From: Adam A.G. Shamblin Date: Fri, 24 Jul 2020 01:54:37 +0000 (-0600) Subject: first new post in nine months X-Git-Url: https://git.vexinglabs.com/?a=commitdiff_plain;h=d90aadfc3b1c222dfbdae2dc4b4f4645339d8c53;p=letters.git first new post in nine months --- diff --git a/content/install-tor-on-linux.md b/content/install-tor-on-linux.md new file mode 100644 index 0000000..f4e7191 --- /dev/null +++ b/content/install-tor-on-linux.md @@ -0,0 +1,84 @@ +Title: Installing TorBrowser for Easy Update on GNU/Linux +Date: 2020-03-30 +Category: Security +Tags: linux, security, linux, tor, privacy +Status: draft + + +This issue has come to my attention a couple of times now: users new to Linux +and Tor have installed the TorBrowser package, but come update time find they +have to reinstall. + +## Create and Join the `tor` Group + +The first thing I want to do is create a group to own the Tor application files. +I could certainly give ownership of the application to my own user account, but +this allows for a little bit more flexibility, should I decide to add users to +my system. + +```shell +$ sudo groupadd tor +``` + +Then I want to add my user account to the `tor` group I just created. + +```shell +$ usermod -aG tor signal9 +``` + +These steps will become more important in a few minutes once we've downloaded +and extracted the Tor Browser. You need to log out and back into your session +in order for joining the group to fully take effect. + +## Download & Verify Tor Browser + +Navigate to the [Tor Project](https://www.torproject.org/download/) website and +click on the Download link. These instructions are for Linux, so click the +"Download for Linux" link. You will also need to download the Signature file. + +On my laptop, this has downloaded to my Downloads directory. I have chosen the +64-bit version, which at the time of this writing is at version +[9.0.7](https://www.torproject.org/dist/torbrowser/9.0.7/tor-browser-linux64-9.0.7_en-US.tar.xz). + +I have also downloaded the [signature +file](https://dist.torproject.org/torbrowser/9.0.7/tor-browser-linux64-9.0.7_en-US.tar.xz.asc) +which I require to verify the downloaded files. + +Rather than document the process of verifying your download here, I'll direct +you to the [really excellent documentation](https://support.torproject.org/tbb/how-to-verify-signature/) at the Tor website. + +**Do not skip the verification step!** Tor Browser is a controversial piece of +software globally, and as such is a high-value target for criminal and state +actors alike. Verifying against a signature is one step towards ensuring a safer +Tor experince. + +## Install TorBrowser + +To install the Tor Browser, we will extract the downloaded archive to the `/opt` +directory. You will need sudo access to your machine for this step. + +```shell +$ sudo tar -xvf ~/Downloads/tor-browser-linux64-9.0.7_en-US.tar.xz -C /opt +``` + +This will have created a new folder at `/opt/tor-browser_en-US`. If you've +chosen a different language, you may have a slightly different folder name. + +Now that we've extracted the application, we'll want to give ownership of the +directory to the `tor` group we created earlier. + +```shell +$ sudo chgrp -R tor /opt/tor-browser_en-US/ +``` + +We also want to change the permissions of the directory so that members of the +`tor` group will have read, write and execute privileges. + +```shell +$ sudo chmod -R 770 /opt/tor-browser_en-US/ +``` + +Now only `root` and members of the `tor` group may read, execute or modify the +Tor application, but other users may not read the directory at all. + +## Update diff --git a/content/weekend-update-2020-06-23.md b/content/weekend-update-2020-06-23.md new file mode 100644 index 0000000..cccce60 --- /dev/null +++ b/content/weekend-update-2020-06-23.md @@ -0,0 +1,114 @@ +Title: Weekend Update, July 23, 2020 +Date: 2020-07-23 +Category: misc +Tags: hacking, defcon, pandemic + + +## So, um, yeah... + +I'm not sure there would be much point to a full recap of the last nine months. +In many ways, my life during that time has been the same as everyone else's: +lock-down since March, though we can get out a bit since summer. I wear a mask, +I haven't been to a bar in months, my social life is primarily online. In some +places the streets are on fire and for others things have been pretty bad. Life +is scary, but life goes on. + +After my last update, I attended the third annual [Wild West Hackin' +Fest](https://wildwesthackinfest.com), which as usual was a fantastic event. +While I was there I met a hiring manager from BSI, the British Standards +Institute. They had recently bought a state-side penetration firm called AppSec, +and they were hiring. After I got home from the con, and a few phone calls with +BSI AppSec, I accepted my first penetration tester role. So, for me, working +from home full time started in January, for which I am thankful. I had a few +months to adjust before lock-down. + +I only worked at BSI for less than six months. While I feel I was successful +there, and I was treated well, I had a difficult time fitting in with a group +that was more of a bench than a team. Our work was in almost all cases solo, +which is _not_ my bag. In May I was approached by a former colleague who +had recently joined a company going into growth mode, and he asked if I +would come aboard as Staff Engineer at Large, doing work much like I'd done +in the past, working with Kubernetes, DevSecOps, and developer advocacy, +while bringing my application security chops with me. After a week of phone +calls, I agreed to make the move, which is where I am today. Fully remote +forever, I'm about seven weeks in and I'm having a great time. I may write more +about this soon. + +## Bees, gardens, hacking, hobbies... + +### Bees + +My last bee journal was optimistic, but shortly after my post the hive was +robbed by surrounding colonies. After two days of carnage