on my subreddit? I >> think so. Yeah.

[00:28:31]>> Removed by moderator. This community should push for Destiny to stop talking about male issues considering he straight up admitted to hating slash being biased against men. And he only says I hate women as an ironic lol joke.

[00:28:43]Okay, King. He hates men and women equally.

[00:28:48]Wow. True bisexual energy. Thank you.

[00:28:50]It's a bit different. The dynamic is a little bit harder making fun of an outroup versus an in-group. Like >> I think if I was on a podcast with like nine women, I think I would a little bit more seriously lean into the hate women thing maybe and not as much into the hate men thing. But if I'm in a group of like 90% men, I'm probably like it's very easy to like hate to say like ah [ __ ] women and we're all like hell yeah. Like that can snowball very very very very quickly.

[00:29:13]>> What were you even saying? What what what what spurred the thread?

[00:29:17]>> I don't know. I probably said I [ __ ] hate men. We're probably talking about rapist or something.

[00:29:21]But I hate women too. just not as vocally cuz this is a community like 90% men.

[00:29:28]I think one of the big issues and I'm sure [ __ ] Andrea Dwarkin or whatever the [ __ ] or some feminist writer has probably written a billion times more on this is that the way that the way that gender issues are framed.

[00:29:41][ __ ] this is just going to sound really biased. I do have a I do have a bias against men right now. I will be honest.

[00:29:46]Okay, I'm sorry that is honest. I'm honestly saying it. But it feels like historically the way that women frame um gender issues is that women want to achieve some kind of like rights parody with men. Um so like access to voting and stuff like that, which I don't think necessarily implies taking something from men, but it feels like the way that men frame sexual dynamics, it's almost always in like a win-loss situation. I especially think about that in terms of sexual dynamics. [ __ ] versus getting [ __ ] The master key versus the broken lock. Um the body count. Men [ __ ] a lot because they're, you know, amazing and accomplished. And women [ __ ] a lot because they're desperate [ __ ] >> Um when I when I when men frame gender issues, it feels like when they talk about women women gaining ground, they it feels like they themselves are losing something constantly. And so it's always kind of this threatened um like reactive defensive posture. Uh and yeah, and I feel like it kind of carries over to those conversations sometimes. But that's that there's like a whole line of [ __ ] that goes down that road of things.

[00:30:53]I don't necessarily think it's like I would never blame an individual man for it. This is like the whole patriarchy hurts everybody, but like like all of our stuff society has been framed like from a male perspective for a long time.

[00:31:06]Like even women, a lot of women I think without even realizing it, frame things from a male perspective a lot. But it is what it is. Such is life.

[00:31:17]Okay.

[00:31:18]>> It is what it is.

[00:31:20]>> Oh, sorry. Cuz you asked, "Why are men such [ __ ] sometimes?" I think they because the only way that men know how to talk about these issues is from that perspective. It kind of almost always feels like you're losing something when other people are gaining ground. So that I think that's where the feeling comes from. And then >> I would understand men getting mad if a woman was talking about this, but I don't understand why a man would get mad when another man is basically saying like, "Oh, I hate men." Blah, blah, blah.

[00:31:49]>> Well, because it feels like it feels like a pick me. It like it's that same feeling kind of of like, "Oh, this guy's throwing other men under the bus in order to get in with women or whatever."

[00:31:57]Would be the feeling, right? Or like an Uncle Tom. I I guess that actually is a that's a that's a reason that I could see someone getting upset by it. Yeah.

[00:32:03]>> Mhm.

[00:32:04]>> New topic. Shut the [ __ ] up, [ __ ] >> New topic.

[00:32:09]>> Gotcha. Triggered ass man. He got you hard.