Skip to content

Commit

Permalink
check spellings (#42)
Browse files Browse the repository at this point in the history
wow. im good at this
  • Loading branch information
nexus-uw authored Jun 24, 2024

Verified

This commit was signed with the committer’s verified signature.
zackkatz Zack Katz
1 parent 955eb0e commit 415961d
Showing 18 changed files with 275 additions and 26 deletions.
203 changes: 203 additions & 0 deletions .github/actions/spelling/allow.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,203 @@
aarch
abiosoft
allinurl
Amazonbot
architecting
ammobin
apk
arsenalforce
async'ly
autohandler
Barick
barrick
basededge
bbc
bcc
blogger
blogs
blogspot
browserconfig
brutalistwebsites
btwkv
cachable
caddyfile
caddyserver
cammel
caniuse
carges
cdk
cdn
chunck
cjyd
Clearnet
clientside
cloudflare
CNAMES
conifg
copypasted
darknet
ddb
debian
developerguide
dfd
diginc
digitalocean
dnsmasq
drawio
duckdns
duckduckgo
eepsite
eqac
explicited
facebookcorewwwi
fargate
fbd
ffed
Firefox
fleek
fligh
fluentd
flutuatch
fncuwbiisyh
gandi
gitlab
goaccess
gobyexample
gpg
GPT
grafana
gtm
hackathon
HEALTHCHECK
heroku
herokuapp
hnvtk
HSTS
hstspreload
ipfs
ipns
issuecomment
jessie
JSDOCs
jyro
keybase
kibana
kufc
KVM
letaylor
libredd
likereally
Limesurvey
loadtest
lol
lowendbox
lqd
lseca
lyft
madeuce
masonhq
massiveeeati
meh
memestream
memestreamclub
mischel
mokin
mokinan
mokintoken
mozilla
mstile
multiarch
nassh
nca
neocities
nextjs
nexusuw
NONINFRINGEMENT
npmjs
nqh
nrsti
nthzqt
nuxt
nuxtjs
nytimes
odo
Omgilibot
opbeat
opensource
openvpn
OSX
ovxhyzavllyduxkgh
Perma
picturefill
pihole
pnhechapfaindjhompbnflcldabbghjo
potrace
ppxzy
preactjs
protonirockerxow
protonmail
qvxi
rabaranks
ragyzgkewrmnnqslkcdglk
ramsay
ramsayswljlwqo
randos
rbobzkc
realprogramming
reddit
responsiveimages
ryangreen
rzpbg
scottjehl
selfhostable
selfhosted
Selinger
seo
severless
simone
sirv
snapfix
somepublicurl
Somethings
soundcloud
sparkvps
ssd
sszovagrkamzdtshv
stackoverflow
standalone
sysadmin
tailscale
Tca
teddit
thepiratebay
trashhalo
tumblr
tzlzj
uad
uber
UIs
uneathed
unspecial
upl
urber
usb
utm
vcpu
vps
vuejs
wazyk
webapps
webstore
whoreallyreadsthis
winstonjs
withou
WORKDIR
wxl
xbfgragh
YATA
yjhxddevl
YMid
yml
yvw
zhtg
zruknwnnuvv
14 changes: 14 additions & 0 deletions .github/actions/spelling/excludes.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
(?:^|/)\.DS_Store$
.gitignore
\.html$
\.png$
\.scss$
\.svg$
\.yml$
^\Q.github/actions/spelling/expect.txt\E$
^\Qfavicon.ico\E$
^_drafts/
^assets/
Dockerfile
Gemfile
keybase.txt
12 changes: 12 additions & 0 deletions .github/actions/spelling/expect.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
archeticure
hackathons
ico
kinda
madeucev
Qfavicon
redditt
seflhosted
selfhostedservice
serverside
shortner
transfered
14 changes: 14 additions & 0 deletions .github/workflows/ghpage.yml
Original file line number Diff line number Diff line change
@@ -11,6 +11,20 @@ jobs:

