- 2024
- Feb
- 4
Multiple email SPF records? Yeah, go away kid, we don’t care.
I’ve written about email security and having the proper records set in the past, but last week I ran across probably one of the most interesting (and really bad) ones to date.
I use an email service that I pay for, simply because I like having my own domain name - as you can probably tell by the links that pepper my posts, and the fact that you’re reading this on Wereboar.
Sunday, I (was supposed to have!) received an email from a large corporation that contained information that I paid for. Didn’t get it, so I logged in to my email maintenance console - and there they were.
They were quarantined in a way I’d never seen before. All text and links were struck out. Nothing could be clicked. You could move them around, but they would never pass into visibility in any IMAP folder. The only thing I could do is delete them in the maintenance console. The system would not release them - they were so suspicious that they just wouldn’t. Period.
The first thing I do is check the company in question’s email records using mxtoolbox - and there it is. Two SPF records. While this was acceptable at one point, a change to the way email worked - IN 2014! - made having multiple records of this type a red flag, and any email system worth it’s salt will, at minimum, dump these into spam.
SPF is a text record set in an email service that tells the email server who is allowed to send mail. You’re allowed one. Having more than one means that someone else could have set one without your knowledge - and that leads to all kind of interesting scenarios, the least of which is lots of spam being relayed through your email server.
The change that allowed only one SPF record was made in 2014. That means this large multi-national corporation has had 10 years to make this simple fix to their email system.
My email service didn’t put these in spam, it simply said “Nope, not going to let you have these, they’re suspicious beyond compare.” The fact that it’s a world-wide operating company that many use on a daily basis is even worse. They have the time and resources to take 10 minutes and set their email server up properly. I made a complaint. Will they change it?
No. They literally don’t care. Send an email to the ones set in their other security record (DMARC) and it comes back “mailbox full.” No one is even looking at issues.
So, did I get my information? Yes. I keep a couple of old Gmail addresses for whatever reason - nostalgia I guess. Gmail used to be the gold standard for consumer email service, but now it’s the library book of email services. It accepted the malformed records without complaint, which it absolutely should not have done.
What do you need to take away from this? As email becomes more and more weaponized, you’re going to have more systems rejecting your email. Fix your $&#&$! crap. If you don’t know how, hire someone to do it for you.
If you don’t, there’s going to be a time when you can’t get your email through. And that’s going to be purely your fault.
Don’t wait. Fix it. Now.
- 2024
- Jan
- 23
All of the documents currently in wereboar’s archive - Part II.
I’ve added a few more documents to the Wereboar archive on both the previous entry, as well as this (new) entry. More will be added as I gain more manuals for equipment featured here. These are hosted by my webhost’s cloud storage system, OXDrive.
Original document archive post:
https://wereboar.com … n-wereboars-archive/
The Knight KG-690 and 83Y135 Signal Tracer (Same chassis, different cabinet):
https://privateemail … 11cf/1/8/NDY/NDYvMTU
Radio Shack “Science Fair” 28-177 Crystal Radio Kit Owner and Assembly Manual: https://privateemail … 8376/1/8/NDY/NDYvMTY
All of the documents currently stored in the wereboar archive, as of April 8th 2024 (165MB zipfile) - anything below this is not in this archive:
https://www.dropbox. … w2v18oho5tib9vu&dl=0
The EICO Model 540 Readi-Tester:
https://privateemail … ed43/1/8/NDY/NDYvMTc
- 2023
- Nov
- 30
I didn’t take it because it’s not enough money…
I have enough time in the industry to comfortably “sit back and reflect on things that have happened over the years,” and one of those things that came up in conversation recently was why I turned down some positions that I applied and worked towards getting.
It took me some time to come up with a reason for this, but I read a short article about the same thing and that described it very well. It helped me put into words what my reasons are - that all of the positions I’ve been offered and turned down were either lateral or downgrades, pay wise.
There are a number that were serious downgrades in pay that just got tossed by the wayside because the company had not been truthful about what was being offered at the start. These places generally had a bad company attitude as well, and it’s probably for the best that they revealed their hand before I took the offer.
There are two that really stick out in my mind, however. One was a company looking for an engineering technician. This person would be entering a “Now apply what you learned” situation. The company offering this knew what I made currently, and knew I would be picking up and moving. I had a good feeling about this one, and assumed that because of the increased skill level required it would be paying accordingly.
“Accordingly” was a number based on some people I knew doing similar work at comparable companies.
