TIL: Zizmor and GitHub Actions security

I was reading up on the recent Ultralytics GitHub Action compromise and I stumbled upon this great analysis of the situation. In it, zizmor is introduced, which is a static analysis tool for GitHub Actions. I experimented with it a bit and I have to say it's working great. It correctly identified misconfigured GitHub Actions on some repositories I was working on. It's another tool that's worth having as part of your CI.

Read more


Trying out logs and TILs

I often find myself wanting to blog about something, but I get stuck on trying to write a blog post that's perfect, which is a big mental barrier. The longer it takes me to publish something, the harder it gets, hence why I haven't posted about my updates since May. I'm also guilty of having multiple long essay-like posts, that are half-finished for years now, which apply a constant pressure in my posts backlog, making the situation worse.

As an attempt to fix this, I'm giving TILs and log entries a try.

Read more


/tmp is not a tmpfs on NixOS

The other day I realized that /tmp/ on my NixOS installations is not a tmpfs as I'm used to from other distros. Instead, NixOS relies on this systemd timer that cleans up old files from /tmp/. This is not NixOS specific, other systemd based distros also run this timer. Looking at the NixOS boot.tmp related options, we see there's an option (cleanOnBoot) that clears files on boot and is disabled by default.

Read more


A web page to display my time zone

I recently had to share my time zone information with a group of people online. While it's easy to say "My time zone is XYZ", I thought it would be better if I had a web page that was easy to remember and had this information available for everyone to see. So, I created tz.erethon.com.

Read more


April 2024 updates

I spent a big part of April on moving parts of my infrastructure and computers to NixOS. As part of this, I devoted some time to better understand NixOS and get a grip on how things work upstream. I also kept up to date with the ongoing situation in the community, a good summary of which can be found here. I don't like the word drama, as I think it downplays the importance of it, but it is what people call it currently. Let's dive in the details of what I was up to!

Read more


Early 2024 updates

Since I didn't post monthly updates so far in 2024, here's a 2024 Q1 update on what I've been up to.

Read more


Comparing Reticulum and Meshtastic

I've blogged about both Reticulum and Meshtastic before (1, 2, 3, 4) and I've even given a presentation about both of them. The past few months, I started getting more involved with Reticulum, however I'm still reading the Meshtastic Discord to keep up with the project. In both communities, I see one question that comes up often: "Which one is better?". I want to try to answer this question and hopefully help people understand these projects better.

Read more


December 2023 updates

In December, I didn't have much time to work on tech things since I spent a large part of it away from home. Still, here are some interesting things that happened.

Read more


November 2023 updates

November was a bit of a slow month, but here are some updates on the things I worked on.

Read more


My tiny archivemail alternative in Rust

Almost ten years ago, I blogged about my email setup (1, 2, 3). Since then, not a lot has changed. I still download my emails locally with mbsync, use mutt to view and compose emails, msmtp to actually send emails, and finally notmuch to index emails. A crucial part of the setup that I didn't mention, was archivemail.

Archivemail is a Python 2 application that archives older emails and cleans up mailboxes. I used it to prune my big public mailboxes such as mailing lists, forum updates (lobste.rs), etc.

As I mentioned, archivemail is written for Python 2, which isn't supported by Debian anymore and thus, I had to look for an alternative. I found Chewmail, which looks like a potential Perl option, but instead, I decided to write a small replacement in Rust for fun.

Read more


October 2023 updates

Updates on some of the things I've been up to during October 2023.

Read more


What happens when a Matrix server disappears?

Ever since I started using Matrix, I always wondered what would happen if a Matrix homeserver got deleted and then recreated, without any data on the database. Would the federated servers complain a lot about it? Would federated rooms work once the server was recreated and started federating again? I never had the chance or time to properly investigate this.

Well, that is until the hardware node that hosted my Matrix database died.

Read more


Introduction to Reticulum

In my last two posts [1, 2] about Meshtastic, I mentioned how I wanted to experiment with Reticulum. Now, I'm excited to share my experience and provide an introduction to the project!

Read more


More notes on Meshtastic and its v2.0 update

In a previous post I documented my experience with the Meshtastic project and one of the TTGO T-Beam boards. Since then, I've experimented more with meshtastic and its capabilities, while the new version 2.0 of the project got released, so some updated notes are in order!

