Skip to content

11th Week of 2025

Activism

Hacktivism

Mobile Verification Toolkit

Detección de estupas

  • New: Malditos estupas.

    Los estupas (o infiltrados) son de los peores cuerpos de represión del estado. No sólo porque extraen información de los colectivos sino porque generan un ambiente de desconfianza y miedo que muchas veces es paralizante o incluso desarticula los propios colectivos. De la peor escoria de la sociedad...

    Por desgracia, en el estado español está bastante de moda. Por suerte no estamos desamparadas, varias compañeras están generando materiales para familiarizarnos con este problema. Desde el documental Infiltrats hasta el Manual para destapar a un infiltrado (puedes ver el artículo del salto sobre el manual).

    Probablemente estos desgraciados adaptarán sus modos de hacer para pasar estas detecciones, pero al menos los movimientos sociales ya tenemos una base formal sobre la que trabajar.

    Referencias

Conference organisation

pretalx

Life navigation

Time navigation

Identities

  • New: Introduce the time navigation abstract identity concept.

    An identity is the set of qualities, beliefs, personality traits, appearance, and/or expressions that characterize a person or a group.

    Identity serves multiple functions, acting as a "self-regulatory structure" that provides meaning, direction, and a sense of self-control. It fosters internal harmony and serves as a behavioral compass, enabling individuals to orient themselves towards the future and establish long-term goals. As an active process, it profoundly influences an individual's capacity to adapt to life events and achieve a state of well-being. However, identity originates from traits or attributes that you may have little or no control over, such as their family background or ethnicity.

    Identities then will be the guide of my life. I've tried setting essential goals, answering big questions with no success so far. This approach however looks more interesting because:

    • I can split myself in many identities each with it's definition and analyse life through the different lenses, identify identity conflicts, priorize identities...
    • I can analyse each identity on it's own, decide how to change my roadmap to integrate the ones I want to adopt and get away from the ones I want to leave behind.
    • It reminds me of the RPG character building and although it may seem silly, that motivates me.
    • It fits quite well with what I've learnt regarding habit management

    The identities archive

    I'm using a new notebook page called identities.org where I plan to analyze, build and evolve my identities.

    An identity section

    Each identity may have the next sections. A simple heading with the name of the identity is just fine. You'll create the sections as long as you need them.

    Analysis of the identity

    Here we can develop our thoughts on what does the identity mean and what do you see yourself embodying the identity

    Identity characteristics

    List the values, habits, abilities, knowledge, capabilities and experiences that define the identity, and analyse each of them.

    Identity plan

    Here is where we can sketch the plan we want to follow to grow or shrink this identity. It contains a list of identity axis.

    Children identities

    Sometimes an identity can be refined in smaller more specific identities, here we'll add sections for each of them.

    Identity analysis

    Dump your thoughts on your identities

    Before we get tainted with our past analysis imagine a fresh canvas and start painting yourself.

    You can add a section in think.org to record your findings. I found that I needed some time to do this dump, working on the section through days before the actual analysis.

    Do an initial list of values

    I first created a global values or principles headline and listed all core principles such as:

    • All creatures are beautiful
    • Be excellent to each other
    • Better done than perfect

    You may refactor them into the identities once you start building them.

    Do an initial list of identities

    Empty your mind of the different identities that define you or that you want to be defined by. Create headlines for each using the sections defined above as you need them.

    Do an initial list of axis

    Dream of what axis you'll want to address. If you can order them into identities.

    Do the identity analysis

    Refactor the gathered thoughts into the identities.org file

    Select the identities you want to prioritise in the year

    • Skim over all identities and for the ones you want to focus in the year:
    • add the identity tag
    • assign a priority
    • do not add a TODO keyword, we'll reserve them for the identity axis.
    • Use the year custom agenda identities section to adjust the priority of the different identities following the next guides:
    • Spread the identities over the different priorities so that each has more less the same number of elements.
    • Compare an identity with the ones that are above or below and decide if you promote or demote it
    • If you don't want one identity to bien the list add the backlog tag if you don't want that identity and it's subidentities to appear. Add the hide tag in case you want any of the subidentities

    Refine the identities

    Following the priority order of identities go one by one until you run out of time and:

Axis

  • New: Introduce the axis time navigation concept.

