XSS via HTML5 Events All over again

Back in 2018 I wrote a post about finding and exploiting XSS using the new(ish) event handlers in HTML 5. Those techniques paid out recently and I thought I’d write up the situation.

Using the lists provided in the earlier post I discovered the application allowed an “SVG” tag. Within that tag it allowed the “onmouseenter” event handler which is a useful one. This was not a classic XSS pop pop where the payload executes without user interaction. But it would pop pop with a relatively likely movement of the mouse over the image.

The target disallowed certain characters and appeared to have a blacklist approach for items such as “alert” etc. The solution to my problem that day was to base64 encode the payload, use “atob” to decode it, and then “eval” to execute it as listed below.

Raw Payload


Base64 Encoded


Final Payload

<svg viewBox='0 0 100 100' onmouseenter=eval(atob('YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs='))></svg> 

Nothing Earth shattering in this but until you put stuff out there you never know who that will save time for when they are googling for “XSS SVG tag” or something like that. Welcome weary traveller. I know there is lots of SVG related XSS shenanigans to be had but if you wanted a file to upload you would be elsewhere!

Hope that helps.

Captain’s Log: April 2021

Here is how I did in the new condensed table format.

11k steps a dayI hurt my ankle in March. I am out of this game for the foreseeable.
150 active minutes per weekWeek 1 – No. But I now have an exercise bike which I am starting a new journey on.
Week 2 – No.
Week 3 – No. Kids returned to school so I was walking rather than exercise.
Week 4 – No. Back on my bike now that school routine is established again.
1 technical blog a monthI sneaked out a wee post on enumerating RDP settings using PowerShell and release rdp-enum.
Support my partner to exerciseThey stopped asking for this and I now am just taking the kids on wild adventures in and around the house for Saturday mornings. Counting down the days until I get vaccinated and feel willing to goto visitor attractions again like the Transport Museum.
Record five songsI have recorded a mountain of partial songs. I just go sit in the garden and batter something out. Nothing quite fit for release this month.
OSWEI have not prioritised it this month.
Panic AttacksA clear month really. A few dicey moments but not full blown panic.

Other bits

  • Audiobooks 1 – carrying on with Stealing Light: Shoal, Book 1 by Gary Gibson. A good bit of Sci-Fi. With the school commute removed, and me no longer grinding out 11k steps a day otherwise I have barely touched the audiobooks. I should rethink my life!
  • Television 1 – Star Trek Discovery Season 3. Bravo to the makers they have really turned it around. While I didn’t hate STD season 1 and 2 I would say I was not in love with it. We didn’t get enough about the crew and the almost singular focus on one character was not working for me. It is Star Trek. I want some aliens. I want some exploration of humanity through the prism of different cultures. Maybe I like Season 3 because I have given up on that dream to some extent? Season 3 has been a breath of fresh air and we actively WANTED to watch the next episode. It was well done.
  • Television 2 – Titans. Oh wow… A DC property that isn’t just needlessly moody. With characters I know little or nothing about going into it. This show has been keeping me going on my exercise bike adventures. Like when I had a treadmill, I get a lot of TV shows watched while I exercise. I ran every minute of Sons of Anarchy, 24, and various other programmes in the past.
  • Game 1 – maquette. A PS Plus title of the month. It is gorgeous on so many levels. The sound track is sumptuous and the mechanics of the puzzles is so damn cute that your inner 5 year old will make you laugh. You honestly will.
  • Game 2 – Final Fantasy VII (remastered). I never played this before. I will start with that. Another PS Plus title which I would otherwise have not chosen to play. The story seems like it is going places. The kids are watching as I play along because of all the whizzy lights and swords and such. It is not a true open world because of the age of the title. You are very much on rails for the duration but it is going down well with me. Update: I finished this over the early May bank holiday before I got the post out. It was worth the time but suffered from massive cut scenes at times.

That is the log for April.

Captain’s Log: March 2021

Here is how I did in the new condensed table format.

