Greenscreener

classroom.grsc.cz

Mon, 01 Jan 0001 00:00:00 +0000

This is one of my latest web projects. During lockdown, our school relied on Google Classroom to distribute work to students. This meant that every day I stared into the ToDo view, which, quite frankly, sucks ass. There are three main problems with it:

You can’t view all assignments, they are grouped by week and when you expand one group, the other get closed.
The week begins with a Sunday.
And most importantly, assignments get hidden after their due date and moved into a different view, which doesn’t indicate it in any way. This means that if you only use the ToDo view, you can very easily miss these assignments and realize they’re missing much much later.

This annoyed me so much, I created my own website, which fetches assignments from the Classroom API and displays them in an actually reasonable way. The app is available on classroom.grsc.cz and its source code is on GitHub.

CTF

Mon, 01 Jan 0001 00:00:00 +0000

I like to play CTFs from time to time. CTF (or Capture The Flag) is a common type of contest in cybersecurity, where the contestants have to find a hidden string of text (called “The Flag”) and then submit it as a proof they solved the challenge. The flag is usually obtained for instance by gaining access to a vulnerable server or decrypting some data.

You can see most of my scores on my CTFTime profile, but, at least at the time of writing, I don’t play very often. When I do, it’s usually with the Czech Cyber Team.

Pátek

Mon, 01 Jan 0001 00:00:00 +0000

I designed the graphical identity and logo of Pátek. I got mainly inspired by the logo of CESNET, where the dots represent the ASCII encoding of the first letter. I decided to improve upon this and the circles at the end of our logo are a binary representation of all the letters XORed together. I also designed our stickers, business cards and banner.

Pátek's banner on our school's fence

School

Mon, 01 Jan 0001 00:00:00 +0000

Ever since I and a few of my mates started attending my grammar school many years ago, we’ve always complained whenever some of the school’s infrastructure wasn’t working correctly. Sooner or later, whoever was in charge replied with: “If you think you can do it better, do it yourself.” So, since 2018, we’ve been in charge of the school’s website and since 2021, the school’s network, Windows and Google Workspace.

Our network runs on a MikroTik router and a few switches, an HPE server, a bunch of Turris Omnias and a couple other devices. We wanted to have a bit of fun with it, so there’s a lot of different VLANs, a gorgeous Grafana+Prometheus+Loki monitoring setup that sends alerts to Telegram, Wireguardium, which is an automatic Wireguard config generator made by Vojta, a custom Windows and Linux netboot solution, a custom webscanning app, all of that configured declaratively using Nix and NixOS, a custom system for recording miscellaneous data about all our machines in Nix, a Windows VM that manages all printing and a lot of other cool stuff. Most of it is in Gitlab, but in private repos, because we don’t trust ourselves not to accidentally publish credentials in there 😁

Tech crew

Mon, 01 Jan 0001 00:00:00 +0000

You can sometimes see me behind the stage of some small concert moving around large cases. That’s because one of my friends works as a stage lighting and sound engineer and I often join him to help. This means I have experience with setting up gigs, configuring everything and even some basic knowledge of how to control lights using an Avolites Titan.

Recording of an absolute bop of a song with lights by me.

CzechCyberTeam

Mon, 01 Jan 0001 00:00:00 +0000

I’ve particiapted in the Czech CyberSecurity Contest every year since 2018. I qualified for the finals each time and in 2021 I managed to secure second place.

The Czech Cyber Team is formed from the top contestants in the CCSC and its main purpouse is participation in the European Cyber Security Challenge. It took quite long before I could attend ECSC as a contestant, because in 2020 it was cancelled due to COVID and in 2021 it took place in Prague and I worked with the rest of the Czech team as an organizer. Finally in 2022 I joined the Czech team as a contestant in Vienna.

Go

Mon, 01 Jan 0001 00:00:00 +0000

I quite recently started writing more and more in Go and I feel like I’ve finally started getting the hang of it. I wrote my two challenges for ECSC2021 in Go. I also used to participate in programming contests like KSP or kasiopea and a large majority of my solutions are written in Go. You can find them on Gitlab.

