Switch to hugo-bearblog theme

2026-04-03 18:02:38 -05:00 · 2021-05-20 11:31:35 -05:00
parent 12576834c2
commit 867cf499ef
22 changed files with 229 additions and 183 deletions
--- a/content/blog/allow-non-root-processes-to-bind-to-privileged-ports.md
+++ b/content/blog/allow-non-root-processes-to-bind-to-privileged-ports.md
@@ -0,0 +1,69 @@
+++
+title = "Allow Non Root Processes to Bind to Privileged Ports"
+date = "2021-03-28"
+aliases = [
+  "posts/allow-non-root-processes-to-bind-to-privileged-ports/",
+]
+
+description = """
+In Linux, processes cannot bind to privileged ports (<=1024) unless they are
+running as root. Here's how to allow any process to bind to privileged ports.
+"""
+
+tags = [
+  "guide",
+  "linux",
+]
+++
+
+## Introduction
+
+In Linux, processes cannot bind to privileged ports (<=1024) unless they are
+running as root. I learned about this when I was trying to add SSH cloning to my
+[Gitea](https://gitea.io) instance. This can be bypassed by giving
+`CAP_NET_BIND_SERVICE` capabilities to either the systemd service, or the
+executable itself.
+
+## Giving `CAP_NET_BIND_SERVICE` capabilities
+
+### Using systemd (preferred)
+
+The best way is to tell systemd to give `CAP_NET_BIND_SERVICE`
+capabilities to the service. In fact, the Gitea systemd service has two
+lines[^1] that are commented out:
+
+```systemd
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+```
+
+Uncommenting these two lines was all I had to do for Gitea.
+
+### Using `setcap`
+
+You can add `CAP_NET_BIND_SERVICE` to the executable directly using `setcap`,
+allowing it to bind to any port. Run the following command[^2]:
+
+```bash
+setcap 'cap_net_bind_service=+ep' /path/to/program
+```
+
+Note that this means that anyone with permission to run this program will be
+able to run it and bind to any privileged ports.
+
+Other caveats[^2]:
+
+> 1. You will need at least a 2.6.24 kernel
+> 2. This won't work if your file is a script. (ie, uses a #! line to launch an
+>    interpreter). In this case, as far I as understand, you'd have to apply the
+>    capability to the interpreter executable itself, which of course is a
+>    security nightmare, since any program using that interpreter will have the
+>    capability. I wasn't able to find any clean, easy way to work around this
+>    problem.
+> 3. Linux will disable LD\_LIBRARY\_PATH on any program that has elevated
+>    privileges like setcap or suid. So if your program uses its own .../lib/,
+>    you might have to look into another option like port forwarding.
+
+[^1]: https://github.com/go-gitea/gitea/blob/3416e2a82586fca4cd452b93237b979300f55d62/contrib/systemd/gitea.service#L69
+      and https://stackoverflow.com/a/47065825
+[^2]: https://stackoverflow.com/a/414258
--- a/content/blog/checkra1n-gui-on-other-distros.md
+++ b/content/blog/checkra1n-gui-on-other-distros.md
@@ -0,0 +1,55 @@
+++
+title = "Checkra1n GUI on Other Distros"
+date = "2021-03-25"
+aliases = [
+  "posts/checkra1n-gui-on-other-distros/",
+]
+
+description = """
+You can run the GUI version of checkra1n on non Debian-based distributions.
+"""
+
+tags = [
+  "guide",
+  "linux",
+  "archlinux",
+  "jailbreak",
+  "checkra1n",
+]
+++
+
+![Checkra1n GUI running on Arch Linux](/media/checkra1n-gui-on-arch-linux.webp)
+
+## Introduction
+
+The official cross-distribution build of checkra1n only contains a CLI and TUI.
+However, the version available in the
+[checkra1n APT repository](https://checkra.in/linux) also contains a GTK-based
+GUI which can be accessed using the `--gui` flag, or the included
+`checkra1n.desktop` file.
+
+## Other Distributions
+
+First, download the Debian package available at
+`https://assets.checkra.in/debian/checkra1n_VERSION_amd64.deb` (as of writing,
+`VERSION` is currently `0.12.2`). Then, extract the `checkra1n` executable from
+the package, and install the correct shared libraries. Here are the most
+important ones, and their corresponding package names on Arch Linux:
+
+- libimobiledevice-1.0.so.6 (`libimobiledevice`)
+- libirecovery-1.0.so.3 (`libirecovery`)
+- libtvcontrol.so (`libtvcontrol`)
+- libplist-2.0.so.3 (`libplist`)
+- libncurses.so.5 (`ncurses5-compat-libs`)
+
+I found these by running the binary and then finding and installing the package
+that contained the shared object I was missing.
+
+I also made an AUR package named
+[`checkra1n-gui`](https://aur.archlinux.org/packages/checkra1n-gui),
+which does all this automatically.
+
+## Conclusion
+
+As I expected, there is nothing preventing the checkra1n GUI from working on non
+Debian-based distributions (as far as I can tell).
--- a/content/blog/edited-in-middle-of-message-discord.md
+++ b/content/blog/edited-in-middle-of-message-discord.md
@@ -0,0 +1,34 @@
+++
+title = "Put (edited) in the middle of a message in Discord"
+date = "2021-03-25"
+aliases = [
+  "posts/edited-in-middle-of-message-discord/",
+]
+
+description = """
+With a bit of trickery using the RLE character (U+202B), you can get the
+(edited) text on a message to be somewhere other than at the end of the message.
+"""
+
+tags = [
+  "tutorial",
+  "discord",
+  "discord-tricks",
+]
+++
+
+![Example image](/media/discord-tricks/edited-in-middle-of-message.webp)
+
+## Tutorial
+
+1. Copy the "right-to-left embedding" character (U+202A) to your clipboard.
+2. Open editing box of a message
+3. Delete all text inside
+4. Paste the character
+5. Type the text you want on the right of `(edited)`
+6. Press space and paste the character
+7. Type the text you want on the left of `(edited)`
+
+*This post was adapted from [gitea:bbaovanc/discord-tricks][1]*
+
+[1]: https://git.bbaovanc.com/bbaovanc/discord-tricks
--- a/content/blog/new-comment-system-again.md
+++ b/content/blog/new-comment-system-again.md
@@ -0,0 +1,40 @@
+++
+title = "New Comment System (again)"
+date = "2021-04-17"
+aliases = [
+  "posts/new-comment-system-again/",
+]
+
+description = """
+I decided to switch my comment system from Isso to
+[Commento](https://www.commento.io/)
+"""
+
+tags = [
+  "announcement",
+  "hugo",
+  "blog",
+]
+++
+
+## Isso vs Commento
+
+I know it's only been six days since I added Isso, but I decided to switch to a
+better comment system. Isso is meant to be simple, which means that it's missing
+a lot of features. Commento has a lot of features such as sticky (pinned)
+comments, spam detection, thread locking, email notifications (I couldn't get
+this working on Isso), and a nicer design. I also was able to write some
+[custom CSS rules][1] which make it look alright on my blog's theme. It also
+supports SSO, so I might add support for signing up with GitHub, and possibly
+GitLab.
+
+## Summary of the [first post]({{< ref "/blog/new-comment-system" >}})
+
+If you haven't read the
+[New Comment System]({{< ref "/blog/new-comment-system" >}}) post, here's the
+most important information. There's a comment section at the bottom of each post
+where you can view and post comments. You can post anonymously, or create an
+account so you can show your username and get email notifications. You can also
+upvote, downvote, and reply to other comments.
+
+[1]: https://git.bbaovanc.com/bbaovanc.com/blog/src/commit/478e15218313a33216d361de387b3bd878cd0ba6/assets/css/comments.css
--- a/content/blog/new-comment-system.md
+++ b/content/blog/new-comment-system.md
@@ -0,0 +1,42 @@
+++
+title = "New Comment System"
+date = "2021-04-11"
+aliases = [
+  "posts/new-comment-system/",
+]
+
+description = """
+I added a comment system to my blog, using [Isso](https://posativ.org/isso/).
+"""
+
+tags = [
+  "announcement",
+  "hugo",
+  "blog",
+]
+++
+
+## About
+
+I set up a comment system named [Isso](https://posativ.org/isso/) on my blog
+today. At the bottom of each blog post, there's a comment section. You don't
+need to sign up with an account or sign in with Google, Facebook, none of that
+junk. You can comment anonymously, or provide any of the following three fields:
+name, email address, and website, which will be shown to other people viewing
+your comment. I'm going off of the assumption that no one cares/is malicious
+enough to spam my comment sections.
+
+## Known Issues
+
+### Editing and deleting not working
+
+You're supposed to be able to edit and delete comments up to 15 minutes after
+posting them. As of now, that doesn't seem to be working; the request just
+returns 403 (forbidden).
+
+### White text on white background when previewing comment
+
+This is a CSS related issue. This was also happening when editing/writing a
+comment, but I edited it so the edit box has black text. I think a better fix is
+to make the new comment form have a dark background, but I'll deal with that
+later.
--- a/content/blog/text-substitution-in-discord-using-sed.md
+++ b/content/blog/text-substitution-in-discord-using-sed.md
@@ -0,0 +1,33 @@
+++
+title = "Text Substitution in Discord using `sed`"
+date = "2021-03-25"
+aliases = [
+  "posts/text-substitution-in-discord-using-sed/",
+]
+
+description = """
+Discord has (very primitive) support for text replacement using `sed` syntax.
+"""
+
+tags = [
+  "tutorial",
+  "discord",
+  "discord-tricks",
+]
+++
+
+## Tutorial
+
+[Example Video](/blog/media/discord-tricks/sed-text-replacement.mov)
+
+If you send a message using `sed` substitution format (`s/old text/new text`),
+Discord will execute it on the message you've last sent.
+
+## Caveats
+
+- Regex is not supported
+- Global substitution is not supported
+
+*This post was adapted from [gitea:bbaovanc/discord-tricks][1]*
+
+[1]: https://git.bbaovanc.com/bbaovanc/discord-tricks