My Github: Why the emptiness?

I recently got an ask: why is my github relatively empty? I’ve worked on a lot of fun stuff, and I seemingly fork a lot of things that end up sitting there. Well the easy answer is to say that most of my work is in private repos / gitlabs. But that doesn’t cover every case.

To start, I had a lot of repos on my public github that were made, and had basically nothing done. These are usually when we have an idea amongst a group of friends and in the early stage I’d throw up a repo to have it. They’d get invited and most of the time things fizzled out. Other projects to work on, or the idea just wasn’t there. But it acted kind of as an anchor to remember the project and toss things if we actually did anything.

But why the forks with no new commits?

The majority of it has to do with the nature of my consulting job. I have shop rights for some things, but not for all. Any time I need to tweak a project to make it work for whatever I’m doing, I typically try to fork it first. That way if I am allowed to push whatever it is back upstream, or want to, I can. More often than not I can’t. Either the code is disgusting and barely functional because I had to write it on the fly, or it would somehow get murky legal waters between client and employer. Often they’re one-offs to do something that’s already an edge case, and often not valuable to upstream devs as they’d also become responsible for maintaining it if I pushed it. I like to write most of my code like I assume the next guy is a homicidal psychopath that knows where I live. However, in practice this is not always feasible due to time constraints. For example this project I bashed out in about 4-5 hours of panic after I was asked to save a botched project at the last minute: )

That’s an example of when I had more time than a lot of the tweaks and scripts I’ve used. I also made a config script and the README for that before I pushed it, as originally the client-specific secret was hard coded. That’s a project that I made for an edge case, but actually was usable outside my specific needs. In my work however, I’m more often trying to make tools work in client-specific cases, where either the need doesn’t exist outside their network or I’d be giving too much away by sharing it.

So most of the code sits, or gets scrubbed. I have a lot of personal projects on private repos still I’ve been mulling the release of.

Lavabit Disconnection

(Updated 2020-02-09 2418 UTC; see bottom)

This is a post I was wondering if I’d ever have to write; the time when I have to disconnect a customer ungracefully.

Earlier this week a spammer cropped up on Lavabit. This would have been a routine situation, except I haven’t had contact with Lavabit through support, abuse, or Ladar in quite some time. There is an SLA requirement per the peering Acceptable Use Policy (AUP), in this case 72 hours, to resolve spam issues. There are many ways to resolve it (locking malicious accounts, resetting passwords for compromised users, better filters). However, without any support contact, and the proprietor incommunicado, I faced a difficult decision.

If I do not disconnect a customer who causes an AUP problem, then Hacking & Coffee assumes the liability on our entire allocation with our BGP peers. I can’t risk the other customers, and general operations, when a situation like this arises.

With Ladar in an unknown status, and no other valid contact points for technical and AUP issues, the decision was made to disconnect the service when the 72 hour window expired.

I hope that the contacts turn back up, and I can turn back on the IP range but even after the disconnect I still have nothing but silence quite some time later (13 hours as of this writing; for comparison a router reboot would get an incident RFI within 30min at any time of day).

As not just the hosting provider, but also as a fellow Lavabit user, I sincerely apologize to all the users of Lavabit for this situation. Having done code review and other contributions to the project since it started to spin back up post-Snowden, I feel like a project I cared about just vanished. I haven’t been involved outside of hosting them under my business for some time, primarily due to other commitments, but I had always wanted the project to flourish and launch the DIME protocol clients.

In the event communication is not re-established with the Lavabit contacts, I’m not sure how to proceed with the user data. Typically when a customer moves out I simply shred the drives and recycle the machines, however in this situation I hope data distribution may be possible. The machines are still running, so if the best happens I can simply reactivate the IP allocation. However, I have started planning for the worst given my current lack of information from Lavabit staff.



Proprietor for Hacking & Coffee, LLC


Update: Contact!

Contact was finally made with Ladar and work is being done to restore service.