Posts

Posted on

Real-World Uses for Cyberdecks

Tonight I’m applying updates to my cyberdeck (CrowPi) in preparation for using it as a portable network stack build and rescue platform (PXE boot + ISO images and installers).

Sometimes it’s preferred to set up new environments in spaces where there may not yet be connectivity to the Internet. Or maybe limited internet. Maybe at a meetup.

Serving pxe clients with dhcp, tftp and ftp. Maybe the menu includes an ESXi installer, a couple of Linux installers, a Live ISO for rescues, DBAN for non-SSD emergencies. The sky’s the limit, right? Updated for the twenty-first century by including support for UEFI clients.

But first, updating to the latest everything. Later, I migrate the whole thing to a larger SD card, and replace the Raspberry Pi 3B that came with it, with a much more powerful 4B with 4GB of RAM.

Maybe even have a process watching the logs, and have certain events trigger LED matrix animations, buzzer and vibration activity, countdown timers on the clock, or display status on the small display. This’ll be a fun longer-term project.

Posted on

Self-hosted Password Manager Round-up

Haven’t you ever set up a network for a specific project and wanted a simple way to manage passwords within the project network while sharing them between the project participants?

Don’t you hate/mistrust the cloud?

For this project, I did a quick rundown on a few available self-hosted password managers that can live inside a network enclave without involving the cloud.

  1. PASSBOLT

I wanted Passbolt to work. Even after I found out the installer* isn’t available beyond CentOS 7 and won’t run under Rocky. Seriously, who uses a closed installer anymore?

So i built a C7 VM and let her rip. Flawless install, got all the way to the point of logging in, and then?

Fucking hell. It REQUIRES a BROWSER EXTENSION to browse the site. That’s a lot of trust you’re asking me to extend. It also requires an email address to validate users. This seems more like a cloud offering hastily made into a self-hosted offering. These are not features I want or need in a closed, self-hosted password manager.

2. BITWARDEN

I wanted to disqualify this one simply for deploying it in Docker. If you know me at all, you know I f’n HATE Docker. And the first set of instructions I found completely validated my hate.

But then I found this. Specifically happens to be for the exact platform I’m working with. https://computingforgeeks.com/running-bitwarden-password-manager-using-docker-container/

Other than dealing with SELinux (either by disabling it or by poking holes in it) and using a different cert mechanism than those described, it was flawless, and I had a Bitwarden instance complete in about an hour.

3. Anything file-based

Immediate automatic disqualification for being file-based. No matter how you share them, sharing them never works out.

4. Integrations

I noticed that NextCloud has a password manager app available for it. So that’s another valid option if it turns out we don’t like Bitwarden.

P.S. I still hate Docker.

Posted on

Flying blind with network appliances

I was tasked with reclaiming some decommissioned network appliances. More specifically, some pretty decent Lanner appliances. Multiple ethernet interfaces, 16GB RAM, and a decent processor.

Fun, right? Well….

No access, no passwords. They have IPMI, but we don’t have passwords for that either.

We have access to serial, but all that gives us is access to BIOS, and then a boot failure, ostensibly because they’ve been wiped.

So I fought with this in several directions before coming up with a possible solution.

Wrestle with BIOS until I can get it to PXE boot. Set it to PXE from LAN0. Boot it, see what MAC address it comes up with. Add that MAC to my FOG server and deploy an image via FOG. In my case, I imaged it with Rocky Linux 8.4.

Then, because it’s still unconfigured, incomplete and flying blind, go back to serial, boot to the hard disk, edit the grub menu entry to add “console=ttyS0,115200” to the linux line, then let her rip. Sure enough, it’s now fully booting to serial and I’m able to IP it, set up permanent console redirection, make sure sshd is starting, and boom.

I probably could have done mostly the same thing with a USB boot disk, but then I’m stuck doing a full install, whereas using FOG gives me an already-standardized image. Now I’ll be done with this stack in about two bourbons.

