diff --git a/Justfile b/Justfile index 94ece8d..2167372 100644 --- a/Justfile +++ b/Justfile @@ -1,2 +1,2 @@ serve: - hugo serve --buildDrafts + hugo serve --bind 0.0.0.0 --buildDrafts diff --git a/assets/sass/_content.scss b/assets/sass/_content.scss index 465ce8c..3e17add 100644 --- a/assets/sass/_content.scss +++ b/assets/sass/_content.scss @@ -31,6 +31,8 @@ header { } footer { + margin: auto 12px; + margin-top: 24px; margin-bottom: 40px; text-align: center; @@ -69,7 +71,21 @@ blockquote { } .postlisting-row td { - padding-bottom: 12px; + padding-bottom: 20px; + + .title { + font-size: 1.5em; + } + + .summary { + padding-top: 4px; + font-size: 0.8em; + color: $smaller-text-color; + + p { + display: inline; + } + } } #content { diff --git a/assets/sass/main.scss b/assets/sass/main.scss index 49db4dc..c0e23a9 100644 --- a/assets/sass/main.scss +++ b/assets/sass/main.scss @@ -8,7 +8,8 @@ $monofont: "Roboto Mono", "Roboto Mono for Powerline", "Inconsolata", "Consolas" @media (prefers-color-scheme: light) { $background-color: white; $text-color: #15202B; - $small-text-color: lighten($text-color, 15%); + $small-text-color: lighten($text-color, 10%); + $smaller-text-color: lighten($text-color, 18%); $link-color: royalblue; @import "content"; } @@ -16,7 +17,8 @@ $monofont: "Roboto Mono", "Roboto Mono for Powerline", "Inconsolata", "Consolas" @media (prefers-color-scheme: dark) { $background-color: #15202B; $text-color: #D4D4D4; - $small-text-color: darken($text-color, 15%); + $small-text-color: darken($text-color, 10%); + $smaller-text-color: darken($text-color, 18%); $link-color: lightskyblue; @import "content"; } diff --git a/content/posts/2018-02-01-my-new-life-stack.md b/content/posts/2018-02-01-my-new-life-stack.md index a7cd85b..0f43239 100644 --- a/content/posts/2018-02-01-my-new-life-stack.md +++ b/content/posts/2018-02-01-my-new-life-stack.md @@ -4,7 +4,7 @@ date = 2018-02-01 tags = ["arch", "linux", "setup", "computers"] +++ -This is my first post on my new blog! I used to put a CTF challenge writeup here but decided to change it up a bit. Recently, I've been changing a lot of the technology that I use day to day. Here's some of the changes that I've made! +This is my first post on my new blog! I used to put a CTF challenge writeup here but decided to change it up a bit. Recently, I've been changing a lot of the technology that I use day to day. Here's some of the changes that I've made! ## Operating System diff --git a/content/posts/2018-02-25-cleaning-up-your-shell.md b/content/posts/2018-02-25-cleaning-up-your-shell.md index 8905c29..8c480ab 100644 --- a/content/posts/2018-02-25-cleaning-up-your-shell.md +++ b/content/posts/2018-02-25-cleaning-up-your-shell.md @@ -5,7 +5,7 @@ tags = ["computers", "linux", "terminal"] languages = ["bash"] +++ -Is your shell loading slower than it used to? Maybe you've been sticking a bit more into your `.bashrc`/`.zshrc` than you thought. +Is your shell loading slower than it used to? Maybe you've been sticking a bit more into your `.bashrc`/`.zshrc` than you thought. It's only been a couple weeks since I installed my computer, and already my shell has been starting to lag. Since there's not that much I've put into my `.zshrc` file, I knew who the main culprits were. Namely, oh-my-zsh's "git" plugin and the nvm (node version manager) trying to load itself on startup. I'm not exactly in a situation where I need nvm most of the time I open my shell, so getting rid of that made my shell load a lot faster. It also means that every time I want to use node or npm, I'd have to manually call nvm, but that's not as important to me as a faster shell load time, especially since I don't really touch node that much. diff --git a/content/posts/2018-05-28-web-apps.md b/content/posts/2018-05-28-web-apps.md index 932afb2..3b01230 100644 --- a/content/posts/2018-05-28-web-apps.md +++ b/content/posts/2018-05-28-web-apps.md @@ -5,7 +5,7 @@ tags = ["computers", "web", "rant", "things-that-are-bad"] languages = ["javascript"] +++ -The other day, I just turned off JavaScript from my browser. "fucking neckbeard", "you'll turn it back in 2 weeks", "living without JavaScript is like living without electricity" were some of the responses I got. And they might be right. But let's see why things are the way they are and what we can do about it. +The other day, I just turned off JavaScript from my browser. "fucking neckbeard", "you'll turn it back in 2 weeks", "living without JavaScript is like living without electricity" were some of the responses I got. And