Home Blog

On my surgery table: an Amiga 3000

Knee deep in the dead… This machine was quite an expericence.

A few days ago, an opportunity came my way: an Amiga 3000 appeared on a retrogroup I often read. I just had to have it. A few days later, I boarded a train to a small city in the middle of Sweden.

Me on the train to somewhere…

The journey was uneventful. It was very nice to meet Mats, the seller, who have a big garage as the ultimate man cave filled with pretty much everything Commodore ever created. At he station on the way home, I came across an old engineer and we spent 1 1/2 hour discussing power distribution, gaspower, nuclear dito and memories from Sweden’s past.

When I came home and hooked everything up, I was met by this.

Ehh… Where’s that hand with the diskette???

I have never seen something like this before. Clicking on either of the “Floppy” buttons lead to the computer asking for a super kickstart.

–“What, isn’t the regular one, you already have enough?”.

Actually, I already had figured it out. This computer requires a kickstart boot rom on disk. Googling on it, revealed this to be true. The first Amiga 3000 had a hardware kickstart boot rom that was incomplete. It wasn’t the old 1.3 or the new 2.04. Rather it was known as Kickstart 1.4 and that’s what is on the screen. It needs to have a file of either 1.3 or 2.04. The hard drive was dead, so it could not supply one. Hence this screen crying for help.

But where to get a super-kickstart disk? Well, Mats the seller had provided me with a diskette he said could boot the system. It didn’t work. So I decided to put it in my Amiga 500 to see if it was ok.

Abort! Aaaaaaargh!!!

I might have been the lamer here, but the antivirus saved me. Trying to scan the disk further revealed that the Saddam Hussein-virus was present as well.. Party on, dudes…

Right. This is a bit problematic. The disk was put in a bio hazard cotainer and will be delivered to SIPRI tomorrow..

The retro group on Facebook delivered the solution after I posted a request for one of those pesky “superkickstart”-disks. Turns out Cloanto sells those as file for AmigaForever. Finally a break through.

I generated the 2.04 disk and inserted it into the computer and it promptly started to boot with it. After that I got the nice boot image.

Who’s a good doggy? You! Yes, you are!

This is where my luck ran out. It just wouldn’t boot. I popped the WB 2.04 disk into the diskdrive. Nothing happened. Giving the keyboard the three finger salute (Ctrl-Amiga-Amiga) did work! Then Workbench started up just fine.

It was pretty soon clear to me what was going on. The diskdrives would happily read any disk that was inserted at the time the computer warm started, but would then never detect when disks were later removed or added.

Googling the problem didn’t help as I came up empty… And that’s where I am right now.

I have not given up, but for now, the work has be postponed, as I have a radio station to setup.

More to come…

The anatomy of an attack

The email that started it all. Sounds very legit, but clearly isn’t Hint: hover over the link if you get this mail!

(Updated at 2020-09-19 19:13) – Good news, everyone. bxsmail.com is not responding anymore. Could one hope Telia booted mr Spammer off the net? Probably just a minor setback until he finds a news place to send his crap from. Pyrobee.com is, alas, still up and running. Why, oh why…?

How the journey begun….

On Friday the 11th of September I found an email in my junk mail folder. That in itself is nothing special, but this particular spam stood out. It was in Swedish, without the usual auto-translated mess that those are wellknown for. It simply said (translated from Swedish):


Thanks for the last time, here are the statistics you wanted. I hope you’ll receive this mail before going home for the day.
<Link to what looks like tillvaxtverket.se, but really sends you to a malicious site>

[I] believe it rather clearly shows what we though from the start and that is that there is a large lack of available talent in the rural communes. The quiestion is what could be done about it on a regional level.

The Swedish original:

From: Magnus notification@bxsmail.com
Sent: den 11 september 2020 21:35
To: Erik Zalitis erik@zalitis.se
Subject: Jag tror det var detta du ville ha


Hoppas du hinner få mailet innan du går hem idag.


Tror den visar ganska klart det vi trodde från början att det är stor brist på kompetens i de större landsbygdskommunerna.
Frågan är vad man skulle kunna göra åt det regionalt.


