Twitter won’t be the same after today as many useful bots ran by volunteers will dy as they cannot raise the required USD 42k per month to operate.
Nice 54th birthday present Elon!
–jeroen
Archive for April, 2023
54th birthday present: The death of useful #a11y #Accessibility bots like @AltTextUtil
Posted by jpluimers on 2023/04/29
Posted in Uncategorized | Leave a Comment »
Kevin Beaumont on Twitter: “Folks, we named blue team and red team wrong. https://t.co/eWKCSH8lqQ” / Twitter
Posted by jpluimers on 2023/04/28
[Archive] Kevin Beaumont on Twitter: “Folks, we named blue team and red team wrong. ” / Twitter
–jeroen
Share this:
Posted in Fun, Power User, Security | Leave a Comment »
I want to check out how to do POST requests using bookmarklets in order to save URLs to the WayBack machine
Posted by jpluimers on 2023/04/27
I want to check out how to do POST requests using bookmarklets in order to save URLs to the Wayback machine.
The reason is that every few months or so, saving a page the normal way through a something like https://web.archive.org/save/URL fails for one reason or the other, but going to https://web.archive.org/save, then entering URL, and pressing “SAVE PAGE” button works fine:
- [Archive] Jeroen Wiert Pluimers on Twitter: “Does anyone why the @waybackmachine has a lot of
job failedand404errors over the last few days? … and … just returned a 404; most of my archivals the last few days failed or had to be retried at least half a dozen times to succeed. …” / Twitter - [Archive] Jeroen Wiert Pluimers on Twitter: “Workaround – still slow, but at least succeeds sometimes: … then enter the URL to be archived.” / Twitter
- [Archive] Jeroen Wiert Pluimers on Twitter: “Workaround now consistently fails for https://t.co/ruKnfWlfJ0 Is here a @waybackmachine status page somewhere?” / Twitter
The the failing way above is using a GET request, the succeeding workaround will open https://web.archive.org/save/URL using the below POST request (where I omitted some HTTP cookies and HTTP header fields for brevity).
- POST request using
PowerShell:
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession $session.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36" Invoke-WebRequest -UseBasicParsing -Uri "https://web.archive.org/save/URL" ` -Method "POST" ` -WebSession $session ` -Headers @{ "method"="POST" "origin"="https://web.archive.org" "referer"="https://web.archive.org/save" } ` -ContentType "application/x-www-form-urlencoded" ` -Body "url=URL&capture_outlinks=on&capture_all=on&capture_screenshot=on" - POST request using cURL on
bash:
curl 'https://web.archive.org/save/URL' \ -H 'origin: https://web.archive.org' \ -H 'content-type: application/x-www-form-urlencoded' \ -H 'referer: https://web.archive.org/save' \ --data-raw 'url=URL&capture_outlinks=on&capture_all=on&capture_screenshot=on' \ --compressed - POST request using the fetch API in JavaScript:
fetch("https://web.archive.org/save/URL", { "headers": { "content-type": "application/x-www-form-urlencoded", }, "referrer": "https://web.archive.org/save", "body": "url=URL&capture_outlinks=on&capture_all=on&capture_screenshot=on", "method": "POST", "mode": "cors" });
BTW: Yes, I know that URL is not a valid URL, so it will return a page with “http://url/ URL syntax is not valid.“.
All links below via [Wayback/Archive] bookmarklet post request – Google Search:
- [Wayback/Archive] GlenCoakley/createFormSubmittingBookmarklets: Scans through the current web page finding all forms. It will open a new window that listing all of them along with the source for a bookmarklet that will submit that form with its current data.
