Skip to content

WG-Held – Hack the House project presentation

2016 May 5
by admin

Nice sum up on our HackTheHouse 2nd price.

Flattr this!

Introducing: Vault Project or How to setup an Encryption Server

2016 April 1

Let’s talk about credentials. Credentials! Who doesn’t work without any secret data which should never go public? Sure, sure, we’d never share those secrets public, but then there’s git, and github and.. BAAMM.. credentials exposed. Upps!

To avoid this, it’s common sense to NOT checkin any credentials. NEVER. EVER. We make use of .gitignore, cfg templates and placeholders. But nevertheless it’s a hassle, especially when working in a team, where a credential exchange is sometimes required. In past, I preferred the solution where an encryption server in a save environment took care about encrypting/decrypting data. Once the data is encrypted, it’s save to checkin, store and share in the same way like any other data. Only users (or systems) with access rights for the encryption server can decrypt the data. Instant WIN! But how to setup such a server?

Introducing: Vault Project

I recently came across the Vault Project which exactly meet all my needs. In addition, it’s open source, simple to use and comes with very good documentation and tutorials. Nevertheless, I couldn’t find all the steps required to setup an encryption server in one place, so here they are:

How to setup an Encryption server with Vault

First, setup a new vault server on a remote machine by following those steps:

    1. Create a config file docs

    touch vault.cfg

    For our case we just need a simple file backend and expose the vault via tcp

backend "file" {
  path = "/Users/<username>/.vaultstore"
}


listener "tcp" {
  address = "127.0.0.1:8200"
  tls_disable = 1
}

See the vault config docs for other options.

    1. Now start the server …

    vault server -config vault.cfg

    1. … and run the init procedure: docs

    vault init -address=http://127.0.0.1:8200

    This will output five keys and a root token. Make sure to keep those keys save, once lost you wouldn’t be able to unseal your vault, and therefore gain access. The root token is needed to authenticate against the server. To remove the need of passing in the host address all the time, you can set the value with VAULT_ADDR too: export VAULT_ADDR=http://127.0.0.1:8200

    1. Unseal vault docs

    On start, the vault is sealed, and can only be opened with the keys generated at the very beginning. Unseal is done with:

    vault unseal

    Execute this three times, and enter a different key each time.

DONE! Now the server is up and running and you can connect from you local machine to the vault.

    1. Authenticate with the server

    The vault only accepts authenticated connections, for that create a auth token with:

    vault auth

    Enter the root token-key obtained from step 1. Later, I’d strongly recommend to use a non-root token.

    1. Enable github auth backend docs

    In order to allow other people access to the vault and decrypt data, it’s the easiest to enable github authentication. In this case, every user part to a specific github team is able to obtain an auth-token themselves.

    Enable github auth:

    vault auth-enable github

    Register github org:
    vault write auth/github/config organization=<your org name>

    …and a team:
    vault write auth/github/map/teams/<your team name> value=root

    Now, any team member can get access to the vault with a github token:
    vault auth -method=github token=<github token>

    Whereas <github token> only requires the ‘read:org’ scope to be granted. Once auth is complete the actual vault token will be stored in ~/.vault-token and allows the user to connect to the vault.

  • 7.Enable transit backend docs

    Per default, vault stores data associated with a key. But for our case, we want to encrypt data on the fly and manage storage within our SCM instead. Encryption only is enabled with the ‘tranist backend’:

    vault mount transit

    Add a key name to generate an encryption key:

    vault write -f transit/keys/<key name>

    The actual encryption key can be retrieved via:
    vault read --format=json transit/raw/<key name>

DONE! Now the encryption server is ready to encrypt. For this I used json as response format and jq to extract the data.