    An identity axis is an abstract guide for action with an indefinite scope or a timeframe longer than one year. It serves as a high-level directional tool to materialise changes in your identities, helping to outline a general course without specifying exact destinations.

    Limitations of an axis

    • It is not suitable as a final destination on a roadmap because it is too ambiguous.
    • Even minor progress could be considered sufficient, leading to a lack of clear endpoints.
    • One could continue indefinitely without a sense of completion, such as continuously striving for improvement.

    Axis orgmode representation

    An axis is a headline or TODO headline (depending whether it's active or not) that is part of the plan section of an identity.

    It can have none or many of the next sections:

    Axis analysis section

    To gather the thoughts regarding the study of the axis

    Axis plan section

    To gather the axis projects that will materialise the direction of the axis.

    Axis projects

    To prevent endless pursuit, an axis should be broken down into projects with defined scopes that indicate when to stop advancing in that direction.

    Axis projects shall:

    • Have a scope shorter than 11 months so they can be managed in the life stage review.

    Depending on whether the axis projects will be acted upon in the current quarter they will have two possible representations:

    • If you don't plan to it will be a project section with the análisis, and steps
    • If you do, then it will be a link to the project section either in projects.org or in backlog.org. You can leave the analysis section below the link in identities.org that way it won't use precious space in your projects.org file.

Roadmap Adjustment

  • New: Life stage roadmap adjustment adjustments.

    Review what you've done the last year

    Read your logbook.org (o bitácora.org) adjusting the priorities of the áreas, projects and actions thinking of the impact the element has meant in your live.

    Review what you've learn the last year

    It's always interesting to look back and see what you've learned throughout the year. I have these sources of data:

    Digital garden

    If you happen to have a digital garden you can look at your git history to know what has changed since the last year. That's cumbersome and ugly though, it's better to review your newsletters, although you may need to use something like mkdocs-newsletter.

    While you skim through the newsletters you can add to the analysis report the highlights of what you've learned.

    You can also check your repository insights.

    Anki

    I use anki to record the knowledge that I need to have in my mind. The program has a "Stats" tab where you can see your insights of the last years to understand how are you learning. You can also go to the "Browse" tab to sort the cards by created and get an idea of which ones have been the most used decks.

    Review what programs you have developed

    Update your identities

    Follow the steps of identity management.

Content Management

Book DRM

  • New: How to remove DRM from ebooks.

    To remove the DRM from ebooks you can use DeDRM_tools.

    Installation

    You need to download the latest release, and follow the instructions of the README.md of the zip file.o

    Usage

    Once the plugin is installed, you can import the books you want to remove the DRM from. In theory the plugin only works on import and not on convert, but I've also used the convert tool to make sure it's a different file.

Health

Silence

  • New: Introduce the Right to quiet collective.

    • Right to quiet: The Right to Quiet Society for Soundscape Awareness and Protection was founded in Vancouver, British Columbia in 1982 as a charitable organization with the mission of raising public awareness of the detrimental effects of noise on health; promoting awareness of noise pollution and the dangers of noise to our physical, emotional, and spiritual wellbeing; working for noise reduction through better regulation and enforcement; encouraging responsible behaviour regarding noise; advocating for manufacturing quieter products; and fostering recognition of the right to quiet as a basic human right, rather than as an amenity for the affluent.
    • Right to quiet resources

Coding

Coding tools

Vim Snippets

Gitea

  • New: Configure gitea.

    Check the configuration sheet or the default values

  • New: Upgrade the gitea actions runner.

    • Check in the releases the last version and the changelog
    • Deploy the new version
    • Restart the service

  • New: Upgrade gitea.

    Check the Changelog for breaking changes

    To make Gitea better, some breaking changes are unavoidable, especially for big milestone releases. Before upgrading, please read the Changelog on Gitea blog and check whether the breaking changes affect your Gitea instance.

