A week ago I noticed a high CPU load on my web server and found that 4 CPUs were busy executing tasks created by my WebSub server implementation phubb.

Spam info

Upon further investigation I found that there were ~1500 remote IP addresses sending ~3500 ping requests per minute to my server. Each request spawned a background process, leading to the high server load.

The source IPs were split geographically across a couple dozen of countries, the top 5 being:

59	IR, Iran, Islamic Republic of
64	RO, Romania
311	GB, United Kingdom
123	UA, Ukraine
1000	US, United States

The feed URLs for which update pings were sent to my server were e.g. http://romareis.nl/atom320756.xml and many more domains.

When opening the URLs listed inside the feed with a browser, they redirected to bt-fr-cl.com and some subpath. This seems to be a tracking service that counts link clicks, which might give an explanation for the spam attack: Get links to those URLs visible to many eyes and have people click on them, to get ad revenue or even getting paid per click.

Mitigation

I added a whitelist to phubb and now only allow pings and subscriptions for cweiske.de.

Fuck you, spammers. I wish you a slow and painful death.

Es ist das Jahr 2025, 27 Jahre nach der Standardisierung von IPv6. Die 1blu RootServer unterstützen kein IPv6, wie auch die meisten anderen Produkte bei 1blu. Traurig.

Der Support antwortet mit der gleichen Nachricht wie letztes Jahr:

Wir bedauern Ihnen mitteilen zu müssen, dass IPv6 bei Ihrem Produkt aktuell noch nicht unterstützt wird. Unsere Technik arbeitet bereits daran dies zu ermöglichen. Bitte haben Sie Verständnis, dass wir Ihnen jedoch noch keinen genauen Termin nennen können.

Wir werden zu einem anderen Hoster wechseln.

Siehe auch:

• 1blu ipv6 status 2024
• 1blu ipv6 status 2023
• cubewerk: 1blu ipv6 status 2020
• 2015-06: presse@1blu.de: Aktuell bieten wir IPv6 leider noch nicht an.

Spammers are using Wordpress installations with open registration to send spam e-mails to uninvolved users.

The mails are sent via the "Register" function that is linked on the Wordpress login page wp-login.php. The registration form has two fields: "Username" and "Email".

The username allows spaces, and this is where the spammers input a domain name and a promotional text. The domain name gets auto-linked by e-mail clients, making it easy for users to go to the spammer's site.

Such a spammy Wordpress registration e-mail looks like this:

Username: www.spammer.example.com - 1.2342 BTC

To set your password, visit the following address:

https://legitsite.example.net/wp-login.php?login=www.spammer.example.com%20-%201.2342%20BTC&key=oSxUtw01QIFHoxHvokfd&action=rp

https://legitsite.example.net/wp-login.php

Everything after the Username: in that line is provided by the spammer.

Two things should be fixed here by Wordpress:

• Reject usernames with spaces
• Reject usernames that have "www." in them, because that causes the e-mail clients to autolink the URL

Let's see what the Wordpress developers say to my ticket.

Others with this problem

2024-11: Reddit: Spammed with 100+ Fake WordPress Login Emails (Help!)

Years ago I registered at deepgram.com while trying to transcribe a podcast episode, with username+deepgram.com@example.org as my e-mail address. Today I received spam mails to that email address.

I contacted their security@ mailbox and asked if they have been hacked, but they denied that:

We apologize for the inconvenience you are experiencing. We can confirm that we did not experience a breach, but that data is shared in accordance with our privacy policy, and with the vendors specified in our subprocessors list https://deepgram.com/privacy/subprocessors.

So they know that their "subprocessors" are selling/losing/whatever user account data and are fully ok with it.

Yesterday I purchased an ebook from buecher.de, Corvus by Neal Stephenson. Apart from the water mark file it contains advertisements that take half of the size of the ebook file.

The DRM-free .epub file is 3.8 MiB in size. It is a zip file, and the unzipped contents are 6 MiB.

There are a lot of files in the folder OEBPS/BICMediaMarketing/, and their size sums up to 2.98 MiB. The non-BIC files are 3.04 MiB. Nearly 50% of the ebook's size are advertisements :(

Similar to ads bloating websites and making them so unusable that we have to use ad blockers, advertisements in ebook files waste bytes on our hard disks and make downloads slower.

I know who get electronic books without adverts: Pirates.
Similar to pirates having a much better movie experience than people buying and playing DVDs.