  • 1.Encrypt:
echo -n "<your secret data>" | base64 | vault write --format=json transit/encrypt/<key name> plaintext=- | jq -r .data.ciphertext
  • 2.Decrypt:
vault write --format=json transit/decrypt/<key name> ciphertext=<your ciphertext> | jq -r .data.plaintext | base64 -D

Finally, let’s create some bash functions to make life easy:

export VAULT_ADDR="<you server IP:PORT>"
export VAULT_KEY="<key name>"

function _encrypt {
  base64 | vault write --format=json transit/encrypt/$VAULT_KEY plaintext=- | jq -r .data.ciphertext
}

function _decrypt {
  vault write --format=json transit/decrypt/$VAULT_KEY ciphertext=- | jq -r .data.plaintext | base64 -D
}

# encrypt data.
# Usage: encryptd "<data>"
function encryptd {
  echo $1 | _encrypt
}

# decrypt data.
# Usage: decryptd <ciphtertext>
function decryptd {
  echo -n $1 | _decrypt
}

# encrypt file. will overwrite existing ones! 
# Usage: encryptf <filename>
function encryptf {
  cat $1 | _encrypt > $1.enc
}

# decrypt file. will overwrite existing ones! 
# Usage: decryptf <filename>
function decryptf {
  cat $1 | _decrypt > `basename -s .enc $1`
}

# decrypt file and open for edit. on close encrypt changes.
# Usage: editcrypt <filename>
function editcrypt {
  cat $1 | _decrypt > $1.tmp && $EDITOR $1.tmp && cat $1.tmp | _encrypt > $1 && rm $1.tmp
}

Sweeeeeett!

On thing to mention is adding the non-encrypted files to you .gitignore. This ensures the file wont end up in your repo by accident:

$ cat .gitignore
# only checkin the encrypted version
/database.yml
/!database.yml.enc

I hope this helped setting up your own vault server. These are just the first rough steps. Vault allows way more, like very granular access management, various auth and storage backends etc. Again, I strongly recommend to check their docs https://vaultproject.io/docs and follow the interactive tutorial https://vaultproject.io/#/demo/0.c

Keep your data save!

[proofread by Daniel – thanks!]

Flattr this!

The Expert

2015 September 3
Comments Off on The Expert
tags:
by admin

Flattr this!

How I revived my iPod classic 4th genation with Flash Memory!!

2015 August 10
Comments Off on How I revived my iPod classic 4th genation with Flash Memory!!
by tobi

Since a very long time, I had my old 4th Generation iPod laying around. With iPhone, SoundCloud & Co, I hadn’t had any use for it – until now: my Camping Van came ‘only’ with a CD Radio and an Aux-In – which is perfect for my Ipod. If it would only work. Battery was down, and even worse – the Harddisk crashed. But a quick google made me hope: there’s indeed a chance to replace the HD with Flash memory. Faster, cheeper and less power consumption. I had to try it.
So I followed those super easy steps Eddie posted on instructables:

http://www.instructables.com/id/Convert-your-4th-Gen-iPod-to-use-Flash-Memory

Main trick is to get a ‘IDE 50 Pin Male zu CF Compact Flash Female Adapter’ – on ebay or similar for just 5 EURs. Compact Flash memory you get for abt. 1EUR per GB, which int total, made the 40GB replacement quite cheap. It just took me minutes to replace the harddrive, including a new Battery. Now my more than 10 years(!!) old iPod works better like never before! Amazing.

Happy Hacking!

Flattr this!

Satzuma Missile Launcher finally works with USB Missile Launcher NZ v1.8.2 on Mac

2015 May 23

img8077_14925

Good news: I finally got the Satzuma Missile Launcher working on my Mac Yosemite. Solution it the latest (unfortunately unreleased) version of USB Missile Launcher NZ. You can download USB Missile Launcher NZ v1.8.2 from here, a source I found after digging through the comments of version 1.8.1 announcement:

https://dgwilson.wordpress.com/2012/01/11/usb-missile-launcher-nz-v1-8-1-release/#comment-10069

To get started with Satzuma, install v1.8.2, restart you Mac (bummer), open `USB Missile Launcher NZ.app`, go to Preferences -> Launcher and
enter `1046` for VendorId, `3777` for ProductId and change Controls to Satzuma (see screenshot) – Boom! You’re all set – happy shooting!

Screen Shot 2015-05-20 at 11.41.11

Next, I want to check https://code.google.com/p/pymissile – having a working CLI version would be so much better!

