Jag köpte nyligen en Wi-Fi uppkopplad fjärrströmbrytare från Cleverio, som säljs av Kjell & Co, mer specifikt den här modellen. Följer man de officiella instruktionerna får man tips om en app att använda för att styra och parkoppla strömbrytaren. Efter lite nyfikenhet förstod jag att produkterna från Cleverio i själva verket är omprofilerade Tuya-enheter, vilket signifikant ökar möjligheterna för att hitta andra som undersökt produkterna närmare. Jag har två mål:

I recently bought a Wi-fi connected smart plug from Cleverio, sold by the Swedish company Kjell & Co. If you follow the official instructions, you end up with an app on your phone, that you use to pair and control the plug with. After some curious investigation, I found that the products from Cleverio are in practise just rebranded Tuya devices. This made me happy, since it significantly increases the number of resources available on the web from others who have investigated the products.

I’ve started using podman on my new laptop. It has worked well so far, even with the rootless configuration. However, I’ve never got it to save my credentials to Docker Hub, which has been annoying. I’ve had to do a podman login after every reboot. Not very convenient. The man page gave a way to store the credentials in clear text on disk, but that didn’t feel very nice from a security perspective.

On most laptops I use wg-quick to setup my WireGuard tunnels, but recently I got a bit curious about using systemd-networkd to the the same. In particular I want the same split-tunnel setup that I’ve used before to work also with systemd-networkd. Worth noticing is that the setup I describe here will automatically start the tunnel when launching the computer. I haven’t really investigated if it is possible to do it on demand.

You have probably all seen the shebang at top of shell scripts, the first line starting with #!/bin/sh. The initial characters #! tells the OS that this isn’t a regular binary, but rather something that needs to run through an interpreter, namely the interpreter after #!. Therefore you can see lines like #!/usr/bin/perl, #!/usr/bin/awk, or #!/usr/bin/python. Executing a file like ./test.sh, having the shebang #!/bin/sh, is similar to calling this command: /bin/sh .

I recently wanted to rewrite parts of an existing Node.js application in Rust. A complete rewrite would take a lot of time, so I was browsing through ways to rewrite some parts in Rust. While it seems possible to call Rust from Node by compiling Rust into a Node js module using FFI, it felt a bit messy. Instead I opted to look into gRPC, which I’ve been wanting to look into anyway.

In this post I’ll use a Yubikey, running the PIV application, to store a keypair and certificate to be used for mutual TLS. The Yubikey will generate the private key on the device, and the private key will never leave the device. Nice for security! I’ll also configure Firefox to discover the certificate stored on the device, so it can be used when browsing to a site requiring a client certificate.

I’ve traditionally used only SSH to connect to my home network while being away, but recently I got tired of using only SSH tunnels and SOCKS proxies, and decided to actually fix a working Wireguard configuration. My router is running OpenBSD, and I want Wireguard clients to be able to reach several different internal subnets. However, I don’t want to route all traffic through the VPN tunnel, only traffic to my internal network.

My goal here is to automatically launch a script when a certain USB stick is connected to the system. When plugging in the stick, the partition should be automatically mounted, a script should be executed, and some notifications should be shown on the screen. Identifying and automounting the drive My USB stick is a simple FAT32 drive, so to identify it I set a filesystem label. This allows me to distinguish this drive from other ones.

I recently got a new laptop, and wanted to setup a dual-boot solution. To do this, most guides simply tell you to disable Secure Boot and then leave it that way. I wanted to keep Secure Boot enabled. Secure Boot basics I will construct a PKI according to the image below. There are three types of keys in a Secure Boot PKI. Platform Key (PK): A single root key, used to sign the Key Exchange Keys below it.