Tuesday, June 21, 2022

A new algorithm

I'm thinking that it's time to get off of Google services. I just received a number of emails from Google, announcing that five of my posts (from as far back as 2004) have been unpublished because they were related to malware and viruses. The titles of those posts:

  • More VI Tips - this was just a pointer to someone else's web site, which no longer exists
  • Sendmail compiling for the no-server crowd - explains what you need to edit before compiling the sendmail.conf file
  • Google - this was basic research on someone who was spamming my comment section
  • Google Maps - provided links to sites that explained how to add annotations to Google Maps
  • Building honeyd - discussed some of the problems that I'd experienced while attemtping to compile a honeypot (a defensive tool)

The short version: none of these posts discussed malware or viruses. If these flags were implemented manually, HR needs to take a look at the resume of whomever flagged these posts. If it was an algorithm (more likely), Google needs to disable that algorithm and review the logic employed in it.

I don't know about anything nowadays, but we learned in the early 00's that keyword searches have a high false positive rate. My favorite example: blocking the Virginia educational system because the url has "virgin" in it (yeah, that was a $17B project that did that).

In short, I'll fight this once. The more likely event will be that I move the blog off of Google and onto a less buggy platform.

Sunday, March 20, 2022

XP-Pen Artist 12 2nd Gen

Managed to get an XP-Pen Artist 12 second generation tablet working under Linux. The vendor's driver installation was straight-forward and easy. The hard part was figuring out how to mirror a display to the tablet (hint: it involves xrandr). Will post the notes in Github shortly.

I'm now working on improving my Kubernetes skills by migrating my library of Docker containers to Minikube. Topics I'm working on at the moment include: loadleveilers and ingress tools, along with networking. Goal is to have the school range's containers similarly converted by the end of the Summer. Current architecture involves some home-grown orchestration using Bash, Perl, and OpenVSwitch.

Sunday, September 5, 2021

Gofang Prophecy (PRO-Matrix44-SC) controls

Picked up a second-hand Gofanco Prophecy (PRO-Matrix44-SC) HDMI matrix (4 in/4 out, with Ethernet). Fired up Burp and figured out how to manage it with curl POST statements.

Syntax amounts to:

    curl -d "COMMAND" -s -X POST http:///inform.cgi

Where COMMAND is one of:

  • poweron - which turns the matrix on
  • poweroff - which turns the matrix off
  • outX=Y - which switches output X (1-4) to input Y (1-4)

Apparently, the matrix has a controller which keeps on listening, even when the matrix is disabled. This is a nice to have feature as it allows for the network-based power-on.

For now, the matrix is a bit of overkill, since I typically run just the server and the laptop, but it's nice to swap out what is displaying on which of two display. It does give root to expand.

I also picked up a couple 4-button keyboards from Amazon that I'll mix in, to provide management of each monitor's display via the above curl commands.

The matrix supposedly also has an Alexa interface. That's for later experimentation, I think.

Thursday, September 2, 2021

Modify any web page before printing it

It's the little things that have the greatest impact...

I keep an archive of PDF-ified web pages that I find valuable. They're searchable because I use Recoll to index them, along with the web-ui front-end.

The below makes cleaning up a web page easy, so that it can be saved to PDF.

Create a bookmark and enter the following in the URL field:

    javascript:document.body.contentEditable = 'true'; document.designMode='on'; void 0

When you have that, go to the web page that you want to save, click on the above bookmark and modify the page as you would in a word processor or text editor. You can then call up the browser's print function and save the page as a PDF.

Saturday, August 7, 2021

Fixing wlan interface name after using airmon-ng

One for the students' notebooks...

If you have an interface named (as an example) "wlan16" and you attach airmon-ng to it, then exit ungracefully (e.g., via ctrl-c), you probably notice that you now have an interface named "wlan16mon". The repair is quite easy.

1) Use iwconfig to check that the interace is still in monitor mode.

    iwconfig wlan16mon
If it isn't in monitor mode (e.g., you've been messing with it and changed the mode), return it to monitor mode via:
    ifconfig wlan16mon down
    iwconfig wlan16mon mode monitor

2) Use the following airmon-ng to stop the interface and return the name to normal.

    airmon-ng stop wlan16mon

3) Check the interface


Friday, September 25, 2020

CircleID shilling others' stuff?

It's been years since I've posted one of my opiniion pieces, but this one annoyed me enough to write about it. On 22 September, CircleID posted "100K+ List of Disposable Email Domains Under Security Analysis". I dislike the post as it is (in a technical sense) a poorly written/researched piece. A more accurate title would use "Marketing" instead of "Security".