steps:
- uses: actions/checkout@v2
- name: Check Spelling
uses: check-spelling/check-spelling@v0.0.22
with:
extra_dictionaries:
cspell:software-terms/dict/softwareTerms.txt
cspell:aws/aws.txt
cspell:php/dict/php.txt
cspell:node/dict/node.txt
cspell:npm/dict/npm.txt
cspell:html/dict/html.txt
cspell:k8s/dict/k8s.txt
cspell:golang/dict/go.txt
cspell:css/dict/css.txt
cspell:fullstack/dict/fullstack.txt
- name: Build the site in the jekyll/builder container
run: |
docker run \
6 changes: 5 additions & 1 deletion .vscode/settings.json
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
{
"editor.formatOnSave": false
"editor.formatOnSave": false,
"cSpell.words": [
"Caddyfile",
"selfhosted"
]
}
2 changes: 2 additions & 0 deletions _posts/2017-01-22-list-of-tor-sites.md
Original file line number Diff line number Diff line change
@@ -9,6 +9,8 @@ tags:
onion
---

# 2024 update: none of these v2 addresses are supported anymore

- facebook.com [https://facebookcorewwwi.onion/](https://facebookcorewwwi.onion/) ([src](https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237))
- duckduckgo.com [https://3g2upl4pq6kufc4m.onion/](https://3g2upl4pq6kufc4m.onion/) ([src](https://en.wikipedia.org/wiki/DuckDuckGo))
- protonmail.com [https://protonirockerxow.onion](https://protonirockerxow.onion) ([src](https://protonmail.com/blog/tor-encrypted-email/))
2 changes: 1 addition & 1 deletion _posts/2017-07-22-im-an-elm-master.md
Original file line number Diff line number Diff line change
@@ -16,7 +16,7 @@ As a *fun* task, I relearned first year pure functional programming using [Elm](

Take Aways
- Its amazing how much one can forget from 1st year CS
- Even coming from writing functional-ish all day at work, pure functional programing is hard (really wished for an optional index param when iterating through a list)
- Even coming from writing functional-ish all day at work, pure functional programming is hard (really wished for an optional index param when iterating through a list)
- Elm's documentation code really be fleshed out to cover more than how to get things started and how the language compares to JS
- Elm's compilation errors were really clear and useful (especially in VS Code)

2 changes: 1 addition & 1 deletion _posts/2017-12-23-crummy-fargate-calc.md
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@ tags:

![](/assets/ecs.png)![](/assets/preact.png)

Last month, Amazon released AWS Fargate for ECS which removed the need to manage the underling EC2s of an ECS cluster. Amazon carges by the second for this service based on vCPU + Memory, but I wanted to know the total hourly cost for this. So I made a cost calculator for it using [Preact](https://preactjs.com/) ("Fast 3kB alternative to React with the same ES6 API."). After selecting some ec2 configurations, it was clear to me that this costs more than the ec2 based solution (even ignoring spot instance pricing) BUT it is easier and has fewer things to worry about.
Last month, Amazon released AWS Fargate for ECS which removed the need to manage the underling EC2s of an ECS cluster. Amazon charges by the second for this service based on vCPU + Memory, but I wanted to know the total hourly cost for this. So I made a cost calculator for it using [Preact](https://preactjs.com/) ("Fast 3kB alternative to React with the same ES6 API."). After selecting some ec2 configurations, it was clear to me that this costs more than the ec2 based solution (even ignoring spot instance pricing) BUT it is easier and has fewer things to worry about.

site: [https://nexus-uw.github.io/crappy-preact-fargate-calculator/](https://nexus-uw.github.io/crappy-preact-fargate-calculator/)

12 changes: 6 additions & 6 deletions _posts/2018-10-13-how-to-secure-elasticsearch-with-caddy.md
Original file line number Diff line number Diff line change
@@ -10,9 +10,9 @@ tags:
- fluentd
---

By default, Elasticsearch does not supprot authentication since user management and such are part of the propertairy X-pack addon (gotta find some cash to cover that IPO).
By default, Elasticsearch does not support authentication since user management and such are part of the proprietary X-pack addon (gotta find some cash to cover that IPO).

