bestov.io

a tech bläg

Inspecting COM+ components from PowerShell

As part of the datacenter-wide visibility upgrade I’m working on for a customer, I’m setting up monitoring one of their legacy network applications. This application has no logging support whatsoever, and upgrade path available: the original developers have published a new version 10+ years ago, and have no interest for supporting it apart from (sometimes) replying to support tickets. Thus, to set up at least some basic metrics, the solution I came up with is to monitor the COM+ components that work together to make it up...

A security post-mortem & the (shamefully) flimsy security of Meta, Inc.

Andrea has a small content creation business. They’re what the youngsters call an influencer, and as such, among their equity, they possess very valuable social accounts with a valuable follower count. A few days ago, one of those accounts was hacked, using a classic vector: a stolen password, either leaked or phished, combined with 2FA phishing. This article is a post-mortem (and in a way a post-vitae), showing what we did to recover access to the account, and to secure it...

Measuring a KY-040 rotary encoder

I’m doing a project, a very simple one: it’s a sous vide cooker. The details don’t matter, as in this article we are going to focus on a single component: the KY-040 rotary encoder. If you are here, you have most likely just bought a KY-040 clone from China, and are looking into how to hook it up to your Arduino. This is a bit of a deviation from the usual highly technical and specific content of this blog, but there’s a good reason for it: I spent 15 minutes googling about this, and all I got was some generic copy-pasted (often clearly stolen) code that mostly - albeit very inefficiently - worked...

All you need to know about KBD keyboard files (and nothing more)

It’s been a few years now since I switched to Wayland. I use Sway, a compositor based on wlroots, and apart from the sporadic broken Wayland application (easy fix: force XWayland) and Java application (easy fix: set _JAVA_AWT_WM_NONREPARENTING=1), it’s mostly been great times. I have also been a long time user of UK International Keyboard, and that is the layout I know by heart and use on all physical keyboards. This layout builds upon the standard UK keyboard to enable you to type ṽårìóǘş kïņḑş õf åçĉëñţş äņḑ şẙḿbôĺş not found on the keyboard itself...

Using WireGuard as the network for a Docker container

Docker is a container engine for the Linux operating system. It leverages two Linux kernel functionalities, chroot jails (or, nowadays, the pivot_root system call, but the details don’t really matter here) and namespaces, to create containers, or isolated environments where you can run processes separately from your host system. This has roughly the same advantages of virtualization: isolation (not), portability, separation of concerns, reproducibility. These are all good things for a lot of applications, including CI, orchestration, resilient setups, etc...

Hacking a tap water purifier

A few months ago, my father bought himself a water purifier. It’s a quite convenient and eco-friendly device which filters tap water, and optionally cools it and carbonates it, eliminating the need of buying bottled water entirely. The company that sold it to him also sold him a stand-alone faucet, as a replacement for his old one. This new piece of hardware is actually two devices in one: it has pipes for cold and hot water, like a standard mixer faucet, and also an additional pipe with no valve, directly connected to the water purifier...

Streaming video with commodity links, part 2: let's (try to) do it (and fail)

In the previous installment of the series, we analyzed the problem of near-istantaneous Internet connection failover without breaking existing connections for live video streaming. The solution we devised consists in setting up L2 GRE tunnels to a fixed gateway with a very reliable internet connection (think a dedicated machine in a datacenter), and using the Linux Bonding Driver’s link monitoring functionality to manage the failover for us. Now we are going to try and make it work...

Streaming video with commodity links, part 1: analysis

Last week, a friend of mine posed the interesting problem he was facing at the company he’s working at of streaming video reliably from multiple commodity Internet connections. Since this is my kind of thing, I decided to give it a go. After discussing the problem a bit, we came up with the following requirements: It should be implemented at the network level, to work with any streaming software and/or device It should provide near-instantaneous (or even no-interruption) failover to allow for seamless live streaming It should be portable (i...

Don't try to outsmart the universe

Today I migrated an IPsec (with IKEv1) site-to-site setup from a pfSense machine to a Debian machine. Since the pfSense machine was still the Internet gateway for the network, IKE and ESP packets still had to go through it. Now, I recalled something about firewalls not playing too nice with IPsec, so I researched a bit, and I concluded I needed some very specific SNAT rules. (I also realized that IPsec was not really meant for what we’re using it for, but over the course of many years enough functionality was kludged together RFCs were written to make it work and industry has adopted it quite widely...

ZigBee 3.0 Part 1: getting started with CC2530

ZigBee is a stack of protocols intended to enable IoT devices to efforlessly form mesh networks and communicate with one another wirelessly. I’ve been fascinated with the ZigBee platform for a long time now, but I had always been put off by how corporate-y the technology looked like (and boy, I was right). A couple years ago I decided to buy a few cheap CC2530 boards off AliExpress. The CC2530 is a SoC by Texas Instruments containing an 8051 clone as the main processor, with RAM (128K or 256K) and Flash, and the PHY for IEEE 802...