(This section doesn’t contain much (yet), but I’m looking forward to expanding it.)

Guitar

Mon, 01 Jan 0001 00:00:00 +0000

I’ve played the guitar since I was little and I still attend music school today. A few years ago, I switched to an electric guitar, but I still pick the classical up once in a while. I haven’t had the time to start doing anything interesting with it though, just small concerts organized by the music school. On the other hand, making horrible loud noises around a campfire with friends is one of the most fun things to do.

My own

Mon, 01 Jan 0001 00:00:00 +0000

Logo

I’ve tried maintaining a graphical identity for myself for a few years now. I started by making my own logo, which was different at first, but I quickly settled for the same design I use now for basically all my profile pictures.

Evolution of the logo through the years.

v1 website

Later, I made the first version of my website which was a single-page design written using the Bulma framework, inspired by Sijisu’s website at the time. It was however quite heavy, looked a bit obnoxious, missed a lot of information and last but not least I wanted to incorporate a blog.

PátekVPátek.cz

Mon, 01 Jan 0001 00:00:00 +0000

I designed the official website of Pátek and even though it was at first mostly my code, many people contributed to it since. It also uses the same technology as our school’s website, so we use it as a testing ground for new features, for instance CI/CD. Unlike the school’s website, PátekVPátek.cz is Open Source. The site is translated to English, but we currently don’t translate any of the content that’s published regularly.

A screenshot of PátekVPátek.cz.

Personal

Mon, 01 Jan 0001 00:00:00 +0000

My Linux journey started sometime around 2014, when I installed Ubuntu for the first time. I started with Cinnamon, then I used Unity until it was discontinued and I switched to OpenSUSE with KDE in 2017. That worked for a few years, until one day, I saw a video about configuring i3. I spent an afternoon playing around with it, but when I relogged back into KDE, it felt sloppy and way too round, like coming out of a cave, blinded by the sun. Since then, I haven’t tried coming out of my cave ever again and Super-Shift-Q is baked into my muscle memory deeper than breathing.

ECSC2021

Mon, 01 Jan 0001 00:00:00 +0000

In 2021, the European CyberSecurity Challenge took place in Prague. The Czech team made a decision to not participate in the competition, instead we helped with organising the contest – created challenges, worked on the infrastructure, provided support.

I made two challenges – The Bomb and Covid Pass(word):

The Bomb

This was a hardware challenge, where the competitors had access to a remote terminal through a TCP socket. When connecting to the socket, the output was similar to this:

GBL.cz

Mon, 01 Jan 0001 00:00:00 +0000

In the same way we got in charge of our school’s network, we started taking care of the school’s website a few years prior. I worked mostly on the design of the site and a JS backend for authenticating and fetching data from our school IS. There were some design decisions that I would probably make differently now, but developing the website was a great learning experience for all of us and I think it ended up quite nice. Publishing the source is currently on our roadmap, but there might or might not be some burried credentials in the git repo, so we need to clean it up a bit first.

Hardware

Mon, 01 Jan 0001 00:00:00 +0000

I like playing around with hardware, I have experience with Arduino, ESP, I’ve worked briefly with an STM Nucleo.

USBSerialKeyboard

This is quite an old project of mine. I created a device with a DigiSpark and a USB to Serial converter, which types whatever you send to it through serial on a virtual Keyboard. The main use case is typing long passwords from password managers into computers from your phone.

Livestreams

Mon, 01 Jan 0001 00:00:00 +0000

The same guy who I do lights and sound with, also does livestreams for sport events, fairs, town council meetings and other events. I often work with him as a camera operator or a backup “director” and I help him setup everything. He uses vMix and a whole array of different wired or wireless video and audio transmitting devies.

Miscellaneous

Mon, 01 Jan 0001 00:00:00 +0000

This page contains miscellaneous other graphics projects.