- [Wayback/Archive] bookmarklet maker by tac (takes a piece of JavaScript, removes spaces, generates bookmarklet anchor which you can drag to your bookmarks)
- Source saved at [Archive] https://gist.github.com/jpluimers/893699a4dd287c1c5b76f50cd2b7f7e5
- Though I really dislike minified code, for a bookmarklet it is often the easiest way to keep it short, so:
- [Wayback/Archive] How to save a bookmark in Firefox with POST data? – Super User
- [Wayback/Archive] google chrome – Storing a HTTP POST request in a bookmark or something similar as you would with a GET request – Super User
- [Wayback/Archive] Javascript bookmarklet with POST command – Stack Overflow
- [Wayback/Archive] How to Add a Cross-Browser Bookmark Button to Your Website | The Web Flash
- [Wayback/Archive] Javascript to add a bookmark – Cross Browser
I tried to put createFormSubmittingBookmarklets/createFormSubmitBookmarklets.js in a bookmarklet using both userjs.up.seesaa.net/js/bookmarklet.html and skalman.github.io/UglifyJS-online. That failed: somehow this code does not want to run as bookmarklet.
Running it from the console is fine though, and gave me this basic bookmarklet template:
javascript:function sf(ur,ty,fd){function me(tg,pr){var el=document.createElement(tg);for(const[nm,vl]of Object.entries(pr)){el.setAttribute(nm,vl);}return el}const fm=me("form",{action:ur,method:ty,style:"display:hidden;"});for(const[nm,vl]of Object.entries(fd)){fm.appendChild(me("input",{name:nm, value:vl}))}document.body.appendChild(fm);fm.submit()}sf("https://web.archive.org/save","post",{"url":"URL","capture_outlinks":"on","capture_all":"on","capture_screenshot":"on","wm-save-mywebarchive":"on","email_result":"on","":"SAVE PAGE"});
There bold URL there is the URL to be saved. I need to test this, then rework it to become parameterised.
–jeroen
Share this:
Posted in Bookmarklet, Development, JavaScript/ECMAScript, Power User, Scripting, Software Development, Web Browsers, Web Development | Leave a Comment »
Special cartridges with heat-shrink tubing for dymo and brother label writers
Posted by jpluimers on 2023/04/26
Labeling cables is important, especially when you have a lot of them, and it is tough:
- Paper and plastic tables tend to loosen over time.
- Numbers or letters you can snap on only work on thicker cables and over time tend to break loose (due to plasticisers evaporating).
- Permanent markers are less permanent and fade over time.
Hopefully heat-shrink tubing you can print on with either Dymo or Brother laber writers will outlast 3. At least they won’t loosen like 2. and 1.
So I was glad that [Archive] Jilles🏳️🌈 (@jilles_com) / Twitter started a thread, which I tried to help keeping coherent.
Some of the messages:
- [Archive] Jilles🏳️🌈 on Twitter: “When you are chaotic and don’t want to mess stuff up”
- Dymo
- [Archive] stacksmashing on Twitter: “@jilles_com At the risk of contributing to your filled mailbox: Do you know that there’s Dymo Heat-Shrink-Tubing? “
- [Archive] Bruce Barnett on Twitter: “@ghidraninja @jilles_com “Compatible with DYMO Rhino 4200, 5200, 6000 industrial label printers.” :-( But Robert Darby’s review says it works on the $20 model 160 as well!! I’m in!”
- [Wayback/Archive] Works great with the cheaper printers too!
On a whim I ordered the DYMO LabelManager 160 label maker (well under $20) on the off chance that since the label reels are identical between the vinyl labels that it uses and this shrink wrap that maybe, just maybe it’ll work. Not to mention, save me at least $60.
As it turns out , IT DOES WORK ! - [Archive/ Jilles🏳️🌈 on Twitter: “@grymoire @ghidraninja I own a Dymo LabelManager 220P and according to the shrinktube is D1 and compatible with my label writer. Will see if that’s true tomorrow. “
- [Wayback/Archive] Works great with the cheaper printers too!