Issues that I have with the "article" follow. Note: I use "article" in place of "ad" because, as an advertisement, the "article" is even more of a disappointment.

1) CircleID notes that it's a sponsored post. This means that someone is trying to sell/promote something. A minor bit of research will reveal that the "author" of the article is willing to sell you access to their list. I originally subscribed to CircleID's RSS feed because they posted about some of the ICANN level politics and issues relating to management of DNS domains. I've now moved CircleID to my "probationary" list.

2) There's no personal attribution for the article (unless someone legally changed their name to "WhoisXML API").

3) The article avoids discussing the benefits of using disposable email. Not everyone considers becoming a "key email marketing metric" a goal in life. Most consider "key email metrics" as an "unwanted commodity" (i.e., being added to marketing lists that are sold and resold). Notice that I'm being nice here and not using the pronoun made famous by Monty Python?

4) There is an unsupported claim that email security solutions can further be strenghtened by filtering out disposable email solutions. This is true only if you consider "key email marketing metrics" as having value. Legitimate email domains aren't immune to email blackholes. Example: someone going to a conference might give out a "temporary email address" (in their corporate domain) that ceases to exist a few weeks after the conference closes. Justification: avoidance of extended bouts of unwanted emails.

5) The list of categories that "stood out" seems a bit selective, in that ignores the primary use case for disposable email addresses. In short, they're disposable (i.e., it's used for one specific purpose and is allowed to expire). This ignored category is used to:

  • acquire vendor's marketing fluff without becoming a "key email marketing metric"
  • acquire other information without becoming a "key email marketging metric"
  • enter in-person contests for $5 coffee mugs or sticker sets without becoming a "key email marketing metric"
  • fill out "surveys" without becoming a "key email marketing metric"
  • acquisition of other low value offerings, without becoming a "key email marketing metric"

Do you sense a common theme here? I do.

6) The hidden author's math is extremely weak. From the article: "We analyzed one such a list which, as of 31 July 2020, contained 109,352 disposable email domains. This is enough to create millions of throwaway email addresses."

Given a single email domain, over a million email addresses can be generated from a four character username limitation (a-z and 0-9, with omission of any special characters). If you do the math (36 x 36 x 36 x 36) it comes to 1,679,616 "words" that you can put on the left-hand side of the "@".

Using that same 4-character limitation on the "researched" 109,352 suspect domains, the math allows you to generate 183,669,368,832 (almost 2e+11) email accounts. That's just a little bit more that "millions of throwaway email addresses".

Bumping the username side of the email address to 6 characters results in over 2e+14 email addresses (more accurately in the 238,035,500,000,000 ballpark). Imagine what you can do with 12 or 16 character usernames!

7) WhoisXMLAPI's pricing appears a bit steep, too. For just my email adddress (a single user account in a single domain), on 23 September, I received 11 emails that the system deemed "unsolicited" and another 22 for which I wish I'd used a disposable email address. If you consider that "normal" and expand it out to a 30-day month, that's 990 undesired emails, 660 of which I have to delete manually. WhoisXMLAPI's "free" service has an upper limit of 500 queries. The next tier up allows for 2000 queries per month, at a $15/month rate. If I have two employees, that bumps me into the next tier, at $30/month.

If the query resuls are delivered via a DNS-based service, this is extremely expensive (2000 queries per month for $15?). If they're reselling information that is free, elsewhere on the Internet (SORBS, Spamcop, etc.), I have more reasons to dislike them.

I don't like their pricing plan either. They have you buy credits, which you can use in a single month. I you don't use the credits, they expire and you no longer have them. It's not their fault if you overestimate your spam load for the coming month. While this minimizes their need for customer interaction, it maximizes yours (if you worry about costs). A simple metering system would be more customer friendly.

I'd much rather worry about my own domain ending up on an email blacklist. For that, I can perform the RBL lookups myself (with a bit of code), perform those same lookups via a free web site (e.g., DNSWatch), or have someone monitor my domain (e.g., MXToolBox), all for free.

Overall, I think the article was aimed at the non-technical CIO, CSO, or CTO (yes, they do exist). The primary sales tactic seems to be the old-standby: be afraid, be very afraid. It's a bit disappointing that CircleID is promoting this stuff vice their own articles, many of which caused me to subscribe to their RSS feed years ago.

Tuesday, September 15, 2020

TT-RSS scrollbars

I like the night theme in TT-RSS. However, the width of the scrollbars are very thin. Attempting to use them are exceedingly annoying. Such is easily rectified.

The file to edit is tt-rss/themes/night.css. There are two entries that modify the width of the various scrollbars. Search for "scrollbar" and look for "width". The default width is 4px. Set it to something between 8 and 12 pixels, then refresh the web page.