they might be right. But let's see why things are the way they are and what we can do about it. ## what is the purpose of the web? diff --git a/content/posts/2018-10-26-twenty-years-of-rsa-attacks.md b/content/posts/2018-10-26-twenty-years-of-rsa-attacks.md index 4e5c352..de7106a 100644 --- a/content/posts/2018-10-26-twenty-years-of-rsa-attacks.md +++ b/content/posts/2018-10-26-twenty-years-of-rsa-attacks.md @@ -6,13 +6,13 @@ tags = ["crypto"] languages = ["python"] +++ -## 1. introduction +There's [a great paper][1] I found by Dan Boneh from 1998 highlighting the weaknesses of the RSA cryptosystem. I found this paper to be a particularly enlightening read (and interestingly enough, it's been 20 years since that paper!), so here I'm going to reiterate some of the attacks described in the paper, but using examples with numbers in them. -There's [this great paper][1] by Dan Boneh from 1998 about the RSA cryptosystem and its weaknesses. I found this paper to be a particularly interesting read (and interestingly enough, it's been 20 years since that paper!), so here I'm going to reiterate some of the attacks described in the paper, but using examples with numbers in them. (Also please excuse the lack of proper formatting, I've yet to figure out how to get Gutenberg to accept Latex) +(Also please excuse the lack of proper formatting, I've yet to figure out how to get Gutenberg to accept Latex) That being said, I _am_ going to skip over the primer of how the RSA cryptosystem works, since there's already a great number of resources on how to do that. -### 1.1 factoring large integers +### factoring large integers Obviously this is a pretty bruteforce-ish way to crack the cryptosystem, and probably won't work in time for you to see the result, but can still be considered an attack vector. This trick works by just factoring the modulus, N. With N, finding the private exponent d from the public exponent e is a piece of cake. @@ -44,11 +44,11 @@ Now all that's left is to discover the private exponent and solve for the origin And that's it! Now let's look at some more sophisticated attacks... -## 2. elementary attacks +## elementary attacks These attacks are related to the _misuse_ of the RSA system. (if you can't tell, I'm mirroring the document structure of the original paper) -### 2.1 common modulus +### common modulus My cryptography professor gave this example as well. Suppose there was a setup in which the modulus was reused, maybe for convenience (although I suppose with libraries today, it'd actually be more _inconvenient_ to reuse the key). Key pairs would be issued to different users and they would share public keys with each other and keep private keys to themselves. @@ -114,7 +114,7 @@ True We've successfully recovered `p` and `q` from just `N`, `e`, and `d`! -### 2.2 blinding +### blinding This attack is actually about RSA _signatures_ (which uses the opposite keys as encryption: private for signing and public for verifying), and shows how you can compute the signature of a message M using the signature of a derived message M'. diff --git a/content/posts/2019-02-01-magic-forms-with-proc-macros.md b/content/posts/2019-02-01-magic-forms-with-proc-macros.md index d101437..2c6cd02 100644 --- a/content/posts/2019-02-01-magic-forms-with-proc-macros.md +++ b/content/posts/2019-02-01-magic-forms-with-proc-macros.md @@ -5,7 +5,9 @@ tags = ["computers", "web"] languages = ["rust"] +++ -Procedural macros (proc macros for short) in Rust are incredible because they allow pre-compile source transformation. Many of the greatest abstractions in Rust take advantage of this feature. For example, you can +Procedural macros (proc macros for short) in Rust are incredible because they allow arbitrary pre-compile source transformation, which leads to endless possibilities (and hazards!). But if we take careful advantage of this feature, we can use it to make clean abstractions for messy boilerplate, especially in the case of web forms. + +In fact, proc macros are incredibly pervasive around Rust's ecosystem. For example, using the [`serde`][1] serialization/deserialization crate, you can simply write: ```rs #[derive(Serialize)] @@ -14,6 +16,8 @@ struct Foo { } ``` +and code will be generated to serialize and deserialize to a multitude of formats including JSON, YAML, CBOR, etc. + It occurred to me that this feature can also be useful for generating code for rendering and validating forms (as in a place where you fill out info). **wtforms** is one of the nicest Python packages for handling form