Ramon conblem

Last Updated: 8/30/18

Details

I wanted to run an OpenVPN server on the USG. Since it has a Radius server built in, I figured this would be a much better way to handle OpenVPN authentication. Make sure you have the Radius server enabled on your USG under Settings > Services > Radius > Server in the controller. Add OpenVpn users under Settings > Services > Radius > Server.

Thanks to the following resources in helping to configure this:

The main point is to save the SSL/TLS keys those used by the web browser (SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log).
In the example below we run brand new instance of Google Chrome (--user-data-dir=/tmp/tmp-google do the trick):
SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/tmp-google
Then run the Wireshark and open the Preferences -> Protocols -> SSL, where we put the path to the SSL keys log file into the (Pre)-Master-Secret log filename field.
Now all SSL/TLS traffic from this browser instance will be decrypted.

Make sure your rust application uses https://github.com/gnzlbg/jemallocator as the global memory allocator (when in doubt, grep jemallocator in your Cargo.lock).
Install jemalloc (we'll only need jeprof), dot, ps2pdf and libunwind on your system. Enable jemallocator's profiling feature (if jemallocator is an indirect dependency, one trick to do is to add a dependency jemallocator = { version = "*", features = ["profiling"] } to your app and let cargo select the || of features for you).
export _RJEM_MALLOC_CONF=prof:true,lg_prof_interval:32,lg_prof_sample:19. lg_prof_interval sets how often profile dump should be written to disk measured in allocated bytes. The value is passed as a power of two, which is 2^32 in our case, i.e. every 4 GiB of allocations of long-lived objects (see https://github.com/jemalloc/jemalloc/wiki/Use-Case%3A-Heap-Profiling). lg_prof_sample:19 tells jemalloc to take a profiling sample every 2^19 = 512 KiB.
Running your binary should produce a bun

Some hosting providers like scaleway allows to remove the IPv4 from the VPS in order to save 1€/month but doing this will result in losing connectivity to the "IPv4 world".
Or you may have ordered a VPS that only has IPv6 connectivity and you want to access to a resource only accessible from the "IPv4 world".
Here is how to gain your access back to the "IPv4 world".

Change your name servers(s) to DNS64 name servers(s)

Note: You may deploy your own DNS64 & NAT64 server on a separate server by following this tutorial (untested): https://packetpushers.net/nat64-setup-using-tayga/.
Note²: You may find a explanation of what is NAT64 and DNS64 on Wikipedia.

Choose a/multiple DNS64 public server(s) that has/have its own NAT64 public service from this list:

Background

The instructions for setting up the Unifi Controller on ARM do not cover ARM64. The documentation states that ARM64 is not supported but hints it can be setup manually. The documentation also states that Java 8 is currently required. The following is therefore clearly in unsupported territory but so far seems to work fine. The internet has numerous references and resources but they weren't all easy to find and the ones I read required some modification for my configuration.

Note for the future: double check versions and source documentation if these instructions are dated. Also these instructions are specifically tailored for Ubuntu. See original references for other platforms.

Last update March 25, 2021

Base configuration

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

	#!/bin/bash

	# UDP:
	socat UDP4-LISTEN:5683,fork,su=nobody UDP6:[aaaa::212:4b00:615:a1f7]:5683

	# TCP:
	socat TCP4-LISTEN:22,fork,su=nobody TCP6:[2a01:198:79d:1::8]:22

	# UDP, IPv6
	socat UDP6-LISTEN:5683,fork,su=nobody UDP6:[aaaa::212:4b00:615:a1f7]:5683

	docker run \
	--name {{printf "%q" .Name}} \
	{{- with .HostConfig}}
	{{- if .Privileged}}
	--privileged \
	{{- end}}
	{{- if .AutoRemove}}
	--rm \
	{{- end}}
	{{- if .Runtime}}

	#!/usr/bin/env python3
	#
	# Simple Intel x520 EEPROM patcher
	# Modifies the EEPROM to unlock the card for non-intel branded SFP modules.
	#
	# Copyright 2020,2021,2022 Andreas Thienemann <[email protected]>
	#
	# Licensed under the GPLv3
	#
	# Based on research described at https://forums.servethehome.com/index.php?threads/patching-intel-x520-eeprom-to-unlock-all-sfp-transceivers.24634/