https://rpg.skmobi.com/Recent content on Random Post GeneratorHugo -- gohugo.ioen-usMon, 01 Nov 2021 23:55:50 +0100https://rpg.skmobi.com/posts/0x478c_dll/Mon, 01 Nov 2021 23:55:50 +0100https://rpg.skmobi.com/posts/0x478c_dll/I was looking for some excuse to improve my nil little experience with IDA and building a CLI for Vasco Digipass came up in a conversation. While keeping the OTP generator in the same machine where you use the OTP itself is unlikely to be endorsed by the security team, Vasco already provides that with Digipass For Windows (even if EOL is April 2022). Challenge accepted, took a set of valid credentials1, the installer2 and fired up a brand new IDA VM.https://rpg.skmobi.com/posts/0x904d_cloudflare_pull/Fri, 09 Apr 2021 01:37:29 +0100https://rpg.skmobi.com/posts/0x904d_cloudflare_pull/My houselab is made of a few RPis and docker swarm. Traefik is used to expose (most of) the swarm services and some of these services are exposed to the internet. Traefik docker-compose includes these flags - --entrypoints.http.address=:80 - --entrypoints.https.address=:443 - --entrypoints.https_external.address=:8443 Home router has port forwarding from 443 to 8443 on one of the manager nodes (where Traefik runs). Binding services to http (80) or https (443) exposes them internally only, binding to https_external (8443) exposes them to the internet.https://rpg.skmobi.com/posts/0x474e_telegraf/Mon, 01 Mar 2021 00:16:05 +0000https://rpg.skmobi.com/posts/0x474e_telegraf/I’ve moved log collection and telemetry out of GCP Stackdriver (mentioned before) to on-prem InfluxDB (running in a raspberry pi 4 4GB) FluentBit was the agent of choice at the time but Telegraf seemed like a good candidate now. Why fluentd has a lot of plugins but its crappy ruby codebase eats way too many resources for me (why would anyone?) to use it. Luckily, the same guys gave it an extreme makeover in C and called it fluentbit.https://rpg.skmobi.com/posts/0x6fd7_docker_internal_ca/Mon, 15 Feb 2021 01:13:47 +0000https://rpg.skmobi.com/posts/0x6fd7_docker_internal_ca/I use an internal CA for all the services in my home lab. Big part of the lab is running on docker swarm. Usually services connect through internal networks (without using HTTPS as that is offloaded to traefik), but sometimes they do need to validate the certificates (such as interacting with the NAS or router APIs). For personal images, private CA is naturally bundled into them. For public, 3rd party, ones, I usually rebuild them only for that purpose, such as:https://rpg.skmobi.com/posts/0xb752_ddwrt_ssl/Sun, 14 Feb 2021 16:26:09 +0000https://rpg.skmobi.com/posts/0xb752_ddwrt_ssl/When I first installed dd-wrt (no support from openwrt) on my router, I enabled HTTPS-only access for the web UI. When the nasty prompt from the self-signed certificate popped up, I looked for an option to upload my own cerficate (signed by the internal CA I use). There was none… Left it be for quite soem time, but finally decided to sort it out and, to my surprise, there’s no official documentation on it (or not easy to find, at least)…https://rpg.skmobi.com/posts/0xf404_mini_delta/Wed, 09 Dec 2020 23:38:59 +0000https://rpg.skmobi.com/posts/0xf404_mini_delta/TL;DR; One year ago I bought a MP Mini Delta, my final review: Pros: Cheapest I could find - bought it £91 Really compact - perk of the delta style and the very small print bed, fits perfectly in a normal desk corner, no need for huge workbenches like most of the others Sturdy, portable - sturdy build and an handle makes it easy and trouble-free to move around Heated bed - rare in cheap printers Cons:https://rpg.skmobi.com/posts/0x9b4b_gcp_metrics/Tue, 24 Nov 2020 02:54:26 +0000https://rpg.skmobi.com/posts/0x9b4b_gcp_metrics/Some time ago I wrote about leveraging GCP free tier for log collection. I also started using it for telemetry though I never updated the post with those details. Since Google refactored their Monitoring away from that crappy StackDriver interface, it’s actually quite nice, so might as well write the setup down (up? ☁️). Even though GCP monitoring seems oriented to metrics from GCP services it also allows you to create logs-based metrics.https://rpg.skmobi.com/posts/0xcf53_rgr/Sun, 01 Nov 2020 18:40:57 +0000https://rpg.skmobi.com/posts/0xcf53_rgr/Dr. No Open One of my garage openers stopped working but I kept it in hope one day I’d make a learning exercise out of repairing it. The other day somehow I brought it up in a conversation and it was highlighted that it is common for the push button to wear out, so I opened the case and tested by shorting over the button with a wire. And the garage door opened (thanks Dad)!https://rpg.skmobi.com/posts/0xf8cb_pi_tv/Mon, 26 Oct 2020 12:31:53 +0000https://rpg.skmobi.com/posts/0xf8cb_pi_tv/One of my raspberries is connected to the TV (quite original!) running RetroPie with Kodi as well. Every now and then, power fails. When restored, the Pi always came up with messed up resolution. I would just reboot it once again and everything would be fine, so I postponed looking into. Turns out it was one of those things you delay because you think it will take forever to understand but in the end takes 5min…https://rpg.skmobi.com/posts/0x8490_privileged_swarm_service/Sat, 07 Mar 2020 14:38:07 +0000https://rpg.skmobi.com/posts/0x8490_privileged_swarm_service/Some docker images require extra capabilities to work, ie: openvpn needs NET_ADMIN anything using USB/i2c will need --device=/dev/ttyAMA0 Swarmkit does not support that (nor the GIEF IT ALL --privileged flag). There are a lot of issues on their github(s) such as this, this or this. It seems there is consensus into adding the feature to swarmkit though it won’t be available before 19.06 or 19.09. Until then, the best solution seems to be spinning up a service that starts the container after, such as: