Dystopia

As many know, the Chinese government is one of the most oppressive governments in the world due to their human rights abuses. Recently, they have been creating a real life dystopia that involves the tracking of everyone and everything inside of China. It’s all to create a so called “social credit system.” The government tracks every individual’s interactions with the world and others using mass surveillance, artificial intelligence, CCTV other dystopian methods of spying. Proponents of this system claim it creates a better society by enforcing so called ‘good social behavior’ and increasing the ‘trustworthiness’ of people. There’s no doubt it creates conformity to a certain standard. However, it’s nightmare fuel for anyone who values individual liberty and freedom. The goal is to have this system implemented in all aspects of life. It will determine how and if you travel, where you work and access to public or private services based on your score. It’s essentially government mandated control of everyone and everything.

If you’ve ever seen Black Mirror, this is akin to what the Chinese government wants to build.

I would like to rant about how Communism as a whole is one of the most dangerous ideologies ever to exist, although I’ll save that for another post. The truth about China is that they follow the same dangerous doctrines of Communism and it plays with their social credit system well (for those in power). What they’re doing is straight out of Nineteen Eighty-Four. The potential for abuse is huge and the Chinese government has a history of suppressing dissidents and those who disagree with their strange obsession with conformity. The combination of mass surveillance and this social credit system allow the government to make thoughtcrime a reality. If you don’t get punished for thoughtcrime by the government, you’ll be punished socially by businesses and those around you. People will reject you and your social credit will affect everything in your life. It will create social pariahs and further the Chinese government’s goal of creating hive-mind citizenry.

Humiliation and oppression

The hive-mind becomes a reality.

The Chinese government publicly shames and humiliates people that don’t conform to social standards in the areas they are testing their program. They have displayed jaywalkers on giant public TV screens, posted information about ‘untrustworthy’ people online and continually humiliate those who struggle to keep their credit score up. This humiliation is based on reports from others and creates the potential for those reports to be greatly misconstrued. Don’t like your neighbor? Submit a false report about their bad social behavior. Blackmail? Easy, especially if you’re in a higher class or position of power. The Chinese social credit system will most definitely be highly abused by those that are able to take advantage of it. The Chinese government already has a history of persecuting those they deem unfit for Communist rule and forcing them into re-education camps. The future pretty much writes itself for China unless the people stand up.

Recently I’ve had an idea, a thought, that I can’t get out of my head. The world needs more ethical companies. Now more than ever this Christmas! There’s a lot of hate for large conglomerate corporations, and it’s mostly justified. The way they behave and conduct themselves is disrespectful and objectifying. Corporatism as we know it today often creates a toxic environment that’s designed for robots and it’s bad for both customers and employees. Many would say this is just late-stage capitalism, and I sympathize with that but don’t agree that this is some inevitable stage of capitalism. People can change the world and stick it to the man if they really want to. Activism is more important and flourishing than ever. Many feel hopeless when standing up to the man, but this feeling needs to be thrown out the window.

I often find myself distracted from what I really want to achieve (especially with my ADHD-PI). There’s probably many others that feel the same. To those I say, work towards what you really want to see no matter how long it takes. It’s quite cliche, but it’s the ultimate truth. I want to see a world where companies are more often led by individuals with a clear sense of morality and humanity. People who value integrity, the happiness of others and our planet. There’s often a major disconnect from leadership and the working class. I believe this can be put to a stop with the right people.

We need more individuals leading companies who exhibit these qualities;

  • Lacking egocentric or narcissistic personality traits.
  • Humble, genuine, sensible and down to earth people.
  • Knowing or truly understand what it’s like to be marginalized.
  • Respect of individual liberty, live and let live.
  • Valuing others and relationships more than money.
  • Love for nature, people, charity and doing good to others.
  • Empathetic, showing a high level of emotional intelligence.
  • Thinking outside of the box, true innovators.
  • A knack for solving the world’s problems.

Those are only some of the qualities I believe are important for leadership. With more people like this we can do away with corporatism, as these kind of people likely have a strong distaste for that. The only way to get people like this in leadership positions is to convince them of, or show them their potential. If you know someone like this, please consider sending them this as encouragement. If you have these qualities, take action! The internet is the only library you’ll need, you can learn just about any skill with enough dedication and will power to be the change you want to see in this world.

Commonly, having a degree is associated with assumptions that someone is smart or they know the field that they have studied well. I don’t believe this is the case and would argue that most people who gain knowledge in a specific subject ‘forget’ if they don’t continuously practice. Anyone can become rusty and forget what they’ve learned and everyone does. Memory fades with time, so a degree doesn’t really show you know anything 20 years down the road if you don’t use that knowledge.

I’m generally focusing on the field of IT where it doesn’t truly matter what piece of paper you hold. People without degrees (me) often feel that we have to prove ourselves because we’re not as good as someone with one. I’m sure everyone has heard their parents or relatives tell them that they need to get a degree otherwise jobs will reject them. In IT this isn’t true and if it is, it shouldn’t be. I’ve seen some pretty bad IT “professionals” that have degrees. You can learn anything on the internet, especially IT. I think companies should hire applicants purely based on skill and willingness to learn! Gone are the days where companies require you to have a 4 year degree in IT (hopefully).

