The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,839 other subscribers

Archive for the ‘Communications Development’ Category

« Previous Entries
Next Entries »

Random User Generator | Home

Posted by jpluimers on 2021/11/23

Cool tool for when you ever need random users to test a system [Wayback] Random User Generator | Home:

Random user generator is a FREE API for generating placeholder user information. Get profile photos, names, and more. It’s like Lorem Ipsum, for people.

This was used when extracting Parler data to substantiate evidence around the 20210106 USA Capitol riots.

You can even use a simple HTTP GET like [Wayback] randomuser.me/api and get a JSON result like this.

{"results":[{"gender":"female","name":{"title":"Miss","first":"Malou","last":"Mortensen"},"location":{"street":{"number":2669,"name":"Lyngbyvej"},"city":"Sundby","state":"Syddanmark","country":"Denmark","postcode":48047,"coordinates":{"latitude":"-35.1307","longitude":"113.7480"},"timezone":{"offset":"+1:00","description":"Brussels, Copenhagen, Madrid, Paris"}},"email":"malou.mortensen@example.com","login":{"uuid":"981747de-66fe-40b0-87ea-adfe403fe1be","username":"purpleostrich871","password":"sweets","salt":"x86aQbIB","md5":"55497ac53530b428f98b9d36267ceeef","sha1":"358b94ffabe7d827c34da15791e5d6717c594428","sha256":"6e357e887877e29b7e6d53073f648174382c53c24f83479e25fed9c82075ed32"},"dob":{"date":"1995-06-05T04:50:35.145Z","age":26},"registered":{"date":"2018-07-21T00:59:50.523Z","age":3},"phone":"02990797","cell":"94800012","id":{"name":"CPR","value":"050695-9954"},"picture":{"large":"https://randomuser.me/api/portraits/women/27.jpg","medium":"https://randomuser.me/api/portraits/med/women/27.jpg","thumbnail":"https://randomuser.me/api/portraits/thumb/women/27.jpg"},"nat":"DK"}],"info":{"seed":"8971869bb62b73d7","results":1,"page":1,"version":"1.3"}}

Via:

–jeroen

Read the rest of this entry »

Posted in Communications Development, Development, HTTP, Internet protocol suite, JavaScript/ECMAScript, JSON, Python, REST, Scripting, Software Development, TCP | Leave a Comment »

🔎Julia Evans🔍 on Twitter: “ten questions about UDP”

Posted by jpluimers on 2021/11/10

From a while back, but still relevant when you learn all your life:

[Archive.is] 🔎Julia Evans🔍 on Twitter: “ten questions about UDP: “

[WayBack] UDP questions

Hello! Here are some questions & answers. The goal isn’t to get all the questions “right”. Instead, the goal is to learn something! If you find a topic you’re interested in learning more about, I’d encourage you to look it up and learn more

–jeroen

Read the rest of this entry »

Posted in Communications Development, Development, Internet protocol suite, Software Development, UDP | Leave a Comment »

Some links on SMTP tar-pit to lessen SPAM

Posted by jpluimers on 2021/11/03

Some links for my archive; note that pure tar-pits by now are also hampering large email sender services like SendGrid, Mailgun and Amazon SES.

So the below links are for educational and historic purposes only.

I assembled these links because out of a sudden, Ring 2FA verification emails could not be delivered any more.

Ring 2FA came mandatory towards the end of February 2020.

Some links on that:

Sendmail timeouts:

–jeroen

Read the rest of this entry »

Posted in *nix, Communications Development, Development, HIS Host Integration Services, Internet protocol suite, Power User, SMTP | Leave a Comment »

Windows: unblocking SMB/NetBIOS/CIFS/File-and-Printer-sharing traffic from other subnets

Posted by jpluimers on 2021/10/29

If you enable File and Printer sharing on Windows, by default the firewall only enables it on private networks for the local subnet as remote address (for domain networks, it allows “Any”) as seen on the picture below.

When your network consists of multiple subnets, for instance when it is large, or multiple sites are connected via site-to-site VPN (often called LAN-to-LAN VPN) solutions, then these subnets cannot access each others files or printers.

