ring0 » blog

Automatic deployment of hugo sites

tags: hugo, drone, ci 2016-01-27 13:25 by lhw

Something I wanted to try out since I set up the blog as hugo static site was the automatic testing and deployment straight from the git to our webserver. As we are not using any of the common hosts for static sites, because why would we when we have a server at our disposal, it was a interesting to find a solution without using third-party services.

Our current setup is a VPS running a nginx and a docker environment for everything we don’t quite trust and or want to run on bare metal. Two of those docker containers are Gogs and Drone CI, which work miraculously well together.

Let's Encrypt - the comfortable way

tags: ssl, letsencrypt 2016-01-21 17:49 by lhw

Let’s Encrypt was released to the public on the 6th of December last year and has been a huge boon to the worldwide adoption of SSL/TLS Encrpytion for admins who prefer their own little site or mail server to huge sites like Google and the inherit indexing and spying by basically everyone.

Up until now SSL Certificates were either expensive, not quite trustworthy or generally not accepted in any browser or mail client. Let’s Encrypt certificates on the other hand are easily requested, verified and installed on any machine while also being free and trusted by any software thanks to a cross sign.

Let’s Encrypt offers a rather complex python script which helps setting up the certificates for different webservers and alike but almost always requires a standard setup to work. And anyone who has set more than a few basic settings is out of luck and has to do it manually, which is rather annoying considering the very short certificate lifetime of three months.

Alternative tools to the rescue. There is now already a pletora of different tools implementing the ACME protocol ranging from little bash scripts to full blown python applications. Many of these will do the job just fine as does the official client for that matter. I decided to go with acmetool a great little tool written in Go.

In addition to the common webroot, listen and manual mode acmetool also offers DNS verification and a proxy mode, basically webroot without the need for filesystem access. Due to the fast iteration on the tool it also already supports the signing of ECDSA certificates in addition to the standard RSA ones.

new blog software ... again

tags: ring0, blog, hugo 2015-12-29 12:53 by lhw

And once again a new blog software. Well not as much blog software as just a static site generator. I went with hugo as it seemed to be of reasonable complexity and allowed me to port over the blog theme in a minimal amount of time. Whole blog and the content are now maintained in the old microblog git.

All old links should still work as before. e.g. /entry/1/ or /page/2/. In addition code blocks now support syntax highlighting for all of pygments supported languages, which are quite numerous. Including most programming and config file syntaxes. Which is quite important for a coding and administration oriented blog.

//go example
import "fmt"

func main() {
	fmt.Println("Hello World")

server {
  listen [::]:80 ipv6only=off;
  server_name server.name.nic;

  location / {
    add_header Strict-Transport-Security max-age=15768000;
    return 301 https://$server_name$request_uri;

The old famfam icon set was replaced by a web font with just a minimal set of glyphs we actually need, thanks to fontello. The Icons come from Font Awesome and Entypo I’ll do an inlined version of the SVG font version later to remove absolutely all binary traffic from the blog.

convergence notary

tags: convergence, security, ssl 2011-09-07 20:35 by lhw

ring0.de is now hosting a convergence notary on notary.ring0.de You can find the corresponding notary file here

For more information on convergence watch the talk on ssl and authenticity on youtube and visit the website of convergence

Update (2015-12-28)

The ring0 notary is defunct.

the fatal ways of the sheevaplug

tags: hardware 2010-07-17 19:56 by lhw

It’s been about 10 month now since I ordered 7 SheevaPlugs, a plug sized computer, from GlobalScale. Everything ran smoothly for the next months till about 2 weeks ago when it suddenly became unresponsive and spammed the network with packages slowing down my other clients. A few more days later and it broke down completly with a blinking green LED. As it turned out this was already the second dead SheevaPlug after the one sre got back then.

After just about 1 minute search you will find the following thread on plugcomputer.org, the official forums: Is my sheevaplug dead ???. After reading the thread for a while it was obviously the power supply units fault. Seeing some of the pictures its a miracle that thing worked in the first place. The average lifetime of the PSU is about 9 month according to the thread. NewIt.co.uk the british GlobalScale reseller even offers the PSU as single product nowadays.

I first thought about buying on of those but then I probably would have gotten the same faulty PSU again. So I tried locating the defect parts on my one. I replaced an electrolytic capacitor and checked the output under stress with a 12cm fan, which seemed to work. But not when connected to the SheevaPlug which seems to suck that PSU to its uppermost limit. So there were more faulty parts which I couldn’t locate beneath all that brownish/blackish glue.

In the end I removed the internal openframe PSU and connected it to an cheap external power supply. As board connector the plug from an old PC case speaker fits perfectly.

And here some pictures of the now again working SheevaPlug: