Amazon shows how not to return an HTTP 500 (Internal Server Error) result page: a page with content 500, but result HTTP 200 (OK).
[Wayback] https://www.amazon.de/errors/500
--jeroen
Archive for the ‘Internet protocol suite’ Category
Example how not to return a HTPP-500 result: Amazon DE – Tut uns Leid!
Posted by jpluimers on 2025/08/14
Posted in Communications Development, Development, HTML, HTTP, Internet protocol suite, Software Development, TCP, Web Development | Leave a Comment »
In case I need a small 5-port managed switch that can do port-mirroring: GS305E | Easy Smart Managed Essentials Switch | NETGEAR Support
Posted by jpluimers on 2025/08/13
[Wayback/Archive] GS305E | Easy Smart Managed Essentials Switch | NETGEAR Support which can do many-to-one port mirroring.
This is a newer and cheaper hardware revision than the:
- GS105Ev2 (which is managed and can do port-mirroring, and is confusingly sold as GS105E-200) which in Germany already is end-of-life
- GS105Ev1 (which is unmanaged and cannot do port-mirroring and is confusingly sold as GS105E-100) which is end-of-life but still sold
Via [Wayback/Archive] Everyone Should Have One of These – EASY Packet Capture! – YouTube who explains very well why you need a switch that can do port-mirroring, then recommends the GS105E but forgets to mention:
- there are different revisions of the GS105E with the above drawbacks
- there is GS305E
Related:
Share this:
Posted in Blue team, Communications Development, Development, Ethernet, Hardware, Internet protocol suite, Network-and-equipment, Power User, Red team, Security, Software Development, TCP, UDP | Leave a Comment »
html – What can cause Chrome to give an net::ERR_FAILED on cached content against a server on localhost? – Stack Overflow
Posted by jpluimers on 2025/08/07
On my research list [Wayback/Archive] html – What can cause Chrome to give an net::ERR_FAILED on cached content against a server on localhost? – Stack Overflow
The reason what that back then this would fail (but worked in Firefox and Safari, and because I was in a hurry I didn’t research further): [Wayback/Archive] https://www.office.com/
This site can’t be reached
The webpage at https://www.office.com/ might be temporarily down or it may have moved permanently to a new web address.
ERR_FAILED
Thanks [Wayback/Archive] Mason Wheeler and [Wayback/Archive] Joel Davey.
Details:
Share this:
Posted in Chrome, Communications Development, Development, Encryption, HTTP, https, HTTPS/TLS security, Power User, Security, TCP, TLS, Web Browsers, Web Development | Leave a Comment »
linux – Get final URL after curl is redirected – Stack Overflow (plus some Twitter scraping tricks)
Posted by jpluimers on 2025/08/06
Sometimes I need [Wayback/Archive] Redirect Checker | Check your Statuscode 301 vs 302 on the command-line, so cURL to the rescue: [Wayback/Archive] linux – Get final URL after curl is redirected – Stack Overflow. The relevant portions of answers and comments further below.
TL;DR:
Since I prefer verbose command-line arguments (you can find them at the [Wayback/Archive] curl – How To Use on-line man page) especially in scripts this HTTP GET request is what works with Twitter:
% curl --location --silent --output /dev/null --write-out "%{url_effective}\n" https://twitter.com/anyuser/status/20https://x.com/anyuser/status/20
This failed (twitter dislikes HTTP HEAD requests):
% curl --head --location --silent --output /dev/null --write-out "%{url_effective}\n" https://twitter.com/anyuser/status/20https://twitter.com/anyuser/status/20
Notes
Given so many of my scripts now run on zsh, I added the new-line because of command line – Why does a cURL request return a percent sign (%) with every request in ZSH? – Stack Overflow. You can strip that bit.
Note that these do not perform client side redirects, so they do not return the ultimate originating URL https://x.com/jack/status/20 (which was the first ever Tweet on what was back then called twttr) as Twitter on the client-side overwrites window.location.href with the final URL. Similar behaviour for getting the Twitter user handle of a Twitter user ID, more on Twitter tricks below.
Tweet by TweetID trick via [Wayback/Archive] Accessing a tweet using only its ID (and without the Twitter API) – Bram.us.
Further reading (thanks [Wayback/Archive] vise, [Wayback/Archive] Daniel Stenberg, [Wayback/Archive] Ivan, [Wayback/Archive] AndrewF, [Wayback/Archive] Roger Campanera, and [Wayback/Archive] Dave Baird):
Share this:
Posted in *nix, *nix-tools, bash, Batch-Files, Bookmarklet, Communications Development, Conference Topics, Conferences, CSS, cURL, Development, Event, HTTP, Internet protocol suite, JavaScript/ECMAScript, Power User, Scripting, SocialMedia, Software Development, TCP, Twitter, Web Browsers, Web Development | Tagged: 76 | Leave a Comment »
Tribal Knowledge? Getting the public keys from github and gitlab users from their username
Posted by jpluimers on 2025/04/03
Learned a while ago: if you have the username from a GitHub or GitLab user, you can download interesting that sometimes can make life easier (but not necessarily more secure):
github.com/username.keysgives you their public SSH keysgitlab.com/username.keysgives you their public SSH keysgithub.com/username.pnggives you their profile image
And that there are tools like gh, glab and age that can make direct use of them.
