1. Generate an SSL/TLS key, which will be used to actually encrypt traffic.

    DOMAIN=nntp.za3k.com
    openssl genrsa -out ${DOMAIN}.key 4096
    chmod 700 ${DOMAIN}.key
    
  2. Generate a Certificate Signing Request, which is sent to your authentication provider. The details here will have to match the details they have on file (for StartSSL, just the domain name).

    # -subj "/C=US/ST=/L=/O=/CN=${DOMAIN}" can be omitted to fill in custom identification details
    # -sha512 is the hash of your key used for identification. This was the reasonable option in Oct 2014. It isn't supported by IE6
    openssl req -new -key ${DOMAIN}.key -out ${DOMAIN}.csr -subj "/C=US/ST=/L=/O=/CN=${DOMAIN}" -sha512
    
  3. Submit your Certificate Signing Request to your authentication provider. Assuming the signing request details match whatever they know about you, they’ll return you a certificate. You should also make sure to grab any intermediate and root certificates here.

    echo "Saved certificate" > ${DOMAIN}.crt
    wget https://www.startssl.com/certs/sca.server1.crt https://www.startssl.com/certs/ca.crt # Intermediate and root certificate for StartSSL
    
  4. Combine the chain of trust (key, CSR, certificate, intermediate certificates(s), root certificate) into a single file with concatenation. Leaving out the key will give you a combined certificate of trust for the key, which you may need for other applications.

    cat ${DOMAIN}.crt sca.server1.crt >${DOMAIN}.pem # Main cert
    cat ${DOMAIN}.key ${DOMAIN}.crt sca.server1.crt ca.crt >${DOMAIN}.full.pem
    chmod 700 ${DOMAIN}.full.pem
    

See also: https://github.com/Gordin/StartSSL_API

I host an etherpad, which I just made public. You can make your own notes and edit them.

I decided to post all of my purchases/income. This isn’t something I was totally comfortable with, but I couldn’t think of good reasons not to, and my default position is to release information. I think this is especially interesting since it’s not something I’ve seen made available before. Link: http://za3k.com/money.html

I think the analysis may be useful to other hackers, as people tend to be insane and cost-insensitive around money. I think having another persons’s finances to look at for comparison is something I’ve wanted for various reasons at various times, and it’s not commonly available. My selfish motivations are to get other people to tell me how I should be saving lots of money, and to feel like my financial decisions are under scrutiny (which is good and bad).

I’ve had a lot of trouble getting Minecraft Forge to run headless. They have a friendly installer option that I just can’t use in my situation, but one of the devs seems actively hostile around providing help to headless servers, so I didn’t bother asking forge for help. I thought I’d write up what I had to do to get things working. As a warning, it requires some local work; you can’t do everything headless with these directions.

I’m running Minecraft 1.6.4, with the latest version of forge for that, 9.11.1.965.

  1. Locally, download and start the minecraft client for the correct version at least once. Not sure if you’ll need to ‘play online’ or not. If you have the current installer, you need to make a new profile with the correct minecraft version and play that.
  2. Copy ~/.minecraft/libraries to the headless machine.
  3. Download forge (the installer version, not the universal) from http://files.minecraftforge.net/. The non-adly version is the little star for non-interactive use.
  4. Run

    java -jar forge-1.6.4-9.11.1.965-installer.jar --installServer
    
  5. Delete the installer, you don’t need it any more.

  6. Install any mods you want to the ‘mods’ directory, edit server.properties, etc. Normal server setup.
  7. To execute the server, run the file indicated in the installer. In my case, I run

    java -jar minecraftforge-universal-1.6.4-9.11.1.965-v164-pregradle.jar nogui
    

Alternatively, you can install the entire server locally and copy it over.

I was originally planning to write a rosetta-stone style guide for similar commands between digital ocean, google compute, and AWS. Instead, I spent all day writing this CLI tool for EC2 which wraps the enormous and unintuitive AWS command-line tool. It’s not totally polished, namely you’ll have to hand-substitute some stuff at the top of the script that should properly go in a config file, but hopefully someone will find it useful.

As a warning it terminates, not just stops, all amazon instances when asked.

This is my new blog! The old content is archived.