Skip to main content



Using rclone to copy files from Windows to Minio:

  • S3 doesn't use folders, only objects with keys that conventionally can resemble file paths. This means you can not create empty folders in Minio.

  • rclone copy will not delete files on destination missing from source (use for backups)

  • rclone sync may delete files on destination (use to keep two folders identical)

  • rclone config - On linux, stores the config in ~/.config/rclone/rclone.conf

    env_auth = false
    type = s3
    provider = Minio
    access_key_id = - access_key -
    secret_access_key = - access key secret -
    endpoint = https://minio-endpoint.local.domain
    acl = authenticated-read
  • rclone commands:

    • rclone lsd <config>:<bucket> - List buckets and contents: rclone lsd minio:mybucket
    • rclone


  • Generate EC KeyPair with node:crypto and fetch key data from DER export:
import { generateKeyPair, KeyObject } from "node:crypto";
import asn from "asn1.js";

namedCurve: 'secp256k1',
publicKeyEncoding: { type: 'spki', format: 'der' },
privateKeyEncoding: { type: 'pkcs8', format: 'der' }
(err, publicKey, privateKey) => { // Callback function
if(err) {
console.log("Err is: ", err);

// See

var AlgorithmIdentifier = asn.define('AlgorithmIdentifier', function () {

var PrivateKeyInfo = asn.define('PrivateKeyInfo', function () {

var ECPrivateKey = asn.define('ECPrivateKey', function () {

var ECParameters = asn.define('ECParameters', function () {
namedCurve: this.objid()

var privateKeyInfo = PrivateKeyInfo.decode(Buffer.from(privateKey.toString('hex'), "hex"), 'der');
var ecPrivateKey = ECPrivateKey.decode(privateKeyInfo.subjectPrivateKey, 'der');

const getMethods = (obj) => {
let properties = new Set()
let currentObj = obj
do {
Object.getOwnPropertyNames(currentObj).map(item => properties.add(item))
} while ((currentObj = Object.getPrototypeOf(currentObj)))
return [].filter(item => typeof obj[item] === 'function')


  • Capturing web traffic:

    • Packet Capture

      • tcpdump - Good for network package capture.
      • Takeaway: Largely a bad way to capture traffic unless you are doing network level inspection.
    • Proxy Capture

      • mitmproxy - Good for web traffic and asset capture. Not good for viewing.
        • mitmproxy -w <path> - To save flows to a file.
        • mitmproxy -r <path> - To read flows from a file.
        • Note: You can not read AND write from command line.
        • Best flow is to write interactively in app and then otherwise use -r on the command line.
      • Takeaway: Proxy capture can do a lot to capture assets and see inside the TLS session but it really comes down to offloading what a browser's developer tools would provide anyway.
    • Browser Extension Capture

      • Save WE - Browser Extension that saves a site as single HTML for offline viewing.
      • WebScrapBook - Browser Extensions that saves all tab assets for offline viewing.
        • Lots of options and different ways to archive page.
      • Takeaway: Capturing via extensions are probably the best option for archival purposes because you get the whole DOM to help assemble the various parts.
      • TODO: Still looking for that extension that automatically captures all assets on the first download and then assembles an archive of the site for all sites I visit as a user.
  • is a neat terminal weather site.


  • Installed VirtualBox 7.

    sudo apt-get update
    sudo apt-get install build-essential linux-headers-`uname -r`
    # Insert VBox Additions Disc and Run the install
    sudo usermod -aG vboxsf $USER
    sudo shutdown -r now
  • VSCode: Open Local File In Remote Mode

    • Note: There is no support for adding local folder in remote mode. Instead, when using local VM, setup shared folders and mount local remotely (if appropriate).
  • Many vendors have developer portals, for example: DigiKey Developer Portal


  • YouTube: God-Tier Developer Roadmap

  • My personal tiered code iceberg:

    • Tier 1: Scratch, Basic - For those that have never coded before.
    • Tier 2: Powershell, VBScript, Batch Scripts, Simple Shell Scripting
    • Tier 3: Python, Javascript, Ruby
    • Tier 4: SQL, Lua, bash, pwsh, VisualBasic, HTML, CSS
    • Tier 5: Java, C#, Typescript, Go, Dart
    • Tier 6: C, C++, Rust
    • Tier 7: Assembler, VHDL, Verilog, Digital Logic Gates
  • HBOMax ... what a shit show right now! HBOMax in their infinite wisdom doesn't allow you to login and cancel your account from abroad (e.g. UK). To work around this:

    • Got CyberGhost VPN.
    • Cleared all HBOMax cookies from Chrome.
    • Accessed and canceled my subscription!
    • There was some DNS setting, reboots, and other frustrations to get this to work.
    • CyberGhost Private Browser
      • Doesn't show up as Chrome, so it was also blocked by
      • Triggered as virus by Windows Defender. A bit sus, but I overrode it in Defender.


  • We have arrived.



  • Environment variables of a running process on Unix?

  • echo -ne "VAR=val1 VAR2=val2" | (eval `cat`;exec ./printsecret SECRET)

  • Wipe node environment values or configuration values in memory after use

  • SSH key encryption with OpenSSL

    • Encrypt and decrypt a file using SSH keys

    • Encrypt

      openssl rand 32 | \
      tee >(openssl rsautl -encrypt -oaep -pubin -inkey <(ssh-keygen -e -f ~/.ssh/ -m PKCS8) -out secret.key | \
      openssl enc -aes-256-cbc -base64 -in data.txt -out data.txt.enc -pass stdin
    • Decrypt

      openssl rsautl -decrypt -oaep -inkey ~/.ssh/id_rsa -in secret.key | \
      openssl enc -d -aes-256-cbc -base64 -in data.txt.enc -out data.txt.dec -pass stdin
    • Decrypt remotely and execute.

      (ssh -T -q [email protected] cat /path/to/key) | \
      openssl rsautl -decrypt -oaep -inkey ~/.ssh/id_rsa | \
      openssl enc -d -aes-256-cbc -base64 -in data.txt.enc -pass stdin | \
      (eval `cat`;exec ./printsecret ANOTHER)



  • Multi-call Pattern for Containers

    : ${TOP_WORKSPACE_DIRECTORY:-"$(pwd)"}
    docker run -ti --rm \
    -w /workspace/$(realpath --relative-to=${TOP_WORKSPACE_DIRECTORY} $(pwd)) \
    -v $(realpath ${TOP_WORKSPACE_DIRECTORY}):/workspace \
    container_name $(basename $0) "$@"
  • EMUX - Similar to firmadyne without the emphasis on scalability.

  • cppreference - mblen - Location of decent strlen_mb implementation.

    #include <string.h>
    #include <stdlib.h>
    #include <locale.h>
    #include <stdio.h>

    // the number of characters in a multibyte string is the sum of mblen()'s
    // note: the simpler approach is mbstowcs(NULL, str, sz)
    size_t strlen_mb(const char* ptr)
    size_t result = 0;
    const char* end = ptr + strlen(ptr);
    mblen(NULL, 0); // reset the conversion state
    while(ptr < end) {
    int next = mblen(ptr, end - ptr);
    if(next == -1) {
    ptr += next;
    return result;


  • Google Drive mount for Linux

    • Use rclone:
      • curl | sudo bash
      • Google API Console
        • (For OAuth Client ID) Create rclone consent
        • Create rclone desktop app credential (for client_id and secret)
      • rclone config - Recommended to setup from XWindows environment
      • rclone mount --daemon gdrive: /opt/gdrive
      • Win.
    • Note: There is no official client for Linux
    • - Developed by previous Google Drive Employee
  • Install Chrome from command line:

    • wget
    • sudo dpkg -i google-chrome-stable_current_amd64.deb
  • Building Expo (EAS) Gradle project locally.

    • Alpine is linked with musl.
    • Buster-slim (i.e. debian) is linked with glibc.
    • Android builds (e.g. gradle) downloads dependencies that require specific linkage, like glibc. This means that you can't build expo android apps with alpine, you must you a glibc linked distro.
    • Take away: dynamic-binary dependency downloader build-systems are an anti-pattern!
  • - Company specializing in mobile dev tools.


  • Remove a path from $PATH:
    • export PATH=$(echo $PATH | sed 's/:/\n/g' | sed "/$1/d" | tr '\n' ':')


  • Remove SSH Host Fingerprint and SSH

    • ssh-keygen -f ${HOME}/.ssh/known_hosts -R "[]:2222" && ssh -p 2222 [email protected]
  • Linux 3.2 headers_install will remove libc headers.

    • Must headers_install first or rsync from a stage directory.
  • Install linux headers from linux_build:

    • make ARCH=<arch> O=. -C <src-path> headers_install INSTALL_HDR_PATH=<out-path>
  • With regards to projects that don't explicitly support parallel builds (-jX).

    • Do not short cut make && make install with make install.
  • Linux 4.20 requires libssl-dev package.

    • Without it'll complain about missing openssl/bio.h when building vmlinux.
  • When dealing with environment variable changes, its good to open another shell.

    • On exit, the original PATH (and other variables) are restored.
    • You can add an indication of shell depth with:
      • INIT_DISTANCE=$(($(pstree -Acs $$ 2>&1 | sed 's/-.-/\n/g; s/[\`|]-/\n/g; s/ //g; /^$/d;" | wc -1) - 6))


  • When using openssl enc:
    • OpenSSL 1.1.0 implicitly uses -md md5
    • OpenSSL 1.1.1 implicitly uses -md sha256
    • Explicit Encrypt: openssl enc -aes-256-cbc -md md5 -in $1 -out $1.txt
    • Explicit Decrypt: openssl enc -d -aes-256-cbc -md md5 -in $1.txt -out $1


  • When emulating...
    • If you're only analyzing userspace, emulate with newest kernel for >= 2.6.0.
    • If you're building for older kernel, you only need the libc to support syscall interface.


  • Crosstools-NG 1.19.0

    • Update .config:
    • For mipsel-static-linux-gnu, disable native-gdb.
  • For Ubuntu Hardy (6.10)

    • Enable no password sudo with echo '%sudo ALL=NOPASSWD: ALL' >> /etc/sudoers
  • binutils 2.24 and building for MIPS.

    • Starting with version MIPS binutils complain loudly about mixing soft-float and hard-float object files. patch
    • Instead of using the patch, consider using crosstools-ng 1.19.0
      • ct-ng 1.19.0 uses binutils 2.19.1a.
      • The lowest 1.24.0 can go is binutils 2.26.