    Verify there are no deprecated configuration options

    New versions of Gitea often come with changed configuration syntax or options which are usually displayed for at least one release cycle inside at the top of the Site Administration panel. If these warnings are not resolved, Gitea may refuse to start in the following version.

    Make a backup

    Upgrade from docker

    • docker pull the latest Gitea release.
    • Stop the running instance, backup data.
    • Use docker or docker-compose to start the newer Gitea Docker container.

    Upgrade from binary

    A script automating the following steps for a deployment on Linux can be found at contrib/upgrade.sh in Gitea's source tree.

    • Download the latest Gitea binary to a temporary directory.
    • Stop the running instance, backup data.
    • Replace the installed Gitea binary with the downloaded one.
    • Start the Gitea instance.

    Read the script to see what it's going to do. To upgrade to 1.20.5 you can use:

    ./update.sh -v 1.20.5

    If you have a different home directory for gitea you can set

    giteahome=/var/gitea ./update.sh -v 1.20.5

DevSecOps

Infrastructure Solutions

Kubernetes

  • New: Optimizing Kubernetes Cluster Node Count: A Strategic Approach.

    Reducing the number of nodes in a Kubernetes cluster is a critical strategy for controlling cloud infrastructure costs without compromising system reliability. Here are key best practices to help organizations right-size their Kubernetes deployments:

    1. Availability Zone Consolidation

    Carefully evaluate the number of availability zones (AZs) used in your cluster. While multi-AZ deployments provide redundancy, using too many zones can: - Increase infrastructure complexity - Raise management overhead - Unnecessarily distribute resources - Increase cost without proportional benefit

    Recommendation: Aim for a balanced approach, typically 3 AZs, which provides robust redundancy while allowing more efficient resource consolidation.

    2. Intelligent Node Sizing and Management

    Implement sophisticated node management strategies:

    Node Provisioning Optimization - Use tools like Karpenter to dynamically manage node sizing - Continuously analyze and adjust node types based on actual workload requirements - Consolidate smaller nodes into fewer, more efficiently sized instances

    Overhead Calculation Regularly assess system and Kubernetes overhead: - Calculate total system resource consumption - Identify underutilized resources - Understand the overhead percentage for different node types - Make data-driven decisions about node scaling

    3. Advanced Pod Autoscaling Techniques

    Horizontal Pod Autoscaling (HPA) - Implement HPA for workloads with variable load - Automatically adjust pod count based on CPU/memory utilization - Ensure efficient resource distribution across existing nodes

    Vertical Pod Autoscaling (VPA) - Use VPA in recommendation mode initially - Carefully evaluate automated resource adjustments - Manually apply recommendations to prevent potential service disruptions

    4. Workload Optimization Strategies

    High Availability Considerations - Ensure critical workloads have robust high availability configurations - Design applications to tolerate node failures gracefully - Implement pod disruption budgets to maintain service reliability

    Resource Right-Sizing - Conduct thorough analysis of actual resource utilization - Avoid over-provisioning by matching resource requests to actual usage - Use monitoring tools to gain insights into workload characteristics

    5. Continuous Monitoring and Refinement

    • Implement comprehensive monitoring of cluster performance
    • Regularly review node utilization metrics
    • Create feedback loops for continuous optimization
    • Develop scripts or use tools to collect and analyze resource usage data

Continuous Deployment

ArgoCD

  • New: ArgoCD commandline installation.

    curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
install -m 555 argocd-linux-amd64 ~/.local/bin/argocd
rm argocd-linux-amd64

  • New: ArgoCD commandline usage.

    Login into the server

    The argocd login command is the first step in interacting with the Argo CD API. This command allows you to authenticate yourself, setting up a secure connection between your terminal and the Argo CD server. You’ll need to provide your server’s URL and your credentials. There are three different ways to login, I found that the --core is the most useful as it will use your kubernetes credentials.

    argocd login your.argocd.url.com --core --name production

    Be careful thought that you can't set different argocd context for different clusters using the --core even though you set the --kube-context flag. The config file ~/.config/argocd/config shows that it's using whatever kubernetes context you're using. So be careful that you're applying it in the correct one!

