Tuesday, February 19, 2013

Micro Center Monkey Business?


I've been going to Micro Center for a long time.  More years than you can imagine.  I've had some interesting experiences and been treated in some odd ways.

For instance, several years ago I went into the local retail MC looking for a video card or something.  I was in Full Beard Mode and it was summer so I was wearing sunglasses, shorts, a tee shirt, and my classic pork pie hemp hat.  Everywhere I went I was tailed by an MC associate.  When I looked in their direction, they looked away, but they followed me as I made my way around looking for whatever it was I was looking for.

Not one of them asked if they could help.  Not one of them said "Hello."

I couldn't find what I was looking for and left.  A few minutes out the door, I realized they weren't just being rude.  They thought I was a potential shoplifter, not a customer with cold, hard cash.

Well, fuck that.  That location closed a year or so later.

So anyway Time Marches On...  MC's only retail store is now across town.  iPads are hot.  I check their Web site to see if they have them in stock.  They did, so I chose the "order online, pick up in store" trick.  To do that I had to register with email address, et cetera.  You know the drill.

A couple years after that, I go to pull the same trick.  Their Web site has no record of my account.  The email address draws a blank.  OK, fine.  I'll just go to the store.  When I get there and buy what I wanted, they had me check my information at the register and  there was the email address I had given them for the iPad.

This kind of pissed me off, so when I went back Monday for the Presidents Day sale and they asked me if the information was correct I said no, the email address is wrong.  The guy pulls up the register menu and asks me for the correct address.

I tell him I don't have an email address.  He clears it out.  I went home with my merch: a wireless security cam, an off-brand 802.11N USB NIC (which turned out to have a RaLink chipset!), and a motherboard battery.

Within 24 hours, I get SPAM on the address I told them to delete.

The subject field of the email was "Wireless Security Cameras".  What a coincidence!  I just bought one! 

The body of the email was junk html and my name repeated over and over and interspersed with the following keywords:

airstrip
ajourise
amnesias
amygdalothripsis
andamentos
Andronicus
anthophyllite
antiegotism
antozonite
apologues
augite
Auroora
bacciform
belue
besets
brownroofed
BSPT
Burghley
cantatrici
catalogistic
chemise
Colin
collars
commissural
connectives
counteracquittance
Crassus
cratchins
crookesite
croyden
Culicinae
dichromasia
diester
disguised
emboldens
emotiometabolic
endoscopies
enriching
equimomental
fallacies
fatallooking
Felicle
fifes
firebolt
fossilizable
fourring
frizzily
geoisotherm
gib
glossologist
Gobian
Goering
goitrogen
goober
Greekdom
guilloche
gymnastic
halisteresis
hinddeck
histozyme
hygienist
intermountain
intersessions
intervocal
irrepair
iwis
Kerekes
kirmew
laertes
lakin
Lderitz
Lehigh
Letreece
lighterage
Loise
lookdowns
magnanime
makutas
marrock
medially
medicolegal
Metz
MOA
monochromic
Mordecai
Muzo
nebulosus
Neopythagorean
Nephila
nicotianin
nipas
nipcheese
nonavoidableness
nonlevulose
nonprobably
nonsufferable
norlandism
oenanthylate
olivebranch
organosiloxane
Osnabr
ossianic
ossifluence
outserving
oxalated
pacay
Pasch
pearceite
Periclymenus
perusable
Petalodontidae
philothaumaturgic
phytolacca
placet
Podostemon
porno
portmote
practically
presifts
pyrologist
queasiest
query
Rappite
reegg
refreeze
refuelling
regrafts
retainability
rigidifies
sanguicolous
saprophytic
schneider
semicomatose
Setifera
Smolan
Sokul
soleil
springheaded
stancher
stirrupless
stoichiometrically
subplat
sunspecs
superlaboriousness
synchroflash
thalassometer
trapezoidal
trumpery
tumblershaped
twelvefruited
twiceright
umist
unautoritied
undeclamatory
underfolded
undramatizable
unduncelike
unfumbling
uniformisation
unlegislated
unshrill
ur
vaginiferous
vicetreasurer
Vinson
wahabi
waitressless
warrenlike
waterproof
weariness
wellanointed
wholefooted
Yazdegerdian

Of course, this stuff was not visible.  Classic SPAM filter avoidance technique, which begs the question, "WHAT THE MOTHERFUCKING FUCK, MICRO CENTER?????"

MC sat on that email address for three or four years.  They never sent anything.

If you get the chance, I encourage you to do the same thing and let me know what happens.

Sunday, February 17, 2013

Building Obfuscated OpenSSH on Last Week's Cygwin Build


I resurrected an old but capable WinXP box for my upstairs office, which is much more comfy than my subterranean lair in the winter time.  Down there I have an old, diskless IBM NetVista box (the one that used to house EXP V) that boots BT5R3 off a USB stick.  Works great for doing laundry—I'm doing a lot of domestic stuff these days for reasons I won't get into—but for extended stays it's just too cold.  Plus the cell phone reception sucks serious ass, so meetings are pretty much out of the question.

After all the Windows updates I decided to update Cygwin as well and since this box has never had Obfuscated OpenSSH (OOSSH, as I like to call it) on it I decided to do a fresh install on that.

Guess what?  No go.  Something has changed and OOSSH won't compile anymore.

After about a week of dicking around I finally found the fix, so I thought I'd share it with you.

After you "git" the code, the first thing you should do is edit clientloop.c and change both instances of


char buf[8192];

... to

char buf[65535];

And rather than get into why you should do this, I'll just remind you that I went on and on about it in the old ProxyObsession blog before it was taken down for a (totally bogus) DMCA violation.  In any case, it doesn't hurt anything and makes certain things possible that aren't possible with smaller buffers.

But the Big Fix should be put into openbsd-compat/openbsd-compat.h.  Right at the top, ahead of all the #includes, put in this line:

#define NOCRYPT

And then it will compile without errors.  Why?  Do a Google  search and you'll probably find the same answer I found.