The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for December 4th, 2018

Update NOW! CVE-2018-1002105, with root access. ​Kubernetes’ first major security hole discovered | ZDNet

Posted by jpluimers on 2018/12/04

From [WayBack] ​Kubernetes’ first major security hole discovered | ZDNet in reverse order:

Fortunately, there is a fix, but some of you aren’t going to like it. You must upgrade Kubernetes. Now. Specifically, there are patched version of Kubernetes [WayBackv1.10.11,  [WayBack] v1.11.5, [WayBackv1.12.3, and [WayBackv1.13.0-rc.1.

[WayBack] Red Hat said, “The privilege escalation flaw makes it possible for any user to gain full administrator privileges on any compute node being run in a Kubernetes pod. [WayBackThis is a big deal. Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall.”

And the bug, [WayBackCVE-2018-1002105, aka the Kubernetes privilege escalation flaw, is a doozy. It’s a [WayBackCVSS 9.8 critical security hole.

Via [WayBack] ​Kubernetes’ first major security hole discovered | ZDNet – Ondrej Kelle – Google+

–jeroen

Posted in Cloud, Containers, Docker, Infrastructure, Kubernetes (k8n), Power User, Security | Leave a Comment »

Uptime Robot on Twitter: “Sorry all that the API and status pages fluctuated since the last 18 hours. The issue is completely fixed and it is all back to normal now.”

Posted by jpluimers on 2018/12/04

[WayBackUptime Robot on Twitter: “Sorry all that the API and status pages fluctuated since the last 18 hours. The issue is completely fixed and it is all back to normal now.”

[WayBackJeroen Pluimerson Twitter: “Some are still broken, especially the ones with IDs 778601760 778601763 778601765 778601777 778601814 779973649 779677530 779677532 All of them reachable through various ISPs, but UpTimeRobot marks them down since about 11 hours”

See:

Failing:

Edit 20181205

Found out what happened: the IP got blocked on some spam lists. This is odd:

Even though the SMTP server behind it has relay blocked apart from the 2 domains it is primary MX for, somebody found a trick around it, I think by sending mail to the primary domains that

  1. are not caught yet by the installed backlist filters
  2. later bounce when forwarded to their forward address because their blacklist filters are by now more up-to-date,
  3. then the bounce email being flagged as SPAM.

MXTOOLBOX

The trick caused the IP to appear on 3 blacklists according to MXTOOLBOX:

Blacklist Reason TTL ResponseTime
 LISTED CBL 80.100.143.119 was listed  Detail 806 0 Ignore
 LISTED Hostkarma Black 80.100.143.119 was listed  Detail 805 0 Ignore
 LISTED Spamhaus ZEN 80.100.143.119 was listed  Detail 300 281 Ignore

Checking these revealed all to be around CBL:

CBL:

This IP address was detected and listed 6 times in the past 28 days, and 0 times in the past 24 hours. The most recent detection was at Tue Dec 4 02:25:00 2018 UTC +/- 5 minutes

Hostkarma Black:

Your reverse DNS is correct! – snip.xs4all.nl
The IP address for the reverse lookup name matches the original IP – RDNS Information

This is a list from our log files showing the activity from IP address 80.100.143.119. Our system stores information for 4 days.

/ip-log/karma.log.06:black 80.100.143.119 auth-bad ID=79648-15207 X=mxbackup H=snip.xs4all.nl [80.100.143.119]:40353 HELO=[[127.0.0.1]] SN=[M.ASMMSS.06446644586518723606@terrain.gov.harvard.edu] AUTH=[antonio] T=[irena.getheridge2018@outlook.fr] S=[Re: RcPT[(ALERT) | 0644664458]]

Spamhaus ZEN:

80.100.143.119 is not listed in the SBL

80.100.143.119 is not listed in the PBL

80.100.143.119 is listed in the XBL, because it appears in:

dnsbl.spfbl.net

Further research also found an entry in dnsbl.spfbl.net:

Check result of IP 80.100.143.119

This is the rDNS found:

This IP was flagged due to misconfiguration of the e-mail service or the suspicion that there is no MTA at it.

For the delist key can be sent, select the e-mail address responsible for this IP:

  • add a PayPal user’s email for 6.00 BRL.
  • add a PayPal user’s email for 1.50 USD.
  • <abuse@xs4all.nl> qualified.
  • <postmaster@snip.xs4all.nl> qualified.
  • <postmaster@xs4all.nl> qualified.

The rDNS must be registered under your own domain. We do not accept rDNS with third-party domains.

A chicken-and-egg situation here: since snip.xs4all.nl is blocked because of the blacklist entry, I cannot request a validation email for the blacklist entry.

But then there was MultiRBL showing that most DNS black lists are aggregators of others.

jeroen

Read the rest of this entry »

Posted in *nix, DNS, Internet, Monitoring, Power User, Uptimerobot | Leave a Comment »

Trying to get golang working on a new system I learned a few things…

Posted by jpluimers on 2018/12/04

From a G+ post a while ago, but they still hold after seeing much more golang projects: [WayBack] Trying to get golang working on a new system I learned a few things today: … – Jeroen Wiert Pluimers – Google+

This is too bad as it indicates a lot of golang programmers are not that aware of maintaining projects for the longer term, nor about the real meaning of cross platform over time.