11k steps a dayI hurt my ankle. I do not know how and cannot recall a slip or anything I was just suddenly in lots of pain walking one day. So.. At day 452 since I started going for 10k steps a day my run ended. I needed to rest it up.
150 active minutes per weekWeek 1 – Yes
Week 2 – No – ankle injury and sore throat so I took a week off.
Week 3 – Ditto on the ankle.
Week 4 – Ditto on the ankle.
1 technical blog a monthI managed 2 short but useful posts that I will need to refer to in future.
How to use letsencrypt with python HTTP services.
Solving a pentester’s pesky proxy problem.
Support my partner to exerciseWeek 1 – Yes
Week 2 – No – they actually smashed their goal and didn’t need me on the Saturday.
Week 3 – Yes
Week 4 – Yes
Record five songsSince I was inactive I had more time and I actually have made a song. Well almost. It is not finished. I had a DAW to try and learn and fancied trying some layers because that is all new to me:

Whatever – version 3

The vocals will be re-recorded sometime when the kids aren’t asleep in the next room, the lyrics are already different on paper, and there is a 3rd verse from a different protagonist to be expected. But still.. Been happily listening to it today on a loop.
OSWEI have not prioritised it this month.
Panic AttacksA clear month really. A few dicey moments but not full blown panic.

Other bits

  • Audiobooks 1 – carrying on with Stealing Light: Shoal, Book 1 by Gary Gibson. A good bit of Sci-Fi.
  • Television 1 – Star Trek Discovery (catch up Season 1 and 2). My house loves Star Trek. So we watched this when it came out. We sat down to consider watching season 3 and realised; we cannot remember a damn thing that happened. Like literally nothing. So we decided to re-watch Season 1 and 2 first. It is definitely different to previous ST series. It is not necessarily good or bad that it is different. I feel a bit like I really don’t care about any of the characters at all and that the plot is too heavily reliant on the lead character instead of there being an ensemble to draw on. Rewatching it again was like watching it for the first time for us. It was definitely a chore at times. Then we finally got to Season 3. It was like a breathe of fresh air. Suddenly it was way more exciting and we were happy to watch the next one as soon as possible!
  • Television 2 – Away (netflix) – I like a bit of sci-fi but I also have a soft spot for content imagining our near future with basically the technology we have but an increased will to use it. This series was pretty decent in that category. Some good acting performances. A nice distraction. I wanted the next episode when the season ended. But so far this is likely to be something I entirely forget in a few weeks.

That is the log for March. It is sunny outside and I have some days off. Excellent.

Solving a pentester’s pesky proxy problem

I usually test web applications using Firefox because it uses it’s own proxy settings and is easy to configure with burp. Chrome is then something that is used for googling answers, shitposting on Twitter etc to ensure that such traffic is not logged by Burp. This should sound familiar to most pentesters.

This process falls down when you need to test a thick client/os binary which uses only Internet Explorer’s proxy settings. Because Chrome also uses IE’s settings you will now see all your googling popup.

IE’s Proxy settings can be configured by PAC files. I have known this for a very long time. But I have never actually took the leap to think “oh that means I can tell it to only apply a proxy for the specific backend server the Thick Client uses” before. Proof, if more be needed, that I can be a pretty dull axe at times. I couldn’t chop a cucumber.

Here is a valid proxy configuration file:

function FindProxyForURL(url, host) {
// use proxy for specific domains
if (shExpMatch(host, "*.targetdomain.com"))
    return "PROXY localhost:8080";

// by default use no proxy
return "DIRECT";

Change the host you want to match for with your target domain. Save this as a “.js” file someplace you can type the path to and then import it into Internet Explorer’s proxy settings.

Revel in the freedom to live your best life on your terms.

Take care

Letsencrypt certificates for your python HTTP servers

Back in 2016 I blogged about how to do simple HTTP or HTTPS servers with python. You need to use these if you want to temporarily host files, and to investigate SSRF issues properly.

There my skills sat until recently the user-agent that was making the SSRF request was actually verifying the certificate. How rude! So I needed to up my game and generate a proper certificate.

Here are some caveats to the guide which you need to be aware of before you proceed:

  • My OS was Kali Linux (Good for standardisation for penetration testers but won’t be applicable to every one of you legends who are reading this).
  • The server that I am using has it’s own DNS entry already configured. This is the biggest gotcha. You need to have a valid DNS record. Now is the time to buy a cheap domain! Or maybe investigate a domain allowing anyone to add an A record such as “.tk”.

If you can point a DNS entry at your Kali server then you are going to be able to do this.

