Les 12 enfants et leur coach emprisonnés par la montée des eaux dans la grotte en Thaïlande

Pour qui s’intéresse à la formidable aventure humaine autour du sauvetage réussi de ces 13 jeunes, voici quelques compte-rendus qui ne manquent pas d’intérêt.

Il faut savoir que les premiers plongeurs spéléologues anglais qui ont trouvé les enfants ont bénéficié d’une entraide internationale à ne pas minimiser. Un compatriote dont on n’a quasiment pas parlé, Ben Reymenants, a déroulé plusieurs centaines de mètres de fil à contre-courant dans un torrent d’eau boueuse, dans des tunnels inondés où se trouvent des embranchements.

Les documents ci-dessous sont tous en anglais. Les liens s’ouvrent dans un nouvel onglet.

Ben Reymenants dont l’action a peut-être été décisive https://www.vox.com/

John Volanthen s’exprime https://xray-mag.com/

Bon article du NY Times https://www.nytimes.com/

Bon article du Daily Mail http://www.dailymail.co.uk/

Richard Harris sur Facebook https://www.facebook.com/DoctorHarry/posts/10214384549599618

Conférence de presse https://xray-mag.com/

Grand public: Discovery DCODE avec sous-titres anglais en sept courtes parties: 1 2 3 4 5 6 7

Reportage complet, 42 minutes, en anglais sans sous-titres (via Facebook)

25 septembre 2018, on apprend que les plongeurs ont secouru 4 personnes en plus ! https://darknessbelow.co.uk/

Compte-rendu complet par les Anglais: https://darknessbelow.co.uk (part 1 part 2)

Posted in Informations générales, Plongée | Leave a comment

Arnaque à 1000 euros

Reçu aujourd’hui pour la première fois, un type d’arnaque que certains proches avaient déjà reçue. Les truands ne manquent pas d’imagination.

It seems that, +XX XXXX02XX, is your phone. You may not know me and you are probably wondering why you are getting this e mail, right?

actually, I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) having a keylogger which gave me accessibility to your screen and web cam. after that, my software program obtained all of your contacts from your Messenger, FB, as well as email.

What did I do?

I backuped phone. All photo, video and contacts.
I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam.

exactly what should you do?

Well, in my opinion, $1000 is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address:


(It is cAsE sensitive, so copy and paste it)

You have 48 hour in order to make the payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message). If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on. Having said that, if I receive the payment, I’ll destroy the video immidiately. If you need evidence, reply with “Yes!” and I will certainly send out your video recording to your 6 contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by responding to this message.

Ben tiens, RDP sur mon téléphone pour activer la caméra.

Je suis surpris qu’à ce jour, Google n’ait qu’un seul résultat (en italien) en cherchant sur l’adresse Bitcoin.
Apparemment leur petit business est juteux: https://www.bleepingcomputer.com/news/security/adult-site-blackmail-spammers-made-over-50k-in-one-week/

Edit 16/08/2018: je devais être un des premiers à faire part de cette nouvelle vague. Précédemment les truands ont utilisé des listes de passwords piratés et leur business a fonctionné. S’ils s’en prennent aux annuaires téléphoniques maintenant, le public cible sera énormément plus vaste.

Brian Krebs en parle aussi: https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

Cette adresse Bitcoin a déjà reçu quelques paiements: https://www.blockchain.com/btc/address/1GYNGZLEUGkkQjHo19dHDnGE87WsAiGLLB

Posted in Fun, Informations générales, Internet niouzes | Leave a comment

Linux / bash / Raspberry Pi : reboot quotidien

J’ai un Raspberry Pi 3 sur lequel tourne Domoticz. Ca fait deux ou trois fois que je l’ai retrouvé complètement planté.

J’ai décidé de le rebooter au milieu de chaque nuit, vers deux heures du matin. J’y a inclus un fusible pour ne jamais avoir de reboots indésirables, par exemple s’il y a des changements d’heure. Et depuis que je reboote régulièrement je n’ai plus jamais eu de plantage.

