Hosting this site is a project in and of itself. Just for fun I’m trying to see how far I can take the forward-facing security aspect of modern webhosting. That means no weak ciphers, all the extra security bits flipped, etc.
Oh, and for extra bonus points: you, Dear Reader, should be (and apparently are) able to open and read this content, which is all based on modern principles within a modern framework.
My first, and last, real foray into the world of free software. Written in 2000, when it was still acceptable to write C, it’s a super-handy systems administration tool for Debian GNU/Linux that will tell you which packages you no longer need. Because computers back then weren’t as fancy as they are now I spent a fair amount of time optimizing the code to run as quickly as possible.
Since I emigrated in 2003, or perhaps even before then, others have been maintaining the project. It’s still in Debian (and Ubuntu) today.
To be honest, I don’t fully remember what I did for this project. I know it involved a Popcorn Hour A-110 media player, which were popular at the time. I believe I ported some pre-existing software to their awful SoC platform and packaged it up to make it easy to install.
Anyway, I released it into the wild and it became a pretty popular little project for a short time. Then less awful hardware took over the market and Popcorn Hour died. And everyone rejoiced.
Together with some other turbo-nerds I ran the technical infrastructure for the Eve Online alliance “Test Alliance Please Ignore” for a while. The first overhaul was iterative based on a Debian/KVM setup I inherited. That was basically this. The second iteration was basically building everything from the ground up. I got a new NVMe-based server, got Proxmox VE going on it, and just went all-out nuts setting up LXC hosts through Ansible. If you’re in TEST, you can read the forum post I made about it.
We frequently had some 600 people on Mumble, multiples of that on the forums (InvisionPower Suite 4) and wiki (Mediawiki), five-digit numbers of users on the custom SSO (and more) Django application, and all sorts of applications and plugins to tie it all together. TEST IT taught me how much fun it is to break things in production, how terrible some hosting providers are, and how to run a reasonably-sized site on a $100/mo budget.
This is a quick and dirty web application to store encrypted files and share them with others. The files stored are encrypted locally by the uploader. A file URL can then be shared with a third party, and the decryption key should be shared out of band. The file can then be downloaded in cleartext by entering the decryption id.
Basically I needed to send a sensitive file to someone who is not very computer-savvy. There didn’t seem to be any solution for that, other than Sneakernet, so I kind of threw this together in an evening. It got the job done.
Toupee — TLS Optimal Unfuckery Pro Enterprise Edition (free trial)
A very much unfinished project, however, it does what I needed it to do. Toupee will collect a bunch of X.509 certificates and output them in common formats, along with fairly sensible Apache 2.4 and Nginx configurations. It’s a poor man’s substitute for actually learning how to deal with X.509 and TLS; you can just feed it the files your certificate and used car salesman sent you and it will spit out what you probably need. Easier than Googling “nginx ssl configuration” for the 15th time this year.
While working on this project I learned a lot about TLS, X.509, ASN.1, DER, PEM, and all that good stuff, so I no longer felt a pressing need to wrap up the project.
I actually wrote PHP code. In my defense, this was the standard quality for CMSes at the time, and still is the standard for PHP code today. Also, I was like 17. Check out the history section for how this ties into this website.
I do still have the database dump from the site at the time, but I’m afraid to try to run this code. Maybe one day I will …