Hadna Space https://hadna.space/ Software Engineer | Counter-Disinformation, Narrative Defense & Strategic Systems Sun, 12 Apr 2026 17:37:42 GMT https://validator.w3.org/feed/docs/rss2.html https://github.com/jpmonette/feed en Hadna Space https://hadna.space/me.png https://hadna.space/ All rights reserved 2026, Hadna <![CDATA[How GPTBot Drained My Vercel Usage]]> https://hadna.space/notes/54-openai-gptbot https://hadna.space/notes/54-openai-gptbot Sat, 24 Jan 2026 00:00:00 GMT **"You have used 100% of your Fast Origin Transfer limit."** I host this space on Vercel. Usually, my usage is well within the limits of the Hobby plan. I serve text, some images, and simple pages. It's efficient. But suddenly, my account was redlining. I dove into the monitoring dashboard, looking for the culprit. Was it a DDoS attack? A viral post? A recursive loop in my code? No. It was this: `Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.3; +https://openai.com/gptbot)` ## The Culprit: GPTBot OpenAI's crawler, **GPTBot**, had decided to index my site. And it didn't just "visit." It seemingly tried to ingest everything, all at once, aggressively. The result? It maxed out my **Fast Origin Transfer**. ## What is Fast Origin Transfer? On Vercel, "Fast Origin Transfer" typically refers to the bandwidth used to fetch content from your origin server (or the compute functions generating your pages) to Vercel's Edge Network. If you have a lot of Server-Side Rendered (SSR) pages, or if your cache hit ratio drops because a bot is requesting thousands of old, obscure URLs that haven't been visited in months (and thus aren't in the cache), Vercel has to go back to the origin (or execute the function) for every single request. For a normal user, this is negligible. For a bot crawling thousands of pages at high speed? It adds up instantly. ## The Irony of the "Success" The logs showed a sea of `200 OK` responses. ``` no error (success) ``` From a technical standpoint, my site performed perfectly. It served every request the bot threw at it. It scaled up, handled the traffic, and delivered the content. But that "success" meant my infrastructure quota was being burned to fuel a dataset for a model I don't own, for a company worth billions, while I'm here worrying about my personal site's limits. ## The Fix: Banning the Bot If you want to stop your personal project from becoming collateral damage in the AI arms race, you need to update your `robots.txt`. Here is how to tell GPTBot to go away: ```txt User-agent: GPTBot Disallow: / ``` You can also block other common AI crawlers while you're at it: ```txt User-agent: GPTBot Disallow: / User-agent: CCBot Disallow: / User-agent: Google-Extended Disallow: / ``` ## Conclusion We are currently in a weird phase of the web. We publish content to share with humans, but increasingly, our "readers" are machines vacuuming up data. If you're self-hosting or using platform-as-a-service tiers like Vercel, Netlify, or AWS, keep an eye on your logs. Your "viral" traffic spike might just be a hungry model looking for training data—and leaving you with the bill. ]]> hi@hadna.space (Hadna) <![CDATA[What Working With Disinformation Changes in You]]> https://hadna.space/notes/53-what-working-with-disinformation-changes-in-you https://hadna.space/notes/53-what-working-with-disinformation-changes-in-you Mon, 19 Jan 2026 00:00:00 GMT they are naive, uneducated, or simply "dumb." You cannot hold that view for long if you are serious about the work. When you listen closely to those who share and believe false narratives, patterns emerge: - They are often responding to real pain, real uncertainty, real exclusion. - The disinformation offers belonging, clarity, and agency that reality is failing to provide. - Their vulnerability is not a bug of their character; it is a feature exploited by others. The work forces you to separate: - Responsibility for harm done. - Responsibility for the conditions that made that harm attractive. You end up with a sharper, less romantic, but arguably deeper form of empathy. You see both the human and the handler behind the message. ## You Become Intolerant of Lazy Information Hygiene Once you have seen how quickly a false narrative can move from fringe to mainstream, your tolerance for casual sharing plummets. You notice when: - A friend forwards a screenshot from an anonymous account as if it were verified news. - A community leader amplifies unverified claims because "it feels true." - A journalist tweets a hot take before reading the underlying report. To them, it is just conversation. To you, it looks like the beginning of an amplification chain. This can make you sound pedantic, or overly cautious, or "no fun." It is difficult to unsee the potential downstream consequences once you have spent months cleaning up after similar behavior at scale. ## You Feel the Gravity of Cynicism There is a quiet danger in this work: the slide from healthy skepticism into corrosive cynicism. If every narrative might be engineered, if every appeal might be manipulative, if every storyline might be a vector, it becomes easy to believe that nothing is sincere and no one is acting in good faith. That belief is itself a victory condition for some disinformation campaigns. When you believe no one is trustworthy, you become easier to isolate, easier to manipulate, and easier to exhaust into disengagement. Part of the discipline of this field is learning to hold two truths at once: - Many narratives are engineered, amplified, and weaponized. - Some people genuinely mean what they say and are trying, imperfectly, to help. Learning to distinguish between the two is work. It is emotional labor, not just analytical labor. ## You Need New Rituals to Stay Human Working with disinformation is not just an intellectual challenge. It is a continuous exposure to anger, fear, hatred, and despair packaged for engagement. If you are not careful, those emotions do not stay on the screen. They follow you into your off-hours. People who last in this field tend to develop their own rituals: - Strict boundaries around doom-scrolling and "just one more thread." - Spaces where no one talks about politics, campaigns, or narratives at all. - Hobbies that involve making tangible, low-stakes things with their hands. Not because they are running away from reality, but because they need some parts of their life that are not optimised for virality, outrage, or debate. ## What the Work Gives You It would be easy to end here, with cost. But the work also gives you things. - A clarified sense of what you stand for, not just what you stand against. - A sharper intuition for how fragile, and how resilient, communities can be. - A deep respect for those who build media literacy quietly, patiently, without theatrics. You learn to see information not just as content, but as infrastructure that shapes what people believe is possible. That realization can be heavy. It can also be a kind of compass. ## A Quiet Conclusion Working with disinformation changes you. It alters your default settings around trust, emotion, and narrative. The goal is not to return to the naive state you had before. That is gone. The goal is to build a new baseline: - Clear-eyed without being paralyzed. - Skeptical without being cruel. - Aware of the machinery, still capable of genuine connection. Because in the end, the point of understanding disinformation is not to win arguments online. It is to protect the conditions under which honest conversation, shared reality, and collective problem-solving are still possible. ]]> hi@hadna.space (Hadna) <![CDATA[The Cost of Seeing Too Clearly]]> https://hadna.space/notes/52-the-cost-of-seeing-too-clearly https://hadna.space/notes/52-the-cost-of-seeing-too-clearly Tue, 13 Jan 2026 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[[SOLVED] Fixing Homebrew Errors After macOS 26 Tahoe Update]]> https://hadna.space/notes/51-brew-error-in-macos-26-tahoe https://hadna.space/notes/51-brew-error-in-macos-26-tahoe Wed, 18 Jun 2025 00:00:00 GMT ' from /opt/homebrew/Library/Homebrew/os.rb:7:in '
' from :37:in 'Kernel#require' from :37:in 'Kernel#require' from /opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.4.4/lib/ruby/gems/3.4.0/gems/bootsnap-1.18.5/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in 'Kernel#require' from /opt/homebrew/Library/Homebrew/global.rb:138:in '' from /opt/homebrew/Library/Homebrew/brew.rb:18:in 'Kernel#require_relative' from /opt/homebrew/Library/Homebrew/brew.rb:18:in '
' ``` You’re not alone. This issue arises because your Homebrew version _doesn’t yet recognize macOS 26.0 as a valid or supported version._ Let’s break down what’s happening, why it matters, and how to fix it. ## What’s Actually Happening? Homebrew maintains an internal list of supported macOS versions within its source code. When a major new version of macOS drops _—even in preview—_ Homebrew doesn’t automatically know what to do with it. In this case, the error occurs because: - The Homebrew script is trying to parse the system version number, finds “26.0,” and says: _“I’ve never heard of this one.”_ - This triggers a `MacOSVersion::Error`, which effectively halts any brew command from running. This isn’t a bug in your system—it’s just a gap in recognition. ## Quick Fix: Update Homebrew The Homebrew team usually responds quickly to new macOS versions—especially popular previews. To resolve this issue, simply run: ``` brew update ``` This pulls in the latest definitions, including support for macOS 26, allowing brew to identify your OS properly and continue working as expected. ## Alternative Workaround (If brew update Fails) If brew update itself is broken due to the version error (and sometimes it is), you can try running the update manually from within the Git repository: ``` cd /opt/homebrew git fetch git reset --hard origin/master ``` > ⚠️ Use this only if you know what you’re doing, as it can overwrite local changes in your Homebrew installation. ## Why It Matters Tools like Homebrew form the backbone of many development workflows. When they break after a system upgrade, even temporarily, it can cause ripple effects across your toolchain. So while it’s tempting to jump onto the latest macOS preview, keep in mind: - Many developer tools lag behind in support for preview releases. - Some updates—especially to low-level tools like compilers or SDK managers—can cause more subtle issues later on. ## Recommendation for Devs 1. If you rely heavily on brew for work or projects, consider waiting until Homebrew officially supports your OS version. 2. If you’re experimenting with macOS Tahoe 26 Preview on a secondary machine or partition, go ahead—but know that some tooling may require manual fixes like this one. ]]> hi@hadna.space (Hadna) <![CDATA[This Is NISKALA]]> https://hadna.space/notes/50-niskala https://hadna.space/notes/50-niskala Fri, 16 May 2025 00:00:00 GMT Belief is a strange thing. > > So I built something even stranger to study it. --- _Last updated: May 29, 2025_ > This note is going to be updated regularly. You can keep coming back to this note to see what’s new. --- ## ⚠️ Preface: A Note On This... Note I wrote this note in a light and humorous tone on purpose. Why? Because the internet is exhausting, and I want you to **actually make it to the end of this without skimming**. Also because: - People mistake seriousness for clarity - Jokes are a form of compression - If I wrote this in academic tone, only five people would finish it — and four of them would be LLMs - And let’s be honest — I’m not mentally prepared to sit in a room full of intelligence analysts explaining why my solo weekend build reverse-engineered half their playbook by _"accident"_ But underneath the jokes, this is 100% real. The system is real. The stakes are real. The language? Just upgraded for human readability. --- ## What Is NISKALA? Okay. Imagine a black site disguised as a research lab, staffed by a sentient linguistics major, a comms analyst who hoards enemy propaganda for fun, and a strategist who treats moral ambiguity like a spice rack — all caffeinated, unsupervised, and building frameworks no one asked for, while live-monitoring their own emotional fallout. That’s the vibe. It sounds ridiculous. And yet — that’s not far off. Strip away the caffeine and emotional instability, and you’ll find something precise underneath the chaos. Tactically speaking: > NISKALA is a self-directed and independent R&D lab focused on adversarial narrative environments. We operate at the intersection of InfoOps, PsyOps, AI, and cognitive security, serving as sovereign infrastructure for prototyping Advanced Narrative Intelligence Systems systems. — [NISKALA](https://niskala.systems) --- Some people build apps. I built an **intelligence lab for weaponized language** — wrapped in AI, sharpened by doctrine, and extremely bad at small talk. Because that’s what normal people do on weekend, right? It doesn’t always behave, and it sometimes spits out something that makes me sit back in my chair and whisper _"oh god they’re gonna use that."_ --- So, meet **NISKALA** — the lab that quietly judges everything you write, say, or accidentally imply while trying to be "neutral." No, it won’t tell you how to go viral. Yes, it will tell you why your text accidentally radicalized someone’s uncle in Texas. --- ## First, the Name: What the Hell Is "Niskala"? Great question. Let’s get mystical for a second, shall we? **Niskala** is a Balinese term that roughly means _"unseen"_, or more precisely, _"that which exists, but cannot be perceived directly."_ You know — like: - Power dynamics in a tweet - Hidden frames inside a press release - The subtext of _"I’m just asking questions"_ - That weird tension in a sentence when you _feel_ it’s manipulative but can’t prove why - Or your coworker’s Slack message that ends with a period. NISKALA was named for **that layer** — the one underneath the content, behind the message, inside the emotional payload. --- ## Why I Did This to Myself Because I got tired of watching people: - Fall for bad stories, - Create worse ones, - And defend both using emotional triggers wrapped in fancy words. Also because: - I like building systems. - I’m obsessed with how stories shape perception. - I had a weekend and a God complex, as well as access to coffee and existential dread I wanted to know: > "How would this message land if someone was sad, angry, politically disillusioned, and had just scrolled through doom-posts for 90 minutes straight?" Turns out, that’s a **simulatable condition**. And then I accidentally spent an amount of time best described as "concerning" doing exactly that. --- But seriously. Over the last half decade, I somehow drifted into building systems for _contested information environments_, which is the respectable version of: **preventing _"lol"_ from turning into _"wtf happened to him?"_ :|** - Tools quietly adopted by civilian networks and transatlantic defense-aligned orgs - Infrastructure built to resist psychological manipulation - Simulate information warfare - And keep entire belief systems from falling apart like grandpa's bookshelves under moral pressure The twist? Most of that work happens in high-context environments where the systems are real, but the documentation is… _classified, protected with legal threats, or spiritually encrypted._ The systems exist. _My portfolio doesn’t._ I have the skills. I have the experience. But nothing I could _publicly_ show. So I built NISKALA: - A visible artifact of invisible work. - A sovereign system for decoding how language becomes belief—and what happens when you press right where it hurts. --- ## What It Does (AKA "The Cool Stuff") NISKALA has these main modules: - **TRAYA** — the narrative analysis unit - **VASTU** — the perception simulation unit - **RAYU** — the cognitive infiltration system - **WISIK** — the narrative forecasting system - **FRAKTUR** — the fracture mapping and recon module - **DEBRIEF** — the reporting system that documents all of the above Each one is extremely judgmental in its own unique way. Let’s break them down. --- ## TRAYA: The Rhetorical Surgeon **TRAYA** is what happens when you give a language scalpel to someone who thinks feelings are a form of psychological malware. Its job is to: - Dissect your message like it's hiding state secrets - Sniff out ideological landmines - Identify pressure points like a rhetorical chiropractor - Predict how your sentence might start a fight at dinner > "This message reads like Shakespeare joined a startup and got ghosted mid-sprint." --- ## VASTU: The Simulated Audience Whisperer **VASTU** is what happens when you cross a vibe-check with a psychometric telescope. Its job is to: - Simulate how fractured minds will take your message personally - Detect emotional tripwires and weaponized phrasing - Predict which sentence will start a podcast and which one will end a friendship > "This phrase will get 1 like, 3 tears, and someone explaining it incorrectly on TikTok." --- ## RAYU: The Language That Slips Past the Guard **RAYU** is your charming, persuasive friend who could sell sunscreen in a blizzard — politely. Its job is to: - Rewrite your message like it’s wearing cologne - Avoid resistance by sounding suspiciously reasonable - Get inside someone’s brain, unpack, and redecorate > "It doesn’t convince you. It just hands you a hex key, smiles, and watches you reassemble your ethics upside down — thinking it was your idea all along." --- ## WISIK: The Message Oracle With Receipts **WISIK** is the anxious analyst who reads your draft and sees a thousand futures — most of them bad. Its job is to: - Forecast how your message might evolve, mutate, or explode - Detect when your words are going to become someone else’s battle cry - Help you avoid making tomorrow’s trending disaster today > "This post starts as a meme. It ends in a Netflix documentary." --- ## FRAKTUR: The Cognitive Recon Operator **FRAKTUR** is the quiet one in the corner taking notes on everyone’s unspoken tension — and probably drawing a map of it. Its job is to: - Scan the terrain for ideological hairline fractures - Detect emotional overload before it leaks into violence - Identify which narrative bump will cause a full-scale belief landslide > "This community looks chill — until someone mentions pineapple on pizza and the whole thing collapses." --- ## DEBRIEF: The Overachieving Report Card No One Asked For **DEBRIEF** is what happens when all the other modules get together, gossip about your message, and then publish a group project with footnotes. Its job is to: - Compile everyone’s findings like a suspiciously organized detective board - Turn narrative chaos into a structured report your enemy’s intern might print out - Publish said report in [NISKALA Signal](https://signal.niskala.systems) with the smug satisfaction of saying _"we warned you"_ > "This phrase realigned two ideological factions, resurrected Cold War-era linguistic residue, and caused one reader to switch VPNs mid-scroll. DEBRIEF submitted the report and now insists it needs a therapy." --- In short: TRAYA asks _"What is this message **doing**?"