Category Archives: Thoughts

5 Years of Blogging

Leave a reply

5 years ago today, I wrote my first English blog post.

At the time I was using Hugo, the hosting was (and still is) provided by me, with the electricity that comes to my house, with an ISP that gave me IP addresses for (kinda-)free and all of it using FreeBSD.

These days, it’s not much different. I still use FreeBSD, I still use electricity, but I’ve moved from Hugo to WordPress and I write using MarsEdit, my favorite macOS software.

So, what have I done in the last 5 years? Well, not much, here are some basic statistic.

I have

  • Published 96 posts
  • Written 27,245 words
  • Uploaded 102 images
  • Told myself 256 times that “From now on I will blog every day

And I want to thank you all, for being here, with me, during my hardest days and happiest nights.

I love you all 🙂

Cheers!

Reply via email.

Domains as Verification

Leave a reply

Couple of days ago when I was browsing the internet I stumbled upon Jim Nielsen’s blog, where at the top it said

Verified ($10/year for the domain)

Screenshot 2023 05 26 at 9 37 20 PM

Luckily, his blog is so organized (unlike mine) where I found the post named Verified Personal Website in which he talked about this.

Personally, I don’t have enough CSS skills to do that, but I added a check mark next to my name on my blog (thank you Unicode!).

IMG 6638

I think this is amazing and it should be used more by bloggers everywhere. If someone opens a blog they should see a check mark. Maybe a cute one in SVG, maybe a CSS trick, maybe it’s just an image, but it should be there.

Why? so we remind people that on the internet, whenever you have a domain, you are already verified.

Can scammers scam and criminals phish? yes, indeed. But unlike the not-very-social-media, it’s hard to do that.

Ironically, having a website on the internet costs less than having a “verified” social media account, say on Twitter.

Currently, Twitter Blue costs $8/month or $84/year.

Let’s see how much would it cost to have a blog on the internet.

First thing first, you need a domain, and it can be anything that you feel awesome with. Awesome-ness is the first and only rule.

Here’s an awesome domain that I found is available using NameCheap.

Screenshot 2023 05 26 at 9 23 37 PM

This is awesome!

Next, we need to host our website. Well, lemme check my favorite server hosting platform, Vultr.

Vultr pricing

A machine with a single CPU and a 1GB of RAM, that’s plenty!

I mean, with that much power, you can easily run WordPress (if you’re using caching).

Or, if you don’t want to get techy-techy at all, you can use a static site generator. You like Markdown and text files? There’s Hugo for you. Do you want to just click on buttons and BOOM, your website is ready? Have a look at Publii!

So, how much does it cost in the end? Here’s how it looks like if you pay annually or monthly, per year.

A/M Twitter Blue Website on the Internet
Monthly $8×12 = $96 $8×12 + $10 = $70
Annually $84 $8×12 + $10 = $70

So yes, it is cheaper to have a website on the internet.

Wait a second, annually vs monthly looks the same? OF COURSE IT DOES! THIS IS THE INTERNET! We want you to think “huh, 70 dollars? well that’s dope” and not about “well, if I pay annually now, I will save 12 dollars” and then completely forget about that service anyway.

Oh, and did I tell you about the features of having a website on the internet? Well we don’t have a list, but here’s some things from the top of my head.

  • You get to be verified, because welcome to the internet
  • You get to post whatever you want
  • you get to edit them! can you believe that?
  • You can upload photos and make it looks like a photo blog
  • Unlike other platforms, which seemed to be for photographers but not anymore, you can tag things, and make albums!
  • You can upload podcasts!
  • Hell, and if you ever want to leave, you can just redirect your domain to somewhere else 🙂

And I’m not even talking about the other awesome features of having a domain, like, custom emails! Be that person that does NOT have a @gmail.com, but @AwesomeIsHere.net!

And hey, Twitter Blue might die, Twitter might die, every other company might die, but the internet will not 🙂

That’s all folks…

Reply via email.

Antranig Vartanian ✔

April 7, 2023

At this point all I want is MarsEdit for iOS. I just noticed that I haven’t logged into my WordPress website using the admin interface for weeks, which means that MarsEdit is REALLY awesome.

On the other hand, the WordPress App on iOS is very much tied with the WordPress services such as WordPress.com and Jetpack. While I like both services and recommend them to friends, they are not for me, so that’s a pass…

MarsEdit for iOS, I’d even pay monthly for that.

Reply via email.

Antranig Vartanian ✔

March 26, 2023

Couple of years ago, I saw an article that said “By the year 20XX 70% of all created content will be video”. Unfortunately, I didn’t bookmark the article, so I can’t link it.

But I did not believe that. More importantly, I did not want to believe that, and for a long time, I thought that it was wrong.

But couple of weeks ago, while sitting next to my girlfriend, I watched her scroll in Instagram, and oh my god, that article was very much accurate. Everything was a video.