BUT we can work around this with Caddyserver. For this exmaple, docker-compose can set up our Elasticsearch box:
BUT we can work around this with Caddyserver. For this example, docker-compose can set up our Elasticsearch box:

```yml
version: '3.2'
@@ -38,7 +38,7 @@ The caddy file will provide basic HTTP Auth and HTTPS to protect our elasticsear
https://somepublicurl.com {
tls some@email.com
proxy / elasticsearch:9200
basicauth / the_sun_god_emporer wow_this_would_make_a_great_password_dont_tell_anyone
basicauth / the_sun_god_emperor wow_this_would_make_a_great_password_dont_tell_anyone
}
```

@@ -49,7 +49,7 @@ Then to send some data from a remote machine, the sample fluentd config file sho
@type elasticsearch
host somepublicurl.com
port 443
user the_sun_god_emporer
user the_sun_god_emperor
password wow_this_would_make_a_great_password_dont_tell_anyone
scheme https
ssl_version TLSv1_2
@@ -63,8 +63,8 @@ note: the following fluentd log message
[warn]: #0 Could not connect Elasticsearch. Assuming Elasticsearch 5.
```

is an understatment. This should be considered a **fatal**. It means your config is crap.
is an understatement. This should be considered a **fatal**. It means your config is crap.
Adding with_transporter_log true to your < match > section will explain why it is not working.


This setup can be pretty handy for self hosting Elasticsearch at home b/c Elasticsearch wants some heavy (for personal + seflhosted use) requirements for RAM + disk. by keeping this stuff at home, you dont have to spent ~$40 per month for an equalivent VPS.
This setup can be pretty handy for self hosting Elasticsearch at home b/c Elasticsearch wants some heavy (for personal + seflhosted use) requirements for RAM + disk. by keeping this stuff at home, you don't have to spent ~$40 per month for an equivalent VPS.
Original file line number Diff line number Diff line change
@@ -63,7 +63,7 @@ CloudFront is a global AWS service and can be created from any region but everyt
I found it much easier to only create the distribution in us-east-1 so that all of its related resources can cleanly exist in the same stack. As for how to connect it back to the rest of ammobin in ca-central-1, custom (internal) CNAMES was really handy since they could be easily shared between the stacks using a common constants typescript file.

## s3 costs
It was easy to blow through the PUT request free tier with a daily re-upload of ```nuxt generate``` within a few days. This forced a re-archecting of the stack to make use of the free tier of github pages + actions.
It was easy to blow through the PUT request free tier with a daily re-upload of ```nuxt generate``` within a few days. This forced a re-architecting of the stack to make use of the free tier of github pages + actions.

cdk has an easy asset zip + upload process for lambda code. By not optimizing the asset packages being uploaded, the 5GB free storage limit was easily reached after a month of development. Reducing the lambda bundle size + removing old zips solved this issue.

4 changes: 2 additions & 2 deletions _posts/2021-10-03-mini-madeuce.md
Original file line number Diff line number Diff line change
@@ -36,10 +36,10 @@ sharing mokin token notes is a real pain if one has to manually type in the url
Create password with massive-pass, store it using mokintoken, take the encrypted url and shorten it using mini-madeuce. Then manually enter the shorten url on the separate computer so that the password can be copy pasted

### threats mini-madeuce protects against
1. Shorted url is discovered in a data leak (ie: email hacked, droped usb stick).
1. Shorted url is discovered in a data leak (ie: email hacked, dropped usb stick).
if after usage limit (default 1, max 10) or expiry (default 1, max 720 hours)
shortened url will already been deleted from the service's db, service does not indicate if the url ever even existed.
