Notes

joshua stein via @jcs@jcs.org - Mar 10 2024 09:44:29

I wonder if there's a "sovereign citizen" group of wackos that try to ignore daylight saving time and show up to everything an hour late

Like they get a ticket for driving without a license plate because they don't believe in them, then they show up to court an hour late and get arrested yelling at the judge that the government doesn't have the right to control time

joshua stein via @jcs@jcs.org - Feb 28 2024 11:17:46

I wonder if companies ever intentionally put spammy things in their "Updates to our Privacy Policy and User Agreement" e-mails to make sure they land in most users' spam folders, avoiding user scrutiny and complaints while providing legal cover that users were technically notified

joshua stein via @jcs@jcs.org - Feb 26 2024 21:49:29

For any pentesters out there, I came across this wacky MIME syntax for an e-mail attachment in RFC 2231 that is properly parsed by iOS Mail and other things, but I'm curious if it can make a .exe attachment pass through an e-mail scanning appliance:

Content-Type: application/octet-stream
Content-Disposition: attachment;
filename*0="a.txt";
filename*1=".ex";
filename*2="e";

Which is to be properly decoded as:

Content-Disposition: attachment; filename="a.txt.exe"

Section 4.1 says this encoded syntax is also legal:

Content-Type: application/octet-stream
Content-Disposition: attachment;
filename*=us-ascii'en-us'a.txt%00%2E%65%78%65

iOS Mail displays it as "a.txt<?>.exe" and can't seem to download it. Mutt and FastMail's web interface stop at the null byte and just show "a.txt".

joshua stein via @jcs@jcs.org - Feb 19 2024 13:47:18

Some weird scenario I think about from time to time:

You wake up in a remote cabin with access to a 1980s computer (pick your favorite) that has slow access to the modern internet through satellite with a working TCP/IP stack but no recursive DNS server configured and no utilities installed (ping, ftp, etc.). The computer is too slow to do SSH, TLS, etc. and you can't remember any logins or passwords to existing systems. It does have a BASIC interpreter, simple compiler (whichever language you want that was around in the 1980s), and assembler. There are no manuals or other documentation available on the computer or in the cabin, other than installed header files or whatever else is needed for the compiler to use the TCP/IP stack.

Can you use the computer and internet to communicate enough to get rescued? What steps would you take?

joshua stein via @jcs@jcs.org - Feb 08 2024 16:15:17

I haven't been able to sell my new PowerBook 1xx batteries internationally because nobody seems to want to deal with them on airplanes, even though I label the box and customs form that it isn't a lithium ion battery (it's nickel-metal hydride). I tried through USPS and they refused it at the border and sent it back.

Someone recently bought two on eBay through their International Shipping program where I only list them as shipping domestically and eBay has me ship to a local forwarder but they deal with repackaging it and shipping it internationally. Apparently they also failed because they just canceled this order but somehow I don't have to refund the buyer and eBay pays for it. I guess I don't get my batteries back though?

joshua stein via @jcs@jcs.org - Feb 08 2024 14:23:37

I bought a clothes steamer on Amazon twelve years ago and have only used it a few times since then, but I just got an e-mail that it was recalled for a safety issue. The US manufacturer instructed me to sever its electrical cord and upload a photo showing its serial number so they can send me a new model.

I only mention this because 12 years on, I imagine if I went on Amazon today to buy one, there would be hundreds of steamers that all look like they were made from the same plastic mold but are sold from different Chinese companies with terrible randomly-generated names. I'd probably just pick whichever one had the best reviews for the price and not really think about the company disappearing a year later (or generating another random company name), much less still be around 12 years later to do a safety recall.