Advertisement files

     2048  2023-10-12 19:11   OEBPS/BICMediaMarketing/marketing.css
     2907  2023-10-12 19:11   OEBPS/BICMediaMarketing/mp1.xhtml
      763  2023-10-12 19:11   OEBPS/BICMediaMarketing/lastpage.xhtml
   162174  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/253EF476A2ED49549DED6D5B26C0EA1A.xhtml
      859  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/336E6DD3E68F4990B1D19F3CA30C4990.xhtml
      623  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/6FE2556344D849B281E012E50151547D.xhtml
     1112  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/9B8E49F3338942609923919A284CB82E.xhtml
     1009  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BAED857E61C049ECB974C479521A9207.xhtml
  1025293  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/cover.jpg
      748  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/cover.xhtml
     2958  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/DA9C6990BEF64CE68BF0407505CF793F.xhtml
      484  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/E8719B7E1C4B4C418F61C704A8FD8134.xhtml
      721  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/toc.ncx
    10054  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/70653622D0534CC6B6C67CBE13E33104.xhtml
     1548  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Amazon.gif
     1191  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Apple.gif
     1397  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Google.gif
    10740  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Kobo.JPG
     2517  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/tolino.gif
    20577  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Kostenlos_reinlesen.gif
    45514  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Kostenlos_reinlesen.PNG
    60808  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Kostenlos_reinlesen_klein.png
     8724  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/button--reinlesen--color.png
     5155  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/button--zumshop--color.png
    46701  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Zur_Bestellung_mit_einem_Klick_50.png
     6050  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/button--one-click--color.png
     9294  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Kostenlos_reinlesen2.png
     1712  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/marketing.css
     3582  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/image/153C113ED16D44E4B456D68D5AC45E41.jpg
     3914  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/image/372C80CDB20A44AE86BA05250A1FB430.jpg
     3175  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/image/4451B938ADFD4EA89F1F71CEC775730C.jpg
     3172  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/image/5C5B46C79F5C45128F4142D96EA0DAEA.jpg
     9272  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/image/F6C0DD5F607649E282DA83BCBB0D67DA.jpg
    77824  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/font/AGaramondPro-Bold.otf
    94208  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/font/AGaramondPro-Italic.otf
   126976  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/font/AGaramondPro-Regular.otf
    73728  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/font/FuturaLTPro-Book.otf
   106496  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/font/HelveticaLTPro-Oblique.ttf
   106496  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/font/HelveticaLTPro-Roman.ttf
    16357  2023-10-12 19:11   OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/css/idGeneratedStyles.css
    37278  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/9783641300852_front.jpg
   757076  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/DejaVuSans.ttf
     1548  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/Amazon.gif
     1191  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/Apple.gif
     1397  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/Google.gif
    10740  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/Kobo.JPG
     2517  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/tolino.gif
    20577  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/Kostenlos_reinlesen.gif
    45514  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/Kostenlos_reinlesen.PNG
    24354  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/mehr_zum_buch.png
     8724  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/button--reinlesen--color.png
     5155  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/button--zumshop--color.png
     9294  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/Kostenlos_reinlesen2.png
   145531  2023-10-12 19:11   OEBPS/BICMediaMarketing/BICMediaMarketing/rh_bg640_6.jpg
  

Size counting

I chained together some command line tools to get the size.

$ unzip -l Stephenson_Corvus_9783641249878.epub\
  | head -n-2 | tail -n +4\
  | grep BICMedia\
  | sed 's/^ *//' | cut -d' ' -f1\
  | xargs | sed 's/ /+/g' | bc
3129777

$ unzip -l Stephenson_Corvus_9783641249878.epub\
  | head -n-2 | tail -n +4\
  | grep -v BICMedia\
  | sed 's/^ *//' | cut -d' ' -f1\
  | xargs | sed 's/ /+/g' | bc
3193311

Problem: Page count

While reading the book, I looked at the page number and saw

901 / 978

After turning to the next page, noticed that it was the last one of the actual story. The next 70 pages were the "Leseprobe" advertisement for another book.

Imagine my disappointment that the book was finished at 90% of the pages, while shortly before my mind was in the good feeling of having another 70 pages to read before the end.

It's 2024 and I want to send a sign a contract and send it via e-mail to a company.

The company does not accept electronically signed PDF files (most don't), and even when they did - I don't have an electronic signature I can use with PDF files, nor do I know how to create one.

The only option I have is to sign the contract by hand: Print it out, write my signature with a pen, scan the signed paper and send the scan via e-mail to the company.

