Tor Relay

I’m a huge fan of both privacy and cool technology, so it goes without saying that I’m also a huge fan of the Tor Project. Tor is free and open-source software for enabling anonymous communication. The name is derived from an acronym for the original software project name “The Onion Router”. Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. [Read More]
tor 

Blog with Hugo, Gitlab CD, and Caddy

This post is an overview on how I setup this site (built using Hugo) to be automatically deployed to my Caddy server using Gitlab’s continuous deployment. I routinely swap between fancy blogging tools like Ghost and Wordpress as well as static site generation tools like Jekyll and Hugo far more often than I should. I keep coming back to static site generation for several reasons: Server footprint - It’s easy to host static files. [Read More]
server 

Wireguard Access Server

For years, I’ve relied on SSH as the gateway into my LAN from the outside world. I figure that, as far as services I could place on “the front-line” go, it’s pretty solid. It sure beats publicly exposed RDP right?! My usual setup is to configure Linux and OpenSSH Server on a Separate VM or RaspberryPi, and forward inbound SSH requests to that machine. I prohibit password-based logins in /etc/ssh/sshd_config and also install and configure DuoSecurity’s PAM module as an additional layer when logging in from the outside world over SSH. [Read More]

NGINX Semi-private Site

We used to run a development blog for work. We wanted:

  1. To use NGINX to host this content. It was all static pages.
  2. To limit access to people within our network, or to employees while outside the network (phones, laptops, etc.).
  3. We didn’t want to deal with user accounts, active directory, etc.
  4. We wanted super low friction for users.
[Read More]
server 

GPG/SSH with the YubiKey 5

Yubico just announced the new YubiKey 5 and of course I needed to buy one! This gave me a great opportunity to update my somewhat popular GPG/SSH with YubiKey guide. The YubiKey 5 includes support for: Universal Second Factor (U2F) - FIDO & FIDO 2! (nothing uses FIDO 2 but I had to have it ;) CCID Smart Card: RSA (and now ECC) / OpenPGP NFC (starting to be supported by some iOS apps) This guide walks through: [Read More]

Deploying Ghost with Docker & NGINX

It seemed like a good idea to try something new with this website. I settled on running the fancy blogging software Ghost because it looked pretty, has a wonderful editing experience (with markdown support), and (most importantly) I’d never used it before.

[Read More]
server 

Kub Kar Timer

My boys are in Boy Scouts and the annual Kub Kar races are a fun part of the program. Our group has a couple older wooden tracks and I wanted to add a timer mechanism to them that would time and rank each car for each race. I decided to build this based on the Arduino platform because I’m at least somewhat familiar with it. Update 2016-02-21 - We had our first rally using this contraption and it worked flawlessly. [Read More]