Weekly Retro 2024-W16
2024-4-22 07:0:0 Author: 0xda.de(查看原文) 阅读量:15 收藏

This week I touch on my experience with NixOS and Hyper-V, adding structured data to my blog posts for better search engine visibility, and setting up my home assistant yellow and some basic home automation. Links include search engines, plain text, and critical vulnerabilities in popular LLM frameworks.

NixOS & Hyper-V

NixOS running the Budgie Desktop Environment in a Hyper-V container

I’ve been really interested in NixOS lately, and decided to start spending time getting it set up in a VM before my new laptop gets here. Allegedly, I can just copy the config over from my VM to the laptop, and have my exact same system. Very appealing.

Getting things working in Hyper-V was kind of annoying, but once I figured it out, it wasn’t so bad. It turns out that there is a virtualization module for Hyper-V that is super easy to enable and gets you most of the way there. virtualisation.hypervGuest.enable = true; and away you go.

The next thing I really struggled with, though, was trying to use Hyprland. I’ve always really liked tiling window managers, and it looked like setting it up in Nix would be really easy. Unfortunately, Hyprland requires 3D acceleration, which I would have quickly realized if I’d actually read the getting started guide. It does not seem to be easy to enable 3D acceleration in Hyper-V guests – I eventually gave up and switched to Budgie for now. Once I run on hardware, I’ll consider trying to setup Hyprland.

Next up, I think I’m going to play with Impermanence. Wipe the root filesystem on every reboot, force me to get better about making sure my configurations are stored in a repeatable way and reduce the accumulation of ~cruft~ state in my system.

JSON-LD & Structured Data

<script type="application/ld+json">
    {
        "@context": "https://schema.org",
        "@type": "BlogPosting",
        "headline": "Weekly Retro 4",
        "datePublished": "2024-04-14T21:45:28Z",
        "dateModified": "2024-04-14T23:27:53Z",
        "author": [{
            "@type": "Person",
            "name": "0xdade",
            "url": "https://0xda.de/"
          }]
      }
</script>

I’ve recently added structured data output to my blog posts in the form of JSON-LD script tags. This follows Google’s structured data recommendations for blog posts. Above is a snippet of the output for last week’s retro post. You can learn how to do it on your own hugo site by reading my post Adding JSON-LD to Hugo.

JSON-LD seems like it is leaning into the Semantic Web concepts. I’m not sure where I’m at on the Semantic Web hype train, but I like the idea of making it easier for other machines to process my content. I figure if I took the time to add indieweb markup to my site, I can add a bit of JSON-LD to my blog posts and see how it impacts search results.

Speaking of search, I have a couple links in Interesting Links this week on the topic. I’ve seen a lot of lamenting about Google’s deteriorating search experience, and I’m interested in alternatives.

Home Assistant & Home Automation

Home Assistant Yellow image from the official website

I ordered a Home Assistant Yellow towards the end of last week and got it this week. I set it up and have some basic automations for my lights in my office. I know I could have done this with a plain raspberry pi, but I liked that this had all the radios built in and had the power-over-ethernet built in.

I also have a couple Everything Presence One kits, which I haven’t set up yet but intend to now that I have home assistant setup. It’s a combination of mmWave and PIR motion sensors, as well as temperature and humidity sensors, ambient lighting sensor, and bluetooth tracking. I’ll likely set one up in my office to turn my lights on when I’m in the office and it gets dark, and turn them off when I’m no longer in my office.

I’m a bit bummed that my Moonside Neon Hex lights don’t seem to work with Home Assistant – they have “smart home” controls but seem to be cloud controlled, which I explicitly do not want. They support connecting over bluetooth, so I might be able to reverse engineer the bluetooth commands needed to control them, but that sounds like a lengthy project that I don’t really have the time or expertise for right now.

I also have a custom neon LED sign from HDJ Sign that Sienna got me with 0xdade on it, which is fantastic. Unfortunately it is only controlled with an IR remote and receiver. Setting up a simple microcontroller with IR blaster shouldn’t be particularly hard to hook it up to the smart home stuff, but I’d also like to 3d print a case that wraps the built in receiver to keep things clean, and if I’m going to do that then I’d also like to have them share a single power source – so suddenly this also becomes a longer project that creeps outside my comfort zone 😅.

What I’m Reading

The Bezzle: A Martin Hench Novel. By Cory Doctorow

The Bezzle

By Cory Doctorow

ISBN: 978-1-250-86587-8
Learn More


I didn’t have a lot of time to read this week but I read a few chapters and so far it’s mostly got me wanting to visit Catalina Island, which was already on my “want to visit sometime” list.

  • The Anatomy of a Large-scale Hypertextual Web Search Engine - This paper from 1998 by Google founders Sergey Brin and Lawrence Page highlights early insights into Google’s search engine. Particularly interesting is 8 Appendix A: Advertising and Mixed Motives, in which they highlight that a search engine with a heavy Advertising business model is inherently biased towards advertisers and away from the needs of consumers.
  • Kagi Small Web - Kagi is a paid search engine. I haven’t used it yet, but I’ve heard relatively good things. But one thing that I found particularly interesting is the Kagi Small Web Initiative, which focuses on promoting recently published content from the “small web” – small websites written by individuals, with less focus on advertising and the “commercial” web.
  • Kick The Spy Pet - Spy.pet made rounds this week when 404 Media published about their far reaching army of discord monitoring bots, and selling the tracking data of individuals across discord servers. Unfortunately they weren’t particularly good at securing their own site, and someone scraped all of their bot users from their API and made a new site to help server owners identify spy pet bots to ban.
  • Reveal Hugo - A Hugo module for embedding reveal.js presentations into your Hugo site. I’ve been wanting to move towards using reveal.js and markdown to create my slides ever since watching The Unreasonable Effectiveness of Plain Text, and the ability to embed my slides directly into my hugo site would make publication much easier.
  • The Unreasonable Effectiveness of Plain Text - A No Boilerplate video about why plain text reigns supreme. I’m a huge fan of No Boilerplate, and would recommend not only this video but many others.
  • Fuck you, pay me - A video by Mike Monteiro from March 2011 about offering creative services as a business. Adam Savage referenced this video in one of his recent videos, and I think it’s a great video. It’s important to get paid for the work you do. Hire a lawyer, use contracts, protect yourself.
  • Raining 0days - Kenn White tweeted about research from BlackHat Asia by Tong Liu and team from the Institute of Information Engineering, Chinese Academy of Sciences. They reported over a dozen RCE vulnerabilities on popular frameworks like LangChain and LlamaIndex. Now comes the part where we throw our heads back and laugh.

Upcoming Projects

  • BSides Las Vegas Talk - I’ve submitted to the CFP a whole week before it closed. We are now pending feedback. (Due: N/A - Done)
  • OWASP Global AppSec Training - I’ve drafted out the outline for a 1-day hands-on training on Docker. It’s targeted at developers who may be familiar with what docker is but not familiar with using it themselves. (Due: 2024-05-06)
  • Defcon 32 Call for Artists - I think I need to record a set list, or maybe put together a soundcloud playlist that I can share. I also need to pick a promo photo. (Due: 2024-06-01)
  • Defcon 32 Call For Soundtrack - My new song, “Oh Dade”, produced by Mikal kHill, is pending mixing before submission. If it’s accepted, it will debut on the Defcon soundtrack. If it’s not accepted, I will release it the same day I find out it’s not accepted. (Due: 2024-06-01)

文章来源: https://0xda.de/blog/2024/04/weekly-retro-2024-w16/
如有侵权请联系:admin#unsafe.sh