On the subtleties of URL parsing

A recent side project of me has been to write a scalable crawler which looks for broken resources (links, stylesheets, …) on a website. This project is meant to replace an existing crawler written in PHP with a more efficient implementation in golang. Part of writing a crawler includes parsing URLs on pages. Thankfully golang has the url.Parse method which makes this job easy, though there are a couple of caveats to look out....

January 9, 2021 · 2 min · Me

Coredns: Enable dnssec

I recently got around to finally enable dnssec on the fly signing in my CoreDNS setup. Since the process to set this up isn’t very good documented I thought I’d write a short blog post about it. Steps 0. Only for docker Make sure you have a directory for the dnssec keys mounted in your container. 1. Generate the dnssec key To generate the dnssec key you need to have bind9utils installed....

December 15, 2019 · 2 min · Me

Ansible: Remove Saltstack

I recently migrated my infrastructure from Saltstack to Ansible. To reason for this switch was relatively simple: I really liked that Ansible was agentless compared to Saltstack where you need a master and agents. Another reason was that I find Ansible playbooks a lot easier to write and maintain than Saltstack states. To get my playbook skills going I decided to uninstall salt by using a playbook. The playbook I wrote is below available for anyone free to use....

November 30, 2019 · 1 min · Me

Re-enable single server mode in Drone CI

Drone CI comes since version 1.5.0 with multi-server mode (in which builds are processed by external CI runners) activated by default. This can be problematic if you’re used to drone running in single server mode. If single-server mode isn’t explicitly disabled and no runners are configured it just causes your builds to be stuck with a pending status. It took me quite a while to figure why drone suddenly stopped processing builds (to be fair I updated without reading the changelog)....

October 25, 2019 · 1 min · Me

How to handle CSP reports

Content Security Policy (CSP) is an added layer of security that helps mitigate certain types of attacks, like Cross Site Scripting and data injection attacks. CSP is a pretty powerful tool that defines what content on your Website is allowed to be parsed/executed. On top of that it is relatively easy and relatively low risk (compared to HSTS or HKPK) to deploy, since the browser doesn’t cache content security policies....

August 21, 2019 · 2 min · Me