megaeggz

Category: tech

  • Crowdsec

    Crowdsec is a cool cyber security solution. You can install it on your Linux server and it will run as a daemon. Upon starting it will have a look which services you have running and start to read those logs and flag up shady behaviour.

    You can install a remediation component and it will … remediate those issues. In this case an ip tables remediation component will block the abusing IP, so it becomes similar to fail2ban in this regard.

    In addition you can enrol in their cloud service for free. This gives you monitoring from the cloud dashboard and the ability to implement blocklists that will block IPs that have been flagged by others.

    So yeah it’s pretty easy to set up. Feel free to set up your applications first because when crowdsec is set up it will detect the alerts coming from those services, in my case nginx.

    Official docs:

    https://doc.crowdsec.net/u/getting_started/installation/linux/

    In my case I have been using Rocky Linux 9.7

    Manual repo installation is best because piping a random script of the internet to sudo bash is never a good idea 🫠 what could be in the script!? (then again we are installing their software and just trusting that, the paranoid among us can comb the source code, build that and repeat every time the repo is updated)

    dnf install crowdsec -y

    This package is just to scan the logs and detect the issues

    setsebool -P httpd_can_network_connect 1

    In my instance since selinux was switched on I had to allow this bool. In addition the crowdsec service would not start because I was already running something at port 8080. So I had to edit these files

    vim /etc/crowdsec/local_api_credentials.yaml

    Edit this line to not be 8080

    url: http://127.0.0.1:8081

    Also edit listen uri in this file vim /etc/crowdsec/config.yaml


    api:
    client:
    insecure_skip_verify: false
    credentials_path: /etc/crowdsec/local_api_credentials.yaml
    server:
    log_level: info
    listen_uri: 127.0.0.1:8081

    I started writing this a while ago and life just happens to you I guess! 🤣 All in all it’s a great security solution especially if you’ve only got a couple of VPSs and they’re european so have solud data protection rules. Peace!

  • Should social media be banned for under 16s?

    I got this survey from the British Computing Society and felt myself writing an essay so felt the need to publish it as well 😂

    I am undecided on a social media ban for under 16s

    Teenagers need a safe place to communicate privately to each other and within their circle of friends. They need a space where they feel like it is their own and where there is someone to help them if a situation becomes dangerous. Ideally it should be moderated by people with safeguarding training and that have passed DBS checks. Users outside their age range shouldn’t be able to enrol.

    It seems the focus for large social media companies is surveillance for advertising purposes and increasingly steering political opinion.

    https://techcrunch.com/2025/04/09/meta-whistleblower-sarah-wynn-williams-says-company-targeted-ads-at-teens-based-on-their-emotional-state/

    A whistleblower has stated that meta (facebook / instagram / whatsapp ) will detect when a girl aged 13 to 17 is feeling depressed, such as when they have deleted a selfie ,and use this as an opportunity to advertise them beauty products.

    If this is the case then they are not fit to moderate our childrens’ communication platform as this is very manipulative, intrusive and exploitative behaviour. There are maby other examples of similar behaviour, this is just scratching the surface.

    So while I think there is a purpose for children to use social media I don’t think any of the current offerings are appropriate.

    I also think that social media companies will use the legislation as an opportunity to acquire facial recognition scans and legal documents for age verification of adults. The digital ID plan has the potential to be a convenient, private and secure way to verify a user’s age with information the government has anyway. I think clumsy and aggressive messaging about using it to crack down on immigrants has soured expectations.

    https://identityweek.net/denmarks-specialised-altid-wallet-for-age-proofing-and-id-verification-in-one-place/

    Denmark appears to have implemented this quite well. It should be possible for the government to create an API that with your permission will verify whether your over 18 (or 16) or not. This should be made available to use for free in order to not give further advantage to large comapnies over small communities.

    I am not at all confident in the government’s ability to effectively enforce this in terms of technology.

    Laws are around for a long time. Technology is ever changing and ambiguous. Conversations about the banning of VPNs have demonstrated a lack of understanding. VPNs are used for multiple purposes but mainly 1) to securely connect to a private network over the internet 2) to tunnel your traffic through a separate connection

    There are a lot of ways to achieve both 1 and 2 and they have different strengths and weaknesses depending on usage. There will always be a way around the law if it is too prescriptive. If it is too vague then a lot of useful desired behaviour is senselessy criminalised.

    To use an analogy, in an establishment where they serve alcohol, this can be varied as a large concert venue holding 50000 people or a small country pub. In both instances there is behaviour that we want to prevent. In the large venue it’s appropriate to have metal detectors, to search people’s bags on entry and to have a lot of security in the venue, in a country pub you don’t even really need a bouncer (and they may not be able to afford one)

    The point is this, the onus is 100% on the platform to prevent these problems and a one size fits all approach does not work. In the event of an incident, it should be considered afterwards whether appropriate preventative measures have been taken and if not the community should be fined or shut down depending of the severity of their negligence.

  • RIPE NCC BGP security associate

    If you go to this site there a few free networking courses:

    academy.ripe.net/

    To those who don’t know RIPE are responsible for handing out IP addresses to orgs in Europe and some of the middle east too!

    They have very high quality courses for free. The exams you get for free if your organisation is a member…. however if you look out on mastodon they give out exam vouchers in the summer if you complete one of their courses

    https://mastodon.social/@ripencc

    They are a very friendly bunch!