First commit

.gitignore

@@ -0,0 +1,6 @@
+.hugo_build
+deploy.ps1
+/public/
+/resources/_gen/
+/assets/jsconfig.json
+hugo_stats.json

archetypes/default.md

@@ -0,0 +1,5 @@
++++
+title = '{{ replace .File.ContentBaseName "-" " " | title }}'
+date = {{ .Date }}
+draft = true
++++

content/_index.md

@@ -0,0 +1,21 @@
+---
+title: Home
+---
+
+Hello! I am FzOrb, a computer programmer and system administrator from Bucharest, Romania. I enjoy playing [OpenTTD](https://openttd.org), [Cities Skylines](https://store.steampowered.com/app/255710/Cities_Skylines/) (I'm still sticking to C:S1 for now), [Terraria](https://terraria.org), [Minecraft](https://minecraft.net) and occasionally  [Grand Theft Auto IV](https://store.steampowered.com/app/12210/Grand_Theft_Auto_IV_The_Complete_Edition/) (I've only completed Niko's story). I also like music and modern (1800s and 1900s, especially interbelic) history.
+
+
+Currently I can be found at the following places.  
+**Email**: [fzorb@airmail.cc](mailto:fzorb@airmail.cc)  
+**Twitter/X**: [@fzorbie](https://twitter.com/fzorbie)  
+**Discord**: [@fzorbie](https://discord.com/users/1133639224030150656)  
+**Telegram**: [@fzorb](https://t.me/fzorb)  
+
+### Computers:
+**Laptop**: Lenovo Thinkpad T420 With Intel Core i5-2520, Nvidia NVS 4200M, 8gb of DDR3 ram. Running Debian GNU/Linux  
+**Desktop**: Ryzen 5 4600G, Nvidia GTX 1650, 16GB of DDR4 ram. Running Debian GNU/Linux and Windows 10 LTSC.  
+**Secondary Desktop**: Lenovo Thinkcentre M71 Intel Core i5-4440, 16GB of DDR3 ram. Running Windows 10.  
+
+**Latest update**: updated the homepage
+
+### Latest posts:

content/donate/_index.md

@@ -0,0 +1,7 @@
+---
+title: "Donate"
+---
+If you like what I post or what I do, I encourage you to donate in order to help me make more cool stuff. If you can't, it's okay.
+| method | address |
+|--------|---------|
+|Monero|49vVgf6hZiiiJmk1R618fZQDfu2mwBjgkFj7P8msqfcobtXhZgtMFYqZAUHdJjYTeq2PRpm3HpaRsPowbYWS8DC4Mxv3teV|

content/misc/_index.md

@@ -0,0 +1,4 @@
+---
+title: "Miscellaneous"
+---
+Talking about topics that don't enter in any other category.

content/misc/prague-shooting.md

@@ -0,0 +1,10 @@
++++
+title = 'Prague Shooting'
+date = 2023-12-22T17:27:01+02:00
+draft = false
++++
+![5 students on the roof of Charles University, evading the shooter](/pictures/prague.png)  
+*5 students on the roof of Charles University, evading the shooter*  
+
+
+Yesterday, one of my Czech friends told me about a school shooting in Prague. I thought he was joking, as he always jokes about this kind of stuff, so I looked it up. I was shocked. I have nothing but condolences towards the students of the school and the parents of the dead. I cannot believe this happened in Prague. We're living in a crazy world.

content/services/_index.md

@@ -0,0 +1,8 @@
+---
+title: "Services"
+---
+I host some services for public use, mainly on a T620 thin client which surprisingly copes running all of these services.
+
+### Services
+* Public: [earthwalker](https://earth.fzorb.xyz), [LibreY](https://search.fzorb.xyz), [Nitter](<https://nitter.fzorb.xyz>)
+* Semi-private: [mail](https://mail.fzorb.xyz), [xmpp](https://xmpp.fzorb.xyz)

content/technology/_index.md

@@ -0,0 +1,4 @@
+---
+title: 'Technology'
+---
+This is the part of the site where I ramble about technology. I believe in free as in freedom software, but sometimes it is hard to not sin and bite the forbidden... window? I exclusively use Linux for my servers though.

