Kategorie: awayfromevernote

Veröffentlicht am

Firefox: Allow Restricted TCP-Ports

Disclaimer

I don’t think, „hiding“ a webserver behind a non-standard TCP-Port is a security feature („security by obscurity“) but on the other hand restricting access to non-standard Ports seems to not increase the personal security measure, it just wastes time of anybody who needs to access such a service – and – it’s absolutely allowed to run a web-server on any port which isn’t used by another service 😉

Solution (if you (think, you) know what you’re doing)

As always

about:config

Add as „String“ if it’s missing:

network.security.ports.banned.override

Add the Service you want to acccess

8081,8082,8083

Disclaimer

Since i’m trying to get rid of Evernote, too anoying too often, i’ll start to document non-private-stuff here.

Veröffentlicht am

OTP (One-Time-Passwords) and KeePass: no Plugins required

Plugins might bring additional features or ease the usage. But if someone is happy with „Auto-Type“ or „copy&paste“-Passwords from KeePass into a VPN-Client-GUI for example:

  • works out of the box
  • no need to add anything to KeePass

Entry.Password: {TIMEOTP} Placeholder

just place the String {TIMEOTP} before or behind – like the VPN-Server is configured – your (fixed) User-Password.

  • {TIMEOTP} acts as a placeholder
  • it will get replaced by your constantly changing (in my setup 6-digit) token.

Advanced

The generator needs some parameters to calculate the correct values, of course

Advanced: String Fields

Add a String Field:

  • Field Name: TimeOtp-Secret-Base32
    • seems to be the most common variant
    • valid for OPNsense TOTP
  • Field Value: <OTP seed> //OPNsense=>System.Access.Users.perUser

Additional Parameters can get configured:

Thats all.

Disclaimer

Since i’m trying to get rid of Evernote, too anoying too often, i’ll start to document non-private-stuff here.

Veröffentlicht am

Firefox: „Certificate Viewer“ – How to disable

Firefox 70 added a new „Certificate Viewer“ feature which moves the „Window“-based GUI to a „Web-Page“-View.

  • different look
  • no new features
  • missing features
    • Export Certificate

So this is no „new feature“ but a „modification of an existing feature“ – with less features.

Reenable the former full featureset

about:config
security.aboutcertificate.enabled := false

Disclaimer

Since i’m trying to get rid of Evernote, too anoying too often, i’ll start to document non-private-stuff here.

Veröffentlicht am

Firefox: Don’t ignore the Windows Enterprise-CA Store

Not a new Feature for Windows, to use an enterprise CA to create server certificates.

And Firefox added the possibility to trust those certificates ages ago – but still you’ll get an TLS-error-message (in German „Kein Verbindungsversuch unternommen: Mögliches Sicherheitsproblem“).

This is no Security-Problem, it’s just a problem of using stupid defaults causing people to waste their time and providing no little level of security, since a CA operated on my own is much more trustworthy than public CAs which firefox trusts blindly.

Solution

Open

about:config

and change

security.enterprise_roots.enabled := true

Disclaimer

Since i’m trying to get rid of Evernote, too anoying too often, i’ll start to document non-private-stuff here.

Veröffentlicht am

Annoying Firefox-Defaults to be changed

The Firefox-Developers know best what’s good for their users, so they hide a bunch of Settings in

about:config

so it’s hard to find them.

Some of them I change in every Firefox installation:

  • ask me if i want to download MP4-Files, disable the build-in Media-Player
media.play-stand-alone = false
  • use the DNS, not Google – if I enter a single word as URL
keyword.enabled = false
 
 
  • stop asking me if I really want to leave a page
dom.disable_beforeunload := true
 
  • stop autocompletion in the URL-Bar
browser.urlbar.autocomplete.enabled = false
browser.fixup.alternate.enabled = false
browser.fixup.alternate.prefix = (empty)
browser.fixup.alternate.suffix = (empty)
 

accessibility.typeaheadfind.flashBar 0

browser.fixup.alternate.suffix prod.local
browser.fixup.domainwhitelist.wiki true

browser.tabs.warnOnClose false
browser.urlbar.autocomplete.enabled false
network.dns.disablePrefetch true

Disclaimer

Since i’m trying to get rid of Evernote, too anoying too often, i’ll start to document non-private-stuff here.