_ VASTU asks _"Who is this message **ruining**?"_ RAYU asks _"How do we make this message **irresistible**?"_ WISIK asks _"When does this message become **dangerous**?"_ FRAKTUR asks _"Where will this message **break belief**?"_ DEBRIEF asks _"What did all the other modules **just unleash** — and how do we file this without triggering alarms?"_ --- ## What It’s Not - It’s not for writing ad copy - It’s not going to make you a better influencer - It has never, ever said _"Let’s optimize your brand voice"_ and if it ever does, I will delete it - It will _absolutely not_ make you a better marketer. It may, however, make you rethink your entire communication strategy. Also: Yes, it does understand irony. --- ## Can You Use It? Not publicly. Not yet. Right now it’s: - Under Hadna Space _(this very website — congrats on making it this far!)_ - Operated by me - Carefully, quietly, selectively used in high-context environments If you think you’re one of those contexts — we can talk. But if you’re just here for vibes, that’s cool too. Just try not to summon anything — or anyone above your pay grade. This note was built for public resonance. The system wasn’t. --- ## What It’s Actually For Honestly? - Narrative tacticians - PsyOps hobbyists (aka extremely online-weirdos but with a moral code) - Strategic communicators working in high-friction environments - People who think meme velocity should be tracked like it’s part of a logistics operation - Operators who’ve had to ask, _"What happens if this gets misread by the wrong crowd with too much time?"_ If you’ve ever looked at a sentence and thought, _"this will 100% cause a flame war in three hours"_ — congrats, you already speak NISKALA. --- ## A Note on Ethics (Because Someone Will Ask) **NISKALA is not a propaganda engine.** It doesn’t hack beliefs, brainwash civilians, or run psyops from a bunker in the woods. _(Yet.)_ Here’s what it actually does: - **TRAYA** builds messages with precision - **VASTU** simulates how they’ll be received - **RAYU** rewrites them so they slide past defenses - **WISIK** whispers what they might become next - **FRAKTUR** scans the terrain for where things might break It doesn’t manipulate people. It doesn’t impersonate the truth. It studies **structure**, not **souls**. This is a diagnostic suite for narrative architecture. What you do with the insights—that’s between you, your gods, and your comms team. _(Though if you’re looking for something a little more… incendiary, TRAYA keeps odd hours.)_ --- ## Closing Thoughts There’s a lot of noise out there. Everyone’s trying to say something. Very few are listening to what messages _actually do_ when they land. NISKALA listens. It watches. It reads the fog behind the feed. _(It also has opinions about your word choice, but keeps them to itself. Usually.)_ I built it because **belief is too powerful to leave unexamined**. And **too fragile to leave unprotected**. If you’re building inside narrative pressure — welcome. We probably already speak the same language. NISKALA just learned how to listen. _And, occasionally, to judge. Silently..._ --- _P.S.: If you’re someone from an undisclosed agency currently drafting a message from your three-letter email domain, and your draft starts with "We came across your website…", please delete it. Gently._ ]]> hi@hadna.space (Hadna) <![CDATA[Note 49: Tuna Sandwich]]> https://hadna.space/notes/49-blank-page https://hadna.space/notes/49-blank-page Thu, 15 May 2025 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[RSS Feed Is Finally Live!]]> https://hadna.space/notes/48-rss-feed-is-live https://hadna.space/notes/48-rss-feed-is-live Thu, 15 May 2025 00:00:00 GMT If you’re using NetNewsWire, Feedly, Reeder, or even a terminal-based reader, it should just work. Let me know if anything’s broken or if you want to see a JSON feed too. (I might add that next.) _Oh, and if you’re wondering what RSS even is, don’t worry. That might be a note for another day._ ]]> hi@hadna.space (Hadna) <![CDATA[Disinformation in Crisis Situations]]> https://hadna.space/notes/47-disinformation-in-crisis-situations https://hadna.space/notes/47-disinformation-in-crisis-situations Tue, 29 Apr 2025 00:00:00 GMT "There's a tsunami coming!" > > "The bridge is collapsing!" > > "The hospitals are full!" These kinds of messages — short, emotional, urgent — don't wait for verification. They weaponize fear. Sometimes the spread is accidental: someone hears a rumor, panics, and passes it along. Other times it's deliberate: actors seeding confusion for political, strategic, or financial gain. Regardless of the source, the effect is the same: - Overloaded escape routes. - Broken trust in emergency responders. - Delayed medical aid. - Collateral injuries during evacuations. False information compounds real-world suffering. ## A Real-World Glimpse: The Invisible Aftershock During a major earthquake in Indonesia years ago, an unofficial rumor spread fast: > A tsunami was coming. People panicked instantly. They rushed inland, shouted, abandoned vehicles, jammed the roads. It didn't matter that the geographical risk was low. It didn't matter that no official warning had been issued. Fear doesn't stop to check facts. The disinformation multiplied the chaos far beyond the shaking ground. By the time official sources calmed the rumor, physical injuries and psychological trauma had already taken root. The earthquake was the first wave. The disinformation was the second. ## Why Disinformation Thrives During Disasters There are structural reasons why false information spreads so easily in emergencies: ### 1. Cognitive Overload In a crisis, the human brain prioritizes survival. Details are dropped. Complex analysis shuts down. We seek fast, simple answers. Disinformation thrives because it offers quick, emotional explanations when complex realities are harder to process. ### 2. Trust Vacuum When communication from authorities is slow, vague, or contradictory, people fill the gaps themselves. And "fast and wrong" often beats "slow and right" in an information race. ### 3. Amplification Mechanics - Social media accelerates rumor spread at speeds no emergency communication system can match. - Mobile messaging groups (WhatsApp, Telegram, etc.) create closed loops of panic. - Visual content (images, videos) triggers emotional reactions faster than text corrections can counteract. The medium is tuned for viral fear. Not for viral calm. ## The Impact: Real Damage Beyond the Physical **1. Fractured Response Coordination** If responders are busy fighting rumors, they have less bandwidth for real rescue operations. Resources get misallocated. Priorities become confused. **2. Psychological Wear and Tear** False alarms exhaust emotional reserves. Victims and responders both suffer from heightened anxiety, mistrust, and information fatigue. **3. Long-Term Trust Erosion** Even after the disaster ends, public trust in institutions often remains damaged. If people feel "lied to" or "left in the dark," the consequences ripple far beyond the event. ## What We Can Do: Personal and Community-Level Strategies Stopping disinformation completely is impossible. But slowing it down? Resisting its pull? Strengthening resilience? That we can do. ### Personal Moves: - **Pause Before Sharing**: In a crisis, if you didn't hear it from an official source, wait. - **Prioritize Official Channels**: Follow emergency agencies, verified news outlets, and known communication hubs. - **Fact-Check Actively**: Tools like reverse image searches or direct confirmation from multiple sources can prevent accidental amplifications. - **Practice Emotional Self-Control**: Panic loves speed. Calm demands a moment of breath. ### Community Moves: - **Promote Media Literacy**: Teach simple verification habits before crises happen. - **Support Reliable Local Networks**: Strengthen trusted, decentralized channels that can act quickly in emergencies. - **Report Harmful Content**: Don't just ignore false viral content — flag it when appropriate. ## Final Reflection: Sovereignty of Mind in Times of Chaos When physical structures collapse, the human mind becomes the final defense. Holding the line against disinformation isn't about "being smarter" than others. It's about resisting the gravitational pull of fear. > In an emergency, thinking clearly is an act of survival. > > Sharing carefully is an act of protection. Crises don't just test our infrastructure. They test our discernment. And sometimes, the quietest move — thinking before reacting, questioning before forwarding — can save more lives than any dramatic rescue. In a world where information moves faster than earthquakes, faster than floods, faster than fire, **clarity is the rarest, and most necessary, form of courage.** Stay clear. Stay calm. Stay sovereign. ]]> hi@hadna.space (Hadna) <![CDATA[Estimating RSSI for Proximity and Surveillance]]> https://hadna.space/notes/46-estimating-rssi-for-proximity-and-surveillance https://hadna.space/notes/46-estimating-rssi-for-proximity-and-surveillance Sat, 05 Apr 2025 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[The Surveillance You Wear: What Your Devices Say About You]]> https://hadna.space/notes/45-smart-devices-in-surveillance-activities https://hadna.space/notes/45-smart-devices-in-surveillance-activities Fri, 28 Mar 2025 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[Understanding RAG: The Future of AI Knowledge Integration]]> https://hadna.space/notes/44-understanding-rag-retrieval-augmented-generation https://hadna.space/notes/44-understanding-rag-retrieval-augmented-generation Wed, 29 Jan 2025 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[How Does the Future of AI Look Like?]]> https://hadna.space/notes/43-the-future-of-ai https://hadna.space/notes/43-the-future-of-ai Sun, 26 Jan 2025 00:00:00 GMT Artificial Intelligence isn't just a buzzword anymore—it's transforming every industry imaginable. From helping doctors diagnose diseases to powering self-driving cars, AI is becoming an integral part of our daily lives. Let's explore how AI is revolutionizing different sectors and what the future might hold. The world of artificial intelligence is expanding at an unprecedented rate. What once seemed like science fiction is now becoming reality. In this article, we'll explore how AI is reshaping various industries and changing the way we live and work. ## Healthcare: Saving Lives with Smart Technology AI is revolutionizing healthcare in ways we never thought possible: 1. **Disease Diagnosis**: - AI can detect diseases from medical images with incredible accuracy - Some AI systems outperform human doctors in identifying certain conditions - Early detection of diseases like cancer is becoming more reliable 2. **Drug Discovery**: - AI accelerates the development of new medications - Reduces research costs and time-to-market for new drugs - Helps predict drug interactions and side effects 3. **Personalized Medicine**: - Creates tailored treatment plans based on individual patient data - Predicts patient responses to different treatments - Monitors patient health in real-time through smart devices ## Automotive: The Road to Autonomous Future The automotive industry is being transformed by AI: 1. **Self-Driving Cars**: - Advanced driver assistance systems (ADAS) - Autonomous navigation and obstacle detection - Real-time traffic analysis and route optimization 2. **Safety Features**: - Predictive maintenance alerts - Emergency braking systems - Driver monitoring for fatigue and distraction 3. **Manufacturing**: - Quality control through computer vision - Robotic assembly line optimization - Supply chain management and forecasting ## Military and Defense: Enhanced Security AI is changing modern warfare and defense strategies: 1. **Cybersecurity**: - Automated threat detection - Real-time response to cyber attacks - Predictive analysis of potential security breaches 2. **Autonomous Systems**: - Drone navigation and control - Unmanned ground vehicles - Surveillance and reconnaissance 3. **Strategic Planning**: - Battle simulation and training - Resource allocation optimization - Intelligence analysis and prediction ## Education: Personalized Learning Revolution Education is becoming more accessible and effective: 1. **Adaptive Learning**: - Customized learning paths for each student - Real-time feedback and assessment - Identification of learning gaps 2. **Administrative Tasks**: - Automated grading and feedback - Student performance analytics - Resource allocation and scheduling 3. **Accessibility**: - Language translation for international students - Support for students with disabilities - 24/7 virtual tutoring assistance ## Gaming: Enhanced Entertainment Gaming experiences are reaching new heights: 1. **NPC Intelligence**: - More realistic and adaptive AI opponents - Dynamic storytelling based on player choices - Procedurally generated content 2. **Graphics and Animation**: - Real-time ray tracing optimization - Facial animation and expression - Physics simulation 3. **Player Experience**: - Personalized difficulty adjustment - Cheating detection and prevention - Social interaction with AI characters ## Finance: Smarter Money Management The financial sector is being revolutionized: 1. **Trading**: - Algorithmic trading strategies - Market prediction and analysis - Risk assessment and management 2. **Customer Service**: - AI-powered chatbots and advisors - Fraud detection and prevention - Automated loan approval processes 3. **Personal Finance**: - Spending pattern analysis - Investment recommendations - Budget optimization ## Agriculture: Farming of the Future Agriculture is becoming more efficient: 1. **Crop Management**: - Yield prediction and optimization - Disease and pest detection - Automated irrigation systems 2. **Livestock Monitoring**: - Health tracking and disease prevention - Feeding optimization - Breeding program management 3. **Resource Management**: - Weather prediction and planning - Soil condition monitoring - Equipment maintenance scheduling ## Challenges and Considerations While AI brings numerous benefits, there are important considerations: 1. **Ethical Concerns**: - Privacy and data protection - Bias in AI systems - Job displacement concerns 2. **Technical Challenges**: - Computing power requirements - Data quality and availability - System reliability and safety 3. **Social Impact**: - Workforce adaptation - Economic inequality - Human-AI interaction ## The Future of AI Looking ahead, we can expect: 1. **Integration**: - Seamless incorporation into daily life - Cross-industry applications - Enhanced human-AI collaboration 2. **Innovation**: - New job creation - Novel problem-solving approaches - Unexpected breakthroughs 3. **Evolution**: - More sophisticated AI systems - Better understanding of AI capabilities - New ethical frameworks ## Conclusion: Embracing the AI Revolution AI is not just changing individual industries—it's transforming the very fabric of our society. While challenges exist, the potential benefits are enormous. As we move forward, it's crucial to approach AI development thoughtfully, ensuring that we harness its power for the benefit of all humanity. The future of AI is not about replacing humans but augmenting our capabilities. By understanding and embracing these changes, we can work towards a future where AI helps us solve some of humanity's biggest challenges while creating new opportunities for growth and innovation. Are you ready for the AI revolution? The future is already here, and it's more exciting than we ever imagined. ]]> hi@hadna.space (Hadna) <![CDATA[Windows 10 End of Life: Your Beginner's Guide to Linux]]> https://hadna.space/notes/42-windows-10-eol-migrate-to-linux https://hadna.space/notes/42-windows-10-eol-migrate-to-linux Sat, 04 Jan 2025 00:00:00 GMT Disclaimer: This guide is for Windows 10 users who cannot upgrade to Windows 11 due to unsupported hardware and have never heard of Linux before. With Windows 10 support ending in 2025, you might feel stuck, but don’t worry—there’s no need to buy a new computer. Let me introduce you to **Linux**, a free, secure, and versatile operating system that’s perfect for giving your old computer a fresh start. If you’ve been using Windows for years, it’s like living in a house you’re super familiar with. But now, Windows 10 is going away in 2025, and the new Windows 11 might not fit your computer. That doesn’t mean you need to buy a new computer! Instead, let me introduce you to a free, magical world called **Linux**. This blog will explain Linux in a simple way so anyone, even if you’re hearing about it for the first time, can understand. By the end, you’ll know why Linux is worth trying, how to switch, and how to enjoy using it. ## What is Linux? Think of Linux like a magical playroom. It’s a system that runs your computer, just like Windows or macOS, but it’s made by people all over the world who share it for free. Yep, free! You don’t need to buy a license or worry about subscriptions. Linux has many "flavors," which are like different themes for your playroom. You can pick one that looks and feels the way you like. Some are bright and colorful, while others are simple and plain. ## Why Should You Care About Linux? When Windows 10 support ends, you won’t get updates, and your computer might become vulnerable to viruses or hackers. If your computer can’t handle Windows 11, you might think you need to spend money on a new PC. But Linux can save you from that expense. Here’s why Linux is awesome: 1. **It’s Free Forever**: No hidden fees. No licenses. You can download Linux, use it, and update it—all without spending a penny. 