content/technology/how-not-to-use-cloudflare.md

@@ -0,0 +1,70 @@
++++
+title = 'How Not to Use Cloudflare'
+date = 2024-04-02T18:20:15+03:00
+draft = false
++++
+Cloudflare is a DDoS mitigation platform which offers free proxying of your origin server. Unfortunately, this proxying is not well-used by some people, such as the person who inspired me to make this blog post. He has since fixed it. On Sunday, me and a friend of mine have exposed a vulnerability to one of our other friends, which we will be referring for privacy reasons as X. X has agreed to the "hacking" of his website.
+
+## What is Cloudflare proxying?
+In order to mitigate DDoS attacks, Cloudflare must proxy your website throught one of their many proxy servers. This means, Cloudflare accesses your website instead of your user. While this may be a privacy concern, we will not adress it as it is not the point of this document, instead, I direct you to https://0xacab.org/dCF/deCloudflare/-/blob/master/README.md.
+
+## The issue
+The person configured his webserver incorectly, and instead of denying all of the requests from IPs that are not of Cloudflare (see https://cloudflare.com/ips/), it allows any traffic on port 80. Port 80 is the default web port for unencrypted traffic. The individual did not have an SSL certificate, instead relying on one provided by Cloudflare. This is not reccomended and was used as part of the attack vector. 
+
+Due to the fact that they allow all IPs to request port 80, if we have his origin IP, which was easily found via https://search.censys.io/, we could send a direct request to the server. Below is showing a direct request to my server, if we access it from the direct IP, without any host headers.
+
+```
+> curl http://107.189.28.28
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx!</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx!</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working. Further configuration is required.</p>
+
+<p>For online documentation and support please refer to
+<a href="http://nginx.org/">nginx.org</a>.<br/>
+Commercial support is available at
+<a href="http://nginx.com/">nginx.com</a>.</p>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>
+```
+
+This is the result of sending the same request but with the host header set to fzorb.xyz:
+
+```
+>curl 107.189.28.28 --header "Host: fzorb.xyz"
+<html>
+<head><title>301 Moved Permanently</title></head>
+<body>
+<center><h1>301 Moved Permanently</h1></center>
+<hr><center>nginx/1.18.0</center>
+</body>
+</html>
+```
+This is the response you get if you try going to http://fzorb.xyz/. It redirects you to the secure version, https://fzorb.xyz/.
+
+## But why would you want to bypass the origin?
+We had more "humble" motive. The website in question checked your IP address before accessing the website so it wouldn't be from a certain country to join a Discord guild in order to prevent someone from joining. I found this absurd so I came up with the attack vector, and my friend did the actual exploiting of this vulnerability. This was used to prevent geoblocking. But this could also be used in worse ways, such as impersonating admins on a forum for example. In fact, Stack Overflow in its early days determined admins by their IP address, which in this case was 127.0.0.1. This is not secure at all.
+
+## So how does this work?
+The webserver knows your IP address via a header called X-Forwarded-For. Cloudflare doesn't use that header, instead using CF-Connecting-IP. In the absence of Cloudflare, you can set CF-Connecting-IP to any value you want and the Webserver will think it is valid. You could set your ip to values like `1.1.1.1`, `1.3.3.7`, `69.69.69.69`, or even `420.420.420.420`, and the webserver can't know any better.
+
+## How do I mitigate it?
+You can mitigate it via numerous ways. Here are the 2 ways you can do that:
+* Disable Cloudflare proxying: this is the option X chose. This may not be an option for you though if you are subject to frequent (D)DOS attacks. 
+* Deny access of all Cloudflare IPs: there is a handy script on Github made by user Icseon, which uses iptables to deny all non-Cloudflare traffic on port 80 and 443. https://github.com/icseon/cf-iptables
+
+I hope this blog post has been useful. While I do not use Cloudflare myself, I know many people that do.

