Since I started migrating most of the services I run from various TrueNAS jails/VMs to the Proxmox instance, I have also set up a WireGuard® server since I find it way easier to set up than OpenVPN for example, and my router’s implementation of WireGuard® is not the finest at this moment.

Some earlier benchmarks that I’ve done on my home network, using two identical jails, one for OpenVPN and the other for WireGuard®, the WireGuard® instance could serve at least twice the bandwidth (tested using iperf from another external 1Gbit connection) while using less resources (relatively), and the peering was a bit better. However, your mileage may vary depending on the hardware, software, etc.

A while ago I made a post regarding setting up a DNS adblocker on a FreeBSD jail by manually setting up dnsmasq and configuring the forwarding DNS servers, as well as the adlists in hosts¹ file format. While it is still a (somewhat) valid instruction set, over the time I found myself in need of an all-in-one solution for handling the update of the adlists, as well as an easier way to whitelist and blocklist various domains.

It’s been about three years since I wrote anything around here, or since I did any kind of work on my personal projects. A lot has happened since, and honestly it wasn’t the best of times.

Two years ago I started experiencing some depressive episodes, some worse than I ever had, and slowly everything started going downhill. It affected my personal life, professional work, academia (not that I was too involved in that anyways), I was losing my grip pretty fast. This resulted in a severe burnout at work but thanks to my coworkers I was able to go easy and do everything step by step; however the impostor syndrome combined with thoughts that I wasn’t doing enough took a toll on my mental health. My personal life also took a 180˚ turn, but I’m not going to dive in that too deep.

A few days ago I started to think about transitioning from Vim to GNU Emacs. As a Vim user for more than 6 years, considering the Holy Wars, I should’ve got skinned alive.

I have tried Emacs in the past, but to no avail. I found the switch to be a little obtuse, as in Vim you’re used to working with multiple modes, one-key-commands, operators and motions, while Emacs is based on using (a lot of) key combinations and modifier keys to get the job done. As I started transitioning, I started to understand why is this, and how it made more sense the more I used it.

Hold on a minute
I don't want to go outside
I don't want to face my pride
There's a limit to how long I can wait
To how long I can take before I start to show
How close I am to letting go of myself

We all heard about adblocking at DNS level, implemented by services like Pi-hole, or maybe just setting an external custom DNS server like Cloudflare's 1.1.1.1 (fast & more private, not necessarily blocking requests), or Quad9.

These are all great options, but in my opinion they all lack a little bit of something, or provide too much. For example, external, custom DNS servers are good for a quick & easy setup, but you lack the ability of customizing the sources or manually whitelisting or blacklisting domains, and so on. On the other hand, a service like Pi-hole is great, it allows you to set up custom sources, you can whitelist and blacklist custom domains, you can set your own provider for the upstream DNS server, but it kinda requires a Debian-based distro in order to offer an easy setup via their own installer, in order to get the web ui.

Backstory

I am running this blog since the start of 2017, and while Hugo was something that I was really considering using, I ended up using Ghost, for its beautiful editor and other UI bling blings.

Ghost in the shell

At the time, Ghost was in his early minor-only version, and the set up was more or less manual. This meant that you needed to get an archive, install dependencies (Node.JS, npm, MySQL), set them up, and you’d end up with a working CMS. Updating it, though, was rough. Back up content, download archive again, install/update npm dependencies if needed, put content back, hope it’ll work. It worked, most of the times.

A friend brought me an LG Nexus 5X which wouldn’t power up anymore, after a hard shock (a fall). A symptom being “the Google logo appearing over and over again until it ran out of battery”. Apparently the owner took it to service before, regarding the issue, but “reflashing didn’t work”.

As an owner of a Nexus 5X, I took the matter in my own hands (a.k.a. searching the interwebs - ahem, XDA - for fixes).

What I was dealing with:

• Bootloop - nothing more past the Google logo
• Wouldn’t stay powered off while charging - plug in, bootloop occurs; not an issue, but makes the charging take longer
• Able to access the bootloader menu - useful for powering off, no recovery access available

Many times, you find yourself in a situation where you have to wait for a long task to complete, maybe little to no output available, and you end up hitting that Ctrl-C, pushing a SIGINT into the CLI software.

And it quits.

Without outputting whatever you needed or even printing a little progress. And it’s a little frustrating, even though it’s probably working as expected, taking what SIGINT does in consideration.

So, how do we introduce a classic “do you really want to exit?” confirmation in a Go CLI software?

Reasoning

I’ll just start this post with stating that I’m not doing this with malicious intents, nor am I going to use this for other purposes than learning, or advise using this on servers others than your own. That being said, let’s get down to business.

Why an SSH brute-forcer?

Because too many people are still using password authentication with weak passwords. There are still many servers with sshd open with the default port exposed to internet, using accounts with weak passwords. Have a RaspberryPi? Put it on the Internet! Just take a look over Shodan’s raspbian with port 22 query. It’s crazy. We’re kinda fighting fire with fire.