index.json

[{"content":"This is my web of adventures\n","date":"28 February 2026","externalUrl":null,"permalink":"/","section":"","summary":"","title":"","type":"page"},{"content":" Wallpaper by @RennerBricks Check out their YouTube channel\nCongrats on getting your new Bigme B7 - I\u0026rsquo;ve had mine for about 3 months now and it\u0026rsquo;s been quite solid. Compared with my previous tablet (an Onyx Boox Nova Pro), the screen isn\u0026rsquo;t quite as crisp, however gaining colour, a newer version of Android and now root access is a bigger improvement. That plus (optional) cellular - If I wanted to use it as a travel hotspot is pretty neat to have. If you\u0026rsquo;re yet to purchase one, for reference I paid about $320 AUD shipped in Jan 2026 from Aliexpress. At this price it is decent value, however I wouldn\u0026rsquo;t have purchased it if it was much more than this.\nThis article is more of a record of what I did to my Bigme B7 to gain root access in early 2026 - things may change by the time you\u0026rsquo;re reading this article, and it may be worth being cautious!\nA big Credit to @ekalaitzis on Github who provided a great writeup this was based on.\nImportant Note - Modifying your device carries the risk of bricking it. Proceed with caution and at your own risk.\nSteps # Due to some driver issues on both MacOS and Windows, I ended up loading Ubuntu as a live OS, which makes the steps below easy to reproduce, in a clean environment.\n1. Environment Setup # Live OS - Ubuntu Linux recommended (Live CD can be created with – balenaEtcher or Ventoy) Load a Live environment in \u0026ldquo;Try mode\u0026rdquo; on a x86 based machine (not apple silicon or Raspberry pi) and open a terminal to follow with the following commands. It should go without saying, only follow the below if you\u0026rsquo;re comfortable executing linux commands.\nsudo apt update \u0026amp;\u0026amp; sudo apt install python3 git libusb-1.0-0 python3-pip libfuse2 git clone https://github.com/bkerler/mtkclient cd mtkclient pip3 install -r requirements.txt pip3 install . install USB rules for Ubuntu # This step grants necessary permissions to access and communicate with USB devices (the Bigme B7).\nsudo usermod -a -G plugdev $USER sudo usermod -a -G dialout $USER sudo cp mtkclient/Setup/Linux/*.rules /etc/udev/rules.d sudo udevadm control -R sudo udevadm trigger 2. Extract boot files from B7 # The {location} is somewhere on your machine like . for the current directory or ~/Downloads for the Downloads folder. If you\u0026rsquo;re not familiar with how this works, it may be best to stop here and seek further assistance before proceeding.\nmtk.py will extract the boot files for patching in the next steps. If the file is 0KB or similar, something may have gone wrong.\npython3 mtk.py rl --skip userdata {location} Copy boot_a.bin and vbmeta_a.bin to a separate folder Rename them to original_boot_a.bin and original_vbmeta_a.bin to keep them distinct from what we\u0026rsquo;re working on To patch the original bin, I used this web version which ended up working well https://circlecashteam.github.io/MagiskPatcher/ – This site patches the device’s boot and vbmeta files – crucial for gaining root access. Upload your original_boot_a.bin and use the settings:\nKeep Verity: OFF\nKeep Force Encrypt: ON\nRecovery Mode: OFF\nPatch Vbmeta Flag: ON\nLegacy SAR Device: OFF If it\u0026rsquo;s successful, you\u0026rsquo;ll see a message like\nSuccess: Worker terminated. Success: Download starting...\nThen download and rename the file to patched_boot.img and move it the same folder.\nNext, patch the vbmeta\npython3 patch-vbmeta.py original_vbmeta_a.bin 3. Rooting Process # ⚠️ WARNING THIS STEP WILL ERASE YOUR DEVICE!\nWipe the device: python3 mtk.py e metadata,userdata,md_udc Always make sure there are no errors after the commands\nOEM Unlock command: python3 mtk.py da seccfg unlock Bootloader unlock: python3 mtk.py da vbmeta 3 Flash the patched boot images: python3 mtk.py w boot_a patched_boot.img python3 mtk.py w boot_b patched_boot.img Flash patched vbmeta: python3 mtk.py w vbmeta_a patched_vbmeta.bin python3 mtk.py w vbmeta_b patched_vbmeta.bin Finally, use this command to reboot: python3 mtk.py reset Your device will boot as if it\u0026rsquo;s the first time. Complete the initial setup process, install the Magisk APK, and verify root access works with a root checker app.\nRecovery Option # If something goes wrong, you can restore your backup with commands like:\npython3 mtk.py w boot_a {LocationYouSavedBackup}/boot_a.bin Some things to do with root access # Without saying, you should always be careful what you give root access on a machine. Make sure you trust the apps before installing.\nSecuring system, blocking unwanted behaviour # Root access can assist to give some added controls to your network settings when you do go online. Adaway is one example of an ad blocker that you can use to control network access to\nAppmanager is a great option too for \u0026lsquo;Freezing\u0026rsquo; apps from running, which can also improve battery life. In my case,\nInstalling apps with Obtanium # There are many flavours of app managers out there you can use in your new environment to install apps. Either directly via an APK, which you can send across with LocalSend or USB. I went with Obtanium, an app that downloads an open source app\u0026rsquo;s APK directly from Github. Other options can include the Aurora, F-Droid or the Play store.\nLeave a comment below if you need a hand or get stuck at any steps!\nAcknowledgement goes to @ekalaitzis on Github for testing on alternative Bigme devices first. Give them a star!\nFull list of links # Wallpaper on my B7 RennerBricks Github Repo with original instructions ekalaitzis/Rooting-Bigme-B751C mtkclient bkerler/mtkclient vbmeta disable verification: WessellUrdata/vbmeta-disable-verification Web Magisk Patcher Adaway Appmanager Obtanium Notes:\nI noticed at times it looked like the device wouldn\u0026rsquo;t boot, but holding the power button and waiting for the bigme \u0026lsquo;block animation\u0026rsquo; helped for it to power on.\nI\u0026rsquo;ll update this section if anyone reaches out with any comments. # ","date":"28 February 2026","externalUrl":null,"permalink":"/blog/rooting-bigme-b7/","section":"Blog posts","summary":"","title":"Rooting the Bigme B7","type":"blog"},{"content":"","date":"28 February 2026","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"","date":"28 February 2026","externalUrl":null,"permalink":"/tags/tech/","section":"Tags","summary":"","title":"Tech","type":"tags"},{"content":" Collection of data: # When visiting my blog adam.kostarelas.com, I aim to collect as little data as possible.\nTo understand what services you are interacting with, please see the following.\nDNS: Cloudflare\nCDN: Cloudflare\nHosting: GitHub\nAnalytics: Simple Analytics, served through a.adam.kostarelas.com\nComments: Giscus. Utilises GitHub Discussions\nI try to ensure any images are hosted on the blog and not linked to external platforms.\nAnalytics are for general use to understand popularity of topics on my blog. You can read more about my data and my quest to be as open as possible. Analytics are also open to the public.\nI include affiliate links for the following: # Simple Analytics Clicking these links helps sustain my blog to produce new content.\n","date":"11 October 2025","externalUrl":null,"permalink":"/privacy/","section":"Privacy","summary":"","title":"Privacy","type":"privacy"},{"content":"I strongly believe in making data open and transparent where possible. You can find my blog web statistics below for you to explore.\nLoading chart... (check that simplelogin isn't blocked in your adblocker if you want to see stats) Otherwise view Simplelogin directly\nReferral for simple analytics If you have any further questions, please reach out to any of my socials below.\nBadge icons in the footer are by Louie Mantia\n","date":"11 October 2025","externalUrl":null,"permalink":"/open/","section":"Transparency","summary":"","title":"Transparency","type":"open"},{"content":"","date":"11 October 2025","externalUrl":null,"permalink":"/tags/binary/","section":"Tags","summary":"","title":"Binary","type":"tags"},{"content":" Character Binary Character Binary A 01000001 a 01100001 B 01000010 b 01100010 C 01000011 c 01100011 D 01000100 d 01100100 E 01000101 e 01100101 F 01000110 f 01100110 G 01000111 g 01100111 H 01001000 h 01101000 I 01001001 i 01101001 J 01001010 j 01101010 K 01001011 k 01101011 L 01001100 l 01101100 M 01001101 m 01101101 N 01001110 n 01101110 O 01001111 o 01101111 P 01010000 p 01110000 Q 01010001 q 01110001 R 01010010 r 01110010 S 01010011 s 01110011 T 01010100 t 01110100 U 01010101 u 01110101 V 01010110 v 01110110 W 01010111 w 01110111 X 01011000 x 01111000 Y 01011001 y 01111001 Z 01011010 z 01111010 ","date":"11 October 2025","externalUrl":null,"permalink":"/resource/binary-alphabet/","section":"Resources","summary":"","title":"Binary alphabet","type":"resource"},{"content":" Conference takeaways # This was my first time heading interstate for a conference, and honestly it was an incredible experience! I’m grateful to VCOSS for their support in making this trip to BSides in Canberra possible.\nFirst impressions # Arriving on Thursday morning was a bit of a shock, as the venue was absolutely packed. I wasn\u0026rsquo;t expecting it to be as large of an event as it was was, especially considering the student price ticket of $75.\nI think BSides provides a safe space for the cyber community to grow. There are countless people that I met, including people from other universities, industry, government and some people who were quite open about the kind of work they do, to offer advice, share tips and people were striking up conversations. It felt like a welcoming space for anyone involved in cybersecurity, regardless of their background.\nFavourite talks # Whilst I spent most of the Saturday working on the CTF, I still managed to sneak out to see a few talks. There was a great variety of super technical, entertaining and approachable sessions. The ones most relevant to me where:\nBitsquatting dot gov.au domains – exploring network data bitflips in DNS traffic - Matt Belvedere # This talk felt like a guest lecture at uni. Seeing how concepts of networking were tested in a real-life scenario was very insightful. The display of binary bits in a domain, and learning about the attack scope of how all bits could be ‘flipped’ really drove home the potential for threats in unexpected ways. The theory was that solar flares could flip a bit from a 1 to a 0, and aligned it with the traffic from a random .au domain.\nFor example the binary for .gor.au is:\n00101110 01100111 01101111 01110010 00101110 01100001 01110101\nWhere as .gov.au is:\n00101110 01100111 01101111 01110110 00101110 01100001 01110101\\\nCan you see the difference? I\u0026rsquo;ve added a resource if you wanted to lookup the alternate options yourself.\nIts surprising that auDA allowed these domains to be registered.. Then again when you register a domain, technically your business details are linked to it\u0026hellip; The example given is what if someone registered a dubious domain under your business name, then got your main domain banned and taken down? What would the downtime and impact be, and how can it be prevented?\nlet’s make malware but it might get caught so the malware gets worse ☣️ - \u0026ldquo;Alex\u0026rdquo; # This was a great and engaging talk. I think it was wise to not delve too deep into actual \u0026lsquo;malware\u0026rsquo;, but to stay high level. Revolving around the evasion part, it was informative to understand ways that threat actors could obfuscate their malware by encrypting the contents to evade detection. With the distribution of the malware, a non-existent user agent may be used to deliver a payload, but serve a normal file if anyone else inspects it, like the modern version of a secret knock but to infect a computer\u0026hellip;?