pmeerw's blog

Wed, 06 Mar 2024

C++ - WTF user literals?!

user literals: "Since the introduction of user-defined literals, the code that uses format macro constants for fixed-width integer types with no space after the preceding string literal became invalid: std::printf("%"PRId64"\n",INT64_MIN); has to be replaced by std::printf("%" PRId64"\n",INT64_MIN);"

So you want me to insert a space now?

posted at: 13:12 | path: /rant | permanent link

Mon, 05 Feb 2024

Phishing awareness? Received from!

Does your organization ask to look for phishing cues as part of security awareness training?

Find misspelled domain names in the From: line, etc? (that can easily be faked)

It's pathetic to blame users for the phishing misery, which by and large stems from the IT industry's failure to deploy secure software and safe communication solutions.

Here's a more reliable and (easy) check of the email's "header lines" to see if the sender's email address matches the sending email server (SMTP server, specified in RFC 5321).

Look for the first Received: from line. Here's an abridged example (pmeerw@gmail.com is messaging pmeerw@pmeerw.net):

X-Original-To: pmeerw@pmeerw.net
Delivered-To: pmeerw@pmeerw.net
Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e])
    (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
     key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
     client-signature RSA-PSS (2048 bits) client-digest SHA256)
    (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (not verified))
    by ns.pmeerw.net (Postfix) with ESMTPS id F1252E02CD
    for ; Tue,  5 Mar 2024 16:32:48 +0100 (CET)
Received: by mail-ot1-x32e.google.com with SMTP id 46e09a7af769-6e2b466d213so1283153a34.0
        for ; Tue, 05 Mar 2024 07:32:48 -0800 (PST)
MIME-Version: 1.0
From: Peter Meerwald-Stadler 
Date: Tue, 5 Mar 2024 16:32:36 +0100
Message-ID: 
Subject: bla
To: Peter Meerwald-Stadler 

blub
So the SMTP server contacting pmeerw.net's SMTP is mail-ot1-x32e.google.com. Hence it's plausible that it's Gmail that is delivering an email (from a Gmail address). The "Received: from" line is put there by the receiving SMTP server, a trusted machine. On the other hand, the sender may put arbitrary things in the From: and To: lines, these values do not affect the delivery of the email and hence cannot be trusted.

Need to wait for some plausible spam/phishing email to have a more interesting example... :-)
Update (March 6, 2024): Didn't take long, here's an example using ovhcloud.com:

Received: from vps2361714.servdiscount-customer.com (vm4945647.1nvme.had.wf [45.88.77.100])
    by ns.pmeerw.net (Postfix) with ESMTP id C6A5FE0177
From: =?UTF-8?B?T1ZIY2xvdWQ=?=
To: pmeerw@pmeerw.net
Subject: =?UTF-8?B?Vm90cmUgbm9tIGRlIGRvbWFpbmU=?= "pmeerw.net" =?UTF-8?B?ZXN0IHRlbXBvcmFpcmVtZW50IHN1c3BlbmR1?=
Message-ID: <20240306031559.DA8051C773833DB1@news.ovhcloud.com>
I doubt ovhcloud sends their emails using vps2361714.servdiscount-customer.com (vm4945647.1nvme.had.wf [45.88.77.100]) and if they do I don't want to receive their sh*t anyway...

Email clients make it notoriously difficult to see this information (in Outlook it is hidded under ... / View / View Message details).

posted at: 22:00 | path: /rant | permanent link

Wed, 31 Jan 2024

GitLab, srly?!

GitLab is a popular git repo platform with integrated CI and whatnot. It can be self-hosted.

Annoying limitations:

How do people cope with these things?

posted at: 14:15 | path: /rant | permanent link

Wed, 17 Jan 2024

No newline before EOF

Configuring editors to not append a newline at the end (before the end-of-file, EOF):

(see here also)

posted at: 23:13 | path: /programming | permanent link

Sat, 13 Jan 2024

Windows 10 update KB5034441 fails to install - 0x80070643

This will probably the only post I do for Windows ever, happened to do support for a PC over Christman holiday season.

Thing is, security update KB5034441 fails to install with code 0x80070643. Of course, there can be multiple reason, but this Golen article (German) was spot on: the Windows recovery partition needs to be increased.

It refers to a Microsoft support page which has instructions for the command-line how to shrink the system partition and grow the recovery partition. Very nice incarnations :-)

A appreciate the user friendlyness of tools I've never heard of: reagentc, diskpart. After that (no reboot necessary), the update completes installation within seconds, very nice!

posted at: 13:07 | path: /configuration | permanent link

Made with PyBlosxom