Dans /etc/crontab, ajouter la ligne suivante:

2 2 * * * root if [ `cat /proc/uptime|cut -f1 -d.` -gt 86200 ]; then /sbin/shutdown -r +2 ; fi

J’explique: chaque jour à 02:02, sous le user ‘root’ exécuter la commande suivante

# cat /proc/uptime
76861.53 276823.00

renvoie l’uptime en secondes. La seconde valeur est l’idle time (supérieur à l’uptime car il y a 4 processeurs)

Il y a 86400 secondes dans 24 heures. Dans la réponse à la commande ci-dessus, on prend ce qui est devant le point. Si l’uptime mesuré est supérieur à 86200 secondes, alors on reboote le système. Sinon pas d’action.


Posted in Serveurs, Utilitaires | Leave a comment

Ransomware, Spam, (Spear) Phishing, Watering Hole, Advanced Persistent Threat, Malicious Attachments, Graymail … : définitions

Proofpoint est une société qui s’est spécialisée dans le filtrage des e-mails, comptant de grands comptes parmi leurs clients.

J’ai trouvé sur leur site un excellent résumé des différents types de menaces qui nous guettent :


Ransomware is a type of malicious software that blocks access to a computer system or data, usually by encrypting it, until the victim pays a fee to the attacker. In many cases, the ransom demand comes with a deadline—if the victim doesn’t pay in time, the data is gone forever.

Business Email Compromise (BEC)

Impostor emails trick people into sending money—sometimes hundreds of thousands of dollars in a single wire transfer—or sensitive corporate or personal data. They appear to come from the CEO or other high-level executive and urge the recipient to keep the details confidential.

Information Seeking Scams

Scammers want information, and they try to extract it by tricking recipients of emails. The information they collect could be an organization chart – or as significant as usernames and passwords to corporate resources.


Spam, also known as Unsolicited Commercial Email (UCE), is often questionable, mass-emailed advertisements. At its peak, spam accounted for 92% of all email traffic, and most of the spam was non-malicious.

Malicious Email Attachments

Attackers attach files to email that indirectly launch an executable program that can destroy data, steal and upload information to outsiders, or can silently use the infiltrated computer for other tasks – all without the user’s knowledge.


Phishing is a socially engineered attack that uses embedded URL links to extract information from the user or take control of their computer. Clicking on a link opens a browser, and the user is taken to a site that’s been setup as a trap by the attackers.


Mass customized phishing messages that are typically engineered to look like they are only arriving in small quantities, mimicking targeted attacks. Attackers leverage approaches used by mass marketing campaigners to generate millions of dissimilar messages.

Watering Hole

A targeted attack designed to compromise users within a specific industry or function by infecting websites they typically visit and luring them to a malicious site. Watering Hole attacks, or strategic website compromise attacks, are limited in scope as they rely on an element of luck.

Spear Phishing

Socially-engineered and sophisticated threats sent to an organization’s users that are typically designed to steal information. Spear phishing is a phishing attack where attackers typically personalize messages to the user based on publicly available information about them.

Advanced Persistent Threat

Mostly nation-state-sponsored attacks aimed at compromising an organization to carry out espionage or sabotage goals, but which aim to remain undetected for a longer period of time. The term Advanced Persistent Threat (APT) is often misused.

Endpoint-Delivered Threats

Attackers can use strategies such as leaving an infected USB drive around the organization’s parking lot in anticipation that an employee will pick it up and plug it into a network connected system.
Network-Delivered Threats

To execute a successful network attack, attackers must typically actively hack a company’s infrastructure to exploit software vulnerabilities that allow them to remotely execute commands on internal operating systems.


Graymail is bulk email that does not fit the definition of spam because it is solicited and has varying value to different recipients.


Source: https://www.proofpoint.com/us/threat-insight/threat-reference

Posted in Informations générales, Internet niouzes | Leave a comment

Domotique, IoT, électronique connectée : ici ça dépasse les bornes !

J’ai acheté cette semaine un relais électronique SONOFF , en vente pour le moment pour 4,78€ frais de port compris, chez Banggood. (lien)Pas de notice, il faut lire un QR-code sur la boîte. Il y a deux autres QR-codes pour l’app iPhone et l’app Android.

