Some months since I hadn't published anything, I know that is a very long time ago. :( I had a lot of things to do. Of course, I work and learn new things. For myself and in order to continue to be autonomous about services I used, I hosted two new services for myself. Lufi and Searx. If I hosted them for myself, I had to share access them to others, It just normal I think, give and receive. You can access to the instances
*from the official git repository
To install it, I mainly used a tutorial created by Framasoft and these contributors. In parallel, I always see the official installation guide before doing anything. Lufi is not so easy to install because it uses Websocket and it is very painful to configure the web server correctly.
Lufi means Let's Upload that FIle. Lufi is tested and working on the following browsers / devices :
Internet Explorer 11
iOS devices (ipad, iphone)
Android devices (Galaxy tab, Galaxy S8)
It stores files and allows you to download them. Is that all? No. All the files are encrypted by the browser
! It means that your files never leave your computer unencrypted. The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP. The encryption key part of the URL is a anchor (Cf. Fragment Identifier), that means this part is only processed client-side and does not reach the server. :-)
I deliberately choose to allow storage to one week. My Lufi instance must no be dedicated to store files for a long period but to exchange them quickly and securely.
Searx is a free metasearch engine with the aim of protecting the privacy of its users. If you want to choose searx as default search engine to Firefox, you have to install add-to-search addon.
At the end of the installation, you can get a page which tell you page not found. You can find a solution here, you just have to add a rewrite rule to apache2.
RewriteRule "^/$" "/searx/" [R]
Options FollowSymLinks Indexes
Searx can also be used as web proxy in order to replace your IP by the server's IP. I disable this feature to avoid any problem because If my IP server was associated to a questionable navigation.
Other maintenance stuff and improvements
I upgrade the Privatebin instance from 1.0.1 to 1.1.1. This update fix an security issue. Even if the version available is not vulnerable, I take no risk and upgrade it. Moreover, application version currently deployed are now display in the services page. I know it is not recommend because it helps attacker to know the version but there are a lot of other way to discover it. I hope users will check before using services in order to see if they are updated or not and choose to use them knowing that. You can also found the date of availability.
The same last words. Could you please didn't forget to not do anything wrong or use them in an abusing way; I hope you will enjoy these news services as I do.
Have a good day,
Hello Everyone, (or maybe someone if someone is reading me)
It is a very long time ago that I didn't publish anything (probably one month in fact). As you probably didn't know, I host this blog on my own server. Or must I have to day, hosted. I will soon leave to another country and will not be able to host it in my own house.
To keep all services online, I choose to migrate everything in a host in wich I trust. Maybe the time has passed since but I begin to think than creating technical article or hostings services is not the better way to contribute to the community.
Nevertheless, I will continue to share my knowledge and discovery as much as possible and provide usefull services.
Some weeks since I hadn't published anything. I got a lot of work to do and I didn't take time to make an article. :(
Since the last time, I have worked on two subjects. The first one is to make available a new service, Lufi. Lufi is a web application which allow for the user to store files securely. The file is encrypted in the server, the url is encrypted too, and you can add an authentification check to download it.
At the same time, I worked on securing my server. Even if I work in computer security and I have already done the basics, fail2ban install, backup automatic, logs, ssh key authentification etc, I want to go further. I think that security, confidentially and availability are the most important things when you have a server. I prefer to share less services but secure services with high availabity rather than a lot of services but often down or dangerous. To do that, I read about ISO 27000 and PCI-DSS (Payment Card Industry Data Security Standard). I will also read some books about that because I think it is essential to be ok with that before proposing services with more complexe features and risk.
That's why I am working on installing zabbix. Zabbix is a program which only the user to know easily if all services are up and everything is ok. As i used container and virtual machine, it required more and more time to monitor them and I hope that zabbix could help me to do that. As I have a container and a virtual machine, I have installed Zabbix and Zabbix proxy. I will makea very big tutorial soon I think to share how I did and what issues I got. I am very close to finish my installation.
I keep working.
It is the second episode of "My 4 hours contribution per week". Even if am very busy at this moment, I try to continue to keep this new habbit.
During this 4 hours, I didn't get time to find new information about Yacy, I will let it aside. Otherwise, I configure my architecture to clearly divide two flux. One for my private services, and the second one for this blog and public services.
Even if my knowledge in network are limited, I succeed in it and that's made me happy. Moreover, create some bash script to automate the creation of contener and apache2 virtualhost with correct configuration. It will help me to make new services available faster.
Finaly, I am glad to announce a privatebin instance is now available . For those who didn't know what it is, PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. You can use it to store text securely and share it with the certainty no one can read it if he is not allowed.
You can access at privatebin.mirabellette.netlib.re
It is the first service I made available to the community. I hope it will you will find it usefull.
See you next week for a new contribution
For some months, I tought about how I can help others and how I can contribute to improve this world. This wish is something that it is really important for me. That's why I decided to give 4 hours each week. It is not a lot but step by step I hope I will be able to my part.
Before contributing, I think it is very important for me to protect my privacy and avoid risk to be personnaly involve. To do that, I will use a specific ip for this activity. I know it is very easy to find my real name from this website. However, clearly divide part of my own internet activity and my contribution is a good first step.
I also know that even though I know a lot, I know I do not know much more.. That's why I decided to be very carefull before involving myself in a community or host a new services. I could be jugde responsible for that so I need to be prudent.
The first service I thought to host is Yacy. Yacy is an open source procet and free search engine. After installed it, I thought about crawling the web to index it. Nevertheless, a very big issue come to my mind. What will happen to me if I index an illegal website. Justice can find me with it and I can get trouble. I finally decide not to do crawl internet with yacy. Moreover, Yacy looks very old and an important part of his administration panel is accessible to anybody.
That's why I finally decided to disable it until it is more secure and I get answer to my question.
What I did during this first 4 hours :
- create a specific openvpn client to isolate the network
- buy a specific IP which will only be used by this kind of services
- install YACY in a container (http://yacy.net/en/)
- put yacy accessible to internet and at the end disable it