|
|
<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="4.0.0">Jekyll</generator><link href="http://localhost:4000/feed.xml" rel="self" type="application/atom+xml" /><link href="http://localhost:4000/" rel="alternate" type="text/html" /><updated>2020-08-18T23:00:11+00:00</updated><id>http://localhost:4000/feed.xml</id><entry><title type="html">How to Solve The Django Deployment Puzzle</title><link href="http://localhost:4000/2020/08/16/django-deployment.html" rel="alternate" type="text/html" title="How to Solve The Django Deployment Puzzle" /><published>2020-08-16T00:00:00+00:00</published><updated>2020-08-16T00:00:00+00:00</updated><id>http://localhost:4000/2020/08/16/django-deployment</id><content type="html" xml:base="http://localhost:4000/2020/08/16/django-deployment.html"><p>A few days ago I had a Django project I wanted to put on a real server.
|
|
|
This project is still in its infancy, but I thought it would be nice to put it on my resume and show my friends.
|
|
|
Little did I know the headache coming my way.
|
|
|
Here are some tips to help you not make the same mistakes as me.</p>
|
|
|
|
|
|
<h3 id="asgi-servers">ASGI Servers</h3>
|
|
|
|
|
|
<p>Because my project used the ASGI (Asynchronous webServer Gateway Interface),
|
|
|
I needed to find a good production ASGI server to handle all the incoming requests.
|
|
|
The best thing I found was <a href="http://www.uvicorn.org/">uvicorn</a>.
|
|
|
It focuses on speed, which is a priority, especially when using the ASGI protocol.</p>
|
|
|
|
|
|
<p>To run uvicorn on the command line for testing purposes, use something like the following:</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ uvicorn --reload myapp.asgi:application
|
|
|
</pre>
|
|
|
|
|
|
<p>The <code class="highlighter-rouge">--reload</code> option says to reload the server if any of the files get updated.
|
|
|
This is not recommended in production.
|
|
|
Sadly, I thought this meant I would need to do a hard shutdown of the server process every time I wanted to update.
|
|
|
This turned out to not be the case.</p>
|
|
|
|
|
|
<h3 id="workload-managers">Workload Managers</h3>
|
|
|
|
|
|
<p>There is another equine-named program called <a href="https://gunicorn.org/">gunicorn</a>
|
|
|
which can hold a number of processes under its control.
|
|
|
An interesting feature of <code class="highlighter-rouge">gunicorn</code> is that it will gracefully switch from an old to a new deployment,
|
|
|
replacing the subprocesses one-by-one and eventually having only the new deployment active on all subprocesses.
|
|
|
The greatest part? Zero down time.
|
|
|
The server keeps any old processes open if there is communication with them,
|
|
|
then shift and new connections to the new deployment.
|
|
|
This was a very cool feature I wanted to take advantage of.</p>
|
|
|
|
|
|
<p>“Now hold on!” you might protest.
|
|
|
“gunicorn is a WSGI server!” … oh you got me there!
|
|
|
Yes, that’s right, <code class="highlighter-rouge">gunicorn</code> is paired with <code class="highlighter-rouge">uvicorn</code> to serve my files.</p>
|
|
|
|
|
|
<h3 id="systemd">systemd</h3>
|
|
|
|
|
|
<p>Love it or hate it, the majority of Linux distributions use the <code class="highlighter-rouge">systemd</code> init system.
|
|
|
I decided it would be very convenient to have a .service file for my Django application to run automatically at boot.
|
|
|
<code class="highlighter-rouge">Systemd</code> allows me to do this with a file like the following one I stored in <code class="highlighter-rouge">/lib/systemd/system/lamegames.service</code>.</p>
|
|
|
|
|
|
<pre class="file">
|
|
|
[Unit]
|
|
|
Description=Gunicorn/Uvicorn (lamegames.io)
|
|
|
|
|
|
[Service]
|
|
|
WorkingDirectory=/home/lame/lamegames.io
|
|
|
Type=simple
|
|
|
RemainAfterExit=yes
|
|
|
ExecStart=/home/lame/lamegames.io/env/bin/gunicorn lamegames.asgi:application -w 2 -k uvicorn.workers.UvicornWorker
|
|
|
ExecStop=/bin/kill -HUP $MAINPID
|
|
|
Restart=always
|
|
|
|
|
|
[Install]
|
|
|
WantedBy=multi-user.target
|
|
|
</pre>
|
|
|
|
|
|
<h3 id="nginx">nginx</h3>
|
|
|
|
|
|
<p>NGINX (pronounced engine-X) is a performance web server designed for speed and simplicity.
|
|
|
For the front facing side of the site, I do need a production web server like nginx.
|
|
|
Gunicorn simply doesn’t need all the features that nginx provides, but I do.
|
|
|
To configure my nginx installation, I used the following few directives to:</p>
|
|
|
|
|
|
<ol>
|
|
|
<li>Redirect most traffic towards the gunicorn server.</li>
|
|
|
<li>Redirect statically served files (CSS, JS, images) to the directory specified in the STATIC_ROOT variable of my <code class="highlighter-rouge">settings.py</code> file.</li>
|
|
|
<li>Use TLS to enable https://</li>
|
|
|
</ol>
|
|
|
|
|
|
<p>Serving the static files from nginx as opposed to the <code class="highlighter-rouge">gunicorn</code> server is necessary.
|
|
|
Gunicorn and other production A/WSGI web server will not set the proper MIME type over TLS.
