Saturday, 12. October 2024 Week 41

sshidentifierlogger

sshidentifierlogger is a small tool that I started writing about 5 years ago and have been using on some of my hosts.

Its purpose is to listen to network traffic and passively collect identification strings during SSH handshakes.
Initially I had a lot of fail2ban activity on my jumphost, blocking many SSH scanning/enumeration/bruteforcing attempts and wanted to know what software the attackers use.

A bit particular is that sshidentifierlogger does not depend on the classic C library libpcap, but rather uses the go-native pcapgo implementation by gopacket.
Thus it can be cross-compiled on any platform, which comes in handy when you do not want to install the full go buildchain on your jumphost.

The collected data is quite interesting (most of the scanning used to be done with libssh2).
Which I did leverage to write iptables rules blocking packets with undesired SSH identification strings.
This has been quite successfull in reducing the amount of fail2ban activity :-)

Friday, 11. October 2024 Week 41

Styling blockquote and pre elements

The Blockquotes and Pre-formatted text sections in the HTML for People book inspired me to improve the styling of the blog.
The following code now defines the visual appearance of blockquote and pre elements in the blog:

blockquote {
	border-left: 1px dotted #ffbb18;
	padding-left: 21px;
	margin-left: 21px;
}
pre {
	background-color: #f9f7f7;
	border-radius: 4px;
	padding: 4px;
}

To see it in effect, scroll down to the Hidden Pref to Restore Slow Motion Dock Minimizing on MacOS or Notifying external services about changes in the blog posts.

Saturday, 5. October 2024 Week 40

Meshtastic Web Serial in Linux as non-root user

Today I played around a bit with a Meshtastic device and tried to configure it through the Web Serial API in Chrome.
On my Linux system it could see the device but not really change any values, update firmware etc.

This confused me for some time, until I looked at the permissions of /dev/ttyACM0 (which were crw-rw----).
A quick sudo chmod a+rw /dev/ttyACM0 later, and I could write to the configuration of the Meshtastic device.
The more tedious part was that after every config change the device rebooted and the USB serial connection was re-initialized by Linux, thus I needed to re-run the chmod command after every change. Luckily I figured out how to enable WiFi on the device and from then on no longer needed the serial access.

Monday, 30. September 2024 Week 40
Sunday, 29. September 2024 Week 39

Hidden Pref to Restore Slow-Motion Dock Minimizing on MacOS

Daring Fireball describes how to restore the old trick of slow motion MacOS Dock effects:

In the midst of recording last week’s episode of The Talk Show with Nilay Patel, I offhandedly mentioned the age-old trick of holding down the Shift key while minimizing a window (clicking the yellow button) to see the genie effect in slow motion. Nilay was like “Wait, what? That’s not working for me...” and we moved on.

What I’d forgotten is that Apple had removed this as default behavior a few years ago (I think in MacOS 10.14 Mojave), but you can restore the feature with this hidden preference, typed in Terminal:

defaults write com.apple.dock slow-motion-allowed -bool YES

Then restart the Dock:

killall Dock

Or, in a single command:

defaults write com.apple.dock slow-motion-allowed -bool YES; killall Dock

I had forgotten that this had become a hidden preference, and that I’d long ago enabled it.

Wednesday, 25. September 2024 Week 39

Notifying external services about changes in the blog

For some time now, I'm notifying blo.gs about changes in the blog. After looking a bit into how search engines percieve my website recently, I learned that they also have some notification mechanisms for new pages/blogposts.

Thus I upgraded the oneliner into a dedicated script to notify external services about changes in the blog.
It is optimized for my Jekyll setup, where the generated pages in the _site folder are stored in git.
The notification ignores changes to summarized pages like rss.xml etc to only trigger notifications when there are changes in the original blog posts.

Here's the script, feel free to re-use (it expects to have MYDOMAIN, INDEXNOW_API_KEY and BING_API_KEY defined as environment variables):

#!/bin/bash

set -e
set -u
set -o pipefail

CHANGES="$(git diff --name-only HEAD HEAD~1 -- _site)"

# early abort if no changes on _site
if [ -z "$CHANGES" ] ; then
	echo "No changes in _site found"
	exit 0
fi

# build URL list
URLLIST="\"https://${MYDOMAIN}/\""
for f in $CHANGES ; do
	case "$f" in
		_site/robots.txt|_site/humans.txt|_site/about.html|_site/rss.xml|_site/atom.xml|_site/feed.json|_site/sitemap.xml)
			continue
		;;
		*)
			url=$(echo "$f"|sed -e "sX^_siteXhttps://${MYDOMAIN}X")
			URLLIST="${URLLIST},\"${url}\""
		;;
	esac
done

if [ "\"https://${MYDOMAIN}/\"" = "$URLLIST" ] ; then
	echo "No relevant changes in _site found, skipping notifications"
	exit 0
fi

