The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,854 other subscribers

Guess the maximum DNS Response Size… (by Jan Schaumann)

Posted by jpluimers on 2023/12/26

Every once in a while Jan Schaumann writes a long Twitter thread and saves it in a blog post. Always good ways to learn. This time it was no different: [Wayback/Archive] DNS Response Size started with

Read the rest of this entry »

Posted in Communications Development, Development, DNS, Internet, Internet protocol suite, IPv4, IPv6, Power User, TCP, tcpdump, UDP, Wireshark | Leave a Comment »

Hello “SMTP Smuggling” information released days before the Holiday season to open source SMTP server teams

Posted by jpluimers on 2023/12/24

Jan Wildeboer was mad for good reasons, though the open source projects didn’t yet seem to publicly have show their real madness, just bits like [Wayback/Archive] oss-security – Re: Re: New SMTP smuggling attack:

I'm a little confused by sec-consult's process here. They identify a
problem affecting various pieces of software including some very widely
deployed open source software, go to the trouble of doing a coordinated
disclosure, but only do that with...looking at their timeline... gmx,
microsoft and cisco?

“SMTP Smuggling” is bad, and big open source SMTP server projects like exim, postfix and sendmail needed to assess and fix/prevent the issue on very short notice: effectively confronting them with a zero-day less than a week between the information got released and the Holiday season.

That gives “deploy on Fridays” a totally different dimension.

How bad? Well, it already managed to reach this Newline – Wikipedia entry:

The standard Internet Message Format[26] for email states: “CR and LF MUST only occur together as CRLF; they MUST NOT appear independently in the body”. Differences between SMTP implementations in how they treat bare LF and/or bare CF characters have led to so-called SMTP smuggling attacks[27].

The crux of the problem is very well described by the “Postfix: SMTP Smuggling” link below: recommended reading, and the middle of [Wayback/Archive] SMTP Smuggling – Spoofing Emails Worldwide | Hacker News

TLDR: In the SMTP protocol, the end of the payload (email message) is indicated by a line consisting of a single dot. The line endings normally have to be CRLF, but some MTAs also accept just LF before and/or after the dot. This allows SMTP commands that follow an LF-delimited dot line to be “tunneled” through a first MTA (which requires CRLF and thus considers the commands to be part of the email message) to a second MTA (which accepts LF and thus processes the commands as real commands). For the second MTA, the commands appear to come from the first MTA, hence this allows sending any email that the first MTA is authorized to send. That is, emails from arbitrary senders under the domains associated with the first MTA can be spoofed.

Here are some links to keep you busy the next hours/days/weeks:

And the toots linking to background information:

Read the rest of this entry »

Posted in *nix, *nix-tools, Communications Development, Development, exim mail, Internet protocol suite, postfix, Power User, Python, Scripting, sendmail, SMTP, Software Development | Leave a Comment »

Hermannus Stegeman: “Die jeugd van tegenwoordig? Die is hard aan het werk.…” – Stegodon-mastodon

Posted by jpluimers on 2023/12/24

[Wayback/Archive] Hermannus Stegeman: “Die jeugd van tegenwoordig? Die is hard aan het werk.…” – Stegodon-mastodon

“Die jeugd van tegenwoordig? Die is hard aan het werk. Met een studie én vaak een flinke bijbaan. Je zou het weleens vergeten, met al die klachten over de werkschuwe ‘generatie Z’ die de dag lethargisch doorbrengt met het kijken naar TikTok-filmpjes, die bij het sollicitatiegesprek al begint over een sabbatical en die ontslag neemt bij de eerste tegenslag. ”

Lees het volledige artikel:
Wie onze jongeren lui noemt, kent de cijfers niet
fd.nl/opinie/1501308/wie-onze-

[Wayback/Archive] Wie onze jongeren lui noemt, kent de cijfers niet

Read the rest of this entry »

Posted in Awareness | Leave a Comment »

Print large PDF in Preview over several pages… – Apple Community

Posted by jpluimers on 2023/12/22

Summary of [Wayback/Archive] Print large PDF in Preview over several pages… – Apple Community:

  • Preview cannot
  • Acrobat Reader (formerly Adobe Reader) can; it is called “Poster” (also on Windows)

Via [Wayback/Archive] macos print pdf scaled over two pages – Google Search.

