Have a couple of updates to share:
I’ve updated the Seven Minute VPN scripts to:
Block ads by setting the VPN server itself as a DNS server using dnsmasq and populating /etc/hosts with a boatload of known ad networks from Steven Black’s master hosts file.
Install OpenVPN 2.3.15 as an RPM built from source instead of pulling Amazon’s package, as OpenVPN’s audits are complete and a few vulnerabilities discovered.
Background I’m using Lightsail as a VPN, and don’t really want to use an elastic IP because my VPN instances tend to be ephemeral. And because I’m not using an Elastic IP, security event emails sent from the host to my Gmail account fail to send. I also want to be able to send and receive an email or two every once in awhile on my new domain. And I really, really don’t want to run my own mail server right now, nor can I justify $25/month for Google hosting for a vanity blog only accessed by bots, spiders, and Internet censii.
I’ve been using Amazon Lightsail, which is kind of an “EC2-lite” to host my VPN server. It’s quick to set up and tear down, but one limitation is that, unlike traditional EC2, you can’t granularly control access to firewall ports from Amazon’s web UI. You open the port or close it, it’s all or nothing. While I might leave the VPN port open to access via mobile device, I don’t really want SSH open to the world.
I wrote some custom rules for OpenVPN on OSSEC yesterday; the full step-by-step with instructions for beginners is included in the latest revision of The Seven Minute Server. But I figure if you’re here, you were searching for this specifically, so here’s the basics:
Basic decoder in /var/ossec/etc/local_decoder.xml:
<decoder name="openvpn"> <prematch>^\w\w\w\s\w\w\w\s+\d+\s\d\d(:)\d\d(:)\d\d\s\d\d\d\d</prematch> </decoder> I’ll be honest, I’m not a total fan of this approach, but the error logs aren’t formatted consistently, and the only static portion is the date; on the Amazon Linux AMI, it’s the only program that logs in this format (dracut is close, but adds timezone before the year).
I’m supposed to be studying for the ASA 101 sailing test. Yesterday, I procrastinated by adding another section to The Seven Minute Server and used CSS to create a practice test/quiz for the ASA 101 by hiding the answers until you hover over them. It didn’t get me any closer to finishing the prep book, but it was fun…
Today, when I should have been tying exotic knots, on a whim, I ran my site through Qualys SSL Labs’ SSL Report and was dismayed to see this site got a B.
Using Let’s Encrypt is so easy, there’s no excuse not to do it…the only drawback is that certificates expire after three months, but they’ll email to give you a heads-up when it gets close to time to switch ‘em up…and it really is simple (and free!) to get them issued.
Here’s a run-through of how to use Certbot to install a Let’s Encrypt SSL certificate on an Amazon Linux image:
Was bored reading my sailing 101 book and thought it’d be easier to learn the material if I could set up a quiz on the go. After much duckduckgoing, came up with a quick-and-dirty solution to hide the answers until you hover (on desktop) or activate (on mobile). The styling I’m using is pretty ugly, but you can switch up the colors; just be sure that the background and hide-me colors are the same.
So I bet you thought programming assembly on the web for the Atari 2600 was the ultimate. But check it: You can now use C to develop Z80 CPU-based game platforms like Space Invaders, Galaxian, Sega/Gremlin as well as the Atari vector and Williams platforms. (Atari vector and Williams used the 6502 and 6809 chips, respectively, but Steve tweaked them so that they work with the Z80 compiler.)
Type your C source code on the left side of the browser and watch it compile and run in real time on the right side.
I’ve been using a proxy server for awhile, Squid and Privoxy, for fun and also because I saw too many cable and mobile ISPs acting shiftily (why, when I’m connected to Google, do all my connections go to an AT&T server, hmmm?).
But the difficulty of setting up a proxy on a cellular connection was annoying — who wants to get Apple Configurator up and running and is that really a feasible solution for a non-technical person who should be able to control their phone’s outbound connections?
When you sit down to write a piece of technical documentation, it’s always surprising that the section you thought would be really complicated is astonishingly simple; and the things you thought would be finished in minutes steal days. Configuring an OpenVPN connection on Chrome was one of these things — it stole an entire day, but I finally got it working (and working repeatably, which is the sticky wicket!).
First of all, ChromeOS doesn’t really support OpenVPN despite the UI allowing you to add a connection.
The Atari 2600 was released in 1977, and now there’s finally a book about writing games for it!
My partner, Steven Hugg, just released a manual and companion Web-based IDE that’ll teach you about the 6502 CPU, NTSC frames, scanlines, cycle counting, players, missiles, collisions, procedural generation, pseudo-3D, and more. Steve covers the same programming tricks that master programmers used to make classic games. Create your own graphics and sound, and share your games with friends!