Re: Hello

Reply: Obsto Clades via freebsd-hackers : "Re: Hello"
In reply to: George Mitchell : "Re: Hello"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Dave Hayes <dave_at_jetcafe.org>
Date: Sun, 28 Nov 2021 19:59:20 UTC
On Sat, 27 Nov 2021 18:26:43 -0500
George Mitchell <george+freebsd@m5p.com> wrote:
> On 11/27/21 17:40, Obsto Clades via freebsd-hackers wrote:
> > If you are interested in checking out my OS, you can find instructions 
> > on my site's home page:  https://obstoclades.tech/
> 
> Hmm, my mother told me never to click on links in strange emails ...

Did your mother ever use cURL? :D

prompt> curl -kv https://obstoclades.tech
*   Trying 209.181.137.95:443...
* Connected to obstoclades.tech (209.181.137.95) port 443 (#0)
...
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=obstoclades.tech
*  start date: Oct 16 20:04:54 2021 GMT
*  expire date: Jan 14 20:04:53 2022 GMT
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify result: unable to get local issuer certificate (20),
continuing anyway.

It seems there's a problem with his certificate chain, but this is not unusual.

> GET / HTTP/1.1
> Host: obstoclades.tech
> User-Agent: curl/7.77.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.20.1
< Date: Sun, 28 Nov 2021 19:50:00 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: no-cache, no-store, must-revalidate
< Pragma: no-cache
< Expires: 0

No obvious problem there. The only possibly questionable thing (other than
jquery, which comes from google) is this:

 <script src="js/obstoclades.js" defer="defer"></script>

which is this:

/*
 * File:  obstoclades.js
 * Copyright (c) 2017 Obsto Clades, LLC
 */

$(document).ready(function()
{
    var $content = $(".content").hide();
    $(".img").on("click", function (e)
    {
        $(this).parent().parent().toggleClass("expanded");
    	var ttt = $(this).parent().children(".tooltiptext");
        if ($(this).parent().parent().hasClass("expanded"))
        {
        	ttt.replaceWith("<span class=\"tooltiptext\">Click to
close</span>"); }
        else
        {
        	ttt.replaceWith("<span class=\"tooltiptext\">Click to
open</span>"); }
        $(this).parent().parent().next().slideToggle();
    });
    var textHeight = $("#left-side-header-text").height();
    $("#old_english_sheepdog").height(textHeight).width(textHeight);
    $("#button").click(function()
    {
        $("#contactus-form").submit();
    })
});

There's nothing in that I can see that's malicious. I could be wrong. 

I looked briefly at the content. This person is trying to do good by security,
so in my book it's worth a look. If said machine is actually impervious to
sudo root, and all the compilers/interpreters work, that's likely going to
work well. Am I missing something here? 
-- 
Dave Hayes - Consultant - LA CA, USA - dave@dream-tech.com
>>>> *The opinions expressed above are entirely my own* <<<<

No system is any use if you merely possess it. Ownership
requires operation. No system is useful if one can only
experiment with it.  For a system to be useful, it must be
correctly operated.