After Google killed XMPP support for Google Voice, I no longer had a house phone. I was using my Google Voice number as a home phone and for the gate info our building. This lead to the whole system being ignored and neglected. By the time the SD card gave up the ghost, even the backups were in poor shape. I rebuilt the whole system fresh from the latest RasPBX dist and it’s working better then ever. Bought a real DID so i could continue to use Google Voice on our handsets at home. It’s great to have my Asterisk back.
I visited this idea months ago, but for anyone who implemented it, it has been a nightmare. Each subsequent Unifi controller update broke the https in new and exciting ways. After remaining a very squeaky wheel with Ubiquity support, they’ve pushed out a version that should permanently resolve the problems. They even made promises of native Let’s Encrypt support. All this will prove true of false with time, but for now i wanted to share my working procedure for Unifi controller version 5.9.32.
This solution required me to become more familiar with Java’s keytool then i would have otherwise. Unifi has a hardcoded keytool path and password, don’t change that (thanks Corey F @ubnt). i don’t think alias matter, but they must be consistent. I used mykey. We start by generating a key and a code signing request for our domain. For permissions reasons, we will want to do this as root. . .
keytool -genkeypair -alias mykey -keyalg RSA -keysize 2048 -keystore keystore -dname "CN=custom.domain.name" -storepass aircontrolenterprise
Now we export the csr file we will give to Let’s Encrypt.
keytool -certreq -alias mykey -keystore keystore -file custom.domain.name.csr -ext san=dns:custom.domain.name -storepass aircontrolenterprise
Now we run the interactive certbot script to prove the domain is actually yours before they hand out a cert. Follow the instructions you can use DNS or hosting a file to verify.
certbot certonly --manual --csr custom.domain.name.csr
Continue reading “Hosted Unifi controller with Let’s Encrypt SSL take 2!”
I met a pile of incredible people. Bought some amazing toys (for science), some i’ve even got working. Saw some talks and demos. Talked to some of my heroes and listened to even more. I saw Ladar Levison talk about epoxying your ports and adding thermite to your hard drives. I played with the ECU of a fake car! now i just have finish building the DarkNet Badge! enjoy my pictures. The hat data is still being analyzed. I’ll try to build something out of it eventually.
This is a silly project that i have spent probably too much time on. First I thought, why not time-lapse my upcoming defcon trip. Then i thought, why not live stream it. So… I started with a Pi Zero and a Pi Camera v1. Wired some pins to the GPIO for power. Made a custom wire and hot glued it into the hat. Done!
This small exhibit includes audio/video recordings from the Daily Show cast as well as Trump Survivors. Even a set with a golden toilet and props to pose with. (i had to grab a tie, but it wasn’t long enough for me). We were given name tags upon our arrival complete with nickname (mine was “Buzzkill be3n”). you can see the whole exhibit in under an hour. well worth the visit!
Sunday June 17th is the last day in LA. 631 N Robertson Blvd. 12pm-10pm.
UPDATE: this is all outdated, go here.
I have been consolidating some of my sites onto a single hosted Unifi controller. Documentation was outdated so I am going to post some useful info here. My original plan was to setup a basic apache2 site, use certbot to generate my certificates and then install them into the Unifi controller. The first frustration is that you cannot simply install the certs you want into the unifi controller. second frustration, java. once you get over that, it’s super easy.
I had some issues with the initial migration. i ended up having to start over. handy command to remove unifi controller with all it’s configuration and data.
apt-get remove unifi --purge Just remember, you will need to reinstall Unifi after. It will be bran new and back to the wizard.
Getting started with SSL, I learned mostly from here. First create a CSR with unifi through command line…
java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country>
this creates unifi_certificate.csr.der and unifi_certificate.csr.pem inside the data directory where you already are (/usr/lib/unifi/). Now we need to feed the CSR into certbot. Note that at this point, i already have apache2 installed with a very simple virutalhost and site setup with the domain i am creating a cert for. Here is the command to feed the CSR generated by Unifi into certbot to be certified:
certbot certonly --apache --csr /usr/lib/unifi/data/unifi_certificate.csr.der
Certbot will make sure that domain is yours (and your apache config is working) and then output a signed cert and a chain that is almost everything you need to install the certificate back into the Unifi controller. Still in /usr/lib/unifi/data/ 0000_cert.pem is my signed cert and 0001_chain.pem is my signed cert plus the intermediate certificate. what’s missing is Let’s Encrypt’s Root certificate to validate the intermediate certificate and thus complete the chain of trust.
AOL’s Long running messaging service will end on December 15th. Though it’s true that i rarely use it these days and that I actually lost my original account years ago… I have fond memories of this communications protocol. I continue to communicate with people though AIM. Apple had strong links to it at the launch of iChatAV. #nostalgia Well, AOL broke the news with a tweet. ironic?
On this day in 1987 Steve Wilhite while working at CompuServe developed the GIF format. Thanks to the internet and the fact that internet speeds continue to accelerate they have become the defacto animation format. Hooray! It is importent to point out that although the GIF is 30 years old today, the animated version that we are so familiar with did not become available until 1989. Don’t tell me how to pronounce it. Enjoy my collection.
I tried to participate in Ken Calvert’s telephone town hall tonight, even recorded some of it. Unfortunately, they never took my question or even my promised recorded voicemail.
Many of my comments were addressed by others and most were deflected by Representative Calvert. I am certainly no expert on this stuff, but here are the points i would have brought up.
- CRA bill – Representative Calvert seems to have missed the distinction between internet service providers that offer services like Google, Facebook, or Snapchat and telecommunications providers that provide the very lines on witch those services depend. This is a critical distinction. Unlike service providers, it is not so easy to just find a telecommunications provider who’s policy you agree with. In most of America, they are practically monopolies.
- Russians!! – Lifting sanctions preventing Russian intelligence agency from purchasing surveillance technology? Why now? Representative Calvert talked about apposing foreign manipulation of our elections, but what about foreign money buying influence? Citizens united says money is speech, but what about foreign money?
- Obamacare Vs Trumpcare – Preexisting conditions? Failing program? It is certainly not perfect (don’t get me started), but my family would be destitute if it weren’t for the Affordable Care Act. The current offering as a replacement looks terrible and doesn’t include amendments for preexisting conditions. What will next year bring?