<frigginglorious>
So i’m thinking of setting up some objectives in some private grains
<frigginglorious>
for hacker folks to break into, when i’m at the toorcamp hacker event next week
<frigginglorious>
it looks like theres gonna be some serious hacker folks there.
<frigginglorious>
asheesh: do you have any ideas?
<kentonv>
hopefully they will report any vulnerabilities they find. :)
<frigginglorious>
kentonv: i will make that a prereq…. for some sort of prize? idk what the fuck im doing :P
<frigginglorious>
kentonv: so im thinkin i will just host a private grain… of wordpress or something, so they think it’s low-hanging fruit?
<kentonv>
haha
<kentonv>
we don't have money for bug bounties currently but we are very happy to thank people publicly in blog posts if they find a bug
<frigginglorious>
im broadcasting my own wifi and running this beast locally. im pretty sure all i will have to do is auth with google. or maybe email?
<frigginglorious>
i dont wanna make it impossible for them to get to, right?
<kentonv>
I dunno, depends on what you're going for.
<frigginglorious>
thing is, hosted locally, i had to disable ufw for some reason, cuz my machine stopped serving content. So they could brute my root pw
<kentonv>
you can upload new packages to any Sandstorm server
<kentonv>
or if your app is broadly useful, submit it to the app market. :)
<lukexj>
i dont know how to program
<lukexj>
i want to get started
<lukexj>
i've got sandstorm on my vps setup, im not that good with security hardening, i would rather do something that would be beginner friendly
<asheesh>
: D
<asheesh>
Hi again lukexj !
<lukexj>
also i guess i could do a apache install and make it listen to port 8080 on my vps
<lukexj>
so it wouldnt conflict with sandstorm and i could do my own thing
<asheesh>
Yeah - that's one thing you could do for now. Sadly Sandstorm doesn't have the app that you need yet.
<lukexj>
before i do that i need to learn more about hardening a debian install on a vps
<asheesh>
I hope it does eventually. I think that all those things would be great.
<asheesh>
frigginglorious: Are you going to have HTTPS? Without HTTPS, it's hard to secure much of anything HTTP-based.
<asheesh>
HTTPS plus your inside-the-firewall thing might be hard.
<lukexj>
im using things like ssh keys, a package called arno-iptables-firewall to make iptables easy to do things with, but i dont know much more then that.
<asheesh>
You should (IMHO) try to create one specific target that is the "flag" to be capture, e.g. "Change which song is playing on my GrooveBasin grain", and you should write up what is/isn't in scope.
<lukexj>
Anyone here know python? i've been wanting to learn but im kinda imtimadated by it, any tips?
<frigginglorious>
asheesh: i made a self-signed cert… but its wonky. so no HTTPS. I’m thinking if i set up the grain with the data objective beforehand and auth with my github acct…. would HTTPS matter?
<frigginglorious>
also, why am i getting “dirname: missing operand” when i run vagrant-spk dev?!
<asheesh>
frigginglorious: try 'ls'
<asheesh>
not dirname
<asheesh>
Oh wait
<asheesh>
Beats me; brb; will debug soonish
<frigginglorious>
asheesh: no worries bro, i just encountered it, thought someone might know off top of their head ;)
frigginglorious has quit [Ping timeout: 244 seconds]
jadewang has quit [Remote host closed the connection]
frigginglorious has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Remote host closed the connection]
n8a has joined #sandstorm
ocdtrekkie has quit [Remote host closed the connection]
aldeka has quit [Remote host closed the connection]
<frew>
my guess is that the SandstormLogin plugin is broken somehow
<frew>
I gotta hit the hay, but if anyone has ideas, highlight me (type frew: before your response) and I'll gladly do what I can to help track this down!
<xet7>
does namecheap freedns work? or some other dns?
lukexj has quit [Ping timeout: 244 seconds]
<xet7>
route53 does not accept xxxxx.xx.sandcats.io as cname
<xet7>
not to primary domain, not to www.domain.com subdomain
<xet7>
I'll try namecheap next
<xet7>
it seems that namecheap freedns accepts it for www , I'll use it
<asheesh>
xet7: Interesting. FWIW you can CNAME the xx.sandcats.io domain instead, rather than xxxx.xx.sandcats.io, due to a backwards-compatibility thing in Sandstorm.
<asheesh>
That's good to know, though. |:
<kentonv>
xet7: primary domains can't be CNAMEs according to the DNS standard; you'll need to use an A record for them.
<kentonv>
that doesn't explain why www. wouldn't work, though
c-mart has joined #sandstorm
c-mart is now known as c-mart_
frigginglorious has joined #sandstorm
lukexj has joined #sandstorm
lukexj has quit [Client Quit]
c-mart_ has quit [Quit: c-mart_]
frigginglorious has quit [Quit: frigginglorious]
sydney_untangle has quit [Ping timeout: 264 seconds]
isd has joined #sandstorm
sydney_untangle has joined #sandstorm
rgrinberg has joined #sandstorm
neynah has joined #sandstorm
neynah has quit [Client Quit]
jemc has quit [Ping timeout: 260 seconds]
isd has quit [Ping timeout: 264 seconds]
isd has joined #sandstorm
frigginglorious has joined #sandstorm
frigginglorious has quit [Ping timeout: 240 seconds]