About Garrit Franke

The RSS's url is : https://garrit.xyz/rss.xml

Please copy to your reader or subscribe it with :

Preview of RSS feed of Garrit Franke

Beware of base64 encoded strings

2024-04-15 08:00:00

I just encountered a fun little bug that I thought is worth sharing.

TL;DR: the base64 util breaks lines after a certain number of columns. Use a flag to specify "don't break". Here's the commit that fixes the issue:

<img width="1588" alt="image (3)" src="https://github.com/garritfra/garrit.xyz/assets/32395585/dba76692-c89f-44da-b70a-f6732a406d75">

It started when we noticed that a cronjob that used wget to regularly call an endpoint failed on one specific environment. The endpoint uses Basic Auth, which is essentially a header with a Base64 encoded representation of a username and password. Curl has this functionality built in, but to keep the attack surface as small as possible, we decided to stick to wget, which is part of busybox, to keep the container image size under 1 MB (!). After all, all we want to do is ping an endpoint.

This is the command we used up to this point:

wget --post-data="" -O - --header="Authorization: Basic $(echo -n $BASIC_AUTH_USERNAME:$BASIC_AUTH_PASSWORD | base64)" http://endpoint:8080/v1/cache

We noticed that the request worked fine on non-prod environments, but it failed on production with the following error:

The HTTP header line [b2verlk1rwjsnutbcapkjh==] does not conform to RFC 7230. The request has been rejected.

After digging around for a while and separating out the individual pieces of the commands, I noticed that the subcommand to build the header value (echo -n $BASIC_AUTH_USERNAME:$BASIC_AUTH_PASSWORD | base64) behaved differently on prod vs. non-prod. The password on prod is way longer compared to the other environments. Let's run this command with a short input:

sh / $ echo -n someuser:somepassword | base64 c29tZXVzZXI6c29tZXBhc3N3b3Jk / $

And again with a long input:

sh / $ echo -n someuser:somepasswordthatswaylongerthanthefirstonebutalsoverysecureandsafe | base64 c29tZXVzZXI6c29tZXBhc3N3b3JkdGhhdHN3YXlsb25nZXJ0aGFudGhlZmlyc3RvbmVidXRhbHNv dmVyeXNlY3VyZWFuZHNhZmU= / $

Bingo! There's a rogue newline character in the output of base64. The fix is very straight-forward. Using the -w0 flag for base64, we can force the output to be on the same line:

/ $ echo -n someuser:somepasswordthatswaylongerthanthefirstonebutalsoverysecureandsafe | base64 -w0 c29tZXVzZXI6c29tZXBhc3N3b3JkdGhhdHN3YXlsb25nZXJ0aGFudGhlZmlyc3RvbmVidXRhbHNvdmVyeXNlY3VyZWFuZHNhZmU=

This eventually fixed the issue. Not something I would've ever thought of!

A simple search bar

2024-04-11 08:00:00

I just added a simple search bar to my "More ..." page. It just redirects to a DuckDuckGo search with your search term and limits it to my site. Simple, yet effective!

The inspiration for this feature came from Salvatore Mesoraca's site. Here's the snippet, feel free to steal it:

jsx <form className="search" method="get" action="https://duckduckgo.com/" target="_blank"> <input id="search" type="search" name="q" placeholder="Search via DDG" /> <input type="hidden" name="sites" value="garrit.xyz" /> <input type="submit" value="Search" /> </form>

Try it out

Try searching for anything!

<form className="search" method="get" action="https://duckduckgo.com/" target="_blank"> <input id="search" type="search" name="q" placeholder="Search via DDG" /> <input type="hidden" name="sites" value="garrit.xyz" /> <input type="submit" value="Search" /> </form>

Beating Elden Ring

2024-04-10 08:00:00

⚠️ WARNING ⚠️: This post contains a lot of spoilers for the game Elden Ring.

So, I just beat Elden Ring. It took me 120 hours and, coincidentally, I was level 120 when I beat the final boss. That damn final boss... but more on that later.

