February 6, 2022

Hashing Machines

Imagination sparked to run a GPU accelerated VM for hash cracking with hashcat. Having run it with CPUs, before, I know how to do that part, but I needed to get a GPU involved. I did this on my Fedora desktop, which had no problems with the drivers. But when I went to use a dedicated VM with PCI passthrough (something else I had just started doing with a fiber card for my router), I got stuck. I figured out how to do it, so I have a quick write up to share.

February 4, 2022

Goodbye Opnsense

I went through a LOT of changes lately on my router system. I wanted to create a VM for it and passthrough a PCIE card, but combined with a fan failure and I only just got it finished. During that time, I had to buy new 10GB fiber cards (no drivers for cheap old ones), then had to get a new CPU for IOMMU groups, and then a new fan. I fought with two clean Opnsense installs, trying to get VLAN tagging working on a Mikrotik SFP+ port, but it was not working correctly. I decieded to try PFsense instead, maybe the kernel had some differnet modules, and while it didn’t work initally, I did get the second SFP+ port working on the Mikrotik, so maybe Opnsense would have worked after all. By then though, I was too far into my build and had to to get it all working, so here I am on PFsense.

January 29, 2022

Ethical Starts

Got serious about the CEH. Got a No Starch Press Ethical Hacking book which I am now working through, as I want to feel confident on hard skills in addition to the theory of the CEH. Setting up my “weapons lab” vlan proved more difficult than it needed to be with VLAN tagging on Linux bridges on Mikrotiks. For anyone who reads this, I had to set the guests in KVM to use macvtap (which I never use, as I want the host to talk to the guests) instead of bridge mode. Likely something to do with the MAC addresses, but didn’t read too far into it once I saw the right traffic.

January 28, 2022

RouterOS for Switches

In my home lab, I have had Mikrotik gear for a long time. It’s cheap, very adaptable, and could almost be confused for Linux. My CRS226 used to server as my main router, but after moving to OPNSense, it’s been regulated to switch duties. As a switch, its something that takes getting used to for people used to Cisco-like gear.

Vlan tagging is difficult to get at first, as the nomenclature is very different, using ingress and egree vlan tags instead of native vlans and trunks. They also are configured in groups of the same config, instead of defining config per port. Its just something so different from Linux and Cisco that its a little unappealing. I would love to get some Linux switches, but the open firmware and whitebox world is very expensive second hand, and there isn’t a quick and easy start. The projects have seemed to have totally changed hands and what is in vogue, but hopefully we’ll see that change soon. If I’m wrong, please let me know!

January 16, 2022

Oauth Progress

Made progress with oauth2-proxy by using Okta instead of keycloak, which was likely a partial source of much trouble, although I will backport some of my config in order to see what the issue is.

Some observations were made using from using this though: what to do with the headers or cookie for legacy apps? Should the cookie be made as minimal as possible with the headers as stripped as possible, or should some work be done to work with whatever authentication method the app uses? SSO is the end goal, so it is completely desireable to get that working throughout, but that means learning all about web auth. Oh well, that’s something to add to the CV!

January 11, 2022

Wargame Militias

Working on the wargame to use for the war between Cascadia and the IRC. I want to use Fistful of Tows, but figure I should try using some other system before that, to a) not need to buy a $75 book and b) not start a real war in the world immediately. So for now, we are going to simulate schirmishes that take place between militias on the border, using the AK47 Republic ruleset.

January 10, 2022

Fighting OAUTH

Spent the whole day today working on getting a working solution going for OAUTH2 with Keycloak today. Started with trying to get it with oauth2-proxy, which I got no results from. Both portions were in Docker containers, but I just could not what seemed to be cookies working fully. Then with vouch-proxy, I get stuck in a redirection loop with a JWT error.

Long story short, I have a few options. Ask for help, or move on from this idea. I view getting something like this as a huge win at home at work, as SSO is something that organisations just need now. There’s few things that feel boiler-plate and drop in enough to get going easily, which is a shame. Although maybe keycloak is just worse than lemonldap-ng.

January 7, 2022

Wargames

Been interested in getting some wargames going, but instead of focusing on a true historical confrontation or unique imaginations, I went and wrote a story for a world where any sort of small scale confrontation could take place.

In 1941, residents of southern Oregon and northern California organised to form their own state of Jefferson, their capital in Yreka. After a brief struggle, federal government leadership granted their independence in order to focus on something more important: Pearl Harbour and the American entrance to the Second World War.

January 3, 2022

Holidays

The holidays have been and gone. I really enjoyed having some downtime to spend it away from work or other high stress tasks, which helped give me a reset to take on the new year. Some modeling tasks got done, to a fairly decent degree, and I feel myself getting closer and closer to something that is fun there. More python was also done, being the start of the openlibrary(?) API tool that can pull info on books by ISBN, as I want to make pretty HTML pages from the ISBN to put on a “trophy” bookshelf to display. Need to get going on the HTML part.

December 17, 2021

Server Rebuild

Rebuild my main server, which currently has a 2x2 striped mirror ZFS pool (8TB usable), KVM, LXC and a few native servers. I needed more space (so adding another 4tb), which meant a case change (from an old Supermicro workstation to a cheap 3u rack mount). Unfortunately, this new case didn’t work out: I needed more SATA ports, so I needed a HBA, so I needed more PCIE slots, so I needed to change out to a full ATX board, which doesn’t fit with the HDD bays mounted. Now, I need to get a 4u chassis, move the server to that, and use the 3u for a container host to serve replies for the ZFS pool.