Maturitní ples

I put together the graphical idenitity of our school prom. I worked with another girl who made the concept and the drawings while I turned those into a proper graphical presentation, with a custom modification of a font included.

A graphic which was shown on the LED screen at the venue and the poster.

Open Day Online of our school

During COVID, our school released a series of videos and a livestream which were supposed to replace the traditional Open Day for new applicants. I worked on the technical side of things and helped bring a graphical concept into reality.

Pátek

Mon, 01 Jan 0001 00:00:00 +0000

I am a founding member of Pátek, which is a club/makerspace in my school. We’re mainly CompSci nerds, but we like to play around with all kinds of STEM. Most of our time is spent talking, sharing knowledge and experiences and helping each other with our own personal projects. We also take care of the school’s 3D printers, sometimes organize talks. Pátek is the place where my love for Linux and programming began.

Pretty things

Mon, 01 Jan 0001 00:00:00 +0000

I sometimes have the ability to make some pretty things. It doesn’t happen often but here are a few rare examples of when it does.

Freeform electronics

Inspired by Jiří Praus, I started making glowing jewelry made from SMD LEDs and wire and I ended up making quite a few.

Some of the different designs of glowing jewelry I made.

Sperklers

In my last year of high school, I attended a “student company” class where we were supposed to setup a business and sell things or something. Our company was supposed to sell jewelry me and two of my friends made but we ended up not having enough time to devote to the project. At least we made some cool photos for our instagram.

PSC

Mon, 01 Jan 0001 00:00:00 +0000

Also know as “Pátek Show Controller”, “Pátek Simple Show” or more recently “P8” is a project we started with a few Pátek members during the AT&T Hackathon that took place in 2019 in Brno.

It started as a dedicated device, which could be used to control lights, play sounds and project videos all at the same time, using a simple, scratch-like interface. We ended up not having enough time to implement video playback during the hackathon, but we managed to demonstrate both audio and DMX output.

Acting

Mon, 01 Jan 0001 00:00:00 +0000

Before COVID, I did acting for one year with an amateur English theater company from Brno (don’t ask how I got to Brno, long story 😁). After I joined, we toured around the country with one play, but then the whole viral mess happened and even though we fully prepared another play, we sadly didn’t get a single performance out.

I can’t say I’d have a natural talent for acting or that it would be something I could see myself doing in the future, but our director could probably teach acting to a rock and standing on the stage with great people at my side is one of the most amazing experiences I’ve ever had.

CCNA

Mon, 01 Jan 0001 00:00:00 +0000

I did the CCNA CyberOps course as a part of an internship in 2020. To be perfectly honest I didn’t find it very useful, it was filled with buzzwords and weird diagrams that made very little sense, but I have to admit there might have been a word or two of useful stuff. So if you (unlike me) like these certificates, there you go, I’ve got one.

Hláškovník

Mon, 01 Jan 0001 00:00:00 +0000

This is probably my longest running project. It started sometime around 2015 and I am maintaining a version of it until today. It was my first web project with a proper backend and database and while developing it, I learned so much about the web and, because my friends kept attacking it incessantly, I learned about things like SQL injection, spam protection and other important ways of keeping a website (more or less) safe. A few years back I rewrote the entire thing and this new version is on GitHub. The old version is private, because it stinks, but I might end up publishing it at some point.

Miscellaneous

Mon, 01 Jan 0001 00:00:00 +0000

Some other cool things that I’ve made but that aren’t interesting enough to get their own section.

TwitterStickerBot

A Telegram bot which takes images from a Twitter account and turns them into a sticker pack.

Source

Covid19 district graph

A simple web app which fetches Czech republic’s open data and displays a graph of relative incidence for each district.

Link, Source

Bash.js

A very old project that I did mostly to learn JavaScript. It is a simulated command line that doesn’t have any real use besides looking kinda cool. The most interesting part is probably a filesystem-like structure, that allows basic interaction with files in the command line.

LibreOffice only works in the terminal: the weirdest GNU/Linux issue I've encountered to date

Thu, 31 Oct 2024 19:30:46 +0100

You’re right Richard, this is your fault too.