|
|
|
This will cause your browser to not load the Javascript/CSS.</p>
|
|
|
|
|
|
<p>This is the important part of my nginx config.</p>
|
|
|
|
|
|
<pre class="file">
|
|
|
server {
|
|
|
location / {
|
|
|
proxy_set_header Host $http_host;
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
# these two lines ensure that WebSocket, and HTTP2 connection are forwarded correctly
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
proxy_set_header Connection "Upgrade";
|
|
|
proxy_redirect off;
|
|
|
proxy_buffering off;
|
|
|
# this forwards all traffic to the local server on port 8000
|
|
|
proxy_pass http://localhost:8000;
|
|
|
}
|
|
|
|
|
|
# This forwards all static requests to Django's STATIC_ROOT set in settings.py; it is generated using the collectstatic command.
|
|
|
location /static {
|
|
|
autoindex on;
|
|
|
alias /home/lame/lamegames.io/static_generated;
|
|
|
}
|
|
|
}
|
|
|
</pre>
|
|
|
|
|
|
<h3 id="setup">Setup</h3>
|
|
|
|
|
|
<p>After all that, I was able to do the following:</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
# systemctl enable lamegames
|
|
|
</pre>
|
|
|
|
|
|
<p>This enabled my <code class="highlighter-rouge">gunicorn</code> server to run once the server started.
|
|
|
NGINX is that way be default.</p>
|
|
|
|
|
|
<p>And tada! You now have a working Django project on a production server!</p>
|
|
|
|
|
|
<h4 id="notes">Notes</h4>
|
|
|
|
|
|
<ul>
|
|
|
<li>If using ws:// websockets, change them to wss:// for secure web sockets.</li>
|
|
|
<li>Make sure to use channels.routing.get_default_application() instead of django.get_asgi_application() if your’re wanting to use channels/redis WebSockets.</li>
|
|
|
</ul></content><author><name></name></author><summary type="html">A few days ago I had a Django project I wanted to put on a real server. This project is still in its infancy, but I thought it would be nice to put it on my resume and show my friends. Little did I know the headache coming my way. Here are some tips to help you not make the same mistakes as me.</summary></entry><entry><title type="html">BSD Journey, Part 1</title><link href="http://localhost:4000/2020/08/15/openbsd1.html" rel="alternate" type="text/html" title="BSD Journey, Part 1" /><published>2020-08-15T00:00:00+00:00</published><updated>2020-08-15T00:00:00+00:00</updated><id>http://localhost:4000/2020/08/15/openbsd1</id><content type="html" xml:base="http://localhost:4000/2020/08/15/openbsd1.html"><p>As Linux becomes controlled by corporate sponsors and becomes more full of proprietary blobs, drivers, and even closed-source software like Steam,
|
|
|
One may wonder if there are other options out there.
|
|
|
For me, somebody that is intensely interested in security, there is one option: OpenBSD.</p>
|
|
|
|
|
|
<p>Now, my interest in OpenBSD has been going on for a long time.
|
|
|
I started poking around for Linux alternatives way back a few years ago when Linus Torvalds decided to leave after he got in trouble for some
|
|
|
<a href="https://arstechnica.com/information-technology/2013/07/linus-torvalds-defends-his-right-to-shame-linux-kernel-developers/">unprofessional behaviour</a>.
|
|
|
That said, Linus did come back to Linux development,
|
|
|
but I knew that his abrasive style is what brought good code to the Linux kernel.
|
|
|
I also knew that his ability to be critical would be hurt by the new
|
|
|
<a href="https://itsfoss.com/linux-code-of-conduct/">code of conduct</a>.
|
|
|
It would become a tool for the SJW types to hammer on Linus for being a “white male, et al.”;
|
|
|
It would become a tool for the easily offended to use to get their dumb code into Linux;
|
|
|
It would become a tool for the corporatization, the HR-ification of Linux.
|
|
|
Frankly, this does not interest me.</p>
|
|
|
|
|
|
<p>Now I’m sure that OpenBSD has its own internal policies that I disagree with.
|
|
|
That said, Theo De Raadt is still at least known for calling Firefox an “amorphous peace of garbage” due to its lack of privilege separation.
|
|
|
And, in their <a href="https://openbsd.org/goals.html">project goals</a> page, they specifically mention:</p>
|
|
|
|
|
|
<blockquote>
|
|
|
<p>Be as politics-free as possible; solutions should be decided on the basis of technical merit.</p>
|
|
|
</blockquote>
|
|
|
|
|
|
<p>Now that’s something I can get behind!
|
|
|
Bet you that’s not in the Linux COC?</p>
|
|
|
|
|
|
<p>He also went to university in my hometown, so that’s pretty cool!
|
|
|
I can support a local madman who thinks he can make a better operating system than all those corporations.
|
|
|
Maybe he was right, maybe not. What I know is I am excited to find out!</p>
|
|
|
|
|
|
<p>Wish my luck on my OpenBSD journey. I will post updates here along the way.</p>
|
|
|
|
|
|
<p>Happy hacking!</p></content><author><name></name></author><summary type="html">As Linux becomes controlled by corporate sponsors and becomes more full of proprietary blobs, drivers, and even closed-source software like Steam, One may wonder if there are other options out there. For me, somebody that is intensely interested in security, there is one option: OpenBSD.</summary></entry><entry><title type="html">Know How Your Representative Votes In Parliament</title><link href="http://localhost:4000/2020/07/30/canadian-parliament.html" rel="alternate" type="text/html" title="Know How Your Representative Votes In Parliament" /><published>2020-07-30T00:00:00+00:00</published><updated>2020-07-30T00:00:00+00:00</updated><id>http://localhost:4000/2020/07/30/canadian-parliament</id><content type="html" xml:base="http://localhost:4000/2020/07/30/canadian-parliament.html"><p>As an advocate for openness, I had an idea to make a project out of the government of Canada’s <a href="https://open.canada.ca/en/open-data">Open Data</a>
|
|
|
initiative to take a look at how my local MP voted on various pieces of legislation.
