Kasper Grubbe

Page 2


Protecting services with client certificates using Haproxy

What we want to achieve

We want to be able to connect to services inside a private network using client certificates, in this example we will be connecting to Redis.

haproxy-client-certs-overview.png

Install or compile Haproxy

I am using Debian, so this is what I use to compile Haproxy for testing out this setup.

apt-get -y install make gcc g++ libssl-dev

wget http://www.haproxy.org/download/1.8/src/haproxy-1.8.4.tar.gz
tar xzf haproxy-1.8.4.tar.gz
cd haproxy-1.8.4
make TARGET=generic USE_OPENSSL=1
make install PREFIX=/usr/local

Install and configure firewall

I am testing with a Redis-server, but it can be anything. First firewall off everything except for port 22 (ssh) and port 88 (our external redis port):

apt-get -y install ufw

ufw default deny incoming
ufw default allow outgoing
ufw allow 22
ufw allow 88

Install Redis

apt-get -y install redis-server

Since Debian and Debian-related distros have the...

Continue reading →


How to backup your Betaflight configuration between upgrades

Sometimes you will need to upgrade the Betaflight firmware on your quadcopter, normally this process wipes all your settings, and you will have to fill all of them in again.

  • You can use diff in the Betaflight CLI to see which changes you have made that differs from the default settings.
  • diff all includes all 3 PID profiles.
  • You can then take the output and save it into a text-file
  • Upgrade the firmware.
  • Paste the settings from you textfile into the CLI again, type save.
  • Please read the changelog, maybe something have changed!
  • Go fly, have fun!

View →


How to invert motor rotation with Betaflight and Blheli

  • Take your propellers OFF!!!
  • In Blheli invert the motor rotation.
  • In Betaflight go to the console and type: set yaw_motor_direction = -1 followed by a save command.
  • Go back into the CLI and run get yaw_motor_direction to make sure your value is saved, you want to see -1.
  • Now verify your configuration by going to the motors tab, providing power, and spinning each motor up individually.
  • Remember to test it out slow when you take your quadcopter to the field.

View →


No Christmas presents for me, please!

I am quite content and grateful for what I have, and if I really want something it is either way too expensive to ask for, or I would buy it when I need it.

If you really want to give something, invite me for a home-cooked meal, buy me a beer, donate to something you feel is nice (and if you’re still lost, or need a recommendation, donate to the EFF or the homeless), or use the money on better presents for others.

View →


Connect to X-RACER F303 with Cleanflight/Betaflight on OSX

By default Cleanflight is not able to identify the flight controller when plugged in with USB.

But you can install the USBtoUARTBridge driver from SiLabs, and it will be able to connect just fine, you can find it here: https://www.silabs.com/products/mcu/Pages/USBtoUARTBridgeVCPDrivers.aspxmac

And you will then be able to find your model as /dev/cu.SLAB_USBtoUART in the menu:

screenie_1472160040_887212.png

View →


Easier installation of NixOS on Linode

The guide from the official wiki on how to install NixOS at Linode is very manual, and that can get a bit time consuming if you have to do it a lot of times.

I have therefore made a script that does the same, but is more automated.

nixos-hires.png

1. Create a new instance

Press the Add a Linode link in the interface.

2. Add a disk

Press Create a new Disk in the interface, give it a name, for an example nixdisk, type=ext4, size=maximum. Click the create button.

3. Boot Finnix

Click the tab named Rescue, and click the button saying Reboot into Rescue Mode.

4. Get remote access

Click the tab named Remote Access, and click Launch Lish Console, you will get a popup that looks like this:

screenie_1467214794_495297.png

5. Run install script

I have a script hosted on Github here: https://gist.github.com/kaspergrubbe/b42e5e1ccd276fea8d99e4865f0bcb21

I had to ignore certificates, because the version of Finnix Linode uses...

Continue reading →


I bought a Playstation Vita in 2016, 4 years after the initial release. Here are my first impressions

I love gaming, I own over 300 games on Steam, I buy virtual items for my game characters, and I gift games to friends. I support game creators, and I embrace the modern game marketplace that includes digital downloads, DLCs and items.

I like to bring a handheld gaming device with me on flights and longer travel when the Kindle becomes too boring. I have previously owned a Nintendo DS (NDS) and I still bring a Playstation Portable (PSP) with me occasionally.

One of the benefits of picking up a 4 year old console should be that bugs have been fixed and there is a wider selection of games, right?

full.jpg

Risk of Rain

One of my absolute favourite games on the computer is Risk of Rain, a fantastic pixel platformer where you can play lots of different kinds of characters. You need to complete the levels as fast as possible because the difficulty of the game is determined by the game time. The...

Continue reading →


GolfQuis: a golfing iOS game built by Boolex that leaks passwords

I was looking for a company to help me build a small prototype for an idea I had for a mobile application. So to find a company I asked around, and someone mentioned the company Boolex. I naturally wanted to check out the quality of their work before going any further.

They didn’t list any references, which was the first warning sign, but upon contact they mentioned they created the game GolfQuis for iOS.

screenie_1451411562_419648.png

My first tool of choice is usually mitmproxy, a Python application that can run as a proxy; it lets me inspect the traffic made by whichever clients that connect.
To run it, you first need to get your computer and your device on the same network, then run mitmproxy -p 4242, and point the device to use the proxy with the IP of your computer, with the port of 4242.

I downloaded GolfQuis and listened in on the traffic. First, I created a user, and my username and password was sent to...

Continue reading →


Tsohost.com stores passwords in cleartext

Okay, it is 2015, we all know that is it a horrendously bad idea to store passwords in cleartext.

Yet, when I log in to Tsohost’s interface I am greeted with this:

screenie_1449171843_157324.png

Ugh! So either they store one version of the password in cleartext, and shows that to the user, or they store the current version of the password.

Fortunately, it is really easy to switch to a new safer password scheme when you are already storing passwords in cleartext.

To recap Jeff Atwood’s post on the subject:

Use bcrypt to store passwords.

And if you want to do it really well, you should probably consider using scrypt instead.

But anything is better than storing passwords in cleartext!

Continue reading →


Teazr, a “secure” dating app with privacy issues

I have to admit, one of my hobbies include watching API implementations and looking at the traffic flow between clients and backend-servers.

Teazr is the new kid on the block in the dating app scene, it is built by three danish guys, and they just recently received $250.000 in funding to take on the american market.

Their goal is to make dating more safe, so when you match with another user, you are forced into taking a picture of yourself, and you will get a picture in return from your match.
They claim that this process is unbreakable, and that this can’t be automated, and because of this their app is free of the robots that haunts their competitors like Tinder.

I wanted to see which kind of data that the app uses, and how it communicates with the backend. I used Charles Web Proxy to intercept the traffic, and the interface looks like this:

akjfhaksjfdh.png
(I have since moved on to use mitmproxy...

Continue reading →