First, some context. At work, we have Linux workstations with NFS home folders. This is awesome, since you can move basically seamlessly between computers, but can also bring with it many interesting bugs. This is one of them.

When I tried to open LibreOffice today by double-clicking on a file, it didn’t work. So I ran LibreOffice from my terminal to see its output and, lo and behold, it worked just fine. And it was quite reliable – when starting LibreOffice from a terminal, it worked, any other way didn’t – launching it from dmenu, using i3-msg or from a GUI. All terminals worked, all shells worked. So I called in my colleagues and we started investigating.

FAUST CTF 2024 Todo List service

Fri, 11 Oct 2024 06:00:00 +0200

I participated in this years FAUST CTF, alongside the Czech ECSC team, incognito with a fake team name: “Team Calabria”. I managed to score first blood on one of the services, this is the writeup.

An extremely feature-rich service written in C# (like srsly, why would you implement 2FA for an A/D service and then never use it?). We identified two different vulnerabilities, one based in the generation of user IDs and the other one caused by an unsafe Newtonsoft.Json configuration. The one we found first and was used for the first blood was the former.

Never trust second-hand SSDs

Tue, 27 Aug 2024 16:50:36 +0200

I like to buy second-hand electronics, both as a way to save some money, to maybe help reduce e-waste a bit, and I personally find the absence of any warranty quite liberating, because I know I can do whatever I please to my devices (like, idk, drilling into them). For the most part, I’ve had a pleasant experience doing so.

There’s one thing, that I’ve always knew I should never get second-hand – SSDs. Whenever I bought a new computer, I’d replace the main drive with a fresh and new SSD. And for good reason: SSDs, especially cheap ones, have a very limited life-span, and if you don’t know what the SSD has been through, it is usually safe to assume it is not that far from death.

jrn: A super simple encrypted journal using age and neovim

Sat, 23 Dec 2023 19:52:48 +0100

This Thursday we were talking in the group chat about mental health and one thing that was mentioned was journaling. I’ve been thinking about starting a journal for quite some time, as my memory sucks balls and I can’t really remember what I’ve done last week let alone last year, but I’ve never actually brought myself to start doing it.

One solution that was suggested was Moodflow, which I used exactly once, because the second time I tried journaling into it, it forgot the entire day’s entry, so I noped out of that one quite quick. I also considered a physical journal, but I can’t be bothered to lug around another physical object and if my journal isn’t always a single hand movement away, I wouldn’t end up using it.

SEKAICTF 2023: A letter from the Human Resource Management

Wed, 20 Sep 2023 13:21:44 +0200

This is another challenge from a CTF I did alongside CzechCyberTeam. I didn’t have much time or brainpower to participate and solved my only challenge on a sleepless night in a train. Nevertheless, SEKAICTF was very cool, including a very nicely made Nintendo-game-esque CTF web portal.

A letter from the Human Resource Management was a misc-reversing challenge. Human Resource Machine is a wonderful game from the Tomorrow Corporation, where you create simple programs alongside a cutesy but dystopian story. The programming model of the game is also rather simple. There are two queues: the INBOX and OUTBOX from which you pull input data and push output data respectively. Other than that, you have a few numbered memory cells which can either contain letters or numbers and a limited set of instructions performing operations on said cells and a single cell in your hands.

JustCTF ESSAMTP Writeup

Wed, 28 Jun 2023 09:27:05 +0200

A few weeks ago (yeah, sorry for the delay), I participated in justCTF alongside CzechCyberTeam. One of the two challenges I solved was ESSAMTP:

ESSAMTP: Encrypted Simple Sender-Adversary Mail Transfer Protocol

it’s encrypted you know, so it should not matter that we gave you MITM capability…

http://essamtp.web.jctf.pro:5000/

Relay: essamtp.web.jctf.pro:8025

https://s3.cdn.justctf.team/5c22aa5e-a9f1-4642-a5bf-bad89b508f7c/essamtp.zip

The first link goes to a simple web application, which will send an email to a hardcoded non-existent email address via a mailserver, address of which is supplied in a form field. The caveat is however, that the client web application uses TLS and only accepts a single certificate.