I love Twitter, so thanks for these for teaching me these little tricks:
Share this:
Posted in *nix, *nix-tools, ArchiveTeamWarrior, Conference Topics, Conferences, Development, Event, GitHub, GitLab, Internet, InternetArchive, OpenSSH, Power User, Software Development, Source Code Management, SSH, ssh/sshd, WayBack machine | Tagged: GitHub, GitLab | Leave a Comment »
Some HTTP redirect checking sites compared
Posted by jpluimers on 2025/04/02
Every now and then I want to check how a URL redirect, for instance when checking out why a domain failed loading in browsers a while ago because of certificate problems:
- [Wayback/Archive] SSL Server Test: vems-sassenheim.nl (Powered by Qualys SSL Labs)
- [Wayback/Archive] SSL Server Test: www.vems-sassenheim.nl (Powered by Qualys SSL Labs)
The thing was that back then, the site officially did not have a security certificate, but somehow the provider had installed a self-signed one. Most web-browsers then auto-redirect from http to https. Luckily the archival sites can archive without redirecting:
When querying [Wayback/Archive] redirect check – Google Search, you get quite some results. These are the ones I use most in descending order of preference and why they are at that position:
Share this:
Posted in *nix, *nix-tools, archive.is / archive.today, Communications Development, Development, Encryption, HTTP, https, HTTPS/TLS security, Internet, Internet protocol suite, ISP, Power User, Security, Software Development, TCP, WayBack machine, Web Development, wget, xs4all | Leave a Comment »
Nartac Software – IIS Crypto
Posted by jpluimers on 2025/03/26
Not just for IIS, but for hardening any Windows system including ones running http.sys (like ADFS): [Wayback/Archive] Nartac Software – IIS Crypto
Share this:
Posted in .NET, Communications Development, Development, Encryption, HTTP, HTTPS/TLS security, Software Development, TCP, Web Development | Leave a Comment »
Reminder to self: re-check the Dotpe API Security Breach — bool.dev
Posted by jpluimers on 2025/03/04
Still public merchant information
It looks like some store and merchang APIs were not protected back when [Wayback/Archive] Dotpe API Security Breach — bool.dev was published.
Reminder to self: check their status now as I can’t believe their “human error” got fixed properly.
History (reverse chronological order):
- [Wayback/Archive] How DotPe’s ‘Human Error’ Exposed Confidential Customer API Data
- [Wayback/Archive] Deedy on X: “Today, Google-backed DotPe locked down their APIs by rate-limiting by IP on /external/merchant and blocking others. They sent a legal notice to the author before fixing it and haven’t publicly acknowledged the issue at all. Companies must be held accountable for poor security.…”
[Wayback/Archive] Tweet JSON: [Wayback/Archive] GYSlTthakAEoojp.png:orig (2346×1838)
-
Now protected private API
[Wayback/Archive] Deedy on X: “6 hours later, the API is still very much public! …”
[Wayback/Archive] Tweet JSON: [Wayback/Archive] GYK38dXbkAEEEs_.jpg:orig (1358×1798)
Share this:
Posted in Communications Development, Development, HTTP, Infosec (Information Security), Internet protocol suite, REST, Software Development, TCP, Web Development | Leave a Comment »
crt.sh allows you to search for the history of TLS certificates for domains (example: *.wiert.me)
Posted by jpluimers on 2024/11/19
I while ago, I bumped into [Wayback/Archive] crt.sh | Certificate Search that allows searching for (the history of) TLS certificates.
One example of what it returns is [Wayback/Archive] crt.sh | wiert.me (for my blog domain and subdomains).
The basic mechanism of crt.sh is to query various Certificate Transparency logs and Certificate revocation list, terms I vaguely knew, but never fully realised the vast usefulness of (including questions like [Wayback/Archive] How does crt.sh becomes aware of certificates that are in no CT logs?).
The cool thing is that most (everything?) of it is open source in the various repositories at [Wayback/Archive] Github: crt.sh.
There is also an advanced search page [Wayback/Archive] crt.sh | Certificate Search (a=1) with many more options (including linting) I really want to try later plus a bunch of background links (including the support forum at) of which some *.crt.sh returned a http 502 while writing this blog post. Will try later to see if they have started working again:
Share this:
Posted in Communications Development, Development, Encryption, HTTPS/TLS security, Internet protocol suite, Power User, Security, TCP, TLS | Leave a Comment »
Attempting to stop Microsoft users sending ‘reactions’ to email from me by adding a postfix header
Posted by jpluimers on 2024/09/27
If you do not want Outlook kinds of clients spamming you, then add this header to your email messages above the Content-Type header (see [Wayback/Archive] The Message Content-Type in MIME)
x-ms-reactions: disallow
[Wayback/Archive] Attempting to stop Microsoft users sending ‘reactions’ to email from me by adding a postfix header
Via [Wayback/Archive] Kris: “x-ms-reactions: disallow http…” – chaos.social
x-ms-reactions: disallowEine kleine Mailserver Config verhindert, daß Outlook Volldeppen meine Mailbox mit Likes spammen.
Sehr gut.
--jeroen
Share this:
Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Office, Outlook, postfix, Power User, SMTP | Leave a Comment »
The Wiert Corner - irregular stream of stuff 