Le manuel complet se trouve ici (lien lien)

Ca a l’air sympa, voilà enfin un accessoire facile à configurer, et ça fonctionne juste bien comme annoncé.

J’ai ouvert le boîtier pour constater que la qualité de réalisation est bonne. Ce n’est pas protégé contre l’humidité ou la pluie. Pour 5€ livré chez vous, c’est une bonne affaire.


Maintenant on va passer aux points négatifs et ils sont si nombreux que je vais m’abstenir d’utiliser ce gadget tel qu’il est.

  1. Il ne peut être piloté que via une application. Abandonnez l’idée d’un simple navigateur internet.
  2. Cette application fonctionne via un site centralisé hébergé sur Amazon AWS.
  3. Si plusieurs personnes doivent télécommander le même appareil, chacune doit installer l’app, créer un compte personnel et accepter une invitation de la part du propriétaire du relais.
  4. L’application testée dans sa version Android réclame les droits suivants pour pouvoir être installée: Device & App history, Location, Photos/Media/Files, Camera, Microphone, WiFI connection information, Device ID and Call History. Je vous invite à voir les captures d’écran qui expliquent mieux en détail les accès demandés.

    Lors de l’installation de l’app j’ai aussi dû créer un compte avec une classique validation de mon adresse e-mail. Je n’ai pas complété mon n° de téléphone qui était pourtant demandé. N’est-ce pas un peu beaucoup pour allumer ma lampe de jardin à distance ?
  5. Ensuite, comme toutes les communications passent par ce serveur centralisé, il, me sera impossible d’allumer ou éteindre cette lampe qui est tout près de moi, s’il n’y a pas d’internet, si le serveur central est arrêté par le vendeur, s’il se fait hacker, etc.

Etant donné l’intrusion grave dans ma vie privée, et la dépendance au bon fonctionnement d’internet et de l’infrastructure centralisée avec laquelle je n’ai aucune relation contractuelle, j’ai désinstallé aussitôt l’application. Le relais est devenu sans aucune utilité, tel qu’il est.

Cet appareil contient un microcontrôleur programmable ESP8266. L’internet regorge de projets pour reprogrammer la mémoire de ce microcontrôleur. Ca promet du plaisir … L’interface USB-Serial TTL est commandé…

Dans un article suivant, j’explique comment programmer le bouton et la LED.

Collection de liens:

Reprogram Sonoff Smart Switch with Web Server

MQTT -> http://www.hivemq.com/blog/how-to-get-started-with-mqtt

Hacking it -> https://wiki.almeroth.com/doku.php?id=projects:sonoff

ESPurna -> https://bitbucket.org/xoseperez/espurna/wiki/Home

Let’s Control It: https://www.youtube.com/watch?v=fN_QKOWvG1s

Update 10 novembre 2017: pourquoi il ne faut pas acheter un appareil qui est “possédé” par quelqu’un d’autre (et qui peut décider de bloquer son fonctionnement alors qu’il est en parfait état de marche même dans un environnement non relié à internet)
NEST: http://www.zdnet.com/article/nest-to-brick-revolv-smart-hubs-on-sunday-and-theres-nothing-owners-can-do-about-it/
LOGITECH: https://gizmodo.com/logitech-will-be-intentionally-bricking-all-harmony-lin-1820279591

Edit 15/02/2018: Un article à lire sur la “smart house”. Brrrr… bonjour les mouchards.

Edit 19/05/2018: NEST en panne pendant quelques heures. Ce n’est pas la fin du monde, mais ça touche tous les cleints NEST dans le monde. Articles: TheVerge, Gizmodo.

Posted in Bricolage, Informations générales, Internet niouzes, Serveurs, Utilitaires | Leave a comment

Portez ce vieux whisky au juge blond qui fume…

Portez ce vieux whisky au juge blond qui fume…

que je traduirais en anglais par:

The quick brown fox jumps over a lazy dog…

Pourquoi ?

Posted in Uncategorized | Leave a comment

Collection de liens

Cet article est destiné à être en évolution permanente.

Outils Internet-Webmaster-etc.