They didn’t offer that number, and offered somewhat (not a lot) less than I told them I made currently. I turned it down. I received a call later from the company asking what they could do to make me interested. It’s the money, make me a reasonable offer for an engineering technician. You’re not giving me any reason to be attracted. I know the job is longer hours and more intellectual work, pay for that.
I never received any further contact, so I have to assume that they either went with their second choice or started interviewing again to find someone that would take their offer. I found their HR person on LinkedIn years later and extended a “Can I talk about that?” but never received a contact.
The second was more of a plain lateral move. The company did offer slightly more than I was making at the time (about $0.24 / hr more) but their benefits structure would have eaten up considerably more than that. It would have turned out to be a net negative with a longer drive. Again, the contact asked why I was turning it down.
It’s the money. It may be a bit more gross, but the net is less and you’ve not given me any reason to be attracted to your company - make me a better offer. You know what I said I’d like to see. I’m not leaving this job for that job when I’m not gaining any benefit. You seemed very pleased that I could pass your test and talk shop with you. You want my skills, how about a bit of compensation for them?
That didn’t go anywhere either. I did contact them later when some stuff happened, but they weren’t interested in talking anymore. No big deal there, I understand.
The takeaway here is I’ve had plenty of offers over the years, but in almost all cases it was the exact same thing I had or less, even if the position was a step or two up. At no time did I feel the company recruiting me understood that I wasn’t going to leave something for something identical, that I wasn’t going to take less. They just knew I wasn’t taking their offer but were unwilling to offer more.
It’s all kind of frustrating, but I’ve since read other’s accounts of the same thing. Someone wants them, but offers essentially the same thing they have and wonders why they don’t come running. We’re not in this for our health, it’s the money. If you want a special skill or years of experience, offer the holder something that attracts them.
If you don’t - you don’t get it. That’s all there is to it.
I’ve talked in depth about some of those experiences. If you’d like to read them, you can find them here: https://wereboar.com/stories/
- 2023
- Nov
- 29
An odd thing with Flatpress…
This blog runs on a self-hosted system called Flatpress. It’s what it sounds like, it’s a Flat file publishing system. No databases or anything, just a bunch of files.
One of the odd things I’ve noticed about this system is how it pulls thumbnails and presents them to the user. Sometimes the thumbnails will be blurry, and sometimes they won’t. No idea why, save it seems to be related to the name length of the folder the images are in - and perhaps the name of the folder?
Thumbnails in this case refers to both the reduced size (but still large) images on a normal page using the img tag, as well as those presented by the gallery plugin I use.
For example, a recent post about the Fort Wayne hamfest gave me blurry images for the thumbnails. While they aren’t necessarily clear, you can generally tell what they are - not so this time. I changed the name of the folder from “fh23” to “fortwayneh23,” pointed the page to the new folder, and the thumbnails look good.
Later me wants to add some things - Don’t start your image or folder names off with a number, always use a letter. I don’t know why, but using a number will result in a blurry thumbnail. If you get this, change your names and delete the thumbnail folder in the image directory where you have your files stored!
I have other folders in my image directory that are only four letters long, so I’m really kind of clueless here unless it’s some random thing with both length and name. If you’ve run across that yourself (and it doesn’t matter if I’m using the gallery or normal view) then try to rename the folder your post’s images are in to something longer than 4 characters. It may resolve your issue.
- 2023
- Oct
- 18
pygg.xyz is gone.
As the SSL cert for pygg.xyz will expire on November 2nd, I’ve turned off the site. It now automatically redirects to the homepage of wereboar.com. It will probably give you SSL errors at some point, but the redirects should still work.
If you have any bookmarks from that site floating around, simply replace pygg.xyz with wereboar.com and you’ll end up exactly where you wanted to go. If not, you should get sent to the wereboar homepage.
When the hosting plan expires, I’ll set a simple wildcard redirect and be done with it. Until then, pygg.xyz is for sale - hit me up at the email address on the front of wereboar.com if you’re interested.
- 2023
- Jun
- 22
This little werepig has settled in his new home.
Originally, I thought I’d keep pygg.xyz duplicated with the same content as my new home, but really, when it comes down to it, there’s no reason for that. A simple redirect in the website’s code will automagically bring people to my new home. You’ll land on the project page since that’s where the good stuff lives.
So, take a look around. You’ll find everything pretty much looks the same. You can even replace the pygg.xyz in any URL you find with wereboar.com, and it will take you to the exact spot you were looking for. (For the most part, I’ve trimmed a bit here and there to make for a leaner piggy!)
