From 3c12f8733605333b3e55a728f35dce23752b5db8 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 10 Mar 2017 02:11:12 -0300 Subject: Adds research --- research.mdwn | 135 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 research.mdwn diff --git a/research.mdwn b/research.mdwn new file mode 100644 index 0000000..952efb3 --- /dev/null +++ b/research.mdwn @@ -0,0 +1,135 @@ +[[!meta title="Research and tests"]] + +Raw list with things to try, research, evaluate develop and maybe deploy! + +## New stuff + +* [FOSS Services](/services)! +* [isis' scripts](https://github.com/isislovecruft/scripts). +* [gitly self-hosted](https://gitly.io). +* https://shodan.io +* https://keybase.io +* https://en.wikipedia.org/wiki/Unikernel +* https://eng.fromatob.com/post/2017/02/lets-encrypt-oauth-2-and-kubernetes-ingress/ +* https://stripe.com/blog/idempotency +* https://github.com/gorhill/uMatrix +* https://github.com/metabase/metabase +* https://lede-project.org/start + +## Multimedia + +* [qsstv](https://packages.debian.org/jessie/qsstv) +* mopidy/mpdris: + * plugins like https://packages.debian.org/stretch/mopidy-podcast + * https://packages.debian.org/jessie/mopidy + * https://github.com/acrisci/playerctl + * https://packages.debian.org/jessie/mpdris2 + * https://packages.debian.org/stretch/mpris-remote + +## UI + +* firefox: automated config + * https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment + * https://developer.mozilla.org/en-US/Add-ons/Installing_extensions + * https://wiki.mozilla.org/Deployment:Deploying_Firefox + * https://developer.mozilla.org/en-US/docs/MCD,_Mission_Control_Desktop_AKA_AutoConfig + +## Tor + +* ooniprobe, lepidopter. +* onionpi (tor, hostapd, iptables). +* onion smtp: + * https://www.void.gr/kargig/blog/2014/05/10/smtp-over-hidden-services-with-postfix/ + * https://tech.immerda.ch/2016/12/ehlo-onion/ + * https://github.com/riseupnet/onionmx + +## Security + +* bitmask and LEAP. +* port knocking. +* hardened systems: apparmor, gradm2, firejail, seccomp, etc. +* sshd: + * https://stribika.github.io/2015/01/04/secure-secure-shell.html + * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711#60 + * http://security.stackexchange.com/questions/64562/how-should-i-defend-against-zero-day-attack-on-ssh + * https://charlieharvey.org.uk/page/ssh_port_pros_and_cons +* fuzzy testing: fusil, etc. +* router: serial console to other boxes with dhe luks! :) +* [Mailcap, HTML and AppArmor](http://www.justgohome.co.uk/blog/2014/02/mailcap-html-apparmor.html). +* Increased security on smtp/imaps password storage: + * https://github.com/sup-heliotrope/sup/wiki/Securely-Store-Password + * http://serverfault.com/questions/149452/how-can-i-use-fetchmail-or-another-email-grabber-with-osx-keychain-for-authent + * http://mah.everybody.org/docs/mail/fetchmail_check +* Enhanced shell: + * Add a counter-measure to prevent SSH timing attacks: + http://users.ece.cmu.edu/~dawnsong/papers/ssh-timing.pdf + http://www.slideshare.net/idsecconf/countermeasure-against-timing-attack-on-ssh-using-random-delay + http://www.scribd.com/doc/59628153/Timing-Analysis-of-Keystrokes-and-Timing-Attacks-on-SSH-Revisited + +## DevOps + +* [Simet](http://simet.nic.br). +* auto start user screen sessions. +* backups: snapshots with remote transfer support. +* puppet: + * deploy: multiple module paths: https://docs.puppet.com/puppet/3.6/dirs_modulepath.html + * default modules as submodules from the bootstrap repository, custom modules closer to the config folder? +* php7-fpm: + * https://serversforhackers.com/video/apache-and-php-fpm + * http://www.binarytides.com/setup-apache-php-fpm-mod-proxy-fcgi-ubuntu/ + + + SetHandler "proxy:unix:/run/php/php7.1-fpm.sock|fcgi://localhost:9000"; + + +## Virtualization + +* kvm: + * kvm-manager improvements (systemd support, packaging, docs). + * env params. + * FDE using bootless image. + +## Smartphone + +* snoopsnitch. +* mods: https://web.archive.org/web/20160402005909/https://people.torproject.org/~ioerror/skunkworks/moto_e/ + +## Torrent + +Torrent workflow: torrent-maker, magnet2torrent and torrent-reseed: + +* http://wiki.rtorrent.org/MagnetUri +* http://dan.folkes.me/2012/04/19/converting-a-magnet-link-into-a-torrent/ +* https://github.com/danfolkes/Magnet2Torrent +* http://code.google.com/p/pyroscope/wiki/CommandLineTools +* https://trac.transmissionbt.com/ticket/4176 +* http://wiki.rtorrent.org/MagnetUri +* https://github.com/rakshasa/rtorrent/issues/212 +* saving/restoring `.meta` and `~/rtorrent/.session` files. +* multiple instances: https://kernelwho.wordpress.com/2011/11/15/running-multiple-instances-of-rtorrent/ + + rtorrent -n -o import=/home/user/.rtorrent1.rc + +## Git + +* signed commits: + * check using gpgv? + * [Validating other keys on your public keyring](https://www.gnupg.org/gph/en/manual/x334.html) + * https://git-annex.branchable.com/tips/using_signed_git_commits/ + * http://stackoverflow.com/questions/17371955/verifying-signed-git-commits + * https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work +* Push-to-deploy plugin: + * http://superuser.com/questions/230694/how-can-i-push-a-git-repository-to-a-folder-over-ssh + * https://devcenter.heroku.com/articles/git + * https://github.com/blog/1957-git-2-3-has-been-released (push-to-deploy) + * https://github.com/git/git/blob/v2.3.0/Documentation/config.txt#L2155 + * http://stackoverflow.com/questions/1764380/push-to-a-non-bare-git-repository + * http://bitflop.com/tutorials/git-bare-vs-non-bare-repositories.html +* Write a "git" interceptor: + * Check proper user/email config. + * Automatically set git-flow when initializing a repository. + * Automatically set git-hooks integration. + * Implement global hooks. + * Check remote configuration. + * Check hook tampering before doing anything in the repository. + * That can disable/mitigate hooks by changing permission and ownership on `~/.git/hooks`. -- cgit v1.2.3