This website should look a little different to return visitors. That’s because the whole thing has been moved from an AWS EC2 running WordPress to Github Pages. This was achieved mostly using Cursor’s Agent functionality, which translates human instructions into code changes.

Motivation

I deployed WordPress in AWS primarily as a learning experience. For ten years it served as a great personal webpage and it compelled me to interact with a number of different AWS features and services. However, the rising cost and constant manual updates became a burden and I began to look for a simple alternative.

Github Pages uses a regular git repo to host website content (mostly in markdown) which is processed by Jekyll and built into a static site. It is free to use and has support for custom domains.

But how do I convert my existing site? Hopefully not another “learning experience”…

I recently set out to learn the security implications of generative AI. While harassing the ChatGPT bot through the OpenAI interface it occurred to me to integrate its features into my existing text-based MUSH game. So today I bring you instructions for powering an in-game NPC with the OpenAI API.

I’ve had ftp.disloops.com running for about ten years. It’s an FTP host that’s configured to allow anonymous connections and uploads. This creates some security risks that I wrote about when I deployed it. A previous article explored some of those risks in depth.

I am interested in any kind of open-world server that I can host and allow others to join. It was just a matter of time before I got into Minecraft. This article details the steps I took to do the following:

• Create a new EC2 instance and install the Minecraft Bedrock server
• Allow remote access and configure logging through CloudWatch
• Create an alert that generates SMS messages when users connect
• Connect to the instance from the PS4 console

Come play on <redacted> if you just want to see the finished product. It’s a vanilla Bedrock server on survival mode.

In both prison and the military, there are some crimes that authorities turn a blind eye to. It helps to maintain control. Inmates aren’t planning escape when they’re busy extorting each other and trading cigarettes.

I think 8Bit is similar in some ways. There’s enough to keep players busy. Unfortunately, I grew listless with some of 8Bit’s greater villains absent from the MUSH, and my focus turned to crime.

But I think I would have done this anyway.

In Part One we discovered an object that lets us execute arbitrary commands via unsafe handling of user input – the Alley room. Now we want to understand the blast radius of this issue. The first question to ask is, “What does the Alley control?”

Alley(#9485RISVB)
Type: Room
Flags: TRUST STICKY VISUAL BATHROOM
Owner: 8BitMUSH  Zone: NOTHING  Coins: 0
Created: Sat Apr 28 13:14:31 2001

The help entry for help control tells us that if the Alley has the TRUST flag, it controls anything with the same owner that isn’t set WIZARD. As it turns out, the 8BitMUSH user owns a great deal of things throughout 8Bit.

I created a MUSH called Parlor City in the beginning of 2019. This is an online, multi-player, text-based social game that uses a rudimentary code base for world-building.

Parlor City was opened after about 18 months of work, at which time I sought out another MUSH where I could gain some experience and a change of scenery. MUSH trackers suggest that there are roughly eight-hundred different MUSH-style games available, each with unique themes and styles.

I asked users of PennMUSH (an invaluable coding forum) if any particular crew was known to be hostile or disreputable. The answer came back: “The folks at 8Bit have been known to break MUSHes for fun.” So that’s what I wanted to join.

I’ve always liked having the ability to view public webcams around the world. During the last hurricane, for example, there was a camera streaming from an oil rig a mile or more out to sea that let us see the strength of the storm before it made landfall.

Now that I’m a homeowner, I wanted to put a camera on our roof and stream the view from up there. I bought a weatherproof Amcrest IP8M-2597EW-28MM and dropped it through the soffit under our roof. The process of snaking the ethernet cord through an air duct up to the attic will not be covered here.

Amcrest cameras act as RTSP (real-time streaming protocol) servers that can be accessed on a specific port. This means that it’s necessary to run an active RTSP client to consume the live feed.

I have slowly been working on a MUSH, which is an online, multi-player, text-based social game. The game Zork (1977) is probably the most popular game in this style, although it is not multi-player. I decided to use PennMUSH as the server distro since it seems to have the widest support.

MUSH servers open a raw TCP socket for incoming connections and most sessions occur over plaintext. There are a handful of MUSH clients that players can use but a simple TELNET connection also works. MUSH servers understand enough of the TELNET protocol to refuse option negotiation.

At one time I decided to create restricted shell accounts for users and have them connect to the MUSH via localhost rather than expose the MUSH server to the open internet. I have since walked that back and just opened it to the internet but shell accounts are still an option. See this page for some details.

In a previous article I described how to install and run the Port Scan Attack Detector (PSAD) on a Raspberry Pi. It is the closest thing to a full IDS that works on the Raspberry Pi and it’s extremely easy to set up.

None of the existing visualization tools for PSAD data really met my needs, so I created a custom Python script that generates an HTML page from the live PSAD data.

The PSADify script is available here: PSADify on Github
You can see the actual data here: Live PSAD Attack Data

On my own host running PSAD, there is a cronjob that runs this script every five minutes and uploads the output to an AWS S3 bucket. If the local configuration or the settings on the AWS side would be useful to anyone, let me know!