for which I had no +solution, the hive was silent. This was very sad for us for about a day, but +this is also the way of things. We shook it off, took the event as a learning +experience and moved on. This year we revived the old hive and added a second. +They seem to be doing well, honey production is under way, and both colonies +seem quite lively. More to come. + +### Gardens + +As per usual we planted two gardens in the front yard and one in the back. My +wife put a ton of effort into soil building since we'd had a couple of pretty +rotten years recently. We planted the usual tomatoes and peppers, but this year +we rotated other crops, planting squash and tomatoes further up the hill and +adding several rows of onions and beans. We've planted perennial herbs, garlic +(which I still can't seem to get the hang of) and our first tomatillo plant +which is _enormous_ and absolutely beautiful. We've already harvested several +pounds of green beans and a grip of squash and zucchinni. Tomatoes are coming in +well, as are the tomatillos. I've also got several plants of a more recreational +variety growing in pots in the back yard that I'm hopeful will yield. There are +also six sunflowers that have grown taller than me, though they haven't flowered +yet. + +### Hacking + +During the first part of the shut-down, work got pretty slow. My employer +decided to have me enroll in [Offensive Security's +AWAE](https://www.offensive-security.com/awae-oswe/) program to get my OSWE +certification. Oh! I haven't mentioned that in addition to pursuing penetration +testing as a profession, after WWHF I signed up to take my CISSP! I studied for +a number of weeks, less so during the holidays, and ultimately took and passed +my test at the end of January. For the first time, dig me, I'm certified. + +So, anyway, I spent about a month studying for the OSWE, but this got put on +hold with the job change. While I don't see myself necessarily going back into +testing, I do value my skills in application security, so I decided to resume my +studies after DEFCON SafeMode the second week of August. Just this week I +renewed my lab time and maintained my testing date of October 1. With my wife +and youngest starting back to university about that time, I'll have plenty of +time to focus on my own studies and to try to nail that test. Try harder! + +By now, everyone who cares knows that [DEFCON is cancelled](https://defcon.org)! +While this is a tremendous bummer, the show must go on remotely! A huge number +of people are working very hard to give us a free, online version of DEFCON to +enjoy, and for this I am grateful. I've purchased my badge, which this year is +a magnetic audio cassette, and I intend to dedicate the weekend to participating +as much as I can. I'm way excited, I think it's going to be a great time. + +### Hobbies + +Our weekly game night decided right away to go virtual. We all bought and +downloaded TableTop Simulator on Steam and I subscribed to as many of our +favorite games as I could. Since going virtual we've only missed two weeks' +play! I've continued to buy paper games during this hiatus from physical +contact, one because I love them and want them to feel normal, and two so that I +can contribute to keeping my favorite local game store open. My LGS is once +again open to the public, with masks, so I have gone down to visit a couple of +times since. + +Many of my other hobbies have really fallen by the wayside, despite what my +other updates suggest. The pandemic has at times been pretty hard on me, as it +has for all of us, and for a few months now I've had difficulty getting +motivated to do much beyond what was needful, and watching TV. I bought a 3D +printer this past winter which, though getting a lot of use at first (and +printing many mask strap extenders for local nurses) and prompting me to start +learning CAD, has sat dormant for weeks now. I have RasperryPis, new and +exciting wifi hacking gear, and many other toys gathering dust. + +This is starting to pass, however, as some fog within me has started to lift and +I find myself interested in things again. I've been lucky that thus far I've +been free to choose how I react to the state of the world. Many have not had +that luxury. I've got a list of fun things that I can do from the safety of my +own home. I have friends and loved ones who keep in touch with me every day. I +have a lot to be grateful for. Best keep moving. diff --git a/hack/k8s/deployment.yaml b/hack/k8s/deployment.yaml index 8a4b143..42829c8 100644 --- a/hack/k8s/deployment.yaml +++ b/hack/k8s/deployment.yaml @@ -12,7 +12,7 @@ metadata: service.beta.kubernetes.io/do-loadbalancer-healthcheck-healthy-threshold: "5" service.beta.kubernetes.io/do-loadbalancer-protocol: "http" service.beta.kubernetes.io/do-loadbalancer-algorithm: "round_robin" - service.beta.kubernetes.io/do-loadbalancer-certificate-id: "836001ec-5652-4d3d-bc7a-691780e10bfb" + service.beta.kubernetes.io/do-loadbalancer-certificate-id: "3792d0ca-7583-4f01-a7bf-69704f48129f" service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true" spec: type: LoadBalancer diff --git a/scripts/upload-cert.sh b/scripts/upload-cert.sh new file mode 100755 index 0000000..753eadd --- /dev/null +++ b/scripts/upload-cert.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +set -e + +DOMAIN=$1 +CERT_NAME=$2 + +if [ -z $DOMAIN ] +then + echo "Please specify a domain" + exit 1 +fi + +if [ -z $CERT_NAME ] +then + echo "Please specify a name for your cert" + exit 1 +fi + +CERT_PATH="/etc/letsencrypt/live/${DOMAIN}/" + +if [ ! -e $CERT_PATH ] +then + echo "There seems to be no certificate for that domain" + exit 1 +fi + +/home/signal9/bin/doctl compute certificate create \ + --certificate-chain-path "${CERT_PATH}/chain.pem" \ + --private-key-path "${CERT_PATH}/privkey.pem" \ + --leaf-certificate-path "${CERT_PATH}/cert.pem" \ + --name "${CERT_NAME}"