Honeypot Attempted Passwords

Photo generated with AI by https://stablediffusion.fr/
Photo generated with AI by https://stablediffusion.fr/
I’ve been running a honeypot for a while just to see what creepy things crawl around on the internet. One of the things I wanted to see is what credentials are probed when trying to sign in, so I equipped the honeypot with a fake WordPress login page. Today, I’m writing about these credentials. For my evaluation I’m looking at data only from the past 6 months, more or less. On average, almost 80 attempts to login are made every day.
read more →

Container images with golang from scratch

One of the things I like about golang (and Rust too, by the way) is that it’s quite simple to build really small container images by statically linking the executables, and using scratch as the base image. I’ve done this a few times in the past, and was doing it again just recently. Except that this time around, I ran into issues: the container would crash soon after it started.
read more →

Time-based One-time Passwords

Photo generated with AI by https://stablediffusion.fr/
Photo generated with AI by https://stablediffusion.fr/
I recently had to switch phones, because my old phone conked out. I had an app on that phone that I used for short-lived MFA codes for various logins I use. That app was a poor choice, because it didn’t allow for a backup of the secrets used for the code generation, so I had to go to the relevant logins and one by one remove MFA, then add it again.
read more →

Real-Time Video Stream with Raspberry Pi

Over the years I’ve accumulated a few Raspberry Pis of different versions, each of which I’ve used for certain things, some of them I’ve retired or upgraded to newer versions. Consequently, I have a few Raspberry Pi 1 and 1B still around, and they’re not doing much aside from collecting dust. I also have an old Raspberry Pi NoIR camera that I haven’t been using much. Over the years I’ve tried different things, including PIR-triggered recording of the camera feed, sort of to build a device that records what’s happening when the infrared sensor is triggered.
read more →

Generate Code with NSwag

Photo by Markus Spiske: https://www.pexels.com/photo/coding-script-965345/
Photo by Markus Spiske: https://www.pexels.com/photo/coding-script-965345/
First, let me state this more precisely: this is a post about generating c# code for ASP.Net Core from an Open API definition at build time using NSwag. If you’re looking for steps to generate code by using the NSwag toolchain manually, you won’t find that here. If you’re looking for a way to generate an Open API definition from an existing ASP.Net Core app using the NSwag toolchain, you won’t find that here either.
read more →

K8s with K3s

Earlier this year I’ve started using K3s regularly for local testing of Kubernetes workloads, APIs, tools, and more. I’ve grown quite fond of k3s for multiple reasons: it’s very easy and fast to install, very easy to use, and so far I have not found a single service designed for K8s that wouldn’t work on K3s. I’ve run it both on Linux machines as well as on Windows machines through WSL2.
read more →

Signing HTTP Messages in .Net with NSign

Photo by Pixabay: https://www.pexels.com/photo/security-logo-60504/
Photo by Pixabay: https://www.pexels.com/photo/security-logo-60504/
One of the things I have been working on at work over the past few months is an open source implementation for .Net of the standard-to-be for HTTP message signatures. I’ve ended up calling this NSign which granted is a bit broad – the libraries deal only with HTTP signatures – but I found that the name quite fitting. The general idea of HTTP message signatures is that clients and/or servers can create and verify digital signatures or message authentication codes over HTTP messages, that is either request or response messages.
read more →

Introducing Hash Tool

Hashes are everywhere in the digital world: checksums for file downloads, version control systems, fingerprints, password databases and verification, message authentication, digital signatures, blockchains etc. As a developer, I often find myself in the situation where I quickly need to verify a hash, or generate a hash for some reason or other. That’s why I built the flrx39 hash tool: it lets you quickly evaluate some popular hashes in the browser.
read more →

Pretty Printing JSON

Photo by RealToughCandy.com: https://www.pexels.com/photo/man-love-people-woman-11035481/
Photo by RealToughCandy.com: https://www.pexels.com/photo/man-love-people-woman-11035481/
Over the holidays I’ve used some of my time to modernize my JSON pretty printing tool and make it available on flrx39.net too. The new version is available under pretty print json. Please make sure to check back often, as I will keep adding more tools over time. Also feel free to suggest new tools which you think could be useful 😄 I cannot guarantee that I will add all suggestions, but I will consider them.
read more →

Fast Blog with Hugo

I’ve wanted to get rid of Wordpress for a while now. It’s more of a hassle than anything else, really. And who on earth still uses PHP? Anyway, a while ago I embarked on the journey to find a good replacement. First, I looked at other CMS systems that are similar to Wordpress, but soon realized that they’d all require me to keep them up-to-date all the time, and they’d likely be just about as annoying.
read more →

Discrete Event Simulator

Photo by Eunice Lui: https://www.pexels.com/photo/blurry-photo-of-a-neon-signage-4151043/
Photo by Eunice Lui: https://www.pexels.com/photo/blurry-photo-of-a-neon-signage-4151043/
Earlier this year we were dealing with an issue in one of our data processing pipelines. Through telemetry we could see where the problem was coming from, but I did wonder if I could model the problem in a simulation too. After all, if we have a tool available to predict certain issues before we implement them, that can be very helpful to adapt the design and/or code upfront. I remembered some lecture from university many years ago, where we were discussing discrete event simulations.
read more →

Copy files with PowerShell Remoting

Recently at work, I found myself in the situation where I needed to copy some file from my workstation to a jump box. Now of course, on Linux I’d just use rsync or scp. But our IT doesn’t like provisioning Linux boxes and therefore uses Windows for jump servers too, so no luck here. Luckily, I could convince them to turn on and allow PowerShell Remoting, so with some simple scripts I can still easily copy files over without using SMB.
read more →

Cheap and Secure Cloud Backups

I’ve wanted to find a good provider of cheap and secure cloud backups for a while. I’ve compared some cloud drive providers, but didn’t quite like those. They usually have very limited free plans, somewhat pricey paid plans (e.g. 50GB for about 24$ a year for OneDrive), or like in the case of Google no information available at all. By the way, “Google one is coming soon” isn’t an announcement that I want to look at for more than a few days when looking for pricing info.
read more →

Debug slow kubectl on Windows

Over the last few days I noticed that when I use kubectl to manage a k8s test cluster in Azure, it takes forever to actually carry out the operations remotely. Today I took some time to debug this. Here’s how I debugged and ultimately fixed the slow kubectl commands on Windows. Get Verbose Output # I started with changing the log level, and capturing the details, like this: kubectl get pods -v=20 Given that the commands worked so slowly, I had enough time to just read what was going on while it was going on, and even see right awayt where the problem was.
read more →

Offline JSON Pretty Printing

Nowadays when you’re dealing with Web APIs, you often find yourself in the situation of handling JSON, either in the input for these APIs or in the output, or both. Some browsers have the means to pretty print the JSON from their dev tools. But you don’t always have that opportunity. That’s why there are tools to pretty-print JSON. I’ve found quite a few of them on the web, but all the ones I’ve found have one terrible flaw: they actually send the JSON you’re trying to pretty-print to the server 🙀.
read more →