The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,977 other subscribers

Having cancer is not a fight or a battle, it is about having luck or misfortune

Posted by jpluimers on 2021/12/10

It has been a while after my last post about me having cancer. No, I am not giving up. But I am having the regular fear of the upcoming checks: did the metastases return, or do I have the luck to outlive some 30% of my peer group.

The last metastases surgery has been slightly more than a year ago. A year from now, that percentage hopefully will be 50% and slowly increase over time until about 90% in some 9 years from now.

At year’s end, I will know for sure.

Below are some links on, mostly Dutch but with English abstract, articles about the mental side of having cancer, or having survived it for now.

Read the rest of this entry »

Posted in About, Cancer, LifeHacker, Personal, Power User, Rectum cancer | Leave a Comment »

The biggest lie I tell myself is not about new years resolutions.

Posted by jpluimers on 2019/01/01

The biggest lie I tell myself is “I don’t need to write that down, I’ll remember it”

It’s likely older, but the oldest reference I could find was 2012 [WayBack].

So before I forget:

Happy New Year everyone!

With the above quote, it is no coincidence I started my blog even earlier (in 2009): it’s my off-line memory, way better readable than my hand-writing and indexed by various search engines.

Read the rest of this entry »

Posted in About, LifeHacker, Personal, Power User | Leave a Comment »

Large (hundreds) CVE-2021-21974 ESXi VMware based ESXiArgs (Nevada?) ransomware attacks

Posted by jpluimers on 2023/02/04 results for query html:"We hacked your company successfully" title:"How to Restore Your Files"[Wayback/Archive] Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware.
Tracked as CVE-2021-21974, the security flaw is caused by a heap overflow issue in the OpenSLP service that can be exploited by unauthenticated threat actors in low-complexity attacks.
“As current investigations, these attack campaigns appear to be exploiting the vulnerability CVE-2021-21974, for which a patch has been available since 23 February 2021,” CERT-FR said.
“The systems currently targeted would be ESXi hypervisors in version 6.x and prior to 6.7.”
To block incoming attacks, admins have to disable the vulnerable Service Location Protocol (SLP) service on ESXi hypervisors that haven’t yet been updated.
CERT-FR strongly recommends applying the patch as soon as possible but adds that systems left unpatched should also be scanned to look for signs of compromise.
CVE-2021-21974 affects the following systems:
  • ESXi versions 7.x prior to ESXi70U1c-17325551
  • ESXi versions 6.7.x prior to ESXi670-202102401-SG
  • ESXi versions 6.5.x prior to ESXi650-202102101-SG

[Wayback/Archive] Esxi Ransomware Help and Support Topic (ESXiArgs / .args extension) – Page 2 – Ransomware Help & Tech Support (there are now 4 pages, most victims OVH, likely many more pages to follow)

[Wayback/Archive] How to Disable/Enable the SLP Service on VMware ESXi (76372)

[Wayback/Archive] html:”We hacked your company successfully” title:”How to Restore Your Files” – Shodan Search which resulted in the above image (I tweeted it at [Wayback/Archive] Jeroen Wiert Pluimers on Twitter: “@vmiss33”)

Commands used in [Wayback/Archive] Jeroen Wiert Pluimers on Twitter: “@vmiss33 I did forget to disable SLP on a patched system, but doing that is easy as per

/etc/init.d/slpd status
/etc/init.d/slpd stop
esxcli system slp stats get
esxcli network firewall ruleset set -r CIMSLP -e 0
chkconfig slpd off
chkconfig --list | grep slpd

More links to follow, but I’m away from keyboard for most of the day.


Read the rest of this entry »

Posted in ESXi6, ESXi6.5, ESXi6.7, Power User, Ransomware, Security, Virtualization, VMware, VMware ESXi | Leave a Comment »

Lii-500 Charger, and review

Posted by jpluimers on 2023/02/03

Via [Wayback/Archive] Jilles🏳️‍🌈 on Twitter: “Recycling old laptop batteries ” / Twitter, I ended up at this great in depth review [Wayback/Archive] Review of Charger LiitoKala Engineer Lii-500, including graphs of behaviour with various battery types and counts.

