Cheatsheet for self-run private git repos


This is a personal cheatsheet I made for getting started with git using a private remote repository. I use this to host my respositories on linux machines on the internet (such as VPSes, or other linux boxes with sshd).

Further reading: Here

To setup git on a machine for the first time:
  1. Download git somehow. apt-get install git on ubuntu, and googling for binaries on windows.
  2. Run 'git config --global user.email "emailaddress"
  3. Run 'git config --global user.name "name"
Setting up a new repo (both server and locally):

Can be done on any machine with git and a shell prompt.

The next few steps is to setup a new repo. This only needs to be done once at the beginning.

  1. Appended dev private keys to ~/.ssh/authorized_keys on the server(IF you want key auth)
  2. created new folder in home directory called projectname.git on the server
  3. cd projectname.git on the server
  4. git --bare init on the server
  5. Create local repo with: 'git init' (inside project folder, run on your local machine)
  6. do: git add somefile (run on your local machine)
  7. git commit -m 'initial commit'" (run on your local machine)
  8. setup remote push for that repo: git remote add origin username@hostname:~/projectname.git (run on your local machine)
  9. do git push origin master to push the new repo. May be prompted for password. (run on your local machine)
Committing versions to the repository

There are three logical steps to making a change of your files reflect on your git repository: These are all done locally.

  1. Staging (marking for commit) git add -a - adds all untracked files to staging git add somepath - adds a specific file to staging (you can also do (git add -A_ which addes all changes/files to staging)
  2. Commit (adding them to local repository) git commit -m "Commit message goes here" - commits all changes which were staged earlier
  3. Push (sending to remote repository) git push origin master - to do if git push doesnt work'
Cloning / Downloading a copy

Downloading the repo can be done with: 'git clone username@hostname:~/projectname.git


Who we are


We are creatures of emotion; living to maximize positive energy, hits of dopamine.

We know we have the capacity to do better; to do what we want to or aught to do. But, almost simultaneously, we are slaves to a system we cannot control, a system which drains that capacity without diminishing our free will.

We are living out of anticipation; craving the future but not appreciating the present.

We are slaves to a sense of belonging; willing to compromise huge parts of ourselves just to fall in line.

Our whole selves are slaves to a system which we cannot ever hope to understand.

What does that make us?


Reminiscence


Everyone remembers the good times.

But there are times when I spend so much time thinking chasing these memories that it's just depressing.

Lets return to the past in the present tense. Picture you're there; having the time of your life at whatever place it is. IE: at some event/party chillin with good people. If your default is an introvert like me, you feel fine, even good; but not amazing. Only afterwards, when you start missing the company, or when its almost over, do you realise how much you enjoyed it in contrast to your immediate future or a pending monotonous lifestyle.

At this stage, missed opportunities and fantasies of what could have been expand to fill your mind. At times, you might imagine what you wish could have happened in extreme detail. And every time you do, its like you back there, literally living the dream, a side of you that could have been if only you were a different person.

You end up missing the times you had, but also the times you could have had, if you did something or circumstances were different.

This reminiscence can be extremely crushing; if you have nothing to look forward to. You explore every turn of events and possibility in your mind, as if somehow you could discover a way to return to that bliss; a bliss you didn't realise was bliss at the time.


Red pill or blue pill?


Its fairly easy to idle through life. You simply live; go with the flow, and let circumstance take you in interesting directions. You end up at various places, normally out of your control (ie: At university because your parents/social-norms etc have taught you that's the next step). You let surface interactions, and routine dictate your life.

Then you tell me, are you satisfied? Where is your sense of direction?

Simple answer is no.

The problem is that we as humans naturally (and often subconsciously) build up buffers to challenging situations, rejection and awkward/unusual circumstance. This occurs both mentally - through subtle control of habit and thought - and also physically; though subconscious manipulation of circumstance - taking chances, places we go, people we interact with. To put it simply, we tend to live in our comfort zone - the blue pill.

So what does that make us? It makes us self-conscious, forcing us to conform our outward appearance and personality to align with that of which society expects. Moreover, we condition our behavior to minimise the possibility of an uncomfortable situation (by sticking to ourselves, or people we trust, highly unwilling to venture outside that safe little bubble we have created for ourselves).

So, without a personal goal to work towards or achieve, we sink into a self-reinforced monotonous routine. What's more, is that a lot of people don't even realise that its themselves that are doing it, and instead feel like their trapped inside someone else.s master plan. All in all, they are not satisfied.

There is only really one long-term solution to this kind of problem. The solution is to finally take risks; and break down the prison of a existence we have trapped ourselves in. You need to have a sense/pride of-self which is greater than the opinion of others. You need to step outside your comfort zone and take the steps towards doing what we want and being who we want to be. You need to take the red pill.

From there, you will take control of your own life.


Past


I know, caught up in the middle. I cry, just a little, when I think of letting go. I know, gave up on the riddle. I cry, just a little, when I think of letting go.

- Cry (Just a little) by Bingo Players

Sometimes I miss my memories. This is understandable, and thoughts of nostalgia are common. But nostalgia only applies to memories which we enjoy and miss. What about memories which we did not nessesarily enjoy? or don't miss? What are we to call them? Or, more importantly, why do I find myself thinking about it?


Project ideas


Floating around in my head are a heap of project ideas that I want to do at some stage. I'm going to write them down now so I don't forget them.

TCPforward - This is a small program that listens for connections on a certain port, then, when it recieves a connection, it opens a connection to a remote host and forwards all traffic between them, essentially acting as a proxy. This is intended for medium-sized networks that only have a DMZ, to forward data away from the DMZ to a server. I could also make this into a primitive load balancer by allowing multiple destinations.

UPDATE: DONE

Backuptrans - This is a simple command-line utility that takes in a file, then opens an SSH connection to another machine in order to upload the file there. Then, it will verify the integrity of the transfer with hashes. Unlike 'ssh', this utility is non-interactive, allowing even the SSH password to be passed in to the utility, hence allowing automated transfers. Additionally, I could make it generate a folder structure and naming system for backups on the remote host.

UPDATE: DONE

Twitch - This project is about 60%. complete at time of writing. Twitch is a minimalist instruction set, virtual CPU, and assembler. It is intended to allow untrusted parties to write code that is executed under very controlled conditions, with the minimum of resources used. The state of a running twitch binary can be frozen at any time and sent over the wire.

UPDATE: 99% done, but havent written the code to serialize it's state.

p2p - This is a simple p2p. networking library written in go, that is about 70%. complete at the time of writing. This library is designed to allow the creation of secure, large-world packet-switched networks.

android-ex - This is an idea to build an assembler for the dalvik cpu, along with a packager for .apk. Ideally, I would like to produce an alternative to using the Android SDK for building apps, and this library would allow anyone to make a compiler targeting that platform. That said, its a massive project, and I will probably never do it.

LinSum - This utility will connect to a linux host via SSH and generate a summary of its configuration. It is intended to simplify management of linux systems. Such a project could be expanded with an interactive summary, which includes the ability to change the configuration.

Securityd - In the deployment of an IPS, IDS, or universal security policy, there remains issues for getting network/security policies across machines in real time; effectively meaning any action from an IPS or IDS is limited to a specific machine. Securityd not only acts as an IPS, but remains in contact with other instances of the daemon in your network, meaning that security policies are implemented across an entire network in real time.

3Projection - A library to render 3d. objects to a 2d. image file. Written in go, conceptually designed but not yet implemented.

UPDATE: Attempted, however I failed due to the unforseen complexity in projecting objects from 2d to 3d.

go-phys - Basical particle physics engine for Go. Implementing euler integration, gravity, collisions, (rigid) particle objects, (rigid) plane objects.


Incapacity


I learnt to think and reason from a very early age. I learnt to look at my problems at face value, identify the root cause, and commence action to solve them. From this, I learnt nearly all the skills I have now; from general knowledge, programming, I.T skills, dealing with stress, and introspection. This helped me a great deal, and in some ways created the person who I am.

I got so used to this kind of thinking - a form of boolean logic and reasoning - that I felt it was the only way to think. Everything in my life at the time could be reasoned and solved with that system.

The truth is, I embellished those things that I could reason using this logic - maths, sciences, I.T, intellectualism, cadets - whilst shunning things that I couldnt explain; without considering that I was actually pushing those things into the corner - english, sociology, emotion. And now, as I try and build up my skills in these areas that I shunned, I am finding that nothing works.

The efforts I make don't seem make a dent in my incapacity. Whatever dent it do make in the short term doesnt last. Fundementally, I presently incapable of operating using a different level of logic; fuzzy logic, or even non-logic.

And this leaves me feeling sidelined, and alone.

Its like I have been working on something all my life - logical intellectualism and all those skills - but now that I stop and look at all parts of living, I feel like I have been barking up the wrong tree and all that really matters now lies in the dust. And now, what I really have, what I really have been doing all these years, is now nothing.