Posted on

Monday In Person: 10/4 Good Buddy

We’re in person tomorrow. Likely someone will make it hybrid but I’ve proven useless at dividing my attention between virtual and IRL, so I tend to focus on the IRL. After all, that’s where the booze is.

Anyone who has come to previous meetings is welcome. If you’ve only met us virtually hit one of us up if you’re interested in attending. We prefer to vet strangers because it’s a private space.

Optionally, bring a snack or festive bevs to share. This seems to be shaping up to be one of the larger in-persons we’ve had in a while, this could be interesting.

Indoors vs outdoors is currently unknown. WX report indicates rain possibility around meeting time of around 50%. We can handle either, but if you can’t, that’s on you. Please be vaxxed and/or masked if indoors. None of us want the delta variant.

Activities: laser engraving, staring at psychedelic lighting, and badge thoughts for DC30.

Don’t be a dick.

Posted on

Just Because I’m Paranoid…

Doesn’t mean they’re not out to get me.

So I ordered some more PCBs, what, ten days ago now. This evening after dinner I was thinking, “wow, I should have gotten a ship notice by now…” then, a few minutes later, it showed up. That’s not the paranoid part.

The shipping notice from the fab house was normal, package on the way via DHL, etc.

An hour or so later, I got a phishing email purporting to be from DHL.

I get lots of phishing emails. I’m not going to categorize them based on quality, because to me, almost all phishing emails are low effort.

But I think it’s strange that I, who normally only gets DHL packages a couple times per year, get a DHL phishing email within an hour or so of an actual DHL package being sent my way.

Now I’m not saying there’s a connection, but if there is a connection, then either:
1) Someone’s got access to the fab house records;
2) Someone’s got access to DHL records; or
3) Someone’s got access to the “Deliveries” tracking app. (I entered the tracking info into that app like I do every time I learn of a package enroute). I suspect this, the rogue phone app, is most likely.

If I’ve got any phishing expert mutuals that have anything to share, I’m all ears.

Posted on

DC540 pizza night this evening

In the backyard. 6:30.
If anyone wants to try laser engraving, bring an image on a flash drive. 1.5″ round, or 2.5 x 3.5″ rectangle. Take home a souvenir of your obnoxious insensitive nerdy friends and their messy habits.
I’ll try to have the pizza show up around 7.

Posted on

Closed the Meetup account for good today

Obviously DC540 lives on, but I really don’t feel like Meetup is worth the cost. They make it surprisingly obscure to shut down. The default is to “step down as organizer” allowing any rando who’s joined your group to take over. Anyhow, y’all can still find us here, wherever it is that you see this message.

Posted on

How I Recovered Defcoin from a borked wallet in Coinomi

Crypto warning: I am not an expert. I don’t claim to be an expert. Don’t “ekshually” me. I figured something out, I’m sharing it with other people, some of whom are stupider than me, in case it’s useful to someone some day. I also may have the facts wrong. I’m not a Defcoin insider either.

So, a while back, Coinomi started supporting Defcoin. YAY.

No, they didn’t allow exchanging it with fungible cryptocurrencies. BOO.

But at least we had a nice phone-based wallet to send, receive, etc. at the con. YAY.

But then it stopped working. Was it last year? I’m fuzzy on the whens. BOO.

Apparently there was some legacy shit in there, maybe it had to do with finding other clients, a hard-coded list, I don’t remember.

Anyhow, sometime fairly recently, it started working again. YAY.

But not for me. BOO.

Turns out, the coinomi wallet I had set up had a LOT of transactions. And I think it was too much for the app to handle. Or maybe something got mangled somehow in the blockchain. Someone explained it once, but you know, I forgot it right away. Like a goldfish.

Look, it’s not about the “money.” I’m not even sure how many Defcoin were in that wallet anymore. Thousands? Value of 0? It’s about wanting a working Defcoin wallet on my phone. And sure, I could have just deleted it and started fresh, but I wanted to learn something and get what I could recover from it.

SO, here are the steps I took and how that worked out for me.