- [Archive] Bruce Barnett on Twitter: “@jpluimers @bencpye @ghidraninja @jilles_com …”
- [Archive] Bruce Barnett on Twitter: “@jpluimers @bencpye @ghidraninja @jilles_com And the Amazon link is here …”
- [Archive] Jeroen Wiert Pluimers on Twitter: “@grymoire @bencpye @ghidraninja @jilles_com Jilles already got it in the mail. Awesome! …”
[Archive] Jilles🏳️🌈 on Twitter: “Seems Nineleaf is selling DYMO compatible printable heat shrink tubes for way less: 1805443 24mm 18057 19mm = 3/4″ 18055 12mm = 1/2″ 18053 9mm = 3/8″ 18051 6mm = 1/4″ …”- [Archive] Bruce Barnett on Twitter: “@jilles_com @jpluimers @bencpye @ghidraninja Here’s the US amazon link for the 1/2” tape (18055/18056) from Nineleaf. 1 DYMO costs $34, while 3 Nineleaf cartridges costs $15. Much cheaper! No reviews though… …”
- [Archive] Jeroen Wiert Pluimers on Twitter: “@jilles_com @grymoire @bencpye @ghidraninja And more posts like this (: …”
- [Archive] Jilles🏳️🌈 on Twitter: “/mail heat shrink tube for DYMO Labelwriter “
From left to right: 6mm(1/4″), 9mm(3/8″), 12mm(1/2″), 18mm(3/4″), 24mm(1″), each length 1.5m (5′).
- [Archive] Jilles🏳️🌈 on Twitter: “Well, 24 and 19mm don’t fit in the device. …”
- [Archive] Jilles🏳️🌈 on Twitter: “6, 9 and 12mm do fit (and print) …”
- [Archive] Jilles🏳️🌈 on Twitter: “Different sizes”
From left to right: 6mm(1/4″), 9mm(3/8″), 12mm(1/2″), 18mm(3/4″), 24mm(1″), each length 1.5m (5′).
- Brother
- [Archive] Ben Pye on Twitter: “@jpluimers @grymoire @ghidraninja @jilles_com Brother apparently have something the same too – and again can work with their cheap printers “
- [Wayback/Archive] Print Your Own Heat Shrink Labels For Factory-Chic Wire Naming | Hackaday
- [Archive] Ben Pye on Twitter: “@jpluimers @grymoire @ghidraninja @jilles_com Well I could have gone cheaper but PC connected was too tempting – … Now to wait for the clone heat shrink from AliExpress…”
- [Archive] Ben Pye on Twitter: “@jpluimers @grymoire @ghidraninja @jilles_com There’s even a protocol manual! … If every printer had one of these the world would be a better place.”
- [Wayback/Archive] Print Your Own Heat Shrink Labels For Factory-Chic Wire Naming | Hackaday
- [Archive] Ben Pye on Twitter: “@jpluimers @grymoire @ghidraninja @jilles_com Brother apparently have something the same too – and again can work with their cheap printers “
–jeroen
Share this:
Posted in Development, Hardware Development, Hardware Interfacing | Leave a Comment »
VMware fixes critical zero-day Workstation/Player/Fusion exploit revealed at Pwn2Own
Posted by jpluimers on 2023/04/26
A less clickbaity title than most articles today as the below only applies to the VMware hypervisors running on MacOS and Windows.
The last Pwn2Own Zero Day Initiative revealed two major issues that allow a virtual machine to either execute code or read hypervisor memory on the VMware Workstation/Player/Fusion host:
- [Wayback/Archive] NVD – CVE-2023-20869
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
- [Wayback/Archive] NVD – CVE-2023-20870
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
Both issues have been fixed now, so be sure to deploy the fixes or, if you can’t, apply the workarounds.