This is specifically sad, because Instagram was a photo sharing platform and now most of the content there is indeed video.

After weeks of researching, looks like that most things ARE video these days.

I have mixed feelings about this.

I wonder if there are any non-Instagram, non-TikTok, actually a real world wide web, video blogs. We’ve seen web logs, we’ve seen photo blogs, but video blogs wold be very interesting. Maintaining them too!

Reply via email.

Design Guidelines vs Pushing The Limits

One of the design guidelines of Jailer is don’t break FreeBSD. As in if someone installed and used Jailer, and then deleted the Jailer binary and libraries, their Jails would still run without any issues. We do this with minimal intervention, for example, jailer init patches FreeBSD’s /etc/rc.d/jail, but in a way that you wouldn’t feel the difference much. We don’t create new rc.conf variables, we just change couple of loops. In a way, you can keep these changes even if you delete Jailer so your system would be much improved. Obviously, we do sent these patches to FreeBSD src.

But I’m in front of an issue right now. On one side, I want to keep these guidelines, on the other, pushing the limit will allow me to improve Jailer way more than I expected.

These are the things that I think about before sleep, or during the shower. I gave a promise, that I will not break the Jail ecosystem. But what if, just what if, the ecosystem was broken in the first place?

Some of you might know, that we’ve been working on integrating libucl with Jail. The experiments have been going well, in such that I feel I want to integrate these experiments with Jailer already, even before they get into FreeBSD (and they might even not get in at all).

My dream of Jailer and its ecosystem is complex. I feel that these integration would do good on the long-term, but I want to keep the short term alive as well.

One idea is to fork Jailer, keep two versions of it. One version that’s FreeBSD compliant, and another one that is pushing the limits.

This is going to be an interesting week…

That’s all folks…

Reply via email.

Antranig Vartanian ✔

March 14, 2023

It took me a while to realize this, but if you’re also working from home, these two tips might help you be more productive.

  1. When you start your work, make sure you’re dressed.
  2. Get a static working desk.

It seems so simple and rudimentary, right? It took me 6 months to realize this! Working from a desk fully clothed is a lot better than working in underwear in bed.

But I guess everyone is different. For me, this has been a huge productivity change 🙂

Reply via email.

Reply from National Vulnerability Database Team regarding Legacy Data Feeds

Couple of days ago when I was assisting a customer, I recommended that they follow the National Institute of Standards and Technology’s (a.k.a. NIST) Information Technology Laboratory’s Computer Security Division’s National Vulnerability Database’s (a.k.a. NVD a.k.a. that place that publishes the CVEs) data feeds. (Apologies for the bad intro)

So, these are RSS feeds that “contains the most recent CVE cyber vulnerabilities published within the NVD”

Unfortunately, I saw a notice at the top of the page, which got me really worried. It says

In September 2023, the NVD plans to retire all legacy data feeds while guiding any remaining data feed users to updated application-programming interfaces (APIs).

Usually, I’d panic and start ranting on my blog, but this is the NVD we’re talking about. They are a US government project that has been doing a lot of good and they are sponsored by the CISA, an agency that does many good things not just for US citizens, but citizens of our planet.

I started digging to understand what exactly is going to be retired and most importantly, why?

The NVD has made an amazing change timeline that has the following

The NVD plans to retire the RSS data feeds. The NVD plans to enable reCAPTCHA across all webpages and to retire webpages intended to support web scraping (e.g., Full Listings) before its APIs existed.

Okay, NOW I’m worried.

I’ll break this into two parts.

Why we need RSS feeds

You see, the internet relies on RSS, and I’m not just saying that because most of my audience uses RSS daily. The reason is much deeper than that.

As Dave Winer blogged a month ago

RSS is a thing like roadways and paths of rivers, they change very slowly. Think about qwerty keyboards. That’s what we’re talking about here. Agreements between products to interop. RSS is just like the gauge of rails, or always driving on one side of the street. A convention that makes progress possible. #

Scripting.com, Saturday, January 28, 2023

There are three products/protocols that I use daily, it’s Slack (for work), XMPP (for friends and family) and Telegram (for Armenian tech communities).

There are specific things that I should deliver for all these and that is messages, alerts, notices.

For my work, I should be able to get news if there’s a security issue on FreeBSD, because we use that. For friends and family I should deliver notices if there are any issues or upcoming maintenance to our servers. For my telegram communities I should update them if we’re having any new meetups, events, podcasts.

But, instead of writing a software that fetches, parses, analyzes and does something-something to these messages, I use RSS! FreeBSD has an RSS feed for Security Advisories. All I do in Slack is /feed subscribe https://www.freebsd.org/security/feed.xml and now, every time there an SA for FreeBSD, I get notified in Slack.