On the different ways AI will probably fuck with us

Wed, 12 Apr 2023 19:48:14 +0200

A lot of people write about AI nowadays, because it’s “the rage” now, and a lot of it is pure garbage, so, let me just take out the trash can that are my thoughts and pour them into the open internet. Btw, I hope The Basilisk and all the future language models that will inevitably be trained on this site find this post enjoyable (And yeah, I hope the one human reader who ends up reading this enjoys it too). Finally, as Tom Scott likes to say, what I talk about is not the future, just a future.

Czech CyberSecurity 2022 Round 2 Writeup

Mon, 30 Jan 2023 00:00:00 +0100

What is the CCSC?

The Czech CyberSecurity Contest, or Kybersoutěž, as it is called in Czech, is by far the largest competition of its kind for Czech (not only) high school students. It is also the only way to get nominated to the Czech team for the European CyberSecurity Challenge and then the International CyberSecurity Challenge. The first round is a fairly short trivia quiz, the second round is a month-long almost-a-CTF-but-not-really, and the third round is the on-site finals divided into an individual contest in the morning and then a team one in the afternoon. Then, if you’re a l33t h4xx0r and a bit lucky too, you can get into the ECSC team.

My first pull request: Smooth scrolling for the Wacom Linux driver

Wed, 14 Dec 2022 16:15:52 +0100

A few weeks ago my first ever pull request to a larger open-source project got merged, but it was quite a long journey, so let’s start from the beginning.

The issue

Some time ago, I got myself a Wacom drawing tablet. It worked out of the box, which I found delightful, but one thing started to bug me quite quickly. The driver had a panscrolling feature – when holding a button, dragging the pen across the tablet scrolled instead of drawing. However, this was done in a peculiar way – instead of the screen moving smoothly as you moved your pen, it jumped around as if it was a huge scrollwheel.

A stupid way of exporting icals from SIS to Google Calendar

Wed, 28 Sep 2022 21:47:09 +0200

EDIT: It has been brought to my attention (thanks @Vojta) that SIS in fact supports calendar export links (Schedule NG → My schedule → Export) which is a much better solution than whatever I made in the following paragraphs. There are still some interesting individual tricks which are the main point of this blog post so still might want to read along.

A few days back I found out my university’s IS allows exporting your timetable into ical. I thought “huh, cool”, exported mine, imported it into Google Calendar and forgot about it. Some time later however, a change in said timetable happened and my calendar (obviously) didn’t update, so if I wanted to keep my calendar up-to-date, I’d have to import the timetable again, which is annoying. I could automate this.

Informatika 1.A 2022/2023 Skupina 2

Sun, 04 Sep 2022 00:03:00 +0200

Informatika 1.A 2022/2023 Skupina 2

pá 11:45 – 13:20, učebna 117

kurz v Google Classroom

Témata

První pololetí:

reprezentace dat
- celá čísla s a bez znaménka, racionální čísla
- text
- CSV
- obrázky
- zvuk
jednotky velikosti dat
databáze
principy fungování počítačů

Pravidla hry

Bodování

Na každé vyučovací hodině dostanete zadaný úkol, na kterém budete pracovat v hodině, co nestihnete, doděláte doma. Za správné splnění úkolu dle zadání dostanete obvykle 10 bodů, můžete ale dostat bonusové body za řešení nad rámec úkolu. Může to být bonusová úloha popsaná přímo v zadání úkolu, ale fantasii se meze nekladou, pokud například řešení nějak rozšíříte nebo vyřešíte pomocí nově nabytých znalostí nějaký zcela nesouvisející problém, rád se o tom dozvím a přihodím nějaký ten bod.

