Blog!

Your browser does not support the HTML5 canvas tag.
Another tech blog on the internet, this one is brought to you by Brian Mayer. Check my portfolio for more info about me or to see my other projects: myr.sh.

Posts

2024-02-26
dev log: my distro
2024-01-21
byte ii: jumentosec
2024-01-21
byte ii: jumentosec
2023-12-19
internet highlights vi
2023-11-05
byte i
2023-10-19
pinebook pro review
2023-10-13
internet highlights v
2023-03-31
internet highlights iv
2023-03-30
my blog publishing flux [pt]
2023-02-21
hosting your git repos [pt]

See all in our RSS feed: archive.

All work found here is licensed under CC BY 4.0.

dev log: building my own distro

Published: 2024-02-26

Another adventure have started: I'm builing my own distro! I'm not sure about the motivations as it started naturally from my fidlings with OSs. Some of the things I remember are:

Turns out there is a cool project called buildroot that makes building a minimal linux system very easy. So I used it to create the linux kernel and userspace programs for a RPi 3B+ I had lying arround.

The result was a system that does the minimum: boots the linux kernel without initrd directly from the RPi bootloader, it then runs a simple shell script as init and drops to a shell.

This system is taking only 22MiB of RAM, which 14 are cache, and 500MiB of disk, which 470MiB are for git binaries. I am very happy. Obviously there are drawbacks: no module hotplugging, this gave me a headache as my keyboard needed a kernel module, it took me a day to figure this out. I tought this was the kernel's job.

So far I'm having a great time learning, turns out there is a lot of details we usually don't need to know. For example, firmware, which for the RPi is a must: in order to load the brcmfmac module its firmware must be present in the correct place. If not whenever you modprobe it you'll get a subtle timeout error.

Luckly buildroot also facilitates this, just select the corresponding option in firmware section. The next steps are now building sbase, ubase and sdhcp. I also included a tiny c compiler so I can compile the rest of the system.

So far this is the init script:

#!/bin/dash

echo "Init started"

export PATH=/usr/bin:/bin:/sbin:/usr/sbin

mount -n -o remount,rw /
mount -t devfs /dev /dev
mount -t proc /proc /proc
mount -t sysfs /sysfs /sys
mount -t tmpfs /tmpfs /run

modprobe hid-apple
modprobe brcmfmac
agetty -n --login-program /bin/dash tty1

shutdown -h
		

There is too much to do, still. I'll keep you posted.

Responses:

reply
---------8<---------

jumentosec

Published: 2024-01-21

A friend of mine is launching, according to his words: The #1 Underground & Vendor Neutral Security Conference in Brazil, which will host a conference this year!

These are the links:

Looking forward to it.

Responses:

reply
---------8<---------

Internet Highlights VI

Published: 2023-12-19

Responses

reply
---------8<---------

Introducing Bytes

Published: 2023-11-05

Bytes is a new series os posts that are starting today. sometimes I notice or think funny things, so I decided to publish them. Here it is for today:

I was watching Monk and there is one scene that a boy coughts near Monk. The funny part is that this boy only shows up in that scene, so I wanted to watch the episode's credits just to see that.

This is the scene the coughing boy shines on his participation:

scene with the coughing boy

and the credits screen:

credits screen with the coughing boy

another great episode.

