mindnotes

fast notes about tech stuff

In this case, the registration is open with review with e-mail validation.

creating the account updates

docker-compose run --rm shell bin/tootctl accounts create updates --email updates@bolha.us --confirmed

confirming the e-mail

docker-compose run --rm shell bin/tootctl accounts modify --confirm updates

Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

Translation tools

Video Platform Frontends

Text Editors

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

adduser ulysses
pveum user list
pveum user add ulysses@pam
pveum user list
pveum acl modify  --roles PVEAdmin --users ulysses@pam
pveum user list

that's it.

just a reminder!

refs

Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

Translation tools

Video Platform Frontends

Text Editors

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

Don't use RSA or ECDSA, not anymore.

Use ed25519; it's simple, shorter, and more secure!

ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/gutocarvalho_ed25519 -C "gutocarvalho@bolha.us"

add to your agent to use easily

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/gutocarvalho_ed25519

ED25519?

Ed25519 is a public-key signature algorithm that was proposed by Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang in their paper High-speed high-security signatures (doi.org/10.1007/s13389-012-0027-1) in 2011. More precisely, Ed25519 is an instance of the Edwards-curve Digital Signature Algorithm (EdDSA), where a twisted Edwards curve birationally equivalent to the curve called Curve25519 is used. Curve25599 is a very fast elliptic-curve-Diffie-Hellmann function that was proposed by Daniel J. Bernstein in his paper Curve25519: new Diffie-Hellman speed records in 2006.

Text from: https://blog.peterruppel.de/ed25519-for-ssh/

Why?

There are several aspects that make Ed25519 appealing for authentication in SSH:

  • Ed25519 is considered to be secure (similar difficulty to breaking a ~3000-bit RSA key).
  • Creating a new signature with Ed25519 does not require a random input. This is very desirable from a security perspective (see the Playstation3 hack above...).
  • Ed25519 is resilient to hash-function collisions. This is good because it provides some additional protection in case the selected hash function contained some weakness.
  • Ed25519 is immune to cache-timing attacks, hyperthreading attacks, and other side-channel attacks that rely on leakage of addresses through the CPU cache. This is also very desirable from a security perspective.
  • Ed25519 does not use secret branch conditions, i.e., it is immune to side-channel attacks that rely on leakage of information through the branch-prediction unit.

Text from: https://blog.peterruppel.de/ed25519-for-ssh/

References

Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

Translation tools

Video Platform Frontends

Text Editors

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

sha512 shadow passwords

mkpasswd

$ apt install whois -y
$ mkpasswd --method=sha-512

using openssl

passing password

$ openssl passwd -6 '<password>'

passing both password and salt

$ openssl passwd -6 --salt '<salt>' '<password>'

passing via stdin

$ openssl passwd -6 -stdin

using python

$ python -c 'import crypt; print(crypt.crypt("<password>", crypt.mksalt(crypt.METHOD_SHA512)))'

using ruby

$ ruby -e 'require "securerandom"; puts SecureRandom.alphanumeric(20).crypt("$6$" + rand(36 ** 8).to_s(36))'

normal random passwords

using openssl with hex

$ openssl rand -hex 15

using openssl with base64

$ openssl rand -base64 15

using urandom

$ cat /dev/urandom | LC_ALL=C tr -dc 'a-zA-Z0-9-_\$' | fold -w 25 | sed 1q

bcrypt

using httpd

$ htpasswd -bnBC 10 "" password | tr -d ':\n' | sed 's/$2y/$2a/'

Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

Translation tools

Video Platform Frontends

Text Editors

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

A simple script that you can schedule in your cron.

#!/bin/bash

INSTANCE_URL="https://bolha.us"
TOKEN="YOUR_TOKEN_HERE"
TOOT="YOUR_MESSAGE_HERE"

curl ${INSTANCE_URL}/api/v1/statuses -H "Authorization: Bearer $TOKEN" -F "status=${TOOT}"

:)

Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

Translation tools

Video Platform Frontends

Text Editors

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

How to get the list of all blocked instances in your instance using CURL and the Mastodon API?

It's simple!

$ curl -s https://bolha.us/api/v1/instance/domain_blocks|jq

:)

Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

Translation tools

Video Platform Frontends

Text Editors

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

This is what you need to do to import a P12 certificate using the terminal. It's helpful if you need permission to open the Keychain Access app.

command

$ security import ./JOSE_AUGUSTO_DA_COSTA_CARVALHO.p12 -P 123456
1 identity imported

:)

Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

Translation tools

Video Platform Frontends

Text Editors

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

Remember to run these commands daily for those installing Mastodon instances to keep your server running smoothly.

Runing in a non-docker installation

$ tootctl search deploy
$ tootctl media remove --days=30
$ tootctl preview_cards remove --days=30

Running in a docker-compose installation

docker-compose -f /opt/mastodon-docker/docker-compose.yml run --rm shell tootctl search deploy

docker-compose -f /opt/mastodon-docker/docker-compose.yml run --rm shell tootctl media remove --days=30

docker-compose -f /opt/mastodon-docker/docker-compose.yml run --rm shell tootctl preview_cards remove --days=30

In our example, the mastodon docker config resides on the directory /opt/mastodon-docker.

Understanding each task

The first command (search deploy) will read the data inside your elastic search, create indexes for toots, tags, and links, and populate the explore page.

The last two commands will remove content from external instances cached in your disk. They will remove images, audio, video, avatars, user image headers (media remove) and preview cards thumbnails (preview_cards remove).

Creating cronjobs

# Daily 2 AM

00 2 * * * /opt/mastodon-scripts/clear_attachments.sh

# Daily 2:30 AM

30 2 * * * /opt/mastodon-scripts/clear_preview_cards.sh

# Daily 3:00 AM

00 3 * * * /opt/mastodon-scripts/generate_search_index.sh

In our example, the scripts reside in the directory /opt/mastodon-scripts.

Refs

Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

Translation tools

Video Platform Frontends

Text Editors

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]

This tip is for Mastodon admins only.

If you have internal accounts like this...

@help@bolha.us @notices@bolha.us @tips@bolha.us @status@bolha.us @backup@bolha.us

...and want to define that every one of your instance needs to follow them, you can do this:

$ docker-compose -f /opt/mastodon-docker/docker-compose.yml run --rm shell tootctl accounts follow status

And to be sure that everyone is following, you can create a cronjob to enforce this every day.

35 4 * * * /opt/mastodon-scripts/follow.sh

Please only do this with service accounts.

Be sure to inform this inside your about/rules page.

Use with moderation and always respect the privacy of your community.

refs

Mastodon with docker?

:)

Did you like our content?

We have a lot to share; visit our site!

Our fediverse services ;)

Chat and video? We have it!

Translation tools

Video Platform Frontends

Text Editors

You can also visit our hacking space!

Follow our founder!

Follow the status of our tools

Do you want to support us? You can!

See you!

[s]