  1. Set up a new Defcoin instance in Coinomi. Yes, it’ll allow you to add a coin twice.
  2. For my next trick, I wanted to sweep the old wallet into the newly-added instance.
  3. Coinomi doesn’t exporting private keys that allow you to do so, but you can use your mnemonic recovery phrase to generate that. Download this to your local machine, or better yet, put it on an air-gapped machine. Because you’re going to be typing your mnemonic phrase into it, and anyone that gets their grubby paws on that can steal your fundage. https://iancoleman.io/bip39/
  4. OK, so load that page up locally on your safely air-gapped system, then type your mnemonic phrase into the BIP39 mnemonic phrase field.
  5. Set the “COIN” to “Defcoin.”
  6. In the Derivation Path section, go to the BIP44 tab.
  7. From your broken Coinomi defcoin wallet, look at Account Details. Get the Derivation Path from there. Mine was m44h/1337h/0h. Type that, without the h characters, into the derivation path field.
  8. Now look at your receive addresses in the old account. Including previous receive addresses. You should see those addresses down below in the extractor, in the “Derived Addresses” section. One by one, take the private keys associated with those addresses, and throw them into the “Sweep Wallet” private key field in the NEW Defcoin instance in Coinomi.

    This worked for me for several of my receive addresses, leading to thousands of Defcoin recovered into the new wallet. However, the one I used so often that I recognized the preamble, took way longer for Coinomi to attempt to sweep it, and it came back with “The private key does not contain any funds,” which I believe is bullshit, I just think there are, once again, too many transactions for Coinomi to handle. But at least now I have a working wallet that can send and receive funds. I just may have lost those funds associated with the largest receive address in my wallet. Perhaps I’ll try again in the future.

Another option is to try to sweep it into a native Defcoin-QT wallet, but that would require converting the private key to WIF format, which might be a bit beyond me at this hour.

Posted on

Monday 9/13 DC540 Meeting = VIRTUAL

I polled the core group, resulting in two votes for virtual and two votes for “either.” The virtuals win. 6:30PM Monday in the group’s Discord.

Reminder that the Meetup site is going away. I believe it’s going away this month sometime.

Posted on

PINECIL One Month Later…

A month ago I posted about the PINECIL portable solder iron, and the high-output 65W PD battery bank I had to buy to power it:

https://dc540.org/xxx/2021/08/pinecil-soldering-iron-for-the-win/

So it’s been a month, and no exaggeration here, I have soldered over 10,000 joints since then, and I have zero complaints. It’s my new old-reliable. In fact, during a recent solder party, when my battery bank was depleted (the failure was 100% mine in forgetting it needed to be charged), I gave up soldering for the evening rather than revert to my wired unit or my TS-80. The PINECIL outperforms the others by that much.

Some details:

1) ONCE, it thought it was at temp but had cooled down. Reset it, it went back to normal.

2) Behavior differences:

The TS-80, when left alone for a while, stops pulling power, which causes the old ZeroLemon ToughJuice Battery to shut down. In fact, sometimes it would stop while soldering. This was annoying.

The PINECIL, by contrast, when put down, goes into visible sleep mode, putting z’s on the screen to let you know what it’s doing, and then begins to cool down, reporting the temp as it does so. When you pick it up again, it immediately starts heating back to your preset temp (for me, for what I’m doing, I keep it at 320 C).

The EasyLonger battery (as this is about the combo, not just about the PINECIL) also has better functionality, in my opinion. The ToughJuice would require you to press the on button to start powering objects connected to it. And then shut down when it detected low draw. The EasyLonger powers the object as soon as it’s plugged in, which means it keeps my PINECIL running as long as I have it plugged in. Safety violation, are you wondering? No, because the accelerometer in the PINECIL tells it to go to sleep.

It’s been a month, and I’m using the shit out of the PINECIL and the EasyLonger, and I couldn’t be happier.

In fact, last week I ordered accessories direct from PINE: A fine tip set, a mini stand, a transparent shell, a break-out board, and yes, a second spare PINECIL. They also have a very nice desktop power supply that I will probably go back and order, now that I think about it.