A variation of this option that takes less time and paper is to add an image of my signature to the PDF. But how can I do that? Let's look at the software on my Debian 12 laptop:

Atril

The PDF viewer shipped with the Mate Desktop environment tells me that it can't open PDF files.

Evince

The default Gnome PDF viewer can't add images to PDFs, since 9 years (new ticket)

Okular

The feature request is open since 2013, 11 years.

There seems to be a trick with stamps, but I failed because the KDE QT interface looks totally broken in Mate:

Master PDF editor

Inserts water marks because I have no license. Buying the license would mean giving money to a Russian company, which is something I won't do with the Russia's war against the Ukraine happening.

PDF4QT

Adding a .png or .jpg image crashes the application.

Inkscape

I could import the multi-page PDF, but then I failed to find out how to switch to the second page :(

LibreOffice Draw

The text in the imported PDF does not look as it should.

Solution: Firefox

In the end I opened the PDF in Firefox, which contains an PDF editor.

It's sad that I have to use a browser for something that a native PDF tool should be able to do.

I've got a Macbook Pro running MacOS 12.7.4 Monterey with two local accounts: user and admin, both without an Apple ID.

The user account has a "screen time" passcode set that I forgot:

The official instructions say:

• Click Change Passcode, then click Forgot Passcode.
• Enter the Apple ID and password you used to set up the Screen Time passcode.

The window does not have a "forgot passcode" button, and I suspect this is because the account does not have an Apple ID.

---

After searching for hours for a solution, I spent 50 internet points to get an answer but nobody could help.

The only options left are:

1. Delete the user account and create a new one.
   Lose all settings like wallpaper, keychain and dock preferences.

2. Install Linux that allows me to reset such things in config files.

For me this one of the shady things Apple does to nudge people into their pay-per-month online system, just as they do with the system preferences advertisements.

Die Leipziger Verkehrsbetriebe verkaufen weiterhin Werbeplätze in den Haltestellendurchsagen der Straßenbahnen, und diese sind viel schlimmer - störender - geworden.

Während es 2021 auf der Linie 10 und 11 vom Hauptbahnhof in Richtung Markkleeberg nur einzelne Werbeplätze waren, ist jetzt bis zum Connewitzer Kreuz fast jede Haltestelle mit Werbung zugepflastert:

Augustusplatz

Zugang zur Innenstadt
Opernhaus
Gewandhaus zu Leipzig
Universität Leipzig
Zentralapotheke

Wilhelm-Leuschner-Platz

Platz der friedlichen Revolution
Zugang zur S-Bahn
Krystallpalast Varieté Leipzig
Rewe Herschel im Neo

Münzgasse

Leipziger Volkszeitung
Smile Eyes Augenmedizin und Augenlaserzentrum
Xanox deine Traumküche

Hohe Straße

MäcGeiz dein Discounter

Südplatz

keine Werbung

Kurt-Eisner-Straße / Karl-Liebknecht-Straße

Genusspunkte Eisbrennerei Café Puschkin

Richard-Lehmann-Straße

Optikstudio Müller Kontaktlinsen- Brillenspezialist
Wohnungsgenossenschaft Unitas

Connewitzer Kreuz

keine Werbung

Stockartstr

McMedi Apotheke hilft sparen

Das ganze ist ziemlich nervig und stört sehr beim Lesen.

Es ist das Jahr 2024, 26 Jahre nach der Standardisierung von IPv6. Die 1blu RootServer unterstützen kein IPv6, wie auch die meisten anderen Produkte bei 1blu. Traurig.

Der Support meint:

Wir bedauern Ihnen mitteilen zu müssen, dass IPv6 bei Ihrem Produkt aktuell noch nicht unterstützt wird. Unsere Technik arbeitet bereits daran dies zu ermöglichen. Bitte haben Sie Verständnis, dass wir Ihnen jedoch noch keinen genauen Termin nennen können.

Siehe auch:

• 1blu ipv6 status 2023
• cubewerk: 1blu ipv6 status 2020
• 2015-06: presse@1blu.de: Aktuell bieten wir IPv6 leider noch nicht an.

I tried to get a Windows 8.1 system running inside VirtualBox 7.0.12, but it fails as soon as I install the Guest Additions.

All Windows updates have been installed. When installing the Guest Additions, there are 4 errors about Windows preventing the installation of unsigned drivers.

After rebooting, Windows sees something is broken and will do an automatic repair, which yields no results. Rebooting does not help, the system is broken beyond repair :(

Bug report: #21979: Installing Guest Additions in Windows 8.1 leads to non-bootable system