In one terminal:

mkdir /tmp/safespace
cd /tmp/safespace
python -m SimpleHTTPServer 80

NOTE: I created a new directory in “/tmp” to make sure that there is nothing sensitive in the folder I am about to share. If you share your “/home” folder you are going to have a bad time. While the HTTP listener is running anyone scanning your IP address will be able to list the contents of the folders and download anything you have saved.

From another terminal you need to use “certbot”

apt-get install certbot
certbot certonly
pick option 2
set the domain to <your_domain>
set the directory to /tmp/safespace

The “certbot certonly” command runs a wizard like interface that asks you how to proceed. I have given you the options above. What this does is create a file in your /tmp/safespace folder that letsencrypt can download on their end. This proves that you have write permissions to the web root of the server and allows them to trust the request is legit.

The output of the “certbot certonly” command will list the location of your new TLS certificates. They will be here:


You can go back to your first terminal and kill that HTTP listener. We will no longer be needing it! We have a proper TLS setup so lets go in a Rolls Royce baby, yeaaaah!

You can use python’s “twisted” HTTPs server as shown below

python -m twisted web --https=443 --path=. -c /etc/letsencrypt/live/<your_domain>/fullchain.pem -k /etc/letsencrypt/live/<your_domain>/privkey.pem

That was it. I was able to browse to my new HTTPS listener and I had a shiny trusted certificate.

Hope that helps

Captain’s Log: February 2021

Here is how I did in the new condensed table format.

11k steps a day5 miles of steps. Every single day.
150 active minutes per weekWeek 1 – Yes
Week 2 – Yes
Week 3 – Yes
Week 4 – Yes
1 technical blog a monthI missed this in January (which seems mad when I had several drafts almost ready to go). So in February I put out two:

Verifying Insecure SSL/TLS protocols are enabled
Pentesting Electron Applications

On track for that. I have a few other ideas for coming months.
Support my partner to exerciseWeek 1 – Yes
Week 2 – Yes
Week 3 – Yes
Week 4 – Yes
Record five songsI have not prioritised it this month.
OSWEI have not prioritised it this month.
Panic AttacksI never actually got to the state of disruptive levels of panic this month. I got pretty close. I had a fairly stressful project to work on at the same time as home schooling while maintaining the daily and weekly exercise tasks. This had me doing some pretty long days which definitely made me stressed. I just knew better when to go and take a lie down. All hail the hour nap.

Other bits

  • Audiobooks 1 – I completed Dune by Frank Herbert. This was a great listen and I thoroughly enjoyed it.
  • Audiobooks 2 – I have started Stealing Light: Shoal, Book 1 by Gary Gibson. This was a recommendation and so far I am not far into it. It is painting an interesting universe for mankind’s future. There is a species that pops up to other sentient species and goes: We can give you a bunch of technology and help you colonise this region of space which is yours. In order to get this you agree to not do X, Y and Z. Which creates a dependence on the Shoal corporation. So far it is some pretty decent Sci-Fi which shows despite the advancement of time we remain just as seedy.
  • Television – I have loved South Park for years. I haven’t been keeping up with it for over a decade. With a bunch of episodes being added to Netflix I have started to catch up. They are masters at talking about issues in an interesting way. You don’t have to agree with everything they say to enjoy it. But it is worth remembering how great this show is (once we get past the initial seasons which were mostly fun but entirely juvenile).
  • Television – A while back I started watching Babylon 5 again when I realised I could get it on Amazon Prime (not free). I watched the show when I was clearly too young to understand it. For some reason I didn’t complete the full watch through even though I was enjoying it. I picked it up again and mid season there was an announcement that the content had been upgraded to HD. This makes it even more watchable. The writing is amazing and the cast do some fantastic things together. It is truly amazing that this was made pre-streaming to be as layered as it is. You had to wait a week for another episode, and they would sometimes not have a thing pay off for years. Now that you can watch this back-to-back I intend to and so should you :D.

That is the log for February.

Pentesting Electron Applications

I recently came across my first Electron application as a target. As is the case I try and take notes as I go and here they are so that I am ready for the next time.

When you are targeting an “app” (various thick client or mobile application targets) I always want to:

  • Decompile it if possible – to enable source code review
  • Modify and recompile if possible – to enable me to add additional debugging to code or circumvent any client side controls.
  • Configure middling of communication channels – to enable testing of the server side API.

That is the general process for this kind of task and the blog post covers how to do all of these for Electron applications.

