WTF Bites
-
True, but don't gender prepositions
And yet we do. Like in other Romance languages we have gendered prepositions deriving from an ungendered preposition contracted with a gendered article.
OK, I'd never seen these classified as prepositions but apparently some do. TIL.
-
@Vault_Dweller said in WTF Bites:
@PleegWat This is one of the funniest videos for an Afrikaans-speaking person
I don't speak Afrikaans. Is this song about a weg-ass poesie?
-
@TwelveBaud said in WTF Bites:
Status: I run my own mail server. For the past few months, I've been unable to send any messages -- they keep getting bounced back by the recipient servers as "probably spam according to UCE-PROTECT". After some research, UCE-PROTECT has designated my hosting company's ISP as an incorrigible spam source and they're blocking the whole AS out of an abundance of caution.
So I opened a ticket with the hosting company, saying essentially "WTF? I pay extra for permission to send e-mail, and I have to deal with this crap? Fix this!"
Next month, I updated the ticket:
: I understand this is taking a while to remediate, but I notice you're billing me for permission to send e-mail while I can't send e-mail. I'm just ... not going to pay that until we get this resolved.
: Your ticket has been closed.So today, I sent them an e-mail, which since I run my own mail server came from there. It bounced, blocked as spam. I then called them on the telephone (!) and they said they'd e-mail an update shortly.
Well, I didn't get the e-mail. I saw their server try to connect to mine... and fail, because they've screwed up so badly that UCE-PROTECT, Spamhaus, SORBS, and Lashback all blacklist them now. I might have to front-run my own mail server because I don't think it lets me exempt just one server from those.
Time to bite the bullet and switch hosting companies (or move to your least hated cloud email service).
-
@dkf what do you call the thing you fry eggs in?
Not sure: what do you call the thing you
eggs in?
-
This post is deleted!
-
I don't speak Afrikaans. Is this song about a weg-ass poesie?
Going by comments, it's about the search for pussy. (The cat status thread is
)
-
@hungrier It's a non-Afrikaans song (probably Dutch) about a cat that's gone missing. But it translates in Afrikaans to what @dkf said.
-
Insecure random number generation
## Description and Impact A bug in the pseudo-random number generator used by [keypair](https://github.com/juliangruber/keypair) versions up to and including 1.0.3 could allow for weak RSA key g...
: Doing crypto in JavaScript
: "Oh, it's just RSA key generation, so if we don't find the JS crypto API, let's just use our homebrew PRNG"
: Fucking up said fallback PRNG so badly that buffers would be filled with ~97% zeroes.
: Said fuckup being discovered because they also fucked up the whole JS crypto API by setting crypto=nullso it wasn't actually used, ever.Fucked up RNG? Hold my
beerWINE!
-
@TwelveBaud said in WTF Bites:
Spamhaus
I guess I told the story in some thread here long ago...
A colleague of mine set up an auto respond email for the time she was on holidays (rather common, isn't it?). She received an email with a faked sender address. Then Outlook sent a reply to that address "out of office blah blah".
Unfortunately, that was a honeypot address by Spamhaus. And now, we were on their list of spammers.
-
It's 2021 and GOG installer still opens links in Internet Explorer instead of default browser.
-
*insert
rant here*
-
It's 2021 and GOG installer still opens links in Internet Explorer instead of default browser.
What does it do if IE's not installed?
-
-
It's 2021 and GOG installer still opens links in Internet Explorer instead of default browser.
And I bet it still extracts stuff to some temp directory and then copies to wherever you actually want it to be.
If they're on the same drive and it happens to have less than 2x space needed, the process will fail.
-
This post is deleted!
-
@BernieTheBernie said in WTF Bites:
A colleague of mine set up an auto respond email for the time she was on holidays (rather common, isn't it?). She received an email with a faked sender address. Then Outlook sent a reply to that address "out of office blah blah".
Unfortunately, that was a honeypot address by Spamhaus. And now, we were on their list of spammers.Hang on, does that mean that this Spamhaus thing (which I'd never heard of, but I have no particular interest in how emails work so that just shows my own ignorance) treats someone as spammer just because they answered to a single email??!??!!