behavior in web applications, and with the power of proc macros, this functionality can be easily achieved in Rust as well. In this post I'm going to outline some of the ideas I have for a wtforms-ish library for handling forms in Rust. @@ -82,3 +86,5 @@ then calling something like `instance.verify()` should run all those validators ## conclusion This project is a work in progress! You can see how far I am [on Github](https://github.com/iptq/wtforms). + +[1]: https://docs.rs/serde diff --git a/content/posts/2019-03-04-server-analogy.md b/content/posts/2019-03-04-server-analogy.md index 7d848df..5559c09 100644 --- a/content/posts/2019-03-04-server-analogy.md +++ b/content/posts/2019-03-04-server-analogy.md @@ -4,7 +4,7 @@ date = 2019-03-04 tags = ["computers"] +++ -This is just something stupid I thought of recently, but decided to write about it anyway. +This is just a stupid analogy I thought of recently, but decided to write about it anyway. If you think about it, a server waiting for clients is kind of like the host at the front of a restaurant leading guests to tables. They don't actually take orders or serve food, they just stand at the front and wait for new guests to arrive. Then there's another waiter that's specifically assigned to take that table's orders. diff --git a/content/posts/2021-06-17-tracking-links.md b/content/posts/2021-06-17-tracking-links.md index 30005da..72a4633 100644 --- a/content/posts/2021-06-17-tracking-links.md +++ b/content/posts/2021-06-17-tracking-links.md @@ -6,9 +6,9 @@ tags = ["email", "rant", "computers", "things-that-are-bad", "privacy"] You probably get emails every day, and spend a lot of time reading them. And whenever someone performs an action or does something in vast quantities, you -_bet_ the data people have figured out a way to capitalize on it. For many +_bet_ the data giants have figured out a way to capitalize on it. For many years consumer privacy has basically gone unnoticed, and invasive tracking has -grown [viral][1]. +grown [viral][1]. Arguably, if you are someone who runs a business off of writing periodic newsletters that are distributed via email, you might want some statistics on diff --git a/content/posts/2021-07-05-https-request-from-scratch.md b/content/posts/2021-07-05-https-request-from-scratch.md index 2447da6..fe722ee 100644 --- a/content/posts/2021-07-05-https-request-from-scratch.md +++ b/content/posts/2021-07-05-https-request-from-scratch.md @@ -9,7 +9,7 @@ languages = ["python"] The web is [so complicated][4] these days, I began wondering exactly how big of a feat it would be to formally verify everything. At this point I realized all I knew about web protocols were from fiddling around with HTTP 1.0 requests from doing CTFs in the past. You'd pop open a socket to wherever you wanted, stick `GET` and then whatever path you wanted, and then add a version number at the end. -The modern web's changed significantly since those days, so I thought it would be an interesting undertaking to see exactly how much it would take to send an HTTPS request from scratch, just like what the browser does, using as little as I can. +The modern web's changed significantly since 1.0, so I thought it would be an interesting undertaking to see exactly how much it would take to send an HTTPS request from scratch, just like what the browser does, using as little as I can. > **Disclaimer:** Don't use this code for any real software. diff --git a/layouts/_default/baseof.html b/layouts/_default/baseof.html index 876b246..fd2d5eb 100644 --- a/layouts/_default/baseof.html +++ b/layouts/_default/baseof.html @@ -6,7 +6,7 @@ michael's blog {{ $style := resources.Get "sass/main.scss" | resources.ToCSS }} - + @@ -32,11 +32,11 @@ diff --git a/layouts/generic/single.html b/layouts/generic/single.html index 50cb9b5..518d438 100644 --- a/layouts/generic/single.html +++ b/layouts/generic/single.html @@ -1,7 +1,5 @@ {{- define "content" -}} -hellosu - {{ .Content }} {{- end -}} diff --git a/layouts/partials/post-list.html b/layouts/partials/post-list.html index 45a1fe4..25b9081 100644 --- a/layouts/partials/post-list.html +++ b/layouts/partials/post-list.html @@ -2,7 +2,7 @@ {{- range .Pages -}} - + {{ .Title }}
@@ -13,6 +13,14 @@ on {{ partial "rel-date" .Date }} + +
+
+ {{ .Summary }} + {{ if .Truncated }} + read more » + {{ end }} +
{{- end -}} diff --git a/todo.txt b/todo.txt new file mode 100644 index 0000000..3076020 --- /dev/null +++ b/todo.txt @@ -0,0 +1 @@ +- Investigate why GitInfo (AbbreviatedHash) doesn't work in taxonomy list