Re-enable single server mode in Drone CI

Drone CI comes since version 1.5.0 with multi-server mode (in which builds are processed by external CI runners) activated by default. This can be problematic if you’re used to drone running in single server mode. If single-server mode isn’t explicitly disabled and no runners are configured it just causes your builds to be stuck with a pending status. It took me quite a while to figure why drone suddenly stopped processing builds (to be fair I updated without reading the changelog)....

October 25, 2019 · 1 min · Me

How to handle CSP reports

Content Security Policy (CSP) is an added layer of security that helps mitigate certain types of attacks, like Cross Site Scripting and data injection attacks. CSP is a pretty powerful tool that defines what content on your Website is allowed to be parsed/executed. On top of that it is relatively easy and relatively low risk (compared to HSTS or HKPK) to deploy, since the browser doesn’t cache content security policies....

August 21, 2019 · 2 min · Me

Setting up a Lightning Node using docker and connecting to it with ZeusLN

Lightning is a layer 2 for bitcoin which allows unfairly cheap and incredibly fast bitcoin transactions. LND is a lightning network implementation written in go. This blog post shows how to set up a dockerized lightning node and how to use it with ZeusLN. ZeusLN is an app to interact with LND. Docker Setup To run LND and bitcoind (which we use as a backend for LND) dockerized we first need Dockerfiles....

June 13, 2019 · 6 min · Me

TLS 1.3 arrived!

Feburary 25th Go 1.12 got released with opt-in support for TLS 1.3. With the 0.11.5 release of caddy which builds on Go 1.12, caddy finally supports TLS 1.3. This also means that this site and (most of) the services I run, now support TLS 1.3. This site now supports TLS1.3! Yay! TLS 1.3 is the latest version of the TLS protocol, with many improvements. These improvements include:...

March 5, 2019 · 1 min · Me

Setting up Wireguard on Ubuntu

Intro WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform and widely deployable....

December 5, 2018 · 5 min · Me