Archives

All posts by Lunar

Recently I’ve had an idea, a thought, that I can’t get out of my head. The world needs more ethical companies. Now more than ever this Christmas! There’s a lot of hate for large conglomerate corporations, and it’s mostly justified. The way they behave and conduct themselves is disrespectful and objectifying. Corporatism as we know it today often creates a toxic environment that’s designed for robots and it’s bad for both customers and employees. Many would say this is just late-stage capitalism, and I sympathize with that but don’t agree that this is some inevitable stage of capitalism. People can change the world and stick it to the man if they really want to. Activism is more important and flourishing than ever. Many feel hopeless when standing up to the man, but this feeling needs to be thrown out the window.

I often find myself distracted from what I really want to achieve (especially with my ADHD-PI). There’s probably many others that feel the same. To those I say, work towards what you really want to see no matter how long it takes. It’s quite cliche, but it’s the ultimate truth. I want to see a world where companies are more often led by individuals with a clear sense of morality and humanity. People who value integrity, the happiness of others and our planet. There’s often a major disconnect from leadership and the working class. I believe this can be put to a stop with the right people.

We need more individuals leading companies who exhibit these qualities;

  • Lacking egocentric or narcissistic personality traits.
  • Humble, genuine, sensible and down to earth people.
  • Knowing or truly understand what it’s like to be marginalized.
  • Respect of individual liberty, live and let live.
  • Valuing others and relationships more than money.
  • Love for nature, people, charity and doing good to others.
  • Empathetic, showing a high level of emotional intelligence.
  • Thinking outside of the box, true innovators.
  • A knack for solving the world’s problems.

Those are only some of the qualities I believe are important for leadership. With more people like this we can do away with corporatism, as these kind of people likely have a strong distaste for that. The only way to get people like this in leadership positions is to convince them of, or show them their potential. If you know someone like this, please consider sending them this as encouragement. If you have these qualities, take action! The internet is the only library you’ll need, you can learn just about any skill with enough dedication and will power to be the change you want to see in this world.

Commonly, having a degree is associated with assumptions that someone is smart or they know the field that they have studied well. I don’t believe this is the case and would argue that most people who gain knowledge in a specific subject ‘forget’ if they don’t continuously practice. Anyone can become rusty and forget what they’ve learned and everyone does. Memory fades with time, so a degree doesn’t really show you know anything 20 years down the road if you don’t use that knowledge.

I’m generally focusing on the field of IT where it doesn’t truly matter what piece of paper you hold. People without degrees (me) often feel that we have to prove ourselves because we’re not as good as someone with one. I’m sure everyone has heard their parents or relatives tell them that they need to get a degree otherwise jobs will reject them. In IT this isn’t true and if it is, it shouldn’t be. I’ve seen some pretty bad IT “professionals” that have degrees. You can learn anything on the internet, especially IT. I think companies should hire applicants purely based on skill and willingness to learn! Gone are the days where companies require you to have a 4 year degree in IT (hopefully).

Source: blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/

Want to scan your network?

[code language=”bash”]
# Get the memcached nmap script – https://nmap.org/nsedoc/scripts/memcached-info.html

# Nmap network for open memcached ports (example, replace with your range)
sudo nmap 127.0.0.1/18 -p 11211 -sU -sS –script memcached-info >> memcrashed.log

# Sort nmap log and find IPs that are actually vuln
cat memcrashed.log | grep -B 16 Authentication | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" >> sorted_memcrashed.log

# Can verify with this one liner
cat sorted_memcrashed.log | while read a; do echo -en "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n" | nc -q1 -u $a 11211 ; done
[/code]

So… I recently started using BelugaCDN for XMPP.is, as they were kind enough to give us free service (being a non-profit and all). But I found that they don’t have any kind of automated (easy) way to install Let’s Encrypt certs. I’m too cheap to pay for certs, and besides, we have Let’s Encrypt after all. Now, this tutorial is a bit hacky when it gets to the BelugaCDN part, so don’t say I didn’t warn you.. I’m only scripting renewals for one subdomain at the moment.. I setup the CNAME cdn.xmpp.is -> cdn.xmpp.is.i.belugacdn.com with Cloudflare, spun up a Debian Stretch VM and my journey began..

