What programming/technical projects have you been working on?

Still focused on the FraXiNUs image sorter

https://tildes.net/~comp/1eei/what_programming_technical_projects_have_you_been_working_on#comment-c3ak

I reached a place where the interface for tagging untagged images is fine although the browsing interface is deficient. There is a lot of support for searching over combinations of tags but these aren’t well-exposed to the user. I figured it was a good time to stop feature work and do the async-to-sync transition.

That got me doing a lot of research into Python web servers, task queues, and such. I don’t completely like the Python story but access to ML libraries is likely to keep me there. Right now I am switching the whole thing to run under WSL2 (virtualized Linux) because there I can use gunicorn which is able to support more than one CPU-using thread at a time which is particularly important if I want to actually run any ML code inside the web server. Given how Tailscale works (not very well inside WSL2) it seems very likely I’m going to configure IIS to be a reverse proxy for gunicorn and have IIS serve images because it is faster than Gunicorn at that. (The goal is premium service for a single user as opposed to handling super-heavy loads.)

This move is going really well, I have switched over all the batch scripts and two out of 20 URL handlers, the code change is simple and mechanical but will involve testing every endpoint. I’m feeling pumped to take the YOShInOn RSS reader through the same transition soon if this is successful. The good news is that the Python build and dependency situation is getting better (much closer to maybe open sourcing something) but the sysadmin challenges of getting it all to work will increase.

After that transition my plan is to improve the interface for the tags and also make something that resizes images so the application is easier to use from a mobile device when I am on the go, that in turn will unlock the “personal data lake” accomplishment because it will now be quick to do something like reparse all the HTML documents in the system because the system will be distribute the task over my 16 CPU cores.

Setting up a WireGuard VPN network to access my home LAN with my phone/laptop when I'm out of the house. Because I don't have a static IP, I set up a hub and spoke configuration with a VPS to forward all traffic to my Raspberry Pi at home.

So far, what I have is this and it's all working well. Each client has two tunnels - the aforementioned tunnel to the VPS and another tunnel to Mullvad. However, what I really want is to effectively "combine" the two tunnels into one, so I don't have to switch between networks when I want to access my home LAN.

I believe the latter setup is possible, but it's so much more complex for me that I'll have to do a lot of reading up on iptables and routing in the weekend...

I'm working on a set of 3d printed parts to build a Safe Solar Viewer for the eclipse. Here is a picture of the current prototype. This version works okay, but I need to add a screen at the middle so that the only light shining on the lower screen is through the lens. It is base on the lenses in this design

It's a little overbuilt, so I am simplifying the design to lower the part count and reduce the amount of hardware needed.

I'm looking to put it on Printables when its done, probably this week. There are a few already on their, but 1) I like making my own models and 2) mine has an adjustment for fine tuning the aim of the lenses.

Debugging my Proxmox server's:

• Occasional TrueNAS hangs
• Default route occasionally getting repointed to some strange place that isn't my network gateway (likely tied to my Byzantine bridged networks used by my LXCs)

Setting up an observability stack on my Proxmox server to help me respond to issues as they arise. And, later, like a good DevOps, I'll automate alert-driven mitigations where I'm not smart enough to make a lasting fix.

Building a motion-sensor IoT mouse trap with either MQTT or ESPHome. I want to trap mice humanely and then be made aware they're trapped. Goal of getting them out of the house once trapped so they don't hurt themselves.

Building a custom Pi 5 laptop because I can and because it'll be badass to have a low power Linux laptop that is unique. Also, designing it to facilitate my growing hardware hacking habit and to play around with pen testing (Kali).

Still putzing around with Zig and UDP. I've learned a few things:

1. The protocol I was starting to create was... Not Good™. Very susceptible to DOS with the equivalent of SYN flood, and pretty bad in terms of reflection amplification. The security with AES was fine I think, but the thing as a whole is not very flexible.
2. This seems like a pretty good resource: http://ithare.com/udp-for-games-security-encryption-and-ddos-protection/ I especially like the proof of work mechanism as a DOS deterrent and intend to use it.
3. DTLS doesn't seem worth the hassle. It doesn't really give much benefit beyond the ability to use X509 certificates and some of the pre-existing TLS packet preparation tools. Really the main benefit is integration with other tooling.
4. QUIC is an interesting protocol. I'm still researching this to see more what its offerings are... however I strictly do not want a stream oriented protocol. QUIC does have a datagram transmission extension, but support seems spotty. Integrating this into a Zig codebase also is a bit more brittle than I'd like with existing tools.
5. AES is faster than I realized! Did some benchmarks on this to get an idea what I should use where. I think the IT Hare recommendation is probably right that for proof of work, a faster mac (I'm using cmac for now) is probably better. I had been puzzling about how to admit optional encryption for better performance on low-sensitivity, low-latency messages, starting to create some complex thing where a MAC is used for plaintext but AES is used for cipher text. It looks like I could just state in the protocol that each packet has a cipher-text segment and an auth-data segment. If the ciphertext segment is empty, AES runs damn fast and generates a mac with the same key I'm already using for the connection.

I think I'm at a point that I need to stop coding, and take what I've learned and plan out a revision 2. This past exploratory step is probably important to get a bearing on what's what - I definitely feel more knowledgeable now than I did last week - but I need to take a step back and look at what I actually need. What bits go where and what does each party need to keep track of.