# notify ping.blo.gs (Automattic) about updates
curl --fail -s -D - -X POST http://ping.blo.gs -H 'content-type: text/xml' --data "<?xml version=\"1.0\"?><methodCall><methodName>weblogUpdates.extendedPing</methodName><params><param><value>x-log</value></param><param><value>https://${MYDOMAIN}/</value></param><param><value></value></param><param><value>https://${MYDOMAIN}/rss.xml</value></param></params></methodCall>"

# report changed URLs to indexnow, include /indexnow canary URL
curl --fail -s -D - -X POST https://api.indexnow.org/IndexNow -H 'content-type: application/json; charset=utf-8' --data "{\"host\":\"${MYDOMAIN}\",\"key\":\"${INDEXNOW_API_KEY}\",\"urlList\":[${URLLIST},\"https://${MYDOMAIN}/indexnow\"]}"

# report changes URLs to bing, include /bingsubmit canary URL
curl --fail -s -D - -X POST "https://ssl.bing.com/webmaster/api.svc/json/SubmitUrlbatch?apikey=${BING_API_KEY}" -H 'content-type: application/json; charset=utf-8' --data "{\"siteUrl\":\"https://${MYDOMAIN}\",\"urlList\":[${URLLIST},\"https://${MYDOMAIN}/bingsubmit\"]}"
Tuesday, 24. September 2024 Week 39

Enable Visual Voicemail on your iPhone with TalkTalk

When you switch to TalkTalk as your mobile phone provider, by default Visual Voicemail for your iPhone is not enabled.
And you're stuck with the 90s voiceprompt of the 'Talkbox'.

The following steps will activate Visual Voicemail for your iPhone:

  1. Send a SMS text message with VVM ON to the number 935.
  2. Shortly after you should get a text message confirming that Visual Voicemail has been enabled for you.
  3. Now on the iPhone, open the phone app and go to the voicemail tab. There you will either see a button asking you to setup the voicemail or a button taking you to the 90s voiceprompt.
  4. Do click on this button and setup the six-digit PIN code for your voicemail (this can be done either via a call/voiceprompt or via the guided iPhone button/dialog).
  5. Once you have setup the PIN for your voicemail, close the phone app on your iPhone.
  6. Then open the phone app again and go to the voicemail tab, where it should show the usual Visual Voicemail list of missed calls and no longer the button to call the 90s voiceprompt.
    In my case it took a couple minutes for this to work, thus some patience might be needed.
  7. Congratulations, you have now a working Visual Voicemail on your iPhone with TalkTalk :-)
Sunday, 22. September 2024 Week 38

Another weekend, another festival - Subset Festival

No festival this weekend. Did some hiking with friends instead.

Last weekend I attended the Subset Festival. It was the first edition of a new drum and bass focused festival.
There were some great artists there, most of them I knew before and was very much looking forward to see them live.

My favorite one was (unsurprisingly?) Andromedik, but also liked Hybrid Minds, Netsky and Andy C.
Very cool was that the festival was rather small, so felt quite intimate and super close to the artists.

Could post the same music video as two weeks ago (Andromedik's remix of The Feeling, which he said is a song very close to his heart), but you should also discover some other tracks.
Thus here we go with the recently released Paradise 🥳

Andromedik - Paradise (ft. Luka)

Thursday, 19. September 2024 Week 38

Simplified archive links

Building up on the changes from the canonical hints, I simplified the structure of the archive links.

Now it's /year/month/ everywhere.
Which of course brings another round of redirects to support in the nginx config to map the /archive/archive-year-month.html links to /year/month/ 🙈

In theory all previous link schemes should still work, but if you find a broken link, please let me know :-)

Saturday, 14. September 2024 Week 37

Canonical hints

To help regular search engines be less confused about the various pages of the blog (especially multiple generations of old inherited URL schemes), I added canonical hints to some pages.

Mostly straight-forward, except for the archives where I chose the concise /year/month/ scheme instead of the full /archive/archive-year-month.html.
Curious to see how this works out. Currently the links in the navigation and overview point to the full URLs, and the short ones are only implemented with rewrites in nginx and visible in the canonical hints.