|
|
|
It turns out though that this was not necessary due to how easy it was to find this information on the government’s own website.
|
|
|
In this article, I will explain how you can do the same.</p>
|
|
|
|
|
|
<h3 id="1-find-your-representative">1. Find Your Representative</h3>
|
|
|
|
|
|
<p>The first step in this process is to find who your representative is.
|
|
|
To do so, go to the government’s own website
|
|
|
<a href="https://www.ourcommons.ca/Members/en">ourcommons.ca’s search tool</a>.</p>
|
|
|
|
|
|
<p>Simply type in your postal code in the search box to find out who your MP is.</p>
|
|
|
|
|
|
<h3 id="2-their-voting-record">2. Their Voting Record</h3>
|
|
|
|
|
|
<p>Every MP’s voting record is public knowledge,
|
|
|
and it is available nice and simple in a table on that MP’s page.
|
|
|
For example, this is a link to
|
|
|
<a href="https://www.ourcommons.ca/Members/en/pierre-poilievre(25524)/votes">Pierre Poilievre’s voting record</a>.</p>
|
|
|
|
|
|
<p>To find your MP’s voting record, do step one, then:
|
|
|
After the <strong>Overview</strong>, and <strong>Seat in The House</strong> sections,
|
|
|
there are three tabs, <strong>Roles</strong>, <strong>Work</strong>, and <strong>Contact</strong>.
|
|
|
Click on work.
|
|
|
At the bottom of that tab is a link which says <strong>Chamber Votes</strong>.
|
|
|
This will open a small window with some recent votes by this politician.
|
|
|
If you want to see all their votes, there is a button at the bottom named <strong>All Votes by This Member</strong>.</p>
|
|
|
|
|
|
<p>Tada! You can now keep your local MP accountable for anything you do or do not support.</p>
|
|
|
|
|
|
<h3 id="3-bill-details">3. Bill Details</h3>
|
|
|
|
|
|
<p>If you want to get into the nitty gritty,
|
|
|
once you open a specific bill, you can actually find out the status of said bill,
|
|
|
or read the actual text by clicking the <strong>View this Bill on LEGISinfo</strong> button.</p>
|
|
|
|
|
|
<p>Both the status of the bill, and a link to a PDF document containing the bilingual text of the bill are visible in the main body of the page.</p>
|
|
|
|
|
|
<h4 id="conclusion">Conclusion</h4>
|
|
|
|
|
|
<p>I thought this was pretty cool!
|
|
|
It was <em>way</em> simpler than I thought it would be.</p>
|
|
|
|
|
|
<p>Thanks, Canada!</p></content><author><name></name></author><summary type="html">As an advocate for openness, I had an idea to make a project out of the government of Canada’s Open Data initiative to take a look at how my local MP voted on various pieces of legislation. It turns out though that this was not necessary due to how easy it was to find this information on the government’s own website. In this article, I will explain how you can do the same.</summary></entry><entry><title type="html">Installing MultiCraft on Gentoo Linux</title><link href="http://localhost:4000/2020/07/19/multicraft-php-gentoo.html" rel="alternate" type="text/html" title="Installing MultiCraft on Gentoo Linux" /><published>2020-07-19T00:00:00+00:00</published><updated>2020-07-19T00:00:00+00:00</updated><id>http://localhost:4000/2020/07/19/multicraft-php-gentoo</id><content type="html" xml:base="http://localhost:4000/2020/07/19/multicraft-php-gentoo.html"><p>In a very odd combination of requirements,
|
|
|
I needed to install <a href="https://multicraft.org">MultiCraft</a> on a Gentoo Linux system.
|
|
|
The PHP <code class="highlighter-rouge">USE</code> flags are important so you don’t have to recompile it three times like I did.</p>
|
|
|
|
|
|
<p>Here are some useful tips I came across:</p>
|
|
|
|
|
|
<h3 id="php-use-flags">PHP <code class="highlighter-rouge">USE</code> flags</h3>
|
|
|
|
|
|
<p>In <code class="highlighter-rouge">/etc/portage/package.use/php</code> I placed the following line:</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
dev-lang/php cgi mysql mysqli fpm pdo gd truetype
|
|
|
</pre>
|
|
|
|
|
|
<p>This should give you enough for a mysql backended MultiCraft installation.
|
|
|
The <code class="highlighter-rouge">cgi</code> option may not be required as <code class="highlighter-rouge">fpm</code> stands for <em>FastCGI Process Managment</em>.
|
|
|
I don’t know for sure though.</p>
|
|
|
|
|
|
<h3 id="paper">Paper</h3>
|
|
|
|
|
|
<p>This will grab the latest version of the Paper jar file using <a href="https://yivesmirror.com">YivesMirror</a>.