\nWTF is a TLA? Come and play a fast round of Cyber Buzzword Bingo - Jeremy Keast # This was a fun talk, an overload of buzzwords to really drive home how obscene it can be at times. I didn\u0026rsquo;t catch the whole talk, and can definitely say quite a few of the acronyms went over my head.\nCTF # The CTF definitely had a vibe pumping. \u0026lsquo;Hacker music\u0026rsquo; (Copy of the playlist) and mood lighting.\nMy team, Phishing Season was participating in the event run by skateboarding dog. I found it quite challenging, as most of the questions required a decent amount of knowledge in an area even if they were marked \u0026rsquo;easy\u0026rsquo;. You can read my writeup about a challenge I was able to learn quite a bit from.\nWe spent the Saturday morning working together, breaking down challenges and learning that ChatGPT would only lead you down a rabbit hole, leaving you more puzzled than before you\u0026rsquo;d ask a question. It did help to form a prompt in a different way to try to understand different ways you could solve something, but ultimately it wasn\u0026rsquo;t helpful (at least in its current form in 2025).\nThere were a few fun challenges that required us to get up and try to solve how the \u0026lsquo;dogs were moving around the room\u0026rsquo;, to solve a couple crosswords and to find and identify the characters on the back of this bus. (yes the bus picture was that low resolution)\nThe challenge I wasn\u0026rsquo;t able to solve that I sunk a lot of time into was the \u0026ldquo;Speak with Animals\u0026rdquo;, which required either intense concentration, a great sense to lip read or the patience to map out each phonetic phrase spoken. (all of which I struggled with on such an action packed day.) A shout out to Junjie and Nick for being awesome team mates during the ctf and at the conference! #Monsec\nTrip photos # It\u0026rsquo;s been a while since I travelled. There were a few nice shot opportunities I couldn\u0026rsquo;t resist taking.\nTrip home # Bonus # The whole of Canberra felt alive with everyone from the conference. You could easily spot someone in stereo-typical clothing of \u0026lsquo;hoodie, black t-shirt, beard or glasses\u0026rsquo; on their way either to or from the convention centre. Whilst there were some side activities such as lockpicking and various vendors selling penetration testing tools, it felt oddly strange to see it in action at my hotel as I was checking out. I guess someone locked themselves out and wanted a challenge to get back in? Canberra as a city is also quite unique, but I wasn\u0026rsquo;t quite expecting to be able to take home a mug, egg holder, earring or bookmark all shaped as the bus stops.. Ultimately, BSides Canberra was about more than just acquiring knowledge; it was about connecting with like-minded people and learning more about the industry I’m working my way into. I\u0026rsquo;m already looking forward to sharing my experiences and continuing to learn from the community.\nDo you have any thoughts on the BSides conferences, or recommendations on what other events I should go to?\n","date":"11 October 2025","externalUrl":null,"permalink":"/blog/bsides-canberra-2025/","section":"Blog posts","summary":"","title":"My first trip to BSides Canberra","type":"blog"},{"content":"","date":"11 October 2025","externalUrl":null,"permalink":"/tags/resource/","section":"Tags","summary":"","title":"Resource","type":"tags"},{"content":"","date":"11 October 2025","externalUrl":null,"permalink":"/resource/","section":"Resources","summary":"","title":"Resources","type":"resource"},{"content":"","date":"3 October 2025","externalUrl":null,"permalink":"/projects/","section":"Projects","summary":"","title":"Projects","type":"projects"},{"content":" I\u0026rsquo;ve only done a handful of CTF challenges before and found that I\u0026rsquo;ve gravitated towards forensics, OSINT and some cryptography. This challenge was outside of my comfort zone, but I wanted to persist and try something new.\nIt\u0026rsquo;s fun when there\u0026rsquo;s a theme to a CTF, and skateboarding dog did an amazing job with the 2D pixelart and game.\nSkateboarding dog CTF writeup # Okay Buddy # There\u0026rsquo;s a flag in the tree, and Buddy is so close to help us grab it. When chatting to Buddy something seems wrong..\nThere are always 4 options to choose from and it\u0026rsquo;s not super obvious what replies are correct, with \u0026lsquo;Interesting, Right, Yeah and I see\u0026rsquo;.\nTime to inspect the code and try to find why we\u0026rsquo;re having such nice weather. The source code reveals that the correct sequence of responses will unlock the encrypted flag. Trying to brueforce it won\u0026rsquo;t work, as there are 4^30 possibilities.\nTwo important constants are defined:\nDATA is a huge base64 blob, which we can later use to XOR against a “state” buffer and ENCRYPTED_FLAG is the AES-GCM cipher text of the flag.\nEven though it looks like a silly conversation, the game is secretly adding digits for every response being 30 numbers long.\nThe game starts with a state that’s all zeroes and every time you make a choice, the game combines that block with the current state using XOR. After 30 moves if your state is all ones buddy gets the flag, if not you need to listen more closely..\nTo try and solve this, as we can\u0026rsquo;t do it easily with bruteforce, theres another way using math. understood this like sudoku, if a \u0026rsquo;number\u0026rsquo; doesn\u0026rsquo;t fit in a square, stop and try something else.\nSudoku ✍️ XOR Puzzle chatting with Buddy 🐶 Sudoku cell (to be filled) Buddy Yapping Candidate number (1–9) Response, I see etc. Sudoku rule check (row/col/box) XOR lock check Wrong number, erase \u0026amp; backtrack Response fails Number fits, continue Response passes You win the Sudoku puzzle Flag taken from the tree Sudoku Buddy Conversation Step 1: Start Step 1: Yap 1 . . . | . . . | . . . ├ . . . | . . . | . . . ├─ Interesting (1) → \u0026#34;You know, trees like that one...\u0026#34; ✅ Continue . . . | . . . | . . . ├─ Right (2) → \u0026#34;Oh okay then.\u0026#34; ❌ Prune ------+-------+------- ├─ Yeah (3) → \u0026#34;Hmm, not quite.\u0026#34; ❌ Prune . . . | . . . | . . . └─ I see (4) → \u0026#34;Wrong choice!\u0026#34; ❌ Prune . . . | . . . | . . . . . . | . . . | . . . ------+-------+------- . . . | . . . | . . . . . . | . . . | . . . . . . | . . . | . . . -------------------------------------------------------------- Step 2: Step 2: Yap 2 Place \u0026#34;5\u0026#34; in Cell (1,1) 5 . . | . . . | . . . ├─ Interesting (1) → \u0026#34;No, not helpful.\u0026#34; ❌ Prune . . . | . . . | . . . ├─ Right (2) → \u0026#34;Hmm, not quite.\u0026#34; ❌ Prune . . . | . . . | . . . ├─ Yeah (3) → \u0026#34;If your park has a bunch of lollipop trees...\u0026#34; ✅ Continue ------+-------+------- └─ I see (4) → \u0026#34;Wrong path!\u0026#34; ❌ Prune . . . | . . . | . . . . . . | . . . | . . . . . . | . . . | . . . ------+-------+------- . . . | . . . | . . . . . . | . . . | . . . . . . | . . . | . . . -------------------------------------------------------------- Step 3: Step 3: Yap 3 Place \u0026#34;3\u0026#34; in Cell (1,2) 5 3 . | . . . | . . . ├─ Interesting (1) → \u0026#34;Not quite.\u0026#34; ❌ Prune . . . | . . . | . . . ├─ Right (2) → \u0026#34;Wrong again.\u0026#34; ❌ Prune . . . | . . . | . . . ├─ Yeah (3) → \u0026#34;Trees like those are actually doing more harm...\u0026#34; ✅ Continue ------+-------+------- └─ I see (4) → \u0026#34;That’s not it.\u0026#34; ❌ Prune . . . | . . . | . . . . . . | . . . | . . . . . . | . . . | . . . ------+-------+------- . . . | . . . | . . . . . . | . . . | . . . . . . | . . . | . . . -------------------------------------------------------------- Step N: Completed Grid Step N: Yap Flag 5 3 4 | 6 7 8 | 9 1 2 ├─\u0026#34;Oh right, the flag in the tree. Let me grab that for you...\u0026#34; ✅ 6 7 2 | 1 9 5 | 3 4 8\t└─ skbdg{flag} 1 9 8 | 3 4 2 | 5 6 7 ------+-------+------- 8 5 9 | 7 6 1 | 4 2 3 4 2 6 | 8 5 3 | 7 9 1 7 1 3 | 9 2 4 | 8 5 6 ------+-------+------- 9 6 1 | 5 3 7 | 2 8 4 2 8 7 | 4 1 9 | 6 3 5 3 4 5 | 2 8 6 | 1 7 9 I used AI to help build a script to run the XOR and eventually decrypt the flag.\n(env) ➜ okay buddy python3 aisolver.py Loaded DATA: total bytes=3600, groups=30 Simulating known choices... SUCCESS: final state is all 0xFF (condition satisfied). Derived AES key (SHA-256 of choices string): 5ff0f7de257c5e9f327acbc77a227e9e45953855fa5cbf3c9f6fa247db4f03ab --- DECRYPTED FLAG --- skbdg{the_flag_was_stuck_in_the_linear_algebranch!} ---------------------- Python Script for your inspection\nBy writing a little script to explore the possibilities, we unlocked the secret responses that the game wants to get the flag.\nFlag found! # skbdg{the_flag_was_stuck_in_the_linear_algebranch!}\nThe script solves and decrypts the flag, but that\u0026rsquo;s no fun. We can also go through the options to see the satisfaction of Buddy giving us the flag too.. (for validation reasons) Technical info # Even though the puzzle looked like we had to find the right sequence based on how Buddy was feeling, it was really a math puzzle in disguise.\nXOR-based state machines are essentially linear algebra problems in disguise. When AES keys are derived directly from deterministic state (responses to buddy), reverse-engineering the selection logic allows us to reconstruct the exact key.\nCombining static analysis with scripting makes it possible to recover the flag without ever playing through the game.\nThe important function to know when chatting to Buddy is:\nhandleYapResponse(t, e) { this.choices.push(t); const i = 30 * (4 * e + t), n = DATA.subarray(i, i + 30); for (let r = 0; r \u0026lt; 30; r++) this.st[r] ^= n[r]; return this.st.every((t =\u0026gt; 255 == t)) } As this checks if your conversation choices are correct at each step.\nThe script simulates this.st starting at zero, and XORs the 30-byte block DATA.subarray(30*(4*g + choice) , 30*(4*g + choice)+30) for each group g (0..29). After XORing, the function checks if every byte in this.st equals 255.\nDATA = all candidate numbers and rules encoded.\nst = the current partially filled grid state.\nXOR step = checking your number fits all rules for that cell.\nevery == 255 = the grid is valid for now.\nSimilar to above, it solves like:\nInitial state: st = [0, 0, 0, ..., 0] (30 bytes) Step 1 (Yap choices): ├─ Interesting │ XOR DATA[0:30] → st updated │ st != all 255 -\u0026gt; pass ✅ Continue │ ├─ Right │ XOR DATA[1*30:1*30+30] → st updated │ st != all 255 -\u0026gt; fail ❌ Prune │ ├─ Yeah │ XOR DATA[2*30:2*30+30] → st updated │ st != all 255 -\u0026gt; fail ❌ Prune │ └─ I see XOR DATA[3*30:3*30+30] → st updated st != all 255 -\u0026gt; fail ❌ Prune This was a personal achievement to understand the problem and to solve it, and a bonus to be the first! Looking forward to participating again next year!\n","date":"28 September 2025","externalUrl":null,"permalink":"/blog/okay-buddy-2025/","section":"Blog posts","summary":"","title":"Okay Buddy skateboarding dog CTF writeup","type":"blog"},{"content":"Github has become popular over the years for a place where you can collaborate on open-source software, and download it too. This reputation can be abused to by bad actors, pretending that software is open source, when in reality they link to a compiled file, or to an external site.\nToday I spotted one such that came up high in search results for macos audio There were two separate results that came up, im\nIf you search directly for macos sound source or macos sound control, they rank highly.\nObviously, you\u0026rsquo;d want to always make sure you\u0026rsquo;re going to an official website to download software, however with namesquatting, seo farming and reputation abusing techniques, such bad actors have higher chances of malicious actions.