About

Meeting i3wm: A Choice for Productivity The i3 window manager (i3wm) is a tiling window manager focused on efficiency and productivity. It was first developed in 2009 by German developer Michael Stapelberg to overcome the limitations of the existing wmii window manager. The name “i3” stands for “improved tiling wm”. Written in C with approximately 10,000 lines of concise code, i3 provides lightweight yet powerful functionality. It has gained significant popularity among developers, system administrators, and power users who prefer keyboard-only workflows with minimal mouse usage. It shows particularly high adoption rates among Arch Linux, Gentoo, and NixOS users. ...

ZRAM Concept and Principles ZRAM (formerly known as compcache) is a memory compression technology provided by the Linux kernel that creates a virtual block device by compressing a portion of RAM. This technology was first developed by Nitin Gupta in 2009 and officially integrated into the Linux kernel from version 3.14. It has been widely used ever since. The core idea of ZRAM is to utilize compressed RAM as swap space instead of disk-based swap, effectively reducing memory usage without the overhead of disk I/O operations. This approach significantly improves system performance, especially in memory-constrained environments. ...

Background and History of NAT NAT (Network Address Translation) is a core technology that translates between private and public IP addresses in network communications. It emerged in the mid-1990s to address the IPv4 address depletion problem and was first standardized through the IETF’s RFC 1631 document in 1994, later revised as RFC 2663 in 1999 to take its current form. The original internet design assumed all devices would have unique public IP addresses, but rapid internet expansion from the late 1980s led to the quick depletion of the 32-bit IPv4 address space (approximately 4.3 billion addresses). NAT was developed as a short-term solution to this problem and has become an essential technology forming the foundation of global network infrastructure. NAT is widely used in everything from home routers to large-scale corporate networks, cloud infrastructure, and mobile communication networks, and even with IPv6 transition underway, it continues to play an important role for legacy system support and security purposes. ...

What is ARP Spoofing? ARP Spoofing is a network attack technique that exploits structural vulnerabilities in the ARP (Address Resolution Protocol), which was standardized through RFC 826 by the IETF in 1982. The attacker sends falsified ARP messages to the network to manipulate the victim’s ARP cache table and intercept or modify normal communication flows. This attack is a form of Man-in-the-Middle (MITM) attack. It is possible because the ARP protocol prioritized efficiency over security during its design phase and did not include authentication or integrity verification mechanisms. ...

The Need for Changing MAC Address MAC address (Media Access Control address) is a unique physical address that identifies network devices. It is permanently assigned to the Network Interface Card (NIC) during manufacturing and is designed to remain unchanged. However, there are situations where you may need to temporarily or permanently change your MAC address for reasons such as security, privacy protection, bypassing network access controls, or setting up test environments. This is particularly useful when using public Wi-Fi or when you want to prevent network tracking. Most Linux distributions, including Ubuntu, provide the ability to change MAC addresses through software. This post explores how to safely and effectively change MAC addresses in Ubuntu. ...

What is a Reverse Shell? A reverse shell is an attack technique that reverses the direction of typical remote access connections. The compromised target system initiates a connection to the attacker’s system, allowing the attacker to access the target’s shell. This remote command execution mechanism exploits a fundamental characteristic of modern network security architectures. Most networks implement “block inbound, allow outbound” firewall policies, and reverse shells bypass this by having the target initiate the connection. This enables attackers to access systems behind restrictive network environments, NAT configurations, and corporate firewalls. ...

Overview In the previous post, we built an Internal Developer Platform (IDP) using Helm chart-based project templates and ArgoCD ApplicationSet. This post covers how to install Prometheus and Grafana to collect and visualize metrics, and install Loki to centrally collect and analyze logs, building an integrated monitoring environment for the homelab Kubernetes cluster. The Need for Monitoring When operating a homelab Kubernetes cluster, you need to periodically check node and pod status, resource usage like CPU and memory, whether applications are operating normally, and log data for identifying causes when problems occur. To visually monitor this information, the following tools are used. ...

Overview In the previous post, we installed Harbor container registry, Argo Events, and Argo Workflows as the foundation for a CI/CD pipeline. This post covers integrating these components with ArgoCD and designing Helm chart-based project templates to build an Internal Developer Platform (IDP) that enables deployment of projects with complete CI/CD pipelines from a single YAML file. What is an Internal Developer Platform What is an Internal Developer Platform (IDP)? ...

Overview In the previous post, we installed HashiCorp Vault to build a secure secrets management system. This post covers installing and configuring three core components needed to build a CI/CD pipeline: Harbor container registry, Argo Events, and Argo Workflows. CI/CD System Components Building a complete CI/CD pipeline in a homelab environment requires the following core components: Container Registry: A central repository for storing and distributing built container images, enabling self-management of images without depending on public registries like Docker Hub. Event Processing System: Responsible for detecting various events such as code changes in Git repositories and webhook receipts, and triggering subsequent tasks in response. Workflow Engine: An engine for defining and executing actual CI/CD tasks such as code building, test execution, and container image creation. GitOps Deployment System: A system that automatically synchronizes the desired state defined in Git repositories to the cluster. ArgoCD, installed in a previous series post, handles this role. In this post, we implement the container registry, event processing system, and workflow engine using Harbor, Argo Events, and Argo Workflows respectively. In the next post, we integrate these with ArgoCD to complete a full CI/CD pipeline. ...

Overview In the previous post, we configured DDNS and port forwarding to enable external internet access to homelab Kubernetes cluster services. This post covers how to install and configure HashiCorp Vault to securely manage sensitive information like passwords, API keys, and certificates in the Kubernetes cluster. Limitations of Default Kubernetes Secrets Secret management was the biggest challenge while building the homelab environment using GitOps methodology. Several limitations became clear when using default Kubernetes Secrets. ...