  • Pingdom Tools (http://tools.pingdom.com) : Analysez le temps de réponse de votre site Internet
  • Google Tools (Pagespeed Insights) : Analysez la qualité globale de votre site Internet, tel qu’il est vu depuis un PC et/ou un mobile
  • Vérifiez si l’adresse IP de votre serveur mail est blacklistée:

1. http://MultiRBL.Valli.org
2. http://JustSpam.org
3. http://BlacklistAlert.org/ 

  • Wormly (https://www.wormly.com/tools) : Vérifiez si votre serveur SMTP est correctement configuré. Vérifiez si votre site SSL possède des certificats corrects et utilise les bonnes options TLS, et pas de SSL v2 v3, etc.
  • SSLLabs : Vérifiez si votre site SSL est bien conforme aux standards du protocole.
  • Comment StartSSL, une boîte israélienne fournissant des certificats SSL gratuits ou bon marché, a été rachetée incognito par des Chinois qui ont cru pouvoir faire n’importe quoi dans ce monde très strict des autorités de certification: article de Arstechnica.
  • Comment écrire mon nom sans aucun caractère latin ? FᚱēⅾēᚱᎥс Ꭰе Ⅿееѕ http://www.irongeek.com/homoglyph-attack-generator.php

Vie Privée


Plongée sous-marine


  • orbifly.fr (lien vers la page météo de ce site d’écolage d’aviation aux instruments)
  • buienradar.be (lien vers un site hollandais qui annonce les précipitations)

Linux Tools

Windows stuff

Posted in Informations générales, Internet niouzes, Utilitaires | Leave a comment

Ce que Google et Facebook retiennent à propos de vous…

Article du Guardian: Are you ready? Here is all the data Facebook and Google have on you

Où étiez-vous hier ? avant-hier ? Pourquoi vous êtes-vous arrêté 5 minutes devant tel restaurant ? https://www.google.com/maps/timeline?pb

etc etc, allez vite découvrir l’article.