If you landed here looking for the homepage, click this link to go there: https://wereboar.com/
Thanks for stopping by. Hope you enjoy the slice of unusual that I find in the electronics world.
- Bryan
- 2023
- Jun
- 18
My new home for my project blog is here!
When I created pygg.xyz a few years ago, it was because it was cheap and available. Unfortunately, the .xyz domains are not well loved by email services and other secure systems. I get a lot of bounces and other problematic issues with the .xyz domain.
I’m picking up and moving to wereboar.com - this domain should be easier to work with when it comes to dealing with these systems. For now, everything will remain the same. This blog is going to be duplicated across wereboar and pygg, and you can simply replace pygg.xyz with wereboar.com in older links.
Eventually, I’ll stop posting to pygg and let the hosting expire, but that’s not going to be for at least another year. So you’re free to browse the archives at https://pygg.xyz/projects.
There’s going to be some broken stuff for a while, but I hope to get it all fixed up soon. Most, if not all of the links should be working at this point.
It’s good to see you here. Thanks for coming along for the ride.
Bryan
- 2023
- May
- 16
Monster.com has become nothing but noise.
Some time ago, I changed my email address for job contacts to a domain-based email instead of a generic gmail account. This was mostly so I could track where all of the spam was coming from, since I tend to leave my profiles alone once I’ve found employment. I noticed something right away:
Almost all of the spam was coming from monster.com
During the boom in late 2021 and 2022, I would sometimes get 20-30 a day from offshore recruiters, multiple contacts from different people in the same company in regards to a job that wasn’t worth your time. This slowed somewhat to about 15-20 a week, but all of it was offshore recruiters that just matched a keyword and had no clue as to what they were recruiting for - or even that someone else from their company had contacted me.
I turned off the monster.com account, and… silence.
All of that junk, those $20/hr jobs in San Francisco, those 3 month contracts in North Dakota, those jobs that were completely mismatched to my skillset have all vanished. It’s both sad and interesting to see how one of the first big online career sites has fallen, but that’s their problem. They’re making money from all of these offshore recruiters pulling profiles. They’re not going to do a thing to disturb their golden goose even though it’s totally useless for the end user.
What’s worse, is that my state of residence uses monster as their backend for the unemployment system. Monster used to automagically connect the two, something it didn’t bother telling you about. I only found out this one day when someone told me they found my profile on ohiomeansjobs.com - I had never heard of the site but found that it was just monster.com with a red bird instead of a purple creature. Even better - if you’re unemployed, it used to not let you make changes to monster because you were a “protected jobseeker” due to the unwanted connection to the Ohio site. As soon as I left this status I made sure to disconnect the two by deleting and re-creating the monster account with a different email address, and filling the Ohio site with junk because it’s just monster, i.e. spam, with a different name. You can’t delete that one for years, even though it clearly used to say you could.
The moral of the story here is that things change, and what was once useful is no longer necessary. Monster is a zombie clone of itself, and by association, so is Ohio Means Jobs.
There’s nothing I can do about it except say “Sorry, it’s not me - it’s you. Bye.”
- 2023
- May
- 2
Random board shot - The Textolite “T”
It’s always cool (and kind of sad) to open a piece of equipment and see the GE Textolite T on the circuit board.
This was manufactured by the Coshocton, OH GE plant on South 2nd street in the 1970s. The plant opened to make laminated plastics under the trade name Textolite, and made various other things over the years including plastic parts for appliances, and raw circuit board.
It opened in 1947, and closed in 2004, a victim of declining manufacturing in the USA, and the drive for ever-increasing profits by GE. It probably would have closed at some point, as GE has sold their appliance division to Haier and there’s no reason for a Chinese company to manufacture here.
Out of all the businesses listed on that page, only Fisher remains. RIP, we hardly knew ye.
- 2023
- Jan
- 23
StatusNet: Cleaning up the main page.
This is the second (and last?) part of my cleaning up StatusNet. This deals with removing some of the main page identifiers. While this isn’t hardening, it obscures the doorway just a bit, and hopefully drive-bys will just look at it as a not very worthwhile target. It also removes links to things that aren’t what they were when the service started, so there’s less chance for a user to click on something that may now lead to a malicious site.
This does remove some of the boilerplate regarding the GNU license status, among other things. While I don’t like to do this, StatusNet is so old that there are probably no new installs happening, as it won’t run on modern PHP. If you’re running this commercially, you may be obligated to leave those license notifications alone, so use your own judgement.
