SHIM Security Improvements

The other day I noticed that SHIM was vulnerable to CSRF attacks, so I decided to fix that. To do this I used nosurf. It ended up being pretty simple: just plug in nosurf as middleware for your requests, and then plug the token values in a hidden <input> element somewhere inside your <form>. While implementing this, I also saw that SHIM’s Delete Post page had a security vulnerability: it didn’t follow the HTTP specification.

Magnetic Stripe Reader Teardown

In April, I started reverse engineering the MSR605X magnetic stripe reader. Progress has basically paused at this point as I handle other affairs, but I figured that I may as well document what I have learned so far. My code for this little project is on Gitlab. This post won’t describe how magstripe readers work. If you’re interested, Major Malfunction gave an excellent in-depth talk on the subject. For this post, we only need to know that chip on the magstripe reader measures some stuff and sends us some bytes via USB.

A Blog... with Comments!

As Jeff Atwood says, a blog without comments is not a blog. That means that today is the day that my blog becomes an actual blog! Comments have always been an issue on this site, since I run it using a static site generator with a pretty UI on top. Thus, my site has been just plain files - and it’s been pretty darn fast. But how can a static website have dynamic comments?

An Update on SHIM & My Other Projects

I’ve started working on my open source stuff again, and it’s exactly as fun as I remembered it! I’m now developing code on Gitlab instead of Github, because of the recent acquisition of the latter. Despite Microsoft’s recent efforts to be more friendly to the libre software community, their actions are still detrimental. Patents, DRM, and vendor lock-in are terrible for the end-user’s freedom. Thus, I am taking a principled stance and moving my personal projects to Gitlab.


SHIM is a web-based front-end for Hugo. It combines the ease-of-use for dyamic site platforms with Hugo’s raw speed. Repo: Description: Hugo-based CMS License: AGPL 3.0 or later Description I started writing SHIM when Ghost became too fat and slow for my website. I loved how easy it was to use, but it was so damn slow! Because of that, I decided to make my own blogging platform with blackjack and strippers too speed as the top priority.

Rice, Rice, Baby

I promised an update on my (Thinkpad X200) laptop upgrade, so here it is. Hardware I swapped out the old miniscule 120 GB (!!!) hard drive with a new and shiny 1 TB drive. Moreover, I went and upgraded the ram in the laptop from a single PC3-10600 4GB board to two 4 GB PC-8500 boards. I also went ahead and replaced my delapidated keyboard (where the Super and / keys were broken) with a new keyboard.

A Brief Update

Woah? A blog post? There hasn’t been one of these in nearly two years! What does it mean? It means I’m back to writing. I’ve simply got too much on my mind to be quiet. Expect some content to come out in the next few weeks (and months). Reverse Engineering Over the past two years I’ve done of a lot of stuff. But I’ll post whatever I legally can on the internet.

Snaps vs Flatpaks in 2016

In case you didn’t know, Snaps and Flatpaks are touted as the new universal application packaging formats for Linux. This post is a simple overview of my thoughts on each. Snap Currently, Canonical is pushing Snaps as the new packaging format. Snappy, the package manager is written in Python and Go. Currently, the package manager is licensed GPLv3. For snaps, interfaces look good. It reminds me of OSGi and Android’s old sandboxing system.

We Dogfood Now

For a while, I ran this blog using Ghost. Ghost is a great blogging platform, with a great theme and developer ecosystem. I cannot laud the Ghost team enough for how well-designed the UI is (IMHO). My only issue with Ghost is how badly it hogs resources (due to the fact that it’s written in a dynamic, interpreted language). Node.js used a ton of memory on my itty-bitty VPS, and it’s sometimes it’s slow and apt to crash.

A New Blogging Architecture

As of the time of this post, I am hosting this blog using Ghost. My only issues are that Ghost takes up a lot of memory (52 MB) on my VPS and page loads are slightly sluggish. In the search of a better platform, I realized that there’s still room for improvement in the blogging atmosphere. First, some background knowledge: A Tale of Two Systems As it stands, there are two existing ways that web blogs work.