About

Meeting i3wm: A Choice for Productivity The i3 window manager (i3wm) is a tiling window manager focused on efficiency and productivity. It was first developed in 2009 by German developer Michael Stapelberg to address the limitations of the wmii window manager. The name “i3” stands for “improved tiling wm.” Written in C with roughly 10,000 lines of concise code, i3 is lightweight while still offering powerful functionality. It has become popular among developers, system administrators, and power users who prefer keyboard-driven workflows with minimal mouse use. It is especially common among users of distributions such as Arch Linux, Gentoo, and NixOS. ...

ZRAM Concept and Principles ZRAM (formerly known as compcache) is a memory compression technology provided by the Linux kernel that creates a virtual block device by compressing a portion of RAM. This technology was first developed by Nitin Gupta in 2009 and officially integrated into the Linux kernel from version 3.14. It has been widely used ever since. The core idea of ZRAM is to utilize compressed RAM as swap space instead of disk-based swap, effectively reducing memory usage without the overhead of disk I/O operations. This approach significantly improves system performance, especially in memory-constrained environments. ...

Background and History of NAT NAT (Network Address Translation) is a core technology that translates between private and public IP addresses in network communications. It emerged in the mid-1990s as a response to IPv4 address depletion. The first standard appeared in RFC 1631 in 1994, and RFC 2663 revised the concept into its current form in 1999. The early internet assumed that every device would have a unique public IP address, but rapid growth from the late 1980s quickly exhausted the 32-bit IPv4 address space of about 4.3 billion addresses. Although NAT began as a short-term workaround, it became a foundational part of global network infrastructure. It is now used everywhere from home routers to large corporate networks, cloud infrastructure, and mobile communication networks. Even as IPv6 adoption continues, NAT still plays an important role in legacy system support and security. ...

What is ARP Spoofing? ARP Spoofing is a network attack technique that exploits structural vulnerabilities in the ARP (Address Resolution Protocol), which was standardized through RFC 826 by the IETF in 1982. The attacker sends falsified ARP messages to the network to manipulate the victim’s ARP cache table and intercept or modify normal communication flows. This attack is a form of Man-in-the-Middle (MITM) attack. It is possible because the ARP protocol prioritized efficiency over security during its design phase and did not include authentication or integrity verification mechanisms. ...

The Need for Changing MAC Address A MAC address (Media Access Control address) is a unique hardware address that identifies a network device. It is assigned to the Network Interface Card (NIC) during manufacturing, but it can still be changed through software when needed. This can be useful for privacy, security, bypassing network access controls, or setting up test environments. It is especially helpful on public Wi-Fi or when you want to reduce network tracking. Most Linux distributions, including Ubuntu, let you change MAC addresses through software. This post explains how to do it safely and effectively in Ubuntu. ...

What is a Reverse Shell? A reverse shell is an attack technique that reverses the direction of typical remote access connections. The compromised target system initiates a connection to the attacker’s system, allowing the attacker to access the target’s shell. This remote command execution mechanism exploits a fundamental characteristic of modern network security architectures. Most networks implement “block inbound, allow outbound” firewall policies, and reverse shells bypass this by having the target initiate the connection. This enables attackers to access systems behind restrictive network environments, NAT configurations, and corporate firewalls. ...

Overview In the previous post, I pulled together the overall IDP structure using Helm chart-based project templates and ArgoCD ApplicationSet. This post covers how I added Prometheus and Grafana for metrics, plus Loki for centralized log collection and analysis. Together, they form the monitoring stack for the homelab Kubernetes cluster. The Need for Monitoring When operating a homelab Kubernetes cluster, I need to keep an eye on node and pod status, resource usage such as CPU and memory, whether applications are behaving normally, and the logs that help explain failures. For that, I used the following tools. ...

Overview In the previous post, I set up Harbor container registry, Argo Events, and Argo Workflows as the foundation of the IDP. This post covers integrating those components with ArgoCD and designing Helm chart-based project templates to turn them into an Internal Developer Platform (IDP) that can deploy projects from a single YAML file. What Is an Internal Developer Platform? What is an Internal Developer Platform (IDP)? ...

Overview In the previous post, we installed HashiCorp Vault to build a secure secrets management system. This post covers the foundational pieces I set up before the internal developer platform itself: Harbor container registry, Argo Events, and Argo Workflows. Foundation Components for the IDP For the IDP I had in mind, I first needed the following core components: Container Registry: A central repository for storing and distributing built container images, enabling self-management of images without depending on public registries like Docker Hub. Event Processing System: Responsible for detecting various events such as code changes in Git repositories and webhook receipts, and triggering subsequent tasks in response. Workflow Engine: An engine for defining and executing actual CI/CD tasks such as code building, test execution, and container image creation. GitOps Deployment System: A system that automatically synchronizes the desired state defined in Git repositories to the cluster. ArgoCD, which was installed in an earlier post in this series, handles this role. In this post, I set up the container registry, event processing system, and workflow engine using Harbor, Argo Events, and Argo Workflows. In the next post, I connect these pieces to ArgoCD and the project template structure so they start to behave like an actual IDP. ...

Overview In the previous post, we configured DDNS and port forwarding to enable external internet access to services running in the homelab Kubernetes cluster. This post covers how to install and configure HashiCorp Vault to securely manage sensitive information like passwords, API keys, and certificates in the Kubernetes cluster. Limitations of Default Kubernetes Secrets Secret management was the biggest challenge while building the homelab environment using GitOps methodology. Several limitations became clear when using default Kubernetes Secrets. ...