Blog cleanup

Today I cleaned the blog up a little. I removed the (hard to read) main menu at the top and moved the relevant topics over to the sidebar into the “More information” box. Makes information easier to find and the top of the page is a bit slimmer.

I also added a new page with an overview of a few of the more interesting public and private (web) services I’m running. This makes it easier for me to update the page when I add or remove a service, and easier for you all to see what I’m running, how to reach it, and what kind of uptime can be expected.

And last but not least I switched out the font to something that is slightly better readable with this layout and color scheme and tweaked the CSS a little bit.

Organizing your Steam library

I’ve had a steam account since 2003, so unsurprisingly I’ve accumulated a bunch of games over time thanks to summer sales, winter sales, humble bundles, …
As a way to give users a means to sort and categorize games, Steam introduced categories a while back. You can add arbitrary categories, and have a game in multiple categories, and categories are synced to your account so they appear on multiple devices. The downside is that you have to set categories for each game manually.

Here is where a nifty tools come in hand: Depressurizer (download)

It provides a user friendly interface for organizing your categories, making it easy to mass categories games. But it’s most useful feature is the ability to auto-categorize games. It can do so via various criteria like genres, Steam flags (e.g. “Single-Player” or “Steam Cloud”), Steam tags, Developer & Publisher info, How Long to Beat times, release year, and/or Steam review user scores.

Once automatically categorized it is easy to find games on your library that are Local co-op, or maybe you are feeling like playing a Dungeon Crawler game today, or just want to browse games you have with an Overwhelmingly Positive rating.

I use a unique prefix for the different auto-categories so it is easy to tell them apart in steam. It also doesn’t mess with existing categories, so it’s easy to manage both categories from depressurizer and your own manual ones.

And this is an example of how the end result looks like
in Steam

 

 

 

 

 

 

 

 

 

A short list of cheap but useful network devices to have handy.

Here is a snort list of useful, off the shelf, network devices that sell for around $50. Not necessarily stuff that you would want use long-term in production, but more for the one-off projects or for troubleshooting. 

First off is a 5-Port Gigabit switch from Netgear (the GS105Ev2).
It is interesting because it supports port mirroring and only costs about $35. That’s a really good price. It obviously isn’t going to replace a real network tap and you will lose traffic if the upstream plus downstream you are copying are together more than 1Gbit of traffic (but that’s a problem you always have when mirroring ports 1:1). It is dirt cheap, fanless and small enough to throw in a bag, can’t go wrong with this one. Need a temporary tap to monitor traffic? Just pop it inline and you are good to go.

 

If you are more of a DIY kind of person, I’d suggest the ESPRESSObin.
It sells for about $50 and is a single board computer with Gigabit network interfaces and a SATA interface. It is based on ARM architecture and runs Linux.
Since it has multiple Gbit interfaces and you can hook a HDD up to it you have a wide array of possibilities you could use it for. A lot of network traffic monitoring situations come to mind, where you would want to keep copies of the traffic in question for later analysis.

 

Another little useful device is the EdgeRouter X from Ubiquiti.
As the name suggests it’s a router and sells for about $55 The nice thing about this device is that it runs Linux (or more specifically a fork of Vyatta), so you can dig into it to get it to do things not available on the GUI.
5 Gbit ports, RIP and OSPF routing protocols, usual SOHO features like Firewall, VPN, QoS. Behaves a lot like a switch with some routing functionality. Unfortunately I couldn’t get port mirroring to work reliably but aside from that it’s still an impressive little router.

 

Strict-Transport-Security

I finally got around to setting the Strict-Transport-Security header on all my HTTPS websites. The current age is set to 1 month and I’ll gradually up that to 6 months if no problems pop up.

In case anyone is curious, I terminate SSL on a haproxy, which then sends requests to various backends (containers on the same physical server). This makes it really easy to deal with Let’s Encrypt (just need one agent/script installed on the haproxy host that deals with all incoming /.well-known/acme-challenge/ requests), and I can keep all HTTPS settings central and don’t have to worry about configuration creep or any settings falling through the cracks for oddball subdomains.

How to use ansible to scan for Spectre/Meltdown vulnerable hosts

First of all head on over to github and download a spectre-meltdown-checker that supports JSON output. Now all we need is a ansible playbook that calls that script:

Important is to adjust the path to spectre-meltdown-checker.sh  in the script:  task (the path is relative to wherever your playboook file is). Adapt to your needs however you want. It is basically just feeding the output of the script into the from_json  filter, storing it in a variable and then iterating over the result via with_items.

Example output:


(vulnerable to  CVE-2017-5715 since Intel retracted their microcode updates and haven’t released new ones yet)