One of the worst parts of modern life is how unsatisfying it is to hang up on somebody. Tapping on the ‘End Call’ button on an iPhone or angrily clicking ‘Leave Meeting’ on Zoom just isn’t nearly as fun as slamming down the handset on a real phone. This particular project was to breathe some life into the antique Northern Telecom phone from my grandparents’ house by attaching it to a modern VoIP system.
I installed Gentoo Linux on my vintage Thinkpad. This particular device has a rather colourful history. In mid 2015 I recovered it from an e-waste pile at my workplace and brought it back to life. In the years since, it’s been a playground of sorts. In five years it’s had four editions of Windows, three versions of BSD, exotic operating systems like Redox and ReactOS, and of course dozens of different Linux distributions.
Today I got yet another malware email. They just won’t leave me alone. I suspect it has to do with the upcoming US election, based on all the CISA alerts I’ve seen over the last couple days. However, after going down the rabbit hole with this malware I do suspect that whatever is behind it is more sophisticated than a simple ransomware gang. I won’t speculate too much, but because of its highly distributed and evasive design it could be the work of a larger enterprise.
I recently started using a TP-Link C7 router to host a guest network at my house. I typically avoid consumer/prosumer gear for my network, sticking to either whitebox (homemade) or older enterprise gear. Alas, the price was right ($0). Every time I do encounter one of these devices I always manage to find something fun and interesting to poke… Bad SSH server First red flag was the sshd server running on this router.
About two weeks ago, I upgraded my single node ElasticSearch cluster from 6.8.6 to the latest 7.9 version. Last night, all hell broke loose… The upgrade itself wasn’t perfect. There were some issues with my setup that the helpful “Upgrade Assistant” didn’t pick up before I had already committed. I was missing a few formerly optional parameters in my elasticsearch.yml config file, there were some odd field mappings that weren’t supported any more, and some date format issues with my grok scripts.
Today, I got an email inquiring about a job opportunity. This was immediately pretty funny, since I don’t employ anybody including myself. Even better, the guy sent a Microsoft Excel file as the ‘resume’, so even if I was hiring… Sorry bud, not going to be you. Now normally I just delete these documents and report spam. But seeing as how I’m locked into my house and have nothing better to do right now, I figured I might as well have some fun with this.
For many years we’ve taken for granted the ability to settle any argument with Wikipedia. For so long, we’ve been able to settle any trivial dispute with a simple text search. That could change. I’m not really trying to fear-monger, but it’s always possible that the internet might go out and stay out. And like hell I’m going to sit in quarantine with my partner and not be able to settle up with Wikipedia!
Do you live in North Korea or Iran? Is your totalitarian government cracking down on dissidents? These are serious concerns for some, but for the rest of us it might be time to re-think the modern threat model. Why to people use VPN services? I think at the very core of the VPN subscription market is the belief that as a consumer it’s possible to buy privacy. That’s simply wrong. Privacy is a process, not a product.
TL;DR The default settings for Logstash index rotation are bad and will break your cluster after a few months unless you change the rotation strategy. If you’re anything like me, you probably read somebody’s cool blog about how awesome ELK stack is and just had to have a piece of it. So you went through the quick start guide, googled your way through getting it up and running, then BAM you had an awesome logging system with all the bells and whistles!
Do you ever just update everything? There’s a few times you might need to do this. For example, some nasty vulnerability comes along and ruins your week. Or maybe you just want to be super up to date because you have a strange compulsion to have the latest and greatest of everything. Ether way, here’s my solution: Use Ansible inventories to update all your servers I wrote this playbook as a simple way to ‘freshen up’ my homelab after months of neglect.
Hot take: Stop putting your ssh keys on GitHub!!! For that matter, stop putting your keys in any kind of repository. Seriously, your private keys are private for a reason. Okay, let’s back up a little here. This morning some articles made their rounds about Cisco distributing network device firmware with keys and certs embedded in them. Now that happens all the time (ugh) but in this particular case, they were the keys of presumably a Huawei employee.