💾 Archived View for thrig.me › blog › 2023 › 02 › 22 › injection.gmi captured on 2023-06-14 at 14:22:07. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-04-19)

➡️ Next capture (2023-11-14)

-=-=-=-=-=-=-

Injection

Rumor has it that full-size Edge ads are being injected by They Who Shall Not Be Named on the Chrome website; I say rumor as I have no direct experience of this. Some languages have observationals and evidentials for this sort of hearsay, while in English we must typically use elaborations.

https://mw.lojban.org/papri/me_lu_ju%27i_lobypli_li%27u_6_moi

About 20 years ago (searching for this may be difficult on the legacy web, or more likely my search skills have dulled from misuse) Verisign modified the DNS servers for .com and .net to include wildcard DNS records; this meant any typo would be answered by a "Site Finder" page run by Verisign. This of course was an advertising opportunity for Verisign. The change caused various fallout, such as email anti-spam checks no longer failing due to forged domains suddenly existing. Eventually Verisign backtracked.

https://www.theregister.com/2003/09/16/all_your_web_typos/

    $ host -t ANY '*.com'
    Host *.com not found: 3(NXDOMAIN)
    $ host -t ANY '*.github.com'
    *.github.com is an alias for github.github.io.
    ...

There are legitimate uses for wildcard DNS records, though probably not in top-level domains or higher, and probably not to shove ads in front of people. But I belong to a minority sect that has a rather low regard for advertising.

DNAME records are another oddity that one should look out for, but that's less an injection and more a potential rake to step on. DNAME records can create hard to debug problems where other zone changes do not appear despite the SOA record incrementing. But they're probably not an injection, more a "seemed like a good idea at the time" that was left to step on.

Speaking of which, another injection was the Cisco "SMTP fixup" feature, which would do helpful things like correct "EHLO nurse.example.com" to "HELO nurse.example.com". This was done with good intentions, as early versions of the Sendmail daemon had a WIZ command and various other security vulnerabilities that one might want to try to prevent. This is a case where the injection may have made sense but did not age well; correcting EHLO to HELO blocks features such as STARTTLS. More sensible might have been to 5.x.x the connection with an easy to search for error message instead of a silent downgrade to HELO.

https://knowledge.broadcom.com/external/article?legacyId=tech148896

Anyways, I finally got unlazy enough to delete my github account.

gemini://ploum.net/2023-02-22-leaving-github.gmi

P.S. I had probably averaged somewhere below 1 pull request per year, if you're one of those folks now asking "but how do you do pull requests?!". One option here is to host a fork of the repo on your own server, and then to use git-request-pull(1), according to the fine folks on the #gemini IRC channel. Or, use a burner account?

tags #legacyweb #github #dns

bphflog links

bphflog index

next: Random SSL Things