Veröffentlicht am

Terraform: Enable persistent Debugging

Setting the variable

  • TF_LOG

to an arbitrary value enables „TRACE“-level Debugging

  • available too: DEBUG, INFO, WARN or ERROR

to „STDOUT“,

  • TF_LOG_PATH

to write to a file.

PS C:\RH\> $env:TF_LOG = "TRACE"
PS C:\RH\> $env:TF_LOG_PATH = "c:\temp\tf.log"

When running eg. „terraform apply“ all debug-messages will get appended to the specified file.

Disclaimer

Since i’m trying to get rid of Evernote, too anoying too often, i’ll start to document non-private-stuff here.

Veröffentlicht am

Ubuntu 20.04 – Static Server IP-Address

Of course, every release of an linux-distribution has to change the way very basic network settings are configured. 😉

  • Ubuntu 20.04 Server LTS

to be fair:

  • „netplan“ has been in place since at least release 17.10
  • the „subiquity“-tool which has written the yaml-file has been confusing me…

Step 1: Figure out – which IP/DNS-Settings where set by DHCP

user@hostname:~/map-local$ sudo netplan ip leases ens160
# This is private data. Do not parse.
ADDRESS=172.16.9.107
NETMASK=255.255.255.0
ROUTER=172.16.9.254
SERVER_ADDRESS=172.16.9.252
T1=43200
T2=75600
LIFETIME=86400
DNS=208.67.222.222 208.67.220.220
CLIENTID=ff9f6e847110020000ab11b9a540e7d1e0d2b5

Step 2: Disable (if required) automation tools – here „subiquity“

This is YAML:

user@hostname:~/map-local$ cat /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
  ethernets:
    ens160:
      dhcp4: true
  version: 2

user@hostname:~/map-local$ cat /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg
network: {config: disabled}

Optional: Try a temporarily YAML-File before Apply

  • safeguard if you are using a ssh-connection
  • Roll back, after a Timeout
user@hostname:~/map-local$ joe netplan-temp.yaml

user@hostname:~/map-local$ cat netplan-temp.yaml
# This is the network config written by 'ron'
network:
  ethernets:
    ens160:
      addresses: [172.16.9.9/24]
      gateway4: 172.16.9.254
      nameservers:
        addresses: [208.67.222.222, 208.67.220.220]
  version: 2

user@hostname:~/map-local$ sudo netplan try –config-file netplan-temp.yaml -timeout 120

user@hostname:~/map-local$ sudo cp netplan-temp.yaml /etc/netplan/00-installer-config.yaml

Step 3: Edit/Apply NetPlan Config

  • Apply
user@hostname:~/map-local$ sudo joe /etc/netplan/00-installer-config.yaml
user@hostname:~/map-local$ cat /etc/netplan/00-installer-config.yaml
# This is the network config written by 'ron'
network:
  ethernets:
    ens160:
      addresses: [172.16.9.9/24]
      gateway4: 172.16.9.254
      nameservers:
        addresses: [208.67.222.222, 208.67.220.220]
  version: 2

user@hostname:~/map-local$ sudo netplan apply

Disclaimer

Since i’m trying to get rid of Evernote, too anoying too often, i’ll start to document non-private-stuff here.

Veröffentlicht am

BASH „History“: display ISO-Timestamp

Have just been somehow annoyed by the default-format of the „history“-bash command:

510  2020-12-05T17:46:33 echo 'export HISTTIMEFORMAT="%G-%m-%dT%T "' >> ~/.bash_profile
511  2020-12-05T17:46:42 source ~/.bash_profile
512  2020-12-05T17:46:47 history

Disclaimer

Since i’m trying to get rid of Evernote, too anoying too often, i’ll start to document non-private-stuff here.