2. **It’s Lightweight and Fast**: Linux can run on older computers without slowing down. If your computer feels like a tired snail with Windows, Linux will make it feel like a cheetah. 3. **It’s Secure**: Linux has fewer viruses than Windows. Hackers mostly ignore Linux because it’s built differently, and updates are super secure. 4. **It’s Yours to Customize**: Don’t like how your computer looks? Linux lets you change almost everything—colors, icons, layouts, and more. ## Is Linux Hard to Use? If you’re worried that Linux will feel too “techy” or complicated, don’t be! Over the years, Linux has become very user-friendly, especially for people who are new to it. There are Linux versions (called **distros**) designed specifically for beginners. Some even look similar to Windows, so you’ll feel right at home. ## What Can You Do With Linux? Here’s the fun part: Linux can do almost everything Windows can, and often better. Here’s a quick list: 1. **Browse the Internet**: Use browsers like Firefox or Chrome to surf the web, just like you do on Windows. 2. **Write and Edit Documents**: Linux has free apps like LibreOffice, which works just like Microsoft Office. You can create Word-like documents, Excel-like spreadsheets, and even PowerPoint-style presentations. 3. **Watch Movies and Listen to Music**: Enjoy your favorite shows and songs with apps like VLC Media Player. 4. **Play Games**: While not all Windows games work on Linux, many do. Platforms like **Steam** support Linux, and tools like **Proton** help run Windows games on Linux. 5. **Edit Photos and Videos**: Apps like GIMP (similar to Photoshop) and Kdenlive (for video editing) are free and powerful. 6. **Customize Your Desktop**: Want your computer to look like a spaceship? Or maybe you prefer a clean, minimalist design? With Linux, you can make your desktop look however you want. ## How to Get Started With Linux? ### 1. Choose Your Flavor Linux comes in different flavors, called **distributions** or **distros**. Here are a few popular ones for beginners: - **Ubuntu**: The most popular choice for newbies. It’s easy to use and has a huge community for support. - **Linux Mint**: If you like Windows, you’ll love Mint. It’s simple and familiar. - **Zorin OS**: Designed for Windows users, it’s polished and beginner-friendly. ### 2. Try Linux Without Installing It You don’t have to erase Windows right away. Linux lets you test it first. Here’s how: 1. **Download the Linux Distro**: Go to the distro’s website (e.g., [ubuntu.com](https://ubuntu.com) or [linuxmint.com](https://linuxmint.com)) and download the file (called an ISO). 2. **Create a Bootable USB Drive**: Use a tool like Rufus (on Windows) to put Linux on a USB stick. 3. **Boot Into Linux**: Restart your computer, press a key like F12 (it depends on your PC), and select the USB drive. You can now try Linux without changing anything on your computer. ### 3. Install Linux If you like Linux, you can install it on your computer. Here’s what happens: - Linux will erase Windows and take over as your main system. - You can also set up a dual-boot system to keep both Windows and Linux. The installation process is simple, with step-by-step instructions. Most distros will guide you through it. ## What’s Different About Linux? Moving from Windows to Linux is like moving to a new house. Some things will feel familiar, and some will take a little getting used to: 1. **Different Apps, Same Purpose**: You won’t have Microsoft Word or Photoshop, but you’ll get free alternatives like LibreOffice and GIMP. 2. **Software Installation**: In Linux, you install apps through a "store" called the **Software Center** or a package manager. It’s safe and easy, like using an app store on your phone. 3. **No More Drivers Hassle**: Most hardware works out of the box on Linux, and you don’t have to hunt for drivers like you do on Windows. 4. **Updates Work Differently**: Linux updates everything—your system and apps—at once, and it’s quick. No annoying restarts in the middle of your work! ## Frequently Asked Questions | Question | Answer | | ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | | **Will My Favorite Apps Work on Linux?** | Many apps have Linux versions or alternatives. If you really need a Windows app, you can use a tool called **Wine** to run it. | | **What About Games?** | Gaming on Linux is improving fast. Platforms like Steam support Linux, and tools like Proton can help run Windows games. | | **Is Linux Safe?** | Yes! Linux is more secure than Windows because it’s harder for viruses to attack it. | | **Will I Need to Learn Coding?** | Not at all! Most distros are designed for regular users, and you won’t need to touch any code unless you want to. | ## Why You’ll Love Linux Here’s why Linux is a great choice: - **It’s fast and lightweight**: Your old computer will feel brand new. - **It’s stable and secure**: No more crashes or endless antivirus scans. - **It’s customizable**: Make your computer truly yours. - **It’s supported by a friendly community**: If you ever get stuck, there’s always someone to help. ## Conclusion: Your Journey Starts Here Switching to Linux might feel like stepping into a new world, but it’s a world full of possibilities. You’ll have a faster, safer, and more fun computer experience—all without spending a dime. So, why not give it a try? Download a Linux distro, test it out, and see for yourself how amazing it can be. Once you take the leap, you’ll wonder why you didn’t try Linux sooner! Welcome to the Linux family—you’re going to love it here. ]]> hi@hadna.space (Hadna) <![CDATA[Exploring Ollama on macOS: A Beginner's Guide]]> https://hadna.space/notes/41-ollama-macos https://hadna.space/notes/41-ollama-macos Fri, 03 Jan 2025 00:00:00 GMT Happy New Year, everyone! 🥳 Here's to a fantastic 2025, filled with growth, success, and tech adventures. 🎉 ## What is Ollama? Ollama is a tool that allows you to locally run language models for coding, productivity, or experimentation. By hosting models on your machine, you get better privacy, control, and reduced reliance on cloud-based services. Think of it as a bridge between the flexibility of open-source AI tools and the user-friendliness of commercial solutions. > Disclaimer: before we continue, this article is a comprehensive guide to using Ollama on macOS. It's solely based on my experience with an Apple M1 chip and I may make mistakes, but the steps should be adaptable for other macOS configurations. ## Installation Setting up Ollama on macOS is straightforward. ### Requirements Before you start, make sure your system meets the following requirements: - Operating System: macOS Monterey or later - Processor: Apple Silicon (M1, M2, or higher recommended) - RAM: At least 8 GB (16 GB or more recommended for running larger models) - Storage: 20+ GB free space (depends on model size) ### Check for Dependencies Ensure you have the following dependencies installed: - Homebrew: The package manager for macOS. Install it using: ```bash /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" ``` - Python 3: Required for some installations and scripting. Verify with: ```bash python3 --version ``` If not installed, get it via Homebrew: ```bash brew install python ``` ### Installing Ollama 1. Download Ollama: Visit [Ollama’s official website](https://ollama.com) to download the macOS installer. 2. Install the Application: Open the .dmg file and drag the Ollama app to your Applications folder. 3. Verify Installation: Launch the app and complete any on-screen instructions. > Pro Tip: Ensure you grant all necessary permissions for smooth functionality. ## Setting Up Models ### Popular Models Ollama supports a variety of models, including: - Code Llama: Ideal for coding assistance - LLaMA 2: A general-purpose model - Specialized Models: Fine-tuned for specific tasks (e.g., productivity, summarization) ### Downloading Models Once Ollama is installed, you can download models directly via the app or through the command line: ```bash ollama pull codellama:7b-code-q4_K_M ``` > To be honest, selecting models is both an exciting and challenging aspect of using Ollama. It's not just about choosing the most advanced or impressive model; the best choice is the one that aligns with your specific needs and matches your hardware capabilities. Replace `codellama:7b-code-q4_K_M` with the desired model’s name. The download might take some time depending on your internet speed. ### Managing Models View installed models with: ```bash ollama list ``` Remove a model if needed: ```bash ollama rm ``` ## Running Models Locally Running models locally is where Ollama shines. Follow these steps to get started: ### Using the GUI We will be covering this GUI section in another note since we most likely need a third-party app for this section, but basically: - Open the app. - Select the desired model from the list. - Start interacting with the model using the chat interface. ### Command-Line Interface (CLI) For power users, Ollama provides a robust CLI. Start a session with: ```bash ollama run ``` Example: ```bash ollama run codellama:7b-code-q4_K_M ``` ### Scripting with Python Integrate Ollama into Python projects using its API. Example: ```python import ollama client = ollama.Client() response = client.run(model="codellama:7b-code-q4_K_M", prompt="Write a Python function to calculate Fibonacci numbers.") print(response) ``` Note: Refer to the Ollama API documentation for more advanced usage. ## Tips and Tricks 1. **Optimize Performance:** Close unnecessary apps to free up RAM for large models. 2. **Batch Requests:** If using the CLI or API, batch similar prompts for efficiency. 3. **Model Updates:** Regularly check for model updates to get the latest features and improvements. ## Use Cases Here are some ways you can utilize Ollama: 1. **Coding Assistance:** Boost your productivity with code suggestions, debugging help, and syntax correction. 2. **Content Generation:** Use AI to generate blog posts, social media captions, or technical documentation. 3. **Data Analysis:** Quickly analyze datasets or generate scripts for data manipulation. 4. **Learning and Experimentation:** Explore machine learning concepts and experiment with AI in a controlled environment. ## FAQs Here are some frequently asked questions about Ollama: | **Question** | **Answer** | | ----------------------------------------------- | ----------------------------------------------------------------------- | | Do I need an internet connection to run models? | No, once downloaded, models run locally without internet access. | | Can I run multiple models simultaneously? | Yes, but it depends on your system’s hardware capabilities. | | Are all models free? | Some models may have licensing restrictions; check the model’s details. | ## Final Thoughts Using Ollama on macOS is a game-changer for those looking to harness AI locally. With robust capabilities and a user-friendly interface, it empowers users to experiment and innovate without compromising privacy or performance. Happy experimenting, and here's to more AI-powered adventures in 2025! 🚀 ]]> hi@hadna.space (Hadna) <![CDATA[Merry Christmas 🎄 and Happy New Year 2025 🎆]]> https://hadna.space/notes/40-merry-christmas-and-happy-new-year-2025 https://hadna.space/notes/40-merry-christmas-and-happy-new-year-2025 Thu, 26 Dec 2024 00:00:00 GMT As we close out the year, I want to extend my warmest wishes for a Merry Christmas and a Happy New Year. May this festive season bring you joy, peace, and cherished moments with loved ones. Here's to another year full of growth and opportunities! 🍻 ## Reflecting on 2024: A Year in Review 2024 has been an amazing journey, packed with challenges and victories. This year has been all about learning, unlearning, and growing. Some standout moments from 2024 include: - Enhancing my skills in OSINT (_Open Source Intelligence_). - Diving into exciting projects like the redesign of my personal website. - Taking on the Santa Claus CTF challenge, which honed my analytical and investigative skills. - Collaborating with incredible people and exploring new opportunities in the tech world. It was a year of introspection and progress, laying a solid foundation for the future. --- ## Website Revamp 🌐 One of the major highlights this year was the complete overhaul of my personal website! I'm excited to announce that the site now supports **multiple languages**: - **English** - **Nederlands** - **Bahasa Indonesia** - **Boso Jowo** This update reflects my dedication to reaching a wider audience while honoring my cultural roots. Now, this website is now faster, sleeker, and more accessible than ever. Feel free to check out the new design at [hadna.space](https://hadna.space) and share your feedback! --- ## Looking Forward: Goals for 2025 As we step into 2025, here are my resolutions to guide the year: 1. **Keep Learning**: Deepen my knowledge in **cyber intelligence** and **AI-driven investigations**. 2. **Give Back**: Share insights through workshops, mentoring, and open-source contributions. 3. **Create Impactful Projects**: Focus on projects that blend technology with social good. 4. **Personal Development**: Prioritize health, mindfulness, and a balanced lifestyle. 5. **Broaden Horizons**: Seek opportunities for collaboration and growth, both locally and globally. --- Thank you for being part of my journey. Let's make 2025 a year to remember. Cheers to new beginnings and endless possibilities! Wishing you all a fantastic year ahead! ]]> hi@hadna.space (Hadna) <![CDATA[Critical & Analytical Thinking in OSINT]]> https://hadna.space/notes/39-critical-analytical-thinking-osint https://hadna.space/notes/39-critical-analytical-thinking-osint Sat, 14 Dec 2024 00:00:00 GMT If you still curious about what OSINT is, [I have a comprehensive note explaining about OSINT](/notes/31-osint). ## What Is Critical Thinking? Critical thinking involves the ability to evaluate information objectively, identify biases, and assess the validity of arguments. It is a systematic approach to problem-solving that emphasizes logic and evidence over assumptions and emotions. Key components of critical thinking include: 1. **Clarity:** Ensuring that information and arguments are well-articulated and free from ambiguity. 2. **Accuracy:** Verifying the truthfulness and reliability of data. 3. **Relevance:** Assessing whether information is pertinent to the question or issue at hand. 4. **Depth:** Exploring the complexities of an issue rather than oversimplifying it. 5. **Fairness:** Considering multiple perspectives and avoiding bias. ## What Is Analytical Thinking? Analytical thinking complements critical thinking by focusing on the process of breaking down complex problems into manageable parts. It involves identifying patterns, relationships, and trends within data. Key aspects of analytical thinking include: 1. **Data Interpretation:** Understanding and deriving meaning from data sets. 2. **Problem Solving:** Developing solutions based on logical reasoning and evidence. 3. **Pattern Recognition:** Identifying recurring themes or connections within information. 4. **Decision-Making:** Using analysis to guide choices and actions. ## The Role of Critical and Analytical Thinking in OSINT ### 1. Source Evaluation OSINT relies heavily on publicly available data, but not all sources are reliable. Critical thinking helps practitioners assess the credibility of sources by asking questions such as: - Who authored the information? Are they credible? - What is the purpose of the content? Is it factual, opinion-based, or promotional? - Is the source up-to-date and relevant to the investigation? - Are there any signs of bias or manipulation? For example, when analyzing a social media profile, an OSINT investigator should verify whether the account is genuine or a bot. Indicators like posting frequency, follower-to-following ratios, and content consistency can provide clues about the account’s authenticity. ### 2. Data Correlation OSINT often involves connecting data from multiple sources to form a coherent picture. Analytical thinking aids in identifying patterns and relationships within diverse datasets. This might include linking social media activity to geographic locations, correlating timestamps across platforms, or comparing public records with online profiles. For instance, suppose an investigator is tracking the activities of a suspect involved in fraudulent activities. By analyzing social media posts, public financial records, and forum discussions, they may uncover patterns that reveal the suspect’s methods and associates. ### 3. Bias Detection Bias can distort both the collection and interpretation of data. Critical thinking helps OSINT practitioners recognize their own biases and those embedded within sources. Questions to consider include: - Is the information framed in a way that supports a particular agenda? - Are there alternative interpretations of the data? - Have I considered evidence that contradicts my assumptions? For example, news articles often reflect the editorial stance of their publishers. A critical OSINT investigator will cross-reference multiple news sources to ensure a balanced perspective. ### 4. Hypothesis Testing Effective OSINT requires the ability to formulate and test hypotheses. Analytical thinking enables practitioners to construct logical arguments, evaluate evidence, and revise conclusions as new information emerges. This iterative process ensures that findings are robust and defensible. For instance, if an investigator suspects that a certain individual is behind a cyberattack, they might test this hypothesis by examining IP addresses, chat logs, and metadata. If the evidence does not support the hypothesis, they must be willing to reconsider and explore alternative explanations. ## Strategies for Enhancing Critical and Analytical Thinking in OSINT ### 1. Adopt a Structured Approach Using a structured methodology, such as the Analysis of Competing Hypotheses (ACH), can help ensure that investigations are systematic and comprehensive. ACH involves: - Listing possible explanations for an event or situation. - Identifying evidence that supports or contradicts each explanation. - Evaluating the strength of the evidence. - Eliminating unlikely explanations and refining conclusions. ### 