Realising these default blocks, they are easy to resolve as explained in for instance [WayBack] Windows firewall blocking network shares through VPN server – Server Fault by [WayBack] Brian:

I realize this is almost three years late, but I just spent today fighting with the same problem. I did get it working, so I figured I’d share. Note that I’m using a Windows 7 PC as the file server; other versions might need slightly different configuration.

In the “Windows Firewall with Advance Security”, there are several “File and Printer Sharing” rules:

  • File and Printer Sharing (NB-Datagram-In)
  • File and Printer Sharing (NB-Name-In)
  • File and Printer Sharing (NB-Session-In)
  • File and Printer Sharing (SMB-In)

(There are additional rules, but I didn’t care about printer sharing. The same changes would apply if you want those.)

File and Printer Sharing appears to default to “Local subnet” only. You’ll need to add the subnet of your VPN clients.

Modify each of those rules as follows:

  1. Open the Properties dialog for the rule.
  2. Navigate to the Scope tab.
  3. In the Remote IP address section, the “These IP addresses” radio button should be selected.
  4. Click “Add…” next to the list of addresses. By default, only “Local subnet” is in the list.
  5. In the “This IP address or subnet:” field, enter the subnet assigned to your VPN clients (this is probably 192.168.1.0/24 in the OP, but if not, it’s the subnet assigned to the VPN adapter on the client side), then click OK.
  6. If you’re also using IPv6, add the VPN client IPv6 subnet as well.

That was enough for me to access file shares over the VPN.

(If you want to do it manually, you need to open TCP ports 139 and 445, and UDP ports 137 and 138, in the file server’s firewall.)

Hopefully I will find some time in the future to automate this using PowerShell, as netsh names are localised do hard to make universal.

These links might help me with that:

Read the rest of this entry »

Posted in Communications Development, Development, Internet protocol suite, Power User, SMB, TCP, Windows | Leave a Comment »

Filippo Valsorda on Twitter: “whoami.filippo.io , the SSH server that knows who you are … Try it out! $ ssh http://whoami.filippo.io”

Posted by jpluimers on 2021/10/20

[Archive.is] Filippo Valsorda on Twitter: “whoami.filippo.io , the SSH server that knows who you are, got some newly refreshed intel! Try it out! $ ssh whoami.filippo.io

The server itself has some HTML with information too whoami.filippo.io redirecting to [WayBack] ssh whoami.filippo.io (source code is at [WayBack] GitHub – FiloSottile/whoami.filippo.io: A ssh server that knows who you are. $ ssh whoami.filippo.io).

It’s a cool open source server written in Golang, that gets all your public ssh keys (ssh automatically transmits those) and tries to map them back to a GitHub account.

In addition it shows you some potential vulnerabilities of your ssh client.

Note that in October 2020, it was temporarily down, but it will be up again: [Archive.is] Filippo Valsorda 💉💉 on Twitter: “Yeah I’m planning to but I can’t give you an ETA I’m afraid. A few weeks, maybe?… “

Thread comments

Some interesting comments in the thread:

Related: [WayBack] Auditing GitHub users’ SSH key quality

Stop presenting public keys

[WayBack] GitHub – FiloSottile/whoami.filippo.io: A ssh server that knows who you are. $ ssh whoami.filippo.io: How do I stop passing public keys

How do I stop it?

If this behavior is problematic for you, you can tell ssh not to present your public keys to the server by default.

Add these lines at the end of your ~/.ssh/config (after other “Host” directives)

Host *
    PubkeyAuthentication no
    IdentitiesOnly yes

And then specify what keys should be used for each host

Host example.com
    PubkeyAuthentication yes
    IdentityFile ~/.ssh/id_rsa
    # IdentitiesOnly yes # Enable ssh-agent (PKCS11 etc.) keys

If you want you can use different keys so that they can’t be linked together

Host github.com
    PubkeyAuthentication yes
    IdentityFile ~/.ssh/github_id_rsa

–jeroen

Read the rest of this entry »

