Documentation

Volvo S60: Overrun Alternator Pulley

Details: Category: Vehicles; Published: Sunday, 26 June 2016 19:06; Written by Ben Tasker

I had an issue recently on my S60 - when the car was first started from cold, there'd be a rhythmic thumping noise from under the bonnet.

Lifting the bonnet, the auxilary belt tensioner was jumping backwards and forwards as slack came into the belt and then was taken up.

Further investigation showed that the Alternator Pulley had started to fail - modern alternator's no longer use a solid flywheel, instead using a clutch-based pulley called an Overrun Alternator Pulley (or OAP). The pulley manufacturer (INA) recommend that it be changed whenever the aux belt is changed.

My aux belt had been changed at the result of an emergency cambelt change (following a water pump collapse). Unfortunately, in VIDA, Volvo list the pulley as a separate service item, rather than listing it as being part of an aux belt change, so the garage missed it.

Because of the time it took to track down and obtain a suitable pulley, the belt was pretty badly chewed by the time I was able to swap the pulley, so I opted to change that as well.

This documentation details the steps required to change the alternator belt and pulley on a Volvo S60 (D5 engine). All images should be clickable.

Configuring LetsEncrypt on a CentOS 6 NGinx Reverse Proxy

Details: Category: Linux; Published: Thursday, 11 February 2016 10:20; Written by Ben Tasker

For those who haven't come across it, LetsEncrypt allows you to obtain free DV SSL Certificates but requires a server side script to be run periodically in order to renew the certificates (for better or worse, a 90 day expiration period has been used).

Although the provided script has plugins to allow support for automatically generating SSL certs based on NGinx and Apache configurations, the script assumes that the server is the origin and that the relevant docroot is available for writing to.

In the case of a reverse proxy - this won't be the case. We want the certificate on the Reverse Proxy (being the endpoint the client connects to) but the websites files are hosted on another server.

This documentation details a simple way to work around that on a NGinx reverse proxy (it should be possible to adjust the config for Apache's mod_proxy if needed).

Installing and Configuring KDump on Debian Jessie

Details: Category: Linux; Published: Thursday, 27 August 2015 22:25; Written by Ben Tasker

Having kdump enabled on a server provides a number of benefits, not least that in the event of a kernel panic you can collect a core-dump to help investigations into the root cause. It may simply be bad luck, but my experience with Debian Jessie has been that JournalD is absolutely hopeless in the event of a kernel panic.

Pre SystemD we used to (sometimes) get a backtrace written out to a log, even a partial backtrace could help point investigations into a rough direction, but even with JournalD configured to pass through to rsyslogd those traces just don't seem to be appearing (which to be fair, might be because of the nature of the panic rather than the fault of journald).

This documentation details the steps required to install and configure KDump on Debian Jessie

A Practical Demonstration of what IPB will allow

Details: Category: Security; Published: Friday, 13 November 2015 13:33; Written by Ben Tasker

There have been numerous write-ups of the threat that the Draft Investigatory Powers Bill poses to our privacy and security.

The intention of this post is not simply to repeat those, but to provide a practical demonstration of exactly the kind of information that the proposed powers would compel your Internet Service Provider (ISP) to record.

As well as demonstrating what an ISP would soon be collecting (and how simple it is to extract), we'll look at the issues the IPB presents in the context of the information we've extracted.

As the IPB isn't exactly explicit about exactly what it allows, especially in terms of techniques, I've made some assumptions (though I believe their fair and reasonable).

Most of the results were exactly what I expected, but I think describing them explicitly is probably more helpful than not - to that end, I've tried to keep the language as accessible as possible, as those who understand how tech works at the network level are unlikely to find much of surprise here.

Building a Tor Hidden Service From Scratch - Part 4 - Conclusion

Details: Category: Linux; Published: Monday, 20 July 2015 03:50; Written by Ben Tasker

You may not be finished

Although we've examined designing and implementing Tor Hidden Service in quite some depth, some users will likely find that there are still additional considerations that they need to make.

For example, whilst we discussed the risks of traffic leakage, we did very little to avoid it - one solution, assuming you have out-of-band access to the host system, is to add iptables rules to ensure that all TCP and DNS traffic is redirected to the ports operated by the Tor Daemon.

You'd still then need to look at filtering out other protocols (including UDP on all other ports) in case someone discovers a means to have your host system send arbitrary traffic.

Similarly, we haven't discussed the impact of your Guard being compromised, those with serious concerns may need to look at running their own guards to help reduce the effectiveness of common Hidden Service de-anonymisation attacks

It's also important to remember that this documentation may not cover threats which have not been discovered yet, security is a continuous exercise.

More Articles ...

Page 7 of 35

About this template