2. Cultivate Curiosity A curious mindset drives the pursuit of deeper understanding. OSINT practitioners should question assumptions, seek alternative perspectives, and remain open to new information. For example, instead of accepting a social media post at face value, investigate the context, origin, and motivations behind it. ### 3. Develop Technical Skills Critical and analytical thinking in OSINT often relies on technical expertise. Skills such as data scraping, geolocation, and metadata analysis enable practitioners to gather and interpret information more effectively. Familiarity with tools like Maltego, OSINT Framework, and Shodan can enhance analytical capabilities. ### 4. Practice Logical Reasoning Logical reasoning involves drawing valid conclusions from available evidence. Practicing techniques such as syllogisms, Venn diagrams, and flowcharts can help refine this skill. For example, when mapping connections between individuals in a network, a flowchart can visually represent relationships and dependencies. ### 5. Engage in Peer Review Collaborating with colleagues and seeking feedback can provide fresh perspectives and identify blind spots. Peer review helps ensure that conclusions are well-founded and free from cognitive biases. For instance, presenting findings to a team can uncover alternative interpretations or overlooked evidence. ### 6. Stay Updated on Cognitive Biases Awareness of cognitive biases, such as confirmation bias, anchoring bias, and availability heuristic, can help practitioners avoid common pitfalls. Regularly reflecting on one’s thought processes and decisions is crucial for maintaining objectivity. ## Examples of Critical and Analytical Thinking in OSINT ### Case Study 1: Social Media Analysis An OSINT investigator is tasked with identifying the organizer of a protest. Using critical thinking, they evaluate social media posts for authenticity, cross-referencing usernames, hashtags, and timestamps. Analytical thinking helps them identify patterns in online activity, such as recurring mentions of a particular individual. By corroborating this information with public records and media reports, the investigator narrows down potential suspects. ### Case Study 2: Geolocation Challenge A journalist receives an anonymous tip about a secret military installation and is provided with a blurred photograph. Applying analytical thinking, they examine details like shadows, architectural features, and vegetation. Using tools like Google Earth and SunCalc, they estimate the location and time the photo was taken. Critical thinking ensures that conclusions are based on evidence rather than speculation. ### Case Study 3: Cyber Threat Investigation A cybersecurity firm investigates a phishing campaign targeting a financial institution. By analyzing metadata, IP addresses, and domain registrations, they trace the campaign back to a known threat actor. Critical thinking helps the team assess the reliability of the evidence and avoid jumping to conclusions. Analytical thinking enables them to identify patterns, such as similarities with previous attacks. ## Challenges in Applying Critical and Analytical Thinking Despite its importance, critical and analytical thinking can be challenging to apply consistently. Common obstacles include: 1. **Information Overload:** The sheer volume of data can make it difficult to prioritize and focus on relevant information. 2. **Time Constraints:** Tight deadlines may pressure practitioners to cut corners or rely on assumptions. 3. **Cognitive Biases:** Even experienced investigators can fall victim to biases that distort their judgments. 4. **Limited Resources:** Access to tools, training, and expertise may vary, affecting the quality of analysis. Overcoming these challenges requires a combination of discipline, practice, and continuous learning. Leveraging technology, such as machine learning and automation, can also help manage large datasets and improve efficiency. ## Wrapping Up Critical and analytical thinking are the cornerstones of effective OSINT. By evaluating sources, identifying patterns, and testing hypotheses, practitioners can transform raw data into actionable intelligence. Developing these skills requires a commitment to objectivity, curiosity, and continuous improvement. Whether investigating social media activity, geolocating images, or uncovering cyber threats, the ability to think critically and analytically is what separates competent OSINT practitioners from the rest. In an era where misinformation and data saturation are pervasive, the importance of these skills cannot be overstated. By honing critical and analytical thinking, OSINT professionals can navigate complexity with confidence and produce insights that drive meaningful action. ]]> hi@hadna.space (Hadna) <![CDATA[How To Install Ubuntu Desktop on ARM Architecture]]> https://hadna.space/notes/38-ubuntu-desktop-arm https://hadna.space/notes/38-ubuntu-desktop-arm Tue, 03 Dec 2024 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[🔎 OSINT Case Study: Investigating the Head of the Municipal Office]]> https://hadna.space/notes/37-osint-case-study-municipal-official https://hadna.space/notes/37-osint-case-study-municipal-official Mon, 25 Nov 2024 00:00:00 GMT Every trail tells a story, and sometimes the most unexpected paths lead to the truth Hi there 👋 Welcome to another OSINT case study. This time, we dive into a unique challenge involving a fictionalized scenario: _investigating a municipal official in a remote town_. While the investigation and core methodologies _are real_, **all names, locations, and identifying details have been completely fictionalized to protect privacy**. It also means that _I will refrain from sharing any details, such as screenshots, snippets, or other identifiable data_. Let’s explore how OSINT tools and techniques can uncover hidden truths—_ethically and responsibly_. ## The Scenario A contact approached me with a concern about their local municipal service. They had experienced unusually poor service and had been charged a hefty and unexpected fine. Frustrated and feeling helpless, they wanted to understand who was responsible for the operations. This inquiry was not driven by malice but by a genuine need to seek accountability and clarity in a situation where answers seemed elusive. The municipal office in question was located in a small, remote town with limited public information available. This meant that traditional channels for understanding the structure and leadership of the office were not easily accessible. This contact’s question was simple yet challenging: _**Who’s in charge?**_ Despite the simplicity of the question, the path to uncovering the answer proved to be far from straightforward, demanding a methodical and creative approach to investigation. ## Task Briefing | Key | Value | | -------------- | --------------------------------------------------------------------------- | | **Brief** | Identify the head of the municipal office and uncover any relevant details. | | **Objectives** | 1. Determine the identity of the head official. | | | 2. Verify their role and connections. | | | 3. Analyze patterns that may reveal systemic issues. | ## The Investigation Begins ### 1. Starting with Public Records Public records often serve as the foundation for investigations. My initial approach focused on locating digitized documents or official announcements about the municipal office. Unfortunately, given the town’s remote location, the digital footprint of its governance was almost nonexistent. Few government reports were available online, and those that were offered little insight into the office’s hierarchy or leadership structure. This lack of direct information meant I had to explore alternative methods. I turned to local news articles, municipal announcements, and other online references that might contain indirect mentions of the office’s leadership. While time-consuming, this process can yield surprising connections when seemingly unrelated pieces of information are combined and analyzed. ### 2. Unearthing the Official’s Identity #### Searching for Mentions in News and Announcements After filtering through local news archives, I discovered a brief mention of a “Director of Municipal Services” in an article about a community improvement project. While the name provided was fairly common and lacked specificity, it represented a valuable lead. Even the smallest detail can act as a springboard in OSINT investigations, guiding the search toward more fruitful avenues. Further exploration revealed additional mentions in unrelated contexts, such as municipal budget reports and public events. These sources hinted at a potential candidate for the head position but still lacked definitive confirmation. It was clear that more work was needed to substantiate the findings. #### Expanding Through Social Media Social media platforms became the next focus. By searching for the municipal office, I uncovered several employee profiles. One account, in particular, stood out due to its seniority and affiliations. This profile provided limited professional details but linked to a publicly visible family account. At this point, the investigation took an unexpected and pivotal turn, as indirect connections became key to unraveling the mystery. ### 3. Connections Through Family Details While family connections were not the initial focus, they became a critical component of the investigation. Publicly available family profiles offered contextual clues that confirmed the identity of the suspected official. For instance, one family member frequently posted about community events, tagging the municipal office in their posts. These posts indirectly referenced their spouse’s position, providing valuable corroboration. Further exploration revealed posts related to their child’s school activities. These posts mentioned specific locations and events that aligned with the suspected official’s known activities. Additionally, geotags on certain photos pinpointed their home and workplace locations, allowing for cross-referencing with official records and maps. The geospatial data provided a layer of verification that was crucial to confirming the findings. This phase highlighted the interconnectedness of publicly available data and how seemingly unrelated details can converge to paint a complete picture. ### 4. Building the Profile By synthesizing the data gathered, I was able to construct a comprehensive profile of the municipal head. This profile included their full name, official title, and professional history. Additionally, their affiliations with local organizations and events provided context about their role in the community. Further analysis uncovered details about their family, including their spouse’s workplace and their child’s school. These connections not only confirmed the official’s identity but also provided insight into their network and influence within the community. Each piece of information was cross-verified to ensure accuracy and to maintain ethical boundaries throughout the process. The scope of the investigation was strictly limited to publicly accessible data. At no point were private or unauthorized sources used, ensuring compliance with ethical standards and legal regulations. The outcome demonstrated the power of OSINT to uncover hidden truths while respecting privacy and accountability. ## Analysis and Insights ### 1. Ethical Dilemmas The investigation raised important ethical questions, particularly regarding the inclusion of family details. While these details were not intentionally sought out, they played a significant role in verifying the official’s identity. This underscores the ethical responsibility of OSINT practitioners to handle such information with care and discretion. Aggregating publicly available data can feel invasive, even when done responsibly. This case serves as a reminder of the delicate balance between transparency and privacy. OSINT investigators must remain vigilant about the potential implications of their work, ensuring that the ends never justify unethical means. ### 2. Patterns and Observations The data revealed broader patterns that extended beyond the individual official. Public complaints about the municipal office suggested systemic inefficiencies that warranted further investigation. While these patterns were outside the scope of this case study, they highlighted the potential for OSINT to drive meaningful change by identifying areas for improvement within local governance. The insights gained from this investigation underscore the importance of transparency and accountability in public service. By leveraging open-source tools, communities can hold their leaders to higher standards while respecting the boundaries of ethical inquiry. ## The Results | Key | Value | | ------------------------------------------------- | -------------------------------- | | Determine the identity of the head official. | Head official is identified | | Verify their role and connections. | Verified through family networks | | Analyze patterns that may reveal systemic issues. | Indications of inefficiencies | ## Closing Thoughts This real, while fictionalized, case study highlights the power of OSINT in uncovering hidden truths, even in challenging scenarios. It also serves as a cautionary tale about the ethical responsibilities that come with handling sensitive information. While this investigation reached its goal, it’s a reminder that the techniques used must always prioritize respect for privacy and adherence to legal boundaries. If you’re considering similar investigations, remember: the tools of OSINT are powerful, but their true value lies in how responsibly they’re applied. By approaching each case with care and integrity, we can ensure that our work contributes to a more informed and equitable world. ]]> hi@hadna.space (Hadna) <![CDATA[🔎 OSINT Case Study: Tracking Back an Email Scammer]]> https://hadna.space/notes/36-osint-case-study-tracking-email-scammer https://hadna.space/notes/36-osint-case-study-tracking-email-scammer Sun, 24 Nov 2024 00:00:00 GMT Received: from [REDACTED] ([REDACTED]) by mx.google.com with ESMTPS id [REDACTED]; Fri, 08 Nov 2024 10:29:18 -0800 (PST) Received-SPF: pass (google.com: domain of [REDACTED] designates [REDACTED] as permitted sender) client-ip=[REDACTED]; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [REDACTED] designates [REDACTED] as permitted sender) smtp.mailfrom=[REDACTED] Received: from [REDACTED] ([REDACTED]) by [REDACTED] with Microsoft SMTP Server (version=TLS1_2, cipher=[REDACTED]) id [REDACTED]; Fri, 8 Nov 2024 13:23:26 -0500 Message-ID: <[REDACTED]@[REDACTED]> From: no-reply <[REDACTED]> To: <[REDACTED]> Subject: Your login code for OpenSea Wallet Date: Fri, 8 Nov 2024 18:28:59 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="[REDACTED]" Return-Path: [REDACTED] X-Originating-IP: [REDACTED] X-ClientProxiedBy: [REDACTED] To [REDACTED] ``` The email header contains technical details such as the originating IP address, the sending server, and authentication results. These clues can help identify whether the email is legitimate or a forgery. With this information in hand, I began dissecting the data step by step. ## Email Header Analysis The email header revealed several critical details that pointed towards the email's fraudulent nature. ### 1. Validate the `From:` Address The `From:` address indicated the email was sent by OpenSea, but phishing scams often spoof this field to appear credible. By checking `SPF`, `DKIM`, and `DMARC` results, I determined that the domain failed some authentication checks. While `SPF` passed, it did not match OpenSea’s legitimate servers, raising suspicion. ### 2. Analyzing the `Return-Path` The `Return-Path` field pointed to a domain unrelated to OpenSea: _**[REDACTED]**_. This discrepancy confirmed that the sender was not associated with OpenSea. Armed with this domain, I performed a WHOIS lookup to gather further information. ## Domain WHOIS Using the `whois` tool, I retrieved registration details for _**[REDACTED]**_ ``` $ whois [REDACTED] Domain Name: [REDACTED] Registry Domain ID: [REDACTED] Registrar WHOIS Server: whois.dynadot.com Registrar URL: http://www.dynadot.com Updated Date: 2024-05-27T16:32:50Z Creation Date: 1998-06-11T04:00:00Z Registry Expiry Date: 2025-06-10T04:00:00Z Registrar: Dynadot Inc Registrar IANA ID: 472 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS1.DYNA-NS.NET Name Server: NS2.DYNA-NS.NET DNSSEC: unsigned Registrant Information: Registrant Name: [REDACTED] Registrant Organization: [REDACTED] Registrant Street: [REDACTED] Registrant City: [REDACTED] Registrant State/Province: [REDACTED] Registrant Postal Code: [REDACTED] Registrant Country: US Registrant Phone: [REDACTED] Registrant Email: [REDACTED] Administrative Contact: Admin Name: [REDACTED] Admin Organization: [REDACTED] Admin Street: [REDACTED] Admin City: [REDACTED] Admin State/Province: [REDACTED] Admin Postal Code: [REDACTED] Admin Country: US Admin Phone: [REDACTED] Admin Email: [REDACTED] Technical Contact: Tech Name: [REDACTED] Tech Organization: [REDACTED] Tech Street: [REDACTED] Tech City: [REDACTED] Tech State/Province: [REDACTED] Tech Postal Code: [REDACTED] Tech Country: US Tech Phone: [REDACTED] Tech Email: [REDACTED] >>> Last update of WHOIS database: 2024-11-24T08:40:30Z <<< ``` The WHOIS data revealed a name, address, and contact information linked to the scammer. Interestingly, the domain was not privacy-protected, leaving the registrant’s identity exposed. The registrant was listed as _**[REDACTED]**_, associated with an organization called _**[REDACTED]**_. The creation date of the domain, 1998, suggested it had been in use for a long time—possibly as a legitimate business front before its involvement in scams. This discovery provided a significant breakthrough, linking the phishing email to a real-world identity. ## Check Domain DNS To deepen the investigation, I used the `dnsrecon` tool to enumerate DNS records for the domain. ``` $ dnsrecon -d [REDACTED] [*] std: Performing General Enumeration against: [REDACTED]... [!] Wildcard resolution is enabled on this domain [!] It is resolving to [REDACTED] [!] All queries will resolve to this list of addresses!! [-] DNSSEC is not configured for [REDACTED] [*] SOA ns1.dyna-ns.net [REDACTED] [*] SOA ns1.dyna-ns.net [REDACTED] [*] SOA ns1.dyna-ns.net [REDACTED] [*] SOA ns1.dyna-ns.net [REDACTED] [*] NS ns1.dyna-ns.net [REDACTED] [*] NS ns1.dyna-ns.net [REDACTED] [*] NS ns1.dyna-ns.net [REDACTED] [*] NS ns1.dyna-ns.net [REDACTED] [*] NS ns2.dyna-ns.net [REDACTED] [*] NS ns2.dyna-ns.net [REDACTED] [*] NS ns2.dyna-ns.net [REDACTED] [*] NS ns2.dyna-ns.net [REDACTED] [*] MX mail.