Elden Ring won me over instantly, even though I've never played any of the other Souls games. After beating Breath of the Wild, I called it my favorite game. I just needed more games like this. When Elden Ring came out, people compared The Lands Between to the open world of Hyrule, and I quickly agreed. The freedom these games give you is absolutely unbeaten. You almost never really get "stuck" on something. You can always wonder off and explore until you're ready to take on the fight.

After about 50 hours into playing Elden Ring, I kind of lost my focus and stopped playing for a while. It was too huge of a game to beat at the time, so I gave up.

But then, Tears of the Kingdom came out and doubled up on the world of Hyrule. I absolutely adored this game. I spent day and night playing until I finally beat it. This game also motivated me to beat Elden Ring one more time. Despite failing over and over, each play session gave me a feeling of progression. I might not have beaten a boss yet, but there was always something happening the side that got me closer to beating it. Be it exploring and getting better gear or learning as much as I can about a boss to find ways to deal damange, I always got a small step closer to my goal. I'd go as far as to say I never felt so determined to reach a goal ever before in my life.

The boss fights in Elden Ring are obviously extremely difficult, but they're always fair. The bosses in this game never make mistakes, you're the one that screwed up. You just keep failing and failing, but with each run, you learn something new about the fight that makes it easier in the next run. And when you finally overcoming this challenge gives you a feeling of accomplishment like nothing else could.

What I didn't realize in the beginning of my playthough is how extremely well rounded the world and the lore of this game is. I spent days and nights indulging myself in the lore through numerous YouTube videos, guides and Wikis. Only then did I begin to understand the scale of this game. Every action of each character, every building and every item fits in the grand scheme of the world.

Going out of this, the biggest thing that stuck with me is the determination. Failing is part of your life, and that is okay. No matter how daunting a task is, there's always a way to overcome it. The Elden Beast is the final boss of the game, and it's also where I spent about a quarter of my playtime. This thing has absurd attacks, immense health, and did I mention that you have to beat it after beating another extremely difficult boss, without being able to top up your health? This fight is ridiculous. I spent multiple weeks trying to beat it. I was really close to giving up, but as I mentioned earlier, each run gets you a tiny bit closer to the finish line, so I pushed through. I refined my build, I leveled up my stats and I learned how to dance with the beast. Eventually, I won the fight not by luck, but by determination. I now feel like I understand every attack well enough to dodge it. My mind was on autopilot when I beat it.

Knowing this much about a game didn't teach me any practical skills. There's nothing I can do now that I couldn't do before I knew that Rykard (Lord of Blasphemy), son of Rennala and Radagon (also known as Queen Marika), chose to go against the Erdtree and eventually fed himself to a serpent to devour the entire world (which you prevented). But there's something about this game that left me craving for more. It's truly a masterpiece.

Bonus

In case you're interested, I uploaded some of the bossfights during my playthrough in this YouTube playlist:

<iframe width="560" height="315" src="https://www.youtube.com/embed/videoseries?si=j1Ue2lrrLy1JTOM9&amp;list=PLS8TKBZz1x5S6ojf24SMF1h_HYb4AyTxc" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>

Five Years of Blogging

2024-04-07 08:00:00

My blog just turned five years old! 🎉

To celebrate this unique occasion, I want to announce something I've been secretly working on: I wrote a book!

The cover of Five Years of Blogging

Five Years of Blogging: Ideas, Opinions and Guides written 2019 to 2024 serves as a memoir for the first five years of this blog. It's a collection of not all, but my most valuable blog posts capturing my ideas, opinions and the lessons I learned. The book is quite messy, but that's by design. I want to preserve all posts in the state that they have originally been written in. Where necessary, you may find introductory paragraphs or footnotes to explain something in more detail, but the original posts have all been left untouched.

Getting a copy of this book is the best way to support my writing. You can either buy the book directly on Buy Me a Coffee, or you can become a monthly supporter, which grants you a free copy after signing up.

I'm extremely grateful for the journey this blog has taken me on, and the people I met along the way. Who knows, maybe there will be a "Ten Years of Blogging" book in the future?

Pandoc: Convert links to footnotes (the easy way)

2024-04-04 08:00:00

Pandoc has a feature to covert links to footnotes. Unfortunately, this only applies to LaTeX documents. Since I want to stay away from LaTeX for reasons of bloat, I was looking for a more universal approach.

First, I encountered this thread suggesting to use a regular Pandoc filter. This has one downside though: you need a Haskell toolchain on your system. So I moved on ...

I eventually stumbled across this thread, explaining how to do the same thing but with a Lua filter instead of Haskell. Since Lua is embedded into Pandoc, you don't need to install anything. Hooray for embeddable languages!

Simply place the following snippet into file (/filters/link-to-footnote.lua for example):

lua function Link(link) link.content:insert(pandoc.Note(link.target)) return link.content end

Note: If you want to keep the original hyperlink in tact, replace the return link.content with return link.

And add the following flag to your Pandoc build command:

`sh

!/bin/sh

pandoc text.md -o book.epub \ --lua-filter=filters/link-to-footnote.lua \ # <-- This one --metadata-file metadata.yaml \ --standalone \ # ... `

After compiling the document, you should now see that each link has a footnote with the link text.

Fuck trees, use tags

2024-04-02 08:00:00

We've been trained to organize our files into a tree-like structure. A file can only exist once in the entire tree. It may have multiple contexts, but it can only exist once. Here's an example: you get a really important invoice for your car that you have to keep for your taxes. Where do you store this invoice alongside your other files?

Whatever strategy you choose, there are probably times where you wish to have used a different directory structure. Sure, you can put the file in one directory and then create a shortcut or link in the other directories, but the original file will only ever exist in one place.

I believe that these tree-like directory structures are inherently flawed, and that tagging systems are superior in almost every way.

What I mean by tags is to organize files/entities/whatever into a flat structure and add meaningful tags/labels to add context. To revise the example above: our important_invoice.pdf could have the following tags:

One could argue that vehicles and tax could be their own tags, but I specifically choose these tags to prove an important point:

Tags can mimic trees

If you think about it, a file path in a sense is just a reference to some location. Files on a physical hard drive aren't organized in trees. They're a bunch of ones and zeros slapped together in a pool of other files. A file path is just an abstraction for the user to reference a specific location in this pool of files. A file path is a tag!

Unfortunately, most systems are designed to only allow one path per file. This creates the hierarchical structure we so often use. But as I mentioned above, we could simply assign multiple tags or paths to a single file to organize it in multiple ways. The important_invoice.pdf has little to do with tax or 2024 as standalone terms, but assigning the tag tax/2024 gives it a similar meaning as a path to a file in a directory. The term invoice is enough to infer that everything using this tag is an invoice. It's equivalent to having a directory named invoices with multiple files inside.

So, we have established that tags are easily superior to trees. Why are we not using them?

Tags have bad UX

There have been many attempts at giving users the possibility to organize their stuff using tags. Your Gmail mails can be labeled, you can use tags for files in MacOS and there are apparently even efforts to create tag-based filesystems. But none of them were good enough to change the game.

Our brains seem to be so used to the idea of a piece of information only existing at one location at a time that it's really hard to adapt at this point. I'm sure there are some power users out there who make the most of the limited tagging features of their systems, but what I would really like to see is a real shift in how we store and retrieve information.

Discussion

This post has spark some interesting discussion on Lobsters.

Toil

2024-04-01 08:00:00

After cheating death himself, Sisyphus was punished to push a large boulder up a steep hill for eternity. Every time he reached the top, the boulder would roll back down and Sisyphus had to start over.

Our life is full of such toil. Mowing the lawn, cleaning the dishes and doing our taxes are examples of toil that prevents us from doing sustainable work. We should always seek to minimize toil where possible. We have dishwashers and spam filters to help us fight toil, but there are some reoccurring tasks that cannot be automated.

Sisyphus eventually found peace with his fate. Instead of seeing his punishment as an eternal burden, he saw it as his life's purpose. Maybe those comparatively small annoyances in our life are worth enjoying. They're part of what makes us human.

