Skip to content

Sysrant Posts

Monolith vs microservices – It’s not about the tech.

Let’s start with the most spot-on comic of Hilbert. I’ve personally seen various cases as this comic. In real companies. For real production flows. From real people. This entire discussion about monolith vs microservices feels the same for me. The same as the discussion about cloud vs on-prem, Rust vs Go, red vs blue… What we read is biased Every blog, even this one, is biased. Because I have my set of experiences gained over the years, it does not mean I have covered every aspect of IT. Not even speaking over the aspect that comes with company politics, architecture,…

Building a Slack slash command bot with Golang and Kubernetes

I use Slack ever so often, therefor I challenge myself to explore it further, rather than just being a user. For the fun, experience and just random interest in how things work. That’s was also the reason for https://sysrant.com/500-bounty-man-in-the-middle-on-slack/ 😉 Anyhow, within Slack you can create bots with various capabilities. I just want to create small apps/bots in my spare time. Making something of a Slash Command is fairly easy. Slash Commands A slash command is something like /the-command input which can be fired from the chat in Slack. It will do an HTTP request and expects a response back…

Part 2 – Security – No, nothing is secure

secure: adjective –  certain to remain safe and unthreatened. I’d never been that “secure” in my entire life when it comes to IT security. In the past, I’ve run for years without a virus -scanner or protector. The thing is that I’ve been taking this quite logically rather than rationally. Most people would have to frown their eyebrows on my second sentence; why would you not protect yourself?  That’s the thing though. I know what I’m doing and what is happening on my system. I know what I visit (browsing) and I know what I install. I monitor my network…

Part 1 – Security – your reasons are wrong

I’ve always had an interest in security the moment a teacher showed me an SQL injection in the code I’ve made.. over 12 years ago.  There were two main reasons for that. I was intrigued by the technical puzzle that presented itself by abusing someone’s code. The second part was that everyone with that knowledge could access my database. Something I did not want because it could contain sensitive data. In this case, it was merely a school assignment but ever since I developed more skills in security because I cared.  It’s now 12 years later and security became a…

500$ bounty: Man in the Middle on Slack

I wanted to disclose a security issue/concern which I found a while ago on Slack in a blog post. The issue itself is not very technical on itself. This makes it cool to share it with a somewhat broader public. Hopefully to create more awareness about security in general. Besides that, I hope people will start using bug-bounty programs more often. Either by signing up on programs such as HackerOne with their company or by just trying to hack in one of the programs there 😉 Slack? Just a small intro for those who don’t know Slack (shame on you…

WordPress can be secure

I have encountered many discussions regarding WordPress and it’s security. I love arguments and I believe we should stop see everything in black and white. Hence my title. It can be secure. Because I believe it can also be insecure, but more importantly I want to share my knowledge on the topics regarding security. To make it more secure. I have managed over 150 WordPress websites professionally on my previous job(s) and this website itself is WordPress too. Over a timespan of roughly 3-4 years, I have had 0 breaches. One could argue: but you got “pwned” yet you did…

Everything is still very insecure

I obviously browse the web and sometimes when I do that, I just randomly check for odd behavior. It’s just a simple fact that if we have given some random website, there are issues. In general, it takes me literally about 3 minutes to “find something”. First thing first. I’m actually not a great hacker. I’m probably not even good. I just know what to look for and have my experience of ~10 years as a programmer in my backpack. The second part is when I find “something”, it can be something simple. Most cases it is just misconfigurations and/or…

Creating a static website with Google Cloud’s Storage & App engine

I recently had some experiences with Hugo. Hugo is one of the most popular open-source static site generators. With its amazing speed and flexibility, Hugo makes building websites fun again. https://gohugo.io/ I wanted to create a new website for myself and figured I’d give it a go. These are my experiences with it. General thoughts about Hugo I like the principle of Hugo. It enables you to create content in a fairly easy way and generate static files for it. Out of the box, it provides various internal functions to make that generation easier. Especially when your theme is set…

Cloud native WordPress with Docker on Kubernetes

Perhaps it’s good to start with the definition of cloud native: Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach.These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. https://github.com/cncf/foundation/blob/master/charter.md So, is WordPress Cloud native? Fuck no. I will explain it further later on but to be honest, no PHP application or even framework is made…

My API was shit – I used it myself

I mostly program in PHP; there is absolutely nothing wrong with it per se. Honestly I can create things within a few hours that would cost a few days in a stricter language. I know the code is not that awesome, but that was not the goal. The goal was to try something out without wasting immense time & resources on making it “perfect”. So back to the API I once created an API that would give me data, data that I could use on my website or any other device / application. I used it only via my website and…

Enjoy life!