Read more


Meshtastic: Quick review and some notes

A friend recently introduced me to the Meshtastic project, an open source "platform" for creating long range, off-grid, mesh networks for short messages based on LoRa. After playing with the hardware and the software for a few days, here are my thoughts on it and notes on how it works.

Read more


What a malicious matrix homeserver admin can do

I run my own Matrix homeserver that I share with friends and family. Ever since I started working for Element back in February of 2020, I've learned a lot more about the Matrix protocol and what's possible to do with it. During a conversation with a few privacy minded friends that use my HS (HomeServer), I pointed out that the admin of a homeserver has a lot of power over their accounts and that they as users explicitly trust the admin. In this post, I want to explore and document the ways a malicious admin can mess with the privacy of a Matrix account. Note: malicious admin in this case can also mean a hacked admin.

Read more


Notes on my DIY modular synth journey

I want to build a DIY modular synthesizer. A lot of the music I enjoy listening comes from synthesizers, so I want to experiment with it. Moreover, I haven't done any analog electronics work in a long time, so I see it as a creative way to get back into analog hardware.

I have no experience with modular synths, so I'll be documenting my work and research here, with links and resources I found useful.

Read more


LS32 LCD name badge + Rust

During 36c3 last year the FOSSASIA assembly was selling some cheap bluetooth LCD name badges and I got one as to have something to fiddle with during the night at the hotel. There were a couple of demo units in the assembly and the people selling the badges encouraged everyone to try pairing their phones (via bluetooth) to the demo units before purchasing, as some phones weren't able to pair with the badges. When I was next in line to purchase one, I was asked if I wanted to try one of the demo units in case it doesn't work and I replied something along the line "If it doesn't work, I'll make it work", which made people in the line laugh. As it turns out, neither of the two phones I had access to paired with the badge, so it came down to figuring out how this thing worked and what other ways there were to program it.

Read more


Infrastructure as Code without using the cloud

One of my favorite conversations I had with a colleague back in early 2015 was about Ansible, the future of provisioning VMs, pets vs cattles, Infrastructure as Code and the ways an organization can make sure that an administrator isn't leaving behind a backdoor when they leave the organization. We had that discussion on the day they gave their one month notice and announced their resignation.

Read more


Plotting room temperature and humidity using Prometheus, Grafana and a DHT11 sensor

Last week we installed an airconditioning unit in our house and yesterday a DHT11 humidity and temperature sensor arrived that I had ordered in the past from ebay and had totally forgotten about it. So, I got the idea to monitor the temperature and humidity in the room, to see how well the airconditioning unit works.

What better way to do this than use Prometheus, Grafana and a spare Raspverry Pi Zero W I had lying around.

Read more


Cryptopals Set 1 reading list (spoilers ahead)

I've decided to Go through (this will make sense in a bit) the Cryptopals Challenges in order to get more familiar with crypto related concepts and Golang (^_^), which I'm using to solve the problems. The code I've written for solving the challenges is published in this git repo and I'll be documenting any helpful resources on this blog.

Read more


How I do my Computing

This is a long time coming post that I've kept postponing (pun intended) for ages.

I enjoy browsing The Setup and I always longed for an easy way to share the way I do my computing with friends, besides linking them my dotfiles. This blog post is supposed to fill that void. A lot of this info is already documented in my private Emacs wiki, this is a more lengthy representation of it.

Read more


Migrating to Hugo

A bit over two years ago I blogged about migrating to Octopress from Wordpress, this time I'll blog about migrating to Hugo from Octopress.

I started messing around with Hugo because I was experimenting with Go and wanted to take a look at a simple and complete Go project. I ended up liking the simplicity of setting up a new site and decided to try porting my blog to it.

Read more


Can we really trust the official Docker images?

Yeap, this is another rant on the security practices of Docker users. Like we didn't have enough of those already.

Read more


Using msmtp to handle mail delivery

Following the example of GKH and others, I've added one more piece of software on my email setup and workflow. That piece is msmtp, a very simple and lightweight SMTP client, that integrates really well with the rest of my setup.

