grepular.com

Development AI vs Runtime AI

2026-04-10T17:31:32Z

I have a Tesla Powerwall (bought before Elon completely lost the plot and started openly supporting and funding far right, populist, shit stains, across the World). I received an update for the Tesla app on my phone today, which came with a new, "Home Status," summary option. When you request it, after a few seconds, it gives you a human readable summary of the status of your solar + battery situation. I'm guessing it would also talk about Tesla car charge status if I had one.

Support my work: PayPal Patreon Bitcoin

Protecting Your Host from Malicious Dependencies

2026-04-01T20:26:20Z

This isn't limited to NodeJS, but it seems to happen a lot more frequently in that ecosystem. A commonly used dependency gets compromised, developers install it when doing an npm install, or updating packages, and they now have a trojan running on their host. A trojan that gives the attacker access to run arbitrary code, e.g keyloggers to steal passwords as they are entered, theft of bitcoin wallets and ssh keys etc.

The latest widely publicised version of this is in the Axios node library, which prompted me to write this blog post.

Support my work: PayPal Patreon Bitcoin

Stadia Maps Privacy Fail

2026-03-20T23:21:13Z

This is a tale as old as email, but it made me laugh so I thought I'd share it. I have an account with https://stadiamaps.com. I don't even remember setting it up, so it's certainly not something I've used in a long time.

Anyway, I received an email from them today:

Support my work: PayPal Patreon Bitcoin

Cert Authorities Check for DNSSEC From Today

2026-03-15T09:00:00Z

About 14 years ago I set up DNSSEC. I've been running it on all of my domains ever since, without issue. First using bind9 and then later using PowerDNS.

From today, all Certificate Authorities (CAs) must validate DNSSEC when a domain has it enabled.

Support my work: PayPal Patreon Bitcoin

Website Testing on Steroids

2026-03-08T18:58:25Z

In a recent post, here I spoke briefly about how I use browser tests to test this website. This has come a long way since I wrote that post so I thought I would detail exactly what I'm doing and why.

I wanted to be able to confidently change CSS and JavaScript and templates and code on this website without breaking anything. I wanted to be able to detect regressions due to code changes, or just the simple passage of time (e.g broken external links).

Support my work: PayPal Patreon Bitcoin

ParseMail

2026-02-22T15:37:00Z

I have a project that I first started building over 10 years ago and it occurred to me recently that I have never blogged about it. It is a website called ParseMail. I have been running email systems personally, and at different points during my career, for going on 25 years now. I built ParseMail, because I wanted to be able to view email content differently. Email clients hide a lot of information, and viewing emails in mail queues using tools like cat and vim and less isn't that useful when you're staring at a blob of quoted-printable encoded HTML.

Before I describe what ParseMail does, one of the things I'm proud about is how easy it is to run a local copy. You don't need to trust my website with your data at all. Just run docker run --rm -p 8000:8000 grepular/parsemail and you'll find a full local copy of the website running (minus language translation) at http://127.0.0.1:8000. It is released under the GPL-3.0 and you'll find the source at https://gitlab.com/grepular/parsemail. If you don't trust my docker image build, then clone the repo, read the source code (it's a simple Python Django app), and then run docker build -t parsemail ./ If you want to enable language translation of email content, you'll just need to pass in an environment variable specifying where it should store downloaded language models inside the container. E.g: -e TRANSLATE_MODELS_DIR=/tmp/translation-models. It will download and cache different models from Argos Translate on demand, for entirely local language translation.

Support my work: PayPal Patreon Bitcoin

New Website, New Technology

2026-02-18T22:12:00Z

If you come here occasionally, you may have noticed that the style of my website has changed completely. I've built a new website using Go. The old website was a bloated custom Node.js app that was probably full of keyloggers and bitcoin stealers. It was also difficult to work on, and stored blog posts in MongoDB webscale!.

This one keeps all of my blog posts in markdown files, making it much easier to write and edit. You will even see a "View as raw markdown" link at the top of each blog post. Hopefully this will give me a little more impetus to post on a regular basis.

Support my work: PayPal Patreon Bitcoin

Apple's "Protect Mail Activity" Doesn't Work

2026-01-19T21:37:05Z

If you have an iPhone, in the settings for the Mail app, there is a "Privacy Protection" section, and inside that it has a "Protect Mail Activity" option. This does not work as advertised and actively worsens your privacy. I told Apple about this early 2025. They discarded the bug, said it works as expected and closed the case.

It's described here. Basically, they claim that when this option is turned on, they hide your IP by loading remote content via their proxy (true), and also the following:

Support my work: PayPal Patreon Bitcoin

Immortal SSH Sessions

2025-08-01T10:57:43Z

For years now, I've been using a combination of mosh and screen to make my ssh sessions immortal. Here's how, and why:

On your server:

Support my work: PayPal Patreon Bitcoin

Fun with Gzip Bombs and Email Clients

2025-07-22T17:59:55Z

Gzip/Zip bombs have been a thing for decades. Lets create a 10MB gzip file which decompresses to 10GB:

dd if=/dev/zero bs=1G count=10 | gzip > 10gb.gz

This is called a Gzip bomb, because when it is decompressed, it blows up to a much larger size (~1000 larger). Add it your website document root and configure Nginx to serve it up as an image, with gzip Content-Encoding:

Support my work: PayPal Patreon Bitcoin