That sounds appropriately retarded for this thread (
bites). How can they not know about the tons of reasons why an email might get an automated answer? An auto-away like in your story, or simply a server that says "this is an automated address that isn't read by a human, to contact us blablabla", or even if Spamhaus fumbles their address list they'd get a "this address doesn't exist" and... that's it, now you're a spammer? And that's not even considering Jane from Accounting who's not very good with emails and computers and will reply just to say "I'm so sorry dear, I couldn't understand what you were saying, can you give me call?"That sounds the work of an utter moron. And I'm not talking about Jane from Accounting here.
(ETA:
re-reading your post (
), I guess I missed the part when the email didn't come from Spamhaus, just used their honeypot address. Still, seems overly aggressive from them to blacklist someone due to a single email, given how easy it is to be fooled.)
-
@remi As I recall, Spamhaus may mark you as a spammer if your address shows up in their honeypots. No good-faith user has any reason to send anything to those addresses.
The situation described here is an instance of e-mail backscatter - an automatic reply going to someone who isn't interested, because the spam mailer used a spoof address.
I do know that backscatter is something that will occasionally land you on a spammer list, and I can kind of see why: your reply doesn't really look different from spam to whomever gets it - it's unsolicited, because you're replying to a spoofed address, and is just as much a bitch to deal with as "regular" spam.
I understand that there are some server-side tools to minimize the chance of backscatter (filtering incoming spam, for one), but occasionally it does happen and necessitates contact with the curator of the list you ended up on to get it cleared.
-
No good-faith user has any reason to send anything to those addresses.
Yes, there is absolutely no way that could ever happen to a good-faith user. Not even if...
The situation described here is an instance of e-mail backscatter - an automatic reply going to someone who isn't interested, because the spam mailer used a spoof address.
I love how email is so intrinsically reliant on trust that even attempts to make it a bit more adapted to the Real World still rely on trusting other actors to not pollute your attempt.
-
Hang on, does that mean that this Spamhaus thing (which I'd never heard of, but I have no particular interest in how emails work so that just shows my own ignorance) treats someone as spammer just because they answered to a single email??!??!!
Yes exactly this. At least back then (2008 or before). Because they managed to hide that email address in some web page such that it would not be shown to someone browsing the page, but still be collected by some automated email harvesting tools, they were fucking sure that you were the bad guy harvesting email addresses for spam purposes (or buying addresses from such people).
A clbuttic mistake.
-
@remi Hey, don't blame me for the way honeypots work. Backscatter, at the end of the day, represents the sender not caring where their e-mail is going.
That said, e-mail - like much of the "foundational" internet - is generally terrible, because it wasn't developed for an enviroment with significant numbers of malicious actors, capable of doing significant damage.
It is, therefore, a perfect fit for this site.
-
That said, e-mail - like much of the "foundational" internet - is generally terrible, because it wasn't developed for an enviroment with significant numbers of malicious actors, capable of doing significant damage.
Which is, however, the reason why it (mostly) works and is interoperable and universal.
-
@remi As I recall, Spamhaus may mark you as a spammer if your address shows up in their honeypots. No good-faith user has any reason to send anything to those addresses.
The situation described here is an instance of e-mail backscatter - an automatic reply going to someone who isn't interested, because the spam mailer used a spoof address.
Backscatter usually refers only to bounces generated because the mail is first accepted and then rejected by some intermediate mail relay, so a bounce email has to be generated to let the sender know their mail wasn't delivered, but the only sender information available at this point is the faked sender address. It's typical for people who put a relay in front of their Exchange server so as not to leave it exposed to the intertubes and then spam-scan on the Exchange.I understand that there are some server-side tools to minimize the chance of backscatter (filtering incoming spam, for one), but occasionally it does happen and necessitates contact with the curator of the list you ended up on to get it cleared.
Although for Spamhaus in particular, unless you're a fairly big provider with clout and contacts, changing your mail relay's IP may just be less of a hassle.
-
Hey, don't blame me for the way honeypots work.
You triggered that discussion, you're therefore bound to defend the position that I randomly assigned to you!
/ 
Backscatter, at the end of the day, represents the sender not caring where their e-mail is going.
