Friday, March 27, 2020
Looks like that DoH issue I had last week has been fixed
Oh cool! The Firefox bug I reported last week has been fixed. One week, I don't think I can complain, and it's nice to know that I apparently gave enough information for them to reproduce the bug and fix it. It looks like it'll be out in release 76 (the current version of Firefox is 74).
Thursday, March 26, 2020
There just aren't enough clue-by-fours
In this paper I present an analysis of 1,976 unsolicited answers received from the targets of a malicious email campaign, who were mostly unaware that they were not contacting the real sender of the malicious messages. I received the messages because the spammers, whom I had described previously on my blog, decided to take revenge by putting my email address in the ‘reply-to’ field of a malicious email campaign. Many of the victims were unaware that the message they had received was fake and contained malware. Some even asked me to resend the malware as it had been blocked by their anti-virus product. I have read those 1,976 messages, analysed and classified victims’ answers, and present them here.
…
5. The fifth group is actually the most worrying. I call this group ‘MY ANTI-VIRUS WORKED, PLEASE SEND AGAIN’, as these are recipients who mention that their security product (mostly anti-virus) warned them against an infected file, but they wanted the file to be resent because they could not open it. The group consisted of 44 individuals (2.35%).
Via inks, Virus Bulletin :: VB2019 paper: 2,000 reactions to a malware attack — accidental study
Over a year ago, the Corporate Overlords of The Ft. Lauderdale Office of The Corporation started sending us phishing emails in order to “train us” to recognize scams. Pretty much all it did for me was to treat all emails from our Corporate Overlords asking for information as a phishing attempt (it's also made easier as each phishing email has a specific header designating it as such to ensure they get through their own spam firewall—I am not making this up). And I was upset over the practice as I felt our Corporate Overlords did not trust their employees and felt they had to treat us as children (the managed laptops don't help either).
But reading this report is eye opening. Over 2% requested the malware be sent again! Over 11% complained that the “attachment” did not work (they were infected) and another 14% asked where was the “attachment”—what?
I … this … um … what?
I should not be surprised. I mean, someone has to fall for the scams else the scammers wouldn't waste their time. The scary bit is that this validates what our Corporate Overlords are doing.
Sigh.
But Bunny will find the following response group amusing:
10. One of the biggest surprises were 31 members of group number 10 (1.66%) who spent time pointing out all the spelling errors and typos made in the original message. I call this group “I'M A GRAMMAR NAZI”.
Via inks, Virus Bulletin :: VB2019 paper: 2,000 reactions to a malware attack — accidental study
Heh.
Wednesday, March 25, 2020
The Return of the Alien White Squirrels
Almost three years ago the Total Transylvania Eclipse Banner arrived at our house. I manged to buy one of the banners that adorned downtown Brevard during the 2017 total eclipse. Bunny had apparently saved the shipping tube it came in, because just today she found a few postcards and stickers that were shipped along with the banner (she's reusing the tube to ship some stuff out to her brother in Seattle).
What a cool find!
Tuesday, March 24, 2020
You still have the flexible schedule but the games of nude laser tag with lingerie models is not an option
I'm on the second week of working from home, and I'm totally not watching cat videos. Nope.
Not at all.
Not one bit.
And while working from home can be awesome, it's not all less time in the car and fewer spam calls.
Monday, March 23, 2020
This is the type of town that gives small town politics a bad name
A meeting for a South Florida city government exploded into a shouting match over the city's handling of the coronavirus pandemic, leading the mayor to storm out of the room as one commissioner accused her and the city manager of failing to close the city's beaches and shutting off peoples' utilities in the midst of the outbreak.
Why does it not surprise me that this took place in Lake Worthless? And why does it not surprise me that it involves Lake Worthless Utilities?
Stay classy, Lake Worthless. Stay classy.
Doing my thing to maintain social distancing
About fifteen years ago [Has it really been that long? –Sean] [Yes, it has been that lone. –Editor], I was playing in a D&D game that had transitioned from being all in-person to partially on-line. I was not a fan of the on-line compoent but I stuck it out for perhaps a year before leaving the game entirely. For me, the reaons include:
- I was going to hang out with friends, not hang out with friends all staring at a computer screen.
- The remote players were second class citizens at the game—the DM had to continously remind us to “type what we were saying” and not just talk among ourselves at the table.