Responses

reply
---------8<---------

So I bought the pinebook pro

Published: 2023-10-19

It is usable 97% of the time, this 3% is related to a weird bug with the keyboard, the touchpad and screen sharing, video calls; but I'll explain. My current setup is Arch linux with DWM. Here are some points:
body
the pinebook pro laptop is lightweight, sleek, compact and pretty; it has a premium feel given by the magnesium shell and a gorgeous display. microSD slot is also very good to find.
battery
it has a decent battery, frequently i can use it all day long without a recharge. i'd only remove the barrel port, as the USBC port can be used for charging, so no real need for it.
touchpad
the touchpad feels a little weird sometimes, it is a little fuzzy and i have difficulties using the right click, i don't get it every time. the website says it's a large one, but i don't think so. i'd have it a little larger and make the click feel the same place everywhere, it clicks only on the bottom.
keyboard
very good one, not the best, the only thing that bothers me is that sometimes i get a doubled key, may be a firmware thing.
camera
people could see me clearly, sometimes it gets really dark i don't know why, may be some misconfiguration on me. the real issue is processing power, when i turn it on the laptop becomes unusable, totally lagged.
CPU/GPU
i think this is the only thing that bothers me everyday, it is slow and there is no hardware acceleration for the graphics driver at this time of writting. i use very light software and it sometimes lags. but software support for most applications is fine, only missing OSS.
misc.
this is very personal: the only design detail that is not what i like is the display being a little bigger than the bottom part, so when it is closed the lid is not aligned, but that's really a manner of taste. the pine website doesn't deliver to brazil and that's a huge bummer, specially because they do not answer any email or support ticket, horrible customer service.
in sum it is a great linux laptop specially if you consider that it is only 219.99$, i hope Pine64 continue to improve it, they are doing a great job for the linux/BSD ARM community.

please if you know how to solve any issue i found please reply this post. thanks!

Responses

reply
---------8<---------

Internet Highlights V

Published: 2023-10-13

this time i'll add descriptions, per my last feedback.

Responses

reply
---------8<---------

Internet Highlights IV

Published: 2023-03-31

here we go again...

Responses:

reply
---------8<---------

Published: 2023-03-30

My blog posting work flux

In this post I will talk a little about my workflow for publishing content. I find it quite simple and therefore decided to share it with you.

The first part is to know the infrastructure that I built for my server. My blog and homepage resides on my Raspberry Pi Zero W which is connected to my router with a small USB cable to receive power. And the router is connected to a UPS. This part was done this way because I wanted to venture into the world of hosting. And I liked the results, but it is much easier to pay for a VM in any cloud.

Router configuration

This part is not difficult, the goal is to route traffic to my server, for that I entered the Arris configuration and created a virtual host, I put a static IP for the RPi and added a port forwarder from port 443 to 4433. This way I can upload a service without needing root privileges.

Some optional things that I decided to have, and with great difficulty, were:

Undoubtedly, this was the saddest part of the setup. However, these optionals facilitate me in the code, since I don't need to configure DDNS. And this prevents interruption of access as my DNS always points to the correct IP.

The server

Now we come to the actual programming. The server is written in C and listens to an unpriviledged port, so I run it as a normal user, which gives me more security and simplifies the process a lot, since my user has all the permissions for the publishing flow. The server's code can be found on GitHub: servrian.

In the server, I decided to use static pages, so servrian only works for that case. For the articles, I just write them in HTML.

Adding content

Now that all the configuration and development work is done, creating and deploying content is simple:
  1. Write the content
  2. Update index page
  3. Update feed and sitemap
  4. Run scp

Conclusion

It wasn't an easy process overall, and my impression is that we are technologically behind, as the worst part was the internet plan. If there weren't so many complications with blocked ports and network configuration by the operators, the project would have ended in a weekend (at least the functional part). Of course, styling and content development can take an indefinite amount of time. As I wanted to integrate with email the project became a little more complex.

The code part is not complicated and can be even easier when using ready-made projects or pre-configured Docker images. Here I wanted to do everything from scratch for two reasons: 1. to learn how the many parts work internally, and 2. to create a lighter version than current projects.

It's this second point that I'm most proud of, everything is very light and efficient: the blog's homepage has 2700 bytes and loads in 80ms, it's valid and simple HTML, my portfolio, the page above the blog, has 575 bytes; this allows the project to be served from my Raspberry Pi Zero W, which only needs 5V to operate. In addition, it still loads other projects like my Git and email server.

These are the difficulties you may encounter if you decide to venture down this path, at least here in Brazil. I hope I've helped in some way. I say it's worth it if you value extreme simplicity, like to do things your way, and want to get away from the dependence of the infamous big techs, libraries or frameworks, and above all, learn a lot.

