Pilgrimage to the Internet Archive

Internet Archive

The offering I brought was nearly 100 lbs of technology from my childhood.  I met some amazing staff and volunteers (they even archive their employees). Even visited the blinking lights of their servers.  They archive even more then I knew.  More then web, old software and films, they even archive music and have an impressive collection (i found several rare or out of print artists and albums in their archive).

Amiga Offering to Internet Archive

Internet Archive - Pews

Employee AvatarsVideo Capture Equiptment

Hosted Unifi controller with Let’s Encrypt SSL take 2!

Unifi Dashboard with SSL

I visited this idea months ago, but for anyone who implemented it, it has been a nightmare.  Each subsequent Unifi controller update broke the https in new and exciting ways.  After remaining a very squeaky wheel with Ubiquity support, they’ve pushed out a version that should permanently resolve the problems. They even made promises of native Let’s Encrypt support.  All this will prove true of false with time, but for now i wanted to share my working procedure for Unifi controller version 5.9.32.

This solution required me to become more familiar with Java’s keytool then i would have otherwise.  Unifi has a hardcoded keytool path and password, don’t change that (thanks Corey F @ubnt). i don’t think alias matter, but they must be consistent.  I used mykey.  We start by generating a key and a code signing request for our domain.  For permissions reasons, we will want to do this as root. . .
cd /var/lib/unifi
keytool -genkeypair -alias mykey -keyalg RSA -keysize 2048 -keystore keystore -dname "CN=custom.domain.name" -storepass aircontrolenterprise

Now we export the csr file we will give to Let’s Encrypt.
keytool -certreq -alias mykey -keystore keystore -file custom.domain.name.csr -ext san=dns:custom.domain.name -storepass aircontrolenterprise

Now we run the interactive certbot script to prove the domain is actually yours before they hand out a cert.  Follow the instructions you can use DNS or hosting a file to verify.
certbot certonly --manual --csr custom.domain.name.csr

Continue reading “Hosted Unifi controller with Let’s Encrypt SSL take 2!”

Played with PoisonTap network hijacking tool

Poison Tap in Action

@SamyKamkar made an impressive and terrifying tool.  This simple USB device steals your cookies, poisons your cache, and even persists a web backdoor.  On a locked machine no less!  It depends much on the trust that our computers take for granted.  Trusting a USB device is not up to no good.  Trusting the local network not trying to confuse. We must reexamine this trust going forward.  It didn’t take long to get it up and running, however once you do, you can spend hours tinkering.  (i was working to combine it with @mubix‘s work here)

I am also delighted to have my first Raspberry Pi as a USB device rather then host.  it is certainly exciting to create some new doodads using this dangerous toolkit.

UPDATE

I have since made a version without the cache attack.  I completely failed to steal the poisontap visuals, but TheCodePlayer offers a delightful matrix animation.  next step is to man in the middle ssl too.  I’m turning it into a device that logs everything while connected, but doesn’t persist.

Something is getting better!

https lock iconMy blog is now distributed with Amazon’s Cloudfront CDN using powerful encryption and signed by a proper CA certificate.  See the shiny green lock?  Like a grown-up adult website.  After only 8.5 years.  Congratulations!  Thank you StartSSL!

Update:  you may have noticed that the transition has been a bit bumpy.  Still getting the hang of things and this website needs a lot of work (possibly a complete resurfacing).  I am sorry about the downtime and all the SSL errors, I am working on it.  Thanks Eric, I hope I didn’t step on your birthday plans kidnapping your brain.