jwieringa

Bike Security Opinions by Jason Wieringa

The recommendations here start with the assumption, there is no way to keep a bike from being stolen, only ways to make it harder to steal. I think about where I’m locking up the bike and how long it will be there. At first, bike security can feel overwhelming. In practice we tend to re-use the same spots for locking up a bike frequently. There is some up front thought and then it turns into habit.

Products in order of importance to me:

1. ABUS Folding Lock
2. Secondary Ottolock or U-Lock (used when I’m worried)
3. HEXLOX part locks
4. Scout Tracker and Alarm

jwieringa

systemd-run --slice=machine rkt run --net=host --dns=host --insecure-options=image docker://registery
docker build -t interactive .
docker push localhost:5000/interactive
systemd-run --slice=machine rkt run  --insecure-options=all --net=host --dns=host docker://localhost:5000/interactive:0.0.1

jwieringa

sub vcl_recv {
#FASTLY recv

  # Normally, you should consider requests other than GET and HEAD to be uncacheable
  # (to this we add the special FASTLYPURGE method)
  if (req.method != "HEAD" && req.method != "GET" && req.method != "FASTLYPURGE") {
    return(pass);
  }

  return(lookup);

jwieringa

• Generate a private key and a CSR(Certificate Signing Request )
• Generate a CSR from an Existing Private Key
• Generate a CSR from an Existing Certificate and Private Key
• Generating SSL Certificates
  • Generate a Self-Signed Certificate
  • Generate a Self-Signed Certificate from an Existing Private Key
  • Generate a Self-Signed Certificate from an Existing Private Key and CSR
  • View Certificates
  • View CSR Entries

• View Certificate Entries

jwieringa

[Unit]
Description=AutoSSH service to remotely access signald's unix socket for weechat's signal.py (/smsg +145789323231)
After=network-online.target
# Use this instead if autossh will interact with the local SSH server
# After=network-online.target sshd.service

[Service]
Environment="AUTOSSH_GATETIME=30"
Environment="AUTOSSH_POLL=30"
Environment="AUTOSSH_FIRST_POLL=30"

jwieringa

modules:
  http_2xx:
    prober: http
    http:
      preferred_ip_protocol: "ip4"

jwieringa

Add the following chunk to your existing ISC dhcpd.conf file.

if exists user-class and ( option user-class = "iPXE" ) {
    filename "http://boot.smidsrod.lan/boot.ipxe";
}
else {
    filename "undionly.kpxe";
}

(or see https://gist.github.com/4008017 for a more elaborate setup

jwieringa

#!/bin/bash

make_ipxe() {
    pushd "$HOME/src/forked/ipxe/src" >/dev/null &&
    make CONFIG=chain bin/undionly.kpxe bin/ipxe.lkrn bin/ipxe.pxe bin/ipxe.usb &&
    sudo install -v -m 0644 -g root -o root bin/undionly.kpxe /srv/salt/tftpd/files/undionly.kpxe &&
    sudo install -v -m 0644 -g root -o root bin/ipxe.lkrn     /srv/salt/tftpd/files/ipxe.lkrn &&
    sudo install -v -m 0644 -g root -o root bin/ipxe.pxe      /srv/salt/tftpd/files/ipxe.pxe &&
    sudo salt-call -l quiet state.single file.recurse name=/srv/tftp source=salt://tftpd/files dir_mode=755 file_mode=644 &&
    popd >/dev/null

jwieringa

# boot-url points to an nfs URL
# sanboot-url points to an http URL
# ubuntu-version contains 18.04.3
# ubuntu-release contains bionic

:ubuntu
echo Booting Ubuntu from iSCSI for ${initiator-iqn}
set root-path ${base-iscsi}:${hostname}.boot.ubuntu
sanboot ${root-path} || goto failed
goto start

jwieringa

AWS Inspector Support in a Containerized environment

Summary

• If behavioral analysis is required, then the kernel module is required
• The inspector agent cannot be compiled for container linux because the source code is not open
• The inspector agent is dynamically linked and therefore must be run on a supported filesystem/OS
• Therefore, the inspector agent must be run inside of a container
• Once the inspector agent in the container needs to have the correct mounts and capabilites to scan the host systems