    Set an argocd context

    The argocd context command is used to manage your Argo CD contexts. A context is a configuration that represents a Kubernetes cluster, user, and namespace. You can use this command to switch Argo CD between different contexts, allowing you to manage multiple Kubernetes namespaces and clusters from a single terminal.

    You can see the different contexts with argocd context

    Get the list of applications

    argocd app list

    Refresh an application

    argocd app get app_name --refresh

    Show the diff of an application

    argocd app diff app_name

    Sync an application

    argocd app sync app_name

  • New: More not there yet features.

    • Python library: I have found none
    • Argocd TUI: I have found none that is updated

Automating Processes

renovate

Storage

OpenZFS storage planning

  • New: Add link tot he backblaze disk reports.

    If you have some time take a look at backblaze disk reports they do quarterly analysis on their infra (around 300k disks).

    @@ -26,6 +26,7 @@ nav: - Feminism: - Privileges: feminism/privileges.md - Palestine: palestine.md + - Detección de estupas: estupas.md - Anarchism: anarchism.md - Memoria histórica: memoria_historica.md - Anti-Tourism: antitourism.md @@ -33,19 +34,22 @@ nav: - Free Knowledge: free_knowledge.md - Free Software: free_software.md - Environmentalism: environmentalism.md - - Laboral: - - laboral.md - - Trabajadoras del hogar: trabajadoras_del_hogar.md + - Laboral: + - laboral.md + - Trabajadoras del hogar: trabajadoras_del_hogar.md - Collaborating tools: collaborating_tools.md - Conference organisation: - conference_organisation.md - pretalx: pretalx.md - - Ludditest: luddites.md - - Life Management: + - Luddites: luddites.md + - Life navigation: - life_management.md - - Time management: + - Time navigation: - time_management.md - - Time management abstraction levels: time_management_abstraction_levels.md + - Time navigation abstraction levels: + - time_management_abstraction_levels.md + - Identities: identities.md + - Axis: axis.md - Action Management: action_management.md - Roadmap Adjustment: - roadmap_adjustment.md @@ -134,6 +138,7 @@ nav: - Book Management: - book_management.md - Bookwyrm: bookwyrm.md + - Book DRM: book_drm.md - Movies Management: - Jellyfin: jellyfin.md - Ombi: ombi.md @@ -196,6 +201,7 @@ nav: - Teeth: - teeth.md - Deep cleaning: teeth_deep_cleaning.md + - Silence: silence.md - Remote Working: remote_work.md - Fitness Tracker: - fitness_band.md @@ -649,6 +655,8 @@ nav: - fail2ban: linux/fail2ban.md - pass: pass.md - Wireshark: wireshark.md + - Canary tokens: canary_tokens.md + - Sysadmin tools: - brew: linux/brew.md - detox: detox.md @@ -753,6 +761,7 @@ nav: - Speech to text: - Whisper: whisper.md - Speech recognition: speech_recognition.md + - Text to speech: text_to_speech.md - Coding by Voice: coding_by_voice.md - Data Analysis: - data_analysis.md

OpenZFS

  • Correction: Replacing a disk in the pool.

    If the pool is not DEGRADED

    If you want to do operations on your pool and want to prevent it from being DEGRADED you need to attach a new disk to the server and use the replace command

    zfs replace tank0 ata-WDC_WD2003FZEX-00SRLA0_WD-xxxxxxxxxxxx /dev/sdX
    Where /dev/sdX is your temporal disk. Once the original disk is removed from the vdev you can do the operations you need.

  • New: Removing a disk from the pool.

    zpool remove tank0 sda

    This will trigger the data evacuation from the disk. Check zpool status to see when it finishes.

    Sometimes zfs won't allow you to remove a disk if it will put at risk the pool. In that case try to replace a disk in the pool as explained above.

Operating Systems

Linux

Linux Snippets

  • New: Download videos from rtve.es.

    Use descargavideos.tv (source)

  • New: Check if a domain is in a list of known disposable email domains.

