Posts

Built some Alexa apps...and found a love for old time radio along the way

3 minute read Published:

My father-in-law bought my mother-in-law an Echo Dot for Christmas. She listens to old time radio shows from Internet Archive at night and they were looking for a way to play her shows through the Dot. In digging around a little bit, I found Alexa development was pretty easy to start goofing around with and ended up writing Radio Fun Time, which provides a voice interface to the Old Time Radio Researchers’ public domain old time radio shows published on the Internet Archive.

Updated the Seven Minute VPN Script and Build Your Own VPN

1 minute read Published:

Have a couple of updates to share: I’ve updated the Seven Minute VPN scripts to: Block ads by setting the VPN server itself as a DNS server using dnsmasq and populating /etc/hosts with a boatload of known ad networks from Steven Black’s master hosts file. Install OpenVPN 2.3.15 as an RPM built from source instead of pulling Amazon’s package, as OpenVPN’s audits are complete and a few vulnerabilities discovered.

Serverless Fun: Using Amazon SES and Lambda to Send and Receive Email

15 minute read Published:

I’m using Lightsail as a VPN, don’t really want to use an elastic IP as the instance is ephemeral. Because I’m not using an Elastic IP, security event emails sent from the host to my Gmail account fails. I also want to be able to send and receive an email or two every once in awhile on my new domain. And I really, really don’t want to run my own mail server right now, nor can I justify $25/month for Google hosting for a vanity blog only accessed by bots, spiders, and Internet censii.

Locking Down Ports on Amazon Lightsail

3 minute read Published:

I’ve been using Amazon Lightsail, which is kind of an “EC2-lite” to host my VPN server. It’s quick to set up and tear down, but one limitation is that, unlike traditional EC2, you can’t granularly control access to firewall ports from Amazon’s web UI. You open the port or close it, it’s all or nothing. While I might leave the VPN port open to access via mobile device, I don’t really want SSH open to the world.

Writing Custom Rules for OSSEC: OpenVPN Edition

2 minute read Published:

I wrote some custom rules for OpenVPN on OSSEC yesterday; the full step-by-step with instructions for beginners is included in the latest revision of The Seven Minute Server. But I figure if you’re here, you were searching for this specifically, so here’s the basics: Basic decoder in /var/ossec/etc/local_decoder.xml: <decoder name="openvpn"> <prematch>^\w\w\w\s\w\w\w\s+\d+\s\d\d(:)\d\d(:)\d\d\s\d\d\d\d</prematch> </decoder> I’ll be honest, I’m not a total fan of this approach, but the error logs aren’t formatted consistently, and the only static portion is the date; on the Amazon Linux AMI, it’s the only program that logs in this format (dracut is close, but adds timezone before the year).

Getting an A+ on Qualys SSL Labs' SSL Report

3 minute read Published:

I’m supposed to be studying for the ASA 101 sailing test. Yesterday, I procrastinated by adding another section to The Seven Minute Server and used CSS to create a practice test/quiz for the ASA 101 by hiding the answers until you hover over them. It didn’t get me any closer to finishing the prep book, but it was fun… Today, when I should have been tying exotic knots, on a whim, I ran my site through Qualys SSL Labs’ SSL Report and was dismayed to see this site got a B.

Installing an SSL Cert on Your Server with CentOS/Apache 2.4/Let's Encrypt

4 minute read Published:

Using Let’s Encrypt is so easy, there’s no excuse not to do it…the only drawback is that certificates expire after three months, but they’ll email to give you a heads-up when it gets close to time to switch ‘em up…and it really is simple (and free!) to get them issued. Here’s a run-through of how to use Certbot to install a Let’s Encrypt SSL certificate on an Amazon Linux image:

Using CSS to Hack Up a Quick Quiz

2 minute read Published:

Was bored reading my sailing 101 book and thought it’d be easier to learn the material if I could set up a quiz on the go. After much duckduckgoing, came up with a quick-and-dirty solution to hide the answers until you hover (on desktop) or activate (on mobile). The styling I’m using is pretty ugly, but you can switch up the colors; just be sure that the background and hide-me colors are the same.

Making 8-bit Arcade Games in C

1 minute read Published:

So I bet you thought programming assembly on the web for the Atari 2600 was the ultimate. But check it: You can now use C to develop Z80 CPU-based game platforms like Space Invaders, Galaxian, Sega/Gremlin as well as the Atari vector and Williams platforms. (Atari vector and Williams used the 6502 and 6809 chips, respectively, but Steve tweaked them so that they work with the Z80 compiler.) Type your C source code on the left side of the browser and watch it compile and run in real time on the right side.

First of the 7 Minute Server Series: VPN Servers

3 minute read Published:

I’ve been using a proxy server for awhile, Squid and Privoxy, for fun and also because I saw too many cable and mobile ISPs acting shiftily (why, when I’m connected to Google, do all my connections go to an AT&T server, hmmm?). But the difficulty of setting up a proxy on a cellular connection was annoying — who wants to get Apple Configurator up and running and is that really a feasible solution for a non-technical person who should be able to control their phone’s outbound connections?

Configuring an OpenVPN client connection on Chromebook

4 minute read Published:

When you sit down to write a piece of technical documentation, it’s always surprising that the section you thought would be really complicated is astonishingly simple; and the things you thought would be finished in minutes steal days. Configuring an OpenVPN connection on Chrome was one of these things — it stole an entire day, but I finally got it working (and working repeatably, which is the sticky wicket!).