For friends and family? I have Huginn agent that parses RSS and send an XMPP message. For Armenian tech communities? I read a website’s RSS and a bot posts it in a group.

You get the idea.

RSS is all about “things working together”, there is no need to write a specific piece of for that specific thing.

And for years, I’ve relied on NVD’s RSS data feed to notify customers, tell them what to upgrade, if they need to upgrade and why to upgrade.

These RSS feeds are part of my professional life, a way for me, and people like me to know if we should be in panic mode or not.

So…

Okay, now what?

I believe in communication. I was very sure that my questions will be answered by the NVD, so I sent a message!

Greetings dear NVD team, NIST team and Computer Security Division,

While browsing your website, I have noticed the following change:

> In September 2023, the NVD plans to retire all legacy data feeds and the 1.0 APIs.

This became very disturbing, as many companies (including mine) rely on the data feed provided by NIST’s NVD.

I have two questions:
1) Is there *any* chance to keep the RSS feeds?
2) Is it okay if others (i.e. I) generate an RSS feed from your new API, if your final decision for q#1 is no?

[ . . . ]

If I may, that being said, I’m sure there’s a good reason, so my other question is:
What are/were the technical issues with RSS? Could it be bypassed or hacked around?

Thank you for all the work that you do, and thank in advance.

Kind regards,

I was right! They did answer all of my questions! I got a reply yesterday, here it is.

1) Is there *any* chance to keep the RSS feeds?

We have no plans to continue providing the RSS feeds located at
https://nvd.nist.gov/vuln/data-feeds#RSS
https://nvd.nist.gov/feeds/xml/cve/misc/nvd-rss.xml
https://nvd.nist.gov/feeds/xml/cve/misc/nvd-rss-analyzed.xml

Additionally, it is important to point out that per our announcement at https://nvd.nist.gov/general/news/change-timeline, the RSS feeds will be retired in March, not September. If you were not aware of these announcements we highly advice joining the NVD Google Group to stay better informed (https://groups.google.com/a/list.nist.gov/g/nvd-news).

2) Is it okay if others (i.e. I) generate an RSS feed from your new API, if your final decision for q#1 is no?

All NIST publications are available in the public domain. Organizations seeking to automate the retrieval of NVD data should use the NVD’s Application Programing Interfaces (APIs).
Services which utilize or access the NVD are asked to display the following notice prominently within the application: “This product uses data from the NVD API but is not endorsed or certified by the NVD.” You may use the NVD name to identify the source of the data. You may not use the NVD name, to imply endorsement of any product, service, or entity, not-for-profit, commercial or otherwise. For information on how to the cite the NVD, including the database’s Digital Object Identifier (DOI), please consult NIST’s Public Data Repository.

3) What are/were the technical issues with RSS? Could it be bypassed or hacked around?

The RSS feeds were considered to be overly simplistic and underutilized, they were determined in scope of retirement for these reasons as part of a larger effort to consolidate our output formats as we move towards the APIs. If you would like to submit a user story explaining the benefits and needs that the APIs currently do not meet we would pass that along to the development team for consideration in the future.

Okay. I agree! RSS is very simplistic, but that’s the point! it’s supposed to be simple. I mean, it’s simple enough that podcasts are RSS feeds.

And to be clear, I DID check the NVD’s new Vulnerabilities API, it’s awesome, it’s nice, it’s documented very well, kudos to the team, they did an amazing work, I’m sure it wasn’t easy. It has, for sure, more features than RSS could provide.

What to do about it?

I understand that the NVD is pushing the REST API, and I also understand why. But I really don’t want to write a “wrapper” for every service and technology that I use.

Here are my two questions.

  1. Will systems break because of this? Are you using these feeds? Do you rely on them for yourself or your organization?
  2. Will there be an interest by the InfoSec community to write a wrapper that generates a new RSS feed from NVDs new API?

Personally, if there’s an interest or not, I will be stopping everything I’m working on to create this NVD-to-RSS generator, as I very much rely on it. It will be open-source, obviously. What I should build is a drop-in replacement, where you change the feed URL, and everything works like before. (Well, I have to finish my other open-source commitments first, then I should work on this 😀 hopefully it wont take long.)

I would like to thank the NVD for keeping these feeds for all these years and congratulate them for their new APIs, I’m sure many good things will come out of these APIs.

And thank you for reading 🙂

That’s all folks…

Reply via email.

Antranig Vartanian ✔

February 3, 2023

Turns out this is what happens when you leave me alone at a supermarket.

Basically I start playing with all the electronics I find.

I found this Barcode scanner with Windows 8 (for some reason) and the browser was open.

I was thinking of idling it at my Armenian blog, but I think this was better!

It’s showing the “Get Blogging!” website 🙂

That’s a all folks…

Reply via email.

“You try, you fail, you try, you fail, but the only true failure is when you stop trying.”

Madame Leota, Haunted Mansion

Reply via email.