  • many golang developers have a hate relationship towards non-standard systems, especially Windows, likely because history has not proven to them yet that systems over time are distinctly different, even in the same family of operating systems
  • much golang tooling radiate “showing progress or logging is for whimps, it it takes time, wait, or watch a process monitor like ps, task manager or activity monitor), like for instance this issue that has been open for a year https://github.com/golang/dep/issues/1001 [WayBack]
  • few golang developers understand that there are older versions of make (especially the Borland one) with different syntaxes. The ones that do not, sort of get mad, failing to understand developing software is 80+% maintenance, meaning keeping old stuff around so you are sure you can build things depending on that old stuff.
  • many of the Makefile entries are filled with bashisms which makes it hard to use with different shells

Fun: [WayBack] Capitalization of GoLang should actually be golang. It’s also not automatic… | Hacker News

–jeroen

Posted in Development, Go (golang), Software Development | Leave a Comment »

Hi there. Is it possible to get RTTI information for IDE “built-in” classes …

Posted by jpluimers on 2018/12/04

For my link archive: [WayBack] Hi there.Is it possible to get RTTI information for IDE “built-in” classes with an OTA Wizard?Let’s say I create a TRttiContext object in my wizard…. – Fl Ko – Google+

Here is an IDE explorer that helps: [WayBack] GitHub – DGH2112/Delphi-IDE-Explorer: A RAD Studio IDE wizard / expert / plugin that allows you to browser the internal fields, methods, properties and events of the IDE.

–jeroen

Posted in Debugging, Delphi, Development, Software Development | Leave a Comment »

Mac OS X/MacOS: Capturing yourself in Photo Booth without being mirrored

Posted by jpluimers on 2018/12/04

Quite a while back I wrote [WayBackViewing an USB camera on Mac OS X without mirroring.

I still use the solution Quick Camera mentioned there, but also found a solution that works with the Photo Booth application:

Just made a QTZ to counteract the annoying mirror-image which is considered “normal” in Photo Booth. I borrowed a patch from the “Effect.qtz” which is located inside the Photo Booth.app, and I edited it in Quartz Composer . Please note that this will NOT affect the mirror-image which occurs using other effects; they will STILL be mirror images of your subject.

This patch fixes the preview, photos AND video. This patch fixes the SOURCE of the video, not the resulting output images.

[WayBackUN-MIRROR yourself in Photo Booth – patch | MacRumors Forums

Steps to manually create the Quartz file are at [WayBackCamera question: Why is the camera a mirror effect? | Mac Forums

So I learned about Quarts Composer and composition plugins which are basically a visual programming language:

This is unlike another QC that got killed.

–jeroen

[WayBackpicture-2-png.195665 (1314×897)

Read the rest of this entry »

Posted in Apple, Mac OS X / OS X / MacOS, Power User | Leave a Comment »

UTF-8 support for single byte character sets is beta in Windows and likely breaks a lot of applications not expecting this (via Unicode in Microsoft Windows: UTF-8 – Wikipedia)

Posted by jpluimers on 2018/12/04

Uh-oh: [WayBack] Unicode in Microsoft Windows: UTF-8 – Wikipedia:

Microsoft Windows has a code page designated for UTF-8code page 65001. Prior to Windows 10 insider build 17035 (November 2017),[7] it was impossible to set the locale code page to 65001, leaving this code page only available for:

  • Explicit conversion functions such as MultiByteToWideChar
  • The Win32 console command chcp 65001 to translate stdin/out between UTF-8 and UTF-16.

This means that “narrow” functions, in particular fopen, cannot be called with UTF-8 strings, and in fact there is no way to open all possible files using fopen no matter what the locale is set to and/or what bytes are put in the string, as none of the available locales can produce all possible UTF-16 characters.

On all modern non-Windows platforms, the string passed to fopen is effectively UTF-8. This produces an incompatibility between other platforms and Windows. The normal work-around is to add Windows-specific code to convert UTF-8 to UTF-16 using MultiByteToWideChar and call the “wide” function.[8] Conversion is also needed even for Windows-specific api such as SetWindowText since many applications inherently have to use UTF-8 due to its use in file formats, internet protocols, and its ability to interoperate with raw arrays of bytes.

There were proposals to add new API to portable libraries such as Boost to do the necessary conversion, by adding new functions for opening and renaming files. These functions would pass filenames through unchanged on Unix, but translate them to UTF-16 on Windows.[9] This would allow code to be “portable”, but required just as many code changes as calling the wide functions.

With insider build 17035 and the April 2018 update (nominal build 17134) for Windows 10, a “Beta: Use Unicode UTF-8 for worldwide language support” checkbox appeared for setting the locale code page to UTF-8.[a] This allows for calling “narrow” functions, including fopen and SetWindowTextA, with UTF-8 strings. Microsoft claims this option might break some functions (a possible example is _mbsrev[10]) as they were written to assume multibyte encodings used no more than 2 bytes per character, thus until now code pages with more bytes such as GB 18030 (cp54936) and UTF-8 could not be set as the locale.[11]

  1. Jump up^ [WayBack“UTF-8 in Windows”Stack Overflow. Retrieved July 1, 2011.
  2. Jump up^ [WayBack“Boost.Nowide”.
  3. Jump up^ [WayBackhttps://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/strrev-wcsrev-mbsrev-mbsrev-l
  4. Jump up^ [WayBack“Code Page Identifiers (Windows)”msdn.microsoft.com.

Via [WayBack] Microsoft Windows Beta UTF-8 support for Ansi API could break things. Wiki Article of the Change… – Tommi Prami – Google+

Related, as handling encoding is hard, especially if it is changed or not your default:

–jeroen

Posted in .NET, C, C++, Delphi, Development, Encoding, GB 18030, Power User, Software Development, UTF-16, UTF-32, UTF-8, UTF16, UTF32, UTF8, Windows, Windows 10 | 2 Comments »