Are you ready? Here is all the data Facebook and Google have on you
Dylan Curran
The harvesting of our personal details goes far beyond what many of us could imagine. So I braced myself and had a look
Fri 30 Mar 2018 08.17 BST
First published on Wed 28 Mar 2018 11.00 BST
A slice of the data that Facebook keeps on the author: ‘This information has millions of nefarious uses.’
A slice of the data that Facebook keeps on the author: ‘This information has millions of nefarious uses.’ Photograph: Dylan Curran
Want to freak yourself out? I’m going to show just how much of your information the likes of Facebook and Google store about you without you even realising it.
Google knows where you’ve been
Google stores your location (if you have location tracking turned on) every time you turn on your phone. You can see a timeline of where you’ve been from the very first day you started using Google on your phone.
Click on this link to see your own data: google.com/maps/timeline?…
Here is every place I have been in the last 12 months in Ireland. You can see the time of day that I was in the location and how long it took me to get to that location from my previous one.
A Google map of every place I’ve been in Ireland this year.
‘A Google map of every place I’ve been in Ireland this year.’ Photograph: Dylan Curran
Google knows everything you’ve ever searched – and deleted
Google stores search history across all your devices. That can mean that, even if you delete your search history and phone history on one device, it may still have data saved from other devices.
Click on this link to see your own data: myactivity.google.com/myactivity
Why have we given up our privacy to Facebook and other sites so willingly?
Read more
Google has an advertisement profile of you
Google creates an advertisement profile based on your information, including your location, gender, age, hobbies, career, interests, relationship status, possible weight (need to lose 10lb in one day?) and income.
Click on this link to see your own data: google.com/settings/ads/
Google knows all the apps you use
Google stores information on every app and extension you use. They know how often you use them, where you use them, and who you use them to interact with. That means they know who you talk to on Facebook, what countries are you speaking with, what time you go to sleep.
Click on this link to see your own data: security.google.com/settings/secur…
Google has all of your YouTube history
Google stores all of your YouTube history, so they probably know whether you’re going to be a parent soon, if you’re a conservative, if you’re a progressive, if you’re Jewish, Christian, or Muslim, if you’re feeling depressed or suicidal, if you’re anorexic …
Click on this link to see your own data: youtube.com/feed/history/s…
The data Google has on you can fill millions of Word documents
Google offers an option to download all of the data it stores about you. I’ve requested to download it and the file is 5.5GB big, which is roughly 3m Word documents.
Manage to gain access to someone’s Google account? Perfect, you have a diary of everything that person has done
This link includes your bookmarks, emails, contacts, your Google Drive files, all of the above information, your YouTube videos, the photos you’ve taken on your phone, the businesses you’ve bought from, the products you’ve bought through Google …
They also have data from your calendar, your Google hangout sessions, your location history, the music you listen to, the Google books you’ve purchased, the Google groups you’re in, the websites you’ve created, the phones you’ve owned, the pages you’ve shared, how many steps you walk in a day …
Click on this link to see your own data: google.com/takeout
Facebook has reams and reams of data on you, too
Facebook offers a similar option to download all your information. Mine was roughly 600MB, which is roughly 400,000 Word documents.
This includes every message you’ve ever sent or been sent, every file you’ve ever sent or been sent, all the contacts in your phone, and all the audio messages you’ve ever sent or been sent.
Click here to see your data: https://www.facebook.com/help/131112897028467
A snapshot of the data Facebook has saved on me.
‘A snapshot of the data Facebook has saved on me.’ Photograph: Dylan Curran
Facebook stores everything from your stickers to your login location
Sign up to the Media Briefing: news for the news-makers
Read more
Facebook also stores what it thinks you might be interested in based off the things you’ve liked and what you and your friends talk about (I apparently like the topic “girl”).
Somewhat pointlessly, they also store all the stickers you’ve ever sent on Facebook (I have no idea why they do this. It’s just a joke at this stage).
They also store every time you log in to Facebook, where you logged in from, what time, and from what device.
And they store all the applications you’ve ever had connected to your Facebook account, so they can guess I’m interested in politics and web and graphic design, that I was single between X and Y period with the installation of Tinder, and I got a HTC phone in November.
(Side note, if you have Windows 10 installed, this is a picture of just the privacy options with 16 different sub-menus, which have all of the options enabled by default when you install Windows 10)
Privacy options in Facebook.
Privacy options in Windows 10. Photograph: Dylan Curran
They can access your webcam and microphone
The data they collect includes tracking where you are, what applications you have installed, when you use them, what you use them for, access to your webcam and microphone at any time, your contacts, your emails, your calendar, your call history, the messages you send and receive, the files you download, the games you play, your photos and videos, your music, your search history, your browsing history, even what radio stations you listen to.
Facebook told me it would act swiftly on data misuse – in 2015
Harry Davies
Read more
Here are some of the different ways Google gets your data
I got the Google Takeout document with all my information, and this is a breakdown of all the different ways they get your information.
My Google Takeout document.
‘My Google Takeout document.’ Photograph: Dylan Curran
Here’s the search history document, which has 90,000 different entries, even showing the images I downloaded and the websites I accessed (I showed the Pirate Bay section to show how much damage this information can do).
‘My search history document has 90,000 different entries.’ Photograph: Dylan Curran
Google knows which events you attended, and when
Here’s my Google Calendar broken down, showing all the events I’ve ever added, whether I actually attended them, and what time I attended them at (this part is when I went for an interview for a marketing job, and what time I arrived).
‘Here is my Google calendar showing a job interview I attended.’ Photograph: Dylan Curran
And Google has information you deleted
This is my Google Drive, which includes files I explicitly deleted including my résumé, my monthly budget, and all the code, files and websites I’ve ever made, and even my PGP private key, which I deleted, that I use to encrypt emails.
Google can know your workout routine
This is my Google Fit, which shows all of the steps I’ve ever taken, any time I walked anywhere, and all the times I’ve recorded any meditation/yoga/workouts I’ve done (I deleted this information and revoked Google Fit’s permissions).
And they have years’ worth of photos
This is all the photos ever taken with my phone, broken down by year, and includes metadata of when and where I took the photos
Google has every email you ever sent
Every email I’ve ever sent, that’s been sent to me, including the ones I deleted or were categorised as spam.
And there is more
I’ll just do a short summary of what’s in the thousands of files I received under my Google Activity.
First, every Google Ad I’ve ever viewed or clicked on, every app I’ve ever launched or used and when I did it, every website I’ve ever visited and what time I did it at, and every app I’ve ever installed or searched for.
‘They have every single Google search I’ve made since 2009.’
They also have every image I’ve ever searched for and saved, every location I’ve ever searched for or clicked on, every news article I’ve ever searched for or read, and every single Google search I’ve made since 2009. And then finally, every YouTube video I’ve ever searched for or viewed, since 2008.
This information has millions of nefarious uses. You say you’re not a terrorist. Then how come you were googling Isis? Work at Google and you’re suspicious of your wife? Perfect, just look up her location and search history for the last 10 years. Manage to gain access to someone’s Google account? Perfect, you have a chronological diary of everything that person has done for the last 10 years.
This is one of the craziest things about the modern age. We would never let the government or a corporation put cameras/microphones in our homes or location trackers on us. But we just went ahead and did it ourselves because – to hell with it! – I want to watch cute dog videos.
• A caption was corrected on 28 March 2018 to replace “privacy options in Facebook” with “privacy options in Windows 10”.
Dylan Curran is a data consultant and web developer, who does extensive research into spreading technical awareness and improving digital etiquette
Posted in Informations générales, Internet niouzes | Leave a comment