[REDACTED] [REDACTED] [*] A [REDACTED] [REDACTED] [*] TXT [REDACTED] google-site-verification=[REDACTED] [*] TXT [REDACTED] v=spf1 a mx ip4:[REDACTED] ~all [*] Enumerating SRV Records [-] No SRV Records Found for [REDACTED] ``` The results highlighted several mail servers and IP addresses associated with the domain. These findings indicated the infrastructure used by the scammer to distribute phishing emails. Additionally, the absence of `DNSSEC` configuration suggested a lack of security measures on the domain, making it susceptible to misuse. ## Tracking Down The Suspect ### 1. Domain Ownership By searching the registrant’s email address, I discovered it was tied to 34 other domains. This suggested the individual was involved in a broader operation, possibly managing multiple fraudulent websites. ![Related domains](/notes/osint/004/related-domain.png) These domains, when cross-referenced with scam report websites, revealed a pattern of phishing and fraudulent activities spanning several years. ### 2. Legal Dispute Further research led me to a legal dispute involving the registrant, documented in the USPTO’s TTABVUE system. This case, linked to a trademark opposition, provided additional evidence of the individual’s activities and identity. ![Legal case](/notes/osint/004/legal-case.png) This connection provided further evidence of the individual’s identity and activities. ### 3. Spam Reports A complaint filed on Spam.org further corroborated the scammer’s activities. The domain _**[REDACTED]**_ had already been flagged for phishing attempts, with detailed reports describing similar schemes. ![Spam report](/notes/osint/004/spam-report.png) The connection between the legal proceedings and the phishing email highlighted the individual’s involvement in both legitimate and illicit ventures. ### 4. Social Media Accounts #### 1. Linkedin Profile The scammer’s LinkedIn profile listed an extensive tenure at a fraudulent organization, further connecting them to the phishing activities. ![Linkedin account](/notes/osint/004/linkedin-profile.png) #### 2. Quora Profile A dormant Quora account provided additional context, linking back to the same email address and identity. ![Quora account](/notes/osint/004/quora-profile.png) #### 4. Facebook Profile The scammer’s Facebook account revealed a personal side, showing limited activity but confirming identity details found in previous steps. ![Facebook account](/notes/osint/004/facebook-profile.png) ## Final Chapter: Pinpointing the Location The investigation culminated in uncovering the scammer’s registered home address. Using Google Maps, I verified its authenticity and explored the surrounding area, adding a final layer to the profile. ![Home address](/notes/osint/004/home-address.png) This final piece of the puzzle confirmed the scammer’s identity and location, tying together all the fragmented clues into a cohesive narrative. The home address provided the ultimate verification, solidifying the findings of this extensive digital trail. Each step—from decoding email headers to analyzing domains and cross-referencing public records—led to this conclusive revelation. It’s a testament to how meticulous OSINT techniques can unearth even the most well-hidden details, painting a vivid picture of the individual behind the scam. While the investigation revealed an alarming level of activity linked to the suspect, **the home address served as a stark reminder of their tangible presence in the physical world**. This information not only validated the findings but also underscored the interconnectedness of online and offline identities. The pursuit reached a natural endpoint here, where further exploration would serve little purpose beyond what has already been uncovered. With the scammer’s identity confirmed, the investigation achieved its goal, **proving that even the most elusive digital footprints can lead back to their source**. ## Knowing When to Close the Case As I delved deeper into the investigation, uncovering connections to domains, legal disputes, phishing complaints, and social media accounts, it became increasingly clear that the scammer’s digital footprint was vast. Each clue led to new insights, adding layers to their online identity and revealing the scope of their fraudulent activities. However, as much as curiosity beckons and the tools of OSINT allow for further exploration, it’s important to _recognize ethical boundaries_. At this point, I had gathered enough evidence to confirm the individual’s identity, their operational methods, and the infrastructure they used. Continuing beyond this point would risk venturing into unnecessary exposure of private information, which could conflict with the ethical principles that guide investigations like these. Stopping here ensures that the investigation remains focused on education and awareness, demonstrating how digital breadcrumbs can lead to **actionable insights** without crossing into invasive or unethical territory. It’s a powerful reminder that **the goal of OSINT isn’t to harass or harm but to understand and address security risks responsibly**. ## **The Results** | Key | Value | | ------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------- | | Identify the sender’s email domain and IP address. | Domain is _**[REDACTED]**_ and IP address is _**[REDACTED]**_ | | Analyze the sender’s online activity and any related scam websites. | Linked to 34 domains; flagged on Spam.org | | Uncover patterns or connections that reveal more about the scam’s scope. | The scammer has a history of phishing activity and a lack of technical expertise in concealing their identity. | --- ## **What We Learned from the Breadcrumbs** This investigation highlights several critical insights about the digital landscape and the methods used by scammers. The first and most striking takeaway is how even the most inconspicuous emails leave behind a trail of metadata. Email headers, domain registration records, and DNS data can reveal a surprising amount of information about the sender, even when their primary intent is deception. What stood out most in this case was the scammer's lack of attention to digital hygiene. They failed to use privacy protection for their domain registrations, left a trail of publicly accessible complaints, and connected their email address to multiple domains. These oversights highlight a common pitfall among cybercriminals: **the assumption that their victims won’t dig deeper**. In reality, even basic OSINT techniques can uncover patterns and expose the broader scope of their operations. Another key insight is the interconnected nature of online activities. From phishing emails to scam domains and dormant social media accounts, each digital element feeds into a larger ecosystem. This interconnectedness demonstrates why a holistic approach to OSINT is so effective. By examining the relationships between various data points, investigators can build a comprehensive profile that reveals not just the individual but their broader network and operational methods. Finally, this case underscores _the importance of maintaining awareness and skepticism online_. Phishing attempts like these prey on urgency and confusion, and without proper vigilance, even seasoned users can fall victim. By understanding how scammers operate, individuals and organizations can take proactive steps to identify red flags and strengthen their digital defenses. ## **Staying Ahead of Cybercriminals** ### 1. Spam Emails Aren’t Harmless It’s easy to dismiss spam emails as harmless nuisances, but this case shows how they can be entry points into larger investigations. Even a single phishing email can reveal a network of scams, highlighting the importance of not underestimating their potential impact. Every suspicious email deserves scrutiny, not just for your own protection but to understand the tactics used by fraudsters. ### 2. Digital Footprints Are Unavoidable The internet is inherently designed to leave behind traces. Whether it’s an IP address, domain registration details, or social media activity, these digital footprints can be pieced together to form a cohesive narrative. Scammers often underestimate how accessible their information is, which works to the advantage of investigators. This case proves that even when intentional efforts are made to obscure identity, OSINT can uncover the truth. ### 3. The Value of OSINT Tools Tools like `whois`, `dnsrecon`, and public complaint databases such as Spam.org were instrumental in this investigation. They demonstrated how accessible and powerful OSINT techniques can be when applied systematically. For anyone interested in cybersecurity, these tools are invaluable for uncovering connections and verifying the authenticity of digital communications. ### 4. Ethical Boundaries Are Crucial One of the most important lessons from this case is the need to respect ethical boundaries during investigations. While it’s tempting to dig deeper, it’s essential to stop when enough evidence has been gathered to achieve the investigation's goals. OSINT is a powerful tool, but with that power comes the responsibility to use it appropriately. ### 5. Awareness Is the Best Defense Phishing scams rely on exploiting human error, and awareness is the best defense against them. By understanding how these schemes operate and recognizing the red flags, users can protect themselves and others. Education and vigilance are key in the fight against digital fraud, and sharing knowledge is one of the most effective ways to build a safer online community. ]]> hi@hadna.space (Hadna) <![CDATA[🔎 OSINT Case Study: Geolocating Where @ridwanhr Promotes A Motorcycle]]> https://hadna.space/notes/35-osint-case-study-ridwanhr-promotion https://hadna.space/notes/35-osint-case-study-ridwanhr-promotion Sat, 23 Nov 2024 00:00:00 GMT **Key Takeaway**: Privacy protections on social media prevent us from relying on EXIF data alone. This forces us to look deeper and shift our focus to visual clues in the photo itself. ## Analyzing the Photo: Clues Hidden in Plain Sight The next step is to carefully analyze the photo. Upon close inspection, several intriguing elements stand out: ![Analyzed photo](/notes/osint/003/ridwanhr-analyzed.jpeg) Key Observations: 1. **License Plate**: A clear view of the vehicle’s license plate provides a vital regional clue. 2. **Train-like Vehicle**: Behind @ridwanhr, there’s a train-like vehicle with trees growing inside. This detail is both peculiar and fascinating. 3. **Shadows and Lighting**: The subdued lighting and absence of direct sunlight on the foreground suggest the area is heavily shaded, possibly by a large structure or dense foliage. These observations serve as breadcrumbs for the next steps in our investigation. ## License Plate: Unlocking Regional Clues Indonesia’s vehicle registration plates use a structured system that encodes the region where a vehicle is registered. Here’s a quick breakdown: - Format: `AA BBBB CCC` - `AA` represents the area code. - `BBBB` is the serial number. - `CCC` is the sub-area code. ### Decoding the License Plate In the photo, the license plate reads `AD 2953 XU`. Referring to [Wikipedia: Vehicle registration plates of Indonesia](https://en.wikipedia.org/wiki/Vehicle_registration_plates_of_Indonesia), the `AD` code corresponds to Central Java, specifically: - Surakarta - Sukoharjo - Boyolali - Sragen - Karanganyar - Wonogiri - Klaten ### Color Analysis The license plate’s red-on-white color indicates a temporary registration. This is typically assigned to new vehicles that have yet to receive official documentation. ![Temporary license plate](/notes/osint/003/temporary-plate.png) > **Critical Insight**: The combination of the AD code and the temporary plate suggests this vehicle is newly registered in the Central Java region. Our location is narrowing. ## The Train-like Vehicle: A Puzzling Detail ![Analyzed photo](/notes/osint/003/ridwanhr-analyzed.jpeg) Among the most intriguing elements in the photo is the train-like vehicle. Let’s break down its peculiarities: 1. **Trees Inside the Carriage**: This immediately suggests it’s not an operational train but a stationary display, possibly part of a museum or historical exhibit. 2. **Old Yet Maintained**: The carriage looks historic, but it isn’t abandoned or derelict. This hints at a location with cultural or historical significance. 3. **Shaded Environment**: The absence of direct sunlight on the carriage or @ridwanhr suggests the area is under a large canopy, likely from trees or a nearby structure. These clues lead us to consider historical sites or museums related to railways or transportation in the region. ## Train History in Indonesia: Contextual Clues If we are going to talk about train in Indonesia, it has a very long history. There is a dedicated page that you can you can read: [Wikipedia: Rail transport in Indonesia](https://en.wikipedia.org/wiki/Rail_transport_in_Indonesia). It will be unwise to retell the history here, but these are what we can get from the page: 1. The first railway line in Indonesia opened in 1867. 2. The first railways in Indonesia were built on the island of Java, using 1,435 mm (4 ft 8+1⁄2 in) gauge. 3. Indonesia has The Ambarawa Railway Museum, located in Ambarawa, Central Java _(but it does not match our license plate code)_. 4. Back in the days, the trains were used to transport sugarcane to sugar mill/refinery called _Pabrik Gula (PG)_. 5. There is a sugar refinery that matches the location with the license plate code called _PG Gondang Winangoen_, located in Klaten. ![Sugar refinery](/notes/osint/003/pg-gw.png) So far, PG Gondang Winangoen is the closest lead we have. Why? 1. The refinery is located within the AD license plate region (Klaten, Central Java). 2. Historically, sugar refineries like PG Gondang often transported sugarcane via rail, making trains a key part of their heritage. ## Confirming the Location: The Final Clue Our search for PG Gondang Winangoen on Google Maps brings us tantalizingly close to solving the mystery. The map clearly shows a train-like vehicle behind a fence—an unmistakable match to the one visible in @ridwanhr’s photo. ![Sugar refinery](/notes/osint/003/pggw-gmaps.png) Zooming in provides further confirmation. The train carriage, surrounding trees, and nearby structures align perfectly with the photo. The resemblance is undeniable. ![Google Maps analysis](/notes/osint/003/pggw-analyzed.png) But is that enough? In the spirit of thorough investigation, let’s dig deeper and analyze two additional clues from the surroundings: 1. The “Notaris/PPAT” Label 2. The “Sate Kambing” Label Both of these signs are visible in the background, across the road from where the photo was taken. Let’s take a closer look. ### The "Notaris/PPAT" Label The label Notaris/PPAT (Notary Public/Official Land Deed Officer) is visible to the left in the photo. On Google Maps, the same label appears on the building directly opposite PG Gondang Winangoen. This not only strengthens our geolocation but also indicates the specific spot from which the photo was taken. ![PPAT](/notes/osint/003/ppat.png) ### The “Sate Kambing” Label To the right of the "Notaris/PPAT" label, there’s a sign advertising Sate Kambing (grilled goat skewers), a popular Indonesian dish. The placement and design of this sign match perfectly with its Google Maps counterpart, further cementing the match between the real-world location and @ridwanhr’s photo. ![PPAT](/notes/osint/003/sate-kambing.png) ## Piecing It All Together These additional observations—along with the previously analyzed train carriage, shade, and trees—provide an unshakable conclusion. Each clue independently points to the same location, and together they form an irrefutable chain of evidence. From this analysis, we can confidently state that **@ridwanhr took the photo at PG Gondang Winangoen in Klaten, Central Java**. > **Key Takeaway**: Thorough OSINT investigations rely not just on identifying single matches but on building a robust web of corroborating evidence. By cross-referencing visual elements with geospatial data, we leave no room for doubt in our conclusions. ## **The Results** | Key | Value | | -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Identify where the photo was taken. | PG Gondang Winangoen, Klaten, Central Java | | What's the coordinate of the location? | -7.721892574503646, 110.56186863631719 (7°43'18.8"S 110°33'42.7"E) | | Tell a story about the location. | Gondang Winangoen or Gondang Baru was a sugar refinery located in Klaten Regency, Central Java, Indonesia. Owned by PT Perkebunan Nusantara IX, it was operated from 1860 until 2017. It has the one and only sugar museum in Southeast Asia. The museum was founded in 1982 to coincide with the 1982 World Sugar Congress which was held in Jakarta. [[Wikipedia]](https://en.wikipedia.org/wiki/Gondang_Winangoen) | ## **Additional Insights** ### Critical Thinking in Action This investigation underscores the importance of combining observation, context, and verification: 1. **Observation**: Noticing details like the train’s condition and shadows led us to question its surroundings. 2. **Contextual Knowledge**: Understanding Indonesia’s railway and sugar refinery history narrowed the possibilities. 3. **Verification**: Cross-referencing Google Maps confirmed the location with high accuracy. ### Broader Lessons OSINT isn’t just about solving puzzles—it’s about connecting dots and thinking critically. Whether geolocating an Instagram post or investigating cybersecurity incidents, the same principles apply: observe, analyze, verify, and contextualize. > **Key Takeaway**: Even a simple photo can reveal a wealth of information when approached methodically. OSINT teaches us that the truth often lies in the details we might otherwise overlook. ]]> hi@hadna.space (Hadna) <![CDATA[🔎 OSINT Case Study: Queen Elizabeth II Coronation (1953)]]> https://hadna.space/notes/34-osint-case-study-queen-elizabeth-ii-coronation https://hadna.space/notes/34-osint-case-study-queen-elizabeth-ii-coronation Fri, 22 Nov 2024 00:00:00 GMT **“Sometimes, history is written in the stones we walk on and the roads we travel.”