Future plans

I still want to change some things in the project, out of pure curiosity and zeal:

Responses:

reply
---------8<---------

Hosting your git repositories

Published: 2023-02-21

Setting up a git server is easy, and involves only common shell commands, this post will show you how I started my very first self-hosted git server. find one extra computer and set up a SSH connection to it, then you are ready to start. here I used my raspiberry pi, which is always up [1].

To setup the git server you should do the following on the server machine:

  1. Create git user
  2. Add sshd keys
  3. Create projects dir
  4. Create empty git repo
  5. Using the git shell

Create git user

This step is just sudo useradd -m git, no secret here. now log in this user.

Add SSHD keys

This part is the creation of the authorized_keys, so you can SSH in with this user. Basically you just add the allowed public keys here. In my case I just copied from my main user, but the ideal case is creating another key and adding that to the git server.

mkdir .ssh
cat new-key.pub > .ssh/authorized_keys
chmod 600 .ssh/authorized_keys 

Now you should be able for SSH into your git machine using the key you added.

Create projects dir

This step is optional but I like creating a dedicated folder for my projects, so I ran: mkdir git, and entered it.

Another cool thing to do is to change the default git branch:

git config --global init.defaultBranch main

Create empty git repo

This is the command that creates a repo on the server, so you can push to this repo. To create it first create a folder, and then issue the init command:

mkdir project
cd project
git init --bare

At this stage you have a fully functional git repository, to use it you proceed as you do for new repos.

Using you new repo

Now in your other machine you can init a repo and push:

cd project
git init
git add .
git commit -m 'Initial commit'
git remote add origin git@:git/project
git push origin main 

You can stop here if you want, but in this state there are some anoying things on the server that can drive you nuts, for example:

The next section will deal with these issues using the git shell and some configurations.

Using the git shell

First thing to improve is to remove port forwarding, so add this to the start of each entry in the ~/.ssh/authorized_keys file:

no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty 

Now SSH users cannot get a login shell, only the non-interactive shell we are going to configure will be available.

The we must set the git shell to be used on login. so log in your server machine, now check if the git-shell is listed on the /etc/shells file with: cat /etc/shells, if you do not see git-shell there, you can add it:

sudo echo "$(which git-shell)" >> /etc/shells 

But I advise you to use an editor. Now make it the login shell for the git user:

sudo chsh git -s $(which git-shell) 

Now you will not be able to get a shell on a log in. So this user is useless for anything else than git stuff. You can only run git commands like pull, push and clone, plus the commands we created on git-shell-commands.

Setup up greeting and commands

The git-shell can be customized by creating the folder git-shell-commands on the git home, the first and funnier thing to do it to just show a message when a login is atempted.

You can present a greeting to users connecting via SSH by creating a file named no-interactive-login in the folder we just created. It's funny, e.g.:

#!/bin/sh
echo "welcome to your git server!" 

So when git tries to log in your server this message is shown.

Adding programs to this folder will let users run them. There are some convenient commands to add, for example, creating a new repository, deleting one and listing all repos. To make them available don't forget to let them be executable:

chmod +x git-shell-commands/program 

A good starting point is [2].

Conclusion

I think this is a good configuration, it is safe and let's you fully interact with git, even creating and deleting repos.

At the same time this configuration is flexible as you can keep adding new commands. But there is room for improvements, for example, your repositories have zero visibility, there is no colaboration.

Adding public access can be done using git-daemon, or setting up the git HTTP. But those are subjects for other articles.

References

  1. My rpi, in the future it will have a PoE HAT. rpi on my living room
  2. git-shell-commands repo

Notes

Responses:

reply

Misc

This site is a member of the 250Kb and 512Kb clubs.

Some links we like:

      ,_.     ,.eo-ee,   
     .e.e,   e_/e0^o,    
  .,;-o-e.. ,/ee^        
     ,e0\o  /-o0__ee,._  
   ee 0_/e e\o_/__\-e,o^e
   ,,o0o\ ,|v/ee. ^"e-   
,ee_e._, \ //            
        \ V |   _.e.     
        |   /_-ee,_.     
       /\   \-__         
     _/ /  \ \  \_       
  .,wW'^^^//;^-^;^;w_    
  derelict garden webring