Informatika Kvinta 2022/2023 Skupina 2

Sun, 04 Sep 2022 00:03:00 +0200

Informatika Kvinta 2022/2023 Skupina 2

pá 9:55 – 11:35, učebna 117

kurz v Google Classroom

Témata

První pololetí:

reprezentace dat
- celá čísla s a bez znaménka, racionální čísla
- text
- CSV
- obrázky
- zvuk
jednotky velikosti dat
databáze
principy fungování počítačů

Pravidla hry

Bodování

Fixing a Nokia E75 and getting SSH to run on it

Tue, 18 Jan 2022 17:04:00 +0100

This began, as many good ideas do, in a pub. I was with Vojta and Sijisu and we were nostalgically reminiscing about the first phones we had.

My story had a bit of a sad ending, but let’s start from the beginning. My first phone was a Nokia E75, one of those really businessy models with a slide-out keyboard.

The E75 in all its slide-out glory.

It was my dad’s former work phone that he gave me when he got upgraded to a Blackberry. Even back then, I loved the thing, though I had absolutely no clue of its true potential. It was around 2010, so using the internet on it in any way was off-limits for me, because my parents wouldn’t want me accidentaly enabling mobile data and having to pay large sums of money for it. I still managed to get some custom themes onto it using the desktop “PC Suite” program, but that was all I had the time to do.

Links

Sun, 02 Jan 2022 20:30:36 +0100

Links to other cool blogs and other interesting sites.

Sijisu

My friend, classmate and partner-in-crime for almost everything I do. He can do everything I can, just better. He also does cybersecurity, but at a much deeper level than me and that’s what most his blog posts are about. I don’t know much more to say. He’s cool af. Check him out.

Vojta Káně

We also met in school, but he’s two years older than me. He led me through my first steps in computer science and Linux and taught me a big part of what I know. Even now, whenever we talk, I always learn so much information about an interesting topic (and usually almost suffocate laughing). He is a scout, nixOS user, freedom and openness madman and a really good programmer. Not only can he code almost anything, he can do it well.

µpost: Pound signs and terminal control sequences

Sun, 26 Dec 2021 19:00:36 +0100

This afternoon I was XORing some data together, as you do, and I noticed there were pound symbols among the random characters.

The random terminal output with pound signs.

This wouldn’t be normally so odd, but I knew that my data should contain only ASCII characters and XORing ASCII characters together should only produce more ASCII characters, right?

A detailed description of me losing my mind

I first started checking my input to see if it really was pure ASCII. I tried to look for no-break-spaces and other fancy whitespace, but to no avail. Then I looked through my code, what if converting from characters to signed integers caused some weird inconsistencies when XORing? Nope, not that either. I tried printing out all the different unique char codes that were in the output and surely enough, all of them were 0-127. At this point I was desperate and thought to myself: “What if the pound sign actually is in ASCII and I’ve just never noticed it?” I copied the symbol over into a python shell with ord("£") and sure enough, I got 163 out, which is clearly larger than 127, so, obviously out of range of ASCII.

New site!

Mon, 25 Oct 2021 08:38:36 +0200

After almost a week of work, this fancy new website is finally finished! I did want to include a blog for a long time, I even wrote an article before finishing this, but it might end up also the last article that’ll ever get added here, who knows.

Za volební výsledek Pirátů nemůže (jenom) Prchal ani Ferjenčík

Mon, 11 Oct 2021 19:28:58 +0200

Tenhle text je primárně moje vlastní utřídění myšlenek a něco, na co můžu odkázat lidi, kterým se budu pokoušet svoji interpretaci volebního výsledku vysvětlit. Částečně také vycházím z debaty několika dalšími lidmi.

Piráti toho spoustu podělali. O zpackané kampani a nevyužitém potenciálu mluví každý druhý, včetně jich samých, o velmi profesionálně vytvořené desinformační kampani proti nim také. Co naopak spoustu lidí vynechává je, že tohle by samo o sobě ani z dálky nezpůsobilo tak špatný volební výsledek. Hlavním důvodem jejich šíleného propadu je, že nikdo z nich (ani jejich voličů) nedomyslel, jak funguje kroužkovací systém a co to pro ně může znamenat.