Posts

Port knocking is security through obscurity. Now normally, I say anything to do with security through obscurity is bad practice if that’s the only thing you’re relying on. The idea is that it’s not going to outright secure your network, but it’s going to drastically reduce the risk of an attack during an attacker’s discovery phase. Hiding valuables in your vehicle when it’s left unattended will reduce the likelihood of a criminal passerby from breaking into your vehicle. Likewise, keeping ports closed when they’re not actively in use will reduce the likelihood of a criminal portscanning your network to find your open SSH (Sometimes Secure Hell), RDP (Ransomware Deployment Protocol), or god forbid your HTTP or TELNET ports. To keep the analogy going, we are effectively keeping the open ports in the car, but we are throwing them in the glovebox. ...

Infrastructure as Code Infrastructure as code is a method of defining your infrastructure using plain text code which can be checked into a version control system and which an automation tool can read and then provision automatically. The benefit of this system is that infrastructure design is defined in a way that’s easy to understand and rebuild/reproduce automatically, quickly, and upon demand. In this post, we’ll go through setting up a composable infrastructure that I use to manage the services I create. ...

I’m getting less and less ambition as time goes on. For real though, I just wanted to build a simple covid19 stats for Polybar, but it works fine as a console application for Windows normies too. All it does it get the numbers from the Alberta site, and output them. Check it out here: https://deadbeef.codes/steven/covid19-edmonton Edit April 25, 2020 Now it’s webscale. Passing -web as a parameter will instead start a web interface on 0.0.0.0:8080 which displays the statistics in a dashboard-like format. ...

When I was first starting to learn how to build a scalable application, I wanted to make a render farm for Blender animations and so I did. It’s full of TBD’s, but hey! It works and it works well, I’ve used it on many projects. It can be used with preemptible instances on major cloud providers to rip through any rendering you need. Google owns a similar product named Zync, but mine is open source and web based instead of a thick plugin for your 3D software. ...

Here’s a minecraft server: minecraft.deadbeef.codes Feel free to join if you like - it’s completely vanilla survival.

I’ve been searching for a file-level backup solution that ticks all the boxes, specifically: Efficient - something that only copies differential data when performing backups Secure - Encryption of data at rest and in-flight Deduplication - Only store blocks of data once and use pointers to reference it Storage Provider Support - Ideally NFS out of the box or even rsync, but hey if it supports the typical cloud providers too that’s a bonus Trustworthy - Ideally free and open so that I can audit the source Easy - I don’t want to invest an hour learning how to use it at scale Ideally free Man, let me tell you - there are not a lot of options out there that meet all these requirements - but I stumbled upon restic, and it seems to be the best option I’ve come across. ...

Question: How long can an idle TCP connection remain open? Answer: According to the standard, indefinitely, however, most implementations impose a connection timeout. TCP keepalive is a feature that isn’t defined in the TCP specification, as crazy as that might sound. RFC1122 under section 4.2.3.6 mentions keepalives instead. Excerpt from RFC1122 4.2.3.6 TCP Keep-Alives Implementors MAY include "keep-alives" in their TCP implementations, although this practice is not universally accepted. If keep-alives are included, the application MUST be able to turn them on or off for each TCP connection, and they MUST default to off. Question: Why do we have TCP keepalives then? ...

Part 1 Machine learning can seem like an intimidating subject to understand. Typically this would require being proficient at advanced math such as linear algebra, calculus, and statistics. However, even without knowing what goes on under the hood, it’s possible to make use of it to solve business problems. You don’t fully understand every aspect of your car, yet you drive it. The same goes for machine learning. AutoML is a product made by Google, which allows pretty much anyone to use machine learning because it looks at your data and builds a model automatically. The techniques it uses are quite sophisticated, and I won’t be discussing that here. Instead, I’ll focus on being pragmatic and show you how to use it without the math background. We’ll go over an example AI project that reads product reviews and classifies them as either negative or positive. We can then use this to predict whether what someone is saying about our products in other places such as twitter, forum posts, etc are negative or positive. New reviews may then be processed and automatically categorized. ...

Hey all, I’m working on a scalable MJPEG streaming service for fun, and I’m using my two rabbits as guinea pigs. Their names are Potato and Spud. Currently, a single MJPEG stream is active; however, there are still lots more I’d like to do with this. Check it out here: OFFLINE PotatoTheBunny.com To Do Implement an MJPEG buffering proxy to enable scalability to many distinct unicast streams Implement live chat / commentary Implement clipping moments, triggered by a button on the website. The buffering proxy buffer can be snapshot and written to a file to enable this feature. Implement rate-limited, the website controlled treat dispenser - allow people to dispense a treat to the rabbits. Implement directory for multiple streams Implement ffserver middleware for transcoding

Machine learning allows you to take expert judgment, bake it into a mathematical model which can be used to solve similar, but new and different problems. In this short video clip, I highlighted the fact that with little AI development experience, it’s entirely possible to use this technology to build a useful application that solves a real problem. This is a growing field because the potential for return on investment is essentially uncapped at this point. I spent approximately 20 hours self-teaching myself high-level concepts, terminology, understanding how various hyperparameters can influence results, and reviewing the various high-level libraries and components you can utilize that abstract away all the mathematics behind machine learning. I then gave an example of a business problem-solving application that assigns a quantified priority to incoming work, replacing a manual process that typically requires a human. ...