Achat d’un téléphone par correspondance

Je ne regrette nullement un achat que j’ai fait mi-janvier 2018: un téléphone de la marque Xiaomi, modèle Mi A1, au prix de 185€.

Voici l’annonce sur le site où je me le suis procuré: GearBest.com

Les critiques sont plutôt bonnes: par exemple Arstechnica

Posted in Uncategorized | Leave a comment

Bitcoin ?

Publication initiale: 25 mars 2017


Hop je me lance pour tenter de comprendre les bitcoins, comment le portefeuille (wallet) est-il stocké, et où ?

Maintenant que j’ai un compte et un wallet, j’accepte des encouragements sur


Pour le moment j’utilise bitpay sur PC et Android pour mon wallet, et Coinbase pour les entrées/sorties de fonds BTC <-> EUR

On sait que l’émission de BTC est strictement limitée dans le temps à 21 millions de BTC.

Alors que depuis bien longtemps, les Etats ayant le contrôle des monnaies officielles peuvent émettre des nouvelles coupures à leur guise sans avoir de contrepartie en or (ou en autre richesse matérielle).

Il n’est donc pas faux de penser que tout ce qui est rare pouvant être cher, le BTC finisse par conserver de la valeur. Mais en même temps, c’est du vent, encore plus que les monnaies officielles.

Quelques liens utiles:
slate.fr (article en 2014)
documentaire (en anglais) youtube.com/watch?v=CTbyaj8Y-Co
hard fork, et l’augmentation du cours d’août 2017 youtube.com/watch?v=qy0EIVH65Kg

Edit 6 janvier 2018:
Quelques liens à propos du minage, de la rétribution des mineurs, etc.

Plus le temps avance, au moins les mineurs sont rétribués.

Plus il y a des mineurs, plus la difficulté de miner augmente. A un moment, la récompense ne couvrira plus l’infrastructure ni le coût de l’électricité consommée en fonction de la difficulté. Aujourd’hui il faut faire de l’ordre de deux mille milliards de calculs inutiles pour en faire un seul utile. Celui qui a la chance de faire ce calcul utile est récompensé de 12,5 BTC. Le système s’auto-régule pour qu’une récompense soit octroyée de l’ordre de toutes les 10 minutes parmi tous les mineurs de par le monde.

Gizmodo: la Chine demande de diminuer la consommation d’électricité https://gizmodo.com/chinas-crackdown-on-crypto-mining-threatens-bitcoins-fu-1821820017/amp (5 janvier 2018)

Paramètre “difficulty” dans le minage des BTC: explications https://www.bitcoinmining.com/what-is-bitcoin-mining-difficulty/ et graphiques sur le court terme https://blockchain.info/fr/charts/difficulty et le long terme https://data.bitcoinity.org/bitcoin/difficulty/5y?t=l

Posted in Informations générales, Internet niouzes | Comments Off on Bitcoin ?