    You can check in known lists 

    wget https://raw.githubusercontent.com/andreis/disposable-email-domains/master/domains.txt
grep -i homapin.com domains.txt

    Or using web services that either use the IPs (obtained by whois/dig)

    https://www.blocklist.de/en/search.html?ip=142.132.166.12&action=search&send=start+search 👍
https://www.blocklist.de/en/search.html?ip=188.166.111.252&action=search&send=start+search 👍
https://www.blocklist.de/en/search.html?ip=46.101.111.206&action=search&send=start+search 👍
https://www.blocklist.de/en/search.html?ip=116.202.9.167&action=search&send=start+search 👍
https://check.spamhaus.org/results/?query=homapin.com 👍
https://verifymail.io/domain/homapin.com 👎
https://www.ipqualityscore.com/domain-reputation/homapin.com 👎
https://quickemailverification.com/tools/disposable-email-address-detector for
  - homapin.com 👎

  • New: Mount a cdrom or dvd.

    TL;DR: The syntax is as follows for the mount command:

    mount -t iso9660 -o ro /dev/deviceName /path/to/mount/point

    Use the following command to find out the name Of DVD / CD-ROM / Writer / Blu-ray device on a Linux based system:

    lsblk

    OR use the combination of the dmesg command and grep/egrep as follow to print your CD/DVD device name. For example:

    dmesg | grep -E -i --color 'cdrom|dvd|cd/rw|writer'

    Sample outputs indicating that the /dev/sr0 is my device name:

    [    5.437164] sr0: scsi3-mmc drive: 24x/24x writer dvd-ram cd/rw xa/form2 cdda tray
[    5.437307] cdrom: Uniform CD-ROM driver Revision: 3.20

    Create a mount point, type mkdir command as follows:

    mkdir -p /mnt/cdrom

    Mount the /dev/cdrom or /dev/sr0 as follows:

    mount -t iso9660 -o ro /dev/cdrom /mnt/cdrom

Canary tokens

  • New: Introduce Canary tokens.

    Canary tokens are like motion sensors for your networks, computers and clouds. You can put them in folders, on network devices and on your phones.

    Place them where nobody should be poking around and get a clear alarm if they are accessed. They are designed to look juicy to attackers to increase the likelihood that they are opened (and they are completely free).

    Our Canarytokens are easy to sprinkle all over and forget about, until you get the notification that matters. They are super lightweight and don’t require installing software or running more background processes that can slow down your PC.

    References

    • Docs
    • Home feat(kubernetes#Move a pvc between AZ in aws): Move a pvc between AZ in aws
    set -e

if [ -z "$1" ] || [ -z "$2" ]; then
  echo "Usage: $0 <pv-name> <new-az>"
  exit 1
fi

PV_NAME=$1
NEW_AZ=$2

 Get Volume ID from PV
VOLUME_ID=$(kubectl get pv $PV_NAME -o jsonpath='{.spec.csi.volumeHandle}')
if [ -z "$VOLUME_ID" ]; then
  echo "Failed to get volume ID for PV $PV_NAME"
  exit 1
fi

PVC_NAME=$(kubectl get pv $PV_NAME -o jsonpath="{.spec.claimRef.name}")
NAMESPACE=$(kubectl get pv  $PV_NAME -o jsonpath="{.spec.claimRef.namespace}")

echo "PVC Name: $PVC_NAME"
echo "Namespace: $NAMESPACE"

echo "Found volume: $VOLUME_ID"

SNAPSHOT_ID=$(aws ec2 create-snapshot --volume-id $VOLUME_ID --description "Migration for $PV_NAME" --query 'SnapshotId' --output text)
echo "Snapshot created: $SNAPSHOT_ID"

echo "Waiting for snapshot to be ready..."
aws ec2 wait snapshot-completed --snapshot-ids $SNAPSHOT_ID
echo "Snapshot $SNAPSHOT_ID is ready"

VOLUME_TYPE=$(aws ec2 describe-volumes --volume-ids $VOLUME_ID --query 'Volumes[0].VolumeType' --output text)
NEW_VOLUME_ID=$(aws ec2 create-volume --snapshot-id $SNAPSHOT_ID --availability-zone $NEW_AZ --volume-type $VOLUME_TYPE --query 'VolumeId' --output text)
echo "New volume created: $NEW_VOLUME_ID"

echo "Waiting for new volume to be available..."
aws ec2 wait volume-available --volume-ids $NEW_VOLUME_ID
echo "New volume $NEW_VOLUME_ID is ready"

NEW_PV_NAME=${PV_NAME}-migrated
cat <<EOF > new-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: $NEW_PV_NAME
spec:
  capacity:
    storage: $(kubectl get pv $PV_NAME -o jsonpath='{.spec.capacity.storage}')
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: $(kubectl get pv $PV_NAME -o jsonpath='{.spec.storageClassName}')
  csi:
    driver: ebs.csi.aws.com
    volumeHandle: $NEW_VOLUME_ID
    fsType: ext4
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: topology.ebs.csi.aws.com/zone
          operator: In
          values:
          - $NEW_AZ
EOF

echo "New PV manifest generated: new-pv.yaml"

kubectl apply -f new-pv.yaml
echo "New PV $NEW_PV_NAME created"
kubectl get pvc $PVC_NAME -n $NAMESPACE -o yaml > ${PVC_NAME}-backup.yaml

echo "If you haven't size to 0 the statefulset, it is the time to kill the pod to rebind the PVC"

kubectl delete pvc $PVC_NAME -n $NAMESPACE
echo "Old PVC deleted"
cat <<EOF > new-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: $PVC_NAME
  namespace: $NAMESPACE
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: $(kubectl get pv $NEW_PV_NAME -o jsonpath='{.spec.capacity.storage}')
  storageClassName: $(kubectl get pv $NEW_PV_NAME -o jsonpath='{.spec.storageClassName}')
  volumeName: $NEW_PV_NAME
EOF

echo "New PVC manifest generated: new-pvc.yaml"

kubectl apply -f new-pvc.yaml
echo "New PVC $PVC_NAME created and bound to new PV"

kubectl delete pv $PV_NAME || echo "Failed to delete PV $PV_NAME, probably was not retained"
echo "Old PV $PV_NAME deleted"

echo "Deleting old volume $VOLUME_ID"
aws ec2 delete-volume --volume-id $VOLUME_ID || echo "Failed to delete volume $VOLUME_ID, probably was not retained"
echo "Old volume deleted"

echo "Deleting snapshot $SNAPSHOT_ID"
echo aws ec2 delete-snapshot --snapshot-id $SNAPSHOT_ID
echo "Snapshot deleted"

echo -e "Migration complete.\nNew PV: $NEW_PV_NAME\nNew PVC: $PVC_NAME"

Wireguard

  • New: User management.

    Wireguard's default user management is not very user friendly as it's difficult to know which key belongs to what user.

    I've been looking for WireGuard admin interface UI that is actively maintained but also isn't cloud-based and between all solutions I found wg-easy the best candidate because:

    If wg-easy doesn't work, I'd look at the next projects:

  • New: Introduce Rosenpass.

    Rosenpass is free and open-source software based on the latest research in the field of cryptography. It is intended to be used with WireGuard VPN, but can work with all software that uses pre-shared keys. It uses two cryptographic methods (Classic McEliece and Kyber) to secure systems against attacks with quantum computers.

  • New: Add awesome wireguard link.

  • New: Introduce wg-easy.

    wg-easy is the easiest way to install & manage WireGuard on any Linux hostthe easiest way to install & manage WireGuard on any Linux host

    Features:

    • All-in-one: WireGuard + Web UI.
    • Easy installation, simple to use.
    • List, create, edit, delete, enable & disable clients.
    • Show a client's QR code.
    • Download a client's configuration file.
    • Statistics for which clients are connected.
    • Tx/Rx charts for each connected client.
    • Gravatar support.
    • Automatic Light / Dark Mode
    • Multilanguage Support
    • One Time Links
    • Client Expiration
    • Prometheus metrics support
    • IPv6 support
    • CIDR support

    Installation

    With ansible

    References

Science

Artificial Intelligence

Text to speech