\nA common trend is to encourage users to open terminal to download a shell script. Warning, never paste random commands into your terminal without knowing what it does! In this case, the url is also a URL encoded with base64 to make it less obvious you\u0026rsquo;re about to download install.sh\nthe shell script tries to download a malicious file called update, then deletes all extended attributes macos places on it with xattr -c update and makes it executable.\nluckily gatekeeper tried to prevent me even inspecting this file in a VM If you\u0026rsquo;re interested, the virustotal analysis is available to review.\nIt contains an interesting evasion tactic I haven\u0026rsquo;t seen before\nThe page users click on to download the file are also prompted to download a dmg which is just obfuscated to run another osascript to remove quarantine and run the stackprep\nGithub tactic # I\u0026rsquo;m not sure as to why this was done, but there were multiple accounts spawned to maybe aid in their evasion efforts? One organisation will point to a user account, which doesn\u0026rsquo;t commit anything, but another user account will upload files via browser.\nAll the accounts are using throwaway hotmail and outlook accounts.\nI\u0026rsquo;ve reported this to Github, who is aware of attacks like this, and have taken down a similarly named one which is still ranking highly in search.\nI wonder if their section on SEO actually helps them to rank..\nAlso another tidbit, their \u0026lsquo;demo video\u0026rsquo; shows a Parallels VM with user checkuser. Maybe there\u0026rsquo;s some kind of quality control to make sure users in a VM aren\u0026rsquo;t impacted. (sarcasm) I hope these are removed to keep Github a safe community.\nYou can contact me if you\u0026rsquo;d like more info\nTLDR; Github has now removed the bad actors but we still need to find a way to prevent bad actors from impersonating brands. Surely there is a way to screen against name squatting organisations?\n","date":"22 September 2025","externalUrl":null,"permalink":"/blog/github-macos-malware/","section":"Blog posts","summary":"","title":"Githubs reputation being exploited by bad actors to distribute malware","type":"blog"},{"content":"Quad single IP addresses - think 1.1.1.1, \u0026hellip; 8.8.8.8, 9.9.9.9 Who owns them, and what are they used for?\nAnyone who has tinkered around with DNS settings are familiar with a few like 1.1.1.1, 8.8.8.8 and 9.9.9.9 (Cloudflare, Google and Quad9). I\u0026rsquo;ll be including links and readouts of whois if you\u0026rsquo;re interested to find out more.\nIt is interesting to learn about IP addressing, and having recently completed FIT5037 at Monash, understanding BGP (Border Gateway Protocol) routing with ASN (Autonomous system numbers)\nSpoiler, if you try to visit any of the below IPs, Cloudflare is the only one that will provide a webpage at 1.1.1.1\n1.1.1.1 # IP Net: # 1.1.1.0/24 -\u0026gt; 1.1.1.0 - 1.1.1.255 Registered to APNIC # Run by CloudFlare as a DNS resolver\n╭────────────────────────╮ │ ASN lookup for 1.1.1.1 │ ╰────────────────────────╯ 1.1.1.1 ┌PTR one.one.one.one ├ASN 13335 (CLOUDFLARENET, US) ├RNK #78 TOP 100 AS ├ORG APNIC and Cloudflare DNS Resolver project ├NET 1.1.1.0/24 (APNIC-LABS) ├ABU helpdesk@apnic.net ├ROA ✓ VALID (1 ROA found) ├TYP Anycast IP Hosting/DC ├GEO Hamburg, Hamburg (DE) ├POR Open ports: 53, 80, 443, 2083, 2086, 2087, 8080, 8443, 8880 └REP ✓ KNOWN GOOD as \u0026#34;Cloudflare Public DNS\u0026#34; Ports that are open suggest 53 for DNS, 80 for HTTP, 443 for HTTPS, 2083 for radsec (Authorisation protocol),\nLinks:\nBGP.tools for 1.1.1.1 Wikipedia for 1.1.1.1 ipinfo for 1.1.1.1 reachability issues of 1.1.1.1 2.2.2.2 # IP Net: # 2.2.0.0/16 -\u0026gt; 2.2.0.0 - 2.15.255.255 Assigned to: Orange. # Assigned to a french telecom, Orange. Not used for any obvious public facing services.\n╭────────────────────────╮ │ ASN lookup for 2.2.2.2 │ ╰────────────────────────╯ 2.2.2.2 ┌PTR - ├ASN 3215 (France Telecom - Orange, FR) ├RNK #204 TOP 500 AS ├ORG AS3215 ├NET 2.2.0.0/16 (FR-TELECOM-20100712) ├ABU gestionip.ft@orange.com ├ROA ✓ VALID (1 ROA found) ├GEO San Jose, California (US) ├POR Open ports: 161 └REP ✓ NONE The port active on 2.2.2.2 suggests it could be SNMP (Simple Network Management Protocol) which typically is used to communicate logging and management information.\nBGP.tools for 2.2.2.2 ipinfo for 2.2.2.2 3.3.3.3 # IP Net: # 3.3.3.0/24 -\u0026gt; 3.3.3.0 - 3.3.3.255 Registered by Amazon. # Looks like the IP range is reserved and possibly used by AWS for EC2 instances. AWS is a subsidiary of Amazon. RPKI suggests it could be for US East cost AWS.\n╭────────────────────────╮ │ ASN lookup for 3.3.3.3 │ ╰────────────────────────╯ 3.3.3.3 ┌PTR - ├ASN 14618 (AMAZON-AES, US) ├RNK #7169 ├ORG Amazon Technologies Inc. ├NET 3.3.3.0/24 (AT-88-Z) ├ABU abuse@amazonaws.com ├ROA ✓ VALID (4 ROAs found) ├TYP Hosting/DC ├GEO Ashburn, Virginia (US) └REP ✓ NONE BGP.tools for 3.3.3.3 ipinfo for 3.3.3.3 4.4.4.4 # IP Net: # 4.0.0.0/9 -\u0026gt; 4.0.0.0 - 4.127.255.255 Registered to Level 3, which has rebranded to Lumen.\nThey are a communications provider. This is one of the largest ranges which includes a theoretical 8388606 hosts!\n4.4.4.4 doesn\u0026rsquo;t look like it is reserved for any public facing services from Lumen, but may be assigned to one of their clients.\n╭────────────────────────╮ │ ASN lookup for 4.4.4.4 │ ╰────────────────────────╯ 4.4.4.4 ┌PTR - ├ASN 3356 (LEVEL3, US) ├RNK #1 TOP 10 AS ├ORG Level 3 Parent, LLC ├NET 4.0.0.0/9 (LVLT-ORG-4-8) ├ABU abuse@level3.com ├ROA ✓ UNKNOWN (no ROAs found) ├TYP Proxy host ├GEO Honolulu, Hawaii (US) └REP ✓ NONE BGP.tools for 4.4.4.4 ipinfo for 4.4.4.4 5.5.5.5 # IP Net: # 5.4.0.0/14 -\u0026gt; 5.4.0.0 - 5.7.255.255 Allocated to Telefonica Germany, a German telecommunications provider.\nLooks like the 5.5.5.5 IP is reserved for private use, with no obvious public services.\n╭────────────────────────╮ │ ASN lookup for 5.5.5.5 │ ╰────────────────────────╯ 5.5.5.5 ┌PTR dynamic-005-005-005-005.5.5.pool.telefonica.de ├ASN 6805 (TDDE-ASN1, DE) ├RNK #1917 ├ORG TDDE-ASN1 ├NET 5.4.0.0/14 (DE-MEDIAWAYS-20120425) ├ABU abuse.de@telefonica.com ├ROA ✓ VALID (1 ROA found) ├GEO Frankfurt am Main, Hesse (DE) └REP ✓ NONE BGP.tools for 5.5.5.5 ipinfo for 5.5.5.5 6.6.6.6 # IP Net: # 6.0.0.0/8 -\u0026gt; 6.0.0.0 - 6.255.255.255 A Whois Result shows this as part of the US AISC.\nThere are no obvious public facing services for 6.6.6.6\n╭────────────────────────╮ │ ASN lookup for 6.6.6.6 │ ╰────────────────────────╯ 6.6.6.6 ┌PTR - ├ASN N/A (address not announced) ├ORG Headquarters, USAISC ├NET N/A (CONUS-YPG-NET) ├GEO Sierra Vista, Arizona (US) └REP ✓ NONE BGP.tools for 6.6.6.6 ipinfo for 6.6.6.6 7.7.7.7 # IP Net: # 7.0.0.0/8 -\u0026gt; 7.0.0.0 - 7.255.255.255 This range is part of the US DoD.\nThere are no obvious public facing services for 7.7.7.7\n╭────────────────────────╮ │ ASN lookup for 7.7.7.7 │ ╰────────────────────────╯ 7.7.7.7 ┌PTR - ├ASN 749 (DNIC-AS-00749, US) ├ORG DoD Network Information Center ├NET 7.7.7.0/24 (DISANET7) ├GEO Whitehall, Ohio (US) └REP ✓ NONE BGP.tools for 7.7.7.7 ipinfo for 7.7.7.7 8.8.8.8 # IP Net: # 8.8.8.0/24 -\u0026gt; 8.8.8.0 - 8.8.8.255 This range is allocated to Google by ARIN - Canada and USA. Google runs a public DNS resolver on 8.8.8.8\n╭────────────────────────╮ │ ASN lookup for 8.8.8.8 │ ╰────────────────────────╯ 8.8.8.8 ┌PTR dns.google ├ASN 15169 (GOOGLE, US) ├RNK #1818 ├ORG Google LLC ├NET 8.8.8.0/24 (GOGL) ├ABU network-abuse@google.com ├ROA ✓ VALID (1 ROA found) ├TYP Anycast IP DC Google LLC ├GEO London, Westminster (GB) ├POR Open ports: 53, 443 └REP ✓ KNOWN GOOD as \u0026#34;Google Public DNS\u0026#34; Interestingly the open ports are 53 for DNS and 443 which i\u0026rsquo;m assuming is for DoH but also resolves dns.google\nBGP.tools for 8.8.8.8 ipinfo for 8.8.8.8 9.9.9.9 # IP Net: # 9.9.9.0/24 -\u0026gt; 9.9.9.0- 9.9.9.255 Quad 9. Based out of Swizerland, Quad 9 runs a DNS resolver that aims to offer better privacy.\nAdministered by ARIN - Canada and USA\n╭────────────────────────╮ │ ASN lookup for 9.9.9.9 │ ╰────────────────────────╯ 9.9.9.9 ┌PTR dns9.quad9.net ├ASN 19281 (QUAD9-AS-1, CH) ├RNK #33644 ├ORG Quad9 ├NET 9.9.9.0/24 (CLEAN-97) ├ABU abuse@quad9.net ├ROA ✓ VALID (1 ROA found) ├TYP Anycast IP ├GEO Tokyo, Tokyo (JP) ├POR Open ports: 53, 443 └REP ✓ KNOWN GOOD as \u0026#34;IBM Quad9 Public DNS\u0026#34; Whilst 9.9.9.9 has port 443 open, it is exclusively used for DNS. Interestingly, the DNS record for quad9.net resolves to 216.21.3.77 (Feb 2024) which is part of the prefix 216.21.2.0/23 allocated to AS715 - WoodyNet, Inc https://woodynet.net/\nBGP.tools for 9.9.9.9 ipinfo for 9.9.9.9 Extras # 0.0.0.0 # IP Net: # 0.0.0.0/8 -\u0026gt; 0.0.0.0 - 0.255.255.255 0.0.0.0 is reserved as a current or local network.\nThis along with the 10.0.0.0/8 subnet are addresses allocated for private internet as outlined in RFC1918.\n10.10.10.10 # IP Net: # 10.0.0.0/8 -\u0026gt; 10.0.0.0 - 10.255.255.255 Reserved private network space as outlined above. It is also commonly refered to as a Bogon address\n20.20.20.20 # IP Net: # 20.0.0.0/11 -\u0026gt; 20.0.0.0 - 20.31.255.255 Registered to Microsoft, an American technology company\nNo obvious public services.\n30.30.30.30 # IP Net: # 30.0.0.0/8 -\u0026gt; 30.0.0.0 - 30.255.255.255 Registered to DoD\nNo obvious public services.\n40.40.40.40 # IP Net: # 40.40.40.0/24 -\u0026gt; 40.40.40.0 - 40.40.40.255 Registered to Telefonica de Argentina, an Argentinian communications company\nNo obvious public services.\n50.50.50.50 # IP Net: # 50.50.0.0/16 -\u0026gt; 50.50.0.1 - 50.50.255.254 Possibly registered to Frontier communications of America\nWhois has frontiernet.net which loads frontier.yahoo\nNo obvious public services.\n60.60.60.60 # IP Net: # 60.60.0.0/17 -\u0026gt; 60.60.0.1 - 60.60.127.254 Registered to JCOM co ltd. More infor can be found on their Japanese Wikipedia page\nNo obvious public services.\n70.70.70.70 # IP Net: # 70.68.0.0/14 -\u0026gt; 70.68.0.1 - 70.71.255.254 Registed to Shaw communicatons, a Canadian telecom company.\nNo obvious public services.\n80.80.80.80 # IP Net: # 80.80.80.0/24 -\u0026gt; 80.80.80.0 - 80.80.80.255 Registered to Freedom Registry BV\nWhich changed its name from opentld.com -\u0026gt; freenom.com\nNo obvious public services.\n90.90.90.90 # IP Net: # 90.90.0.0/16 -\u0026gt; 90.90.0.1 - 90.90.255.254 Registered to Orange.\nNo obvious public services.\n100.100.100.100 # Bogon IP address.\nPopular usage includes with Tailscale\nOPTE # A cool project that visualises BGP and networks is called OPTE OPTE Preview OPTE visualises network topology and connections that exist between them that make up the internet. Networks are often clusters of IP ranges that connect to each other, and OPTE does a good job visualising this.\nThis was a fun exercise to learn about IP addresses and to also brush up on subnetting.\nHave I missed anything, or are there any corrections? Please leave a comment below.\n","date":"1 March 2024","externalUrl":null,"permalink":"/blog/quad-single-ip-addresses/","section":"Blog posts","summary":"","title":"Quad single IP addresses","type":"blog"},{"content":"This writeup looks into how Arc phones home to log analytics without giving users a good way to opt-out.\nArc browser is one of the many Browsers to run Chromium (Blink) which includes browsers like Microsoft Edge, Brave and Opera.\nIt however is unique, being one of the only browsers that requires you log in before using it.\nMandatory login # Login prompt Their argument: \u0026ldquo;Sync data, provide support\u0026rdquo; - Its a tough ask, no matter how you spin it to require your users to be logged in to a service before using it. No matter if a user\u0026rsquo;s actions are anonymised, the way you use your browser is still logged. A scary fact is just like Google\u0026rsquo;s Chrome browser and Google, policies change over time. At this stage data may not be collected or synced, but the convenience of having tabs on your phone, or to remember that website you were searching for earlier on in the day on another device will be the downfall of privacy for Arc.\nWelcome after logging in After logging in, you\u0026rsquo;re greeted by a \u0026lsquo;personalised\u0026rsquo; Card with your name/alias.