content/technology/my-servers-2023.md

@@ -0,0 +1,31 @@
++++
+title = 'My Servers (2023 edition)'
+date = 2023-12-20T20:11:58+02:00
+draft = false
++++
+
+Over the past 5 years, I have inherited my father's philosophy of self-hosting. It all started with my brand-new Raspberry Pi 4. I wanted to create a Minecraft Server for me and my friends to play on. Unfortunately, due to my lack of skill, I have had to offload the responsibility onto my father's server (which was really weak! an intel celeron j1800 was barely cutting it for versions newer than 1.12.2!). Eventually, during quarantine, my father had moved his entire suite of servers (mainly SBCs) to the j1800 and it was beginning to get quite horrible. We were lucky to even get 18 TPS when more than 2 people were on.
+
+Eventually, I've decided that the j1800 wasn't good enough anymore, so I've decided to get an old laptop motherboard with an Intel Core 2 Duo. Due to me barely knowing shit, I was quite frankly hooking that poor laptop motherboard to a monitor and starting the Minecraft server in a new window, which wasn't and still isn't a good thing, as it required me to be at home, it wasn't an issue for spring 2020 though.. After 3 months of doing it this crappy way, my father spent an afternoon teaching me how to enable the sshd daemon and figuring out how to make the Minecraft server autostart. Eventually he convinced me to just use Docker, and I have to say, I **really** enjoyed it, so much so that until recently I **only** (with a few exceptions like nginx) used docker.
+
+Nowadays, the only component that remained the same through all of these 3 years worth of administration was Docker. I have learnt a lot just during this year alone and my system adminsitration knowledge doubled compared to last year. The motive for this blog post is to reflect on my progress this year and what I have learnt.
+
+# The components
+My suite of servers is comprised of the following few lads:
+* **Frantech/BuyVM** VPS:
+  I use this as a VPN in order for me to be able to expose my services to the internet without needing to port forward on my home IP address.
+* **HP t620 Thin Client**
+  This is the brains of the whole operation and I find it hilarious how last year I thought I'd be using a more beefy server, but this lad, which cost me 5 dollars by the way, went above and beyond for me. I strongly reccomend the HP t620 for hosting basic websites, fediverse instances and Minecraft servers (though you should use purpur or you will experience a lot of lag!). 
+* **Raspberry Pi 4**
+  I still use this guy for stuff that **must** only be accessed on my home network. Stuff like Bitwarden, althrough I also run a Jellyfin server meant for public use, by my friends of course. 
+* **Wyse 3040**
+  This lad is a new addition to my homelab. I run an experimental Terraria server on it.
+
+# The stack
+For all critical services, I prefer to run them on bare metal, as to not depend on one too many daemons. As I was saying earlier in this blog post, I still use Docker after 3 years of non-stop use. Recently however, I have dabbled into some Proxmox shenanigans and for a while I was reconsidering my faith... until I saw how badly virtual machines performed on the t620. Arguably it isn't really a wise choice to run Proxmox on it and I've ultimately decided that I was better off with just Docker. 
+
+# My regrets
+I should have gotten more ram and I should've not had to rely on Wireless internet, which is a node which can fail within my setup. I should've used ethernet. Unfortunately, I cannot convince my father to help me extend an ethernet cable to my room.
+
+# Conclusion
+I strongly enocourage self-hosting everything you can, as it helps fight decentralization and you can often times find it better to use free and open source alternatives to things such as ~~Google Reader~~ (I forgot that shut down), Google Calendar or Gmail.

