Archive for the ‘Internet protocol suite’ Category
Posted by jpluimers on 2025/04/03
Learned a while ago: if you have the username from a GitHub or GitLab user, you can download interesting that sometimes can make life easier (but not necessarily more secure):
github.com/username.keys gives you their public SSH keysgitlab.com/username.keys gives you their public SSH keysgithub.com/username.png gives you their profile image
And that there are tools like gh, glab and age that can make direct use of them.
I love Twitter, so thanks for these for teaching me these little tricks:
Read the rest of this entry »
Posted in *nix, *nix-tools, ArchiveTeamWarrior, Conference Topics, Conferences, Development, Event, GitHub, GitLab, Internet, InternetArchive, OpenSSH, Power User, Software Development, Source Code Management, SSH, ssh/sshd, WayBack machine | Tagged: GitHub, GitLab | Leave a Comment »
Posted by jpluimers on 2025/04/02
Every now and then I want to check how a URL redirect, for instance when checking out why a domain failed loading in browsers a while ago because of certificate problems:
The thing was that back then, the site officially did not have a security certificate, but somehow the provider had installed a self-signed one. Most web-browsers then auto-redirect from http to https. Luckily the archival sites can archive without redirecting:
When querying [Wayback/Archive] redirect check – Google Search, you get quite some results. These are the ones I use most in descending order of preference and why they are at that position:
Read the rest of this entry »
Posted in *nix, *nix-tools, archive.is / archive.today, Communications Development, Development, Encryption, HTTP, https, HTTPS/TLS security, Internet, Internet protocol suite, ISP, Power User, Security, Software Development, TCP, WayBack machine, Web Development, wget, xs4all | Leave a Comment »
Posted by jpluimers on 2024/11/19
I while ago, I bumped into [Wayback/Archive] crt.sh | Certificate Search that allows searching for (the history of) TLS certificates.
One example of what it returns is [Wayback/Archive] crt.sh | wiert.me (for my blog domain and subdomains).
The basic mechanism of crt.sh is to query various Certificate Transparency logs and Certificate revocation list, terms I vaguely knew, but never fully realised the vast usefulness of (including questions like [Wayback/Archive] How does crt.sh becomes aware of certificates that are in no CT logs?).
The cool thing is that most (everything?) of it is open source in the various repositories at [Wayback/Archive] Github: crt.sh.
There is also an advanced search page [Wayback/Archive] crt.sh | Certificate Search (a=1) with many more options (including linting) I really want to try later plus a bunch of background links (including the support forum at) of which some *.crt.sh returned a http 502 while writing this blog post. Will try later to see if they have started working again:
Read the rest of this entry »
Posted in Communications Development, Development, Encryption, HTTPS/TLS security, Internet protocol suite, Power User, Security, TCP, TLS | Leave a Comment »
Posted by jpluimers on 2024/09/24
Quite a while ago [Wayback/Archive] string – Check if MyString[1] is an alphabetical character? – Stack Overflow asked by [Wayback/Archive] User Jeff was answered by [Wayback/Archive] Andreas Rejbrand:
The simplest approach is
function GetAlphaSubstr(const Str: string): string;
const
ALPHA_CHARS = ['a'..'z', 'A'..'Z'];
var
ActualLength: integer;
i: Integer;
begin
SetLength(result, length(Str));
ActualLength := 0;
for i := 1 to length(Str) do
if Str[i] in ALPHA_CHARS then
begin
inc(ActualLength);
result[ActualLength] := Str[i];
end;
SetLength(Result, ActualLength);
end;
but this will only consider English letters as “alphabetical characters”. It will not even consider the extremely important Swedish letters Å, Ä, and Ö as “alphabetical characters”!
Slightly more sophisticated is
function GetAlphaSubstr2(const Str: string): string;
var
ActualLength: integer;
i: Integer;
begin
SetLength(result, length(Str));
ActualLength := 0;
for i := 1 to length(Str) do
if Character.IsLetter(Str[i]) then
begin
inc(ActualLength);
result[ActualLength] := Str[i];
end;
SetLength(Result, ActualLength);
end;
Back in 2011 I added a comment that for more than a decade would redirect to the most current documentation on the IsLetter method:
Back then, Delphi X2 was current, so it would redirect
- from http://docwiki.embarcadero.com/VCL/en/Character.TCharacter.IsLetter
- to [Wayback] http://docwiki.embarcadero.com/VCL/XE2/en/Character.TCharacter.IsLetter
- then to [Wayback] http://docwiki.embarcadero.com/VCL/XE2/en/Character.TCharacter.IsLetter
- ending at [Wayback] http://docwiki.embarcadero.com/Libraries/XE2/en/System.Character.TCharacter.IsLetter
After a long outage in 2022 (see The Delphi documentation site docwiki.embarcadero.com has been down/up oscillating for 4 days is now down for almost a day.) only the Alexandria help was restored.
