% cat toto.xml
<?xml version="1.0" encoding="utf-8"?>
<p>foo <b>bar</b> : quz</p>
% cat convert.xsl
<?xml version='1.0' encoding="utf-8"?>
<!DOCTYPE stylesheet [
<!ENTITY newln "
">
]>
Stéphane Bortzmeyer bortzmeyer
bortzmeyer
/ sci-hub.md
Last active
April 2, 2019 09:49
Censorship of Sci-Hub in France, after a court decision
Seen by the RIPE Atlas probes.
The vast majority of the ISPs which do censor return the localhost address (186.2.163.90 is the real one):
% blaeu-resolve -c FR -r 1000 -q A sci-hub.tw
[] : 12 occurrences
[ERROR: NXDOMAIN] : 2 occurrences
[186.2.163.90] : 235 occurrences
[127.0.0.1] : 112 occurrences
bortzmeyer
/ rollover.md
Created
March 22, 2019 12:26
Last step of the DNSSEC key rollover at the root
The former KSK is still there
% dig @a.root-servers.net DNSKEY .
; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> @a.root-servers.net DNSKEY .
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25705
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
1 0.000000 148.60.82.44 → 142.93.108.123 TCP 74 49018 → https(443) [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=999589848 TSecr=0 WS=128
2 0.040196 142.93.108.123 → 148.60.82.44 TCP 70 https(443) → 49018 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=3749834028 TSecr=999589848
3 0.040253 148.60.82.44 → 142.93.108.123 TCP 66 49018 → https(443) [ACK] Seq=1 Ack=1 Win=29200 Len=0 TSval=999589888 TSecr=3749834028
4 0.050460 148.60.82.44 → 142.93.108.123 TLSv1 287 Client Hello
5 0.078820 142.93.108.123 → 148.60.82.44 TCP 66 https(443) → 49018 [ACK] Seq=1 Ack=222 Win=30016 Len=0 TSval=3749834062 TSecr=999589898
6 0.088562 142.93.108.123 → 148.60.82.44 TLSv1.2 3070 Server Hello, Certificate, Server Key Exchange, Server Hello Done
7 0.088629 148.60.82.44 → 142.93.108.123 TCP 66 49018 → https(443) [ACK] Seq=222 Ack=3005 Win=34752 Len=0 TSval=999589936 TSecr=3749834064
8 0.090479 148.60.82.44 → 142.93.108.123 TLSv1.2 159 Client Key Exchange
Case #28149735 Distribution and storage of pornographic electronic materials involving underage children.
My name is Virgie Tabor and I am a technical collection officer working for Central Intelligence Agency.
It has come to my attention that your personal details including your email address (stephane+atlas@bortzmeyer.org) are listed in case #28149735.
Most DNS authoritative name servers for the ccTLD are down:
% date -u
Sun Mar 10 17:12:55 UTC 2019
% check-soa -i ve
azmodan.ula.ve.
Cannot get the IPv6 address: read udp 127.0.0.1:59957->127.0.0.1:53: i/o timeout
ns-ext.nic.cl.
2001:1398:1:0:200:1:123:14: OK: 2019030729 (201 ms)
bortzmeyer
/ post-random.md
Created
February 20, 2019 16:52
A simple script to post on the fediverse one file at random
!/bin/bash
set -e
DIR=/tmp/foobar
cd $DIR
FILES=$(ls *.txt)
set ${FILES}
shift $(($RANDOM % $#))
Seen by RIPE Atlas probes:
% blaeu-cert -c RU -r 100 www.powerdns.com
81 probes reported
[FAILED TO GET A CERT: connect: No route to host] : 1 occurrences
[FAILED TO GET A CERT: connect: timeout] : 2 occurrences
[<X509Name object '/CN=*.powerdns.com'>] : 78 occurrences
Test #19431704 done at 2019-02-07T10:47:59Z
% blaeu-resolve -r 100 -c FR -q A mabanque.bnpparibas
[159.50.187.79] : 48 occurrences
[ERROR: SERVFAIL] : 7 occurrences
[159.50.188.20] : 40 occurrences
Test #18829701 done at 2019-01-08T10:35:16Z
But NS queries timeout :
% blaeu-resolve --requested 100 --nameserver 197.156.74.192 --type SOA --displayrtt et
Nameserver 197.156.74.192
[TIMEOUT] : 3 occurrences Average RTT 0 ms
[a.nic.et. postmaster.ethionet.et. 2018122591 600 1800 1209600 3600] : 94 occurrences Average RTT 214 ms
Test #18562078 done at 2018-12-28T08:43:31Z