Posted in *nix, *nix-tools, Communications Development, Development, Go (golang), Internet protocol suite, Power User, Software Development, SSH, ssh/sshd, TCP | Leave a Comment »

The browser wars that started on iOS (forcing Safari) and Android (forcing Chrome) now are continued on Windows 11 (forcing Edge)

Posted by jpluimers on 2021/10/05

Via:

 

Posted in Awareness, Development, HTTP, Internet protocol suite, Software Development, TCP, TLS, URI, Web Development | Leave a Comment »

Solved: ‘Answering Yes to “You have an older version of PackageManagement known to cause issues with the PowerShell extension. Would you like to update PackageManagement (You will need to restart the PowerShell extension after)?” hung my Visual Studio Code.…’

Posted by jpluimers on 2021/10/04

From a while back: [Archive.is] Jeroen Wiert Pluimers on Twitter: ‘Answering Yes to “You have an older version of PackageManagement known to cause issues with the PowerShell extension. Would you like to update PackageManagement (You will need to restart the PowerShell extension after)?” hung my Visual Studio Code.… ‘

After clicking “Yes”, the the only thing visible was this notification that had an ever running “progress bar”:

Notifications - Powershell - Source: Powershell (Extension)

Notifications – Powershell – Source: Powershell (Extension)

The first part of the solution was relatively simple: restart Visual Studio code, then the original notification showed, and after clicking “Yes”, the “Panel” (you can toggle it with Ctrl+J) showed the “Terminal” output (yes, I was working on [Wayback/Archive.is] PowerShell script for sending Wake-on-LAN magic packets to given machine hardware MAC address, more about that later):

Read the rest of this entry »

Posted in .NET, Communications Development, Development, Encryption, HTTP, HTTPS/TLS security, Internet protocol suite, Power User, Security, Software Development, TCP, Visual Studio and tools, vscode Visual Studio Code, Windows, Windows 10 | Leave a Comment »

One of the Let’s Encrypt’s Root Certificates expired today (and their corresponding intermediate yesterday); how is your infrastructure doing?

Posted by jpluimers on 2021/09/30

Last weekend I published 5 days before the Let’s Encrypt’s Root Certificate is expiring!

It basically was a post trying to amplify the [Wayback/Archive.isLet’s Encrypt’s Root Certificate is expiring! message by [WaybackScott Helme .

Yesterday and today, he is maintaining a Twitter thread on things that have broken.

Quite a few things have, including some versions of curl, on which a lot of infrastructure relies (the certificate for it got fixed later on 20120930), see:

Two important starting points in his thread:

  1. [Archive.is] Scott Helme on Twitter: “🚨🚨🚨 5 minutes until the Let’s Encrypt R3 intermediate expires 🚨🚨🚨 29 September 2021 19:21:40 UTC”
  2. [Archive.is] Scott Helme on Twitter: “🚨🚨🚨 30 minute warning 🚨🚨🚨 IdentTrust DST Root CA X3 Expires: Sep 30 14:01:15 2021 UTC… “

If you want to check from one of your own clients, try [Archive.is] Scott Helme on Twitter: “I’ve created a test site to help identify issues with clients. If you can connect to https://t.co/bXHsnlRk8D then your client can handle being served the expired R3 Intermediate in the server chain!… “

[Wayback/Archive.is] https://expired-r3-test.scotthelme.co.uk/

Note that neither SSLabs, nor Cencys, nor CertCheckkerApp do show the expired certificate, only the new one:

Yes, I know the pluimers.com web server is rated B from a TLS perspective. Will be working on it, but I’m still recovering from rectum cancer treatments, and have an almost 1.5 year backlog to get through.

–jeroen

Posted in Communications Development, Development, Encryption, HTTP, https, HTTPS/TLS security, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Security, Software Development, TCP, TLS, Uncategorized, Web Development | Leave a Comment »

GitHub – proxykit/ProxyKit: A toolkit to create code-first HTTP reverse proxies on ASP.NET Core

Posted by jpluimers on 2021/09/28

Interesting: [Archive.is] GitHub – proxykit/ProxyKit: A toolkit to create code-first HTTP reverse proxies on ASP.NET Core:

Having built proxies many times before, I felt it is time to make a package. Forked from ASP.NET labs, it has been heavily modified with a different API, to facilitate a wider variety of proxying scenarios (i.e. routing based on a JWT claim) and interception of the proxy requests / responses for customization of headers and (optionally) request / response bodies. It also uses HttpClientFactory internally that will mitigate against DNS caching issues making it suitable for microservice / container environments.

