user literals:
"Since
the introduction of user-defined literals, the code that uses format
macro constants for fixed-width integer types with no space after the
preceding string literal became invalid:
std::printf("%"PRId64"\n",INT64_MIN);
has to be replaced by
std::printf("%" PRId64"\n",INT64_MIN);
"
So you want me to insert a space now?
posted at: 13:12 | path: /rant | permanent link
Does your organization ask to look for phishing cues as part of security awareness training?
Find misspelled domain names in the From:
line, etc?
(that can easily be faked)
It's pathetic to blame users for the phishing misery, which by and large stems from the IT industry's failure to deploy secure software and safe communication solutions.
Here's a more reliable and (easy) check of the email's "header lines" to see if the sender's email address matches the sending email server (SMTP server, specified in RFC 5321).
Look for the first Received: from
line. Here's an abridged example (pmeerw@gmail.com
is messaging pmeerw@pmeerw.net
):
X-Original-To: pmeerw@pmeerw.net Delivered-To: pmeerw@pmeerw.net Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (not verified)) by ns.pmeerw.net (Postfix) with ESMTPS id F1252E02CD forSo the SMTP server contacting pmeerw.net's SMTP is mail-ot1-x32e.google.com. Hence it's plausible that it's Gmail that is delivering an email (from a Gmail address). The "Received: from" line is put there by the receiving SMTP server, a trusted machine. On the other hand, the sender may put arbitrary things in the; Tue, 5 Mar 2024 16:32:48 +0100 (CET) Received: by mail-ot1-x32e.google.com with SMTP id 46e09a7af769-6e2b466d213so1283153a34.0 for ; Tue, 05 Mar 2024 07:32:48 -0800 (PST) MIME-Version: 1.0 From: Peter Meerwald-Stadler Date: Tue, 5 Mar 2024 16:32:36 +0100 Message-ID: Subject: bla To: Peter Meerwald-Stadler blub
From:
and To:
lines, these values do not affect the delivery of the email and hence cannot be trusted.
Need to wait for some plausible spam/phishing email to have a more interesting example... :-)
Update (March 6, 2024): Didn't take long, here's an example using ovhcloud.com:
Received: from vps2361714.servdiscount-customer.com (vm4945647.1nvme.had.wf [45.88.77.100]) by ns.pmeerw.net (Postfix) with ESMTP id C6A5FE0177 From: =?UTF-8?B?T1ZIY2xvdWQ=?=I doubt ovhcloud sends their emails using vps2361714.servdiscount-customer.com (vm4945647.1nvme.had.wf [45.88.77.100]) and if they do I don't want to receive their sh*t anyway...To: pmeerw@pmeerw.net Subject: =?UTF-8?B?Vm90cmUgbm9tIGRlIGRvbWFpbmU=?= "pmeerw.net" =?UTF-8?B?ZXN0IHRlbXBvcmFpcmVtZW50IHN1c3BlbmR1?= Message-ID: <20240306031559.DA8051C773833DB1@news.ovhcloud.com>
Email clients make it notoriously difficult to see this information (in Outlook it is hidded under ... / View / View Message details).
posted at: 22:00 | path: /rant | permanent link
GitLab is a popular git repo platform with integrated CI and whatnot. It can be self-hosted.
Annoying limitations:
How do people cope with these things?
posted at: 14:15 | path: /rant | permanent link
OpenAI's chat is all the rage currently, so I have it a try with a well-known MBA expression: E=(x^y)+2*(x&y)
.
This should simplify (spoiler alert) to x+y
, however...
I'm not so convinced about the result, but nevertheless impressed by the answer. Also, I didn't quite get what the 'open' part in openai.com is...
posted at: 11:51 | path: /rant | permanent link
internet.nl checks websites and email server for their use of modern Internet standards such as HTTPS, DANE, HSTS, DMARC, etc.
Recently, a check for security.txt according to RFC9116 was added. The idea is to make it easier to report
security vulnerabilities. Previously, RFC2142 (section 4)
suggested the use of security@example.org
.
Another check is for RPKI (Resource Public Key Infrastructure), aiming to make Internet routnig more secure. It is moreless directed at ISPs operating for securing BGP.
posted at: 21:24 | path: /rant | permanent link