From nobody Sun Nov 28 19:59:20 2021 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E984518B48B7 for ; Sun, 28 Nov 2021 19:59:31 +0000 (UTC) (envelope-from dave@jetcafe.org) Received: from fedex2.jetcafe.org (fedex2.jetcafe.org [205.147.26.23]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "fedex2.jetcafe.org", Issuer "R3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J2K7l4yXqz4SvK for ; Sun, 28 Nov 2021 19:59:31 +0000 (UTC) (envelope-from dave@jetcafe.org) X-Envelope-To: freebsd-hackers@freebsd.org X-Rcpt-Mailer: X-Mail-Mailer: local X-SMTP-Proto: ESMTP Received: from bigus.dream-tech.com (bigus.jetcafe.org [205.147.26.7]) by fedex2.jetcafe.org (8.16.1/8.16.1) with ESMTP id 1ASJxKXh085243; Sun, 28 Nov 2021 11:59:20 -0800 (PST) (envelope-from dave@jetcafe.org) Date: Sun, 28 Nov 2021 11:59:20 -0800 From: Dave Hayes To: George Mitchell Cc: freebsd-hackers@freebsd.org Subject: Re: Hello Message-ID: <20211128115920.61240092@bigus.dream-tech.com> In-Reply-To: <05580cd8-1bbf-8783-b190-40d9cdacade6@m5p.com> References: <05580cd8-1bbf-8783-b190-40d9cdacade6@m5p.com> List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1 ( out of 5.1) ALL_TRUSTED,SHORTCIRCUIT X-Spam-Checker-Version: SpamAssassin version 3.4.5-jetcafeglobal X-Scanned-By: MIMEDefang 2.84 X-Rspamd-Queue-Id: 4J2K7l4yXqz4SvK X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; TAGGED_RCPT(0.00)[freebsd]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On Sat, 27 Nov 2021 18:26:43 -0500 George Mitchell wrote: > On 11/27/21 17:40, Obsto Clades via freebsd-hackers wrote: > > If you are interested in checking out my OS, you can find instructions= =20 > > on my site's home page:=C2=A0 https://obstoclades.tech/ >=20 > Hmm, my mother told me never to click on links in strange emails ... Did your mother ever use cURL? :D prompt> curl -kv https://obstoclades.tech * Trying 209.181.137.95:443... * Connected to obstoclades.tech (209.181.137.95) port 443 (#0) ... * SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: CN=3Dobstoclades.tech * start date: Oct 16 20:04:54 2021 GMT * expire date: Jan 14 20:04:53 2022 GMT * issuer: C=3DUS; O=3DLet's Encrypt; CN=3DR3 * SSL certificate verify result: unable to get local issuer certificate (2= 0), continuing anyway. It seems there's a problem with his certificate chain, but this is not unus= ual. > GET / HTTP/1.1 > Host: obstoclades.tech > User-Agent: curl/7.77.0 > Accept: */* >=20 * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Server: nginx/1.20.1 < Date: Sun, 28 Nov 2021 19:50:00 GMT < Content-Type: text/html; charset=3Dutf-8 < Transfer-Encoding: chunked < Connection: keep-alive < Cache-Control: no-cache, no-store, must-revalidate < Pragma: no-cache < Expires: 0 No obvious problem there. The only possibly questionable thing (other than jquery, which comes from google) is this: which is this: /* * File: obstoclades.js * Copyright (c) 2017 Obsto Clades, LLC */ $(document).ready(function() { var $content =3D $(".content").hide(); $(".img").on("click", function (e) { $(this).parent().parent().toggleClass("expanded"); var ttt =3D $(this).parent().children(".tooltiptext"); if ($(this).parent().parent().hasClass("expanded")) { ttt.replaceWith("Click to close"); } else { ttt.replaceWith("Click to open"); } $(this).parent().parent().next().slideToggle(); }); var textHeight =3D $("#left-side-header-text").height(); $("#old_english_sheepdog").height(textHeight).width(textHeight); $("#button").click(function() { $("#contactus-form").submit(); }) }); There's nothing in that I can see that's malicious. I could be wrong.=20 I looked briefly at the content. This person is trying to do good by securi= ty, so in my book it's worth a look. If said machine is actually impervious to sudo root, and all the compilers/interpreters work, that's likely going to work well. Am I missing something here?=20 --=20 Dave Hayes - Consultant - LA CA, USA - dave@dream-tech.com >>>> *The opinions expressed above are entirely my own* <<<< No system is any use if you merely possess it. Ownership requires operation. No system is useful if one can only experiment with it. For a system to be useful, it must be correctly operated.