|
|
|
I’m not sure how reputable it is,
|
|
|
but my buddy who works with this stuff more often than me seemed to recognize it.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
## See the default craftbukkit.jar.conf for a detailed documentation of the
|
|
|
## format of this file.
|
|
|
[config]
|
|
|
name = Paper 1.16.1 Latest
|
|
|
source = https://yivesmirror.com/files/paper/Paper-1.16.1-latest.jar
|
|
|
category = Mods
|
|
|
|
|
|
[encoding]
|
|
|
#encode = system
|
|
|
#decode = system
|
|
|
#fileEncoding = latin-1
|
|
|
|
|
|
[start]
|
|
|
command = "{JAVA}" -Xmx{MAX_MEMORY}M -Xms{START_MEMORY}M -XX:MaxPermSize=128M -Djline.terminal=jline.UnsupportedTerminal -jar "{JAR}" nogui
|
|
|
</pre>
|
|
|
|
|
|
<h3 id="other-tips">Other Tips</h3>
|
|
|
|
|
|
<p>Do not use the option to setup a separate user for each server.
|
|
|
This completely stalled any work getting done with a ton of ‘permission denied’ errors.</p>
|
|
|
|
|
|
<h4 id="security">Security</h4>
|
|
|
|
|
|
<p>If the panel is in the root directory of your NGINX web server,
|
|
|
use the following in your server block to deny access to the <code class="highlighter-rouge">/protected</code> directory.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
location /protected {
|
|
|
deny all;
|
|
|
return 404;
|
|
|
}
|
|
|
</pre>
|
|
|
|
|
|
<h5 id="mysql">MySQL</h5>
|
|
|
|
|
|
<p>It is always good practice to separate privileges.
|
|
|
The MultiCraft daemon should have one SQL login,
|
|
|
with one database allocated to it.
|
|
|
The MultiCraft panel should have a separate SQL login,
|
|
|
with a separate database allocated to it.</p>
|
|
|
|
|
|
<p>You can do this with the following commands in your MySQL prompt:</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
sql&gt; CREATE DATABASE multicraft_daemon_database;
|
|
|
Query OK, 0 rows affected (0.01 sec)
|
|
|
|
|
|
sql&gt; CREATE DATABASE multicraft_panel_database;
|
|
|
Query OK, 0 rows affected (0.01 sec)
|
|
|
|
|
|
sql&gt; CREATE USER 'muilticraft_daemon'@'localhost' IDENTIFIED BY 'strong password here';
|
|
|
Query OK, 0 rows affected (0.01 sec)
|
|
|
|
|
|
sql&gt; CREATE USER 'multicraft_panel'@'localhost' IDENTIFIED BY 'different strong password here';
|
|
|
Query OK, 0 rows affected (0.01 sec)
|
|
|
|
|
|
sql&gt; GRANT ALL PRIVILEGES ON multicraft_daemon_database . * TO 'multicraft_daemon'@'localhost';
|
|
|
Query OK, 0 rows affected (0.01 sec)
|
|
|
|
|
|
sql&gt; GRANT ALL PRIVILEGES ON multicraft_panel_database . * TO 'mutlicraft_panel'@'localhost';
|
|
|
Query OK, 0 rows affected (0.01 sec)
|
|
|
|
|
|
</pre>
|
|
|
|
|
|
<p>During setup, make sure the proper credentials are used for each step.
|
|
|
Database 1 is the panel database.
|
|
|
Database 2 is the daemon database.</p>
|
|
|
|
|
|
<p>Happy hacking :)</p></content><author><name></name></author><summary type="html">In a very odd combination of requirements, I needed to install MultiCraft on a Gentoo Linux system. The PHP USE flags are important so you don’t have to recompile it three times like I did.</summary></entry><entry><title type="html">Independence</title><link href="http://localhost:4000/2020/07/12/independence.html" rel="alternate" type="text/html" title="Independence" /><published>2020-07-12T00:00:00+00:00</published><updated>2020-07-12T00:00:00+00:00</updated><id>http://localhost:4000/2020/07/12/independence</id><content type="html" xml:base="http://localhost:4000/2020/07/12/independence.html"><blockquote>
|
|
|
<p>“When given a choice between independence and dependence, always choose independence; you will never regret that choice!”—Luke Smith</p>
|
|
|
</blockquote>
|
|
|
|
|
|
<p>Whatever you may believe about the YouTube personality Luke Smith,
|
|
|
the quote above summarizes a core principle of mine.
|
|
|
Much like many people have religious principles, I have <em>Independence</em>.</p>
|
|
|
|
|
|
<p>My choice to use Linux as my primary operating system,
|
|
|
host my own website,
|
|
|
own my own domain name—all of these are directly related to this core principle of independence.</p>
|
|
|
|
|
|
<p>I never want a man, or a company to have too much power over my life.
|
|
|
Just like I would not trust just any person to be able to read my emails,
|
|
|
know where I live, where I am going, who are my friends, what do I believe; in the same way, I do not trust a company with that same information.</p>
|
|
|
|
|
|
<blockquote>
|
|
|
<p>“If you want to find out what a man is to the bottom, give him power. Any man can stand adversity — only a great man can stand prosperity.”—Robert Ingersoll</p>
|
|
|
</blockquote>
|
|
|
|
|
|
<p>Take control of your own digital life:</p>
|
|
|
|
|
|
<ol>
|
|
|
<li>Own your own domain.</li>
|
|
|
<li>Hookup an email and a website to that.</li>
|
|
|
</ol>
|
|
|
|
|
|
<p>That’s it!</p>
|
|
|
|
|
|
<p>Without this, any of your internet privileges can be revoked at any time by Google, Facebook, YouTube, Twitter, or even an angry Twitter Mob. Maybe because they hate your skin colour, maybe they hate your religious/political views, or maybe you got caught on a technicality.</p>
|
|
|
|
|
|
<p>If you own your own domain, however:</p>
|
|
|
|
|
|
<p>Your email provider goes down/bans you: change your provider; keep the email.</p>
|
|
|
|
|
|
<p>Your website is pulled for controversial views: switch hosts.</p>
|
|
|
|
|
|
<p>Protect yourself; give yourself choices.
