• A file system abstraction for HSSG

    A while ago I announced my new pet project HSSG, the hackable static site generator. The final step of generating a web site is writing the actual files to the file system of the operating system. So far this has been a messy affair where information about file paths had to be dragged through the entire chain from start to finish. This was ugly, hard to maintain and it muddied the layers of abstraction. In this post I will explain how I brought order to HSSG through a file system abstraction.

    Continue reading…

  • A new static site generator

    In January 2019 I switched the static site generator for this website from Pelican to a custom one written in GNU Guile. Most (or all?) static site generators out there have an opinion on what a website should be made of. You might have full control over the layout and content of individual pages, but not so much over how the web site itself is composed. Writing my own static site generator freed me from these constraints. Now if I want to have sub-sites and multiple blogs I can do so. However, the custom generator was suffering from the same problem: it had one specific web site composition in mind, it just happened that this time it fit my needs. That is why I have created HSSG: the Hackable Static Site Generator.

    Continue reading…

  • Fake web backend with mitmproxy

    A web application typically consists of three layers: the frontend, the backend, and some sort of database system for persistence. While developing the frontend we often need to send messages to the backend, receive some response and process that response. Faking backends in automated tests is a solved problem, but sometime we don't want to write tests, we want to wildly experiment with various inputs as we are trying out the frontend by hand. We want to intercept messages and look into what is being transmitted. In this post I will demonstrate a simple fake backend using the mitmproxy application.

    Continue reading…

  • Securing Quicklisp through mitmproxy

    Quicklisp is a popular systems manager for Common Lisp, it allows users to download, install, update and uninstall Common Lisp systems (what other language call packages, but that term already means something else in Common Lisp). However, Quicklisp has one glaring security issue: it downloads everything through HTTP. This means every time you use Quicklisp to download a system you open yourself up for a man-in-the-middle (MITM) attack. We can use a local proxy server to route all traffic to Quicklisp through HTTPS, and in this blog post I will illustrate how to achieve this using mitmproxy.

    Continue reading…