Date: Sun, 28 Nov 2021 11:59:20 -0800 From: Dave Hayes <dave@jetcafe.org> To: George Mitchell <george+freebsd@m5p.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Hello Message-ID: <20211128115920.61240092@bigus.dream-tech.com> In-Reply-To: <05580cd8-1bbf-8783-b190-40d9cdacade6@m5p.com> References: <cd41bda5-6a14-c4e2-3d74-b0c5d52480ec@zohomail.com> <05580cd8-1bbf-8783-b190-40d9cdacade6@m5p.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 27 Nov 2021 18:26:43 -0500 George Mitchell <george+freebsd@m5p.com> wrote: > On 11/27/21 17:40, Obsto Clades via freebsd-hackers wrote: > > If you are interested in checking out my OS, you can find instructions= =20 > > on my site's home page:=C2=A0 https://obstoclades.tech/ >=20 > Hmm, my mother told me never to click on links in strange emails ... Did your mother ever use cURL? :D prompt> curl -kv https://obstoclades.tech * Trying 209.181.137.95:443... * Connected to obstoclades.tech (209.181.137.95) port 443 (#0) ... * SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: CN=3Dobstoclades.tech * start date: Oct 16 20:04:54 2021 GMT * expire date: Jan 14 20:04:53 2022 GMT * issuer: C=3DUS; O=3DLet's Encrypt; CN=3DR3 * SSL certificate verify result: unable to get local issuer certificate (2= 0), continuing anyway. It seems there's a problem with his certificate chain, but this is not unus= ual. > GET / HTTP/1.1 > Host: obstoclades.tech > User-Agent: curl/7.77.0 > Accept: */* >=20 * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Server: nginx/1.20.1 < Date: Sun, 28 Nov 2021 19:50:00 GMT < Content-Type: text/html; charset=3Dutf-8 < Transfer-Encoding: chunked < Connection: keep-alive < Cache-Control: no-cache, no-store, must-revalidate < Pragma: no-cache < Expires: 0 No obvious problem there. The only possibly questionable thing (other than jquery, which comes from google) is this: <script src=3D"js/obstoclades.js" defer=3D"defer"></script> which is this: /* * File: obstoclades.js * Copyright (c) 2017 Obsto Clades, LLC */ $(document).ready(function() { var $content =3D $(".content").hide(); $(".img").on("click", function (e) { $(this).parent().parent().toggleClass("expanded"); var ttt =3D $(this).parent().children(".tooltiptext"); if ($(this).parent().parent().hasClass("expanded")) { ttt.replaceWith("<span class=3D\"tooltiptext\">Click to close</span>"); } else { ttt.replaceWith("<span class=3D\"tooltiptext\">Click to open</span>"); } $(this).parent().parent().next().slideToggle(); }); var textHeight =3D $("#left-side-header-text").height(); $("#old_english_sheepdog").height(textHeight).width(textHeight); $("#button").click(function() { $("#contactus-form").submit(); }) }); There's nothing in that I can see that's malicious. I could be wrong.=20 I looked briefly at the content. This person is trying to do good by securi= ty, so in my book it's worth a look. If said machine is actually impervious to sudo root, and all the compilers/interpreters work, that's likely going to work well. Am I missing something here?=20 --=20 Dave Hayes - Consultant - LA CA, USA - dave@dream-tech.com >>>> *The opinions expressed above are entirely my own* <<<< No system is any use if you merely possess it. Ownership requires operation. No system is useful if one can only experiment with it. For a system to be useful, it must be correctly operated.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20211128115920.61240092>