|
|
|
Why give others that power when you could have it for yourself?</p></content><author><name></name></author><summary type="html">“When given a choice between independence and dependence, always choose independence; you will never regret that choice!”—Luke Smith</summary></entry><entry><title type="html">How to use tmux to send and receive things from your Minecraft server</title><link href="http://localhost:4000/2020/06/25/tmux-minecraft.html" rel="alternate" type="text/html" title="How to use tmux to send and receive things from your Minecraft server" /><published>2020-06-25T00:00:00+00:00</published><updated>2020-06-25T00:00:00+00:00</updated><id>http://localhost:4000/2020/06/25/tmux-minecraft</id><content type="html" xml:base="http://localhost:4000/2020/06/25/tmux-minecraft.html"><p>So recently I had problem.
|
|
|
I run a Minecraft server on a big Linux computer I have running in my room.
|
|
|
Now, as a system administrator it is very helpful to be able to run some simple commands without needing to login with my key, password, TFA, etc.
|
|
|
It is, frankly, a lot of work.
|
|
|
Especially when I really just want to be playing games but I just need to check something quickly.</p>
|
|
|
|
|
|
<p>So for simple things like finding out of the network, CPU, memory or disk usage is my bottleneck, I wrote this really nifty script to connect the world of Minecraft and the Linux shell.</p>
|
|
|
|
|
|
<p>My completed solution for what I needed can be found at <a href="https://github.com/TTWNO/termcraft/">https://github.com/TTWNO/termcraft</a>.</p>
|
|
|
|
|
|
<p>If you want some of the implementation details, stick around.</p>
|
|
|
|
|
|
<h2 id="solution">Solution</h2>
|
|
|
|
|
|
<p>So to solve this interesting problem, I decided to use <code class="highlighter-rouge">tmux</code>.
|
|
|
<code class="highlighter-rouge">tmux</code> is a <strong>t</strong>terminal <strong>mu</strong>ltiple<strong>x</strong>er.
|
|
|
This allows you to run a terminal session, then detach fromc it while it still runs in the background.</p>
|
|
|
|
|
|
<p>This is very valuable when running command line applications that need to have an active console connection, like a Minecraft server.</p>
|
|
|
|
|
|
<p>So first I looked at the <code class="highlighter-rouge">tmux</code> command <code class="highlighter-rouge">send-keys</code>.</p>
|
|
|
|
|
|
<h4 id="send-keys"><code class="highlighter-rouge">send-keys</code></h4>
|
|
|
|
|
|
<p><code class="highlighter-rouge">send-keys</code> allows you to send text, and key presses to a <code class="highlighter-rouge">tmux</code> session.
|
|
|
Now assuming this <code class="highlighter-rouge">tmux</code> session is attached to a Minecraft server,
|
|
|
there is no reason you could not run a command like this:</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ tmux send-keys "tell @a This is a Test" Enter
|
|
|
</pre>
|
|
|
|
|
|
<p>This will send the text “tell @a This is a Test” to the Minecraft server.
|
|
|
Then, it will hit the newline character, this will execute the command.</p>
|
|
|
|
|
|
<p>So now we can send information to the server and have it tell the users something.</p>
|
|
|
|
|
|
<p>But how do we get information about who is typing what in the Minecraft chat?</p>
|
|
|
|
|
|
<h3 id="tmuxs-capture-pane-is-painful"><code class="highlighter-rouge">tmux</code>’s <code class="highlighter-rouge">capture-pane</code> is painful</h3>
|
|
|
|
|
|
<p>So in the manual page for <code class="highlighter-rouge">tmux</code> I can see a section recorded below for options I can give to the <code class="highlighter-rouge">capture-pane</code> subcommand.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
-S and -E specify the starting and ending line numbers,
|
|
|
zero is the first line of the visible pane and negative
|
|
|
numbers are lines in the history. ‘-’ to -S is the start
|
|
|
of the history and to -E the end of the visible pane. The
|
|
|
default is to capture only the visible contents of the pane.
|
|
|
</pre>
|
|
|
|
|
|
<p>What it seems to be saying is I can start at line <code class="highlighter-rouge">-S n</code> and end at line <code class="highlighter-rouge">-E n</code>.
|
|
|
Negative numbers start from the bottom, so <em>in theory</em> I can do the following: <code class="highlighter-rouge">tmux capture-pane -S -1</code> should capture only the last line, because I’m starting from the last line. Right?</p>
|
|
|
|
|
|
<p>No. It just doesn’t work. Negative numbers do <em>not</em> work with the <code class="highlighter-rouge">tmux capture-pane</code> subcommand.</p>
|
|
|
|
|
|
<p>So I did some simple UNIX piping, like so, to get just the last thing in the chat.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ tmux capture-pane -p -t steve | tail -n1
|
|
|
[SERVER] [ExtraDebuggingInfoHere]: &lt;TaterTheTot&gt; MY_MESSAGE
|
|
|
</pre>
|
|
|
<p>TaterTheTot is my Minecraft username :)</p>
|
|
|
|
|
|
<p><code class="highlighter-rouge">-p</code> prints the result to the terminal/stdout.</p>
|
|
|
|
|
|
<p><code class="highlighter-rouge">steve</code> is the name of the tmux session I’m trying to pull form.</p>
|
|
|
|
|
|
<p>So that’s done! Beauty!</p>
|
|
|
|
|
|
<p>Now that we have that, how can we extract the username and the message from the latest line?</p>
|
|
|
|
|
|
<h3 id="grep"><code class="highlighter-rouge">grep</code></h3>
|
|
|
|
|
|
<p><code class="highlighter-rouge">grep</code> is a command to find patterns of text.
