OpenWRT creates dynamic domain names for its local area network with the domain
extension
.lan
when you try to go to one of these in firefox, it thinks you are trying to do a
search... unless you manually type out the protocol eg
http://neighbor.lan
the fix is easy, but unfortunately also easy to forget (which is why I'm writing
this!)
got to about:config
search for
browser.fixup.domainsuffixwhitelist.lan
it wont exist, add it as boolean type with value true
that's it!
you can see how to set up mitmproxy on my previous
post
$ npm install https-proxy-agent
const { HttpsProxyAgent } = require('https-proxy-agent');
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0;
const getResponse = await fetch(url, {
agent: proxyAgent,
});
then in your web browser go to: http://127.0.0.1:8081
Have you ever been to a site that tries to prevent you from viewing content by
disabling your ability to scroll? Its not hard to block elements and faded
backgrounds with
ublock-origin.
But you still end up unable to scroll?
Here is a cheap hack, if you use a bookmarks toolbar, you can add a bookmark to
run a javascript snippet just as if you were to open the developers console and
run it in there.
And now I present the universal scroll button. Create a new favorite and put it
on your bookmarks toolbar, name it scroll. Now for the location: put the
following
javascript: (() => { Array.from(document.all).forEach(e => {e.style.setProperty('overflow', 'visible', 'important')}); })();
This will change the override the css rules that prevent scrolling. YMMV and
there could also be other css rules that prevent scrolling, or event listeners
that can interfere as well. When I come across these I will update this post.
Happy Scrolling!
In this post I am documenting the most bare bones way to have a wireguard vpn
hosted on an openwrt or librecmc router. This guide shows how to set up the
server and how to create configurations for every new user. The vpn zone is
isolated, for each game or program you run on your normal lan, you'll have to
open ports in the firewall to allow access,
$ ssh root@192.168.10.1
# cd ~
# tar cvzf config_$(date +%s).tar.gz /etc/config
# opkg update
# opkg install wireguard wireguard-tools
# mkdir wireguard_keys
# cd wireguard_keys
# umask go=
# wg genkey | tee wgserver.key | wg pubkey > wgserver.pub
# wg genkey | tee wgclient1.key | wg pubkey > wgclient1.pub
# wg genkey | tee wgclient2.key | wg pubkey > wgclient2.pub
# wg genpsk > wgclient1.psk
# wg genpsk > wgclient2.psk
# vim /etc/config/firewall
config zone 'vpn'
option name 'vpn'
list network 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config forwarding
option src 'vpn'
option dest 'wan'
config rule 'wg'
option name 'Allow-WireGuard'
option src 'wan'
option dest_port '51820'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Allow-Ping-wg'
option src 'vpn'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DNS-wg'
option src 'vpn'
option proto 'tcp'
option dest_port '53'
option family 'ipv4'
option target 'ACCEPT'
# vim /etc/config/network
config interface 'vpn'
option proto 'wireguard'
option private_key '**SRV_KEY**'
option listen_port '51820'
list addresses '192.168.9.1/24'
config wireguard_vpn
option description '**C1_LABEL**'
option public_key '**C1_PUB**'
option preshared_key '**C1_PSK**'
list allowed_ips '192.168.9.2/32'
config wireguard_vpn
option description '**C2_LABEL**'
option public_key '**C2_PUB**'
option preshared_key '**C2_PSK**'
list allowed_ips '192.168.9.3/32'
# vim /etc/crontabs/root
* * * * * date -s 2030-01-01; /etc/init.d/sysntpd restart
# vim wg1.conf
[Interface]
Address = 192.168.9.2/32
PrivateKey = **C1_PRIVATEKEY**
DNS = 192.168.9.1
[Peer]
PublicKey = **SRV_PUB**
PresharedKey = **C1_PSK**
Endpoint = **SRV_IP_OR_DOMAIN**:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 15
# vim wg2.conf
[Interface]
Address = 192.168.9.3/32
PrivateKey = **C2_PRIVATEKEY**
DNS = 192.168.9.1
[Peer]
PublicKey = **SRV_PUB**
PresharedKey = **C2_PSK**
Endpoint = **SRV_IP_OR_DOMAIN**:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 15
I have a router that runs
LibreCMC which is
basically just a
blob free version
of
OpenWRT
The thing is I *hate* its hand holding tools, and much prefer configuring
the text files via ssh
this post is mostly a re-write of the following guilde but just only showing the
the relevant info to put into your configuration files
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guest-wlan
tar cvzf backup.tgz /etc/config
vim /etc/config/network
config device 'guest_dev'
option type 'bridge'
option name 'br-guest'
config interface 'guest'
option proto 'static'
option device 'br-guest'
option ipaddr '192.168.11.1'
option netmask '255.255.255.0'
vim /etc/config/wireless
config wifi-iface 'guest'
option device 'radio0'
option mode 'ap'
option network 'guest'
option ssid 'LibreCMC--Guest'
option encryption 'psk'
option key 'whatever_you_want'
option isolate '1'
vim /etc/config/dhcp
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '1h'
option netmast '255.255.255.0'
vim /etc/config/firewall
config zone 'guest'
option name 'guest'
option network 'guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config forwarding 'guest_wan'
option src 'guest'
option dest 'wan'
config rule 'guest_dest'
option name 'Allow-DNS-Guest'
option src 'guest'
option dest_port '53'
option proto 'tcp udp'
option target 'ACCEPT'
config rule 'guest_dhcp'
option name 'Allow-DHCP-Guest'
option src 'guest'
option src_port '68'
option dest_port '67'
option proto 'udp'
option family 'ipv4'
option target 'ACCEPT'
reboot and try it out!