I'm going to assume that an automatic "I'm away" message is "backscatter", just because I'm not familiar with the term and that's how we started this discussion. In that scenario, I kind of disagree on the "not caring where their e-mail is going" since their e-mail is going to someone who wrote to them in the first place. That is, if the "From" is correct and we're back on how email is horrible and trivially easy to maliciously break, but assuming that you shouldn't reply to someone who wrote to you in the first place isn't really a sane assumption. If that someone is not interested in your reply, it's up to them to ignore it, but you shouldn't be treated as a spammer just because you did (you can, however, be treated as a moron if you reply to a "do not reply to this address" email
).
-
If that someone is not interested in your reply, it's up to them to ignore it, but you shouldn't be treated as a spammer just because you did (you can, however, be treated as a moron if you reply to a "do not reply to this address" email
).Usually it's expected that honeypot addresses be complex enough that the probability of a semi-randomly faked sender address coinciding with one is negligible. Unfortunately you can't just use the base64 of a snippet from
/dev/urandombecause people buying mail address lists can just run entropy tests on the local part and filter most of those (plus the seller of the list) out. So many picked random combinations of words from a dictionary, but if as a spammer you get a list with ¾ of addresses likewood.deblateration.intracervical@neverheardofit.com, that also fails simple plausibility checks. That basically leaves name lists with a few digits here and there, and collisions are suddenly much less unlikely.
-
@LaoC Is there any reason why a spammer wouldn't just use some random email from their spam list as the spoofed "From" address, rather than doing extra work to generate a plausible looking one? That makes the most sense to me, and would also explain how some rando would get one apparently from a honeypot address
-
Usually it's expected that honeypot addresses be complex enough that the probability of a semi-randomly faked sender address coinciding with one is negligible.
Someone up-thread said:
I love how email is so intrinsically reliant on trust that even attempts to make it a bit more adapted to the Real World still rely on trusting other actors to not pollute your attempt.
Filed under: another thread that has reached the point where I can answer new posts by simply pointing to previous ones
-
@LaoC Is there any reason why a spammer wouldn't just use some random email from their spam list as the spoofed "From" address, rather than doing extra work to generate a plausible looking one? That makes the most sense to me, and would also explain how some rando would get one apparently from a honeypot address
Yeah, that would work just as well—I don't know why you used to see mainly randomized ones. But it was over 10 years ago that I had sort of a big picture there, I think that kind of spam is almost irrelevant today, it's mostly cracked accounts and stolen credentials so the sender address is in fact a genuine mailbox.
-
@LaoC Is there any reason why a spammer wouldn't just use some random email from their spam list as the spoofed "From" address, rather than doing extra work to generate a plausible looking one? That makes the most sense to me, and would also explain how some rando would get one apparently from a honeypot address
They do exactly that. The point is not so much that the from address should be plausible, but that the backscatter can still generate some hits, because some people will go find which of their mails was not delivered (the undelivered e-mail is usually attached).
The plausibility check is for addresses in the list, as in the spammer does not want to waste time sending to e-mails that are obviously bogus or honeypots.
-
@hungrier … that said, I did see spammers trying random addresses too, in the form of mail server log listing heaps of rejected e-mails to non-existent users on its domain.
-
Facebook to shut down face-recognition system, delete data
Facebook said it will shut down its face-recognition system and delete faceprints of more than 1 billion people.
Yeah, right.
-
:Zuckerbot: Facebook? Who's that? We're Meta and we're going to keep collecting faceprints
-
@Zerosquare are they also going to delete all derived data that they have generated in the meantime? Like ML shit and so on?
-
@Zerosquare said in WTF Bites:
delete
That's where you back the data up to your private server and change the API names, right?
-
@dcon Actually, they will delete the files from their versioned filesystem, but they can't delete the history without nuking everything else as well.
-
@Zerosquare said in WTF Bites:
Facebook to shut down face-recognition system, delete data
Facebook said it will shut down its face-recognition system and delete faceprints of more than 1 billion people.
Yeah, right.
They made a new and better system, so they no longer need the old one. And all the data has been shared with all interested spy organisations already, so they can't charge for it again.