\nBelow is the first tab you\u0026rsquo;ll see using Arc (at V1.0.1). There are tabs open on the side with a Wikipedia page, and two other websites.\nFirst page you\u0026rsquo;ll see Phoning home # These sites are all loaded in the system by the process Arc Helper, which is nice to be seperate from Arc itself, however the pages chosen starts to develop a unique fingerprint.\nFirst website domains loaded From the domains Arc loads on first launch, its evident the Arc team is very product-focused. With three major tools collecting user data: Segment, Sentry and Launchdarkly. As upfront as their Privacy Policy is, they are incredibly vague as to which platform, or how many they use in the browser. As you will see later on, its disappointing that there is a lack of opting out of sharing of any usage.\nBrowser load domains Preferences # It was good to see some level above the standard chrome settings giving customisation to the browser. On the flip side, for a browser that talks a lot about privacy, mandating that users be signed in, and not providing an option to opt-out of providing device analytics (unless you block them at the DNS level) is disappointing.\nBrowser preferences Browser preferences pages Browser preferences pages Notice the absence of an option to log out of an account to continue using the browser, or opting out of sending analytics to the browser company.\nData being collected # The following is an extract of a sample being logged and sent to Sentry in accordance with the Browser Company\u0026rsquo;s personal data collection policy.\nCaptured log - Sentry.io # Identifiers phoning home A few things to note here:\nEvery user has an \u0026lsquo;anonymous id\u0026rsquo; as well as a \u0026lsquo;user id\u0026rsquo; which could be speculated as being linked to your e-mail address to \u0026lsquo;provide support\u0026rsquo; or understand how you prefer to use the browser. Events are logged, as per their privacy policy. This means it sends an update to Sentry when you Command Tab to another app, and another log sent when you go back. Other events include things like viewing preferences, creating a space among many other features I didn\u0026rsquo;t test. The identifier of your Mac is sent. My one; Mac14,9 shows my model - MacBook Pro M2 2023 14in, with RAM config. Locale (Keyboard) and timezone are shared Interestingly, window dimensions are shared The network shows current connection, in my case WiFi, and although Bluetooth shows \u0026lsquo;false\u0026rsquo; this refers to the network connection as Bluetooth was on. IP isn\u0026rsquo;t logged (at this build) An example of another event being logged Event sample of action in Arc Interestingly, there were some interesting bits of data captured. One of which included a variable to check if the user logged in was internal (I wonder what that was for) internal email Captured log - Launchdarkly # There wasn\u0026rsquo;t much to decode from the Launchdarkly, with everything being encoded\nDarkly sample Permissions # Arc browser requests to see files on a few too many areas of you PC. Expect to get prompted if you plan on taking it for a spin.\nArc wants to view files in a lot of folders Arc\u0026rsquo;s Privacy Policy, and the problem with trying to \u0026lsquo;sell\u0026rsquo; privacy # Arc\u0026rsquo;s Privacy Policy is upfront, being transparent that they are product-centric, wanting to understand their users behaviour.\n\u0026ldquo;What we do care about when it comes to data is building the best, most reliable product we can. For instance, understanding which features our members are digging most (and which features they hate, oof). Keep reading to check out our full privacy policy.\u0026rdquo;\nA few days later.. the true purpose of needing an account # As with most products, the most valuable thing to an investor is measuring traction and growth. Having users sign up creates an asset of user details, which makes me wonder how The Browser Company is planning on monetising Arc or their future projects..\nNewsletter sent with Mailchimp tracking stats Result # I guess Arc browser isn\u0026rsquo;t a privacy oriented browser. It has a unique take on developing an \u0026lsquo;all-in-one\u0026rsquo; app to extend a web browser, heavily focused on user experience. Although, being Gecko based (Firefox) would have been a nice to see, the hype around Arc and Chromium isn\u0026rsquo;t going away any time soon, and is typically viewed as the more performant on the web.\nIt would be nice if Arc, or rather the browser company provided more options to control what data is being logged, or provided a simple opt-out of everything option. Its understandable that they only recently went V1.0 and ditched the invite only system, however to build trust with users, I believe that along with using it without an account are the main barriers to recommend jumping on the Arc wagon.\nArc files left on system Arc ended up in the trash on my test machine.\n👍 Comes with uBlock pre-installed\n👎 Account is mandatory\n👎 No way to opt-out of sending analytics\n🤷 A bit over the top permissions needed to access folders / files for the average user\n🤷 Based on Chromium\nDisclosure: I work on an open-source theme of Firefox browser to make it look like Safari\nTools used in this writeup:\nLittle snitch Proxyman AppCleaner Let me know in the comments below your thoughts on Arc\n","date":"30 July 2023","externalUrl":null,"permalink":"/blog/arc-browser-privacy-check/","section":"Blog posts","summary":"","title":"Arc Browser, how private is it?","type":"blog"},{"content":"","date":"25 July 2023","externalUrl":null,"permalink":"/dashboard/","section":"Dashboard","summary":"","title":"Dashboard","type":"dashboard"},{"content":"I like the idea of sitting in a workspace with headphones on whilst listening to ambient sounds. Picture this; low chatter, mugs clinking, steam, birds chirping. I instantly think of a coffee shop. It is generally known that the act of meditation provides a more positive mindset. My spin on the typical audioscape is to record and playback some sounds closer to home.\nThis includes:\nRain Native birds National parks Ocean sounds and more.. Working from home on a nice sunny day can be great, however when there\u0026rsquo;s limited time to go outside, the sound of native birds, a park or other sounds can help to immerse someone to feel like they\u0026rsquo;re outside to boost productivity.\nMy plan is to release a few of these tracks on SoundCloud. You can comment below or get in touch if you are interested in the 192khz 24 bit versions.\nMy gear includes:\nTascam DR 100 miii 2x Clippy XLR EM272 Rycote Windjammers Zoom H1 iPhone 13 Pro Tracks will be tagged with the relevant gear!\nAdam Kostarelas · Ambient - Audioscapes","date":"6 October 2022","externalUrl":null,"permalink":"/blog/ambient/","section":"Blog posts","summary":"","title":"Ambient sound series","type":"blog"},{"content":"","date":"6 October 2022","externalUrl":null,"permalink":"/tags/audio/","section":"Tags","summary":"","title":"Audio","type":"tags"},{"content":"Awesome lists are handy. They allow a community or individual to manage a simple list in a Readme in a Git repository. That means all the benefits of revision history, merging changes from different versions and other advantages of git are included.\nWhere I feel they can often come short is when the lists get a bit too long. Typically data is to the point and a list usually to provides a URL and a brief description of that resource.\nIn the case of Awesome Aussie, I felt that aussie businesses could have so much more information that could be captured, and that it could be shared and managed in a more efficient way.\nMy last project, HuTasker was a great learning exercise to play with Airtable\u0026rsquo;s API, and to automate workflows.\nAwesome Aussie # Awesome Aussie provides great a great resource for users looking for aussie apps, software, tools or popular services. Check out the list on Github or at awesome-aussie.com\nThe data is as open as possible, with the ability to download a CSV from AirTable or sync it to your own base. If someone syncs the data to their own base, they can use their own API keys with AirTable to support their own site. Of course, the data is also available from the README.md on Github.\nThe current implementation consists of a few javascript based scripts to connect to AirTable\u0026rsquo;s API and Github\u0026rsquo;s API to manage data.\nData is managed in a few ways which will need future refinements.\nAdditions # A user is free to submit new items to the list either directly via an AirTable form, or as a pull request from their own repo or can submit a new Github issue. When a user submits an addition through AirTable, AirTable\u0026rsquo;s own automations connect to Github and create a new issue with the data. If a user creates a pull request, it can be merged, however the details would need to be manually added to AirTable. When a user creates a new issue, the Github Issues workflow adds the data to a sheet in AirTable.\nAmendment # At this stage, amendments are only via raising an issue or via pull request. Only authorised users will have permissions to change the data in Airtable.\nA breakdown of the technical details:\nReadme # readme/app.js connects to Airtable\u0026rsquo;s API to build the Readme.\nIt checks for data filtered by Airtable that are active in the \u0026lsquo;Awesome Aussie\u0026rsquo; view that are relevant to the list.\nThe script also ensures that only the categories with an entry are added to the list Extended list\nreadme/extended.js connects to Airtable\u0026rsquo;s API to build the extended list.\nIt works similarly to the above, and filters data by the \u0026lsquo;Extended\u0026rsquo; view\nIssues # issues/app.js connects to Github\u0026rsquo;s API and Airtable\u0026rsquo;s API. It syncs recent Github Issues to Airtable. This allows the Airtable automations to quickly see if a new submission is a duplicate. Pull Requests\nGithub Workflows # Issues: Runs the issues script on schedule Readme: Builds both normal Readme and Extended list and creates a pull request to update main branch. Sync Mirror: Syncs commits to Codeberg Sync Website: Syncs commits to the gh-pages branch which hosts awesome-aussie.com There are still some bugs to figure out and workflows to tweak, but it is available all in the Airtable branch in Awesome Aussie.\n","date":"15 September 2022","externalUrl":null,"permalink":"/blog/awesome-aussie/","section":"Blog posts","summary":"","title":"Awesome Aussie, an awesome list automated with Airtable","type":"blog"},{"content":" HuTasker # HuTasker integrates Hugo, a Static Site Generator (SSG) with Airtable in a sample app. The end product was to create a mock marketplace for tasks, drawing inspiration from my previous startup Trunked and Airtasker. The technical goal was to use Hugo with a \u0026lsquo;back end\u0026rsquo; that can act as a content management system (CMS) through an API that can fill and manage data on its pages. I started the project making the assumption that my \u0026lsquo;client\u0026rsquo; wanted to manage their data in a spreadsheet that can control the front end. This made up \u0026lsquo;client\u0026rsquo; was developing a MVP (this) for their presentation to validate early in the product development cycle. To ensure that it was clear that this was a mock site and usable as a theme, call to action (CTA) links to Github were placed. My personal goal was to solve a problem with Hugo, one that I feel limits the adoption of the technology to tech-savvy users, the lack of a \u0026lsquo;good\u0026rsquo; CMS.\nTrying to find the right CMS # I\u0026rsquo;ve been obsessed with trying to find the best CMS for Hugo. The options available have restrictions that can limit the realistic outputs passing as a solution to a customer. Users want a system that is straightforward, easy to manage content and make changes at any point in time without relying on a technical person.