Bootingup.net
  • Abouts
  • Posts
  • Projects

Posts

March 27, 2026

Thoughts on IaC and Layering

Infrastructure as Code (IaC) has a property that there doesn’t seem to be an intuitive answer to: managing holistic state versus managing a subset of state. Terraform seems to have the hardest time with this; when managing state of a deployment, when is it easier to manage just a single application compared to managing all state in one deployment. This becomes exasperated when the underlying infrastructure or platform that the application lives on is also managed by IaC, and perhaps making changes is destructive to the original deployment. Doing all of the management in one deployment does mean that there’s less messy dependencies and ordering issues when deprovisioning, but making changes to whole swathes of infrastructure in one unwieldy state ultimately feels like a double edged sword. My bias may come from using Cloudformation, where a single account exists and exports manage relationships between stacks, but that also does not feel like a correct answer for all cases either.

read more
July 4, 2025

Magic Pontifex

I recently read Cryptonomicon, a novel by Neal Stephenson, where one of the characters develops a cryptosystem, Pontifex, based on a deck of playing cards. In reality, Bruce Schnieder made the system, and is a symmetric key system stream cipher, and while slow appears robust. I haven’t put in time to investigate the system for flaws or weaknesses, but I had a thought: what about a similar encryption system for use with a deck of Magic: The Gathering cards. There are some facets to this system that put restrictions on key creation. Depending on the format, MTG decks can have multiples of cards; the format Commander only allows single copies of cards (except for lands), and is a 99 card deck, increasing the key size. A useful deck would likely need more than one basic land, but not nessicarily; there may be a way to allow multiple basic lands by means of having different printings of each land. Pontifex uses the value of each card in the system, and each card is only printed a single time in each deck of cards. With thousands of MTG cards, it may be impractical to have each card have a unique value associated with it, except cards printed after a certain date (the majority) have a collector number associated with it. Each set of cards has collector number 1-(number of cards in the set), as so by prefixing the set number (by release date), there would be a unique number for each card, to be added and modularlly added to the plaintext to retrieve the ciphertext. This may be completely overbuilt and impractical, as it would be extrememly tedious to do by hand, but exploring the crytographic properties is interesting.

read more
April 30, 2025

BZT Thoughts

A collection of some thoughts about BZT, zero trust solutions, and zero trust in general.

Device-aided BZT

Trusted device start is an important factor in a zero trust architecture. Storing a secret key in a TPM and using that Key to authenticate a device and encrypt is a solid baseline to work past in the boot process.

Such a process would look like storing a secret key in the TPM, and use it with the IPSEC daemon. IPSEC policy drops non-IPSEC as normal to and from devices. Client auths normally over strong auth when attempting to use application traffic.

read more
April 22, 2025

Arch EFI Luks

Setting up FDE with UKI (Unified Kernel Images) and Secure Boot with Arch Linux was slightly more confusing that I anticipated. Just wanted to knock out a quick how to on actually building this the right way. It seems to be the right configuration conceptually, but the tools used like dracut vs mkinitcpio in the wiki made it hard to piece together. A opinionated Ansible playbook is hopefully coming soon.

read more
April 18, 2025

Can Johnny Encrypt Now

To continue on the legacy of Why Johhny Can’t Encrypt research, and to generally check in on how Thunderbird is with their OpenPGP encryption implementation, I conducted an experiment to investigate. For those curious about how the lab was constructed, most of the code should be available on my Github. Please reach out about concerns or questions.

Please download the PDF to view it: Download PDF.
read more
April 18, 2025

BZT Research Paper

For a class I took, I did some research into zero trust networking. As a result of the thinking about the problem, I did a PoC and paper discussing a novel approach to zero trust networking. The code can be found at https://github.com/Peeanio/bzt.

Please download the PDF to view it: Download PDF.
read more
September 8, 2023

Rust Esp32

For some time now, I have been meaning to get started with Esp32’s in earnest, and wanted an excuse to get started with Rust in something that was meaningful and embedded. I took the chance, and given the majority of my chips we esp32 v3.0, I had some hoops to get go through to get it working properly. Below should outline the steps I needed to take to get going with rust and this chip.

read more
June 1, 2023

Conflict-Gaming

Running a wargame with just military assets feels incomplete in a landscape where intelligence is so real-time and complete, where theatres in a non-shooting war include such amounts of espionage and influence through cyber campaigns and more that it seems so important to model those facets. For the past few years, I’ve thought about different aspects of what would be needed for that complete picture; running the cyber game, controlling HUMINT sources and directing influence ops, but now it feels like rolling all of that into one is possible. I really want to create an system where it is possible to all kinds of assets and their capabilities, in order to model and run that kind of conflict. Pace will be slow, like all of these, but it’s something in my mind, much as one could glean from my reading list from the past year.

read more
April 25, 2023

ESP32

Dropped the ball on working on some things because my main focuses were taking a lot of time and effort. I did get some ESP32 units to start messing around with, which feel like a step up from the Arduinos I started on seven years ago. With nothing but a simple library and its example loop, I was able to get a bluetooth speaker built and configured (with a DAC, of course). Here I was gearing up to learn C or Rust for this project and dive into some low level, but it was all done for me. The project itself did not mean enough for me to dig into properly, but I do plan to doing it for some sensor projects with other ESP32s.

read more
March 30, 2023

Cloud Providers

I’ve used linode to host a mail server for a few years now. They are changing their pricing, and I thought I would try out Digitalocean, see what it was like. I appreciated the aws-like product offering, and spent some time writing terraform to spin up a new email server there. I get it all spun up and lo and behold, Digitalocean now blocks port 25.

It is disappointing that it is getting so difficult to host an email server. Too many bad actors spoiled it for the rest of us by taking advantage of lack standards and controls to send spam. People don’t want to run their email servers themselves, because of the legacy of malicious behaviour, so those of us that want to start without the static IPs with reputation are left wanting.

read more
  • ««
  • «
  • 1
  • 2
  • 3
  • 4
  • 5
  • »
  • »»
© Bootingup.net 2026