Kranzes

Initial checks

Start by checking that there aren't any previous ssh keys inside the FIDO2 authenticator of your YubiKey. You can check if they exist by running the command below:

nix shell nixpkgs#yubikey-manager -c ykman fido credentials list

If the command above outputs a string mentioning "ssh" or "openssh", then you have already got a key generated and store on your YubiKey.

Evaluating additional authentication factors

Before generating a new ssh key to store on your YubiKey you must consider which additional required authentication factors you want to use. Below you can see a table with the available factors and their corresponding command:

nitred

About

• I faced bandwidth issues between a WG Peer and a WG server. Download bandwidth when downloading from WG Server to WG peer was reduced significantly and upload bandwidth was practically non existent.
• I found a few reddit posts that said that we need to choose the right MTU. So I wrote a script to find an optimal MTU.
• Ideally I would have liked to have run all possible MTU configurations for both WG Server and WG Peer but for simplicity I choose to fix the WG Server to the original 1420 MTU and tried all MTUs from 1280 to 1500 for the WG Peer.

Testing

• On WG server, I started an iperf3 server
• On WG peer, I wrote a script that does the following:
  • wg-quick down wg0
• Edit MTU in the /etc/wireguard/wg0.conf file

sm-Fifteen

"What the heck is a Yubikey and why did I buy one?": A user guide

(EDIT: Besides Reddit, I've also put this up on Github Gist)

So while looking for information on security keys before getting one myself, I got very confused reading about all the different modes and advertised features of Yubikeys and other similar dongles. The official documentation tends to be surprisingly convoluted at times, weirdly organized and oddly shy about a few of the limitations of these keys (which I'm making a point of putting front and center). Now that I have one, I decided to write down everything I figured out in order to help myself (and hopefully some other people reading this) make sense of all this.

Since I'm partly writing these notes for myself, there might be some back and forth between "exp

fern9001

Fern's NixOS Vim Guide

A newbie friendly guide to configuring Vim in NixOS

File Structure

Create the following file struture in /etc/nixos

/etc/nixos
    |-- apps
        |-- vim
            |-- default.nix 
            |-- vimPlugins.nix

approovm

Android Bypass Certificate Pinning and MitM Attack Setup

This is a gist used in the following blog posts:

• How to MitM Attack the API of an Android App
• How to Bypass Certificate Pinning with Frida on an Android App

z11i

filename='yourfilename'
filetype='text/csv'
token='my oauth token'
url='http://localhost/upload'

curl "$url" \
  --form "data=@$filename;type=$filetype" \
  --form "name=somename" \
  -H "Authorization: Bearer $token"
  

en4rab

Flashing an unbranded smart lightbulb to Tasmota

Whilst on holiday last week I thought i would do something productive but that seemed like work so I bought some cheap noname wi-fi smart LED lighbulbs off ebay and flashed them with Tasmota firmware, since the particular bulb I bought wasnt listed on the Tasmota Device Templates Repository and I have no idea if they accept an entry for a bulb with no identifying marks I thought i'd put something here incase its of use to anyone.

Reliability: I have at this point had 10 of these bulbs running for about a week, one of them has just died.

TL;DR

The pinout and device string for this light:

• GPIO4 Cold White PWM 4

probonopd

Think twice before abandoning Xorg. Wayland breaks everything!

Hence, if you are interested in existing applications to "just work" without the need for adjustments, then you may be better off avoiding Wayland.

Wayland solves no issues I have but breaks almost everything I need. Even the most basic, most simple things (like xkill) - in this case with no obvious replacement. And usually it stays broken, because the Wayland folks mostly seem to care about Automotive, Gnome, maybe KDE - and alienating everyone else (e.g., people using just an X11 window manager or something like GNUstep) in the process.

Wayland proponents make it seem like Wayland is "the successor" of Xorg, when in fact it is not. It is merely an incompatible alternative, and not even one that has (nor wants to have) feature parity (missing features). And unlike X11 (the X Window System), Wayland protocol designers actively avoid the concept of "windows" (making up incompr

egore

#include <SDL2/SDL.h>
#include <cstdio>
#include <list>
#include <signal.h>

std::list<std::pair<SDL_Joystick*, SDL_Haptic*>> joysticks;

void shutdown_joysticks() {
    SDL_Log("Closing joysticks");
    for (std::pair<SDL_Joystick*, SDL_Haptic*> joystick : joysticks) {

MaxXor

Encrypted Btrfs storage setup and maintenance guide

Initial setup with LUKS/dm-crypt

This exemplary initial setup uses two devices /dev/sdb and /dev/sdc but can be applied to any amount of devices by following the steps with additional devices.

Create keyfile:

dd bs=64 count=1 if=/dev/urandom of=/etc/cryptkey iflag=fullblock
chmod 600 /etc/cryptkey