This website does not serve any adverts, tracking cookies or other internet annoyances.
Tuesday 26th February 2019
I recently re-deployed my entire infrastructure onto two new servers using Ansible, and as part of this I wanted to remove all stored secrets from my public-facing web servers.
Let's Encrypt certificates were no problem as they are generated on the server and can be easily replaced if needed, and I removed the need for an SSH private key for Git by just using the public repo over HTTPS.
The only secrets that posed a challenge were my Tor Hidden Service private keys, both for Onion v3 and the historic Onion v2. The impact of one of these keys breaching would be very high, since the associated hostnames are already widely known and indexed. Because of this, it would absolutely not be appropriate to store them in my Ansible playbooks Git repository, nor would it be ideal to store them locally on my Ansible control machine.
One option would be to manually upload them whenever I deployed a new server, however this goes against the complete automation that I am achieving with Ansible. Instead, I decided to not run Tor on my public web server fleet at all, and instead host the Hidden Services elsewhere, with traffic forwarded to the web server fleet securely over the internet with an Apache reverse HTTP proxy. Continue reading...
Saturday 19th January 2019
For about two years at the time of writing, my website has had a Content Security Policy in order to lock-down and restrict the locations that content such as images and stylesheets can be loaded from. I had used Apache configurations in order to set a more relaxed policy for specific pages that require it, however this solution is not ideal as it becomes challenging to manage when used with larger websites with many different pages, each requiring a different policy.
I have now developed some useful PHP code that allows me to easily set a default policy for the entire website, and then override individual parts of the policy on specific pages where it is required. I've released the code to the public domain under the Unlicense, so you are welcome to use it for your own projects! Continue reading...
Saturday 5th January 2019
Last year, I asked my friend Sam to write a basic crackme challenge for me to solve and then demonstrate in this series. He kindly agreed, and put together a simple password-based crackme. It looks like the following when run:
Enter Password (or q to quit): helloworld
Enter Password (or q to quit): Pa$$w0rd
Enter Password (or q to quit): q
In this third and final part of the series, we will solve the crackme using Cutter and some other tools. If you'd like to have a go yourself first, it is available on GitLab here. Continue reading...
Sunday 23rd December 2018
This week I transferred all of my domain names to the brand new Cloudflare Registrar. I took screenshots throughout the process and have documented them here for anybody else who has not yet done the transfer, and wants to know what to expect before diving in. Continue reading...