@tomas-florian.bsky.social
If you have multiple #wireguard profiles, sometimes it lets you connect only one at a time. TIL if these criteria are met, you can always connect to them simultaneously:
- Non-overlapping AllowedIPs subnets
- Non-overlapping wireguard IP address and subnet
- Non-overlapping AllowedIPs subnets
- Non-overlapping wireguard IP address and subnet
November 5, 2025 at 2:50 AM
If you have multiple #wireguard profiles, sometimes it lets you connect only one at a time. TIL if these criteria are met, you can always connect to them simultaneously:
- Non-overlapping AllowedIPs subnets
- Non-overlapping wireguard IP address and subnet
- Non-overlapping AllowedIPs subnets
- Non-overlapping wireguard IP address and subnet
In #pfSense it's notoriously tricky to do reflective / hairpin turn #NAT. Typical workarounds involve proxies or split DNS. Today I stumbled across another technique that seems to work on latest pfSense:
Create a duplicate NAT entry but set the interface to LAN instead of WAN. Seems to work.
Create a duplicate NAT entry but set the interface to LAN instead of WAN. Seems to work.
November 4, 2025 at 3:01 AM
I love it when there is a simpler solution to a problem:
Implementing modern #zero-trust overlay can be tricky (legacy devices, networking obstacles, resiliency concerns). I realized I can get robust network level #microsegmentation by creating #firewall filter at the #hypervisor (both in AND out)
Implementing modern #zero-trust overlay can be tricky (legacy devices, networking obstacles, resiliency concerns). I realized I can get robust network level #microsegmentation by creating #firewall filter at the #hypervisor (both in AND out)
November 1, 2025 at 12:02 AM
I love it when there is a simpler solution to a problem:
Implementing modern #zero-trust overlay can be tricky (legacy devices, networking obstacles, resiliency concerns). I realized I can get robust network level #microsegmentation by creating #firewall filter at the #hypervisor (both in AND out)
Implementing modern #zero-trust overlay can be tricky (legacy devices, networking obstacles, resiliency concerns). I realized I can get robust network level #microsegmentation by creating #firewall filter at the #hypervisor (both in AND out)
In the last month, I've been evaluating different #zero-trust overlays. Each one has it's pros and cons, but one thing that I liked about #Nebula https://github.com/slackhq/nebula is that it leaves your #iptables alone. It has it's own #firewall built into the protocol. Less room for mistakes.
GitHub - slackhq/nebula: A scalable overlay networking tool with a focus on performance, simplicity and security
A scalable overlay networking tool with a focus on performance, simplicity and security - slackhq/nebula
github.com
October 31, 2025 at 1:57 AM
In the last month, I've been evaluating different #zero-trust overlays. Each one has it's pros and cons, but one thing that I liked about #Nebula https://github.com/slackhq/nebula is that it leaves your #iptables alone. It has it's own #firewall built into the protocol. Less room for mistakes.
TIL that when I block traffic via #Proxmox #firewall, sometimes the rules have no effect. The problem is that previously established connections are left alone. I can either wait for the connection to close eventually, or force it with
conntrack -F #flush on the pve host where the #VM is running
conntrack -F #flush on the pve host where the #VM is running
October 29, 2025 at 3:48 AM
I had great time at project based mini hackathon in #Calgary
https://www.meetup.com/software-developers-of-calgary/events/305683318/
There are so many amazing devs working on amazing #technology !
https://www.meetup.com/software-developers-of-calgary/events/305683318/
There are so many amazing devs working on amazing #technology !
Project-based Mini-Hackathon!, Sat, Oct 25, 2025, 10:00 AM | Meetup
Hi all,
Once a month we hold a "mini-hackathon" where we code from 10 AM to about 4:00 PM at which point we do a little show-and-tell where you are welcome to demo what yo
www.meetup.com
October 28, 2025 at 2:54 AM
I had great time at project based mini hackathon in #Calgary
https://www.meetup.com/software-developers-of-calgary/events/305683318/
There are so many amazing devs working on amazing #technology !
https://www.meetup.com/software-developers-of-calgary/events/305683318/
There are so many amazing devs working on amazing #technology !