|
|
|
<code class="highlighter-rouge">grep</code> has an option to only show a matching pattern of text.
|
|
|
This option is <code class="highlighter-rouge">-o</code>.</p>
|
|
|
|
|
|
<p>Let’s see how we can use this in conjunction with our latest line of server output to get our results.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ echo "[DEBUG] [SERVER] blah blah: &lt;TaterTheTot&gt; MY_MESAGE" | grep -o "&lt;.&ast;&gt;"
|
|
|
&lt;TaterTheTot&gt;
|
|
|
</pre>
|
|
|
|
|
|
<p>Now, that’s my name with the &lt; and &gt; attached. Not bad!
|
|
|
We can use the <code class="highlighter-rouge">sed</code> command to clean it up a bit.</p>
|
|
|
|
|
|
<p>The syntax is like so: <code class="highlighter-rouge">select/somepattern/replacewith/global</code></p>
|
|
|
|
|
|
<p>So the following command is: <code class="highlighter-rouge">s/[&lt;&gt;]//g</code></p>
|
|
|
|
|
|
<p>Select any characters that are either &lt; or &gt;.
|
|
|
Replace with nothing.
|
|
|
Do so globally (as in, don’t stop after you replace only one character).</p>
|
|
|
|
|
|
<p>Take two!</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ echo "[DEBUG] [SERVER] blah blah: &lt;TaterTheTot&gt; MY_MESAGE" | grep -o "&lt;.&ast;&gt;" | sed 's/[&lt;&gt;]//g'
|
|
|
TaterTheTot
|
|
|
</pre>
|
|
|
|
|
|
<p>Beautiful!</p>
|
|
|
|
|
|
<p>Now what about that pesky message?</p>
|
|
|
|
|
|
<h3 id="more-grep-more-sed">more <code class="highlighter-rouge">grep</code>; more <code class="highlighter-rouge">sed</code></h3>
|
|
|
|
|
|
<p>Simple: capture everything after the &gt;. Leaving the user’s message entirely in tact.</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ echo "[DEBUG] [SERVER] blah blah: &lt;TaterTheTot&gt; MY_MESAGE" | grep -o "&gt;.&ast;$" | sed 's/&gt; //'
|
|
|
MY_MESSAGE
|
|
|
</pre>
|
|
|
|
|
|
<p>So now we have a way to get the username of someone typing in the Minecraft server chat.
|
|
|
We have a way to find out what they said.
|
|
|
And, we have a way to respond.</p>
|
|
|
|
|
|
<p>You can imagine how these might go together for your own use case.</p>
|
|
|
|
|
|
<h3 id="conclusion">Conclusion</h3>
|
|
|
|
|
|
<p>This shows some pretty fun stuff you can do with a few simple Linux commands and a Minecraft server.</p>
|
|
|
|
|
|
<p>I hope you learned something and found my explanations not horrific haha!</p>
|
|
|
|
|
|
<p>Remember to checkout the git repository to see what I did with it: <a href="https://github.com/TTWNO/termcraft">https://github.com/TTWNO/termcraft</a>.</p>
|
|
|
|
|
|
<p>Happy hacking!</p></content><author><name></name></author><summary type="html">So recently I had problem. I run a Minecraft server on a big Linux computer I have running in my room. Now, as a system administrator it is very helpful to be able to run some simple commands without needing to login with my key, password, TFA, etc. It is, frankly, a lot of work. Especially when I really just want to be playing games but I just need to check something quickly.</summary></entry><entry><title type="html">Site Update</title><link href="http://localhost:4000/2020/06/04/site-update.html" rel="alternate" type="text/html" title="Site Update" /><published>2020-06-04T00:00:00+00:00</published><updated>2020-06-04T00:00:00+00:00</updated><id>http://localhost:4000/2020/06/04/site-update</id><content type="html" xml:base="http://localhost:4000/2020/06/04/site-update.html"><p>I updated the site with some easier to identify information about me and my projects :)</p>
|
|
|
|
|
|
<p>Also, Clue has been delayed due to my partner in crime on the project wokring too many hours.</p>
|
|
|
|
|
|
<p>I also posted a new project called <em><a href="https://github.com/TTWNO/caesar-cipher">Caesar Cipher</a></em> in C. It will be an intermediate example of how to use build systems like <code class="highlighter-rouge">make</code>.</p></content><author><name></name></author><summary type="html">I updated the site with some easier to identify information about me and my projects :)</summary></entry><entry><title type="html">New Game: Clue (coming soon)</title><link href="http://localhost:4000/2020/05/19/clue-announcement.html" rel="alternate" type="text/html" title="New Game: Clue (coming soon)" /><published>2020-05-19T00:00:00+00:00</published><updated>2020-05-19T00:00:00+00:00</updated><id>http://localhost:4000/2020/05/19/clue-announcement</id><content type="html" xml:base="http://localhost:4000/2020/05/19/clue-announcement.html"><p>Ooo! Exciting!
|
|
|
Today I want to announce a new project I’ll be working on which should be live within the month of May:
|
|
|
Clue.</p>
|
|
|
|
|
|
<p>The original board game, implemented in an accessible format via the web.</p>
|
|
|
|
|
|
<p>It uses a Node.js backend and standard Javascript/HTML frontend.