I racked my brains trying to remember ever having spoke to someone on Tillväxtverket about something that would warrant this response and came up empty handed. I quickly Googled and what I found made me suspect it was some kind of fraud or spam. I posted my preliminary findings on “Säkerhetsbubblan”, a Facebook group dedicated to IT-security discussions.

At this time I was quite curious about what was going on and started tracing the sending system down. The mailheaders were clear on the matter.

Ok, got it… server.bxsmail.com

The IP was recognized almost immediately by me, as I used to work at Swedish telecom provider Telia back in the day, and sure enough, it was them.

Hallsberg does not sound as a center of cybercriminal activity, especially when…

The post code is easy to put on a map:

A typcial war zone in Sweden. A few day care centers for children and small suburban housing. This is where the hacker roams freely…. or maybe not. Seriously though, it’s probably located on someones home network, directly connected to a consumer Internet broadband connection operated by Telia.

One click on this link and you’re toast…

Let’s take a look on the seemingly innocent email (you should know better now, though):

One-click selling of your identity… Ain’t life grand?

Hovering over the link in the email, shows you where it really goes. The link leading to the Tillväxtverket-site uses an old trick, where the displayed link does not correspond to the one you’re actually are clicking on (Se picture above!).

Weirdly named proxy “Burp suite”, shows exactly what happens over the wire when you click the evil link like there was no tomorrow.

As you ask…
… ye shall receive…

This fake link instead leads to a server for the domain pyrobee.com which is located in Germany. The reply-to address in the mail also points to info@pyrobee.com. The ip-information for this site is as follows.

Details for 
Hostname: host2.sitedns_se 
ASU 24940 
Hetzner Online GmbH 
Organization: Hetzner Online GmbH 
Services None detected 
Assignment Likely Static IP 
Click to Check Blacklist Status 
Continent Europe 
Country: Germany 
Latitude 51.2993 (51' 17' 57.48" N) 
Longitude: 9.491 (9' 29' 27.60" E) 
Geolocation Map 
Belgié :BeIÉ que 
an tadt 
Niedersac 5 en 
B ande b 
•de-Éra bourg 
woje "6dztwo 
z achodniopomo' 
dztWO kg 
ztwo dolnog« 

If you somehow doubt they are malicious, note the abuse-link provided in the mail:

Ah.. Mr Bond, that was a bad move, now we know you’re trying to thwart our nefarious plans.

OH!! They have a Facebook presence too… How “I’m just a serious business owner” of you.

Aint nuthing but us chikkuns in here… Sez the fox… The farmer is not amused…

And for my final trick, I going to pull a rabbit out of my hat. Or rather, disclose the identity of the spammer. He seriously has his REAL name on the FaceBook-group above. A fast check shows that he lives in the exact same area and in the same Zipcode as the bxsmail.com-server is located.

This links him to the Pyrobee.com-server AND the bxsmail.com-server. So it’s a wrap then? We’ll see.

What about them servers?

So, back to the server in Sweden, server.bxsmail.com. What is it running? Quite a lot actually.

P ort 
x Inupageserver 
vsftpd 3.02 
OpenSSH 7.4 (protocol 2.0) 
Ex im smtpd 4.93 
(unknown banner: get lost) 
Ex im smtpd 4.93 
Ex im smtpd 4.93 
cbdev cmail smtpd 
MySQL 5.5.65-MariaD8 
An open Mysql-port, a nasty DNS that tells me to get lost and god knows what port 2020 is about. The webserver has little to say:
Did you forget to remove the shrink wrap?

We can go no further as this would constitute an intrusion, and I’m strictly a white hat.


Given what we know:

  • The link in the email takes the user clicking on it on a detour to pyrobee.com, a server in Germany, and then automatically bouces the unwary user to Tillväxtverket. This way, it will look legit. This link has, what looks to be a identifier, that is most likely connected to the email-adress the mail was sent to. Thus the Pyrobee.com-server will know who clicked on the link.
  • Most likely this gives the hacker a list of people that clicked on the link and who can now be further investigated and targetted for phishing attacks in the future. Caveat emptor: don’t click the link! (Unless you’re like me, curious and want to see what happens..)
  • It’s impossible to say if this attack was aiming to target Tillväxtverket in any way or capacity, or if they were selected to give the attack itself a semblance of credibility.
  • The server sending the email is barely configured at all and only the services needed to send the emails seem have anything more than just minimal “dial tone”-setup.
  • It’s likely not to be secured in any meaningful matter. I cannot, as I stated, investigate this any further
  • The server in Germany uses a template that teases with stuff like podcasts and a blog, but in reality does not exist. It’s kinda a good thing to remove services featured on the template by default, if you don’t intend to offer them. Looks more serious like that.
  • Real advertising campaigns often work exactly like this, but they generally don’t use badly built servers running on someones home broadband connection and then redirect you to another, barely setup server in Germany. Also, they DO NOT SEND spam that tries to fool you that the message is an answer to a previous discussion with the sender that obviously did not happen.

Time line

2020-08-07 – The domain bxsmail.com was registered. It’s probably around this time the mails started appearing.

2020-09-11 – I noticed the mail, that was sent to my private email address, in my junk folder and started to investigate the matter. Had to stop due to needing to sleep.

2020-09-11 – Asked Telia to shut the server in Sweden (bxsmail) down.

2020-09-12 – Sporadic work in spare time during a trip to another city in Sweden.

2020-09-12 16:12 – completed the report after some questions were asked and then added new stuff I found.

2020-09-12 16:23 – reported Pyrobee.com to their upstream provider’s abuse department.

2020-09-12 17:xx – reported spam to spamcop.

2020-09-13 19:xx – They have now created more domains with servers: ettmoln.com and merkurex.com. Probably not a complete list, but I will update as soon as I learn more… Their weak point is pyrobee.com. Take that down and they will have nothing going on.

2020-09-12 22:31 – The identity of the owner of all the servers has been found. He wrote it on Pyrobee’s FaceBook-page. The name is Magnus, but I will not write his whole name here as to stay within the Swedish law. He lives exactly in the same postal code (zip code) area where the bxsmail.com server is located. I have a hard time believing this… Really takes the cake.

2020-09-14 – Right, I was told by the German abuse-department that they will not process the report unless they can tell the owner about it. That will effectivly send this link to the guy behind all this. Who said life should not be interesting?

Evidence and other material

The spam mail, complete with all headers:


Malin Ekström for spotting a thing I missed.
The rest of the “Säkerhetsbubblan“-Facebook group for aiding me in my research… You guys and gals rock.

My burp just barfed

Burp suite, as painted by Picasso. Not rare at all amazingly enough and not valued for its intrinsic artistic skills.

Is it just me, or is this a common thing? It kinda makes my pentesting experience quite dull. The only resolution is to restart the program if you can find out how and then you lose a lot of your progress. Thanks a bunch…

What’s happening here? Well, this problem occurs after a few minutes or hours. The window seems to “break apart” and the different pieces move around as you move your mouse or …. worse… click around.

When you stop the program, it sometimes seems to corrupt the saved file and you could easily lose days of work.

It stopped being funny a long time ago…

Ok, sorry, it is still funny. But the joke is in increasingly getting darker as time goes by.

In the 50s and early 60s mass media were tightly controlled in the US. Movies were regulated under the Hayes code and Television had severe restrictions. A lot of producers tried to work around the problem by using metaphors and innocent-looking euphemisms. Have you ever seen old movies where two lovers go into a room and then you see fotage of trains going into tunnels for a while? Pretty obvious, right? But you couldn’t censor it, as it wasn’t dirty per see..

In 1959 the Twilight Zone made its debut. Created by Rod Serling, it explored love, hate, mystisism, racism, intolerance and inequality in the guise of science fiction. One the most well-known episodes was “The monsters are due on Maple Street”. The whole story starts with a sudden loss of power and as people get more and more scared, they start accusing each other of being behind the whole thing. Friends become enemies and everyone is potentially a spy or a saboteur. It ends with a person getting shot and then we get to see a number of aliens watching from afar. They note how easy it is to destroy the fabric of society and civilization. The realization is that they can use this to destroy the human race without ever having to attack them with real weapon power.

