Andreas Happe: tech
Using a (host) reverse-proxy together with LXC application servers
The basic idea is to move application servers into LXC containers while keeping the HTTP server part (which is also responsible for hosting static files) on the host system. Normally an incoming request would be handled by an HTTP server on the host as well as by an HTTP server on the virtualized client: 1 browser -> http server(host) -> http server (guest) -> app-server (guest) I’m configuring the host HTTP server to directly communicate with the app worker, thus:
How to convert an KVM image into a LXC container
KVM was an improvement over Xen for me. Still for many use-cases a LXC are a more performance, light-weight alternative – which also seems to be en vougue nowadays. Through switching to LXC I’ve reduced my overall memory usage a bit – the main benefit is, that processes within an LXC container are separated processes within the host system. This should allow the host system to manage memory (think cache, buffers, swap, etc.
How to use virt-install to install new virtual machines within libvirt/kvm
I’ve been using KVM and virt-install to manage virtual machines on one of my servers, this post shows how to use virt-install. According to the package management system I’m having the following packages installed: 1 2 3 4 5 6 7 8 9 root@edgewalker ~ # dpkg -l | grep virt ii libvirt-bin 1.1.1-0ubuntu8.1 amd64 programs for the libvirt library ii libvirt0 1.1.1-0ubuntu8.1 amd64 library for interfacing with different virtualization systems ii munin-libvirt-plugins 0.
How-to setup a rogue access point with a transparent HTTP(s) proxy
I’m always reading about dangerous rogue access points but never actually have seen one in action. So what better than create a test setup.. Hardware for this test setup will be my old linux notebook (a macbook pro) as fake access point a small deal extreme network card (Ralink 5070 chipset). I’ve actually bought three differnet wireless cards for under $20 and am trying out the different chipsets. This card is rather small (like an usb stick), so it isn’t to conspicous The basic idea is to use hostap to create a virtual access point.
How to use FakeS3 for S3 testing
I’m contributing to a secure cloud project (well, it’s not that secure yet, but getting there..). It’s backend storage options include S3 so I want to test the S3-functionality against a locally installed S3 server. I first tried to utilize OpenStack Object Storage (Swift) or Riak, but both solutions were rather heavy-weight and cumbersome to setup. Bear in mind, that I just wanted some fake S3 storage server which would be deployed within a local network (without any internet connection).
Linux: How to force an application to use a given VPN tunnel
I’ve changed my approach and am now using a simple docker setup to achieve the same result Somehow I have to use VPN services throughout the day: when pen-testing from abroads I really need to login to my company’s network first. Otherwise my provider is kinda grumpy when I’m doing fast non-cloaked scans against large companies. also when pen-testing I like to use some cloaking VPNs to test the client’s detection capabilities if I would ever use bit-torrent I’d really like to make sure that the torrent program can only communicate through a private proxy (as pia).
Git with transparent encryption
This is part three of a series about encrypted file storage/archive systems. My plan is to try out duplicity, git using transparent encryption, s3-based storage systems, git-annex and encfs+sshfs as alternatives to Dropbox/Wuala/Spideroak. The conclusion will be a blog post containing a comparison a.k.a. “executive summary” of my findings. Stay tuned. git was originally written by Linus Torvalds as SCM tool for the Linux Kernel. It’s decentralized approach fits well into online OSS projects, it slowly got the decentralized OSS of choice for many.
Encrypted S3 storage filesystems
This is part two of a series about encrypted file storage/archive systems. My plan is to try out duplicity, git using transparent encryption, s3-based storage systems, git-annex and encfs+sshfs as alternatives to Dropbox/Wuala/Spideroak. The conclusion will be a blog post containing a comparison a.k.a. “executive summary” of my findings. Stay tuned. This post tries some filesystems that directly access S3. I’ll focus on Amazon’s S3 offering, but there should be many alternatives, i.
Secure Online Data Backup using Duplicity
This is part two of a series about encrypted file storage/archive systems. My plan is to try out duplicity, git using transparent encryption, s3-based storage systems, git-annex and encfs+sshfs as alternatives to Dropbox/Wuala/Spideroak. The conclusion will be a blog post containing a comparison a.k.a. “executive summary” of my findings. Stay tuned. Duplicity is a command-line tool similar to rsync: you give it two locations and it synchronizes the first location to the second.
Avoiding Internet/Network Surveillance
Last week’s World Conference on International Telecommunications (WCIT) brought internet surveillance into public news: one outcome of the conference was standardization of DPI technology. This infrastructure standard will make it easier for governments to implement large-scale surveillance and/or filtering. Funny thing is that governments are already having those capabilities, they only want to standardize it. The public outrage came too late. So let’s protect you from governments at home or abroad, the RIAA, MPAA, random eavesdroppers and anyone else that want to listen in on your secrets while you’re surfing the Internet.