|
|
|
Nothing fancy.</p>
|
|
|
|
|
|
<p>All the code will be hosted here: <a href="https://github.com/TTWNO/clue">https://github.com/TTWNO/clue</a></p>
|
|
|
|
|
|
<p>It will be licensed under the BSD-3 license, meaning it can be used for any reason—even commercially and without source-code disclosure—without prior authorization, but it <em>must</em> acknowledge that I helped build the end product.</p>
|
|
|
|
|
|
<p>Once the project is live, it will be located at: <a href="">Lame Games</a> (currently a dead link).</p></content><author><name></name></author><summary type="html">Ooo! Exciting! Today I want to announce a new project I’ll be working on which should be live within the month of May: Clue.</summary></entry><entry><title type="html">How to use NGINX as a reverse-proxy server for a Node.js application using socket.io</title><link href="http://localhost:4000/2020/05/01/nginx-socket-io-projects.html" rel="alternate" type="text/html" title="How to use NGINX as a reverse-proxy server for a Node.js application using socket.io" /><published>2020-05-01T00:00:00+00:00</published><updated>2020-05-01T00:00:00+00:00</updated><id>http://localhost:4000/2020/05/01/nginx-socket-io-projects</id><content type="html" xml:base="http://localhost:4000/2020/05/01/nginx-socket-io-projects.html"><p>Despite the long name of the article, I have a feeling this may apply to more people than I might think.
|
|
|
If you have a Node.js application which needs socket.io connections that you want to pass throgh nginx’s <code class="highlighter-rouge">reverse_proxy</code> directive then this is the article for you!</p>
|
|
|
|
|
|
<p>You <em>must</em> seperate the socket.io sockets and the static resources.</p>
|
|
|
|
|
|
<ul>
|
|
|
<li>The socket connections can be routed through the default <code class="highlighter-rouge">$host/socket.io</code> if you want to ease modifications to the source code.</li>
|
|
|
<li>The connections to your main npm Node.js application can be routed through the relevant directory.</li>
|
|
|
</ul>
|
|
|
|
|
|
<p>Here is the relevant part of my <code class="highlighter-rouge">projects.tait.tech.conf</code> file:</p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
location /socket.io {
|
|
|
proxy_pass http://localhost:8080/socket.io/;
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
proxy_set_header Connection "upgrade";
|
|
|
proxy_http_version 1.1;
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
proxy_set_header Host $host;
|
|
|
}
|
|
|
|
|
|
location /ttrpg {
|
|
|
proxy_pass http://localhost:8080/;
|
|
|
proxy_set_header Host $host;
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
}
|
|
|
</pre>
|
|
|
|
|
|
<h3 id="explaination">Explaination:</h3>
|
|
|
|
|
|
<p>For this application,
|
|
|
I needed the <code class="highlighter-rouge">/ttrpg</code> directory to connect to my main Node.js instance. This was going to be the root of a ttrpg project.
|
|
|
It was to have static files served form my Node.js application.</p>
|
|
|
|
|
|
<p>I also needed <code class="highlighter-rouge">/socket.io</code> to conenct to my running <code class="highlighter-rouge">npm</code> instance.
|
|
|
When I tried to route all the traffic through the <code class="highlighter-rouge">/trrpg</code> location directive
|
|
|
I had no luck whatsoever;
|
|
|
<code class="highlighter-rouge">$host/ttrpg/socket.io/*</code> calls <em>always</em> failed with a 404.</p>
|
|
|
|
|
|
<p>Having two seperate blocks forwarding in different ways seems to fix this.
|
|
|
I am not knowledgable enough to understand how.</p>
|
|
|
|
|
|
<p>For now, the project is alive!!!</p>
|
|
|
|
|
|
<p>Happy hacking!</p>
|
|
|
|
|
|
<p><em>P.S. I forgot to mention I also symbolically linked the <code class="highlighter-rouge">socket.io.js</code> file (that node is supposed to serve automatically) to the static client dir.
|
|
|
For some reson the node instance would not serve this file without that.</em></p>
|
|
|
|
|
|
<pre class="terminal">
|
|
|
$ pwd
|
|
|
/home/user/ttrpg.co/client
|
|
|
$ ln -s ../server/node_modules/socket.io-client/dist/socket.io.js .
|
|
|
</pre>
|
|
|
|
|
|
<p><em>Happy hacking 2.0!</em></p></content><author><name></name></author><summary type="html">Despite the long name of the article, I have a feeling this may apply to more people than I might think. If you have a Node.js application which needs socket.io connections that you want to pass throgh nginx’s reverse_proxy directive then this is the article for you!</summary></entry><entry><title type="html">What is XSS?</title><link href="http://localhost:4000/2020/04/25/xss.html" rel="alternate" type="text/html" title="What is XSS?" /><published>2020-04-25T00:00:00+00:00</published><updated>2020-04-25T00:00:00+00:00</updated><id>http://localhost:4000/2020/04/25/xss</id><content type="html" xml:base="http://localhost:4000/2020/04/25/xss.html"><p>I found a cross-site scripting (XSS) attack
|
|
|
in a well-known quiz hosting website.
|
|
|
I disclosed the vulnerability to them years ago, so I thought
|
|
|
now might be a good time to write about it.</p>
|
|
|
|
|
|
<p>In this first article I will explain what XSS is.</p>
|
|
|
|
|
|
<p>In the next article I will explain how I found this attack.</p>
|
|
|
|
|
|
<h2 id="what-is-cross-site-scripting-xss">What is cross-site scripting (XSS)</h2>
|
|
|
|
|
|
<p>Cross-site scripting, XSS for short,
|
|
|
is a technique to execute arbitrary Javascript code on a user visiting a website
|
|
|
by linking to Javascript code stored on another server.</p>
|
|
|
|
|
|
<p>So for example:</p>
|
|
|
|
|
|
<p>I have a file on my website called <a href="/assets/js/hacked.js">hacked.js</a>.