Extracting .asar Files on Windows

When going to the application’s folder I found that it had a “resources” directory containing a couple of “.asar” files. A quick google uncovered that this is a tar like archive format as per the link below:

This is similar to APKs in the Android app testing realm. To get serious we need to extract these to have a proper look.

First get NodeJs:

After installing this open a new command prompt and type “npm” to check that you have the Node Package Manager working right.

Then install “asar”

npm install --engine-strict asar

As a new user of npm I want to just marvel at the pretty colours for a second:

Oh NPM, you are gorgeous

Also an inbuilt check for vulnerabilities? NPM you are crushing it.. Just crushing it. So how come so many apps have outdated dependencies?

Turns out the above command – while gorgeous – did not stick the “asar” command into the windows path as intended. To do that I subsequently ran this command:

npm install -g asar

Then it was found the command in the path:

Oh asar, I found you, I never knew I needed you 10 minutes ago

I was unclear as to the operation of asar. Specifically, would this extract into the folder in a messy way? In the doubt I created a new folder “app” and copied my target “app.asar” file into that before extracting it:

mkdir app
copy app.asar app
asar e app.asar . 
del app.asar 

Note: that del is important because it stops you packing a massive file back into your modified version later.

I was glad I did copy the target into a folder because extraction did this:

Files Extracted to the Current Directory

Had I done the extraction a directory higher then the target application folder would have been messy.

With access to the source you can go looking for vulnerabilities in the code. I cannot really cover that for you since it will depend on your target.

Modifying the app

If you are half way serious about finding vulnerabilities you will need to modify that source and incorporate your changes when running the target. You need to modify the code and then re-pack the “app.asar” file back.

The best place to start is where the code begins its execution. That is in the “main.js” file within the “createWindow” function as shown:

Showing the createWindow function

I modified this to add a new debugging line as shown:

Added console.log debugging line

The point of this was to tell me that my modified version was running instead of the original. I started a command prompt in the “resources” folder and then executed these commands:

move app.asar app-original.asar
asar pack app app.asar

Note: that move command was about ensuring I have the original “app.asar” on tap if I needed to revert back to it. The pack command would otherwise overwrite the original file.

It turns out that “console.log” writes to stdout which means you can see the output if you run the target application from the command prompt. I prefer to create a .bat file for so that I can view stdout, and stderr easily in a temporary cmd window.

The contents of my bat file were:


The first line ran the target exe, and the second ensured that the cmd window would stay open in the event of the target being closed or crashing (until a key is pressed). I saved this in the folder with “target.exe” and called it “run.bat”. Instead of clicking on the exe I just double clicked on run.bat and got access to all of the debugging output.

Much success the first line of output when I load the application was now:

[*] Injecting in here

You can now see if there are any client side controls you can disable.

Allow Burp Suite to proxy the application

You will want to be able to see the HTTP/HTTPS requests issued by your target application. To do that you need to add an electron command line argument. If we look again at the “createWindow” function you can see two examples already:

This image has an empty alt attribute; its file name is image-9.png
createWindow function showing commandLine.appendSwitch

At line number 58 I added this switch which configured localhost port 8080 as the HTTP and HTTPS proxy:

electron_1.app.commandLine.appendSwitch('proxy-server', '');

Again I had to pack the app folder into app.asar as shown in the previous section.

Electron loads chromium and therefore you will need to install burp’s CA certificate as per this URL:

Once you have done that you should see all the juicy HTTP/HTTPS traffic going into burp.

Congratulations you can now go after the server side requests.

I have covered extracting the Electron application to let you see the code, how to modify the code, and how to middle the traffic. That is more than enough to get going with.

Happy hunting

Verifying Insecure SSL/TLS protocols are enabled

If a vulnerability scanner tells you that a website supports an insecure SSL/TLS protocol it is still on you to verify that this is true. While it is becoming rarer, there are HTTPS services which allow a connection over an insecure protocol. However, if you issue an HTTP request it will respond to the user with a message like “Weak cryptography was in use!”.

I think this was an older IIS trait. But I am paranoid and in the habit of making damn sure that a service which offers say SSLv3 will actually handle HTTP requests over it. If there is a warning about poor cryptography then the chances are a user won’t be submitting passwords which will reduce the risk.