The site has many other reviews. Not just about [Wayback/Archive] Batteries and chargers (and a great overview at [Wayback/Archive] Round cell charger index). The main page is named [Wayback/Archive] Flashlight information, but shows links to lists of articles about batteries, chargers, multimeters, flashlights, projects and more.

So this is my list of things to try: [Wayback/Archive] Lii-500 Charger:

Read the rest of this entry »

Posted in Batteries, Li-Ion, LifeHacker, Power User | Leave a Comment »

If you can read German and ever need to explain number or set theory to your kids, use this thread by isotopp…

Posted by jpluimers on 2023/02/02

Long thread at [] Kristian Köhntopp on Twitter: “Tage im Lockdown. Heute, Diskussion mit der Frau (die das gerade dem Kind erklärt) über Brüche vs irrationale Zahlen (also keine Brüche). Wir enden bei Zahlentheorie, …”

I expanded it using [Wayback] Thread by @isotopp on Thread Reader App – Thread Reader App:

Tage im Lockdown. Heute, Diskussion mit der Frau (die das gerade dem Kind erklärt) über Brüche vs irrationale Zahlen (also keine Brüche).

Wir enden bei Zahlentheorie, … 

… und Mengenlehre. Wir machen gerade Bruchrechnung, also ℚ, und ich hatte versucht zu erklären, daß ℚ[0,1[, ℚ und ℤ nur Cosplay von ℕ sind.

Richtig ätzend ist nur ℝ, oder genauer ℝ\ℚ, also 𝕀. 

Das Ergebnis war eine Tour von Zahlentheorie (“Hier ist die leere Menge, wir machen uns ℕ = {}, {{}}, {{}, {{}}}, … durch Generierung unterscheidbarer Elemente und Bestimmung der Mächtigkeit, dann erfinden wir die Addition, dann bekommen wir … 

… kostenlos Assziativität, Kommutativität, dann erfinden wir Kettenadditionen und Multiplikation und bekommen Distributivität.

Dann erfinden wir Umkehroperationen und weil wir Algebren wollen, muß ℕ zu ℤ werden. Ist das schlimm? Nein, wir können ℕ auf ℤ abbilden. 

Ist das schlimm? Nein, es ist eine Bijektion, also sind es dieselbe Menge, ℤ ist ein Cosplay von ℕ.

Dasselbe kriegen wir mit der Umkehrung der Multiplikation, der Division, und den Brüchen, und ℚ und…

ℚ ist also auch ein Cosplay von ℕ. 

So weit war alles einfach erklärbar, auch wenn das bei mir schon 30 Jahre her ist. Aber dann kommen wir darauf, daß ℚ[0,1[ und ℚ gleich mächtig sind, und das wird zunächst mal intuitiv abgelehnt. 

Offen sind noch 𐡀-Null mächtiger als 𐡀-Eins, und daß es mehr irrationale als rationale Zahlen gibt, und….

Und ich kann diese Beweise nicht mehr aus dem Stand…

Jetzt habe ich die Aufgabe, das als verständliche Erklärung vorzubereiten. 

Eigentlich ist das alles total schön, weil die ganze Mathematik aus der leeren Menge, und dem Willen eine Algebra zu haben (also weiter rechnen zu können) zu folgern ist.

Aber manchmal ist Geekhaushalt auch anstrengend…


Posted in Development, LifeHacker, Mathematics, Power User, science, Software Development | Leave a Comment »

Facebook id numbers

Posted by jpluimers on 2023/02/01

Shortly after one of the many Facebook breaches, Miko from F-Secure posted this:

Mark Zuckerberg’s own data is in the Facebook leak. His Facebook ID number is 4.

There are no user IDs 0-3.

