HiPhish's Workshop

Securing Quicklisp through mitmproxy
published: 2022-03-19
Quicklisp is a popular systems manager for Common Lisp, it allows users to download, install, update and uninstall Common Lisp systems (what other language call packages, but that term already means something else in Common Lisp). However, Quicklisp has one glaring security issue: it downloads everything through HTTP. This means every time you use Quicklisp to download a system you open yourself up for a man-in-the-middle (MITM) attack. We can use a local proxy server to route all traffic to Quicklisp through HTTPS, and in this blog post I will illustrate how to achieve this using mitmproxy.
Continue reading…
A pipe operator for Lua
published: 2021-02-15
modified: 2021-03-07
I have recently been getting into Elixir, and one nice feature it has is the pipe operator. It allows us to express a pipeline of function through which an object will be dragged. This got me thinking: with how flexible Lua is, would it be possible to add something similar to Lua as well?
Continue reading…
Spreading tables in Lua
published: 2020-12-31
modified: 2021-01-02
Javascript has a spreading operator which lets us splice the contents of an object or array into another object or array. This makes it very easy to create an object based on another object and override or add entries. Since Lua and Javascript are quite similar, wouldn't it be nice to have this operator in Lua as well? Lua is a minimal language, so adding a new operator seems unlikely, but Lua is also very flexible, and we can add a spreading function instead.
Continue reading…
Making LuaRocks (partially) compliant with the XDG Base Directory specification
published: 2020-12-29
LuaRocks is a community-driven package manager for the Lua programming language. LuaRocks packages can be installed globally or in the user's home directory, but sadly LuaRocks does not follow the XDG Base Directory specification. However, with a few lines of Lua code we can fix this shortcoming partially at least.
Continue reading…
Making SBCL compliant with the XDG Base Directory specification
published: 2020-12-28
The war on dotfiles continues, this time with SBCL. Let's see how we can make it comply with the XDG Base Directory specification.
Continue reading…
Making Bash compliant with the XDG Base Directory specification
published: 2020-12-27
GNU Bash does not comply with the XDG Base Directory specification, it uses the classical dotfiles approach where it just dumps all its files into the home directory. It does not even have the courtesy of putting all its files in one common ~/.bash directory. Fortunately we can coerce Bash into compliance with a bit of effort.
Continue reading…
A Guix daemon for runit
published: 2020-11-20
I use GNU Guix as a secondary package manager on my system. Previously I have been running Kubuntu, which uses systemd as its init system, but I have since switched to Void, which uses runit. Guix comes with services for systemd and Upstart included, but not for runit. Let's find out how to create a runit service from scratch.
Continue reading…
Macho, the man command on steroids
published: 2020-05-31
The Unix man command can open a manual page if you know its name, and the apropos command can search through the manuals if you are looking for a specific word. Let's put the two to work together into a command I like to call macho: the man command on steroids.
Continue reading…
How I manage SSH connections
published: 2020-05-23
I have a number of machines I need to connect to via the secure shell (SSH), and typing in the IP address or host name by hand every time get tedious very quickly. I could use an application for that, but that's bloat. Let's instead see how we can leverage small universal tools to build an elegant solution of our own instead.
Continue reading…
Implementing MsgPack.rkt, part 3
published: 2019-02-15
In the previous article we have seen how to pack an object, this time we will see how to unpack it again on the receiving end.
Continue reading…