This blog post explains how to use openssl to connect using specific SSL/TLS protocols. It also provides a solution to a major gotcha of the process; the version of openssl that ships with your OS cannot issue insecure connections.

Using openssl to connect with an old protocol

The best way to do this, for me, is to use “openssl s_client” to connect to the service. The command supports the flags “-ssl2” “-ssl3” and “-tls1” to enable you to confirm those respectively. Say you want to verify SSL3 is enabled on a target you would do this:

openssl s_client -connect <host>:<port> -ssl3 -quiet

If the server supports the protocol it will now say this the line above where your cursor landed:

verify return:1

Your cursor will be paused there because you have established an SSL/TLS connection and now it is waiting for you to enter data.

Issuing an HTTP request through that connection

Having established your connection you will want to issue an HTTP request. A simple GET request should be sufficient:

GET / HTTP/1.1
Host: <host>

This simple request will return the homepage of any HTTP server. The subtle part is that there are invisible newline characters. In truth the above can be expressed in a single line as:

GET / HTTP/1.1\r\nHost: <host>\r\n\r\n

Here a pair of “\r\n” is representing the newlines. The exchange ends with “\r\n\r\n” because HTTP wants a blank line after all the headers are done to indicate when the server should start responding.

To be easier we can use “printf” to issue the GET request directly through our openssl connection:

printf "GET / HTTP/1.1\r\nHost: <host>\r\n\r\n" | openssl s_client -connect <host>:<port> -ssl3 -quiet

If the server responds without warning the user about insecure cryptography then you have just confirmed it as vulnerable.

Major Caveat

Most operating systems rightly ship with secured versions of “openssl”. This means that they have been compiled to not support these insecure protocols. The reason for doing this is to protect users from exploitation! This is good for us. If fewer clients can even talk SSLv3 then how much more unlikely is it that exploitation will occur?

To solve this problem I suggest you compile a version of openssl which has been compiled to support insecure versions:

wget https://openssl.org/source/openssl-1.0.2k.tar.gz
tar -xvf openssl-1.0.2k.tar.gz
cd openssl-1.0.2k
./config --prefix=`pwd`/local --openssldir=/usr/lib/ssl enable-ssl2 enable-ssl3 enable-tls1 no-shared
make depend
make -i install

Doing it this way creates a local binary (in “openssl-1.0.2k/local/bin”) for you which is not then installed over the system’s maintained one. This keeps your every day “openssl” command in your path secure while giving you the opportunity to confirm vulnerable services.

This solution is adapted from the Gist available here:

For ease I choose to then create an alias for the command as shown below:

alias "openssl-insecure"="/<path>/<to>/openssl-1.0.2k/local/bin/openssl"

I can now call the insecure version by using “openssl-<tab>” to complete with insecure.

Happy insecure protocol verifications to you all.

Captain’s Log: January 2021

A new year has begun.

If we go back to two years to 2019 for a moment. I was diagnosed with a medical condition that is prone to immobilise me periodically for around 2 weeks. There were a few bouts of that. I also had some unrelated chest infections, tonsillitis, and a run of bad health that went through the peak of summer until December 2019. I had been pretty miserable and had seen my weight increase due to the lack of mobility.

By Christmas eve 2019 I had been on medication to control my condition long enough for me to get back to walking around. Sick of the misery I set myself a goal of doing the 10k steps per day that Fitbit offers as good minimum level. Through lockdowns this became an absolute mission but I got it done.

I got through my self-set 2020 challenges, and now I have to ask what next?

I have set some health, lifestyle, and hobby goals for 2021.

Lets get Spectabular!

I am going to introduce you to the table of the six labours, and one thing I need to track monthly:

