Change default svg color

Again at ${DAYWORK} I was working on a network diagram, and found this incredibly useful website that regroups thousands of svg icons for all the major brands. I use draw.io to create my diagrams, and whereas they have a tutorial on how to modify an svg color (fill property) within draw.io, it would not work as shown. I figured out there was a very simple method to specify an svg file default color: edit the file, and add fill="white" (or any color code like #fafafa).

HTTP flood drop with nginx

The other day at ${DAYWORK} we got hit by a simple yet efficient DDoS attack, basically, there were lots of regular HTTP queries with a specific query parameter but using either GET, POST or HEAD methods: www.customer.com:443:80 174.76.48.233 - - [19/Mar/2020:17:26:11 +0000] "POST /?=Best_HTTP_Flooder_For_FREE_by_PassDDoS&9716 HTTP/1.0" 200 62861 "http://validator.w3.org/feed/check.cgi?url=https://www.customer.com" Fortunately, the parameter was always the same, and as we use an nginx reverse proxy farm in front of our customer’s websites, we could deploy this simple trick in order to get rid of the attack:

Migrating from Hexo to Hugo

Brand new iMil.net! I’ve wanted to switch from hexo to hugo for quite a long time for various reasons, one of them being I love golang and, well, let’s just say I don’t like javascript / node much. Also, hugo documentation is pretty well done, its author is a well known figure in the golang community, and last but not least, I find the overall workflow more simple and consistent.

Let's Encrypt certificates using LEGO

This post is more like a self-reminder on how I setup automatic SSL/TLS certificate renewal on my servers. I chose LEGO to handle my certificates renewal with Let’s Encrypt because it’s simple to use, has no dependency, great documentation and is worked on at a constant pace. I found this and this articles very useful, but they are outdated in their use of the tls and http parameters. So here are my notes.

Revive an old Neufbox 6 with OpenWrt

While this article might only have interest for french people, you might want to get yourself an inexpensive Neufbox 6 on eBay or the like to play with it, thus the english language. When I lived in France, my last Internet provider was SFR, it was (and still is) a fiber provider, and you got connected thanks to a box called the “Neufbox”. There were a couple of versions of this box that was pretty hackable and the provider was cool with it, you could even flash it with “opened” versions of their firmware, a modified OpenWrt.

Monitor network health with somebar

I knew about a MacOS task bar plugin called Anybar, which basically draws an icon on the task bar to which you can send behaviors with a simple nc command. Naturally, someone cloned it for our beloved Free Unices environments, and it’s called somebar. I am sometimes in places with weak network, and I like to see at a glance how is my connection doing, somebar seemed the perfect tool for the task.

Is LevelDB 2 times faster than BadgerDB? (Update: No)

Update (2020/05/21) the method used in this post is totally sub-performant, and I finally found out about LevelDB‘s and Badger‘s batch methods, which make writes considerably faster, I’ll probably write another note about this. And by the way, I found Badger to be much faster at writing batches than LevelDB. Actual post I’m working on a plugin for Goxplorer that will create a database of all Bitcoin addresses present in its blockchain.

FreeBSD networking issues: TCP offloading and checksum

In the past month, it’s the second time I’m being bitten by FreeBSD in the networking field. First time with my own gateway, I had this weird behaviour where machines on a different VLAN than the main one would use the Internet at full speed but would struggle to make any transfer from the main VLAN. Turns out this was a tcp segmentation offload issue, which seems to cause so much problems it is disabled by default in some appliances.

Gitlab CI caching for Go projects

The reference documentation when it comes to couple golang and continuous integration in Gitlab is this one, it’s well put, easy to read and pretty accurate. Except for the caching part, or at least nowadays with go modules. This is what happens when a commit is pushed with the .gitlab-ci.yml given as an example in that document: 131 Creating cache default... 132 WARNING: /apt-cache: no matching files 133 WARNING: /go/src/github.com: no matching files 134 WARNING: /go/src/gitlab.

Understanding golang channel range... again

In a previous article, I tried to explain my understanding of go channels interaction with ranges. Turns out my explanation was probably not clear enough because here I am, nearly a year after, struggling to achieve pretty much the same exercise. So here we go again, on a good old trial and error fashion progress. The goal here is to retrieve channel messages that are pushed from go routines created in a for loop.