Read more


On proper git commit messages and frequent git pushes

Edit: This post was written many years ago. Back then I was a lot more strict on how other people did things and I now understand this was a mistake. I'm leaving this post here as a reminder of past mistakes.

Note: this is a rant on how people use git.

When I was introduced to git, I was told I should read this great post on git commit messages by Tim Pope. Ever since, I've been trying to follow that system in all of my commits across all projects.

Read more


NotMuch is awesome

In one of my previous posts, I explained my email setup in detail. Since then I've added one more piece of software on the "stack". It's called NotMuch and it's an email indexer.

Read more


My email Server Setup

Wanting to have more control over my email, I decided to setup my own mail server. I thought I had a pretty good understanding of how mail works, considering my mutt/offlineimap/imapfilter setup, but I must say I was pleasantly surprised while setting everything up.

Read more


My mail setup using Mutt/OfflineIMAP/imapfilter

Update 17/03/2015: I'm also using NotMuch now, for more info check out this post.

Update 2/6/2015: I've added msmtp to the mix, check out my new post about it.

This is part of a series of posts where I describe my workflow and OS setup.

Read more


Kippo findings round two

It's been over a month since I set up twelve Kippo hosts using my Ansible playbook, time to get some stats.

Read more


Deploying Kippo with Ansible

I've been running some instances of Kippo for quite some while now with great results. I recently wrote an Ansible playbook to automate the process of deploying Kippo hosts and also make it scalable. You can find the playbook on my GitHub page, specifically here.

Read more


My tmux config and a small tmux primer

It's been a little over a month since I started using tmux. Below, I'll try to explain most of my .tmux.conf, a bit of my current workflow using awesome + tmux and various cool stuff you can do with tmux. My latest .tmux.conf can be found on my dotfiles repo on GitHub.

Read more


Updating tmux without killing active sessions

I've been using tmux for a while, and even though I didn't like it at first, now I'm in love with it. I'm mostly using it as a GNU Screen alternative, but I don't use some of its fancy features like tabs, mainly because my window manager takes care of multiple terminal windows for me.

Read more


Making a RS-232/UART adaptor

A couple of months ago I wanted to experiment with the serial console of an old router I had laying around. Not wanting to buy a UART to RS-232 adaptor, I decided to make one myself. After all, I had some spare MAX3232 left over from a previous project (for which I still haven't blogged).

Read more


Octopress here I come!

I decided to port my blog to Octopress and move away from Wordpress after all these years. The reason for this is twofold:

Why Octopress and not something based on Python like Pelican or Nikola? I simply decided to do something that will get me out of my comfort zone and also teach me something new. I already know how to use venv, let's see what RVM has to offer.

Read more


Raspi + SDR + ADS-B = awesome

A lot of people have combined a RasPi and a SDR dongle to get a low power consumption ADS-B tracker. Tomasz Miklas has created an image for the Raspberry Pi, that has everything that is needed to run your own aircraft tracking "service" already set up. I've finally had a chance to experiment with it and this will be my short review.

Read more


An intro to SDR

For the past two months I've been reading about SDR and everything related to radio telecommunications. For those that don't know what SDR is (and are too bored to click the previous link), Software Defined Radio is a system that implements hardware subsystems of a typical radio in software. People have been designing their own SDRs with FPGAs for quite some time now, but in the last year there has been a huge "revolution". It turns out that a lot of cheap USB digital TV tuners based on the Realtek RTL2832U chip can be tuned at a wide range of frequencies.

Read more


My Kippo findings after three months

Three months ago I installed Kippo in a low end VPS of mine. About a month after that, I got bored of manually checking kippo everyday so I made a small script to automate the process. Fast forward another two months and here we're.

Read more


Making an ugly Ethernet tap

A long time ago, I saw this in the Hak5 store. After reading about it in mossmann's blog, I found somewhat interesting that using this easily built device you can HACK THE PLANET.

An ethernet tap is a passive device used to monitor traffic between two hosts using a third one. For more info on network taps read here.

Read more


Arp spoofing with Python

I decided to reinvent the wheel by making an ARP spoofer in python using raw packets, thinking it would be a nice practice.

Read more