Tonight I'll be giving another talk at Ohio InfoSec Forum, this time about Social Engineering. I decided to choose a horror-movie theme for my deck (you know, hacking people...), and I think it turned out pretty well. Anyway, if you want to check it out, head over here. As always, my slides are a bit thin, so download the zip file and check out the speaker notes.
With the release of my post on Vagrant, I discovered a personal need I had to host and store large files, semi-professionally, without much hassle. After considering Dropbox, various file lockers, or uploading the file to my webserver, I decided to use Rackspace Cloud Files.
I've talked about Rackspace in the past, and am currently using their
cloud servers to host this site (among others). The interface is clean,
easy to use, and it's reliable. I wanted to have downloads from my site
files.samurailink3.com, it just looks better and provides a
more cohesive user experience. I solved this problem very quickly by
using a CNAME. It was really really easy. Check it out:
First, create a new public CDN container. Next, click on the gear and hit
"View All Links...". Copy the http or https link and take a look at it:
Head over to your domain host and go to your DNS settings. You'll need to
create a new
CNAME record. I've named mine
Take the fully qualified domain from your link, minus the
make that the target host of your new
CNAME. Like this:
Type: CNAME Host: files Target Host: somerandomjunk.ssl.cf2.rackcdn.com
You can now upload files and head to
http://files.example.com/myfile.mp3 to access those huge files, without
bogging down your web server.
Recently I've been tasked with the job of becoming a Ruby on Rails application developer. In the past few months, my skillset has gone from "complete noob" to "not-a-complete noob". I'll be making more Rails posts as time goes on, but I needed to share something I made today: A Vagrant Base box.
Yea, I get it, they're everywhere. Honestly, though, I looked for a long time and couldn't find a stupidly clean, Debian 32-bit machine made for VirtualBox 4.3.6 (with Chef-Solo). I decided to take the half-hour and make my own. The way the Vagrant docs read, they make the whole premise of creating an image out to be this insane time-consuming thing. It's really not. As a matter of fact, it's pretty easy (especially if you have Linux experience already). But this post isn't going to walk you through how to create that, there are far better resources out there for creating Vagrant Base Boxes. Instead, I'm going to share mine that you can use for any and all of your projects. Here's the details:
Vagrant Base Box: Clean Debian 32-bit OS: Debian 7.3 x86 VirtualBox Additions: 4.3.6 Chef Client: 11.8.2 Preinstalled applications: Curl
I do most of my configuration through Chef, today. I'm not an expert by any means, and I do rely on custom scripts for some items. If you need something added, get a cookbook or script it. This is supposed to be lean, clean, and easy to stand up without getting in your way. If you have any ideas, throw them out in the comments.
URL for Vagrantfile:
Ever needed to get a file across the internet, but securely, without SSH? I know, crazy to think about. What if all you've got is some spare TCP ports and a Windows box with the full version of Nmap installed on it? It's a bit of a long shot, but I needed to do this the other day and didn't want to use file locker to move my data. There are better ways to solve this problem, and it's more of a parlor trick than anything else. In any case, it's easy to set up and very cool.
We're going to use a combination of
tar to accomplish our goals. I'll explain what each part of the command
does along the way.
tar c myproject/ | lzma | gpg -a -c --cipher-algo AES256 --digest-algo SHA512 -o - | nc -w 1 192.168.1.102 1337
tar c myproject/- Create a tar file out of the
myprojectdirectory and feed the output into...
lzma- This will compress the tar file (giving you a
.tar.lzmafile). Then feed that output into...
gpg -a -c --cipher-algo AES256 --digest-algo SHA512 -o -- GPG, asking it to create an ASCII-Armor file, encrypted with a passphrase instead of a key (choose a good passphrase here). We then specify the encryption cipher (as AES256) and the digest algorithm (as SHA512). Then, pipe that output to
stdout, which is piped into...
nc -w 1 192.168.1.102 1337- We tell netcat to wait
1second, then make a connection to
1337. Now... we need a receiving machine before this command will work, so let's take a look at how to set that up.
nc -lp 1337 | gpg -v -o - | lzcat | tar x -C ~/
nc -lp 1337- This tells the receiving machine to listen for a TCP connection on port
gpg -v -o -- Any data that is received on port 1337 is fed into GPG, verification information is shown, then GPG will prompt you for the password you set. The decrypted data is then fed into....
lzcat- Which will decompress any lzma data fed into it, the pipe the output to...
tar x -C ~/- Which will then extract the data into your home directory
Feel free to change any of the variables to suite your particular need. File transfer can be done in better/more efficient ways, but if you're in a bind, this can work in a pinch.
A while ago, I plunked down $35 to get Google's second attempt at the living room stream box. After being extremely impressed with the price tag, I became extremely disappointed in the way it worked in my almost-corporate home network.
For the life of me, I couldn't get the Chromecast and my devices to see each other. I'm using a home-built Astaro-at-Home (now Sophos UTM Home Edition) box coupled with a dumb gigabit switch and a nice Cisco wireless access point. Not really a typical home setup, compared with all the unsecured Linksys boxes running around, but not overly-complex either.
I tried everything I could, got frustrated, and gave up on the device for a couple weeks before tackling it again over a slow weekend. I found a couple fantastic pieces of information that pointed me in the right direction. I needed to add two statements to my AP configuration (yes, in text mode, there is no web option for this).
Adding these two statements over SSH solved all of my problems with the Chromecast:
no ip igmp snooping no dot11 igmp snooping-helper
These two lines allow the Chromecast to talk to devices over the access point and complete the set up correctly. Not really the way I wanted it, especially since the Nexus Q was so much easier to set up, but it works now.
As far as the Chromecast goes, it's a great device for $35. From a technical perspective, the Nexus Q was far cleaner to set up and run with, the Chromecast seems to crash and disconnect more than I would like it to, but for $35, I'm not going to complain.