Category Archives: security

Upgrade Ubiquiti UniFi AP-AC-Pro to mitigate KRACK

So, if you haven’t heard, there’s a flaw in the WPA2 protocol.  Read about it if you don’t know.

Since have a specific model of Ubiquiti UniFi WiFi AP, I figured they’d have an update quickly, which they did.  However, I didn’t anticipate trouble in updating to latest firmware ( It took a LONG time to finally get it updated.  Essentially, the update via the controller would fail to update, even though it would say it was going to update to the right version.  The AP would blink happily, then reboot on the same version of the firmware, over and over.  I tried other means, including trying local and ssh/scp update methods.  Same result.  In then end, this and this and this helped me diagnose a very odd situation:

  • Controller or other udpates failed because it was using https:// URLs to download the update
  • SSL verification built in fails because the time on the AP was not updated (was December, 1969)
  • Time on the AP was not synced (via NTP) because my local NTP server (on my router) was not functional.
  • my local NTP server was not functional because I had my DNS server pointing to non-standard (non-logging, private) DNS servers.
  • Those private DNS servers were failing to resolve some things, AFAICT, including

After updating my DNS servers (now using google again – not my first choice since they log my queries), which fixed NTP server, which allowed me to upgrade the firmware on my PFSense router (which wasn’t getting updates because of the DNS issues) which made NTP happier yet, which allowed the WiFi AP to get the correct time, which allowed the upgrade to happen properly.


Command-line or script access to One-Time-Secret

For a number of reasons, I’ve been playing with OneTimeSecret, a nice little service that allows you to share a secret with someone else and know that it can only be viewed once. Additional features such as Time To Live (TTL) and Encrypted secrets, plus direct email to the intended recipient are nice bonuses.

However, I was wanting to incorporate the sharing of secrets into a shell script, and while the RESTful API is helpful, and I could have used curl, I decided that I could easily provide a simpler interface with functions for scripts and a command line interface. Check it out on GitHub.