TIL: in #WireGuard when your AllowedIPs subnets overlap with server address, things might appear to work but it's fragile and non-portable. Best practice is to carve your subnets so that they don't overlap with server IP. One symptom that you've got it wrong is only first handshake succeeds.
October 10, 2025 at 3:14 AM
TIL: in #WireGuard when your AllowedIPs subnets overlap with server address, things might appear to work but it's fragile and non-portable. Best practice is to carve your subnets so that they don't overlap with server IP. One symptom that you've got it wrong is only first handshake succeeds.
TIL: exposing port in #docker inserts rules into your iptables that take precedence over your plain iptables rules (eg INPUT, FORWARD)
Watch out for this! You'd think #iptables blocks that exposure, but the port is wide open even when listed in iptables as blocked.
#Cybersecurity #DevSecOps
Watch out for this! You'd think #iptables blocks that exposure, but the port is wide open even when listed in iptables as blocked.
#Cybersecurity #DevSecOps
October 10, 2025 at 2:03 AM
TIL: exposing port in #docker inserts rules into your iptables that take precedence over your plain iptables rules (eg INPUT, FORWARD)
Watch out for this! You'd think #iptables blocks that exposure, but the port is wide open even when listed in iptables as blocked.
#Cybersecurity #DevSecOps
Watch out for this! You'd think #iptables blocks that exposure, but the port is wide open even when listed in iptables as blocked.
#Cybersecurity #DevSecOps
I found another cool project that shows emergence of complex pattern from simple rules.
https://github.com/hunar4321/particle-life
#EmergentBehavior #Simulation
https://github.com/hunar4321/particle-life
#EmergentBehavior #Simulation
GitHub - hunar4321/particle-life: A simple program to simulate artificial life using attraction/reuplsion forces between many particles
A simple program to simulate artificial life using attraction/reuplsion forces between many particles - hunar4321/particle-life
github.com
October 8, 2025 at 10:55 PM
I found another cool project that shows emergence of complex pattern from simple rules.
https://github.com/hunar4321/particle-life
#EmergentBehavior #Simulation
https://github.com/hunar4321/particle-life
#EmergentBehavior #Simulation
Need a quick way to get securely random tokens?
dd if=/dev/random bs=1k count=1 | sha512sum
tip: use part of the token if you don't need your token to be so long
tip 2: don't use md5sum (not just short, it's cryptographically broken)
#cybersecurity #devsecops #linux
dd if=/dev/random bs=1k count=1 | sha512sum
tip: use part of the token if you don't need your token to be so long
tip 2: don't use md5sum (not just short, it's cryptographically broken)
#cybersecurity #devsecops #linux
September 26, 2025 at 3:33 PM
Need a quick way to get securely random tokens?
dd if=/dev/random bs=1k count=1 | sha512sum
tip: use part of the token if you don't need your token to be so long
tip 2: don't use md5sum (not just short, it's cryptographically broken)
#cybersecurity #devsecops #linux
dd if=/dev/random bs=1k count=1 | sha512sum
tip: use part of the token if you don't need your token to be so long
tip 2: don't use md5sum (not just short, it's cryptographically broken)
#cybersecurity #devsecops #linux
TIL that M.2 hides something unexpected: Different pins go to completely different places.
Some pins are PCIe for NVMe, others are SATA pins, and even USB
Just because all the pins are visible, and even if the M, B notches match, doesn't guarantee that it will work.
Check the specs
#SysAdmin
Some pins are PCIe for NVMe, others are SATA pins, and even USB
Just because all the pins are visible, and even if the M, B notches match, doesn't guarantee that it will work.
Check the specs
#SysAdmin
September 26, 2025 at 1:14 PM
TIL that M.2 hides something unexpected: Different pins go to completely different places.
Some pins are PCIe for NVMe, others are SATA pins, and even USB
Just because all the pins are visible, and even if the M, B notches match, doesn't guarantee that it will work.
Check the specs
#SysAdmin
Some pins are PCIe for NVMe, others are SATA pins, and even USB
Just because all the pins are visible, and even if the M, B notches match, doesn't guarantee that it will work.
Check the specs
#SysAdmin
2 minute public key #encryption tutorial
# Keys
openssl genrsa -out priv.pem 4096
openssl rsa -in priv.pem -pubout -out pub.pem
# Encrypt
echo "Hello!" | openssl pkeyutl -encrypt -pubin -inkey pub.pem | base64
# Decrypt
echo "" | base64 -d | openssl pkeyutl -decrypt -inkey priv.pem
# Keys
openssl genrsa -out priv.pem 4096
openssl rsa -in priv.pem -pubout -out pub.pem
# Encrypt
echo "Hello!" | openssl pkeyutl -encrypt -pubin -inkey pub.pem | base64
# Decrypt
echo "
September 23, 2025 at 10:42 PM
2 minute public key #encryption tutorial
# Keys
openssl genrsa -out priv.pem 4096
openssl rsa -in priv.pem -pubout -out pub.pem
# Encrypt
echo "Hello!" | openssl pkeyutl -encrypt -pubin -inkey pub.pem | base64
# Decrypt
echo "" | base64 -d | openssl pkeyutl -decrypt -inkey priv.pem
# Keys
openssl genrsa -out priv.pem 4096
openssl rsa -in priv.pem -pubout -out pub.pem
# Encrypt
echo "Hello!" | openssl pkeyutl -encrypt -pubin -inkey pub.pem | base64
# Decrypt
echo "
I'm evaluating limits of performance consumer grade #SSDs.
So far it looks like the biggest "killer" is very long writes. When writing a giant file, some SSDs hit a wall and their performance drops to slower than HD.
I wish manufacturers told us roughly where that wall was (in GB)
#SysAdmin
So far it looks like the biggest "killer" is very long writes. When writing a giant file, some SSDs hit a wall and their performance drops to slower than HD.
I wish manufacturers told us roughly where that wall was (in GB)
#SysAdmin
September 18, 2025 at 10:46 PM
#CellularAutomata that exhibit complex emergence
Amazing!
When I tried it, I got bunch of dormant shapes. Except one started to pulse (almost imperceptibly) that pulse built up into wild convulsions and exploded "supernova style" into more dormant children
www.youtube.com/watch?v=p4Yi...
Amazing!
When I tried it, I got bunch of dormant shapes. Except one started to pulse (almost imperceptibly) that pulse built up into wild convulsions and exploded "supernova style" into more dormant children
www.youtube.com/watch?v=p4Yi...
How Particle Life emerges from simplicity
YouTube video by Tom Mohr
www.youtube.com
September 17, 2025 at 10:52 PM
#CellularAutomata that exhibit complex emergence
Amazing!
When I tried it, I got bunch of dormant shapes. Except one started to pulse (almost imperceptibly) that pulse built up into wild convulsions and exploded "supernova style" into more dormant children
www.youtube.com/watch?v=p4Yi...
Amazing!
When I tried it, I got bunch of dormant shapes. Except one started to pulse (almost imperceptibly) that pulse built up into wild convulsions and exploded "supernova style" into more dormant children
www.youtube.com/watch?v=p4Yi...
Growing Neural Cellular Automata
distill.pub/2020/growing...
Each pixel is a cellular automaton trained to regenerate an image based only on it's local surroundings
#MachineLearning #ML
distill.pub/2020/growing...
Each pixel is a cellular automaton trained to regenerate an image based only on it's local surroundings
#MachineLearning #ML
September 17, 2025 at 12:37 AM
Growing Neural Cellular Automata
distill.pub/2020/growing...
Each pixel is a cellular automaton trained to regenerate an image based only on it's local surroundings
#MachineLearning #ML
distill.pub/2020/growing...
Each pixel is a cellular automaton trained to regenerate an image based only on it's local surroundings
#MachineLearning #ML
I've been wondering if there is a better alternative to back propagation...
Something more akin to "fire together wire together" where you learn on the fly. That's when I stumbled across #HTM Hierarchical temporal memory and #Numenta. Looks interesting.
en.wikipedia.org/wiki/Hierarc...
#ML #AI
Something more akin to "fire together wire together" where you learn on the fly. That's when I stumbled across #HTM Hierarchical temporal memory and #Numenta. Looks interesting.
en.wikipedia.org/wiki/Hierarc...
#ML #AI
Hierarchical temporal memory - Wikipedia
en.wikipedia.org
September 17, 2025 at 12:22 AM
I've been wondering if there is a better alternative to back propagation...
Something more akin to "fire together wire together" where you learn on the fly. That's when I stumbled across #HTM Hierarchical temporal memory and #Numenta. Looks interesting.
en.wikipedia.org/wiki/Hierarc...
#ML #AI
Something more akin to "fire together wire together" where you learn on the fly. That's when I stumbled across #HTM Hierarchical temporal memory and #Numenta. Looks interesting.
en.wikipedia.org/wiki/Hierarc...
#ML #AI
Which #SSD NAND types are best for long sequential writes? (ex #zfs replication)
best to worst:
SLC (Single) - 1 bit (cache)
MLC (Multi) - 2 bits
TLC (Triple) - 3 bits
QLC (Quad) - 4 bits
Consumer drives have a limited SLC cache and when it's full, the main NAND type matters.
best to worst:
SLC (Single) - 1 bit (cache)
MLC (Multi) - 2 bits
TLC (Triple) - 3 bits
QLC (Quad) - 4 bits
Consumer drives have a limited SLC cache and when it's full, the main NAND type matters.
September 12, 2025 at 10:17 PM
I've been exploring ways AI text detectors can be bypassed. I provided samples and #PoC code with Originality.ai and they are using the data to improve their next model.
It's really cool to see how an #ML models gets stronger by being exposed to a #RedTeam process like this.
#cybersecurity
It's really cool to see how an #ML models gets stronger by being exposed to a #RedTeam process like this.
#cybersecurity
September 12, 2025 at 12:00 AM
I've been exploring ways AI text detectors can be bypassed. I provided samples and #PoC code with Originality.ai and they are using the data to improve their next model.
It's really cool to see how an #ML models gets stronger by being exposed to a #RedTeam process like this.
#cybersecurity
It's really cool to see how an #ML models gets stronger by being exposed to a #RedTeam process like this.
#cybersecurity
Thought experiment: If there was a lock company that sold the best locks, but also sold the most effective lock picks at the same time, would you buy a lock from them?
At first the paradox breaks my brain a bit, but if I think about it deeper - I would gladly buy it.
Would you?
#cybersecurity
At first the paradox breaks my brain a bit, but if I think about it deeper - I would gladly buy it.
Would you?
#cybersecurity
September 10, 2025 at 11:12 PM
Thought experiment: If there was a lock company that sold the best locks, but also sold the most effective lock picks at the same time, would you buy a lock from them?
At first the paradox breaks my brain a bit, but if I think about it deeper - I would gladly buy it.
Would you?
#cybersecurity
At first the paradox breaks my brain a bit, but if I think about it deeper - I would gladly buy it.
Would you?
#cybersecurity
Just finished a milestone in #AITextDetection bypass research. I'm working with the theory that all detectors are bypassable if you throw enough iterations of the same prompt at it. Of course, brute force is expensive, and that's where specific techniques help.
#cybersecurity
#cybersecurity
September 9, 2025 at 9:49 PM
Just finished a milestone in #AITextDetection bypass research. I'm working with the theory that all detectors are bypassable if you throw enough iterations of the same prompt at it. Of course, brute force is expensive, and that's where specific techniques help.
#cybersecurity
#cybersecurity
If you redact a PDF document by placing black boxes over the text, other people can just delete the boxes and peek under!
Do this instead:
1) print document to PDF ... BUT before printing look for "print as image option" that flattens the document
2) check that it worked
#Cybersecurity #TechTips
Do this instead:
1) print document to PDF ... BUT before printing look for "print as image option" that flattens the document
2) check that it worked
#Cybersecurity #TechTips
September 5, 2025 at 10:14 PM
If you redact a PDF document by placing black boxes over the text, other people can just delete the boxes and peek under!
Do this instead:
1) print document to PDF ... BUT before printing look for "print as image option" that flattens the document
2) check that it worked
#Cybersecurity #TechTips
Do this instead:
1) print document to PDF ... BUT before printing look for "print as image option" that flattens the document
2) check that it worked
#Cybersecurity #TechTips
When serving a #SSL certificate serve it with the full chain.
It's like going to a government clerk and handing him public documents (including supporting ones) vs handing him just one and telling him to look up the rest.
Both ways are secure, but one is more likely to succeed every time.
#TLS
It's like going to a government clerk and handing him public documents (including supporting ones) vs handing him just one and telling him to look up the rest.
Both ways are secure, but one is more likely to succeed every time.
#TLS
September 5, 2025 at 9:56 PM
My favorite tech #Meetup list in #Calgary
- Test Tribe: www.meetup.com/the-test-tri...
- Project Based Mini Hackathon: www.meetup.com/software-dev...
- PyData: www.meetup.com/pydata-calga...
- Calgary Game Developers: www.meetup.com/calgary-game...
- CalgaryUX: www.meetup.com/calgaryux/
- Test Tribe: www.meetup.com/the-test-tri...
- Project Based Mini Hackathon: www.meetup.com/software-dev...
- PyData: www.meetup.com/pydata-calga...
- Calgary Game Developers: www.meetup.com/calgary-game...
- CalgaryUX: www.meetup.com/calgaryux/
September 5, 2025 at 3:34 AM
My favorite tech #Meetup list in #Calgary
- Test Tribe: www.meetup.com/the-test-tri...
- Project Based Mini Hackathon: www.meetup.com/software-dev...
- PyData: www.meetup.com/pydata-calga...
- Calgary Game Developers: www.meetup.com/calgary-game...
- CalgaryUX: www.meetup.com/calgaryux/
- Test Tribe: www.meetup.com/the-test-tri...
- Project Based Mini Hackathon: www.meetup.com/software-dev...
- PyData: www.meetup.com/pydata-calga...
- Calgary Game Developers: www.meetup.com/calgary-game...
- CalgaryUX: www.meetup.com/calgaryux/
For the past month I've been diving deeper into tools coming out of #CNCF - Cloud Native Computing Foundation
It should really be called *Anywhere* Native Computing Foundation though. The beauty of those tools isn't the cloud, it's that they are location neutral.
#DevOps #Rancher #k8s
It should really be called *Anywhere* Native Computing Foundation though. The beauty of those tools isn't the cloud, it's that they are location neutral.
#DevOps #Rancher #k8s
September 5, 2025 at 3:23 AM
The way I conceptualize #ChatGPT is like a mirror. A special mirror that reflects your rough idea back but in a polished and organized form.
But when you point two mirrors at each other you get infinite recursion - kind of mesmerizing, but not very useful any more. That can happen too.
#LLM
But when you point two mirrors at each other you get infinite recursion - kind of mesmerizing, but not very useful any more. That can happen too.
#LLM
September 5, 2025 at 3:16 AM