Have you ever wondered what this setting in Citrix Workspace App does?

Well, today I figured out: you can set multiple virtual desktops for your session in a split-screen fashion. Just like this:

The session must be in full-screen mode. Here is how it looks:

Saving credentials and secrets inside your code is a very bad idea and should be avoided. PowerShell has built-in commands to export and import encrypted data in your code.

There might be a lot of ways to achieve this, but this is how I like to do it. This is very elegant and easy to implement.

Let’s say we have a secret password that we want to secure and avoid saving in the source code.

$secretPW = “SecretPassword” | ConvertTo-SecureString -AsPlainText -Force

We can export this variable to an encrypted XML file with

$secretPW | Export-Clixml -Path .\secret.xml

The password is not human readable:

To import this file use

$secretPW = Import-Clixml -Path .\secret.xml

The plain-text password can be obtained through (I had to split the command into two lines)

[System.Runtime.InteropServices.Marshal]::
PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secretPW))

Just outputting the variable won’t show the password, because the variable is a System.Security.SecureString object.

Credentials can also be saved this way:

$credentials = Get-Credential

You can show the plain-text password with

$credentials.GetNetworkCredential().password

$credentials | Export-Clixml -Path .\credentials.xml

Only the username is shown in clear text.

Same thing again with the import

$credentials = Import-Clixml -Path .\credentials.xml

$credentials.GetNetworkCredential().password

The password can be decrypted by the same user that created the XML file on that specific computer.

References:

https://devblogs.microsoft.com/scripting/decrypt-powershell-secure-string-password/

https://pscustomobject.github.io/powershell/functions/PowerShell-SecureString-To-String/

A while ago I wrote an article that described all the steps necessary to obtain a free SSL certificate with a validity of 90 days. Check it out: https://www.ajni.it/2019/06/claiming-a-free-ssl-certificate-for-your-website/

While it’s good to know how things work, the task gets boring and repetitive if you have to do it every 3 months and in my case for two different domains. This is why I wrote a small and straightforward script in Python3 that does that all for me.

ZeroSSL offers an API that allows us to automate this task by making some HTTP calls with an API key obtainable after registering.

I have uploaded the script on GitHub, check it out:

https://github.com/ajnik/ZeroSSL-CertRenew

There are some variables that must be changed:

• Line 19: API key
• Line 20: Domain name
• Line 43 to 52: Request paramteres (O, OU, L, ST, C)

Execute the script with

python3 ZeroSSL_CertRenew.py

The script does no exception handling. I might improve it in the future.

Let me know if you have any suggestions. I am pretty new to Python programming so every tip is welcome.

What is DNS over HTTPS ? Well it’s basically an encrypted way of querying DNS. Normally DNS uses port 53 to communicate with the server and query the name we want. But all of that traffic is in plain-text and thus it is very easy to poison that communication. DNS over HTTPS is secure because it uses certificates to encrypt traffic (just like HTTPS websites).

Mozilla Firefox makes it very easy to enable this feature. Just open the settings and search for “DNS over HTTPS”:

In the connection settings enable DNS over HTTPS. You could also add a custom provider. Here is a good list: https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers

Microsoft Edge does not have a user-friendly way of activating the feature (yet).

In the edge://flags/ search for “DNS” and you will find the corresponding setting:

Unfortunately Microsoft Edge does not allow custom providers. Hopefully they will one day.

A few days ago I bought a very cheap Virtual Private Server (VPS) – check my post here: https://www.ajni.it/2020/03/quick-tip-cheap-private-servers-on-the-cloud/

It was very cheap (4$ or 3.75€ annually), but with a lot of gotchas.

One of them is Ubuntu 18.04 Minimal, which means a lot of packages will not be pre-installed, causing a lot of pain when installing services like in my example OpenVPN.

Here is how I managed to install OpenVPN on Ubuntu 18.04 Minimal.

Updating the system:

apt update

apt upgrade

Install OpenVPN

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

The first problem occurs with the root CA certificates:

Install the root certificates in order to trust them:

apt-get install ca-certificates

After re-running the command, another error shows up:

Install the next package (iptables):

apt-get install iptables

And finally, the OpenVPN setup can be run:

I had to set a custom port, because only specific ones were NAT’d to my server. You might leave the port to default. I am also using 1.1.1.1 for DNS.

After the setup is finished, a configuration file will be created. This file contains the public certificates and private key that are mandatory for the connection. It can be imported into the OpenVPN client (Windows) through the GUI.

On Linux, a simple

openvpn configfile.ovpn

does the trick.

If you are looking for a VPS with good performance, check out Evolution Host at https://evolution-host.com/vps-hosting.php.
They offer virtual servers starting at 5€ per month.