-
use some random email from their spam list as the spoofed "From" address
Exactly that was the thing the spammer did in the Spamhaus case I mentioned: and the email address was a honypot address placed by Spamhaus such that some address scrapers (but no legit users) would pick it up.
-
Size matters.
Normally, my laptop is docked in a docking station, and a large screen of 2560x1440 pixels is attached to it. I open a browser window on the big screen, and set its height to the height of the screen (but not the width - the browser still is in portrait mode on the landscape screen).
The next day, I switch the laptop on without the docking station. Now there is only the small screen of the laptop available. Open a browser...
Well, old Firefox gets things right: the height is adjusted to the now available height. But a rather recent Firefox still requires 1440 pixels height.
Do not upgrade! Everywhere.
-
Just got an email from my data SIM provider telling me I am “out of contract” - no, I am on a rolling contract.
The current contract, £14.50/month for 4G, 20GB with certain services not counting towards it.
I could stay on this plan, which has a cost adjustment each May of up to the published RPI rate.
Or I could pick from these wonderful upgrades.
-
Go to £15/month and get some Huawei phone thrown in with 5GB starter data and 20GB a month thereafter, for 24 months.
-
Go to £16/month for a 20GB data plan for 24 months.
-
Go to £8/month for 2GB data plan for 24 months.
Note, if I go to any of these plans, their annual cost adjustment is 4.5% year on year.
So I could pay an extra 50p a month for a phone I don’t want, or pay an extra £1.50 a month for the same plan I’m on, or pay half for 1/10 the data. And have a (currently) higher price hike per year than I currently have seeing how this year’s price hike was something like 1.4%.
Good deal, yes?
-
-
At home I have my screens mapped like this, because that matches their physical positions:
Whenever I plug or unplug that external monitor, most of my windows end up moved somewhere at least partially off-screen. And yes, that includes the windows which previously were entirely within the area of the laptop screen.
Filed under: Alt-F7 to the rescue
-
Note, if I go to any of these plans, their annual cost adjustment is 4.5% year on year.
I was looking at contracts some time ago and saw that.
But, since that's a thing now, next time I will be looking at contracts will be just after the April (or thereabouts) price hike. And it will be for at most a yearly contract.
-
@dcon Actually, they will delete the files from their versioned filesystem, but they can't delete the history without nuking everything else as well.
SVN is that you?
-
@Tsaukpaetra Just using SVN would have been too easy. No, they had to pick a distributed version control system and then pull out its guts to make it perform fast:
-
-
@topspin He's free to fact-check my shitpost, but I'll have to see if I reply.
At any rate, they're unlikely to store their AI data in either SVN or Mercurial, it's likely something even more specialized.
-
@topspin He's free to fact-check my shitpost, but I'll have to see if I reply.
Huh? I was just saying that facebook = bad (assumption by me which should hopefully apply to everyone), rust = good, mercurial = at least better than git.
-
@BernieTheBernie said in WTF Bites:
old Firefox ... recent Firefox ... Do not upgrade!
@Lorne-Kates alt discovered!
-
@BernieTheBernie said in WTF Bites:
Size matters.
Normally, my laptop is docked in a docking station, and a large screen of 2560x1440 pixels is attached to it. I open a browser window on the big screen, and set its height to the height of the screen (but not the width - the browser still is in portrait mode on the landscape screen).
The next day, I switch the laptop on without the docking station. Now there is only the small screen of the laptop available. Open a browser...
Well, old Firefox gets things right: the height is adjusted to the now available height. But a rather recent Firefox still requires 1440 pixels height.
Do not upgrade! Everywhere.I remember when you'd do that and Firefox would open up exactly where you left it. Which is now completely offscreen.
-
@dcon
Notepad++still behaves like that.
-
@BernieTheBernie said in WTF Bites:
@dcon
Notepad++still behaves like that.That was when I learned the Alt+Space trick combined with a mouse twitch. Tho the mouse twitch part wasn't learned for a while...
-
@dcon surely you want Alt+Space then pressing M then arrow keys to move back into somewhere sensible?
Facebook is writing a Mercurial server in Rust. This is not a drill