\nA traditional CMS like Wordpress is great as an \u0026lsquo;all in one solution\u0026rsquo; for a non tech-savvy user. The server manages content, renders pages, and has a user interface to edit the site. Unfortunately in my time working with platforms like Wordpress, Joomla and Drupal the amount of servers that aren\u0026rsquo;t managed is worrying. A large chunk of users don\u0026rsquo;t receive security updates on a platform that has more features than what someone would use for a landing page or something simple. Aside from being great at managing content for blogs, I feel there are many superior options that have better speed, mobile optimisations and SEO out of the box without enabling plugins. YMMV\nIntro Airtable # I wanted to build a new integration with Airtable, to connect their spreadsheet \u0026lsquo;database\u0026rsquo; like interface with that of a fully separate front end. Airtable presents a user with a friendly interface - a spreadsheet, or a kanban board, or a calendar (among others). Being very versatile and familiar to users, Airtable presented itself as an appropriate solution that could also act like a relative database with rows linking to each other. Designing the structure for the database, along with different \u0026lsquo;Views\u0026rsquo; that can filter, sort, hide and restrict data was a perfect way to create \u0026lsquo;server\u0026rsquo; like functionality without any programming. An example used is the \u0026lsquo;open tasks\u0026rsquo; view which filters tasks\nAirtable Database Schema Being able to effectively build a case that a free platform can replace most people\u0026rsquo;s need for a server is encouraging. Although HuTasker presents itself as an Airtasker clone, it is missing functionality such as user account creation, and purposely omits the ability to post a task to ensure the quality of data of the template. Although it could be argued that the ability should be enabled for a sample data only site. I\u0026rsquo;d be afraid in terms of what kind of spam could accumulate if left unmoderated, or if a workflow (or Airtable Automation) to delete data on a schedule wasn\u0026rsquo;t set up.\nTypical SSG uses # Typical common uses for Static Generation include:\nMarketing websites Blogs E-commerce product listings Help and documentation sites Usually the data is pre-rendered. Static sites often render files with the help of content pages, often in markdown format at build, generating static pages that can be hosted nearly anywhere. Often these solutions are tied into hosting with a provider that acts as a CDN (Content Delivery Network). In our case, that is Netlify. Static sites often benefit from being hosted on a CDN, as being compiled static files, they can be delivered from anywhere for the fastest load time.\nAs efficient as managing content in an IDE is for a developer, the user experience isn\u0026rsquo;t the same. Any of the CMS solutions listed above are often the preference for a non technical user that wants to manage content. If they were to make a change with a SSG they\u0026rsquo;d have to understand the content folder structure, editing a markdown file, version control with Git and then building the pages with the SSG tool. The technical literacy could obstruct most users from managing content in this way.\nMoving all that functionality to a front end that most users are familiar with is essential. Managing data in a database is ideal, and Airtable is one of the closest consumer options that is very user friendly.\nBuilding the integration # Airtable screenshot Building the integration, I wanted to focus on ensuring everything was available for free. That means, free hosting, free \u0026lsquo;backend\u0026rsquo; and of course a free template / data integration available as an open source project.\nWhen integrating with Airtable, there were a few considerations that had to be made clear;\nWhere will people using the theme edit data? Is it easy for users to adapt the functionality for their own data? Security considerations in the repo to protect API keys. Making it clear. # A decision had to be made in terms of storing data; Is it in Airtable or in the content folder as a markdown. Effort was made to try and remove redundancies of hard coded data in the layouts pages, however some pages in the content folders include references to Airtable\u0026rsquo;s views and table names that the layout will pull. That being said, the aim for the content is to be stored in Airtable, only restricting the content folders for configuration or legal related info.\nAdapting the theme to use different data # If a user who has cloned the repo makes changes to the Airtable structure, Hugo will throw an error. It needs to know table names, views and of course the names of the columns. Understanding the data isn\u0026rsquo;t too difficult. Most of the references to a table e.g. tasks has been categorised into the tasks layouts and partials. Care would need to be taken to adjust the Airtable record field names to suit their use case. A list of common errors have been compiled in the Wiki to help future users modifying the theme.\nSecurity # Security considerations will revolve around how the user manages their API keys to Airtable. As Airtable\u0026rsquo;s API supports CRUD (Create, Read, Update and Delete) it is important to note as a vulnerability to the system.\nTheme Features # HuTasker screenshot of category page Tasks # The main part of this theme is presenting the tasks. Tasks are things that need to be completed by \u0026lsquo;users\u0026rsquo;, where if this were a real site, users would be able to make offers to complete the tasks. This page is managed with Javascript, showing the pages created and populated by Hugo through the help of CSS classes.\nHuTasker screenshot of category page Categories # Categories was included as a way to add some SEO functionality and extra pages into the template. With the help of a command, anything listed in categories can have their own Hugo pages created that then populate current data from Airtable\u0026rsquo;s API (on the CRON schedule).\nPrivacy # Privacy is important, and something I advocate for. To try and include the least amount of tracking scripts or collection of data is important. As a way to stay open and transparent, I\u0026rsquo;ve tried to explain all the services that this sit is built upon. On this page, there is an embed from the Simple Analytics tracking script to show page views to the public.\nGithub schedule # The Netlify Build workflow on Github is set up to hit Netlify\u0026rsquo;s build webhook on a CRON schedule. This is configurable to as often as Netlify will allow you with your build credits. What\u0026rsquo;s cool is if there is an active amount of data being updated on Airtable, then the frequency in the CRON can be increased. This had to be implemented due to Airtable\u0026rsquo;s limitations with their automations restricting what is possible on the trigger of \u0026lsquo;updating a record\u0026rsquo;. Ideally when updating a record, it could notify a webhook and remove the need for a Github schedule, however this could push some people out of their build limits with Netlify.\nNetlify # Netlify is the CDN and builder for our site. It clones any changes off Github, offers previews for pending changes to the theme and also pulls the data from Airtable and places the build on its CDN. HuTasker is hosted on Netlify on a free plan. The Wiki has information about how to set up API keys and other variables to get the theme up and running.\nOther # There are a few other nice features, including a dark mode switch, linking tasks to the home page, good SEO and a decent lighthouse score.\nFurther reading about CMS # Hugo\u0026rsquo;s current options to manage content include Forestry, or Netlify CMS. It can get complex when inserting images, or any other bit of information that needs to use a shortcode as it is next to impossible for a user to perform when the UI isn\u0026rsquo;t designed for these applications. It really feels like it can limit the use case of Hugo for a non-tech savvy user to something that is well, static.\nA solution for keeping the best of both worlds is to manage data with a content platform or a headless CMS. This allows the front end to be separate from the back end, or the code to be separate from the content. I find this important, as a solution dedicated and managed that handles user authentication, access, images and other aspects may come with a cost, but will most likely be specialised to managing content in a particular way that has user experience in mind. There are headless CMS options like Contenful or Strapi that manage content, specifically to bring into solutions like this.\nI do hope that Forestry\u0026rsquo;s \u0026ldquo;V2\u0026rdquo; Tina can provide some additional support for Hugo\u0026rsquo;s Shortcodes.\nGetting setup # In the spirit of keeping data organised, the information to setup the theme and get started are all available on Github\nWhat\u0026rsquo;s next? # HuTasker is one of my last projects with Hugo before moving to new frameworks. My last project will be a blog theme, and I\u0026rsquo;ll be aiming to integrate a CMS with the SEO benefits of Hugo.\nWho knows, there may be an adaption of this theme open for public submissions coming soon..\n","date":"15 August 2022","externalUrl":null,"permalink":"/blog/hutasker-hugo-x-airtable/","section":"Blog posts","summary":"","title":"HuTasker, Hugo X Airtable","type":"blog"},{"content":"I\u0026rsquo;ve been waiting a long time for NBN. Back to the original announcement, I remember the first time the address checker provided a date of installation. Delay after delay the day arrived, I\u0026rsquo;d have regular access to fast broadband.\nSince then, so many innovations have changed the way we use technology on a daily basis. Having gone through a change in OS I was quickly thrust into the world of linux, homelabs and self hosting.\nTinkering around with selfhosted services, I found myself needing to be able to retrieve data from my \u0026lsquo;cloud\u0026rsquo; on a regular basis. However with a consumer nbn connection was difficult. Granted, my connection is a HFC 250/25 plan (Mbps Download/upload), it prioritises traffic in the wrong direction for my needs.\nMy intrigue to switch to 5g came from wanting higher upload speeds.\nIn Australia it can be tough as a consumer to get decent upload speeds at a reasonable price.\nFor example, a nbn plan with 100Mbps download and 20Mbps upload is the standard \u0026lsquo;Home fast\u0026rsquo; plan. To get 40Mbps upload, most providers would charge an extra $10 often costing around $100 AUD/month.\nAn Australian ISP, Superloop\u0026rsquo;s internet plans as at May 2022 for comparison. # Ironically how I wish I was eligible for fixed wireless at the promised speeds and prices.\nThe second part of wanting to switch to 5G was the flexibility of month to month billing and cheaper monthly costs.\nMy only option in my area was Telstra 5G. They promised Critical information summary of plan\nModem arrived. # Time to test.\nFirst tests (Peak) connected directly to Telstra 5G / Wifi 5 (AC) network Router with an iPhone # Above, Superloop NBN connectoin\nAbove, Telstra 5G\nSecond tests (Off Peak) connected with Macbook to Telstra 5G / Wifi 5 (AC) network. # Above, Superloop NBN connectoin\nAbove, Telstra 5G (gotta love the 100Mbps + Upload)\nSo far, so good. I\u0026rsquo;ve connected the modem into a second WAN port for load balancing until the my current ISP plan ends.\nGaming is stable, with not a very big difference compared to a fixed line.\nWas a good feeling when streaming pictures from a server at full speed to another network.\nWill keep posted in the next article if I reach the 1TB bandwidth limit.\nFirst month of this plan has been free. I am not affiliated with Telstra or Superloop in any way.\nArticle coming soon.. # Serving web services behind Carrier-Grade NAT (CGNAT) with a VPN tunnel.\n","date":"5 May 2022","externalUrl":null,"permalink":"/blog/from-nbn-to-5g/","section":"Blog posts","summary":"","title":"Moving from NBN to 5G","type":"blog"},{"content":"","date":"31 May 2021","externalUrl":null,"permalink":"/tags/design/","section":"Tags","summary":"","title":"Design","type":"tags"},{"content":"Ever since I got an iPod touch back in the late 2000s, a key design standout has been how Album art can provide bias to decide whether or not to listen to a song. It can also at times provide a \u0026lsquo;feeling\u0026rsquo; of the album. The feature i\u0026rsquo;m referring to of course is Cover flow:\niPod Touch Cover flow During this lockdown in Melbourne, Victoria, I\u0026rsquo;ve decided to do a few pieces of digital art to refine my photoshop skills, and to see it as a way to try to understand the \u0026lsquo;feeling\u0026rsquo; of music.\nI do understand that a lot of my art is unrefined. The challenge I\u0026rsquo;m undertaking is to spend an hour on a composition based on a song e.g. the title, the feeling listening to it etc. I want to limit the time as a way to make something simple, and achievable.\nMy first attempt at creating an album art was for Last Dinosaurs when they released their Single; Flying.\n","date":"31 May 2021","externalUrl":null,"permalink":"/blog/album-art/","section":"Blog posts","summary":"","title":"Journey into making Album Art covers","type":"blog"},{"content":"Many people who use a new Macbook in \u0026ldquo;Clamshell mode\u0026rdquo; (lid closed, and connected to an external display) may inadvertently be familiar with this privacy feature.\nThis innovative feature occurs when you close your Macbook\u0026rsquo;s lid. The microphone is then disconnected at a hardware level.\nIt is limited to Apple devices with the T2 chip:\nAll 13-inch MacBook Pro and MacBook Air notebooks with the T2 chip, all MacBook notebooks with a T2 chip from 2019 or later, and Mac notebooks with Apple silicon, this disconnect is implemented in hardware alone.\nWhat this means is that if you close your laptop and it for some reason doesn\u0026rsquo;t go to sleep, or it enters \u0026ldquo;clamshell mode\u0026rdquo; that the participants in the audio call you were in will no longer be able to hear you.\nFacing issues from no microphone input # This can be a problem for people like myself that have \u0026ldquo;docked\u0026rdquo; my Macbook with an external display, and have joined a call and been unaware of why the participants can\u0026rsquo;t hear me even allowing all software privacy measures to access the microphone.\nA privacy feature that you can either love or hate is relevant to anyone using Zoom, Discord, Facetime, Teams and any other app that uses your microphone.\nAll you need to do to resolve an issue of not being heard, is to simply open your Macbook.\nWhat else does the T2 chip do? # Apple includes a circuit and very detailed information about how the T2 security chip works in Macs that have it.\nThe T2 chip offers other features, like an image signal processor that enables enhanced face detection-based auto exposure, controls the ambient sensor, the system management controller (SMC), Apple video encoder, audio controller, and enables siri spoken commands via \u0026ldquo;Hey Siri.\u0026rdquo;\nTLDR; # There is a security chip in new Macs that disconnects the microphone at a hardware level when you close your Macbook lid.\nI\u0026rsquo;m a privacy advocate, and do believe initiatives such as this are a good step in a device where you can\u0026rsquo;t just remove the privacy flaw completely (removing a USB).\nRead more # If you want to find out more about Apple\u0026rsquo;s platform security, you can [download a PDF](The T2 chip offers some non-security features as well, like an image signal processor that enables enhanced tone mapping, controls the ambient sensor, the system management controller (SMC), white balancing to the FaceTime HD camera, Apple video encoder, audio controller, and enables \u0026ldquo;Hey Siri.\u0026rdquo;) from their website.\nAs always, feel free to message me on twitter if you\u0026rsquo;d like to start a discussion.\n","date":"29 May 2021","externalUrl":null,"permalink":"/blog/mac-privacy-feature/","section":"Blog posts","summary":"","title":"Mac privacy feature you may not have heard of","type":"blog"},{"content":"","date":"29 May 2021","externalUrl":null,"permalink":"/tags/security/","section":"Tags","summary":"","title":"Security","type":"tags"},{"content":"","date":"20 February 2021","externalUrl":null,"permalink":"/tags/cooking/","section":"Tags","summary":"","title":"Cooking","type":"tags"},{"content":"腊味萝卜糕 (Làwèi luóbo gāo) is a yum cha dish that is also popularly consumed during Lunar New Year. This version has a special twist, it is not the usual hong kong style however has an addition of a sea taste (seaweed).\nHeads up, The moisture content of radish varies a lot, and can be difficult to cook..\nIngredients # Chinese Sausage Lup Chong 腊肠 (We used this brand but you can use whatever is convenient) 1/2 pack 腊肠 1 Turnip (500g) Sticky rice flour (2x 400g bags) Cornstarch (1x 400g bag) Dried shrimp (50g) Seaweed (5g) Dried scallop (50g) Shiitake mushroom (8 mushrooms, dried is recommended for the flavour. You need to submerge into water for 3 hours in advance, then squeeze the water out). Amounts are rough, however it may be more flavorful if you add more shrimp, scallop or sausage.\nSauces / Other # 2 table spoon Dark soy sauce 3 table spoon Light soy sauce 2 tea spoon Fish sauce (optional) Spray olive oil 1 tea spoon white pepper (feel free to add more if you like it to be more spicy) 3 table spoon of sugar Step 1 # Shred half the turnip into fine strips, and cut the other half into thicker strips to provide some texture.\nPlace it into a big wok and mix, cooking on low heat for the excess water to come out (don\u0026rsquo;t strain this though) for 15 mins. We don\u0026rsquo;t want to over cook the radish at this stage as they will be steamed later.\nStep 2 # Cut up Chinese sausage, shrimp, scallop and shiitake mushroom into small pieces.\nHeat up the pan and put all of them and a bit of Chinese seaweed (Zi cai) in to lightly roast until the fat from sausages comes out and everything is slightly browned.\nStep 3 # Mix the roasted ingredients above with the radish. Add salt, white pepper, dark and light soy sauce (ratio 1:2), sugar, fish sauce (optional) into the mix to bring out the flavour. You can taste it as you go. At this stage, it can be a bit too salty but after the flour is mixed in, you can taste again to make sure it\u0026rsquo;s good. Mix the flour ingredients listed above with appropriate amount of water until the mix looks a bit sticky but still fluid. Add the flour mix into the radish mix, stir until it looks like a wet dough, adjust flavour accordingly as you mix you should aim for roughly for this consistency above. Step 4 # Spray olive oil on an Aluminium box before placing the wet-dough like mix in. Fill up to 8/10 so there will be room to rise Steam the mix for 60-90 mins on medium to high flame until it\u0026rsquo;s cooked. The way to check is exactly how you check if a cake is ready - stick a fork or stick in and pull out, if there\u0026rsquo;s no paste stuck to it then it\u0026rsquo;s cooked! Step 5 # Cool the Radish cake down and place it into the fridge over night or at least for 3 hours before you eat it. This step may seem unnecessary but is actually very important to mould the cake and to change the texture! Once it\u0026rsquo;s properly refridgerated, you can slice pieces and pan fry them (low heat, with a bit of oil, until it\u0026rsquo;s golden) or steam them again. Recommend dipping sauce : sirricha / sweet chilli sauce/ sweet and sour sauce, recommendation in sequence Step 6 # Share and enjoy! Feel free to message me on twitter to share your results! Voila, Enjoy! Bon apetite. ","date":"20 February 2021","externalUrl":null,"permalink":"/blog/turnip-rice-cake/","section":"Blog posts","summary":"","title":"Turnip rice cake (腊味萝卜糕)","type":"blog"},{"content":" Trennial 2020 # Fallen fruit - Hero image Visiting NGV has been close to the top of my to-do list of places to visit with the Melbourne lock-down slowly lifting.\nThis collection of photos are a few of the highlights on my visit.\nThe first feature is an animated work of art that uses a dataset of images of nature to base the colours of the mesmerising waves. Refik Anadol\u0026rsquo;s piece of art inspired me to add a new project to my list for a web based adaptation\u0026hellip;\nQuantum Memorie When you enter, the first sections are filled with photos, prominently from African artists. I\u0026rsquo;m a huge fan of pieces of work that involve colour and intricate use of shadow and light. (it\u0026rsquo;s best to view the photos in person.)\nYou\u0026rsquo;ll eventually make your way into the first big room with Diamond Stingily \u0026ldquo;In the middle but in the corner of 176th place\u0026rdquo;.\nIn the Middle but in the corner of 176th place Each trophy has it\u0026rsquo;s own inscriptions, which are fragments of conversations Stingily had with her grandmother and her older brother, who is a retired NFL player, in addition to her own quotes and those of other artists and poets.\nYou can\u0026rsquo;t get there on your own but you want to imagine you can While great to have features from overseas, it was exciting to see some local Australian art from Dhambit Mununggurr. This installation \u0026ldquo;Can we all have a happy life\u0026rdquo; includes 9 larrakitj (hollow poles) and 15 paintings. The colours of the blues are amazingly vibrant. It apparently is customary for the artists in their region to paint with ochres collected from the natural environment. With these pigments, they are ground on a stone, mixed with water and glue and then applied to the surfaces.\nDhambit Mununggurr blue Larrakitj A significant space was occupied by Porky Hefer\u0026rsquo;s work \u0026ldquo;Plastocene - Marine Mutants from a disposable world\u0026rdquo;. The scales in the image below are amazing to stare at with the light and shadows.\nPorky Hefer cotton bud Can you spot the two aeroplanes on the green monster?\nPorky Hefer green A rather interesting way that Trennial is presented at the NGV, is through the use of integrating the installations into the every day sections. The first image below consists of RGB wallpapers to interact with the different coloured stimulus. When the light projections change from Red, to Green to Blue, a new image and species are concealed and revealed.\nCarnovsky GIF of the colours changing\nCarnovsky GIF Whilst not having a similar nature of interactive installations as the previous Trennial; (I understand restrictions were in place to reduce interactivity) there were still quite a few great individual pieces.\nI personally think that walking through the NGV, there wasn\u0026rsquo;t an overarching theme to glue everything together, however that ultimately can be a reflection of the separated lives we\u0026rsquo;ve been living in 2020. One of my favorite pieces is Des Lawrence Henry Worsley which can be viewed in higher resolution here\nDes Lawrence Henry Worsley The BTVV installation of \u0026ldquo;Walls 4 Sale\u0026rdquo; is a great place to reflect and really have some fun with the scale of objects!\nAt the end of your tour, I\u0026rsquo;ll advise to have a look at the NGV design store. There\u0026rsquo;s often quite a large selection of art/design-related books, as well as a few\nWant to visit yourself? # Keep in mind there are many more installations that I haven\u0026rsquo;t covered or talked about here. NGV\u0026rsquo;s Trennial is a free exhibition being held at the NGV International on St Kilda Rd. It\u0026rsquo;s available until April 18 2021 with free tickets.\nEven if you don\u0026rsquo;t go in, you can admire Julian Opie\u0026rsquo;s \u0026ldquo;Crows\u0026rdquo; out the front on St Kilda Rd.