Internet, Security, technology, Web, Wi-Fi

Hosted Unifi controller with Let’s Encrypt SSL take 2!

November 16, 2018November 16, 2018 | be3n

I visited this idea months ago, but for anyone who implemented it, it has been a nightmare. Each subsequent Unifi controller update broke the https in new and exciting ways. After remaining a very squeaky wheel with Ubiquity support, they’ve pushed out a version that should permanently resolve the problems. They even made promises of native Let’s Encrypt support. All this will prove true of false with time, but for now i wanted to share my working procedure for Unifi controller version 5.9.32.

This solution required me to become more familiar with Java’s keytool then i would have otherwise. Unifi has a hardcoded keytool path and password, don’t change that (thanks Corey F @ubnt). i don’t think alias matter, but they must be consistent. I used mykey. We start by generating a key and a code signing request for our domain. For permissions reasons, we will want to do this as root. . .
cd /var/lib/unifi keytool -genkeypair -alias mykey -keyalg RSA -keysize 2048 -keystore keystore -dname "CN=custom.domain.name" -storepass aircontrolenterprise
Now we export the csr file we will give to Let’s Encrypt.
keytool -certreq -alias mykey -keystore keystore -file custom.domain.name.csr -ext san=dns:custom.domain.name -storepass aircontrolenterprise
Now we run the interactive certbot script to prove the domain is actually yours before they hand out a cert. Follow the instructions you can use DNS or hosting a file to verify.
certbot certonly --manual --csr custom.domain.name.csr
Continue reading “Hosted Unifi controller with Let’s Encrypt SSL take 2!” →

Culture, technology, Travel, Web

New Zealand Government website has the best 404 page!

May 4, 2018 | be3n

They include a world map with a glaring omission. . . New Zealand. I guess they are feeling a little left out.

pointless, technology, Web

I setup an emoji domain on a dare. . .

January 8, 2018 | be3n

check out 💩.be3n.com. for no reason at all.

Culture, technology, Web

Has it been 10 years already??!!!

November 4, 2017December 19, 2017 | be3n

SDS Classic logo It was 10 years ago today when I decided that the virtual world needed a new URL and somethingdotsomething.com was purchased! It was another year before the site got any content and even longer before it was any good. (citation needed)

I have enjoyed publishing here. I hope to continue and to add more and grander works as well.

Software, technology, Web

I fixed the error that killed my URL shortener.

May 4, 2017 | be3n

This post should prove it. Thanks to @joedolson for graciously not being offended when i suggested it was a problem with his code. My own idiocy omitted an essential file. whoops! must test more throughly before I bother others.

hardware, Security, Software, technology, Web

Played with PoisonTap network hijacking tool

November 20, 2016June 17, 2017 | be3n

@SamyKamkar made an impressive and terrifying tool. This simple USB device steals your cookies, poisons your cache, and even persists a web backdoor. On a locked machine no less! It depends much on the trust that our computers take for granted. Trusting a USB device is not up to no good. Trusting the local network not trying to confuse. We must reexamine this trust going forward. It didn’t take long to get it up and running, however once you do, you can spend hours tinkering. (i was working to combine it with @mubix‘s work here)

I am also delighted to have my first Raspberry Pi as a USB device rather then host. it is certainly exciting to create some new doodads using this dangerous toolkit.

UPDATE

I have since made a version without the cache attack. I completely failed to steal the poisontap visuals, but TheCodePlayer offers a delightful matrix animation. next step is to man in the middle ssl too. I’m turning it into a device that logs everything while connected, but doesn’t persist.

art, Culture, technology, Web

There may be too many animated Gifs on my website.

January 26, 2016January 26, 2016 | be3n

This post will bump the largest one off the front page. My site was getting a bit bloated.

Internet, technology, Web

Sorry Facebook Users.

April 18, 2015 | be3n

I broke all the links from my previous posts to Facebook. sorry. honestly, I should have updated my syndication years ago. I am not going to delete the posts, but they will just link to the current site. Lets faec it, no one was clicking on it anyway. whoops.

Internet, technology, Web

Something is getting better!

April 15, 2015April 16, 2015 | be3n

My blog is now distributed with Amazon’s Cloudfront CDN using powerful encryption and signed by a proper CA certificate. See the shiny green lock? Like a grown-up adult website. After only 8.5 years. Congratulations! Thank you StartSSL!

Update: you may have noticed that the transition has been a bit bumpy. Still getting the hang of things and this website needs a lot of work (possibly a complete resurfacing). I am sorry about the downtime and all the SSL errors, I am working on it. Thanks Eric, I hope I didn’t step on your birthday plans kidnapping your brain.

Internet, technology, Web

Dreamhost you made a fool of me.

April 2, 2015March 16, 2016 | be3n

Dreamhost Logo

I recommended Dreamhost highly for many years. When Mac Enthusiasts asked me where they should host their email, I said Dreamhost without a pause. We moved the MX record over the weekend from Media Temple to Dreamhost and waited as the DNS records propagated throughout the internet. Monday morning I left everyone’s new credentials on a note so they could get to work. Immediately, we noticed a problem. The mail server was unresponsive. By noon, I had a good understanding of the problem and I submitted a support request. Dreamhost did not respond until after 9pm and this was all they said.

I’m terribly sorry for the issues with the mail service responding slowly today. It looks like there was an issue with our POP/IMAP machines causing the slowness with the accessing of your mailbox earlier today. Our Admins were able to look into this matter and get the issue resolved. This was a temporary issue with the mail load spiking, resulting in the slowness, but that’s all resolved now.

Oh good one might think. Problem reported, problem solved. Not so. Of course now that buisness was done, I couldn’t verify their claim. Again I waited to see if their claim was true. It was not. It the light of Tuesday morning macenthusiasts.com email was completely unusable from the office. So once again, I carefully composed my support request. They quickly responded with additional questions, I immediately answered. They wanted the IP of the office and a traceroute to their mail server. No response from Dreamhost until 1am. This is what they said:

This should be resolved with the load balancing issues resolved. I just checked multiple email addresses from your domain, and was able to connect to them on multiple ports. I also checked and found that your office IP address is not currently banned. I am sorry it took so long to get back to you, your tickets were placed in my queue when I was out of
the office. Please let us know if the issues are continuing in the office, so we can continue to look at the office, and troubleshoot there.

Continue reading “Dreamhost you made a fool of me.” →