This is probably based on the horrible experiences the Hollywood industry had during the McCarthy-era and the ever lingering threat that was the HUAC. But disguised as just mere science-fiction, Serling’s scathing critisism could easily pass scrutiny by the censors.

But even in societies that are generous with what can be said and written, this is often done to make people think. A seemingly cute story that in reality unmasks the goverment or societal norms, is a very common theme in litterature.

George Orwell does quite the opposite. 1984 has NO such thing as talking in riddles. It clearly exposes the very leadership it seeks to mock and ridicule. Or is that it? I actually get the feeling that the proper emotion at work here is hate, as Orwell was a jilted lover of a communist, who saw what the Soviet union had become without understanding that it is the ineviatable effect of all communism to destroy its own people.

The mysterious leader “big brother” is Stalin in everything but the name. He even has Stalin’s trade mark oppression mustache ™.

Today, we seem to live in a mix of the best and worst of times.

How many have you read/heard/seen? I’m, almost at a 100% here. Is that a good or a bad thing? Does all this make me wiser or more paranoid? Asking for a friend… I’m that friend.

In my opinion, we can scratch many of those above from “where western society is today”. I would say that the most fitting story is “Brave new world” with a few of the elements of “1984” and a small helping of “Fahrenheit 451”.

But they rest… Oh please…

  • Soylent green? NOOOO!!! Come on… Can you say death by Kuru-kuru?
  • Logan’s run. Maybe the “culture of youth/never trust anyone above 30”-theme, but that’s about it.
  • Brazil… Not here, but maybe elsewhere .. at some time..
  • The Matrix… Haha, you wish… I haven’t found the VMWare tools icon in real life yet…
  • Lord of the flies, obviously not. That story can never scale into large groups of society.
  • A handmaid’s tale. May be the only dystopia we’re actually leaving… Thanks!

Then yet again…

  • Animal farm. Yeah, sorta kinda. It was meant as a discussion on how naive people put power hungry manipulators in charge and afterwards never really understod where it went wrong. It might sound strange, but has happened before I have you know.
  • Gattaca, we could be going there some day. I’m looking at you Ancestry.com! … And everyone else who would fancy a global DNA-database.

My mind is an unquiet rambling one. I originally didn’t mean to write this text. I thought that putting this picture as a funny but still tragic epitaph over a world heading into that good night, would be good for a lark. It wasn’t…. And it never will be…

Snowden on privacy


Automation joke

Image may contain: text

Consider this picture above… Good case for automation, but ultimately not appreciated by those that believe manual labor should be a punishment for … well… doing bad stuff.. 🙂

… And here it is in Powershell… Hell yeah!

That’s a big fat negative, sir…

Darn… My free card to the “may do whatever I want”-club was rejected… Back to the bunker to social distance…

So, I’m negative. This should of course come as no surprise to anyone, but I’m actually talking about the Covid19 antibody-test here, rather than the less than sanguine attitude you come to expect from me.

“Go home, Erik. Columbia is not for you. You could die from Covid19… 1919…” – Elisabeth

“Isn’t that tecnically the Spanish flu?” — Erik Zalitis

(In Swedish) an open letter to IKEA

An artist’s rendition of IKEAs chatbot. It does not, however, seem to able to actually launch any nukes… They would probably not work anyway. It’s IKEA we’re talking about here…

Hej kära Ikea, jag måste skriva några väl valda ord om er fantastiska kundservice. Men först bakgrunden: jag köpte ett arbetsbord som heter Micke. Det är alltid trevligt att kunna förnamnen på sina möbler. Det dök upp och tyvärr saknades två träbitar, nämligen de som formar långsidorna på lådan man sätter under bordskivan. Nåväl, inga problem. Jag gick till er hemsida, ikea.se och letade fram formuläret för att skicka in reklamationer. Eftersom ni tydligen inte vill besväras av besvikna kunder, har ni på klassiskt manér sopat denna funktion under en fyra-fem persiska mattor i ett försök att omöjliggöra alla försök att faktisk anmäla något. Men jag låter mig inte hindras av usel webbdesign gjord av ett okänt konsultföretag som fick jobbet huvudsakligen för att ni inte är beredda att betala för en vettig hemsida. Ni är allt något småländska, är ni inte? 🙂 Så jag hittade till sist formuläret som är byggt för att låta en be er skicka diverse skruvar som man kanske har lösa eller om det är möbeln som har det. Vet inte så noga.