This killed the above redirect.
Luckily [Wayback/Archive] George Birbilis noticed that and commented this:
@JeroenWiertPluimers the correct link now is: docwiki.embarcadero.com/Libraries/Alexandria/en/…
In order to refer to the most recent Delphi version, now you have to use [Wayback] http://docwiki.embarcadero.com/Libraries/en/System.Character.TCharacter.IsLetter.
This redirects:
- via [Wayback] http://docwiki.embarcadero.com/Libraries/Alexandria/en/System.Character.TCharacter.IsLetter to
- to [Wayback] https://docwiki.embarcadero.com/Libraries/Alexandria/en/System.Character.TCharacter.IsLetter
The above breaks the help integration from older Delphi products which is bad. It is also bad because it makes it harder to port legacy Delphi code to more modern Delphi versions.
Hopefully the above gives you a bit insight how the docwiki help system was designed and what is left of that design.
–jeroen
Posted in Communications Development, Conference Topics, Conferences, Delphi, Development, Encryption, Event, HTML, HTTP, https, HTTPS/TLS security, Internet protocol suite, Power User, Security, Software Development, TCP, TLS, Web Development | Leave a Comment »
Posted by jpluimers on 2023/12/26
Every once in a while Jan Schaumann writes a long Twitter thread and saves it in a blog post. Always good ways to learn. This time it was no different: [Wayback/Archive] DNS Response Size started with
Read the rest of this entry »
Posted in Communications Development, Development, DNS, Internet, Internet protocol suite, IPv4, IPv6, Power User, TCP, tcpdump, UDP, Wireshark | Leave a Comment »
Posted by jpluimers on 2023/12/24
Jan Wildeboer was mad for good reasons, though the open source projects didn’t yet seem to publicly have show their real madness, just bits like [Wayback/Archive] oss-security – Re: Re: New SMTP smuggling attack:
I'm a little confused by sec-consult's process here. They identify a
problem affecting various pieces of software including some very widely
deployed open source software, go to the trouble of doing a coordinated
disclosure, but only do that with...looking at their timeline... gmx,
microsoft and cisco?
“SMTP Smuggling” is bad, and big open source SMTP server projects like exim, postfix and sendmail needed to assess and fix/prevent the issue on very short notice: effectively confronting them with a zero-day less than a week between the information got released and the Holiday season.
That gives “deploy on Fridays” a totally different dimension.
How bad? Well, it already managed to reach this Newline – Wikipedia entry:
The standard Internet Message Format[26] for email states: “CR and LF MUST only occur together as CRLF; they MUST NOT appear independently in the body”. Differences between SMTP implementations in how they treat bare LF and/or bare CF characters have led to so-called SMTP smuggling attacks[27].
The crux of the problem is very well described by the “Postfix: SMTP Smuggling” link below: recommended reading, and the middle of [Wayback/Archive] SMTP Smuggling – Spoofing Emails Worldwide | Hacker News
…
TLDR: In the SMTP protocol, the end of the payload (email message) is indicated by a line consisting of a single dot. The line endings normally have to be CRLF, but some MTAs also accept just LF before and/or after the dot. This allows SMTP commands that follow an LF-delimited dot line to be “tunneled” through a first MTA (which requires CRLF and thus considers the commands to be part of the email message) to a second MTA (which accepts LF and thus processes the commands as real commands). For the second MTA, the commands appear to come from the first MTA, hence this allows sending any email that the first MTA is authorized to send. That is, emails from arbitrary senders under the domains associated with the first MTA can be spoofed.
…
Here are some links to keep you busy the next hours/days/weeks:
And the toots linking to background information:
Read the rest of this entry »
Posted in *nix, *nix-tools, Communications Development, Development, exim mail, Internet protocol suite, postfix, Power User, Python, Scripting, sendmail, SMTP, Software Development | Leave a Comment »
Posted by jpluimers on 2023/09/14
For my link archive so I can better automate archiving Tweet threads using bookmarklets written in JavaScript:
The base will likely be this:
javascript:void(open(`https://archive.is/?run=1&url=${encodeURIComponent(document.location)}`))
which for now I have modified into this:
javascript:void(open(`https://threadreaderapp.com/search?q=${document.location}`))
It works perfectly fine without URL encoding and demonstrates the JavaScript backtick feature for template literals for which you can find documentation at [WayBack/Archive] Template literals – JavaScript | MDN.
Read the rest of this entry »
Posted in *nix, *nix-tools, bash, bash, Bookmarklet, Communications Development, cURL, Development, HTTP, https, Internet protocol suite, Power User, Scripting, Security, Software Development, TCP, Web Browsers | Leave a Comment »
The Wiert Corner - irregular stream of stuff 