1. Getting a certificate from Let’s Encrypt

Make sure the proper dependencies are installed.
apt install python-pip build-essential python-dev curl libffi-dev libssl-dev openssl curl sed grep mktemp git

Install Lexicon with python-pip.
pip install dns-lexicon

Create a user.
root@moon:~# useradd -m -s bash letsencrypt

Login to the user.
root@moon:~# su letsencrypt

Go to home directory.
letsencrypt@moon:~$ cd /home/letsencrypt

Clone the Dehydrated repository.
letsencrypt@moon:~$ git clone https://github.com/lukas2511/dehydrated /home/letsencrypt

Make the script an executable.
letsencrypt@moon:~$ chmod +x /home/letsencrypt/dehydrated/dehydrated

Add domain to list.
letsencrypt@moon:~$ echo "cdn.xmpp.is" > /home/letsencrypt/dehydrated/domains.txt

Download the default Dehydrated script and make it an executable.
letsencrypt@moon:~$ wget -P /home/letsencrypt/dehydrated https://raw.githubusercontent.com/AnalogJ/lexicon/master/examples/dehydrated.default.sh
letsencrypt@moon:~$ chmod +x /home/letsencrypt/dehydrated/dehydrated.default.sh

Add needed export variables to dehydrated.default.sh. You’ll need your global Cloudflare API key. Example:

export LEXICON_CLOUDFLARE_USERNAME=username@example.com
export LEXICON_CLOUDFLARE_TOKEN=234dcef90c3d9aa0eb6798e16bdc1e4b

Accept the terms…
/home/letsencrypt/dehydrated/dehydrated --register --accept-terms

Launch the script! After this you should have your cert issued shortly after.
/home/letsencrypt/dehydrated/dehydrated --cron --hook /home/letsencrypt/dehydrated/dehydrated.default.sh --challenge dns-01

By default the cert/key will be located in the directory of the script under “certs”. Example:

deploy_cert called: cdn.xmpp.is, /home/letsencrypt/dehydrated/certs/cdn.xmpp.is/privkey.pem, /home/letsencrypt/dehydrated/certs/cdn.xmpp.is/cert.pem, /home/letsencrypt/dehydrated/certs/cdn.xmpp.is/fullchain.pem, /home/letsencrypt/dehydrated/certs/cdn.xmpp.is/chain.pem

2. Pushing your new certificate to BelugaCDN

Now the next part is a bit more annoying. I’m slightly disappointed that BelugaCDN doesn’t have easier ways to automate this. Although their API seems good, the process is completely unintuitive for newbies. And the only way to easily do it, is to paste the certificate, chain and private key into the site. Obviously that method (if you’re using Let’s Encrypt) would require you to paste the new cert in every 3 months, which is cumbersome.

I didn’t feel like making a script to create the initial certificate in this next part, so I simply did this manually. Renewals CAN be scripted easily though with tools readily available.

Logout of your user if still logged in.
letsencrypt@moon:~$ exit

Install beluga-py with pip.
root@moon:~# pip install beluga-py

Log back in.
root@moon:~# su letsencrypt

Go back to home base.
letsencrypt@moon:~$ pwd
/home/letsencrypt

Push the initial cert. After this finishes, wait until BelugaCDN pushes it to their edge nodes. Example:
letsencrypt@moon:~$ beluga --username email@example.com --password 3x@mp13 --path ssl-certificates --method POST --body '{"certificate": "-----BEGIN CERTIFICATE-----\n[certificate data]\n-----END CERTIFICATE-----","key": "-----BEGIN CERTIFICATE-----\n[certificate data]\n-----END CERTIFICATE-----", "site": "cdn.xmpp.is"}'

If you want to check the status on BelugaCDN’s end, you can use a command like this:

letsencrypt@moon:~$ beluga --username example@example.com --password PASSWORD --path ssl-certificates

You will see the status as “pending” until BelugaCDN fully pushes it. After, it will state “active”.

“status”: “pending”

Scripting renewals (ghetto)

To script renewals in this next part, you can download this neat python script that does everything for you.
letsencrypt@moon:~$ git clone https://github.com/masipcat/beluga-lets-encrypt /home/letsencrypt

Just edit the config.json in that folder, point it to the correct location of your certs, put in your user/pass and domain and launch it!
letsencrypt@moon:~$ cd /home/letsencrypt/beluga-lets-encrypt; python renew.py

You can add this to your “letsencrypt” user’s crontab. To edit just enter “crontab -e” when logged in.

letsencrypt@moon:~$ crontab -l
@monthly /home/letsencrypt/dehydrated/dehydrated –cron –hook /home/letsencrypt/dehydrated/dehydrated.default.sh –challenge dns-01; cd /home/letsencrypt/beluga-lets-encrypt; python renew.py

Does anyone remember when Saudi Arabia threatened to sue anyone online that compared them to ISIS? I do..

Do you remember when Ashraf Fayadh received the death sentence for apostasy? I do..

Although the sentence was overturned (most likely due to public outcry) he got an 8 year sentence and 800 lashes.. 800 lashes… In addition to his severe punishments he is forced to repent through an announcement in official media, 1984 style. Are we supposed to feel better about this? They probably think so. Should we? Hell no. The fact that Saudi Arabia continually violates human rights according to Amnesty International’s research is daunting. This is the same country that is allied with the US and UK.. The same country that is on the UN human rights panel, even though they execute people in brutal fashion, on public display at times, and for ludicrous reasons.

Do you realize that Saudi Arabia is comparable to ISIS? I do.. And you should too. 🙂