Men att tala om att delar av möbeln i sig saknas, det kan aldrig ha slagit er att det är möjligt. Det finns inget artikelnummer för en bräda och att använda artikelnumret för hela produkten tillåter inte formuläret. Hur skulle det se ut? Dessutom vill formuläret inte ha artikelnumret i det format som det anges på hemsidan. Den är korrekt i att punkter inte är en form av siffor, men det gör inte en datorovan person glad att få en utskällning när man skriver in artikelnumret som 330.666.111. Eftersom jag inte är datorovan utan en sur gammal gubbe, så bryr jag mig inte. Men inse att försöket att anmäla via formuläret var dömt att misslyckas.

Så… Jag ringde då er support och gladeligen lät mig berätta att delar saknades och givetvis kopplade fram mig… till en röst som förklarade att jag inte kan/får/bör/är lagligen berättigad till/måste använda telefonen för detta ändamål, utan bör använda ert formulär (se ovan för en beskrivning över hur det gick!) på hemsidan..

Blodtrycket gick över någon gräns där mätaren inte längre är tillförlitlig utan ber mig kontakta min läkare om jag vill fortsätta gå på denna jord.

Men då finns ju chatten. Denna chans att få nämna för en självsfrände att man är mindre nöjd med sitt köp, var jag ju bara tvungen att ta. Nu tror jag inte på själen som koncept, då jag är icke-religiös och rätt mycket en skeptiker till min läggning. Men då jag ämnar respektera de som tror på en gud (eller flera) och själen som en odödlig kraft, måste jag ändå säga att chattboten var själlös på alla sätt den kunde vara. Jag förklarade för botten Anna att jag behövde hjälp då delar till min käre vän Micke saknade, och fick då veta … att … du vet…. det där (trasiga) webbformuläret… Det är ju det du ska använda. Jag jämförde henne med Skynet och bad om en snabb död badande i radioaktiv strålning, men hon verkade inte förstå vad jag menade eller kanske inte är kopplad till någon missilsilo. Så den optionen fanns inte heller.

I detta läge har jag slut på möjligheter att kontakta er för att få delarna till min möbel. Och då är jag helt på det klara att återuppväcka Ingvar inte är möjligt, då vi inte har den teknologin (ännu?), försöker jag istället med denna text att skicka er en önskan om hjälp. Förhoppningsvis kommer denna flaskpost fram någon gång och läses av någon som, oddsen till trots, har ett mått av intresse för era kunder väl och ve…

Med hopp om bättring…
Erik Zalitis


Maybe a bitter joke … or just a sober realization that dark humor is quite useful today.

Today I took a Covid 19 antibody-test and now I’m waiting for the results… We’ll see.

Defund the police – get a new one for free!

Singing is nice. So is anarchy, while it lasts. Too sad it never does and the resulting ruler always seem to be worse than the one we just ousted. Damn! Why is it we cannot have nice things?

I generally avoid being too political in my blog, as I do not like how much those discussions tend to derail on the Internet and therefore, I try to avoid adding to this train wreck. But a friend of mine hinted me about a political post made by Ida Nafstad and Amin Parsa who are both associated with Lund’s university here in Sweden. The post was published by several local newspapers, including Sydsvenskan on the 18th of July 2020. As it is in Swedish, I have had to translate the excerpts I am quoting in my comment.

The article starts with the soft touch of a sledgehammer with the headline “The alternative to today’s racist police work: dismantle the police”. Right! Where do we start?