Related:

–jeroen

Posted in .NET, .NET Core, .NET Standard, ASP.NET, C#, Communications Development, Development, HTTP, Internet protocol suite, Software Development, TCP | Leave a Comment »

5 days before the Let’s Encrypt’s Root Certificate is expiring!

Posted by jpluimers on 2021/09/24

Only 5 days left to take a close look at both your web-clients (including back-end clients!) and servers to prevent potential Let’s Encrypt mayhem.

Last week, [Wayback] Scott Helme published about [Wayback/Archive.is] Let’s Encrypt’s Root Certificate is expiring!

Let’s Encrypt has done loads of work over the past lustrum to prevent trouble like cross-signing, issuing the successor certificates, and more.

The problem is that people like you and me have refrained from keeping their clients and servers up-to-date, so some security issues will occur. Hopefully they are limited to non-functioning communication and not leaking of data.

It is about this DST Root CA X3 certificate, used by the vast majority of Let’s Encrypt certificates, [Wayback/Archive.is] Certificate Checker: CN=DST Root CA X3, O=Digital Signature Trust Co.:

DST Root CA X3
Certificate Trusted anchor certificate
Subject DN CN=DST Root CA X3, O=Digital Signature Trust Co.
Issuer DN CN=DST Root CA X3, O=Digital Signature Trust Co.
Serial Number 44AFB080D6A327BA893039862EF8406B
Valid  to  Key RSAPublicKey (2048 bit)
SHA1 Hash DAC9024F54D8F6DF94935FB1732638CA6AD77C13 MD5 Hash 410352DC0FF7501B16F0028EBA6F45C5
SKI C4A7B1A47B2C71FADBE14B9075FFC41560858910 AKI

Quoting Scott, these clients likely will fail, so need attention:

  • OpenSSL <= 1.0.2
  • Windows < XP SP3
  • macOS < 10.12.1
  • iOS < 10 (iPhone 5 is the lowest model that can get to iOS 10)
  • Android < 7.1.1 (but >= 2.3.6 will work if served ISRG Root X1 cross-sign)
  • Mozilla Firefox < 50
  • Ubuntu < 16.04
  • Debian < 8
  • Java 8 < 8u141
  • Java 7 < 7u151
  • NSS < 3.26
  • Amazon FireOS (Silk Browser)

On the server side, you can help Android devices by using a Let’s Encrypt certificate that is cross-signed with the ISRG Root X1 certificate [Wayback/Archive.is] Certificate Checker: CN=ISRG Root X1, O=Internet Security Research Group, C=US:

ISRG Root X1
Certificate
Subject DN CN=ISRG Root X1, O=Internet Security Research Group, C=US
Issuer DN CN=DST Root CA X3, O=Digital Signature Trust Co.
Serial Number 4001772137D4E942B8EE76AA3C640AB7
Valid  to  Key RSAPublicKey (4096 bit)
SHA1 Hash 933C6DDEE95C9C41A40F9F50493D82BE03AD87BF MD5 Hash C1E1FF07F9F688498274D1A18053EABF
SKI 79B459E67BB6E5E40173800888C81A58F6E99B6E AKI C4A7B1A47B2C71FADBE14B9075FFC41560858910

Via [Archive.is] Scott Helme on Twitter: “There are only 10 days left until the Let’s Encrypt root certificate expires and there are still questions over what the impact will be! Full details here: …” which links to the above article showing a nice graph of the current Let’s Encrtypt root certificate setup:

–jeroen

Posted in Communications Development, Development, Encryption, https, HTTPS/TLS security, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Security, Software Development, TCP, TLS, Web Development | Leave a Comment »

« Previous Entries
Next Entries »