Kasper Grubbe

Read this first

Rick-rolling people looking for free WiFi using an inexpensive ESP8266-chip

(If you are here because you were tricked, you can throw some words my way on rickroll@kaspergrubbe.com or by sending a tweet to @kaspergrubbe)

I found a project on Github named mobile-rr, by a user called idolpx. His project includes a little wifi-chip that includes a piezo buzzer, and when people connect they are promised free wifi, but instead of getting access to the internet, they are shown a video of Rick Astley singing “Never gonna give you up”.

This is a so called Rickrolling prank, and if you have been living under a rock the past decade, the prank involves bait-and-switch where a link on a webpage promises to bring the user to some unrelated material, and bam! they are now listening to the tunes of Rick Astley and they can consider themselves rickrolled.

The original project only beeped when a person was tricked, and if you wanted to know the score, you had to connect to...

Continue reading →


Protecting services with client certificates using Haproxy

 What we want to achieve

We want to be able to connect to services inside a private network using client certificates, in this example we will be connecting to Redis.

haproxy-client-certs-overview.png

 Install or compile Haproxy

I am using Debian, so this is what I use to compile Haproxy for testing out this setup.

apt-get -y install make gcc g++ libssl-dev

wget http://www.haproxy.org/download/1.8/src/haproxy-1.8.4.tar.gz
tar xzf haproxy-1.8.4.tar.gz
cd haproxy-1.8.4
make TARGET=generic USE_OPENSSL=1
make install PREFIX=/usr/local

 Install and configure firewall

I am testing with a Redis-server, but it can be anything. First firewall off everything except for port 22 (ssh) and port 88 (our external redis port):

apt-get -y install ufw

ufw default deny incoming
ufw default allow outgoing
ufw allow 22
ufw allow 88

 Install Redis

apt-get -y install redis-server

Since Debian and Debian-related distros have the...

Continue reading →


How to backup your Betaflight configuration between upgrades

Sometimes you will need to upgrade the Betaflight firmware on your quadcopter, normally this process wipes all your settings, and you will have to fill all of them in again.

  • You can use diff in the Betaflight CLI to see which changes you have made that differs from the default settings.
  • diff all includes all 3 PID profiles.
  • You can then take the output and save it into a text-file
  • Upgrade the firmware.
  • Paste the settings from you textfile into the CLI again, type save.
  • Please read the changelog, maybe something have changed!
  • Go fly, have fun!

View →


How to invert motor rotation with Betaflight and Blheli

  • Take your propellers OFF!!!
  • In Blheli invert the motor rotation.
  • In Betaflight go to the console and type: set yaw_motor_direction = -1 followed by a save command.
  • Go back into the CLI and run get yaw_motor_direction to make sure your value is saved, you want to see -1.
  • Now verify your configuration by going to the motors tab, providing power, and spinning each motor up individually.
  • Remember to test it out slow when you take your quadcopter to the field.

View →


No Christmas presents for me, please!

I am quite content and grateful for what I have, and if I really want something it is either way too expensive to ask for, or I would buy it when I need it.

If you really want to give something, invite me for a home-cooked meal, buy me a beer, donate to something you feel is nice (and if you’re still lost, or need a recommendation, donate to the EFF or the homeless), or use the money on better presents for others.

View →


Connect to X-RACER F303 with Cleanflight/Betaflight on OSX

By default Cleanflight is not able to identify the flight controller when plugged in with USB.

But you can install the USBtoUARTBridge driver from SiLabs, and it will be able to connect just fine, you can find it here: https://www.silabs.com/products/mcu/Pages/USBtoUARTBridgeVCPDrivers.aspx#mac

And you will then be able to find your model as /dev/cu.SLAB_USBtoUART in the menu:

screenie_1472160040_887212.png

View →


Easier installation of NixOS on Linode

The guide from the official wiki on how to install NixOS at Linode is very manual, and that can get a bit time consuming if you have to do it a lot of times.

I have therefore made a script that does the same, but is more automated.

nixos-hires.png

 1. Create a new instance

Press the Add a Linode link in the interface.

 2. Add a disk

Press Create a new Disk in the interface, give it a name, for an example nixdisk, type=ext4, size=maximum. Click the create button.

 3. Boot Finnix

Click the tab named Rescue, and click the button saying Reboot into Rescue Mode.

 4. Get remote access

Click the tab named Remote Access, and click Launch Lish Console, you will get a popup that looks like this:

screenie_1467214794_495297.png

 5. Run install script

I have a script hosted on Github here: https://gist.github.com/kaspergrubbe/b42e5e1ccd276fea8d99e4865f0bcb21

I had to ignore certificates, because the version of Finnix Linode uses...

Continue reading →


I bought a Playstation Vita in 2016, 4 years after the initial release. Here are my first impressions

I love gaming, I own over 300 games on Steam, I buy virtual items for my game characters, and I gift games to friends. I support game creators, and I embrace the modern game marketplace that includes digital downloads, DLCs and items.

I like to bring a handheld gaming device with me on flights and longer travel when the Kindle becomes too boring. I have previously owned a Nintendo DS (NDS) and I still bring a Playstation Portable (PSP) with me occasionally.

One of the benefits of picking up a 4 year old console should be that bugs have been fixed and there is a wider selection of games, right?

full.jpg

 Risk of Rain

One of my absolute favourite games on the computer is Risk of Rain, a fantastic pixel platformer where you can play lots of different kinds of characters. You need to complete the levels as fast as possible because the difficulty of the game is determined by the game time. The...

Continue reading →


GolfQuis: a golfing iOS game built by Boolex that leaks passwords

I was looking for a company to help me build a small prototype for an idea I had for a mobile application. So to find a company I asked around, and someone mentioned the company Boolex. I naturally wanted to check out the quality of their work before going any further.

They didn’t list any references, which was the first warning sign, but upon contact they mentioned they created the game GolfQuis for iOS.

screenie_1451411562_419648.png

My first tool of choice is usually mitmproxy, a Python application that can run as a proxy; it lets me inspect the traffic made by whichever clients that connect.
To run it, you first need to get your computer and your device on the same network, then run mitmproxy -p 4242, and point the device to use the proxy with the IP of your computer, with the port of 4242.

I downloaded GolfQuis and listened in on the traffic. First, I created a user, and my username and password was sent to...

Continue reading →


Tsohost.com stores passwords in cleartext

Okay, it is 2015, we all know that is it a horrendously bad idea to store passwords in cleartext.

Yet, when I log in to Tsohost’s interface I am greeted with this:

screenie_1449171843_157324.png

Ugh! So either they store one version of the password in cleartext, and shows that to the user, or they store the current version of the password.

Fortunately, it is really easy to switch to a new safer password scheme when you are already storing passwords in cleartext.

To recap Jeff Atwood’s post on the subject:

Use bcrypt to store passwords.

And if you want to do it really well, you should probably consider using scrypt instead.

But anything is better than storing passwords in cleartext!

Continue reading →