Its the feeling of trying to join in time and time again to something you want to know, but left unengaged, sidelined. Helpless, and depressed.

How can I ever hope to be who I want to be?


An introduction to server security


In this post, I will go through the basics of internet security, through the lens of hardening a VPS or dedicated server. Unlike other guides, I will not simply tell you a bunch of things to do to make your server more secure. Rather, I will walk your through the principles and the process of hardening, so you can secure the server to your needs and understand what you are doing.

Foremost, its important to understand that security is not absolute. There is no way you can garrantee your server cannot be comprimised. In order to be 100. secure you have to have everythingright, whereas to be comprimised you only need to have one mistake.

So then, good practice is to ensure the amount of effort spent securing your server should balance the damage that will occur in the event of a breach.

There are three main attack vectors that need to be accounted for, for an internet-facing server:

  1. Kernel network-handling exploits
  2. Network service exploits
  3. Authentication guess/brueforce

Kernel network-handling exploits: These attacks make use of a vulnerability in the network-handling code (of the OS) or drivers of your machine. Fortunately, network hardware (and the kernel code) has matured alot, to the point where there arent really any known exploits except for really out-of-date kernels. Regardless, you deal with this kind of attack by keeping your kernel(OS) up to date, and being on the lookout for any security notices. These kind of attacks only really happen on people who havent updated their server for a decade, so really, you dont need to worry much about them. That said; don't be lulled into a false sense of security; always be on the lookout for kernel security notices.

Network service exploits: These attacks make use of a vulnerability in a network service/process/daemon running on your server. Generally, such an attack allows an attacker to do things they wouldnt normally be able to do, or in the event of a serious vulnerability, inject code into the server and take over the machine.

With the exception of guesswork/social engineering, this is where 90. of attacks happen. There are a number of things you can do to reduce your risk of an attack by this vector:

  1. Shutdown unnecessary services, and prevent services which do not need to be accessed from the internet, from being accessed from the internet. This reduces the number of services capable of being exploited, which in turn reduces the likelihood of an accessible vulnerability.
  2. Consider sand-boxing services such that if they are breached, it is difficult to take over the server and cause more damage.

    • Running the service as a less-privileged user is a good practice.
    • Running the service in a chroot (jail) is also a good idea, if possible. That said, a chroot jail is NOT a sandbox; its another line of defense. (btw, do NOT use BSD jails)
  3. Subscribe to the security or announce mailing lists for the services you are running. That way, you will find out very quickly if there is a security issue in one of your services, so you can either: a) shutdown the service, or b)patch/update.

  4. Keeping the service up-to-date is not only considered good practice; its a must.

Authentication guess/brute-force: This attack simply attempts to gain access to your server by guessing your credentials. With most servers, SSH is the means of configuration, so a lot of attacks simply bombard your sshd service with lots of login requests.

The easiest way to prevent this kind of attack is to have a strong password. In the case of SSH, you can use keys to authenticate yourself, however such a method is not very convenient, and if you are sure of the strength and that only you know your password, password auth is fine.

So lets look at these kinds of attacks in a little more detail so we can understand the characteristics our password should have.

The first kind of credential-attack is referred to as a dictionary attack. This is where the attacker repeatedly tries common passwords till they get in. So, avoid passwords that consist of up to three words joined together. Also avoid anything which you think someone else would have already thought up; it will be on a password list somewhere.

The second kind of credential-attack is referred to a brute-force attack. This is where the attacker tries every single combination of letters, numbers etc untill the system grants access.

Defending against this attack is done by simply having a password which is so strong, that bruteforcing it would take years. This is achieved by length and by using a variety of letters, numbers, and even symbols. Please see an excellent post about passwords here for more information.

Also, CHANGE your default passwords for everything, and do not use obvious passwords like 'admin', 'password' or '123456'. Such passwords are among the first things attempted in a dictionary attack.

I would like to note that having a random password like dafe3#j2@a is not nessessarily the best solution. Consider a password like mycatwasfluffehandfelldown41bushes. This password is so long that a bruteforce attack is not gonna happen, so wierd and unique that it wont be guessed in a dictionary attack, and, unlike the previous one, I will actually remember it. Dont think that random is the best option; passwords like this are far better for every reason.

Alot of services have configurable settings for allowing logins, such as blocking people who fail to login too many times. Using such settings allow you to prevent bruteforcing and limit dictionary attacks. In the case of SSH, the sshd service does not offer this, so instead consider installing Fail2ban to block repeated credential attackers.