–jeroen

Posted in Adobe, Adobe Acrobat, Apple, Mac OS X / OS X / MacOS, PDF, Power User, Windows | Leave a Comment »

b0rk does fun things with DNS: CNAME records at the root of the domain; technically not allowed, definitely not recommended, but somehow work for web browsing

Posted by jpluimers on 2023/12/21

[Wayback/Archive] 🔎Julia Evans🔍 on Twitter: “I’ve always heard that you can’t create CNAME records at the root of the domain. But apparently you can? It seems to work fine as far as I can tell but I’m curious about the possible consequences. (yes, I registered cnameroot.com just to make this tweet) “

Read the rest of this entry »

Posted in Cloud, Cloudflare, DNS, Infrastructure, Internet, Power User | Leave a Comment »

Kortepodcast.nl: Onderdeel van De Staat van Stasse en Audiocollectief Stereotiek

Posted by jpluimers on 2023/12/20

Ik ga Stefan Stasse en Tim Daemen missen op NPO Radio 2.

Hier voor mijn linkarchief een site met herineringen: [Wayback/Archive] Kortepodcast.nl: Onderdeel van De Staat van Stasse en Audiocollectief Stereotiek

En natuurlijk de pagina De Staat van Stasse – Wikipedia

Ook om niet te vergeten: de all-time-classic [Wayback/Archive] Enjoy and Fuck The System Ringtone [Wayback] https://kortepodcast.nl/wp-content/uploads/2022/05/enjoy-and-fuck-the-system-harder.mp3

--jeroen

Posted in Audio, Media, Power User | Comments Off on Kortepodcast.nl: Onderdeel van De Staat van Stasse en Audiocollectief Stereotiek

When sending out IDs or credentials per snail mail, please use a font that distinguishes zeroes from ohs

Posted by jpluimers on 2023/12/20

Paper mail is about user experience too, not just ads, but letters too, especially the ones sending out IDs or credentials.

There were three characters that could either be an oh or a zero, so it took me half the permutations to get it right.

A font like Consolas is fine for that (and ships with Windows). Even better: use OCR A.

ConsolasOCR A

Based on [Wayback/Archive] Jeroen Wiert Pluimers on Twitter: “Tip voor @xs4all: In de rest van de xs4all->KPN migratie, stuur “Onderwerp Uw wachtwoord voor Telefonie” brieven gaarne in een lettertype waar de 000 en OOO heel duidelijk van elkaar kunnen worden onderscheiden. Hier 4 pogingen (de helft van de permutaties) nodig gehad. “

–jeroen

Posted in Development, Software Development, User Experience (ux) | Leave a Comment »

A great source to learn about JavaScript element enumeration and modification: iamadamdev/bypass-paywalls-chrome

Posted by jpluimers on 2023/12/19

Sometimes one bumps into a Google Chrome extension that is both useful from a practical perspective as insightful on learning from how it is done.

This is one: [Wayback/Archive] iamadamdev/bypass-paywalls-chrome: Bypass Paywalls web browser extension for Chrome and Firefox.

It supports many sites (including more than a dozen Dutch ones) for which it is not easy to justify creating separate accounts for them (just the risk of them leaked into Have I been Pwned? is large, despite GDPR) and staying logged on for each of them. I have dozens of listings of my email addresses at haveibeenpwned.com, so I am a lot more careful making accounts than in the past despite assigning unique email addresses for each account (which is part of the burden).

Read the rest of this entry »

Posted in Chrome, Development, HTML, JavaScript/ECMAScript, Power User, Scripting, Software Development, Web Browsers, Web Development | Leave a Comment »

De meeste fietsers worden doodgereden door chauffeurs van auto’s, vrachtwagens en busjes. Doodgaan als fietser zonder tegenpartij komt nauwelijks voor.

Posted by jpluimers on 2023/12/18

[Wayback/ArchiveLennart Nout on Twitter: “@BouwmanEnergie @saskiakluit Mensen die doodgaan in het verkeer zonder “tegenpartij” zijn echt niet de grootste groep. De meeste fietsers worden doodgereden door auto’s, vrachtwagens en busjes.”

Read the rest of this entry »

Posted in LifeHacker, Power User, Traffic | Leave a Comment »

awaescher/Fusion: 🧰 A modern alternative to the Microsoft Assembly Binding Log Viewer (FUSLOGVW.exe)

Posted by jpluimers on 2023/12/18

[Wayback/Archive] awaescher/Fusion: 🧰 A modern alternative to the Microsoft Assembly Binding Log Viewer (FUSLOGVW.exe)

So, do you know what “Enable immersive logging” means? Or why you should separate log categories from “Default” and “Native Images”? Did you ever forget to disable the log again and wondered why every .NET application was that slow and your disk ran out of space?

Forget all the setup upfront – just hit “Record” to capture your assembly logs. If you are done, click “Stop” again. That’s it.

Via [Wayback/Archive] Meik Tranel on Twitter: “@Nick_Craver Take this: github.com/awaescher/Fusion Nice UI and never forget to disable that env var ever again.”.

–jeroen

Posted in .NET, C#, Development, F#, Software Development, VB.NET | Leave a Comment »

« Previous Entries
Next Entries »