***
Here’s the original assets, and what we’re going to change:
The first thing I like to do is get rid of the dead link to status.net, and the link to wikipedia. The first isn’t necessary because status.net is just a garbage page full of SEO grabber links, and the second both because I don’t like some of Wikipedia’s practices and you hopefully know what microblogging is now. The term itself has passed into the legend of Web 1.0, so it’s not even a relevant term these days.
(I assume you’re comfortable with your webserver and know where things are. No warranties are expressed or implied, it’s up to you to make sure you’re doing this right.)
Start by making a copy of websiteroot/actions/public.php, and then open the original for editing. (Always back up your original, just in case!). Move down to the very bottom of the file. You’ll see this:
And when we’re done, it will look something like this:
To change the header box in question, edit the ’showAnonymousMessage’ function to say whatever it is you want. Use this as a guide, essentially you’re getting rid of all of the links and creating a static header that shows regardless of the other options chosen for the site. That’s why it’s duplicated in the ‘if’ block.
Since the site in question is TheDoghouse, %%site.name%% will show that, followed by ‘Woof!’ - you don’t have to use the variable here, and you can put anything you want in the block as long as it can be printed. I chose to use a simple message that will show “This is TheDoghouse. Woof!” on the main screen where the description about StatusNet and the service description lived. The variable originally used was left intact for this step.
The next edit is just to reduce clutter. In the block directly above the one we just edited is the sidebar links. I edit those out so, while they still are there, the function to actually print them on the screen is commented out with #. This isn’t necessary and doesn’t really offer anything, it’s just something I like to do. The base skin for statusnet will show the same size box, but other skins will reduce the amount of space used based on how much or little you comment out.
Here’s what it looks like by default:
This gets rid of the “Popular”, “Groups”, and “Featured” links on the main page. While they are still available, to me and my private site it’s just unusued cruft. So away they go. I didn’t delete them in case I want to re-implement them, the function block simply doesn’t show what has been placed in the variables. Similarly with the site name, I left the if/else case alone so later edits will be less painful if certain functions need to be restored. But that’s why you made the copy, right? You did make a copy, right?
But there’s nothing preventing you from putting whatever you want there. Just replace the variable with whatever you like and let the show function print it for you. (I suggest you check out some basic php stuff before going crazy!)
Save your edits, and check that permissions and owner of public.php are correct. Since you created a copy, it’s probably now root, so change that back to whatever your webserver uses as it’s username. load your site up, and you should see your changes.
The next, last, and other thing I like to get rid of is the footer, and all of it’s links. This shows up on every page regardless, even the main page. While again, this does contain license information, many of the links are dead and the version number of the service is present. As before, there are probably no new installs happening, so having this information isn’t terribly useful. It exposes things that could make it (ever-so-slightly) easier to probe for entry, so it goes away. Again - this isn’t hardening, it’s simply covering up the door so the curious passer-by hopefully doesn’t see it. The microblogging term stays here, but be careful of your license requirements.
For this, navigate to websiteroot/lib/action.php. Make a copy, and edit the original. Navigate to showStatusNetLicense, and you’ll see this:
What gets shown is dependent on if you have the “Brought By” line filled out in your config. But I don’t care about that, as before I’ve left the if/else cases alone so they can be reverted easier, if necessary. All of the “runs the” information is gone, as is the license, and the service shows the same information regardless of config options.
The last thing I like to get rid of is the set of links present at the bottom of every page. My site is private, so some of those are not useful. The rest are dead links, and like the now defunct status.net page, may lead to something unsavory. Those are fairly easy to get rid of, navigate to the showSecondaryNav function in action.php and simply comment out the block.
Here’s the original:
And my edits:
Everything is commented out except the first few and last few lines, which give the function something to do when called. Other than that, everything else is ignored.
Save your edits, make sure permissions are correct, and check your site.
That’s it. Your main page now does not show much information about what this is, other than StatusNet.
Troubleshooting: If you’re having some issues where you are now getting a 500 error, check your permissions. That’s probably going to be the main issue here. Also check that you’ve used the correct syntax in the code, variables are always enclosed with %% %% and lines must end with a semicolon; Beyond that, copy your original file over the edits and try again. I found out by trial and error, so don’t be afraid to play with stuff even if you don’t understand 100% of what it’s doing.
There are a few other things you can do inside the service to remove unwanted things like maps (that don’t work,) but I’ll cover those in a separate article.