Post titles have been reformatted in li-ili-i and now we also have ability to
permalink specific posts with id anchors
check it out
mitmproxy
Sunday, November 13, 2022 at 16:27 EST
I had a need to inspect https requests from a some program... and while with
firefox and chrome you can set the environment variable (SSLKEYLOGFILE=/tmp/log)
I needed this for a program that you couldnt do this for.
enter mitmproxy:
# pacman -S mitmproxy
$ mitmweb
# trust anchor --store /home/mai/.mitmproxy/mitmproxy-ca-cert.cer
# update-ca-trust
$ export http_proxy='127.0.0.1:8080'
$ export https_proxy='127.0.0.1:8080'
$ chromium http://127.0.0.1:8081/
$ ./whatever_you_want_to_monitor
to remove this certificate authority:
# trust anchor --remove /home/mai/.mitmproxy/mitmproxy-ca-cert.cer
Canvas
Monday, October 31, 2022 at 22:24 EDT
So I'm trying some experiments with html canvas, and it occurred to me that I
could embed some of my little successes in this blog since I can embed any html
element into a post... so lets try it: (hover your cursor in the box below)
I have a lot of bigger plans for canvas stuff, and I am saving my progress, one git
commit at a time over at
https://github.com/mai-gh/canv
Cheers!
this is the steps I used to set up my a mineclone2 server on our local
rasberrypi home server. I wish it could be more straight-forward and actually
have good documentation for this, but well... this si what i got working.
I will edit this post as the process becomes better
on player pc
# pacman -Sy minetest
$ minetest
~ select content --> browse online content --> mineclone2 "+" icon
~ let download
~ back to main menu
~ start game
~ at bottom you will see 3 icons, if you hover mouse over them one will
say mineclone2, click on it
~ new
~ worldname = world
~ create
~ playgame
~ let load
~ esc -> exit to os
~ ok we have a world
$ cd ~
$ scp -r .minetest alarm@pi.lan:/home/alarm/
$ ssh alarm@pi.lan
$ su root
# pacman -Rs minetest minetest-common minetest-server minetest-mineclone2
# rm -rf /var/lib/minetest
# pacman -Sy minetest-server
# exit
$ /usr/bin/minetestserver --gameid mineclone2 --world world
~ if it segfaults, try again ;-P
$ su
# cat << EOF > /etc/systemd/system/mineclone.conf
[Unit]
Description=Miceclone2 multiplayer server
After=syslog.target network.target
[Service]
User=alarm
ExecStart=/usr/bin/minetestserver --gameid mineclone2 --world /home/alarm/.minetest/worlds/world
[Install]
WantedBy=multi-user.target
EOF
# systemctl start mineclone; sleep 5s; systemctl status mineclone
~ if no errors, enable it
# systemctl enable mineclone
embedded html is now supported in the plain text posts
I have now moved all the non-personal parts of this framework to now be forkable
Introducing li-ili-i
https://github.com/mai-gh/li-ili-i
The name liʻiliʻi comes from me searching for other words for minimal.
liʻiliʻi is Hawaiian for tiny.
Anyway feel free to fork and start you own micro blog with this, and if you find
a change that makes this even simpler, feel free to submit a pull request.
Cheers!
I originally designed this blog to retrieve posts via github api / raw links and
use client side javascript to "fetch" and render them. I changed my mind on this
approach in favor of commit time injection to create a static site. Ultimately
this guarantees clients will not have bugs, and the site will load faster, and
that github api cant gatekeep me. This is accomplished using nodeJS and the
jsdom library. jsdom makes it easy to manipulate a html file just like you would
with front-end code, then just save the rusulting html code as a static site.
planned features coming soon:
- very minimal markup syntax for links and images and possibly videos
- stylized subject and dates
- a footer ;-P
- pagination
I want to keep this "framework" as minimal and tight as possible, so probably
not much more will be considered, unless it really makes my life easier at
little to no cost.
Cheers!
On this blog I will be journaling my developer experience, both professionally,
and personally. I will be using this space to write about interests, ideas,
rants, got-yas, hardware & software, and possibly some non techy stuff too.
Stay tuned!
First Post on this ultra minimal blogging setup!
Check out the readme.md in the repo to read about how this blogging software
was designed and implemented.