In my spare time, I often do some experiments, try to bring some ideas to life, or contribute to existing projects (some of them my own, others from other people). Not all of them see the light of day, but each one of them is a step in my learning process and solidifies my skills in different areas. Below, you can find some examples:
Projects
Hawkpost
Using GPG is not an easy task for many non-tech-savvy users. This frequently leads to people sharing credentials and secrets through insecure channels, such as email, and leaving them there in plain text. Hawkpost was developed a few years ago to address that issue when very few alternatives existed.
The tool helps in situations where you want to receive certain information securely. You just need to generate a link, share it, and then anything submitted on that URL is automatically encrypted (in the sender’s browser) and forwarded to your email.
Source: https://github.com/whitesmith/hawkpost
URL: https://hawkpost.co
Kinspect
Small web-based tool that parses PGP keys and displays their details. I built it because I regularly need to inspect different keys that are shared with me and don’t want to load them into my “keyring” just to look at one or two details.
More info can be found in this blog post.
Source: https://github.com/dethos/kinspect
URL: https://kinspect.ovalerio.net
Worker-planet
RSS aggregator that builds a single web page and feed from multiple RSS sources. It can be used to easily build community pages based on the content produced by its members and published on their blogs/platforms.
A more detailed description can be found here. This project was awarded a swag box from the CF developer challenge.
I use it to run InfoSec Planet.
Source: https://github.com/dethos/worker-planet
Worker-ddns
Small DDNS system that makes use of Cloudflare’s APIs and Workers. The main idea was to use workers to overcome the lack of granularity in the permissions one can set for API tokens.
A more detailed description can be found here.
Source: https://github.com/dethos/worker-ddns
Small Experiments
Clipboard-watcher
This little project was built to understand if it was possible to monitor what applications are accessing the clipboard on Linux. Currently, it only works with X11.
For more details about how it works and why it was built, I suggest taking a look at the original post: “Who keeps an eye on clipboard access?”.
A follow-up article, aimed at providing more control to the user, can be found here.
Source code: https://github.com/dethos/clipboard-watcher
Webhook Logger
This tool was developed as a small experiment for a blog post about working with “web sockets” on a Django project. Overall, it provided quick and useful functionality, so I kept it online for almost 4 years.
However, when Heroku announced the end of their free tier, I decided it was time to shut it down. The source is available on GitHub.
Source: https://github.com/dethos/webhook_logger
InlineHashes
Building and maintaining a secure Content-Security-Policy for a website where you don’t control the development or when the used tools insist on inserting all kinds of content inline can be a tedious job.
To help with that task, I built a tool that can extract all the hashes from the HTML content so they can be included in the CSP.
URL: https://pypi.org/project/inlinehashes/
Source: https://github.com/dethos/inlinehashes
Bundlr’s Opera extension
When I was an Opera user, some web services that I used didn’t have an official extension to this browser, which made me waste screen space to add that functionality using bookmarklets.
Bundlr, a service that was shut down a long time ago, was one of them. So, I built an extension that used their bookmarklet. It was later the foundation for their official one.
Note: This project is no longer available
URL: https://blog.ovalerio.net/archives/46
Other Contributions
Soundy
This project, which was shut down some time ago, was intended to be a giant repository of short sounds (no more than a few seconds). These sounds could be used as reactions in online conversations or for any other purpose where Gifs are also used nowadays. To put it simply, it’s Giphy but for sounds.
It was interesting because it provided a whole new level of expression, especially during voice calls on Discord.
I was part of the team on the initial days, but later I retired from the project.
neo-python
Through my exploration of the cryptocurrency and blockchain world, I ended up working a bit with the NEO blockchain and developing some smart-contracts on that platform. For that purpose, I used the neo-python project and while working with it, I found some serious security-related bugs and provided patches to solve them.
Repository: https://github.com/CityOfZion/neo-python