From nobody Tue Nov 30 22:36:42 2021 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id AAC8418A958D for ; Tue, 30 Nov 2021 22:36:57 +0000 (UTC) (envelope-from obsto.clades@zohomail.com) Received: from sender4-pp-o92.zoho.com (sender4-pp-o92.zoho.com [136.143.188.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4J3cXS5Rgsz4XQD for ; Tue, 30 Nov 2021 22:36:56 +0000 (UTC) (envelope-from obsto.clades@zohomail.com) ARC-Seal: i=1; a=rsa-sha256; t=1638311807; cv=none; d=zohomail.com; s=zohoarc; b=cWJcyG2D+7sJgAvowGNKOiVZNBM71WUidmBF2x9fwq9oYbLeuMHvkz4UFu98DprEMjotMNB0jbQpzXzzCrblAbX4dnXCDizVTZIc41QMg6QsvC8ctYGvEKtimz1RRWTabYisqmp0QIsCOgTmPw3x/FVrBJGn45i1Fc3npgfBXFs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1638311807; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=tio2hdyjHiZBYbwJdhOpEMY7q1wXRk1e73Hvr1fzvNI=; b=kGj7CHrXhPzJZc8Rek2INJ/pMM4fH8jJWCqXu6fl2SjCvtAIGKzHVUNIdO/laQU5zHPPrPElfdnhlPhPmyczYk0wBzNphJKtDJeGgHFnZRpLNozBB5m/lEF75Nk1uKIC/xepF7Xii6CAbHnfD8w6ERCmkGZYKmTiqpWXhZjLYbQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=zohomail.com; spf=pass smtp.mailfrom=obsto.clades@zohomail.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1638311807; s=zm2020; d=zohomail.com; i=obsto.clades@zohomail.com; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=tio2hdyjHiZBYbwJdhOpEMY7q1wXRk1e73Hvr1fzvNI=; b=AC9hoB33iOlkFXAjgOEIeOtSpekfxBZBH8yruSKZZzMStdtAHbtw+Ed+KDvdIblR o8O06UNHZ0NPAJBt66Gwh3IkINmy7ETPthV9qBsTAmTU0Nbjv3nlhTeTpxcg/BNDPwG y1d4QUyEUohh1hBijYHj9CYRJ9VGd8jWqq7ysavg= Received: from [10.0.0.2] (97-113-103-185.tukw.qwest.net [97.113.103.185]) by mx.zohomail.com with SMTPS id 1638311803999369.6135599492778; Tue, 30 Nov 2021 14:36:43 -0800 (PST) Subject: Re: Hello To: freebsd-hackers@FreeBSD.org References: <05580cd8-1bbf-8783-b190-40d9cdacade6@m5p.com> <20211128115920.61240092@bigus.dream-tech.com> Message-ID: Date: Tue, 30 Nov 2021 14:36:42 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 In-Reply-To: <20211128115920.61240092@bigus.dream-tech.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-ZohoMailClient: External X-Rspamd-Queue-Id: 4J3cXS5Rgsz4XQD X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=zohomail.com header.s=zm2020 header.b=AC9hoB33; arc=pass ("zohomail.com:s=zohoarc:i=1"); dmarc=pass (policy=reject) header.from=zohomail.com; spf=pass (mx1.freebsd.org: domain of obsto.clades@zohomail.com designates 136.143.188.92 as permitted sender) smtp.mailfrom=obsto.clades@zohomail.com X-Spamd-Result: default: False [-4.67 / 15.00]; DWL_DNSWL_NONE(0.00)[zohomail.com:dkim]; NEURAL_HAM_MEDIUM(-0.97)[-0.974]; R_DKIM_ALLOW(-0.20)[zohomail.com:s=zm2020]; RWL_MAILSPIKE_POSSIBLE(0.00)[136.143.188.92:from]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:136.143.188.0/24]; RECEIVED_SPAMHAUS_PBL(0.00)[97.113.103.185:received]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.999]; RCPT_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[zohomail.com:+]; DMARC_POLICY_ALLOW(-0.50)[zohomail.com,reject]; RCVD_IN_DNSWL_NONE(0.00)[136.143.188.92:from]; NEURAL_HAM_SHORT(-1.00)[-0.999]; MIME_HTML_ONLY(0.20)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:2639, ipnet:136.143.188.0/23, country:US]; RCVD_COUNT_TWO(0.00)[2]; MID_RHS_MATCH_FROM(0.00)[]; ARC_ALLOW(-1.00)[zohomail.com:s=zohoarc:i=1] Reply-To: obsto.clades@zohomail.com From: Obsto Clades via freebsd-hackers X-Original-From: Obsto Clades X-ThisMailContainsUnwantedMimeParts: N I appreciate your kind words.  I'd appreciate it even more if you spread the word to check out my work.  The more white-hat hackers who try to hack my OS, the more confidence I will have that my modifications are as good as I hope. On 11/28/21 11:59 AM, Dave Hayes wrote: > On Sat, 27 Nov 2021 18:26:43 -0500 > George Mitchell wrote: >> On 11/27/21 17:40, Obsto Clades via freebsd-hackers wrote: >>> If you are interested in checking out my OS, you can find instructions >>> on my site's home page:  https://obstoclades.tech/ >> Hmm, my mother told me never to click on links in strange emails ... > Did your mother ever use cURL? :D > > prompt> curl -kv https://obstoclades.tech > * Trying 209.181.137.95:443... > * Connected to obstoclades.tech (209.181.137.95) port 443 (#0) > ... > * SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384 > * ALPN, server accepted to use http/1.1 > * Server certificate: > * subject: CN=obstoclades.tech > * start date: Oct 16 20:04:54 2021 GMT > * expire date: Jan 14 20:04:53 2022 GMT > * issuer: C=US; O=Let's Encrypt; CN=R3 > * SSL certificate verify result: unable to get local issuer certificate (20), > continuing anyway. > > It seems there's a problem with his certificate chain, but this is not unusual. > >> GET / HTTP/1.1 >> Host: obstoclades.tech >> User-Agent: curl/7.77.0 >> Accept: */* >> > * Mark bundle as not supporting multiuse > < HTTP/1.1 200 OK > < Server: nginx/1.20.1 > < Date: Sun, 28 Nov 2021 19:50:00 GMT > < Content-Type: text/html; charset=utf-8 > < Transfer-Encoding: chunked > < Connection: keep-alive > < Cache-Control: no-cache, no-store, must-revalidate > < Pragma: no-cache > < Expires: 0 > > No obvious problem there. The only possibly questionable thing (other than > jquery, which comes from google) is this: > > > > which is this: > > /* > * File: obstoclades.js > * Copyright (c) 2017 Obsto Clades, LLC > */ > > $(document).ready(function() > { > var $content = $(".content").hide(); > $(".img").on("click", function (e) > { > $(this).parent().parent().toggleClass("expanded"); > var ttt = $(this).parent().children(".tooltiptext"); > if ($(this).parent().parent().hasClass("expanded")) > { > ttt.replaceWith("Click to > close"); } > else > { > ttt.replaceWith("Click to > open"); } > $(this).parent().parent().next().slideToggle(); > }); > var textHeight = $("#left-side-header-text").height(); > $("#old_english_sheepdog").height(textHeight).width(textHeight); > $("#button").click(function() > { > $("#contactus-form").submit(); > }) > }); > > There's nothing in that I can see that's malicious. I could be wrong. > > I looked briefly at the content. This person is trying to do good by security, > so in my book it's worth a look. If said machine is actually impervious to > sudo root, and all the compilers/interpreters work, that's likely going to > work well. Am I missing something here? -- Obsto Clades, LLC