To cook down their article, they make the following claims:

  • The police mostly target poor people in poor parts of the towns in Sweden.
  • Everyone who is rich does is much more unlikely to have problem with the police and thus get away.
  • The rich should be criminal, instead of the poor.
  • They argue that some problems should be handled by others than the “Monopoly on the legitimate use of physical force” as they call the police (Swedish term: “Våldsmakt”/”Våldsmonopol”). This is a correct term sometimes assigned to a nation’s police- and military forces.
  • The police is inherently racist.

Those are only the most egregious parts of their article, but it says plenty already. They claim:

“We state that only minimal problems in our society need to be solved by the “monopoly on the legitimate use of physical force” and that the police can by and large be removed.”

Two questions from yours truly:

  1. What do they suggest instead?
  2. What do you think will happen if you dismantle the police here in Sweden?

First question: So, what DO they suggest instead?

They suggest:

“A redistribution of resources can be used for local initiatives, for an example where the citizens themselves negotiate in conflicts. To stigmatize some parts of the city as parallel societies will only make social problems worse”.

Awww…. Come on! This is not dismantling anything. You just delegate the tasks to anyone you think should do it instead. And who will decide this? You? Your equally disconnected-from-reality friends? Should the remainder of the police decide this by deputizing some unqualified local guy every time something happens?

Becoming a police officer is not easy. Physical strength and agility is a must and good observational skills, being able to be cool under pressure, having social skills and the ability to be fair and restrained will be tested. Fail on either of these skills, and you will in fact not be joining the force. The requirements are tough and will make you prove you can justly serve the law.

So, let’s look into how it may work after you remove the police in Sweden…

If whoever-is-still-in-charge deputize someone who is unlikely to be qualified for the task, and they kill someone, whose fault is that anyway? If you say the police, well, bad news, they’re actually not there anymore due to your actions. And if there are some governance left, they can’t do much about it. There will not be a police force that can penalize the errant deputy… What you have in effect done is removing the nation’s control over its criminality. ALL criminality. To quote Hudson: – “Game over, man”.

Second question: What do you think will happen if you dismantle the police here in Sweden?

There is an old joke that goes something like “Every country has a military force – its own or someone else’s”. The same can be said about the police. Remove the police and just wait awhile. Anarchy is weirdly self-organizing and the government watching over you will be replaced by the local warlord’s own police force. This one will not have rules of engagement, regulations and limits to what it can do. Just try to protest them and see where that gets you… Probably very dead.

The new policing will be as good or bad as the local leader is and wants it to be.

Being rich is bad?

The article notes that there is an app called WCCRZ (White Collar Crime Risk Zone) that tries to detect financial crimes, which are more common among the part of the population that is rich .

Its creator states “as opposed to many other control apps that criminalizes being poor WCCRZ criminalizes being rich”.

Our two Don Quixote-afflicted brainiacs seem to agree with this point, missing the whole idea with the project…

The point of this project, which the article off course doesn’t bother to tell you, is that it uses satire to point out flaws in some sites and services predicting crimes using questionable algorithms and historical data.

The project is not trying to say that the world will be full of unicorns and rainbows by removing the police altogether. It does, however, note that other predictive policing services do show proof of racial bias. I do not deny this.

So, the police are flawless?

No, I do not think so. And my worries lie along the lines of them having too much capacity to keep an eye on people that are not suspected of any wrongdoing. But that is out of the scope of this discussion. For me, it is quite easy to see that our police force and by extension military, although sometimes flawed, is a force for good in Sweden.

And, no, I do not think the police force in itself is racist here in Sweden.

And to sum it up

I have tried very hard not to speculate about their political views and possible affiliations, but I doubt the article is anything less than a tip of an iceberg. Applying Hanlon’s razor, I choose incompetence over malice here. But I may have to revise this decision.

This misinterpretation of the whole world around them is asinine at best and dangerous at worst. The researchers seem to be living in dream world and have a … if I put it kindly … loose connection with reality. And some screws too…


Flaws with predictive policing (It does add racial bias):


The article (In Swedish):

In our podcast, I and Mattias discuss the future of policing in a world of face recognition (podcast is in Swedish):