11k steps a daySlightly more than 2020. I have increased the number because this should take me over 4 million steps for the year which sounds like a thing. Really I am aiming to do 5 miles a day or greater than 1,825 miles in the year.
150 active minutes per weekThis equates to 22 active minutes every single day. I will get there with a mix of jogging, cycling, using a kettle bell, using my stairs to step exercise, and anything else that comes to mind. This is the REAL target for 2021.
1 technical blog a monthThe main focus of cornerpirate.com should always be technical content. As I will be posting my captain’s log entries once a month it makes sense to at least post something technical every month too.
Support my partner to exerciseI do not live in isolation. It is clear that my goals are only possible because of the love and support they provide. They created swathes of space for me to do so by looking after the kids and putting up with me going out at all hours to mine steps. There should absolutely be quid quo pro on this. They want a Saturday morning every week to be child free for a couple of hours to then do some exercise themselves. Totally onboard with that!
Record five songsI can play guitar. I can sing reasonably badly. But that hasn’t stopped me increasingly putting out content. Usually cover versions thrown together with little skill in a single take. I don’t even practice before hitting record. I do not know the lyrics. I am reading them on screen and playing the chords as they come on some tab or other. Why not try writing some new songs myself and putting a little more effort into it? It is rare for me to get the time to do so meaning that starting with five over a year should be achievable. Looking forward to learning how to use the kit I have collected rather than going “fuck it audacity and the mic that I used for conference calls is sufficient”.
OSWEI have pretty much no certifications to show I am even half way relevant or decent as a penetration tester. There are techniques that I need time to practice which are right there in the course material for OSWE. I am committing here to buying the lab access and using it. It is likely that I will be harvesting some of the technical blog posts based on the learning I do for this. I may or may not go for the certification. But for me I suspect the lab exposure and cost of many many evenings will be beneficial overall. If it looks like I can get a decent run at the exam than I might give it a go.
Panic AttacksThis is not a goal. This is just something I want to note happened or not in a given month. Gathering evidence as to their frequency, triggers, and impact. My logical brain is saying based on 2020 that these happen after a run of poor nights sleep.
Six Labours and One to Track

I will complete this table each month to add a bit more brevity and structure to the rather chaotic approach used last year. Starting from February I should get away with much shorter blogs as a result.

How did I do in January?

Now into the meat.

11k steps a day5 miles of steps. Every single day.
150 active minutes per weekDone.
1 technical blog a monthA couple of drafts in progress but the day job put this on the back burner.
Support my partner to exerciseWeek 1 – Yes
Week 2 – Yes
Week 3 – Yes
Week 4 – Yes
Week 5 – Yes (though contested by my partner I wasn’t fast enough in getting a kid ready to leave the house on time).
Record five songsI have not prioritised it this month.
OSWEI have not prioritised it this month.
Panic AttacksA clear month.

The Good

  • Board Games – I discovered that someone at the school had taught my eldest how to play chess. We had tried for years to play board games but their lack of patience and attitude to losing at anything was too explosive and caused fights. I bought a compendium of old board games and made the time to play just with them regularly. It has been great fun! I can see they have a logical brain when they are not exploding about losing. Seeing them mature is beautiful.
  • Music – Having setup the Piano over the keyboard over the holidays, and procured a poster which shows the chord shapes, I have been able to belt out a few songs in the evenings. Since I have never had a lesson or loads of time to do this before it has been nice. I am happy mucking about like this. My goal clearly isn’t to master the instrument. Simply to have fun and this has been great.
  • Health – I have lost weight. I am just not terribly interested in the number this time. The focus is the exercise goals and maintaining those and the results will continue. Or not. But I will be healthier regardless of my mass. In most things I find data and statistics comforting. Somehow weighing myself is a mixed bag as it can be as demotivating as it is motivating. Trying it differently this time and not going for weekly weigh ins.
  • Audiobook 1 – I listened to Sandworm by Andy Greenberg. I found this very interesting and should be the kind of book you can recommend to non-infosec humans. It is well delivered. The pace is expertly done.
  • Audiobook 2 – From there I moved on to Dune by Frank Herbert. I would like to state for the record that I didn’t listen to Sandworm (which is a reference to Dune itself) and then decide to buy Dune to listen to. That would be far too logical! I had actually been meaning to read Dune for many years. I had bought it on Audible before I was recommended Sandworm. I let the recommendation jump the queue and was laughing when Sandworm was revealed as a reference to Dune. The audible production of Dune is excellent and is the first I have heard with additional music. It isn’t quite a radio play version but is definitely acted more than just read.

The Bad

  • Maybe not “bad” really. This one is actually a bittersweet. One of my team decided to move on to pastures new to continue their career progression. This is always both a sad and a wonderful thing. Sad because you won’t be talking to them every day anymore. But also wonderful because everyone needs to eventually move on. They were definitely ready to do so. Even though I will miss our wide ranging phone calls that always started “I have five minutes” and ended up an hour later with us both much happier for the exchange.