The only other single-digit user IDs in the leak seem to be:

  • ID 5: Chris Hughes
  • ID 6: Dustin Moskovitz

Other early facebook users include:

  • ID 11 Soleio Soleio
  • ID 27 Colin Kelly
  • ID 74 Daniel Mejia
  • ID 86 Jason Wen
  • ID 87 Emily Hurd
  • ID 102 Alex Lee
  • ID 104 Amy Ng
  • ID 139 Jeff Winer
  • ID 158 Teresa Grado
  • ID 185 Zach Seward
  • ID 210 Adam Levine
  • ID 287 Peter Buttigieg

And yes, they all have a phone number listed in the leak. That includes Mr. Zuckerberg.

Also, the Winklevoss brothers are not in the leak. (Source: [Wayback/Archive]

I wonder how you would get the Facebook ID of an account (for instance your own account).


PS: Since Threader died after writing this post, the above thread is now at WayBack: ThreadReaderApp, Archive: ThreadReaderApp, ThreadReaderApp, and [Archive] Twitter.

Read the rest of this entry »

Posted in Facebook, SocialMedia | Leave a Comment »

Does it still hold: “Never keep anything important on AWS in US-EAST-1”?

Posted by jpluimers on 2023/01/31

Reminder to self to check if this still holds: [Archive] Varun Krishnan on Twitter: “Never keep anything important on AWS in US-EAST-1” / Twitter

Slightly more than a year ago, the Amawon Web Services region US-EAST-1 collapsed with world-wide downtime consequences for many AWS services. It took some 8 hours to recover most of the services.

Before that, it was plagued with outages, maybe because it was their first ever region:

The outage was covered many times. I have included this El Reg link, as I like their tone of voice: [Wayback/Archive] AWS technical woes in US East region cause widespread outage • The Register.

Basically, any cloud stack is founded on these three layers:

  • Storage (S3 or Simple Storage Service in AWS speak)
  • Compute (EC2 or Elastic Compute Cloud in AWS speak)
  • Authentication and Authorisation (IAM or Identity and Access Management in AWS speak)

On top of that, any other services are implemented. And for Amazon Web Services, many of these have become available over the last two decades.

Indeed Anders Borum was right in his tweet: US-EAST-1 is the first ever AWS EC2 region and started in 2006, more than 15 years ago. It is also the region with the largest capacity. Likely both play a role in US-EAST-1 being part or initiating factor in many of the major AWS outages. If you look in all AWS outages, US-EAST-1 plays a role in most if not all outages since 2017,

So for now, if hosting at AWS, I would host outside of US-EAST-1.

Depending on the kind of application and money involved, I would consider hosting in multiple regions, and if a truckload of money was involved: hosting on multiple clouds.

I fully agree with [Archive] Gergely Orosz on Twitter: “If you were impacted by the recent AWS outage, the decision to invest in multi-cloud / multi-datacenter is simple: How much did this outage cost you vs the cost of adding a (lot) more complexity & maintenance with multi-cloud/DC? If outage cost >> this, only then do it.” / Twitter

Some more insight on multi-cloud hosting is via [Archive] Redmond on Twitter: “New feature from @jdanton: A full post-mortem from AWS is still to come, but in the meantime, IT pros should start bolstering their cloud disaster recovery strategies now — before the next outage.” / Twitter at [Wayback/Archive] AWS Outage Fallout: What Lessons You Should Learn —

Is It Time to Go Multicloud?

No. Well…if you are running a major property with a big customer-facing presence, it can be a good strategy to have static Web and app content hosted in a second cloud. In the case of an outage like yesterday’s, you’d have the option to direct traffic to the static presence, which can supply some level of experience for your users.

A good example of how this approach can be useful is an outage dashboard. Whenever a cloud provider has an outage, they are notoriously bad at properly reporting ongoing status. This is because they have hosted their dashboards in their own clouds using their own APIs — and when these APIs go down, they take the monitoring with them. Using DNS, you can quickly redirect traffic to this static site, where your engineers can update the page with status updates.



Read the rest of this entry »

Posted in AWS Amazon Web Services, Cloud, Cloud Development, Deployment, Development, DevOps, Infrastructure, Power User, Software Development | Leave a Comment »

%d bloggers like this: