initial

16 files changed, 637 insertions, 0 deletions

diff --git a/src/assets/blog/2023-02-23.md b/src/assets/blog/2023-02-23.md
new file mode 100644
index 0000000..89b87b5
--- /dev/null
+++ b/src/assets/blog/2023-02-23.md
@@ -0,0 +1,18 @@
+---
+name: Vaultwarden
+date: 2023-02-23T18:00:00.000-04:00
+desc: Hosting your own password manager is cool
+---
+
+### LastPass
+Hopefully we all know of the semi-recent LastPass breach, where a lot of customers had their encrypted vaults leaked. They were still encrypted, but your passwords were now possibly out there. My vault was also sadly leaked as well. Also, I don't know why I used LastPass in the first place, since I pretty much just used the same password over and over again anyways.
+
+### Other Options?
+Well I could just keep using the same password over and over again, but we all know that is *really* not a good idea. Also that password has been in like 5 different breaches, so it was time I actually cared.
+
+I decided to self host my own password manager, [Vaultwarden](https://hub.docker.com/r/vaultwarden/server), an unofficial Bitwarden server written in Rust. I chose it because my Hetzner server only has 2GB of RAM and only 2 VCPUs, therefore I don't really have the resources to spare. And I also chose self host since It's really easy to setup, and I don't have to worry about breaches.
+
+### Here Is How Its Been
+Vaultwarden only uses about 25MB of RAM for me, which is a really small amount. The server uses the Bitwarden API so I can use any of the very well built Bitwarden clients, and they sync together flawlessly. It also supports TOTP, therefore I no longer have to use Authy, a proprietary service, to manage my 2FA. Even in the rare chance that my server goes down, the clients store an encrypted version of the vault locally, so I will never loose my passwords.
+
+Overall, it was really easy to set up in docker, and everything has been smooth. So if you are looking at self hosting a password manager, look at Vaultwarden.
diff --git a/src/assets/blog/2023-09-28.md b/src/assets/blog/2023-09-28.md
new file mode 100644
index 0000000..b1e19fe
--- /dev/null
+++ b/src/assets/blog/2023-09-28.md
@@ -0,0 +1,74 @@
+---
+name: IntraNet
+date: 2023-09-28T10:00:00.000-04:00
+desc: Securing my network
+---
+
+### IntraNet
+
+*So what is even a IntraNet?* Well, it's an inernal network of computers contained from the outside network.
+They can be used to host services, software, applications, and more, but not give access to the outside world. If you can connect
+to a service from any public ip, we say thats on the public internet. Even if the application is secured, and it's open to the public going....
+
+> Hey i exist!!!!
+
+...anyone can access it. We all have herd of the times when companies internal services were accidentally made publically available to the outside web, and
+then how they end up getting pwned (im looking at you hospitals).
+
+> But why would I want it?
+
+Well the main reason is it seemed fun. I like to do new things at times, and It seemed like a cool project. Also I want very
+keen on keeping many of my internal services public. Yes they were secured by single sign, and ip whitelisted, but I really didnt feel like anyone
+should be able to send any http request to my nextcloud instance, or any other service im running. Also whitelisting IPs was very annoying.
+Ive already seen what can happen to mail servers (foreshadowing), so Id like to keep as much stuff internal that I possibly can.
+
+### Network Architecture and Design
+
+> Well how does it work?!
+
+Well its fairly simple. I run a dual DNS setup, my own CA, and wireguard to add the ability to vpn into the network.
+First, I run Bind on my network which runs as my internal DNS server. This reroutes any domain name under "in.freya.cat" to the device on the network that is hosting
+that service. For example "cloud.in.freya.cat" is routed to my server that is running my internal Nextcloud instance. Now If I was right, you might of just tried to access
+my nextcloud, but instead you should of gotten something that says ACCESS DENIED!
+
+You have been blocked! Haha. This is where the 2nd DNS comes in. Since my domain is registered through cloudflare, any DNS request gets routed to my Hetzner VPS which acts as
+a public sinkhole for my entire internal network. If you try accessing any of my services, you cant. Instead of getting the right ip, you get hetzner. And even if you knew the ip,
+it wouldn't matter since they are LAN ips and arent even port forwarded outside my network. This is also why I use wireguard, as It allows me to vpn into my network and access my
+services even while im away from home.
+
+### Network Routing
+
+Ok so thats cool and all but how do you even route your traffic?
+
+At first, I just created IPs using the wireguard configs, and then had /etc/local.d start scripts that would `wg-quick up` on computer startup. This worked, but it made routing traffic
+really hard. It was fine when I only had two servers, my VPS and my house, but as soon as I started to try to add more servers, everything fell apart. This is because in the Allowed IPs
+section of a config, you have to set what IPs are routed though that wireguard interface. So if one sever adds another server I can talk too, every other server has to manually update what
+they route to that server. For eaxample if Server A was talking to only Server B, but Server B could talk to Server C, Server A would have to put that Server B gets all traffic for Server B and C.
+So I needed a solution to automatically generate route, beacuse doing it manually wasnt going to cut it anymore.
+
+### OSPF
+
+Ah, yes, the solution is OSPF. OSPF, or Open Shortest Path First, is a protocol designed for this very purpose. Its mostly seen in companies (like ISPs) that run their own ASN (autonomous system),
+because they have thousands of servers that all need to be able to route traffic to eachother. So the goal was to still use wireguard to pass the traffic though, but instead to run a OSPF daemon
+over those wireguard tunnels to route my traffic! The solution was a piece of software called bird. Bird can do more than OSPF, it can also route protocols such as BGP, but that is outside of the
+scope for this blog post. If bird is setup of every server that was a main routing hub for my internal network, all I would have to do is say what wireguard interfaces to route ontop of. This is beacuse
+bird can automatically detect the IPs that you controll on your network, meaning that once it has all the serveres it can talk to, it will automatically start asking the other servers what IPs they control,
+and those servers will do the same. This them cascaces over the entire connection tree, peering IP routes to anywhere on the network to every server. Once that is all done, bird just creates a iptables route
+and all is done! Woohoo!!!
+
+### Root CA?
+
+You might of notices I briefly mentioned that I run my own Certificate Authority, but you may be asking why? Who does that? For what reason would you need to? And I totally agree with
+you. I'd rather not host it if I didn't need it, but I do have a reason. Since all my internal domains are routed to my hetzner, my internal network cant complete ACME challenges. Since
+it cannot complete ACME challenges, Lets Encrypt wont give me a certificate for my domain. So I decided to run my own cerficiate authority. Now I don't do anything crazy, I just run step-ca
+inside of docker. This is great because since I use Caddy for my reverse proxy, Caddy can auto request new certificates from StepCA, and everything is automated. The only thing I have to do
+is install my root certificate on my devices, for which I have three. And now I have https on my internal network!
+
+### Overview
+
+Overall, this setup allows me to run many services I want to internally. I can run my plex server, nextcloud, photo hosting with immich, sso with authentik, irc, document hosting,
+file syncing with syncthing, and still more to list. And with my setup, no one besides me and who I let on my network can even deam about accessing my services. This increases my
+security, and really was just a ton of fun to figure out and setup.
+
+Though make sure to setup wireguard to not nat every network device or theoretically it will break dockers ip routing, and theoretically it will cause containers to see all ips as internal, and
+theoretically services like mailcow, an email server, will not require authentication since its totally comming from mailcow, and theoretically your email server can become an open realy. Theoretically though.
diff --git a/src/assets/blog/2023-11-03.md b/src/assets/blog/2023-11-03.md
new file mode 100644
index 0000000..12df67f
--- /dev/null
+++ b/src/assets/blog/2023-11-03.md
@@ -0,0 +1,28 @@
+---
+name: Mastodon
+date: 2023-11-03T10:29:40.000-04:00
+desc: Joining the fediverse
+---
+
+### Mastodon
+
+Hello, small blog post today.
+
+I am prod to announce I have joined the fediverse!!
+Well Im already on matrix, but this is like the first public instance open too.
+
+#### Experiences
+
+So as of writing this, I have only been hosting my own instance for 2 days now. It was a bit
+annoying to setup (just a few docker containers and proxy shenanigans), but hey it works now!
+The main gripe I currently have with activity pub so far is the lack of discovery and reading older events.
+
+Currently you can only search for things that you are directly federated with. So for example, my server is federated with `lgbt.tech`, so I can search for things on there. Also I cant see older posts. If I go to anyone I follow, I can only see posts since I started federating with them. Any older posts require me to go to their mastodon (or anything that supports activity pub) instance.
+
+A cool thing though that ive noticed is that activity pub allows federation outside mastodon. So far Ive only seen lemmy accounts, but I find that cool.
+
+#### Long way to go
+
+Overall, I think activity pub as a protocol has a long way to go. There are some things I wish where implemented, mainly things that matrix has. But overall its really cool, and Im going to continue to use it for the foreseeable future.
+
+Cheers!
diff --git a/src/assets/profanity.txt b/src/assets/profanity.txt
new file mode 100644
index 0000000..e9ccebe
--- /dev/null
+++ b/src/assets/profanity.txt
@@ -0,0 +1,375 @@
+2g1c
+2 girls 1 cup
+acrotomophilia
+alabama hot pocket
+alaskan pipeline
+anal
+anilingus
+anus
+apeshit
+arsehole
+assmunch
+auto erotic
+autoerotic
+babeland
+baby batter
+baby juice
+ball gag
+ball gravy
+ball kicking
+ball licking
+ball sack
+ball sucking
+bangbros
+bangbus
+bareback
+barely legal
+barenaked
+bastard
+bastardo
+bastinado
+bdsm
+beaner
+beaners
+beaver cleaver
+beaver lips
+beastiality
+bestiality
+big black
+big breasts
+big knockers
+big tits
+bimbos
+birdlock
+black cock
+blonde action
+blonde on blonde action
+blowjob
+blow job
+blow your load
+blue waffle
+blumpkin
+bollocks
+bondage
+boner
+booty call
+brown showers
+brunette action
+bukkake
+bulldyke
+bullet vibe
+bullshit
+bung hole
+bunghole
+busty
+buttcheeks
+butthole
+camel toe
+camgirl
+camslut
+camwhore
+carpet muncher
+carpetmuncher
+chocolate rosebuds
+cialis
+circlejerk
+cleveland steamer
+clit
+clitoris
+clover clamps
+clusterfuck
+cock
+cocks
+coprolagnia
+coprophilia
+cornhole
+creampie
+cum
+cumming
+cumshot
+cumshots
+cunnilingus
+cunt
+darkie
+date rape
+daterape
+deep throat
+deepthroat
+dendrophilia
+dildo
+dingleberry
+dingleberries
+dirty pillows
+dirty sanchez
+doggie style
+doggiestyle
+doggy style
+doggystyle
+dog style
+dolcett
+domination
+dominatrix
+dommes
+donkey punch
+double dong
+double penetration
+dp action
+dry hump
+dvda
+eat my ass
+ecchi
+ejaculation
+erotic
+erotism
+escort
+eunuch
+fag
+faggot
+fecal
+felch
+fellatio
+feltch
+female squirting
+femdom
+figging
+fingerbang
+fingering
+fisting
+foot fetish
+footjob
+frotting
+fuck buttons
+fucktards
+fudge packer
+fudgepacker
+futanari
+gangbang
+gang bang
+gay sex
+genitals
+giant cock
+girl on
+girl on top
+girls gone wild
+goatcx
+goatse
+god damn
+gokkun
+golden shower
+goodpoop
+goo girl
+goregasm
+grope
+group sex
+g-spot
+guro
+hand job
+handjob
+hard core
+hardcore
+hentai
+homoerotic
+honkey
+hooker
+horny
+hot carl
+hot chick
+how to kill
+how to murder
+huge fat
+humping
+incest
+intercourse
+jack off
+jail bait
+jailbait
+jelly donut
+jerk off
+jigaboo
+jiggaboo
+jiggerboo
+jizz
+juggs
+kike
+kinbaku
+kinkster
+kinky
+knobbing
+leather restraint
+leather straight jacket
+lemon party
+livesex
+lolita
+lovemaking
+make me come
+male squirting
+masturbate
+masturbating
+masturbation
+menage a trois
+milf
+missionary position
+mong
+motherfucker
+mound of venus
+mr hands
+muff diver
+muffdiving
+nambla
+nawashi
+negro
+neonazi
+nigga
+nigger
+nig nog
+nimphomania
+nipple
+nipples
+nsfw images
+nude
+nudity
+nutten
+nympho
+nymphomania
+octopussy
+omorashi
+one cup two girls
+one guy one jar
+orgasm
+orgy
+paedophile
+paki
+panties
+panty
+pedobear
+pedophile
+pegging
+penis
+phone sex
+piece of shit
+pikey
+pissing
+piss pig
+pisspig
+playboy
+pleasure chest
+pole smoker
+ponyplay
+poof
+poon
+poontang
+punany
+poop chute
+poopchute
+porn
+porno
+pornography
+prince albert piercing
+pthc
+pubes
+pussy
+queaf
+queef
+quim
+raghead
+raging boner
+rape
+raping
+rapist
+rectum
+reverse cowgirl
+rimjob
+rimming
+rosy palm
+rosy palm and her 5 sisters
+rusty trombone
+sadism
+santorum
+scat
+schlong
+scissoring
+semen
+sexcam
+sexo
+sexual
+sexually
+shaved beaver
+shaved pussy
+shemale
+shibari
+shitblimp
+shota
+shrimping
+skeet
+slanteye
+slut
+s&m
+smut
+snatch
+snowballing
+sodomize
+sodomy
+spastic
+spic
+splooge
+splooge moose
+spooge
+spread legs
+spunk
+strap on
+strapon
+strappado
+strip club
+style doggy
+suicide girls
+sultry women
+swastika
+swinger
+tainted love
+taste my
+tea bagging
+threesome
+throating
+thumbzilla
+tight white
+tits
+titties
+titty
+tongue in a
+topless
+tosser
+towelhead
+tranny
+tribadism
+tub girl
+tubgirl
+tushy
+twat
+twink
+twinkie
+two girls one cup
+undressing
+upskirt
+urethra play
+urophilia
+vagina
+venus mound
+viagra
+vibrator
+violet wand
+vorarephilia
+voyeur
+voyeurweb
+voyuer
+vulva
+wank
+wetback
+wet dream
+white power
+whore
+worldsex
+wrapping men
+wrinkled starfish
+yellow showers
+yiffy
+zoophilia
diff --git a/src/assets/projects/00-minecraft.md b/src/assets/projects/00-minecraft.md
new file mode 100644
index 0000000..d377563
--- /dev/null
+++ b/src/assets/projects/00-minecraft.md
@@ -0,0 +1,7 @@
+---
+name: minecraft vulkan
+repo: minecraftVulkan
+---
+
+Minecraft Vulkan is a Minecraft clone I wrote in C++, and rendered using the Vulkan API.
+It is procedurally generated, and uses multi threading to offload the generating and meshing to separate threads.
diff --git a/src/assets/projects/01-crab.md b/src/assets/projects/01-crab.md
new file mode 100644
index 0000000..9774dfc
--- /dev/null
+++ b/src/assets/projects/01-crab.md
@@ -0,0 +1,8 @@
+---
+name: crab
+repo: crab
+---
+
+Crab, a.k.a Cool Rust Authentication Binary, is a privilege escalation program for Linux systems written in rust. 
+It allows users to temporarily gain root privileges for what they need, given they are allowed to in the crab conf file. 
+It authenticates the current user with the PAM api built into Linux. 
diff --git a/src/assets/projects/02-xssbook.md b/src/assets/projects/02-xssbook.md
new file mode 100644
index 0000000..6585006
--- /dev/null
+++ b/src/assets/projects/02-xssbook.md
@@ -0,0 +1,9 @@
+---
+name: xssbook
+repo: xssbook
+---
+
+xssbook is a website I created for xss scripting vulnerabilities. 
+It is a facebook clone, backend written in rust with axum, and the frontend made in html, css, and vanilla javascript. 
+The site work by failing to parse user input every step of the way, and renders it as direct html. 
+You can view my hosted version at [xssbook.com](https://xssbook.com). 
diff --git a/src/assets/projects/03-brainfucked.md b/src/assets/projects/03-brainfucked.md
new file mode 100644
index 0000000..f45c157
--- /dev/null
+++ b/src/assets/projects/03-brainfucked.md
@@ -0,0 +1,10 @@
+---
+name: brainfucked
+repo: brainfucked
+---
+
+brainfucked is a brainfuck dialect that makes you manage your memory manually!
+The original interpreter gives you a tape of 30,000 cells, while i only give you
+as much as a pointer takes up on your system: 4 or 8 depending if your on a 32bit or 64bit system.
+You can than allocate a new tape and then use that! Also brainfucked is tuing complete proven by
+this amzing [proof](/blog/writeup?name=proof.md) that my friend [trimill](https://trimill.xyz) made.
diff --git a/src/assets/projects/04-wrapper.md b/src/assets/projects/04-wrapper.md
new file mode 100644
index 0000000..22a6bd6
--- /dev/null
+++ b/src/assets/projects/04-wrapper.md
@@ -0,0 +1,8 @@
+---
+name: wrapper
+repo: wrapper
+---
+
+wrapper is a simple and lightweight DNS server written in C. It supports custom user defined records in a config files, 
+and it also supports a few custom build records for fun! For example, there is a CMD record that runs a command on the 
+host system, and returns the result as a TXT record! Read more on the readme!
diff --git a/src/assets/projects/05-wig.md b/src/assets/projects/05-wig.md
new file mode 100644
index 0000000..5622bc0
--- /dev/null
+++ b/src/assets/projects/05-wig.md
@@ -0,0 +1,8 @@
+---
+name: wig
+repo: wig
+---
+
+ wig is a simple DNS client written in C. It supports all the important features as most DNS clients, 
+ but displays its results in a simple and concise format without all the clutter. It gives you what 
+ you want fast and simple. 
diff --git a/src/assets/projects/06-lazysphere.md b/src/assets/projects/06-lazysphere.md
new file mode 100644
index 0000000..4a36ee6
--- /dev/null
+++ b/src/assets/projects/06-lazysphere.md
@@ -0,0 +1,8 @@
+---
+name: lazysphere
+repo: lazysphere
+---
+
+lazysphere is a gnu coreutils/busybox clone, supporting commands such as su, 
+rm (the french), and also (but not exluding) yes. Its written in C 
+with no dependencies because they are bad. 
diff --git a/src/assets/projects/07-tuxman.md b/src/assets/projects/07-tuxman.md
new file mode 100644
index 0000000..46d82f6
--- /dev/null
+++ b/src/assets/projects/07-tuxman.md
@@ -0,0 +1,9 @@
+---
+name: tuxman
+repo: tuxman
+---
+
+tuxman is a recreation of the arcade multiplayer pacman battle game where pacman
+have to avoid ghosts and each eachother to win! Its written in TypeScript (im sorry),
+and fetures a full map editor with custom map support. It uses [rollback](https://git.tint.red/tint/rollback)
+netcode, and you can play a hosted version at [freya.cat/pacbattle](https://freya.cat/pacbattle).
diff --git a/src/assets/projects/08-nbtvis.md b/src/assets/projects/08-nbtvis.md
new file mode 100644
index 0000000..31a361f
--- /dev/null
+++ b/src/assets/projects/08-nbtvis.md
@@ -0,0 +1,7 @@
+---
+name: nbtvis
+repo: nbtvis
+---
+
+nbtvis, a.k.a NBT visualizer, is a simple C program that can convert Minecraft Binary NBT, String NBT,
+or JSON from one format from another.
diff --git a/src/assets/projects/09-corn.md b/src/assets/projects/09-corn.md
new file mode 100644
index 0000000..10f41de
--- /dev/null
+++ b/src/assets/projects/09-corn.md
@@ -0,0 +1,7 @@
+---
+name: corn
+repo: corn
+---
+
+corn is a x86_64 operating system micro kernel implemented in C. It uses the multiboot bootloader standard, and suports BIOS and UEFI boot. For memory managment, it
+supportes full paging, along with a physical and virtual memory allocator, and page allocating on first write. ACPI, PCI, graphics, and debugger support also exist.
diff --git a/src/assets/projects/10-matrix.md b/src/assets/projects/10-matrix.md
new file mode 100644
index 0000000..fafe0fe
--- /dev/null
+++ b/src/assets/projects/10-matrix.md
@@ -0,0 +1,6 @@
+---
+name: matrix
+repo: matrix
+---
+
+matrix is a fully featured expression based bytecode vm programming language. Implemented in Rust, it has its own lexer, parser, compiler, and vm runtime environment. Alogn with the base tooling, there is a included standard library that contains standard math, string, file, and system operations to make the language able to do more than simple number crunching. Matrix also contains a built in Repl with error checking, simple completion, and syntax highlighting.
diff --git a/src/assets/writeup/proof.md b/src/assets/writeup/proof.md
new file mode 100644
index 0000000..1f5eeda
--- /dev/null
+++ b/src/assets/writeup/proof.md
@@ -0,0 +1,55 @@
+---
+name: Brainfucked
+desc: trimills turing completeness proof for brainfucked
+---
+
+### Turing-completeness proof for Brainfucked
+
+By producing an algorithm that can translate arbitrary Brainfuck programs into
+Brainfucked, we prove that the latter must have computational class greater than
+or equal to the former, thus proving that Brainfucked is Turing-complete.
+
+Proof that Brainfucked is not of a greater computational class than Brainfuck is
+left as an exercise to the reader.
+
+Since Brainfucked tapes have a limited amount of memory, we will implement a
+tape as a linked list. Each item in the linked list will be a tape of length
+ten with the following structure:
+
+- The first cell contains the item's value
+- The second cell is 1 if the next item has already been allocated and 0 otherwise
+- The remaining 8 cells are the pointer to the next item
+
+The second byte is not strictly necessary, as we could just check whether the pointer
+is null, however it makes the translation significantly easier.
+
+First, we prefix the output program with `++++++++++*(`. Since the original tape is
+only 8 bytes wide, we need to make a new one with a size of 10. `+`, `-`, `[`, `]`,
+`.`, and `,` all translate to themselves.
+
+`>` can be translated as `>-[>++++++++++*<+]+>(`. This will allocate the next tape
+if it does not yet exist and then enter it.
+
+First, consider the case where next tape has not yet been allocated. We decrement the
+allocation marker cell, which wraps around to 255, allowing us to enter the loop. We
+then allocate the next tape and increment the allocation marker back to 0. After exiting
+the loop, it is incremented again to 1, signalling that the next tape is now allocated.
+We can then enter the newly allocated tape. If the tape was already allocated, the loop
+will never be entered and the marker will remain 1.
+
+`<` can be translated as `)<<`. We exit the current tape and move back over to the data cell.
+
+This proof only uses a subset of Brainfucked consisting of the characters `+-<>[]()*,.`.
+One of `+` or `-` can be trivially eliminated by replacing it with 255 copies of the other.
+Additionally, `,` and `.` are not required for Turing-completeness, as input can be encoded into
+the initial tape configuration and output can be read off the tape once the program halts.
+I conjecture that no smaller subset of Brainfucked is Turing-complete.
+
+#### Example translation script (Lua)
+```lua
+src = io.read("*a")
+src = src:gsub("%<", ")<<")
+src = src:gsub("%>", ">-[>++++++++++*<+]+>(")
+src = "++++++++++*(" .. src
+io.write(src)
+```