\nIf you have any comments, feel free to tweet me @adamxweb\n","date":"29 January 2021","externalUrl":null,"permalink":"/blog/ngv-trennial-2021-visit/","section":"Blog posts","summary":"","title":"NGV Trennial Visit 2021","type":"blog"},{"content":"","date":"29 January 2021","externalUrl":null,"permalink":"/tags/photography/","section":"Tags","summary":"","title":"Photography","type":"tags"},{"content":"","date":"29 January 2021","externalUrl":null,"permalink":"/tags/travel/","section":"Tags","summary":"","title":"Travel","type":"tags"},{"content":"It\u0026rsquo;s easy to make life easier on your Mac with the aid of a few Mac Apps, as well as hidden features within MacOS. Here\u0026rsquo;s a few suggestions.\nBetter Touch Tool # Drag windows around effortlessly # Instead of clicking and dragging the Instead of clicking and dragging the title bar to move the window around, a simple trick is to turn on a keyboard shortcut. When your cursor hovers over a window, your press the button and easily move the window around, quickly and effortlessly.\nI\u0026rsquo;d recommend using the fn key on Apple keyboards to move the window, as it\u0026rsquo;s in the bottom left corner of the keyboard and makes it easy to quickly press.\nOn non-Apple keyboards like the one I\u0026rsquo;m currently using, I\u0026rsquo;d recommend the combination of shift and ctrl; both next to each other and easy to press also.\nNon Apple keyboard shortcuts # I\u0026rsquo;ve been using Apple keyboards, either on the MacBooks themselves, or on my external Bluetooth keyboard for quite a few years, and the habit of wanting to press at the top left to control the volume is something I must be able to do.\nWindow movements: # Better Touch Tool offers the ability to make window management much easier. I use the shortcuts of using the alt button with the arrow keys to maximise the windows to left, right, full screen and finally if i click alt and down it will restore the window to its original size. This is an easy way of working with web browsers and files together.\nApple keyboard replacements: # Since swapping to a non-Apple keyboard, I wanted to retain some functionality that i\u0026rsquo;ve been used to such as music and volume controls. With some shortcuts in place, the same numbers can be used when holding these keys down to quickly pause music or adjust volume with the keyboard.\nWindow snapping # After going between Windows an Mac for multiple years, to settle into MacOS a few tweaks had to be made. I originally used BetterSnapTool, their original window management feature (can do these features at a slightly cheaper price), however have since moved to Better Touch Tool.\nWindows snapping means that you can drag the window to the top, left or right of the screen to automatically adjust the size of the window.\nAn advantage to not going full screen mode may be the ability to show multiple windows at once on the one screen.\nMacOS Catalina and newer has this feature built into the fullscreen mode, where you can \u0026lsquo;right\u0026rsquo; click on the green maximise button, to tile the windows to the sides of the screen.\nIf you do decide to use the Apple window management going full screen, you can also remember the keyboard shortcut of holding down the left ctrl button and clicking left and right to cycle through windows. Ctrl and up also shows the Mission Control to view everything that\u0026rsquo;s going on.\nApple System Preferences # Use Hot Corners to make full use of your mouse. # If you\u0026rsquo;re like me, I try to find efficiencies in the Operating System that i\u0026rsquo;m using. Examples of such is to be able to navigate as much through the OS as possible without the need of the second peripheral (Only using the mouse, or only using the keyboard).\nA nifty feature called hot corners allows you to move the mouse to the edge of the screen\nHot Corners is found at the bottom left of System Preferences \u0026ndash;\u0026gt; Mission Control.\nThese are my screen corner settings. The one I first used from back in 2012 was the top left for notification centre, which just made sense instead of adding an extra click in.\nAlfred App # Advanced keyboard usage with Alfred # Spotlight for me just hasn\u0026rsquo;t been enough over the last few years. Sure, there have been improvements, however none of the improvements will be able to match third-party innovations.\nA piece of software called Alfred allows for so much more control that Spotlight can\u0026rsquo;t provide.\nWith Alfred, you can;\nRestart, shutdown or log out of your Mac Empty the trash Search for text within files DuckDuckGo a phrase right from search Control Music in iTunes (Apple Music) Type text, and press Command Option L to make it full screen to easily read. Easily find contact information Create a workflow So much more\u0026hellip; Keep in mind there are other great options out there aside from Alfred that can be more powerful. The downside is the time a user may need to configure the options may be too long for the average user.\nThe other option I\u0026rsquo;d recommend is Lacona. It can be a bit more powerful understanding commands. Downside is that they only offer a subscription for their \u0026lsquo;pro\u0026rsquo; features that can hook you into another thing to pay yearly..\nBitWarden # Password management is something that can really make life much easier. There are many options out there, however I\u0026rsquo;m an advocate for security and privacy so would stick to these options;\nBitwarden is the best all-rounder, is open source and works on multiple platforms effortlessly. You can even host your own BitWarden server, and sync your passwords to your own managed service. I personally pay for BitWarden, to add in extra functionality including 2FA to have the codes that autofill in websites for authentication.\nA key factor here to note is that my browser of choice is Firefox.\nOther great options are;\n1Password. If you don\u0026rsquo;t mind paying a bit more, the app is built with MacOS in mind. It allows for easy features such as using TouchID to unlock your passwords Keychain Access. Some people use Apple products exclusively. This can often mean that you use Safari exclusively also. This would be the best option, as it can suggest passwords for you, sync passwords to your phone and also remember wifi passwords across devices. Desktopaint # This one isn\u0026rsquo;t quite what you think of with \u0026lsquo;improvement, however it can make your day a bit more special. Every day it grabs a new image sourced from WikiArt (More to come) that can really make you appreciate art. Desktopaint is open-source and available for free from Github\nConclusion # There are many apps out there that you may not have tried that make your day a little bit better.\nFeel free to tweet me @adamxweb to continue the conversation further\n","date":"3 January 2021","externalUrl":null,"permalink":"/blog/easy-mac-quality-of-life-improvements/","section":"Blog posts","summary":"","title":"Easy Mac Quality of Life Improvements with Apps","type":"blog"},{"content":" Why I sold my gaming PC to try cloud gaming # Over the past few years, i haven\u0026rsquo;t played as many games online as I used to. Full disclosure, I grew up as a playstation kid, playing PS3 with friends over PC gaming (aside from Minecraft). The only attempts I\u0026rsquo;d previously had at \u0026lsquo;cloud\u0026rsquo; gaming was using remote play with my PS4 over mobile data, which was choppy at best.\nI was sceptical about trying out gaming over the internet, but seeing as I would only play one or two games casually, I figured I\u0026rsquo;d give it a go.\n(Keep in mind that I still had a backup console at the time).\nGuide # The tests below were conducted with a fibre connection of 100Mb/s download and 40Mb/s upload with NBN. The ping to AWS\u0026rsquo; server in Sydney was constantly below 20ms.\nStep 1 # Create your AWS account, and open a customer support request to have access to a G EC2 instance. The request will include a limit increase to access G instances. (the G instances are the ones with GPUs which makes this all possible)\nStep 2 # Once you\u0026rsquo;re approved, launch this AMI instance (AWS server template)\nhttps://aws.amazon.com/marketplace/pp/B07STLTHM8\nStep 3 # Download Parsec on your PC, and create an account.\nTo play games with low latency remotely, Microsoft RDP won\u0026rsquo;t do. With Parsec, it allows the GPU to transcode and send the video at a low latency that\u0026rsquo;s playable.\nStep 4 # Now log into the remote server. The easiest way to do this is to find the password associated with the server, and to download the \u0026lsquo;RDP\u0026rsquo; file.\nOnce connected, you\u0026rsquo;ll be able to install Parsec here also.\nStep 5 # Connect to your new Parsec server, install your games and play!\nIt\u0026rsquo;s relatively easy to set everything up, however I do recommend keeping in mind that you\u0026rsquo;ll be charged for every minute the server is online, so remember to shutdown to avoid a big bill.\nConclusion # Although cloud gaming is possible, playing any competitive shooters like Apex Legends with any form of lag is frustrating. Sometimes whilst playing remotely with Parsec, some stuttering, freezing or frame drops occur naturally over the connection. I\u0026rsquo;d recommend trying this if someone doesn\u0026rsquo;t want to buy a console, and already has a library of PC games they want to play on demand.\nI wouldn\u0026rsquo;t switch anytime soon, and the cost not only to run the server, but for storage adds up quickly. Especially with games that are 50+GB each, it could cost between $10-$100 a month.\nIssues # Unfortunately Valorant by Riot doesn\u0026rsquo;t work due to the limitation of installing on a Virtual Machine.\nFeel free to contact me on twitter @AdamXweb if you need help setting anything up.\n","date":"19 October 2020","externalUrl":null,"permalink":"/blog/aws-ec2-gaming/","section":"Blog posts","summary":"","title":"Cloud gamer in Australia","type":"blog"},{"content":" I\u0026rsquo;ve had enough with shared hosting. # For years our domain, Kostarelas.com has been on shared hosting provided by Godaddy.\nPreviously, I was too young to take control of the administration of the domain, but today was the last straw, thanks to two step verification.\nI was setting up a service on a new device that of course asked for a 2 step verification code. Usually with platforms like Gmail, Outlook and fast SMTP servers, you\u0026rsquo;d get a push notification instantly.\nUnfortunately today was not this shared server\u0026rsquo;s day. The e-mail was received at 2:24pm, and set up to forward to my G-mail (redundancy) where it arrived at 2:50pm a whole 26 mins later.\nFor some of my other projects, i\u0026rsquo;ve been using a service called ImprovMX that forwards e-mails to my Gmail. They offer a free forwarding service that gives great service delivery rates. They also offer a premium SMTP that bypasses my guide\u0026rsquo;s few steps.\nOur use case was that most of the users were already forwarding e-mail to Gmail, and with sign off from them all, we decided to pull the plug on Godaddy and Cpanel.\nThe benefit of ditching shared hosting handling our emails is that incoming emails delivered through the relay are delivered within 5 seconds, which is tolerable compared to the 26 mins. Outgoing e-mails are also going through TLS through Gmail, which adds a layer of security.\nGuide # Things to know: - Our DNS is managed by Cloudflare, which makes switching MX records super easy and quick. - Users who had Mailboxes on Cpanel won\u0026rsquo;t receive mail there anymore, but at the new address - Privacy may be compromised using Google\u0026rsquo;s services (if that\u0026rsquo;s where you\u0026rsquo;re forwarding emails to) - If you\u0026rsquo;ve already got forwarding set up and want to know how to use a faster SMTP with gmail, skip to Step 3\nStep 1 # Set up Redundancies\nBefore making the switch, first it\u0026rsquo;s time to set up ImprovMX, and configure all the e-mail aliases.