|
|
|
If I was able to run this javascript file on anybody visiting a certain website <em>that is not mine</em>, this would be called cross-site scripting.</p>
|
|
|
|
|
|
<p>Click the above <code class="highlighter-rouge">hacked.js</code> link to view the code I use to “hack” this website.
|
|
|
It’s safe, I promise ;)</p>
|
|
|
|
|
|
<p>Now, how can we get this code to execute when a user visits this site?
|
|
|
To explain, I will start with some of the underlying technologies.</p>
|
|
|
|
|
|
<h3 id="escape-characters">Escape Characters!</h3>
|
|
|
|
|
|
<p>No, this is not a Sherlock Holmes novel!</p>
|
|
|
|
|
|
<p>If we suppose that a website is built with sequences like these (called “tags”):
|
|
|
<code class="highlighter-rouge">&lt;body&gt;</code>, <code class="highlighter-rouge">&lt;p&gt;</code> (for paragraph), <code class="highlighter-rouge">&lt;link&gt;</code> and <code class="highlighter-rouge">&lt;b&gt;</code> for bold,
|
|
|
then why can you <em>see</em> the left and right angle bracket characters?
|
|
|
Don’t they mean something? Shouldn’t they be telling the browser:
|
|
|
<em>“Hey! Make me bold!”?</em>
|
|
|
Why <em>doesn’t</em> everything after me typing <code class="highlighter-rouge">&lt;b&gt;</code> turn bold?</p>
|
|
|
|
|
|
<p>The answer is:</p>
|
|
|
|
|
|
<p>There are special characters in HTML to type a visible left (&lt;)
|
|
|
and visible right angle bracket (&gt;) in a website.
|
|
|
If I use the left and right brackets on my keyboard however,
|
|
|
things will indeed <b>show up bold</b>.</p>
|
|
|
|
|
|
<p>This is the code for the sentence I wrote above:</p>
|
|
|
<pre class="terminal">
|
|
|
There are special characters in HTML to type a visible left (&amp;lt;)
|
|
|
and visible right angle bracket (&amp;gt;) in a website.
|
|
|
If I use the left and right brackets on my keyboard however,
|
|
|
things will indeed &lt;b&gt;show up bold&lt;/b&gt;.
|
|
|
</pre>
|
|
|
|
|
|
<p>Notice how all visible left angle brackets use an <code class="highlighter-rouge">&amp;lt;</code> to show them?</p>
|
|
|
|
|
|
<p>These are called <a href="https://en.wikipedia.org/wiki/Escape_character">escape characters</a>.
|
|
|
They tell a system, in this case your web browser:
|
|
|
<em>“Hello! Please show me off! I don’t want to be hidden.”</em></p>
|
|
|
|
|
|
<h4 id="sanitization">Sanitization</h4>
|
|
|
|
|
|
<p>Most of the time XSS attacks are done using poorly sanitized HTML <code class="highlighter-rouge">&lt;input&gt;</code> elements.</p>
|
|
|
|
|
|
<p>Sanitization is when a program (usually on the server side),
|
|
|
will remove characters like <code class="highlighter-rouge">&lt;</code> and replace them with the aforementioned “escape characters”.
|
|
|
Internally this would be something like <code class="highlighter-rouge">&amp;lt;</code>,
|
|
|
but they would show up to a user as <code class="highlighter-rouge">&lt;</code>.</p>
|
|
|
|
|
|
<p>When inputs are not properly sanitized <em>and</em> the input is shown to the user in another part of the website,
|
|
|
then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed.
|
|
|
For example: a name for a quiz website (input) and the leaderboard for said quiz (display).</p>
|
|
|
|
|
|
<p>HTML, by itself is not very dangerous.
|
|
|
The worst thing you could do is probably put a link on your name,
|
|
|
and then point it to a porn site.
|
|
|
Make your name bold, italic. Maybe make the background a funny color.
|
|
|
Although this may annoy your victim it is not dangerous security wise.</p>
|
|
|
|
|
|
<p>There is one tag however, that <em>is</em> scary…</p>
|
|
|
|
|
|
<h2 id="script"><code class="highlighter-rouge">&lt;script&gt;</code></h2>
|
|
|
|
|
|
<p>The <code class="highlighter-rouge">&lt;script&gt;</code> tag allows you to write code that can:</p>
|
|
|
|
|
|
<ol>
|
|
|
<li>Change the page contents.</li>
|
|
|
<li>Redirect the user to a new page automatically.</li>
|
|
|
<li>Get a user’s location.</li>
|
|
|
<li>Open a user’s microphone/webcam.</li>
|
|
|
<li>With the <code class="highlighter-rouge">src</code> <a href="https://www.w3schools.com/htmL/html_attributes.asp">attribute</a> you can also load a script from another site. (This is XSS)</li>
|
|
|
</ol>
|
|
|
|
|
|
<p>Those last two will ask for permission from the user (if their browser isn’t insanely insecure).</p>
|
|
|
|
|
|
<p>In my next article I’ll talk about a website I found which is vulnerable to this attack.
|
|
|
And, show you how you can run your own XSS attack.</p></content><author><name></name></author><summary type="html">I found a cross-site scripting (XSS) attack in a well-known quiz hosting website. I disclosed the vulnerability to them years ago, so I thought now might be a good time to write about it.</summary></entry></feed> |