Source: blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/

Want to scan your network? Get the memcached nmap script.

https://nmap.org/nsedoc/scripts/memcached-info.html

Nmap the network for open memcached ports (example, replace with your range).

sudo nmap 127.0.0.1/18 -p 11211 -sU -sS --script memcached-info >> memcrashed.log

Sort nmap log and find IPs that are actually vuln.

cat memcrashed.log | grep -B 16 Authentication | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" >> sorted_memcrashed.log

You can verify with this one liner.

cat sorted_memcrashed.log | while read a; do echo -en "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n" | nc -q1 -u $a 11211 ; done

Update: 1/28/20, this below method is very hacky and likely no longer necessary for BelugaCDN. I would not recommend following this tutorial.

So… I recently started using BelugaCDN for XMPP.is, as they were kind enough to give us free service (being a non-profit and all). But I found that they don’t have any kind of automated (easy) way to install Let’s Encrypt certs. I’m too cheap to pay for certs, and besides, we have Let’s Encrypt after all. Now, this tutorial is a bit hacky when it gets to the BelugaCDN part, so don’t say I didn’t warn you.. I’m only scripting renewals for one subdomain at the moment.. I setup the CNAME cdn.xmpp.is -> cdn.xmpp.is.i.belugacdn.com with Cloudflare, spun up a Debian Stretch VM and my journey began..

1. Getting a certificate from Let’s Encrypt

Make sure the proper dependencies are installed.
apt install python-pip build-essential python-dev curl libffi-dev libssl-dev openssl curl sed grep mktemp git

Install Lexicon with python-pip.
pip install dns-lexicon

Create a user.
[email protected]:~# useradd -m -s bash letsencrypt

Login to the user.
[email protected]:~# su letsencrypt

Go to home directory.
[email protected]:~$ cd /home/letsencrypt

Clone the Dehydrated repository.
[email protected]:~$ git clone https://github.com/lukas2511/dehydrated /home/letsencrypt

Make the script an executable.
[email protected]:~$ chmod +x /home/letsencrypt/dehydrated/dehydrated

Add domain to list.
[email protected]:~$ echo "cdn.xmpp.is" > /home/letsencrypt/dehydrated/domains.txt

Download the default Dehydrated script and make it an executable.
[email protected]:~$ wget -P /home/letsencrypt/dehydrated https://raw.githubusercontent.com/AnalogJ/lexicon/master/examples/dehydrated.default.sh
[email protected]:~$ chmod +x /home/letsencrypt/dehydrated/dehydrated.default.sh

Add needed export variables to dehydrated.default.sh. You’ll need your global Cloudflare API key. Example:

export [email protected]
export LEXICON_CLOUDFLARE_TOKEN=234dcef90c3d9aa0eb6798e16bdc1e4b

Accept the terms…
/home/letsencrypt/dehydrated/dehydrated --register --accept-terms

Launch the script! After this you should have your cert issued shortly after.
/home/letsencrypt/dehydrated/dehydrated --cron --hook /home/letsencrypt/dehydrated/dehydrated.default.sh --challenge dns-01

By default the cert/key will be located in the directory of the script under “certs”. Example:

deploy_cert called: cdn.xmpp.is, /home/letsencrypt/dehydrated/certs/cdn.xmpp.is/privkey.pem, /home/letsencrypt/dehydrated/certs/cdn.xmpp.is/cert.pem, /home/letsencrypt/dehydrated/certs/cdn.xmpp.is/fullchain.pem, /home/letsencrypt/dehydrated/certs/cdn.xmpp.is/chain.pem

2. Pushing your new certificate to BelugaCDN

Now the next part is a bit more annoying. I’m slightly disappointed that BelugaCDN doesn’t have easier ways to automate this. Although their API seems good, the process is completely unintuitive for newbies. And the only way to easily do it, is to paste the certificate, chain and private key into the site. Obviously that method (if you’re using Let’s Encrypt) would require you to paste the new cert in every 3 months, which is cumbersome.

I didn’t feel like making a script to create the initial certificate in this next part, so I simply did this manually. Renewals CAN be scripted easily though with tools readily available.

Logout of your user if still logged in.
[email protected]:~$ exit

Install beluga-py with pip.
[email protected]:~# pip install beluga-py

Log back in.
[email protected]:~# su letsencrypt

Go back to home base.
[email protected]:~$ pwd
/home/letsencrypt

Push the initial cert. After this finishes, wait until BelugaCDN pushes it to their edge nodes. Example:
[email protected]:~$ beluga --username [email protected] --password [email protected] --path ssl-certificates --method POST --body '{"certificate": "-----BEGIN CERTIFICATE-----\n[certificate data]\n-----END CERTIFICATE-----","key": "-----BEGIN CERTIFICATE-----\n[certificate data]\n-----END CERTIFICATE-----", "site": "cdn.xmpp.is"}'

If you want to check the status on BelugaCDN’s end, you can use a command like this:

[email protected]:~$ beluga --username [email protected] --password PASSWORD --path ssl-certificates

You will see the status as “pending” until BelugaCDN fully pushes it. After, it will state “active”.

“status”: “pending”

Scripting renewals (ghetto)

To script renewals in this next part, you can download this neat python script that does everything for you.
[email protected]:~$ git clone https://github.com/masipcat/beluga-lets-encrypt /home/letsencrypt

Just edit the config.json in that folder, point it to the correct location of your certs, put in your user/pass and domain and launch it!
[email protected]:~$ cd /home/letsencrypt/beluga-lets-encrypt; python renew.py

You can add this to your “letsencrypt” user’s crontab. To edit just enter “crontab -e” when logged in.

[email protected]:~$ crontab -l
@monthly /home/letsencrypt/dehydrated/dehydrated –cron –hook /home/letsencrypt/dehydrated/dehydrated.default.sh –challenge dns-01; cd /home/letsencrypt/beluga-lets-encrypt; python renew.py