content/technology/running-a-fediverse-server.md

@@ -0,0 +1,59 @@
+---
+title: "Running a fediverse server (for (nearly) free!)"
+date: 2023-07-09T09:30:00+03:00
+draft: false
+toc: true
+images:
+tags:
+  - fediverse
+---
+
+Running a fediverse server is now easier than ever, you can run it on hardware as low spec as a Raspberry Pi. With the recent twitter drama, it is extremely lucrative to create a fediverse account now. While you may find it easier to create an account on a more well-estabilished server, it isn't exactly the best idea. Why? Well, if you're going to make an account on a [well estabilished instance](https://joinmastodon.org/servers), you're subject to their moderation policies, and, you can get banned for some nonsensical reasons. By hosting a server, you're practically becoming censorship-resistant.
+
+## Prerequisites
+* A domain name: I'd reccomend Cloudflare Domains or Porkbun. 
+* A VPS: It's easy to get an Oracle Cloud Free Tier VPS.
+* Some linux experience
+
+## Basic setup
+You will want to add your domain to Cloudflare, this isn't required, but it is reccomended as you may encounter bad actors trying to attack your instance. If you use Cloudflare Domains, this was already done for you.  
+After you've added your domain to Cloudflare you must go to your ingress rules (instance page > vcn > subnet > security list) and add the following rules:
+```sh
+0.0.0.0/0	All Protocols				All traffic for all ports
+```
+You may think that it is insecure, but we will be adding a firewall on our server now. We'll be using ufw since it is the easiest to set up for newbies.
+```sh
+sudo apt-get install ufw
+ufw allow 22
+ufw allow 80
+ufw allow 443
+```
+
+## Picking your poison
+Oh well, this might be easy for some or hard for some, so I will cover each option.
+* **Mastodon**: Mastodon is the most widely-used server software on the fediverse (we're still suffering from Eugen's decisions from 7 years ago), however, it isn't the greatest. Why?
+  * **Uses a lot of resources:** Mastodon is fat, which may turn you away if you want to run more than just a simple Mastodon instance on your server. Here is a comparison between Mastodon and Pleroma:
+  ![less is better](/pictures/mastodon-to-pleroma-comparison.png)
+  * **Less costumizable:** At most you can just edit the stylesheet with the default FE and add a banner. Pleroma-FE beats the fuck out of Mastodon when it comes to costumization. You can even replace Pleroma-FE with another frontend, such as soapbox.
+
+  If you still wish to use Mastodon, the documentation covers everything better than I could. https://docs.joinmastodon.org/admin/prerequisites/
+* **Pleroma**: Pleroma is a more sensible option if you wish to have something more light-weight. There are 3 versions:
+  * **Vanilla**: The base version of Pleroma, active development has ceased unfortunately and the only updates you'll get are security fixes. (https://docs-develop.pleroma.social/backend/)
+  * **Akkoma**: A fork of Pleroma that allows users to be more expressive than on Pleroma. (https://docs.akkoma.dev/)
+  * **Rebased**: An improved version of Pleroma. (https://soapbox.pub/install/)
+
+
+  All of them are trivially easy to setup and have one thing in common, the way that they are ran:
+  * **From source:** you're compiling the source code every time you run the software. This opens up the posibilities of editing the source code on your server, which you may find useful in some cases. Though, depending on your server's specifications, it may take a while to run it. 
+  * **OTP**: OTP is the closest you can get to a binary release. It isn't compiled every time your run it, so startup times will be faster. Though, there are some limitations, most notably that you can't edit the source code
+
+* **Misskey:** Misskey is by far the most feature-rich server we've covered, like Pleroma, it has many versions:
+  * **Vanilla**: The base version of Misskey, without any forks. https://misskey-hub.net/en/
+  * **Foundkey** Maintained by the same people who maintain Akkoma https://akkoma.dev/FoundKeyGang/FoundKey
+  * **Firefish** A more advanced version of Misskey which implements the Mastodon API https://joinfirefish.org
+
+
+  I'd personally use Firefish as it seems more estabilished than FoundKey at this point in time. I'd reccomend any Misskey version for beginners, as it is easier to run and setup than Pleroma or Mastodon.
+
+## Conclusion
+Making a fediverse server is simple, but the hard part is maintaining it. 

content/trains/_index.md

@@ -0,0 +1,4 @@
+---
+title: "Trains"
+---
+I like trains. Don't only think I'll only ramble about regular trains, I'll also ramble about Metro trains and trams, they're trains after all, right?

content/trains/a-trip-to-the-CFR-museum.md

@@ -0,0 +1,35 @@
++++
+title = 'A Trip to the CFR Museum'
+date = 2024-01-26T20:02:16+02:00
+draft = false
++++
+
+I've had the chance these past days to go to the CFR museum in Bucharest, Romania, where they had a beautiful train model, as well as many other things, such as a whole steam locomotive in their frontyard. I highly suggest anyone visits this museum. It may not be as big but it makes up in quality. It's next to the North Railway Station and is served by STB routes 1, 10, 82, 97, 105, 182, 282, as well as the Gara De Nord 2 (M4) Metro Station (Also Gara De Nord station. If you want to go to GDN2, you'll have to switch at Basarab).
+
+![A huge steam locomotive parked outside of the CFR museum](/pictures/cfr/steam-locomotive-1.jpeg)  
+*A huge steam locomotive parked outside of the CFR museum*
+
+![A scaled down design of a cargo terminal](/pictures/cfr/cargo.jpeg)
+*A scaled down design of a cargo terminal*
+
+![060-EA-042](/pictures/cfr/060-EA-042-1.jpeg)
+*Model of 060-EA-042 locomotive*
+
+![LDH](/pictures/cfr/ldh.jpeg)
+*Model of LDH diesel locomotive*
+
+## The model
+![Doutchebahn locomotive hauling passenger cars](/pictures/cfr/db.jpeg)
+*Doutchebahn locomotive hauling passenger cars*
+![Siemens Desiro train](/pictures/cfr/siemens_desiro.jpeg)
+*Siemens Desiro train*
+![Model 1](/pictures/cfr/model_1.jpeg)
+![Model 2](/pictures/cfr/model_2.jpeg)
+*Pictures of the train model*
+![LDH in action](/pictures/cfr/ldh_in_action.jpeg)
+*LDH in action*
+![Depot](/pictures/cfr/depot.jpeg)
+*Depot*
+
+
+I hope these pictures can be of some use.