Share this:
Posted in Fusion, Power User, Security, Virtualization, VMware, VMware Player, VMware Workstation | Leave a Comment »
Kevin Lewis (he/him) on Twitter: “Wow thanks for all the support folks! I’ve been working on this project today: larger font, options for single/group captioning powered by @DeepgramAI, and a static badge mode as suggested by @bitandbang https://t.co/FBELwDsD4V” / Twitter
Posted by jpluimers on 2023/04/25
Wow, just wow: [Archive] Kevin Lewis (he/him) on Twitter: “Wow thanks for all the support folks! I’ve been working on this project today: larger font, options for single/group captioning powered by @DeepgramAI, and a static badge mode as suggested by @bitandbang https://t.co/FBELwDsD4V” / Twitter
Via [Archive] Jilles🏳️🌈 on Twitter: “Love it and worried about it at the same time.” / Twitter
–jeroen
Share this:
Posted in Development, Hardware Development, Hardware Interfacing, Software Development | Leave a Comment »
So long and thanks for all the fish: PC Engines apu platform EOL (in 2024, but still)
Posted by jpluimers on 2023/04/24
It was great while it lasted, so be sure to order within the next 12 months as [Wayback/Archive] PC Engines apu platform EOL:
PC Engines apu platform EOL The end is near ! After a long production run, AMD will accept last orders for the SOC used in our apu2/3/4/5/6 boards by end of June 2023. apu phase-out We will do a life-time buy for a quantity of the AMD SOC and some other key components. We are willing to schedule customer shipments through end of June 2024. There is a 26 week lead time on the AMD SOC, expect limited supply until late 2023. First ordered, first served. Binding orders may be required for large quantities.New products ? Despite having used considerable quantities of AMD processors and Intel NICs, we don’t get adequate design support for new projects. In addition, the x86 silicon currently offered is not very appealing for our niche of passively cooled boards. After about 20 years of WRAP, ALIX and APU, it is time for me to move on to different things. Thank you ! I would like to thank all of our customers for their business, and sometimes patience.
–jeroen
Share this:
Posted in APU, Hardware, Network-and-equipment, pfSense, Power User, routers | Leave a Comment »
Need to rethink which Windows package managers to use
Posted by jpluimers on 2023/04/24
Triggered by last week’s post Need to take a look a Scoop (as a long time Chocolatey user), I need to re-think which Windows package managers to use and in what order.
Basically there are two challenges:
- User level (scoop) versus system level (winget and chocolatey) installations
- Availability of packages in each package manager
Since I hardly used winget, I need to get started at Windows Package Manager – Wikipedia.
A good example of unavailability is at [Wayback/Archive] Scott’s Ultimate Tools via Winget – DVLUP (which has the ID values for winget or chocolatey of [Wayback/Archive] Scott Hanselman’s 2021 Ultimate Developer and Power Users Tool List for Windows – Scott Hanselman’s Blog)
–jeroen
Share this:
Posted in Chocolatey, Power User, Scoop, Windows, winget | Leave a Comment »
Towards a work setup on a hardened host and doing everything in VMs
Posted by jpluimers on 2023/04/21
SwiftOnSecurity posted this interesting tweet in 2021: [Archive] SwiftOnSecurity on Twitter: “Lenovo P1 Gen3 with 12core Xeon, 64GB RAM, two 1TB M.2 SSDs. Running Windows Server 2022 with the Hyper-V role. All hardening applied to host OS, almost nothing happens here except managing guest VMs. On the second SSD I then have Win10 VMs joined to the corporate domain.” / Twitter.
I wonder if a similar setup can be done using an Apple M1 based machine as host and running all work in virtual machines.
