Notes

joshua stein via @jcs@jcs.org - Feb 28 2024 11:17:46

I wonder if companies ever intentionally put spammy things in their "Updates to our Privacy Policy and User Agreement" e-mails to make sure they land in most users' spam folders, avoiding user scrutiny and complaints while providing legal cover that users were technically notified

joshua stein via @jcs@jcs.org - Feb 26 2024 21:49:29

For any pentesters out there, I came across this wacky MIME syntax for an e-mail attachment in RFC 2231 that is properly parsed by iOS Mail and other things, but I'm curious if it can make a .exe attachment pass through an e-mail scanning appliance:

Content-Type: application/octet-stream
Content-Disposition: attachment;
filename*0="a.txt";
filename*1=".ex";
filename*2="e";

Which is to be properly decoded as:

Content-Disposition: attachment; filename="a.txt.exe"

Section 4.1 says this encoded syntax is also legal:

Content-Type: application/octet-stream
Content-Disposition: attachment;
filename*=us-ascii'en-us'a.txt%00%2E%65%78%65

iOS Mail displays it as "a.txt<?>.exe" and can't seem to download it. Mutt and FastMail's web interface stop at the null byte and just show "a.txt".

joshua stein via @jcs@jcs.org - Feb 19 2024 13:47:18

Some weird scenario I think about from time to time:

You wake up in a remote cabin with access to a 1980s computer (pick your favorite) that has slow access to the modern internet through satellite with a working TCP/IP stack but no recursive DNS server configured and no utilities installed (ping, ftp, etc.). The computer is too slow to do SSH, TLS, etc. and you can't remember any logins or passwords to existing systems. It does have a BASIC interpreter, simple compiler (whichever language you want that was around in the 1980s), and assembler. There are no manuals or other documentation available on the computer or in the cabin, other than installed header files or whatever else is needed for the compiler to use the TCP/IP stack.

Can you use the computer and internet to communicate enough to get rescued? What steps would you take?

joshua stein via @jcs@jcs.org - Feb 08 2024 16:15:17

I haven't been able to sell my new PowerBook 1xx batteries internationally because nobody seems to want to deal with them on airplanes, even though I label the box and customs form that it isn't a lithium ion battery (it's nickel-metal hydride). I tried through USPS and they refused it at the border and sent it back.

Someone recently bought two on eBay through their International Shipping program where I only list them as shipping domestically and eBay has me ship to a local forwarder but they deal with repackaging it and shipping it internationally. Apparently they also failed because they just canceled this order but somehow I don't have to refund the buyer and eBay pays for it. I guess I don't get my batteries back though?

joshua stein via @jcs@jcs.org - Feb 08 2024 14:23:37

I bought a clothes steamer on Amazon twelve years ago and have only used it a few times since then, but I just got an e-mail that it was recalled for a safety issue. The US manufacturer instructed me to sever its electrical cord and upload a photo showing its serial number so they can send me a new model.

I only mention this because 12 years on, I imagine if I went on Amazon today to buy one, there would be hundreds of steamers that all look like they were made from the same plastic mold but are sold from different Chinese companies with terrible randomly-generated names. I'd probably just pick whichever one had the best reviews for the price and not really think about the company disappearing a year later (or generating another random company name), much less still be around 12 years later to do a safety recall.

joshua stein via @jcs@jcs.org - Feb 06 2024 17:57:26

Well it took 41 years but I finally own my first 5 ΒΌ" floppy disk

I kept seeing this disk for sale on eBay and wanted to know what was actually on it, so I bought an Epson floppy drive and was able to connect it to my Applesauce to image it

The raw FAT12 disk image is on IA: https://archive.org/details/bbsc83

It appears to be a "BBS (Bulletin Board System) written in UNIX SYSTEM-III "C"" written by Mike Kelly, last edited 07/07/1983

joshua stein via @jcs@jcs.org - Feb 06 2024 10:23:10

How many of you are also on BlueSky?

Mastodon still has the discoverability problem where I can't see random posts I might like because I'm on my own server and can only find new people to follow when someone I already follow forwards something I find interesting enough to investigate (which then leads to the other problem where I can't see a random person's old posts in my client without having to view their profile on their own server).

I don't really want to run my own server and keep it up to date, but I can't join someone else's server with my own identity (I tried living on SDF's servers and they kept forgetting to renew their TLS cert). I wrote my own ActivityPub server but it was too hard keeping up with the private "Mastodon API" that every mobile app uses, so I gave up and switched to the official Mastodon server software which is huge and constantly changing (and breaking).

I hate that Twitter died and fragmented everything.