2. Shorted url is intercepted before it expires/used up. If created with the 1 use count, when the intended user of the url visits the short url, it will not work for them. If they are smart, they will know that the url has been intercepted and whatever they were using for it has been compromised. ideally they would switch communication channels.
3. Prevents writting down passwords in order to manually copy over to a new machine. If combined with mokin-token, long passwords can be shared with a new computer/smart phone by first encrypting with mokin-token, and then the long url is shortened by mini-madeuce. The user can then manually entered on the new machine, the full password can copypasted.
3. Prevents writing down passwords in order to manually copy over to a new machine. If combined with mokin-token, long passwords can be shared with a new computer/smart phone by first encrypting with mokin-token, and then the long url is shortened by mini-madeuce. The user can then manually entered on the new machine, the full password can copypasted.

![](/assets/1563630852404.jpg)
Original file line number Diff line number Diff line change
@@ -43,7 +43,7 @@ https://selfhostedservice.rabaranks.duckdns.org {
- creds are stored in plain text within caddyfile
- upstream server will still accept direct requests + responds with blank response (indicating that something is running there + the domain name is valid)

## improvemnets
## improvements
- [mutual TLS](https://www.cloudflare.com/learning/access-management/what-is-mutual-tls/) (ref [Caddyfile config](https://caddyserver.com/docs/caddyfile/directives/tls#client_auth))

## (Better) Alternatives
2 changes: 1 addition & 1 deletion _posts/2022-10-30-lambda edge auth.md
Original file line number Diff line number Diff line change
@@ -74,7 +74,7 @@ have lambda@edge sign incoming origin request
- custom domain
- caching policy
- AWS Shield + WAF protection
- edge routing (could also do something like https://ramsay.xyz/2022/01/05/release-of-blue-green-static-aws-edge.html to internall route to the closest aws region for backing lambda execution)
- edge routing (could also do something like https://ramsay.xyz/2022/01/05/release-of-blue-green-static-aws-edge.html to internal route to the closest aws region for backing lambda execution)

## iam auth
apply an iam resource policy (handy for cross account access)
2 changes: 1 addition & 1 deletion _posts/2022-10-30-released-some-basic-docker-containers.md
Original file line number Diff line number Diff line change
@@ -26,7 +26,7 @@ Since Caddy usually issues certs by hosting a validation file on your server, it

# Buy why ssl home?
1. protect against local network snooping (ie: random cheap iot device, not so friendly guest)
2. can efforce HTTPS only CSP for self hosted site
2. can enforce HTTPS only CSP for self hosted site
3. allows one to enroll their personal domain in [HSTS preload list](https://hstspreload.org/) (since it requires HSTS header to includeSudDomains)

# links
4 changes: 2 additions & 2 deletions _posts/2022-11-18-cross-aws-region-latency.md
Original file line number Diff line number Diff line change
@@ -19,7 +19,7 @@ This assumes that DDB Global Tables are not viable (ie: already have a global ta
### 3 setups, for a ddb in us-east-1
1. Lambda in us-west-2
2. Lambda in us-east-1
3. Cloudfront infront of us-east-1 Lambda (for edge routing)
3. Cloudfront in front of us-east-1 Lambda (for edge routing)

Additionally a base line was generated by running the same test against a us-west-2 Lambda talking to a us-west-2 DDB.

@@ -63,7 +63,7 @@ http.response_time:
p95: ......................................................................... 596
p99: ......................................................................... 645.6
CLOUDFRONT INFRONT OF CROSS REGION LAMBDA
CLOUDFRONT IN FRONT OF CROSS REGION LAMBDA
http.codes.200: ................................................................ 882
http.request_rate: ............................................................. 3/sec
http.requests: ................................................................. 882
Loading

0 comments on commit 415961d

Please sign in to comment.