Swift had some issues getting cameras and microphones to work: [Archive] SwiftOnSecurity on Twitter: “The problem here is Teams. If I want to pass through my webcam and microphone that could get a bit dicey, despite HyperV Enhanced Session being essentially an RDP session. For now I’m using my phone for Teams microphone. Also I’m not sure how well thermal management will work….” / Twitter
This resulted in some answers and interesting links:
- [Archive] Mitchell J. Skurnik on Twitter: “@SwiftOnSecurity Lookup RemoteFX webcam or something like that. I’ve done it before with other USB devices.” / Twitter
- [Archive] JD116 on Twitter: “@SwiftOnSecurity It’s doable, but the last time I tried it I found that you have to restart Teams after connecting with RDP for it to recognize a webcam connected via RDP. Just make sure you have the camera selected in the local resources tab & set remote audio to record for your local PC.” / Twitter
- [Archive] Leo on Twitter: “@SwiftOnSecurity I did something very similar for years. Hyper-V device passthrough was absolutely the worst sticking point, with Hyper-V networking management close behind (stop making new adapters!)” / Twitter (I remember the Wireless and Wired networks of the host not being able to be on the same client network in the days I wrote about P2V of an existing XP machine to Hyper-V to have an emergency fallback when retiring old XP physical machines whereas this is a no-brainer on VMware to get working; not much has changed on the Hyper-V side since then)
Some more interesting tweets in that thread:
- [Archive] 🐀 on Twitter: “@SwiftOnSecurity Are you using the Opal or other HW encryption features that the SSD offers for data ‘at rest’ (ie SSD is powered off)?” / Twitter
- [Archive] SwiftOnSecurity on Twitter: “The host laptop will then be joined to a completely separate “Red Forest” in AzureAD so it can be a fully-secured management point for Out-Of-Band communications in event of a total corporate compromise. It will be the bootstrap of the entire IT recovery.” / Twitter
- [Archive] Jimmy on Twitter: “@SwiftOnSecurity How do you deal with the red forest management ? Host OS is the PAW?” / Twitter ([Wayback/Archive] Privileged Access Management in Windows Server)
- [Archive] SwiftOnSecurity on Twitter: “@michkisan Yeah.” / Twitter
- [Archive] Jimmy on Twitter: “@SwiftOnSecurity Making that part work for more than couple of individuals .. at enterprise level, proved to be impossible for us” / Twitter
- [Archive] SwiftOnSecurity on Twitter: “@michkisan Yes. This will be one of a few just for the specialized domain” / Twitter
- [Archive] Jimmy on Twitter: “@SwiftOnSecurity How do you deal with the red forest management ? Host OS is the PAW?” / Twitter ([Wayback/Archive] Privileged Access Management in Windows Server)
- [Archive] Nyarlohotep rises on Twitter: “@SwiftOnSecurity I have a P1G3, and the thermals are atrocious. Ended up disabling boost via the power management settings to limit the CPU to 99%. Laptop sits tented on my desk with two external displays. If it wasn’t a work-issued machine, I’d take it apart and repaste the CPU cooler” / Twitter
- [Archive] Vincent Milum Jr on Twitter: “@SwiftOnSecurity Dunno bout Hyper-V, but VMWare Workstation will most likely allow those devices to be passed into the guest OS.” / Twitter
- [Archive] SwiftOnSecurity on Twitter: “The host laptop will then be joined to a completely separate “Red Forest” in AzureAD so it can be a fully-secured management point for Out-Of-Band communications in event of a total corporate compromise. It will be the bootstrap of the entire IT recovery.” / Twitter
- [Archive] SwiftOnSecurity on Twitter: “Every empire needs its capital city. ” / Twitter
- [Archive] Mirko Schnellbach 🇪🇺 on Twitter: “@SwiftOnSecurity Win11 has Hyper-V and probably better power management / driver support for laptop class HW. Why install Server?” / Twitter
- [Archive] SwiftOnSecurity on Twitter: “@MadMirko Less junk overhead I’d need to rip out or disable. I could do a comparison still we’ll see” / Twitter
- [Archive] SwiftOnSecurity on Twitter: “Every empire needs its capital city. ” / Twitter
–jeroen
Share this:
Posted in Apple, M1 Mac, Mac, Power User, Windows | Leave a Comment »
2023: Data kampen – Elisabeth Ruiterkampen
Posted by jpluimers on 2023/04/20
Voor mijn geheugen, de paardrijkampen in 2023: [Wayback/Archive] Data kampen – Elisabeth Ruiterkampen
–jeroen
Share this:
Posted in Uncategorized | Leave a Comment »
The Wiert Corner - irregular stream of stuff 