Ethereum 2.0 Public Beacon Node Now Available!

Ethereum 2.0

With the recent push to convert Ethereum to a POS vs a POW model I have setup a public beacon node for the public to use as part of their backup nodes on their validator client.  It’s running lighthouse as the client so any lighthouse API calls to it should function just as a local lighthouse instance would be.  Everyone should have at least one backup node for redundancy.

For a lighthouse validator client, add it as a comma-separated list.  Other validator clients syntax may vary.

--beacon-nodes http://local.beacon.node:9000,https://public.beacon.scne.xyz

The address to use is: https:\\public.beacon.scne.xyz You don’t have to add a port to this URL as its is reverse proxied.

Let me know if anyone has problems, questions or suggestions as I’ll be supporting and updating this node going forward.

Further Information:  Guide | How to setup a validator on ETH2 testnet PRATER

Send a Telegram message on SSH login

Its been awhile since I posted but I found a neat little trick to send a Telegram alert when a user logs in via SSH to one of my VPS’s.

Its pretty simple so it doesn’t take too long to setup.

Step 1: Create the Telegram Bot

You will need to message @BotFather to get started.  This guide isn’t really about setting up Telegram bots.  I may do a guide in the future but for now I am assuming you have that part setup. 

If you need more information about setting it up you can refer to the documentation Telegram Documentation or another guide on the internet.

All you will need for now is your USERID which looks like: -123456789 and the KEY which is in the format of: 123456789:AAAAAAAAAAAAAAA

Step 2: Script to Send the Message

Scripts in /etc/profile.d will execute when a SSH user logs in.

Create a new script:

sudo nano /etc/profile.d/telegram-login-alert.sh

Script: 

#!/usr/bin/env bash

# Import credentials form config file
. /etc/ssh-login-alert-telegram/credentials.conf

URL="https://api.telegram.org/bot${KEY}/sendMessage"
DATE="$(date "+%d %b %Y %H:%M")"

if [ -n "$SSH_CLIENT" ]; then
CLIENT_IP=$(echo $SSH_CLIENT | awk '{print $1}')

SRV_HOSTNAME=$(hostname -f)
SRV_IP=`curl -s "https://scott.stevensononthe.net/whatismyip.php"`

IPINFO="https://www.infobyip.com/ip-${CLIENT_IP}.html"

TEXT="Connection from *${CLIENT_IP}* as ${USER} on *${SRV_HOSTNAME}* (*${SRV_IP}*)%0A%0ADate: ${DATE}%0A%0AIP information: [${IPINFO}](${IPINFO})"

curl -s -d "chat_id=$i&text=${TEXT}&disable_web_page_preview=true&parse_mode=markdown" $URL > /dev/null
fi

The script will read another file with the credentials of the channel and user.  We will make that next.

The URL that the message needs to be sent to include our KEY.

URL="https://api.telegram.org/bot${KEY}/sendMessage"

The majority of the code is just generating data for the message. It can be stripped down to the sending of the message:

curl -s -d "chat_id=$i&text=${TEXT}&disable_web_page_preview=true&parse_mode=markdown" $URL > /dev/null

Ensure the script is executable:

sudo chmod +x /etc/profile.d/telegram-login-alert.sh (more…)

Microsoft says mandatory password changing is “ancient and obsolete”

Microsoft is finally catching on to a maxim that security experts have almost universally accepted for years: periodic password changes are likely to do more harm than good.

In a post published late last month, Microsoft said it was removing periodic password changes from the security baseline settings it recommends for customers and auditors. After decades of Microsoft recommending passwords be changed regularly, Microsoft employee Aaron Margosis said the requirement is an “ancient and obsolete mitigation of very low value.”

The change of heart is largely the result of research that shows passwords are most prone to cracking when they’re easy for end users to remember, such as when they use a name or phrase from a favorite movie or book. Over the past decade, hackers have mined real-world password breaches to assemble dictionaries of millions of words. Combined with super-fast graphics cards, the hackers can make huge numbers of guesses in off-line attacks, which occur when they steal the cryptographically scrambled hashes that represent the plaintext user passwords.

Even when users attempt to obfuscate their easy-to-remember passwords—say by adding letters or symbols to the words, or by substituting 0’s for the o’s or 1’s for l’s—hackers can use programming rules that modify the dictionary entries. As a result, those measures provide little protection against modern cracking techniques.

(more…)

Transferring A Domain To The New Cloudflare Registrar

I just received an email from Cloudflare indicating that my wave is now open to transfer my domains.  I am quite happy with the service of my current domain registrar (internet.bs) however I wanted to see how the price compared.  

I thought that internet.bs was really competitive on price but after seeing $9.95 on Cloudflare vs $17.59 on internet.bs I decided to test out the new Cloudflare service.

The process is really simple but I have laid it out below for anyone interested in giving it a try.

*Note that once you start the transfer process you will be billed for a year extention on the expiry of the domain.

Step 1

To start the transfer process you have to have the domain already in your Cloudflare account.  Simply, select the domain you want to transfer and confirm the domain(s).
Cloudflare Select Domain To Transfer

(more…)

Nith River Kayak – Trip Report

This past Friday I went out on the Nith River. This is a smaller secluded river that meets up with the Grand River in Paris, Ontario. Paddling this river is only possible at certain times of the year, most notable the spring as the water level needs to be high enough to make passage possible. Most of the river is a relaxing 4 ft/mile elevation drop but near Paris it increases to 20 ft/mile drops with a few rapid sections.

Entry

There isn’t really a great public launch site for this river that I know of. There is a good entry point (coords: 43.223920, -80.476170) but it is marked as private. I entered here anyway since I had already made my plans and travel arrangements but I wouldn’t go again knowing it’s private.

Entry is Private Property

Entry is Private Property

(more…)