\nYou\u0026rsquo;ll notice that you aren\u0026rsquo;t receiving e-mails yet, and that\u0026rsquo;s ok. Once you\u0026rsquo;ve matched e-mail to e-mail it\u0026rsquo;s time to make a switch\nStep 2 # (optional to use Cloudflare but recommended)\nYou can use whatever DNS option you like, however I use Cloudflare for many conveniences. Create or update the records to match ImprovMX\u0026rsquo;s mail servers of mx1 and mx2 (redundancies so if one doesn\u0026rsquo;t work, the second one still relays mail)\nThis step is going to change who receives the e-mails so keep that in mind. You\u0026rsquo;ll then be active to receive e-mails\nStep 3 # Let\u0026rsquo;s now configure e-mail to send as the domain, as you won\u0026rsquo;t have a MX server to send the emails from.\nCreate an app password # Go to your Gmail account and click on Security\nUnder signing in to Google, click on App passwords. We\u0026rsquo;re going to create an SMTP password used exclusively with Gmail as our forwarder.\nSelect the type of app as Mail, and I\u0026rsquo;d recommend writing some other custom text so you\u0026rsquo;ll know what it is later on.\nYou need to keep this window open or copy the password somewhere as this is what we\u0026rsquo;re going to paste into the next step\u0026rsquo;s SMTP password area below.\nOpen Gmail # Go to settings and click See all settings\nAdd a new alias # We\u0026rsquo;re going to add the e-mail address here which will allow us to send e-mails as the domain you\u0026rsquo;ve now forwarded.\nVerify details # Add your forwarded email address example@domain.com on the first step\nThis step is where you\u0026rsquo;ll need the password from before. Paste the password into the box represented by the pink area, and enter your gmail address into the username, not the email you\u0026rsquo;re going to forward. We\u0026rsquo;re logging into Gmail\u0026rsquo;s SMTP here to send e-mails and your example@domain.com wouldn\u0026rsquo;t have a login.\nSeeing as you set up the forwarding first, you\u0026rsquo;ll receive the confirmation with a code from google giving authority to send e-mails on your behalf\nEnjoy! # That\u0026rsquo;s it! You\u0026rsquo;ll now receive e-mails from your other domain, benefit from spam protection with g-mail and be able to send and receive e-mails within seconds, all for free.\nThanks for reading! # Feel free to reach out by twitter and start a conversation! Tweet me directly @adamxweb if you\u0026rsquo;ve got any troubleshooting issues.\nTweet\n","date":"30 July 2020","externalUrl":null,"permalink":"/blog/mx-server-to-gmail-email-forwarder/","section":"Blog posts","summary":"","title":"Speeding up e-mails and ditching the MX server","type":"blog"},{"content":" Noodle Packets overview After recently watching the film Parasite, # I couldn\u0026rsquo;t get over the simple fact that it\u0026rsquo;s rather easy to mix noodle packets together. Why wasn\u0026rsquo;t I trying this sooner?\nDeciding enough is enough, I jumped on the opportunity to make a combination of flavours some may deem strange, but feeling adventurous I grabbed two packets from the pantry and went to work.\nMy combo of choice; Chapagetti, a black bean style noodle, with Shin Ramyun, a sort of spicy soupy noodle. Both didn\u0026rsquo;t really seem like they should mix on paper, ending up with a soupy spicy deep flavour may not be the way to go\u0026hellip;\nThese are step-by-step directions of how I created my first mix.\nOverview # We will be creating a \u0026lsquo;Dry\u0026rsquo; Chapagetti Shin Ramyun mix, where we add most of the powders into the bowl, and add mostly drained noodles.\nWhen I make noodles, I make noodles.\nAll this means is that I like to add extra ingredients into my noodle creations. Today we will be adding:\nWombok (Chinese Cabbage) Eggs I\u0026rsquo;m also going to be using a 16cm saucepan. I\u0026rsquo;d advise to use this size or a bit bigger, as any smaller and your noodles won\u0026rsquo;t fit!\nStep 1 (Boil water and cut Wombok) # Before starting on any preparations, start boiling some water filling up about 3/4 of the pan. Heat on high with the lid on.\nWombok preparation step collage Wash, stack and cut some wombok. I went for 3 pieces of a rather small baby wombok.\nPlace in boiling water, and close the lid.\nStep 2 (Open packets and prep) # Ramen packets It\u0026rsquo;s time to get acquainted with what\u0026rsquo;s inside your noodle packets. We\u0026rsquo;re going to be using all the packets.\nLet\u0026rsquo;s start by placing all of the Chapagetti\u0026rsquo;s golden foil flavour packet into a bowl, followed by just over half of the Shin Ramyun\u0026rsquo;s silver foil flavour packet.\nI really wonder why on the Chapagetti it advertises \u0026lsquo;Original Olive oil\u0026rsquo; but instead provides a vegetable oil packet.. 🤔\nNow it\u0026rsquo;s time to add the noodles (after about 2 mins of wombok boiling).\nI like to add the small pieces left in the packet into the bowl with the seasoning, as it often can give a little crisp.\nStep 3 (Add vegetable packets) # Vegetable packets on stove Add in the noodles from both packets, followed by the vegetable flakes.\nStep 4 (Add Eggs) # Ramen with eggs added When cooking, I like to use the lid to rise the temperature of the pan, which also rises the water above the top noodles and cooks the eggs evenly.\nStep 5 (Cooked, and ready to drain) # Cooked ramen After about 3-4 mins, you\u0026rsquo;ll notice the egg whites at the top aren\u0026rsquo;t translucent and have cooked through. This is the perfect time to remove from heat and to mostly drain. Make sure to leave about 1cm of water at the bottom. (More or less when the water starts to trickle when draining)\nStep 6 (Add noodles to bowl and mix!) # After mixing you\u0026rsquo;ll get a solid golden brown colour all round. Keep mixing from the bottom and circle it round to the top. (You don\u0026rsquo;t want a massive flavour punch at the end).\nStep 7 (Add to clean bowl club) # Reflecting on the flavours, you get the spicy from the Shin Ramyun, with the earthy flavour from the Chapagetti that I really feel gives a good kick.\nChapagetti X Shin Ramyun gets a solid re-visit in my book.\n8/10\n(I have provided an Amazon link for the Shin Ramyun noodles. You can support my blog by clicking on it before purchasing.)\n","date":"12 July 2020","externalUrl":null,"permalink":"/blog/noodle-mix-chapagetti-shin-ramyun/","section":"Blog posts","summary":"","title":"Noodle Mix 1: Chapagetti and Shin Ramyun","type":"blog"},{"content":" Hey # Let me introduce myself. I\u0026rsquo;m Adam, from Melbourne in Australia! You\u0026rsquo;ll find me working on a few tech related things, with most of my projects on my Github\nThe main areas which i\u0026rsquo;ll be posting are:\nFood Tech and cyber journey Audio Photography General See you round!\n","date":"10 July 2020","externalUrl":null,"permalink":"/blog/first-post/","section":"Blog posts","summary":"","title":":// Welcome","type":"blog"},{"content":"","date":"10 July 2020","externalUrl":null,"permalink":"/blog/","section":"Blog posts","summary":"","title":"Blog posts","type":"blog"},{"content":"","date":"10 July 2020","externalUrl":null,"permalink":"/tags/general/","section":"Tags","summary":"","title":"General","type":"tags"},{"content":"","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":" Firefox WhiteSur theme # A MacOS \u0026 Windows Firefox theme to look more like Big Sur Safari. (For Firefox 70+)\nDescription # Aim is to make Firefox look more like MacOS Big Sur Safari.\nThis is a CSS theme adapted to work on MacOS from the Linux GTK theme.\nBased on https://github.com/vinceliuice/WhiteSur-gtk-theme/tree/master/src/other/firefox (This is a quick modification, and is not written from scratch.)\nInstallation (MacOS) # Download the latest release, or clone the repo above.\nA script has been added to streamline the installation process.\nOpen terminal in the directory of the repo, and run bash install.sh\nFollow the prompts\nInstallation flags # The script supports the following flags\n-c To enable close button on the left hand side -f To specify the default firefox folder (it will try to find the profile folder to place the theme within) -l Default location of most Linux installations -u Remove the animation on URL bar to be clickable throughout -n Removes the identity colour from tabs -r Remove the theme e.g. To install with script, with close button left hand side: bash install.sh -c\nManual installation (MacOS \u0026amp; Windows) # Copy chrome and configuration folers into your Firefox Profile Directory\nTo find your Firefox Profile Directory you can:\nGo to about:support in Firefox. Application Basics \u0026gt; Profile Directory \u0026gt; Open Directory. Copy folders mentioned above into the profile folder. (usually has -release at the end). If you are using Firefox 69+: Go to about:config in Firefox. Search for toolkit.legacyUserProfileCustomizations.stylesheets and set it to true. Restart Firefox. Done! Manual theme overrides: # To manually add a custom override, copy the *.css from the custom folder of whichever option you are after. Place it in the chrome/WhiteSur/parts foder within the profile directory you opened above.\nNext, import the .css file you just specified. To do this, open chrome/WhiteSur/theme.css in the same directory above and add the line\n@import \u0026quot;parts/NAMEOFOPTION.css\u0026quot;; above the line that says @namespace xul...\nThat\u0026rsquo;s it, the theme should load your overriden settings\nSwap navbar close buttons on Windows: # windows-swapclose.css contains the styles required to swap the close buttons, as well as to re-order the close button from MacOS styling to Windows. Follow the directions above for the manual theme override to activate.\nManual colour override: # The theme obeys your system UI colour preferences. If you want to override it e.g. always have the dark theme, then you\u0026rsquo;ll have to do the following.\nThe solution if you don\u0026rsquo;t want to change your System UI colour is to do add the following to your about:config\nAdd: ui.systemUsesDarkTheme with the number value with 1 for dark, and 0 for light.\nPlease note, you won\u0026rsquo;t be able to change the System UI colour if you are using privacy.resistFingerprinting. This apparently is for both web pages and the System UI.\nKnown bugs # If it is a fresh install of Firefox, the script for MacOS should enable the settings automatically, however users who have toggled settings may need to do the about:config in step 4 above.\nIf for any reason the WhiteSur theme doesn\u0026rsquo;t activate after using the script, follow steps 4.1 and 4.2 to toggle the stylesheets from within the Firefox settings.\nThe tab background colour can be overwritten by themes installed through firefox extentions. e.g. if you are using a dark theme in light mode, tab backgrounds that are inactive are affected. Fix: Change the installed theme to appropriate colour scheme to avoid issues.\nIf you\u0026rsquo;re looking to change the directory to run the script, you can always type bash then drag the file into terminal. You can also type cd and then drag the folder and press enter to navigate to the directory.\nAlternatively, if you\u0026rsquo;re running Catalina, the default teminal is zsh, meaning you can change folders by typing the name to enter the folder e.g. WhiteSurFirefoxThemeMacOS\nQ: \u0026ldquo;Why bother doing this, and not just use safari?\u0026rdquo; A: I\u0026rsquo;ve used safari for quite a few years, and was rather disappointed with the change in extensions, particularly with content blocking. This prompted me to use uBlock origin on Firefox, and to customise it to have the best aesthetics, and simplest transition.\nNew bugs # If you\u0026rsquo;ve found a new bug, please report it as a new issue with the templates provided.\nThanks!\nScreenshot # Windows # MacOS # ","externalUrl":null,"permalink":"/projects/firefox/","section":"Projects","summary":"","title":"Safari Firefox Theme","type":"projects"},{"content":"","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"}]