Notes

Here's the raw e-mail if anyone wants to see how it travels:

https://envs.sh/7_2.txt

Also, 24 kilobytes of header text is pretty ridiculous.

I keep getting these "You've got a money request" e-mails from PayPal and I just assumed they were fake since my address is never in the 'To' field, but after looking at the headers they are actually from PayPal and are validating DKIM/SPF checks. \

Apparently they are going to a random address at a domain hosted by Gmail and there is a forward setup at Gmail to redirect it to an Outlook\.com address, which then forwards to my actual address. This way DKIM/SPF validate and they can probably bypass rate limits on PayPal->Gmail->Outlook. \

They can change the forwarding address at Gmail/Outlook fast enough that for every e-mail that comes in, they just forward the last hop to a new victim.

Seems easy to stop, just rate-limit forwarding address changes at Gmail/Outlook. Or require validation from the address being forwarded to?

huh that is interesting

wait, 249?

wait, this year?

big if true

If you're wondering why it's been so warm in Chicago the past few days, it's because I just bought a new winter coat

I wouldn't mind paying for Kagi but I don't want to have to log into an account every time I want to search. All of my iPhone browsing is in Private Mode because I can't have a default-deny cookie policy with a whitelist.

Maybe I need to resurrect Endless and convert it to WKWebView.

I used DuckDuckGo most of this year and I had to "!g" on almost half of all queries. The more specific the query, the worse and more generic the results got.

But I can barely use Google search on my iPhone now because they send me into CAPTCHA hell on every request due to iCloud Private Relay.

americans: look at how big my truck is

europeans: look at how big my return key is

Every security researcher's website:

- Hosted on github\.io
- Dark color scheme with awful contrast
- Has 1-5 weblog articles and then never updates again
- Numbers articles in hexadecimal

Bonus points for the first article being about how they switched to a different static site generator

@play.date you guys ditched the crank for a thermometer?!

I like the phrase "entertain all offers" as if I'm entertained with laughter and derision at how bad most of them are

my fingers are getting tired typing all this on an m0110

Apparently my car which has an infotainment screen powered by Android Automotive, has only just now gained Android Auto support two years after it got Apple CarPlay support

Are these two separate groups at Google or something?

Also, Google is bad at naming things