Welcome đź‘‹

I’m subract. This is my place to share what I’m learning and working on, mostly in my homelab.

Want to chat? Drop me a line via email (self@<this domain>) or Matrix.

False security: Dashy's client-side authentication

Update 3/28: The devs have announced that the auth system is to be deprecated. See details below. About a month ago, I went looking for a dashboard for my homelab—something to help visualize the services I run. I found Dashy, a popular (14.6k GitHub stars) dashboard designed for self-hosters. I deployed it and started configuring it, but noticed that something about its authentication felt off. I started digging and quickly found its security to be borderline useless, permitting unauthenticated reads and writes of its configuration....

March 27, 2024 Â· 10 min Â· subract

Three ways to break your back(ups)

tl;dr: Don’t put yourself in a position where you ignore alerts. Don’t update your software without reading release notes. And especially don’t make assumptions about error handling in bash scripts! I recently discovered a failing backup that, upon deeper investigation, turned out to be a chain of three failures. I’ll explore how it happened, why it went on for far longer than I initially thought, and what fixes I identified....

July 22, 2023 Â· 8 min Â· subract