** Hi there 👋 Welcome to another OSINT adventure! Today, we’ll dive into a case steeped in history: unraveling mysteries from Queen Elizabeth II’s coronation in 1953. Using open-source tools and a bit of detective work, we’ll uncover fascinating details about this momentous event. Ready to step into the shoes of an investigator? Let’s go! ## Task Briefing | Key | Value | | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Brief** | In May 2023, the world witnessed the coronation of King Charles III at Westminster Abbey in London. Following the ceremony, and similarly to the previous regent, the monarch travelled through the city in a lavish carriage. The route of the 2023 royal procession differed from that of 1953. | | **Objectives** | 1. Identify from which exact door Queen Elizabeth II left Westminster Abbey after her coronation. | | | 2. Measure the distance travelled by the Queen’s carriage, following the 1953 coronation. | | | 3. Estimate the average speed at which the Queen’s carriage travelled. | | **Original URL** | [https://gralhix.com/list-of-osint-exercises/osint-exercise-018/](https://gralhix.com/list-of-osint-exercises/osint-exercise-018/) | | **Difficulty Level** | **For Beginner**: _medium_ | | | **For Expert**: _easy_ | --- ## **The Investigation Begins** ### 1. Gathering Context: A Historic Day in London We begin by setting the stage: June 2, 1953. On this day, Queen Elizabeth II was crowned at Westminster Abbey in a grand ceremony witnessed by millions. The coronation procession was no small affair—it spanned miles and captured the attention of the world. Our mission is threefold: 1. Determine which door the Queen used to exit Westminster Abbey. 2. Calculate the distance of her carriage route. 3. Estimate the average speed of the royal procession. With the task clear, we proceed to gather clues. ### 2. Digging into Visual History When dealing with events of historical significance, visual documentation is often a treasure trove. Knowing that cameras and video equipment were widely used in the 1950s, it’s logical to assume there’s archival footage of the coronation. #### The Search Begins on YouTube A quick YouTube search using the query `"queen elizabeth ii coronation"` yields an incredible resource: a full-length historical documentary titled _"Rare Colour Footage Of Queen Elizabeth II's Coronation | Our History."_ With a runtime of 1 hour and 19 minutes, this video promises to be a goldmine of details. ![YouTube search result](/notes/osint/002/youtube-result.png) ### 3. Clues from the Documentary The documentary provides stunning footage of Westminster Abbey during the coronation. Early in the video, we see the Queen entering the Abbey. The architectural details and unique features surrounding the entrance catch my eye. ![Building entrance](/notes/osint/002/building-entrance.png) #### The Lion Statue In particular, a pair of striking lion statues flanking the entrance stands out. One of these lions, poised upright and wearing a crown, feels like a key piece of the puzzle. Its distinct design suggests it’s not just any generic architectural element but a deliberate and significant symbol. ![Queen's entrance](/notes/osint/002/queen-entrance.png) Using the search query `"queen elizabeth 2 lion statue,"` I uncover a vital clue: these statues are part of a collection known as _The Queen’s Beasts._ Originally unpainted during the coronation, they now reside fully painted at a different location. ![Lion statue search result](/notes/osint/002/lion-statue-search-result.png) Here's the detail of The Queen's Beasts: ![The Queen's Beasts](/notes/osint/002/same-statue.png) This confirms the **western annexe of Westminster Abbey** as the Queen’s entrance. #### The Queen's Exit As we progress further into the archival footage, we arrive at the moment where the Queen exits Westminster Abbey. The angle of this segment is different from the footage of her entrance, but it offers us key visual elements to analyze. ![Queen's exit](/notes/osint/002/queen-exit.png) First, the **building ornamentation** visible in the frame matches exactly with the intricate details observed at the entrance. From the ornate stone carvings (or as some might describe them, architectural embellishments) to the architectural symmetry, these features leave no doubt that the doorway captured in the exit footage is identical to the entrance. Second, the **distance between the carriage and the building** remains consistent. This specific spacing is a subtle but critical detail—it confirms that the Queen's carriage did not relocate to a different section of Westminster Abbey for the exit. By comparing these two observations—the identical ornaments and the unchanged carriage distance—we can confidently conclude that **the Queen’s exit was through the same doorway as her entrance: the western annexe of Westminster Abbey**. ### 4. Mapping the Carriage Route Having identified the exit, the next step is determining the Queen’s carriage route. Historical records provide a detailed map of the 1953 royal procession. A search through public archives leads to a clear depiction of the route, spanning **4.5 miles (7.2 km)** from Westminster Abbey to Buckingham Palace. ![Route map](/notes/osint/002/return-distance.png) This route, designed to showcase the newly crowned monarch to the public, weaves through London’s most iconic streets. > I stick to this version of distance and decided to not using modern map application like QGIS or Google Earth because the actual route could be different back then (e.g. new buildings added, new roads opened—who knows). ### 5. Estimating the Average Speed The final piece of the puzzle is estimating the average speed of the Queen’s carriage. Unfortunately, detailed records of the exact speed do not exist. However, a fascinating find from [The National Archives](https://www.nationalarchives.gov.uk/education/resources/significant-events/coronation-of-elizabeth-ii-1953/) provides a clue. Take a look at this image: ![Route map](/notes/osint/002/return-procession.jpg) Specifically, this part of the image: ![Route map](/notes/osint/002/return-procession-time.jpg) The **return procession took approximately 100 minutes**, from 2:50PM to 4:30PM local time. Using the formula for speed: **Speed = Distance ÷ Time** We calculate: **Speed = 7.2 km ÷ (100 minutes ÷ 60 minutes/hour)** **Speed ≈ 4.32 km/h (2.69 mph)** This result aligns with the leisurely pace expected of a ceremonial procession. ## **The Results** | Key | Value | | ---------------------------------------------------------------------------------------------- | ----------------------------------- | | Identify from which exact door Queen Elizabeth II left Westminster Abbey after her coronation. | Western annexe to Westminster Abbey | | Measure the distance travelled by the Queen’s carriage, following the 1953 coronation. | 4.5 miles (7.2 km) | | Estimate the average speed at which the Queen’s carriage travelled. | 2.69 mph (4.32 km/h) | ## **Additional Insights** ### **The Role of OSINT in Historical Analysis** This investigation demonstrates how open-source tools can uncover hidden details about historical events. By leveraging videos, archival documents, and geospatial tools, we pieced together a narrative that bridges the past with the present. ### **Critical Thinking in Action** 1. **Connecting Clues:** The lion statue played a pivotal role in identifying the exact door. This reinforces the importance of spotting and verifying unique visual elements during investigations. 2. **Validating Sources:** Cross-referencing footage, historical maps, and official archives ensured the accuracy of our findings. 3. **Making Logical Assumptions:** Recognizing that significant events like the coronation would be well-documented led us directly to valuable visual resources. ### **What This Means for OSINT Practitioners** While this exercise focused on history, the same principles apply to modern investigations: - **Pattern recognition**: Look for recurring themes or elements that stand out. - **Data synthesis**: Combine multiple sources to form a cohesive picture. - **Analytical mindset**: Question assumptions and explore alternative explanations. ### **Beyond the Investigation** This exercise isn’t just about solving a puzzle; it’s a celebration of how OSINT can bring history to life. By retracing the Queen’s steps, we connect with a moment that shaped an era. The techniques used here have applications far beyond historical analysis. ## **Closing Thoughts** Through the lens of OSINT, history becomes an open book. This case study by Sofia Santos’ exercise, showcases the power of open data and analytical thinking to unlock mysteries that might otherwise remain hidden. If this investigation sparked your curiosity, why not try your hand at another OSINT challenge? Let me know your thoughts, feedback, or suggestions for future cases. Until next time! 🚀 ]]> hi@hadna.space (Hadna) <![CDATA[🔎 OSINT Case Study: The Forgotten Subdomain]]> https://hadna.space/notes/33-legacy-configuration-risk https://hadna.space/notes/33-legacy-configuration-risk Fri, 22 Nov 2024 00:00:00 GMT "Every unnoticed detail has the potential to be a critical piece of the puzzle." Hi there 👋 Welcome to this OSINT case study where we explore real-world scenarios to uncover hidden risks and vulnerabilities using open-source intelligence techniques. In this case, we delve into a surprising discovery: a forgotten subdomain tied to an active organization. Though the situation and methods are _based on real processes_, **all identifying details have been fictionalized to maintain confidentiality**. Let’s dive in and see how even minor oversights can escalate into significant challenges. ## Task Briefing | Key | Value | | -------------- | ------------------------------------------------------------------- | | **Brief** | Investigate a forgotten subdomain tied to an organization's domain. | | **Objectives** | 1. Identify the status of the subdomain. | | | 2. Trace its connection to the organization. | | | 3. Evaluate risks posed by the subdomain. | ## The Discovery: A Clue in Plain Sight Every OSINT investigation starts with a spark of curiosity. During a routine sweep of publicly available assets, I came across a subdomain associated with an organization's domain. It appeared inactive, buried in years of disuse, and initially seemed harmless. Something about this particular subdomain struck me as odd. Its mere existence, despite appearing inactive, warranted further exploration. Following my instincts, I began a closer examination, unaware of the critical issue I was about to uncover. ## The Revelation: An Unexpected Misuse Upon accessing the subdomain, I expected to find a blank page, an error message, or perhaps an unmaintained directory. Instead, I was greeted with something far more alarming: _an active online gambling website_. My initial reaction was disbelief. How could a subdomain tied to an organization I knew well be hosting unrelated, and potentially malicious, content? After verifying the connection to the primary domain, the reality set in: this wasn’t just a random coincidence. The subdomain was live, operational, and fully linked to the organization’s digital footprint. The implications were severe. Beyond security vulnerabilities, the reputational risks alone could damage the organization's credibility if discovered by clients or stakeholders. ## Tracing the Problem: Legacy Oversights ### 1. Following the Digital Breadcrumbs The next step was to identify how this subdomain had ended up in such a state. A review of publicly available DNS records revealed its origin: _a legacy configuration_. Many years ago, the subdomain had been created as part of a collaboration with a third-party service. Over time, as projects evolved and partnerships dissolved, the subdomain was left untouched, its purpose forgotten. The DNS record linking the subdomain to the third party remained active, creating a silent vulnerability. While the organization moved on, the subdomain became a relic of past configurations. A ticking time bomb waiting to be exploited. ### 2. The Third-Party Service Breach The investigation took an even darker turn when I discovered that the third-party service itself had been compromised. Hackers had gained control over the provider’s infrastructure, turning it into a hub for fraudulent and malicious activity. Since the subdomain still pointed to their servers, the organization was now inadvertently linked to the compromised service. This cascading failure highlighted the interconnected nature of cybersecurity risks. Even when internal systems are secure, external dependencies can open doors to threats. ## The Risks: Why Legacy Configurations Matter The incident underscored the multifaceted risks of forgotten configurations: ### 1. Reputational Harm The most immediate danger was reputational damage. An organization known for professionalism suddenly linked to an online gambling platform could erode trust and confidence among clients and partners. Even unintentional associations can have lasting consequences in today’s hyper-connected world. ### 2. Security Threats Beyond reputation, the active subdomain posed significant security risks: - **Phishing Attacks**: Cybercriminals could exploit the domain’s legitimacy to trick users into divulging sensitive information. - **Malware Distribution**: The subdomain could serve as a conduit for distributing malicious software, targeting both users and the organization itself. ### 3. Operational Blind Spots The discovery revealed a broader challenge: the organization lacked adequate oversight of its digital assets. Legacy configurations, left unchecked, had quietly evolved into a major vulnerability. ## The Response: Closing the Loophole ### 1. Immediate Action Once the issue was identified, I promptly documented my findings and shared them with the relevant team. The report outlined the risks, traced the root cause, and provided actionable recommendations. The organization responded swiftly: - **DNS Severance**: The subdomain’s DNS record was deleted, cutting ties with the compromised service. - **Risk Mitigation**: Immediate steps were taken to block any potential exploits stemming from the breach. ### 2. Broader Organizational Changes Recognizing the broader implications, the organization initiated systemic changes to prevent similar issues: - **Comprehensive Audits**: A full review of all subdomains and DNS configurations was conducted to identify other potential vulnerabilities. - **Enhanced Oversight**: Teams were trained on best practices for asset management, emphasizing the importance of monitoring legacy systems. - **New Policies**: Processes for decommissioning and archiving unused configurations were formalized, ensuring nothing fell through the cracks. ## The Results | Key | Value | | ----------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Identify the status of the subdomain. | Active, linked to a compromised third-party service. | | Trace its connection to the organization. | The subdomain was a legacy configuration tied to a decommissioned partnership with a third-party service. The DNS record remained active, creating an unintentional link to the compromised service. | | Evaluate risks posed by the subdomain. | Reputational damage, phishing potential, malware distribution, potential legal implications, and erosion of stakeholder trust. | ## Lessons Learned: Preventing the Next Oversight This case reinforced several key lessons for organizations and OSINT practitioners alike, shedding light on the importance of proactive and consistent oversight. The unexpected discovery of a compromised subdomain tied to a legacy configuration highlighted how even seemingly **minor oversights can snowball into significant risks**. The experience underscores the critical role of thorough audits, vigilant monitoring, and collaborative responsibility in maintaining a secure digital ecosystem. The interconnected nature of digital infrastructure means that vulnerabilities are often not isolated incidents. Instead, they represent a chain of weaknesses, from forgotten configurations to neglected third-party dependencies. Addressing such risks requires a systematic approach that prioritizes not just internal security but also the oversight of external partnerships and the careful management of reputational risks. ### 1. Legacy Configurations Are Silent Risks Unused or forgotten configurations may seem harmless at first glance but can quietly become significant liabilities over time. Legacy subdomains, like the one discovered in this case, often sit unnoticed until an incident brings them to light. This highlights the need for regular, proactive audits of digital assets, including DNS records, unused integrations, and historical configurations. Each of these should be systematically reviewed to prevent potential exploitation. Organizations must also recognize that legacy configurations often involve more than just outdated settings. They represent a mindset where **immediate priorities overshadow long-term maintenance**. By cultivating a culture of vigilance and emphasizing the importance of proper decommissioning processes, organizations can ensure that such silent risks are effectively mitigated. ### 2. External Dependencies Must Be Monitored Third-party partnerships and integrations are integral to modern digital operations, but they also introduce unique vulnerabilities. As demonstrated in this case, a lapse in monitoring a third-party service can compromise even the most secure organizations. Regular reassessment of these external dependencies is essential, not only at the point of integration but throughout the lifecycle of the partnership. It’s crucial for organizations to establish clear ownership and accountability for monitoring third-party connections. This includes **setting up automated alerts for changes in linked services, conducting periodic reviews of their security postures, and ensuring that contracts include provisions for maintaining updated configurations**. Proactive oversight can significantly reduce the risks associated