So I did not “complete” my hat until very late Friday when i finally got it to announce its link status on its new set of 14 segment displays. It performed admirably all weekend. Thanks to Paul for safely transporting it to and from Vegas. I must also thank Stephen for his late night help on Wednesday. (tacos are not enough) Without his amazing soldering, i’d still be trying to figure out what i had done wrong. Here are some pictures from that night and the con to follow. . .
I’m back in Vegas for Defcon and it’s going swimmingly. so much so that i might get some actual swimming in.
Thanks to the late night help of Professor Franklin i have improved and redeployed the Defcam!
I visited this idea months ago, but for anyone who implemented it, it has been a nightmare. Each subsequent Unifi controller update broke the https in new and exciting ways. After remaining a very squeaky wheel with Ubiquity support, they’ve pushed out a version that should permanently resolve the problems. They even made promises of native Let’s Encrypt support. All this will prove true of false with time, but for now i wanted to share my working procedure for Unifi controller version 5.9.32.
This solution required me to become more familiar with Java’s keytool then i would have otherwise. Unifi has a hardcoded keytool path and password, don’t change that (thanks Corey F @ubnt). i don’t think alias matter, but they must be consistent. I used mykey. We start by generating a key and a code signing request for our domain. For permissions reasons, we will want to do this as root. . .
keytool -genkeypair -alias mykey -keyalg RSA -keysize 2048 -keystore keystore -dname "CN=custom.domain.name" -storepass aircontrolenterprise
Now we export the csr file we will give to Let’s Encrypt.
keytool -certreq -alias mykey -keystore keystore -file custom.domain.name.csr -ext san=dns:custom.domain.name -storepass aircontrolenterprise
Now we run the interactive certbot script to prove the domain is actually yours before they hand out a cert. Follow the instructions you can use DNS or hosting a file to verify.
certbot certonly --manual --csr custom.domain.name.csr
Continue reading “Hosted Unifi controller with Let’s Encrypt SSL take 2!”
I met a pile of incredible people. Bought some amazing toys (for science), some i’ve even got working. Saw some talks and demos. Talked to some of my heroes and listened to even more. I saw Ladar Levison talk about epoxying your ports and adding thermite to your hard drives. I played with the ECU of a fake car! now i just have finish building the DarkNet Badge! enjoy my pictures. The hat data is still being analyzed. I’ll try to build something out of it eventually.
Believe it or not, my home network actually used Radius authentication many years ago. Before I got a Nest (which still cannot connect to anything that isn’t open, WEP, or WPA/WPA2). At the time, I assumed the Nest app talked directly to the thermostat. Not true. It just needs internet to talk to it’s servers where it receives the commands and preferences from the app. Armed with that knowledge and recent revelations about the security of WPA2, I set to the task of reimplementing Radius on my network. First, I needed to asses which devices, like the Nest, would be unable to make the transition. Luckily, most of these devices don’t need anything more then internet access. One was moved to a hard line and the last attached to a Radius capable wireless bridge. I added a internet only wireless network for my embedded devices and moved my privileged network to Radius authentication. It was time to change my password anyway. Stay safe!
Ubiquity’s Amplifi wifi mesh system is awesome and incredibly easy to setup. It also looks great next to Synology’s DiskStation product line. Together they make the most amazing Time Capsule replacement. The functionality doesn’t stop there. The DiskStation does so much more then just backup. As a backup however, it allows you to mirror the disks for extra protection as well as synchronize between other servers, DiskStations, cloud storage, or even AWS S3! Getting nearly 200Mbit everywhere! Already backing up three computers. What other services should I add to the Synology?
The internet went out again. it seems that time warner is made of sugar or wicked witches. They melt in the rain. last time we traced the run from pole to modem, but it seems that water continues to find a way in. Luckily i set a little something up with the neighbors. It had to be put in place after the last time when i ran off my iphone using tethering. Believe me, edge at home is ONLY for desperate people. A time warner serviceman made it out this morning to fix it. Knowledgeable workmen AND speedy service, this is a side of time warner i’ve never seen before. I’d still like to see less of these glitches and of course the 8Mbit we’re paying for! Even more then that, i’d like to see a real solution.
What i’d like to see, is a solution to the fundamental internet problem once and for all. What problem? The lack of free and available internet to ANYONE throughout public spaces (and even private ones). That is a stimulus with a real and tangible benefit. Our wireless communications carriers have failed us. We gave them the very air and they repay us with early termination fees and dropped calls.
The powers that be could bring the internet in through the power lines. You can get incredible bandwidth though existing infrastructure and utility poles make great places for hanging access points. Heck, i wouldn’t even mind if they snooped (you know they spy already). In fact people would probably line up to be snooped on free wifi all over town! once we have a nation wide public wifi network and everything plugged into the wall was also connected to that network, things will really start to get interesting. Imagine a world where our gadgets conspire to improve out daily life? What if you never had to set an alarm clock? Simply plugging it into the wall gets it online and sets the time. Imagine a world where wireless communications doesn’t require faustian contracts with providers full of marketing and empty promises. What if a txt didn’t cost 20¢? What if you could make a call or send a message from your pocket for free? What if this actually happened? These simple ideas will extend the functionality and integrate our devices and networks in ways we cannot even comprehend. I honestly believe that combined with IPv6 and other great implementations, these foundations of technology that will pave the way to the future we’ve seen in science fiction.
In the coolest workaround yet, Infinitec out of Dubai made this nifty little gadget that lets your server, NAS, or any PC with media be accessible as if it were on a USB thumb drive. It even fakes out file systems that have a 1 or 2GB barrier. It relies on wifi so you do have to be in range. . . we can dream.