content/trains/altsom-coardia-stream.md

@@ -0,0 +1,25 @@
+---
+title: 'The Altsom Coardia Stream and what it means for CFR'
+date: 2023-12-20T21:29:27+02:00
+draft: false
+---
+The first Class 101 trains from Altsom have arrived recently in Romania, and I have to say I am 3 weeks late to the party. I can't explain in words how big this is. This is CFR's first aquisition of new electric trains in 20 years. Below is a picture with the most common electric locomotives in Romania, the class 4x ones.
+![A class 40 train](/pictures/class4x-train.jpg)
+*A class 40 train of CFR Calatori at Bacau. Picture courtesy of Calin Strimbu.*
+
+
+These look like they belong in a scrap yard, don't they? A few years ago my parents were shocked at how old the locomotives were and they say that "they looked like they were 100 years old" and I don't blame them. We even have nearly 80 year old locomotives still in service. I'm not joking. Class 77 trains were produced from 1935 to 1942 and they still USE THEM, though it's for short routes.
+![A class 77 train](/pictures/class77-train.jpg)
+*A class 77 train of CFR Calatori at Calimanesti station. Picture courtesy of Stefan Puscasu.*   
+
+
+And here are the second newest trains of CFR calatori. Siemens Desiro, AKA Class 96
+![A graffitied class 96 train](/pictures/class96-train.jpg)
+*A graffitied class 96 train of CFR Calatori at Bucuresti Nord. Picture courtesy of Stefan Puscasu.*
+
+
+And here we have the new Altsom trains.  
+![A brand new Altsom Coardia Stream train with a bit of snow](/pictures/class101-train.jpg)  
+*A brand new Altsom Coardia Stream train with a bit of snow. Picture courtesy of Observatorul Prahova*
+
+Ever since the 2000s, CFR has started gaining the reputation of being **extremely** unreliable, with CFR having delays of **4 million minutes** ([source](https://www.digi24.ro/stiri/actualitate/calatorii-in-timp-la-cfr-trenurile-din-romania-au-intarziat-anul-trecut-cumulat-mai-bine-de-8-ani-2560019)) in 2022. Yikes. I don't know if the reason for these delays are rolling-stock related, but I have to say, I hope that's the case. I also don't even want to touch on the bathrooms of the passenger cars. Thank God I never had to take a number two in one of these, cause otherwise, I would've gotten all of the possible and impossible STDs. I won't show pictures, it's gross as hell, but if you are interested, google "veceu cfr". I am also interested in seeing if it will take less time to get there, as these trains can reach 200km/h, but we have horrible infrastructure. I hope the lines get modernized faster, so I can finally go to the beach in a decent timeframe.

content/trains/the-former-railway-in-the-childrens-park.md

@@ -0,0 +1,10 @@
++++
+title = "The Former Railway in the Children's \"city\" in Bucharest"
+date = 2024-03-28T11:09:41+02:00
+draft = true
++++
+In 1976, a new Park in the neighbourhood of Berceni, a neigbouirhood whose purpose was housing the workers of the IMGB factory, was inaugurated. It included many attractions, but the most interesting thing was the railway.
+
+There were 2 locomotives and 4 carriages for passengers. They were built by 23 August Works (now FAUR) and at first ran on batteries, but in the 90s, one locomotive was converted to diesel traction, using a tractor motor and the other scrapped for parts.
+
+Until 1991, it ran gracefully, but then, "Thomas" got rented by private entitites and in 2002, he was locked up. In the meantime, a lot of the rail's bolts were stolen, but the rails were not, due to the fact that they were mounted by ITB, the communist era transport operator, which welded the rails with the buffers. 

hugo.yml

@@ -0,0 +1,24 @@
+baseURL: 'https://fzorb.xyz/'
+languageCode: 'en-us'
+title: "FzOrb's blog"
+theme: 'hugo-xmin'
+menus:
+  main:
+    - name: Home
+      pageRef: /
+      weight: 10
+    - name: Technology
+      pageRef: /technology
+      weight: 20
+    - name: Trains
+      pageRef: /trains
+      weight: 30
+    - name: Miscellaneous
+      pageRef: /misc
+      weight: 40
+    - name: Donate
+      pageRef: /donate
+      weight: 50
+    - name: Services
+      pageRef: /services
+      weight: 60

themes/hugo-xmin

@@ -0,0 +1 @@
+Subproject commit 7d49f2c4d7d460bb351c563587f50beb514996ad