Category: Tech

Posted on
by

Interesting spam/phish technique: Look for subdomains with CNAMEs or SPF records that point to abandoned domains that you can then register…and effectively take control of the subdomain or SPF.

They haven’t seen any cases where it’s been used to host a phishing site at, say, an msn.com subdomain, but they’ve seen thousands of cases where it’s been used to pass email verification checks.

The article describing “SubdoMailing” gives a detailed example of a spam that made use of an msn.com subdomain that was used for a sweepstakes way back in in 2001, with a CNAME pointing to the long-abandoned domain name for the contest, but the subdomain was never actually deleted.

Lesson: check your DNS for any dangling references to outside domains that might not exist anymore!

Posted on
by

The year is 2006. I’m complaining on my blog about businesses training their customers to fall for phishing attacks.

The year is 2011. I’m complaining on my blog about businesses training their customers to fall for phishing attacks.

The year is 2022. I’m complaining on my blog about businesses training their customers to fall for phishing attacks.

Corporations haven’t learned. Unfortunately, their customers have learned from all this training. And so has the fraud industry. Even if you’re usually savvy about this sort of thing, you can get caught up if the circumstances put you just off-balance enough to line up the holes in each overlapping layer of security.

I trusted this fraudster specifically because I knew that the outsource, out-of-hours contractors my bank uses have crummy headsets, don’t know how to pronounce my bank’s name, and have long-ass, tedious, and pointless standardized questionnaires they run through when taking fraud reports. All of this created cover for the fraudster, whose plausibility was enhanced by the rough edges in his pitch – they didn’t raise red flags. Cory Doctorow on “Swiss-cheese security.”

And here I am, in 2024, complaining on my blog about…well…you know.

Posted on
by

Since I started converting parts of my website to use 11ty as a static site generator, I’ve been able to automatically generate tag and category pages that are *just there* as plain html files. And since they’re plain HTML, the old local site search engine I have on there still finds all the Eleventy-generated pages. And again since it’s all static, it doesn’t go down when the database does (which has been happening on an annoyingly frequent basis lately).

And this would be perfect if I was using a single Eleventy instance to build the entire site, but I’m not. I’ve got separate instances building the Les Misérables blog, the reviews, the tech tips, the creative writing collection, and so on, plus I have this WordPress blog and a bunch of hand-coded HTML from the old days.

Which leads to a few problems:

  1. Tags are per-section, not universal.
  2. The site search, which indexes html files on the server, sees everything except the WordPress posts, and the WordPress search *only* sees the WordPress posts.

Some ideas I’ve had to combine the tag pages:

  • Rebuild everything in a single Eleventy instance with a deeper hierarchy. Upside: Still static pages for everything except WordPress. Downside: Time-consuming, still leaves the main blog separate.
  • Write a post-build script that combines all the the tag pages from each subsite. Upside: Same. Downside: Need to either run on the server or make sure my local copies of the *other* subsites are current.
  • Write a server-side page that combines the backend HTML pages into a dynamic frontend for only the tag being viewed. Upside: simple. Downside: tag pages now depend on PHP.
  • Write some client-side JavaScript for the tag pages that will check whether other subsites have tag pages, and add those to the end of the list in a “See also…” section. Upside: simple, and the “local” tag pages are still usable as long as I make sure the script doesn’t block anything. I could even have it check the other static subsites first and then check the blog, so if the blog times out I still display everything else. Downside: requires JavaScript and additional network requests. But as long as I stick to vanilla JS, I can make it pretty small.

And for unifying the search:

  • Write a post-site-indexing script that adds the WordPress posts to the index. Could be done with direct DB access.
  • Write a pre-site-indexing script that generates a bunch of files for it to index. Seems like overkill.
  • Update the search code to send the same search terms to WordPress and combine the results.
  • Use a new search engine that indexes the served pages instead of the files on the server.
  • Point the search box at a remote search engine like Googl…yeah, never mind.

I haven’t settled on anything. I’m just kind of writing down ideas in public. If you have any suggestions, please let me know!

Posted on
by

Looks like IEEE has finally renamed their sustainable tech conference. Now it’s “IEEE SustainTech Expo.” Not only is it a bit clearer than the old name, but ever since Among Us came out, “SusTech” always made me giggle a bit. I doubt I was the only one.

Update: apparently I was mistaken, and SustainTech is entirely separate from SusTech, which is still going on. Looking at it a bit more, it seems that SustainTech is more of a marketing/trade show, while SusTech continues to be a technical conference.

Posted on
by

Found the eclipse glasses from 2017. Checked for scratches. Looks like they’ll be usable for Saturday’s solar eclipse!

It’ll be partial here in California, covering ~78% of the sun’s diameter. The annular shadow passes from Oregon diagonally to Texas, crosses the gulf to Yucatan, then follows Central America and crosses Brazil from west to east at its widest part.

Time and date calculator for when it starts, peaks and ends in your area, and how much of the sun will be covered.