Flattr this!

Things ‘NOT TO DO’ to a Pinball Machine

2015 May 3
Comments Off on Things ‘NOT TO DO’ to a Pinball Machine
tags:
by tobi

For the record: a great post by Tim Arnold – things ‘NOT TO DO’ to a Pinball Machine:

http://www.zaccaria-pinball.com/misc/arnold.html

Flattr this!

HackedTheHouse – and won 2nd Price!

2015 March 3
Comments Off on HackedTheHouse – and won 2nd Price!

Last weekend I attended HackTheHouse, a 24hrs Hackathon in Berlin, organized by Relayr and BSH – all in the Name of IoT. I teamed up with Chris(ccb23), Clemens and Roby from Italy. We had a blast!

We were given a couple of BSH Home appliances, Relayr WunderBars, Arduino, RaspberryPi, Seeedstudio Grove, Nest etc. – so all the Toys a hardware hacker only could think of.

Our idea was to bring FUN the to dull, boring household tasks.  We solve this problem by gamify cleaning duties – regular household tasks are turned into a big game, you score every-time you fulfill a task, as sooner and thoroughly, as more points you get.

After 24hrs we presented a first prototype – including a dishwasher, a smart trashcan and a smart broom. The jury was amazed and we scored the 2nd price!

See our Hacklog, Repository, Pictures and more here:

http://www.hackster.io/hackthehouse/wgheld

Flattr this!

Maslow’s pyramid of code review

2015 February 26
Comments Off on Maslow’s pyramid of code review
by admin

Must Read:  http://blog.d3in.org/post/111338685456/maslows-pyramid-of-code-review

Flattr this!

Great sources for great Software Development

2015 February 2
Comments Off on Great sources for great Software Development

There was recently a call on the Softwerkskammer Emailgroup for good sources to improve ones software development skills. Here a summary of all recommendations:

* Buch: Headfirst Design Patterns

* OOSE, Vielleicht hilft Dir das hier weiter: http://www.oose.de/training/objektorientiertes-design-mit-entwurfsmustern/

  – OOSE für die Schulung ‘iSAQB’

* http://www.sigs-datacom.de/seminare/akademien/clean-code-developer.html .

* Videoreihe von Robert C. Martin: http://cleancoders.com

* Robert C. Martin – Agile Software Development, Principles, Patterns, Practices. In this book the notion of SOLID Principles is very well documented. 

* Gang of Four – Design Patterns: Elements of Reusable Object-Oriented Software

* Apprenticeship Patterns http://shop.oreilly.com/product/9780596518387.do 

* Skillsmatters  Von ndc  Oredev

* State: Tennis Kata http://garajeando.blogspot.de/2012/11/refactoring-kata-tennis-to-state-pattern.html

  – Bsp zur Tennis Kata: http://blog.ploeh.dk/2011/05/16/TennisKatawithimmutabletypesandacyclomaticcomplexityof1/

*  “refactoring to patterns” von joshua kerievsky

* Video-seite wurde ich alles von Kevlin Henney

*  “Domain Driven Design” von Eric Evans für Einsteiger ist “implementing Domain driven Design”

* “Being the Worst” podcast 

* m.feathers mit “working effectivly with legacy Code”

* “Refactoring – Improving the Design of Existing Code”. Fowler ist ein Meister des OO-Design und das Buch ist voller Beispiele. http://martinfowler.com/books/refactoring.html

Flattr this!

IrDude – A simple android app to control my stereo via IR

2014 December 17
Comments Off on IrDude – A simple android app to control my stereo via IR
by admin

I recently wrote a simple Android App which allows me to control my HarmonKardon Avr-35 stereo remotely via IR. Presenting: IrDude.

It uses the an undocumented Samsung IR API, so its unfortunately very much tight to Samsung galaxy note 10.1 tablet. Nevertheless, it does the Job for my, and is hopefully a good starting point for other to do similar. Check http://www.remotecentral.com to find hex codes to support other devices.

https://github.com/rngtng/IrDude

[image from IR PUCK]

Flattr this!