- We tried multiple technologies at the time, and the best we could do was a glorified chat room.
I hated it so much that I have since refused to even consider playing in an on-line D&D game. My stance has caused one casualty—one friend accused me of “poisoning the minds” of our friends against running an on-line D&D game, but as I tried pointing out, I was the one who refused to participate in such a game; our other friends were more than welcome to run an on-line game, but that argument went nowhere, and I think that friend still holds a grudge (well, for that and another slight that's beyond the scope of this post).
Unfortunately, due to circumstances apparently beyond the world's control, and the fact that I'm currently running a D&D game, I have been forced to reconsider my stance.
Yes, I ran our twice-monthly (actually every other week) game yesterday, entirely on-line! (sorry, XXXXXXX)
We settled upon using Roll20,
a web-based on-line gaming system.
The free version is barely good enough for our use.
On the plus side,
there's no software to install,
but on the minus side,
it does seem to be quite heavy in bandwidth.
It took about an hour to get all six people
(myself and five friends)
all online and talking (video chat!).
I had to inform Bunny not to stream video while we were playing,
and even checking email was a slow and painful process.
And during the game,
one or two players would suddenly disappear;
usually reloading the page would fix the problem.
But we managed to get through the session and well … I hope this doesn't go on for much longer is all I have to say.
One funny story—during the hour we spent trying to get Roll20 working, I tried several different laptops here at Chez Boca. One of the laptops was the managed Windows 10 laptop from The Corporation's Corporate Overlords. The website was blocked by the laptop because of a password breach from 2018! Lovely.
Thursday, March 19, 2020
Still another issue with DoH, yet this time it isn't my fault
So I'm reading this comment on Hacker News and none of the links are working. Odd, because I have had no problems since Debtember with my current implementation of DoH. The broken links in question all have the hostname ending with a period. While unusual, the trailing dot on a hostname makes is a “fully qualified domain name.” I won't go into the full details of a “fully qualified domain name” (that's beyond the scope of this post) but suffice to say, it should be supported.
Okay, fine. I start looking at my script and … well … there's no reason for it to fail. I mean, I did find two bugs (one typo and one logic bug in handling an error) but they were unrelated to not resolving a fully qualified domain name. Down the rabbit hole I go.
What do I find once I hit bottom? Not Alice, but I do think I found a bug in Firefox. And I think it's a similar cause as before—a different codepath.
When I force Firefox to use DNS,
both boston.conman.org and boston.conman.org.
(note the trailing dot)
produce the following DNS request:
00000000: 00 00 01 00 00 01 00 00 00 00 00 01 06 62 6F 73 .............bos 00000010: 74 6F 6E 06 63 6F 6E 6D 61 6E 03 6F 72 67 00 00 ton.conman.org.. 00000020: 01 00 01 00 00 29 10 00 00 00 00 00 00 08 00 08 .....).......... 00000030: 00 04 00 01 00 00 ......
When I switch back to DoH however,
boston.conman.org.
(note the fully qualified domain name) generates this:
00000000: 00 00 01 00 00 01 00 00 00 00 00 01 06 62 6F 73 .............bos 00000010: 74 6F 6E 06 63 6F 6E 6D 61 6E 03 6F 72 67 00 00 ton.conman.org.. 00000020: 00 01 00 01 00 00 29 10 00 00 00 00 00 00 08 00 ......)......... 00000030: 08 00 04 00 01 00 00 .......
There's an extra NUL byte after the domain name,
and I suspect what's happening is that the extra “.” at the end is being encoded instead of being ignored.
I've created a bug report so we'll see how this goes.
Update on Friday, March 27TH, 2020
The bug has been fixed..
Wednesday, March 18, 2020
Can one make COVID-19 jokes? I hope so, becuse this is a COVID-19 joke
Bunny received the following text from one of her friends:
I posted a warning at the hardware store to not pop the bubble wrap because the air in the bubble wrap is from China. We had to sedate one guy because he is addicted to bubble wrap popping.
We both found it funny, even if it might not be true. There is some concern about COVID-19 survivability on surfaces though, so be careful.
I am so getting struck by lightning.
![[It's the most wonderful time of the year!]](http://www.conman.org/people/spc/about/2018/1212.t.jpg "It's the most wonderful time of the year!")