Dive Log: Vietnam

2024-03-12 08:00:00

So, after our adventures in Phuket, we journeyed on to Nha Trang in Vietnam, where we also went diving.

Unfortunately the visibility was average, and the wildlife in Nha Trang wasn't as diverse as in Phuket, but that only made the hermit crabs or the occasional lionfish feel just that much more special.

In total, we did 4 dives in Nha Trang. Here's a full list, taken from my logbook:

| Title | Date | Site | Depth (m) | Time (min) | Highlights | | ----------- | ---------- | ---------- | --------- | ---------- | ---------------------------- | | Nha Trang 1 | 2024-02-25 | Dam Bay | 12 | 45 | Cold water and sandy bottom | | Nha Trang 2 | 2024-02-25 | Mot Island | 13.5 | 45 | Squids and lots of anemones | | Nha Trang 3 | 2024-02-26 | Tam Island | 11.2 | 37 | Playing around with bouyancy | | Nha Trang 4 | 2024-02-26 | Tam Island | 10 | 46 | Hermit crabs |

Dive Log: Phuket

2024-02-26 08:00:00

I just became a certified diver! 🥳

I got my license through the Rumblefish Adventure divecenter in Kata Beach, as per a recommendation from a friend who happened to be around in the area when we were there.

Kata Beach is a great dive spot. It has crazy wildlife, it's just a short swim away from the beach and the visibility is quite good if you haven't seen many reefs yet (like myself).

After doing our PADI Open Water license, we went to Phi Phi Islands to do a fun dive. The experience swimming through the reefs there can simply not be put into words.

In total, we did 7 dives in Thailand. Here's a full list, taken from my logbook:

| Title | Date | Site | Depth (m) | Time (min) | Highlights | |-----------------------|------------|-------------------|-----------|------------|----------------------------------------------------| | Open Water Training 1 | 2024-02-16 | Kata Beach | 6.4 | 39 | First time seeing the reef! | | Open Water Training 2 | 2024-02-18 | Kata Beach | 10.9 | 62 | Almost finished all mandatory training | | Open Water Training 3 | 2024-02-18 | Ko Pu, Kata Beach | 16.3 | 44 | Artificial reefs with lots of interesting wildlife | | Open Water Training 4 | 2024-02-18 | Ko Pu, Kata Beach | 12.9 | 48 | Even more crazy wildlife | | Phi Phi Islands 1 | 2024-02-20 | Koh Bida Nok | 20.5 | 51 | Sharks! | | Phi Phi Islands 2 | 2024-02-20 | Turtle Rock | 17.6 | 55 | Turtles, Sharks, Cave | | Phi Phi Islands 3 | 2024-02-20 | Shark Point | 20.4 | 46 | Lots of verticality |

Photos

P2170670 - Kopie.JPG

P2170752 - Kopie.JPG

P2170727 - Kopie.JPG

P2170759 - Kopie.JPG

P2180898.JPG

P2180901.JPG

P2180859.JPG

P2170749 - Kopie.JPG

P2180837 - Kopie.JPG

P2170733 - Kopie.JPG

After Phuket, we went to Vietnam where we're currently also on a lot of fun diving trips. But I'll save that for another dive log post.

Cosmic Horror: The Festival

2024-02-10 08:00:00

"The nethermost caverns are not for the fathoming of eyes that see; for their marvels are strange and terrific. Cursed the ground where dead thoughts live new and oddly bodied, and evil the mind that is held by no head."

— H.P. Lovecraft

I loved reading The Festival by H.P. Lovecraft, especially this quote by "the mad Arab" at the end of the story. The Festival is one of Lovecrafts first short stories in the Cthulhu Mythos. The quote excellently shows the unique style of Lovecrafts short stories. Each story is a grotesque depiction of horrors that are beyond our imagination. I recently tried to replicate this style of writing in "Haunted Memories", a short story about digital media. I'm just getting started with reading Lovecrafts stories, but the ones I read so far absolutely blew me away.