with external dependencies. ### 3. Reputation Is Fragile In the digital age, perception is reality, and an organization’s reputation is often its most valuable asset. This case vividly illustrates how even an unintentional association with inappropriate or malicious content can harm credibility. A compromised subdomain hosting an online gambling site could have easily eroded trust among clients, partners, and stakeholders. **Organizations must treat their digital footprint as an extension of their brand** and ensure it is managed with the same level of diligence as their internal systems. This involves not only addressing technical vulnerabilities but also fostering open communication within teams to swiftly address potential reputational risks. Maintaining a positive perception requires continuous effort and vigilance in the rapidly evolving digital landscape. ## Final Thoughts: The Role of OSINT This case exemplifies the power of OSINT techniques in uncovering vulnerabilities that might otherwise go unnoticed. By systematically investigating anomalies, OSINT practitioners can identify risks before they escalate into critical issues. **The ability to follow digital breadcrumbs, connect seemingly unrelated pieces of information, and contextualize findings is what makes OSINT an invaluable tool in modern cybersecurity**. The insights gained from this case highlight the importance of embedding OSINT processes within an organization’s broader cybersecurity strategy. Asset discovery, anomaly detection, and reputation monitoring are just a few areas where OSINT can provide critical support. As digital footprints grow increasingly complex, OSINT practitioners play a key role in navigating the challenges and mitigating the risks associated with this expansion. If you manage digital assets, consider this a call to action. Regularly auditing your configurations, actively monitoring external partnerships, and responding swiftly to anomalies are foundational steps in securing your organization’s digital presence. Remember, cybersecurity is not just a technical challenge: **it is a shared responsibility that requires collaboration across teams, disciplines, and levels of expertise**. ]]> hi@hadna.space (Hadna) <![CDATA[🔎 OSINT Case Study: Oan Resort]]> https://hadna.space/notes/32-osint-case-study-oan-resort https://hadna.space/notes/32-osint-case-study-oan-resort Thu, 21 Nov 2024 00:00:00 GMT Hi there 👋 Welcome to the first installment of the OSINT Case Study series on this website! In this article, I’ll demonstrate how we can identify a location using just a single photo. This particular exercise falls under the GEOINT (Geospatial Intelligence) category, but it is equally relevant to OSINT due to its investigative nature. The case study is based on [Sofia Santos' OSINT Exercise #004](https://gralhix.com/list-of-osint-exercises/), and I encourage you to participate directly if you'd like to test your skills. ## Task Briefing | Key | Value | | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | | **Brief** | This is a photo of a resort located on an island. | | **Objectives** | 1. What is the name of the resort? | | | 2. What are the coordinates of the island? | | | 3. In which cardinal direction was the camera facing when the photo was taken? | | **Original URL** | [https://gralhix.com/list-of-osint-exercises/osint-exercise-004/](https://gralhix.com/list-of-osint-exercises/osint-exercise-004/) | | **Difficulty Level** | **For Beginner**: _easy - medium_ | | | **For Expert**: _easy_ | | **Data Source** | ![Image source](/notes/osint/001/source.webp) | ## Steps to Analyze ### 1. Download the Original Image The first step in any image-based investigation is to ensure we’re working with the best possible version of the photo. The original image can be downloaded [from this link](https://gralhix.com/wp-content/uploads/2023/08/osint-exercise-004-big-picture.jpg). Here's what the image looks like: ![Image source](/notes/osint/001/source.webp) By analyzing the photo, we can already make some initial observations: - The photo shows a tropical environment with trees, clear waters, and resort-like architecture. - There are no immediate, obvious landmarks visible, which makes it a perfect case for OSINT techniques. Now, let's download this photo: ![Download image](/notes/osint/001/original-photo.png) ### 2. Analyze the EXIF Data EXIF data (Exchangeable Image File Format) often provides useful metadata such as the camera model, time taken, and GPS coordinates. We analyzed the EXIF data using the `exiftool` command in Kali Linux (you need to install and/or configure the tool first). ```bash exiftool {path-to-image} ``` Unfortunately, this image did not contain meaningful EXIF data—specifically, no GPS information was available. While this is common when dealing with compressed or stripped images, it doesn't stop the investigation. ![EXIF](/notes/osint/001/exif-result.png) > Critical Thinking: The absence of EXIF data might suggest the photo was shared via platforms that strip metadata for privacy, such as social media. This observation can provide context about the image's origin. ### 3. Use Google Image Search When EXIF data fails to yield results, reverse image search is an effective next step. Using Google Image Search, we uploaded the photo to find visually similar results. If you're using Chrome or a compatible browser, you can right-click the image and select the "Search image with Google" option. ![Google Image Search](/notes/osint/001/google-image-search.png) ### 4. Analyzing the Search Results The reverse image search revealed multiple matches for the photo. Among them, a specific match stood out: the image was identified as being taken at Oan Resort, located in Micronesia. This result significantly narrows our scope of investigation. We now have a location to verify and additional data to explore. ![Google Image Search result](/notes/osint/001/image-search-result.png) ### 5. Keyword Confirmation To confirm the accuracy of the reverse image search, we conducted a manual Google Search using the keywords "Oan Resort." The results corroborated the reverse search findings, with several images and descriptions matching the original photo. ![Google Image Search result](/notes/osint/001/search-confirmation.png) ### 6. Explore the Area with Google Earth To pinpoint the coordinates of the island, we turned to Google Earth, a powerful tool for geospatial analysis. Google Earth allows us to explore the island in detail and cross-reference the surroundings visible in the original photo. Upon locating Oan Resort, we noted its exact position and verified the orientation of key features in the image. The camera was facing Northwest, as determined by the placement of the coastline and visible landmarks relative to the compass. ![Google Image Search result](/notes/osint/001/google-earth.png) ## Result Summary | Key | Value | | --------------------------------------------------------------------------- | ----------------------------------------------------------------- | | What is the name of the resort? | Oan Resort | | What are the coordinates of the island? | 7.362770652280837, 151.75635098360198 (7°21'46.0"N 151°45'22.9"E) | | In which cardinal direction was the camera facing when the photo was taken? | North West | ## Additional Insights ### Reflection on the Process This case study demonstrates how multiple OSINT techniques can be used in sequence to piece together a complete picture. Each step builds on the findings of the previous one, emphasizing the importance of combining tools, methods, and critical thinking. ### Ethical Implications While this exercise was conducted for educational purposes, it underscores the vast amount of information publicly accessible online. This availability raises questions about privacy and data security. Practitioners must always operate within ethical and legal boundaries, ensuring their work serves legitimate purposes. ## Critical Thinking in OSINT During this exercise, several subtle details informed our approach: 1. **EXIF Analysis Context**: The absence of metadata hinted at a deliberate action, such as sharing via privacy-conscious platforms. 2. **Visual Clues**: The tropical environment, architecture, and water features aligned with characteristics of Micronesian islands (althought we do not know it yet at the beginning). 3. **Tool Selection**: The choice to use Google Earth over Maps allowed for a more detailed spatial analysis, including terrain and orientation. These moments reflect how OSINT is not merely about tools but also about interpreting and connecting data meaningfully. ## Closing Thoughts This case study highlights how powerful OSINT can be, even for seemingly simple tasks. By methodically leveraging publicly available information, we uncovered the name, location, and orientation of a resort on an island based on just one photo. For professionals, enthusiasts, or anyone curious about the potential of OSINT, exercises like this are invaluable for sharpening skills and understanding the broader implications of open data. Let me know if you enjoyed this case study, or if you have suggestions for future topics. Happy investigating! 🚀 ]]> hi@hadna.space (Hadna) <![CDATA[OSINT: The Art of Open-Source Intelligence]]> https://hadna.space/notes/31-osint https://hadna.space/notes/31-osint Sun, 17 Nov 2024 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[How to Set Up a VPN Using PiVPN and WireGuard]]> https://hadna.space/notes/30-vpn-using-pivpn-wireguard https://hadna.space/notes/30-vpn-using-pivpn-wireguard Wed, 13 Nov 2024 00:00:00 GMT Note: Port forwarding isn’t required if you're using a VPS, as it’s already accessible from the internet. ## Step 4: Generate a VPN Client Profile Once PiVPN is installed, you can create client profiles to connect to your VPN. 1. Run the command to create a profile: ```bash pivpn add ``` 2. You’ll be prompted to name your client. Choose a descriptive name (e.g., `my-device`). 3. After creation, the `.conf` file for the client will be saved in the `/home/pi/configs` directory (or equivalent for your system). ## Step 5: Transfer the Client Profile to Your Device To connect a device (like your phone or computer) to the VPN, you’ll need the client configuration file. Transfer it securely using SCP or a secure file-sharing method. ```bash scp /home/pi/configs/my-device.conf user@your-device:~/ ``` ## Step 6: Install WireGuard on Your Client Device 1. Linux: ```bash sudo apt install wireguard ``` 2. **Windows and macOS**: Download and install the WireGuard app from WireGuard’s website. 3. **Mobile (iOS/Android)**: Install the WireGuard app from the App Store or Google Play Store. ## Step 7: Import the Configuration and Connect 1. Open the WireGuard application on your device. 2. Import the `.conf` file you transferred. 3. Connect to your VPN by toggling the connection in the app. 4. If you are installing WireGuard on your mobile devices, you can scan the configuration using QR code by running `pivpn -qr` command on your terminal. ## Step 8: Verify Connection To confirm that your VPN is working correctly, check your public IP address by visiting a site like [WhatIsMyIPAddress](https://whatismyipaddress.com). It should reflect the IP address of your VPN server. ## Additional Tips - **Automate the VPN Connection**: You can set up the WireGuard client to auto-connect when accessing specific networks. - **Security Best Practices**: Regularly update your server and avoid using the default VPN port for added security. - **Server Reboots**: Reboot your server after you successfully install PiVPN. ## Closing Note With PiVPN and WireGuard, setting up a VPN on a Raspberry Pi, ARM server, or VPS is simple and effective. This setup allows secure, private connections to your network from anywhere. Enjoy safe browsing and secure remote access! ]]> hi@hadna.space (Hadna) <![CDATA[Console-Only Access in UTM]]> https://hadna.space/notes/29-utm-console-only https://hadna.space/notes/29-utm-console-only Tue, 12 Nov 2024 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[Kali Linux: A Beginner's Guide to Cybersecurity]]> https://hadna.space/notes/28-kali-linux https://hadna.space/notes/28-kali-linux Sun, 10 Nov 2024 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[Populating Users-Permission Relation in Strapi]]> https://hadna.space/notes/27-populating-users-permission-relation-in-strapi https://hadna.space/notes/27-populating-users-permission-relation-in-strapi Thu, 07 Nov 2024 00:00:00 GMT { const sanitizeOutput = (user) => { const { password, resetPasswordToken, confirmationToken, ...sanitizedUser } = user; // be careful, you need to omit other private attributes yourself return sanitizedUser; }; plugin.controllers.user.me = async (ctx) => { if (!ctx.state.user) { return ctx.unauthorized(); } const user = await strapi.entityService.findOne( 'plugin::users-permissions.user', ctx.state.user.id, { populate: ['role'] } ); ctx.body = sanitizeOutput(user); }; plugin.controllers.user.find = async (ctx) => { const users = await strapi.entityService.findMany( 'plugin::users-permissions.user', { ...ctx.params, populate: ['role'] } ); ctx.body = users.map(user => sanitizeOutput(user)); }; return plugin; }; ``` Wait until the Strapi server is restarted. Done! Source: [https://github.com/strapi/strapi/issues/11957#issuecomment-1001102421](https://github.com/strapi/strapi/issues/11957#issuecomment-1001102421) ]]> hi@hadna.space (Hadna) <![CDATA[How to Delete a Course on Tutor (Open edX)]]> https://hadna.space/notes/26-delete-course-on-openedx https://hadna.space/notes/26-delete-course-on-openedx Thu, 31 Oct 2024 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[Why a Software Engineer Speaks on Media Literacy, Disinformation, and Propaganda]]> https://hadna.space/notes/25-software-engineer-speaks-on-media-literacy https://hadna.space/notes/25-software-engineer-speaks-on-media-literacy Sat, 26 Oct 2024 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[Social Engineering: Human Psychology Exploitation]]> https://hadna.space/notes/24-social-engineering https://hadna.space/notes/24-social-engineering Thu, 24 Oct 2024 00:00:00 GMT We're talking about the Fifth-Generation Warfare (5GW) in this note. If you still have no idea about 5GW, it is best to read my [previous note](/notes/23-fifth-generation-warfare) to understand what it is, and what is the relation with this note. Warfare has evolved significantly over the years, transitioning from traditional, battlefield-centric combat to more sophisticated and subtle tactics. In this new era of warfare, known as **Fifth-Generation Warfare (5GW)**, the focus shifts from physical confrontation to **information dominance**, psychological manipulation, and the erosion of societal trust. A crucial tool in 5GW is **social engineering**, a method that exploits human psychology to deceive, manipulate, and disrupt. Social engineering uses deception to persuade individuals to provide confidential information or perform actions that compromise their security. What makes it particularly dangerous is that it doesn’t attack machines or networks directly—**it attacks people**. This article explores how social engineering works, its role in 5GW, common methods used by attackers, and how to protect against it. ### **What is Social Engineering?** **Social engineering** is the art of manipulating individuals into revealing sensitive information or performing actions that may compromise the security of a system or organization. Unlike traditional hacking, which targets technology and infrastructure, social engineering focuses on human vulnerabilities, making it a **psychological form of attack**. Social engineers exploit emotions like trust, fear, urgency, and curiosity to influence their victims. By using psychological tactics, they can bypass even the most sophisticated technological defenses, making social engineering an extremely potent weapon in **information warfare**. In **5GW**, social engineering is often used to influence **public opinion**, **manipulate political processes**, and **destabilize institutions**. The goal is not just to gather information or gain access but to shape perceptions and behaviors on a societal scale, weakening the fabric of society. ### **The Role of Social Engineering in Fifth-Generation Warfare** In **Fifth-Generation Warfare**, the primary objective is **influence and control** over an adversary, often achieved through psychological means rather than direct physical conflict. Social engineering plays a critical role in this form of warfare by targeting **trust, cohesion, and communication**—the foundations of modern societies. Here are three key areas where social engineering plays a role in 5GW: #### **1. Undermining Trust in Institutions** A primary goal in 5GW is to **erode public trust in institutions** such as governments, media, and healthcare systems. By spreading false information and creating doubt, adversaries can destabilize societies from within. Social engineers use tactics like disinformation campaigns, fake news, and deepfake technology to manipulate public opinion, creating confusion and mistrust. For example, during the COVID-19 pandemic, false information about vaccines and public health measures spread rapidly, leading to confusion and public mistrust. This created divisions in societies, weakening the response to the crisis and showing how powerful social engineering can be in 5GW. #### **2. Influencing Elections and Political Processes** Social engineering is also used to **influence elections and political outcomes**. By hacking into political party databases, manipulating social media platforms, or using phishing techniques to gather sensitive information, attackers can sway public opinion or influence voter behavior. A prominent example is the **2016 U.S. Presidential election**, where foreign actors used phishing and social media manipulation to influence voter opinions, creating doubts about the legitimacy of the election and fostering political division. #### **3. Corporate Espionage and Economic Disruption** In the corporate world, social engineering can be used to infiltrate organizations, steal trade secrets, and disrupt economic systems. Through tactics like **phishing**, **pretexting**, or **tailgating**, attackers can gain unauthorized access to sensitive data or sabotage operations. Corporations are increasingly targeted by social engineering attacks because human error is often the weakest link in cybersecurity. A well-executed social engineering attack can lead to severe financial losses and reputational damage. ### **Common Social Engineering Tactics** Social engineers use various methods to deceive their targets. These tactics often exploit emotional responses or human error. Some of the most common forms of social engineering include: #### **1. Phishing** **Phishing** is one of the most common social engineering tactics. It involves sending fraudulent emails or messages that appear to come from legitimate sources, such as banks, employers, or government institutions. The goal is to trick individuals into clicking on malicious links or providing sensitive information like passwords or credit card numbers. - **Example**: A user receives an email claiming to be from their bank, asking them to verify their account details by clicking a link. The link leads to a fake website designed to capture their login credentials. #### **2. Spear Phishing** **Spear phishing** is a more targeted form of phishing. While phishing typically involves mass emails, spear phishing focuses on specific individuals or organizations. Attackers use personal information to make their messages more convincing, increasing the likelihood of success. - **Example**: An employee receives an email that appears to be from their company's IT department, asking them to reset their password due to a security breach. The email is personalized, making it appear legitimate. #### **3. Pretexting** In **pretexting**, the attacker fabricates a scenario to persuade the target to provide sensitive information. This could involve impersonating someone the target trusts, such as a coworker, client, or service provider. - **Example**: A social engineer pretends to be a company's IT support, calling an employee and requesting their login details under the pretense of fixing a technical issue. #### **4. Baiting** **Baiting** involves offering something tempting, like free software, music, or movies, to entice the target into downloading malware or giving away personal information. - **Example**: A USB drive labeled "Confidential" is left in a public place. When someone plugs it into their computer, it installs malware that allows the attacker to access the system. #### **5. Tailgating** **Tailgating**, also known as **piggybacking**, occurs when an attacker gains physical access to a secure area by following someone with authorized access. Attackers may pose as delivery personnel or employees to blend in and avoid detection. - **Example**: An attacker waits outside a secure building and follows an employee through a door that requires an access card, entering the building without authorization. ### **Psychological Tactics in Social Engineering** Social engineering attacks succeed because they exploit human psychology. Here are some of the most common psychological principles used in these attacks: #### **1. Authority** People tend to comply with requests from perceived authority figures. Social engineers often impersonate managers, IT staff, or government officials to exploit this tendency. - **Example**: A social engineer impersonates a company's CEO and sends an urgent email to an employee, requesting sensitive financial data. #### **2. Urgency** Creating a sense of urgency makes people act quickly without thinking critically. Social engineers use this tactic to rush their targets into making mistakes. - **Example**: A phishing email claims that the recipient's account has been compromised and they must act immediately to secure it by clicking a link. #### **3. Trust** Social engineers often gain the trust of their targets by impersonating trusted individuals or organizations. By appearing legitimate, they lower the target’s defenses. - **Example**: An attacker sends a spear-phishing email pretending to be a friend, asking the recipient to open an attachment, which contains malware. #### **4. Reciprocity** People are more likely to comply with a request if they feel they owe something to the other person. Social engineers exploit this by offering something valuable in exchange for compliance. - **Example**: An attacker offers free software or exclusive content in exchange for personal information, tricking the victim into downloading malicious software. ### **Real-World Examples of Social Engineering Attacks** #### **The RSA Breach (2011)** In 2011, **RSA Security** suffered a significant breach through a **spear-phishing** attack. Employees received emails with an attached Excel file titled "2011 Recruitment Plan." When opened, the file installed malware on the network, allowing attackers to steal confidential information, including data on RSA's secure tokens. This breach had far-reaching consequences, affecting numerous organizations worldwide. #### **The Twitter Hack (2020)** In July 2020, social engineers used **vishing** (voice phishing) to target Twitter employees. The attackers posed as Twitter IT staff, convincing employees to provide login credentials over the phone. Once inside the system, the attackers took control of high-profile accounts, including those of Barack Obama, Elon Musk, and Bill Gates, to promote a cryptocurrency scam. ### **Wrap Up** In **Fifth-Generation Warfare**, **social engineering** is a key weapon used to manipulate individuals and disrupt entire societies. By exploiting human psychology, social engineers can bypass technological defenses and gain access to sensitive information, influence public opinion, or even disrupt political processes. As we move further into the information age, understanding and defending against social engineering will be critical for both individuals and organizations. Staying vigilant, educating employees, and implementing robust security protocols are essential steps in defending against these attacks. Social engineering may rely on human vulnerability, but with awareness and proactive measures, its impact can be mitigated. ]]> hi@hadna.space (Hadna) <![CDATA[Fifth-Generation Warfare: The Silent Battles]]> https://hadna.space/notes/23-fifth-generation-warfare https://hadna.space/notes/23-fifth-generation-warfare Wed, 23 Oct 2024 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[Combatting Disinformation: Why Does It Matter?]]> https://hadna.space/notes/22-combatting-disinformation https://hadna.space/notes/22-combatting-disinformation Sun, 20 Oct 2024 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[Why "Simple" Beats "Fancy" in Web Development]]> https://hadna.space/notes/21-why-simple-beats-fancy https://hadna.space/notes/21-why-simple-beats-fancy Sun, 15 Sep 2024 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[Introducing Hadna EduSpace: Your New Learning Space]]> https://hadna.space/notes/20-hadna-eduspace https://hadna.space/notes/20-hadna-eduspace Fri, 09 Aug 2024 00:00:00 GMT **Hadna EduSpace** can be accessed freely at [edu.hadna.space](https://edu.hadna.space) ## What is Hadna EduSpace? **Hadna EduSpace** is a platform designed for those who are curious about tech but prefer a more laid-back approach to learning. Whether you’re just getting started or you’re looking to brush up on your skills, this space offers a variety of resources that aim to make learning both accessible and enjoyable. The focus here isn’t on rushing through content or cramming information, but rather on understanding concepts and applying them in a way that makes sense to you. ## What’s Unique About Hadna EduSpace? At **Hadna EduSpace**, we focus on more conventional slide-based materials rather than the more modern articles or videos. These slides are designed to give you clear, concise information that’s easy to follow. Whether you’re a teacher looking for resources to use in your classroom or a student who learns best by seeing concepts laid out step by step, our slides are here to help. ### For Teachers If you’re an educator, you’ll find that our slide-based content is perfect for classroom use. The slides are structured to guide your lessons, allowing you to focus on delivering the material while keeping your students engaged. You can easily integrate these slides into your existing curriculum, making them a flexible resource for teaching various tech topics. ### For Students As a student, you’ll appreciate how straightforward our materials are. Instead of wading through long articles or dense textbooks, you can learn directly from slides that break down complex concepts into manageable chunks. This format makes it easier to grasp new ideas and follow along at your own pace, whether you’re studying on your own or in a classroom setting. Just don't forget that slide-based materials only cover the surface, and you _need_ to explore things on your own. > **Hadna EduSpace** can be accessed freely at [edu.hadna.space](https://edu.hadna.space) ## Why Should You Use Hadna EduSpace? There’s no shortage of online learning platforms out there, so you might be wondering what makes **Hadna EduSpace** different. The key lies in its approach. This isn’t a place where you’re expected to keep up with a strict learning schedule or meet specific milestones _(except, your teacher is using our slides and expecting you something different)_. Instead, it’s about learning in a way that feels natural and comfortable for you. And because our materials are slide-based, they’re designed to be both engaging and easy to understand. **Hadna EduSpace** understands that everyone’s learning journey is unique. That’s why the content is designed to be flexible and adaptable, allowing you to pick and choose what you want to focus on. Whether you have a full hour to dedicate to learning or just a few minutes to spare, there’s something here for you. ## Why Is Hadna EduSpace Free? One question we often get is, _"Why is **Hadna EduSpace free**?"_ The answer is simple: we believe that access to education should be open to everyone. We’re passionate about sharing knowledge and helping others grow, whether you’re just starting your learning journey or looking to expand your skills. By offering free resources, we hope to create a welcoming environment where anyone can learn without barriers. Education is a powerful tool, and we want to make sure it’s accessible to all who are eager to learn. ## Join the Journey **Hadna EduSpace** is here to support your learning journey, no matter where you’re starting from. If you’re looking for a relaxed, no-pressure environment to explore tech and coding, this might just be the place for you. Take your time, explore at your own pace, and see where your curiosity takes you. Thanks for stopping by, and happy learning! > **Hadna EduSpace** can be accessed freely at [edu.hadna.space](https://edu.hadna.space) Best, The **Hadna EduSpace** Team — aka Diky Hadna ]]> hi@hadna.space (Hadna) <![CDATA[Devs, Hear Me Out: You Don't Know What You're Doing!]]> https://hadna.space/notes/19-devs-hear-me-out https://hadna.space/notes/19-devs-hear-me-out Wed, 31 Jul 2024 00:00:00 GMT Before you judge me, please hear me out: I'm not against self-taught developers, I deeply understand that learning how to code is not easy, and I totally respect the efforts, but I'm against the "just get it working" mindset. The internet is a treasure trove of coding tutorials and resources. From "Learn JavaScript in 30 Days" to "Master Python in a Week," anyone with a computer and internet access can dive into coding. This accessibility has led to a surge in self-taught developers who, with enough determination, can build functional software. It's an exciting development, democratizing the field of software development and opening doors for those who might not have traditional educational backgrounds. One common trait among many self-learned developers is the "just get it working" mindset. Faced with a problem, they turn to Google, find a snippet of code that seems to do the job, and paste it into their project. If it works, great! The job is done. However, this approach often skips over the understanding of why the code works, how it integrates with the rest of the system, or what potential issues might arise. This method can be likened to learning a few phrases in a foreign language. Sure, you can ask where the bathroom is, but you might not be able to understand the response or continue the conversation. Similarly, these developers can assemble a product, but they might not grasp the underlying principles of the technologies they're using. The main issue with this phenomenon is that while these developers can create working products, they often lack a deeper understanding of the code they're writing. This can lead to several problems: 1. **Debugging Nightmares:** Without understanding the core concepts, diagnosing and fixing bugs becomes much more challenging. What happens when a mysterious error appears? Often, it’s a cycle of searching for answers online without truly understanding the root cause. 2. **Scalability and Performance Issues:** Code that works for a small number of users might not scale efficiently. Without knowledge of data structures, algorithms, or best practices, performance can suffer as the user base grows. 3. **Security Risks:** Lack of knowledge about secure coding practices can lead to vulnerabilities. In an era where data breaches and cyber-attacks are rampant, this is a significant concern. 4. **Maintenance Challenges:** As projects grow and evolve, maintaining and updating code becomes critical. If the original code is poorly understood, it becomes a Herculean task to add features, fix bugs, or refactor. The good news is that the situation isn't hopeless. Here are a few ways for self-learned developers to deepen their understanding: 1. **Go Back to Basics:** Invest time in understanding fundamental concepts like data structures, algorithms, and design patterns. This foundational knowledge will make everything else easier to grasp. 2. **Read Documentation:** While tutorials are great, the official documentation often provides the "why" behind the "how." It’s invaluable for gaining a deeper understanding of a technology. 3. **Build and Break:** Experiment with small projects where the goal is to understand every line of code. Break things on purpose and then fix them. This hands-on experience is invaluable. 4. **Seek Feedback:** Engage with the developer community. Code reviews, discussions, and collaboration can provide insights and learning opportunities that solitary study cannot. 5. **Continuous Learning:** The tech field evolves rapidly. Stay curious and keep learning. Take courses, attend workshops, and read books. There's always something new to learn. For instant, self-learned developers, the first step is often building something cool, but the real growth comes from understanding the building blocks of what they create. It's okay not to know everything—no one does. The important thing is to keep learning, stay curious, and embrace the bugs along the way. After all, every great developer was once where you are now, wondering what the heck they were doing. > Becoming a proficient developer is a journey, not a destination. Good luck on your journey! ]]> hi@hadna.space (Hadna) <![CDATA[Diving into Generative Art: A Software Engineer's Journey]]> https://hadna.space/notes/18-generative-art https://hadna.space/notes/18-generative-art Sun, 05 May 2024 00:00:00 GMT Header pattern at [art.hadna.space](https://art.hadna.space) will be generated uniquely everytime you reload/refresh the page. I only set the rule to just draw squares, but the decision about how many squares, how big it is, what color it is, and where it is placed is all handled by the ~~heavenly entity~~ computer. ## From Code to Canvas: My Path to Generative Art Let’s talk about how a techie like me ended up in the colorful world of generative art. It’s a bit like finding an unexpected recipe in a science book—surprising, but oh-so satisfying! So, I started out as a software engineer. My days were filled with lines of code, debugging, and making sure everything clicked in the digital world. Coding was fun—it’s like solving puzzles where every piece has to fit just right. But after a while, I started to crave something different, something that allowed for a bit more… chaos in the creativity. Enter generative art. It was like a breath of fresh air—an exciting blend of technology and visual art that was just as much about embracing the unexpected as it was about precise calculations. The first time I saw a piece of generative art, it was like watching a magic trick. The artwork changed before my eyes, evolving based on its coded instructions but with a touch of randomness that made each iteration unique. I dived into learning everything I could about this fascinating field. I picked up P5.js, a fantastic tool that felt designed for artists and coders alike. P5.js is all about making coding accessible and fun for creating visual art. It’s got this cool way of simplifying the complex parts of programming, so you can focus more on bringing your artistic vision to life. My first project? A simple set of animated geometric shapes that danced around the screen. The shapes would change colors and patterns based on algorithms I wrote. But the real twist was adding elements of randomness—suddenly, no two runs of the code were the same. Each refresh brought a new surprise, and I was hooked! The more I experimented, the more I realized how generative art mirrors life—unpredictable, ever-changing, and wonderfully complex. Each piece I create starts with a plan, but part of the joy comes from seeing how it evolves on its own. Sometimes, I feel more like a curator than a creator, watching as the code takes the lead and shows me things I’d never have thought of on my own. ![City block generative art](/notes/city-block-generative-art.png) > A generative art (animated) that I've created, called _"Metropolis in Motion"_. ## P5.js: My Magic Wand Oh, P5.js! Where do I even begin? This little gem has been nothing short of a magic wand for my transition into the world of generative art. Think of P5.js as a bridge between the structured world of coding and the fluid, infinite possibilities of art. It’s not just a tool; it’s my collaborator in the creative process, allowing me to paint the digital canvas with code. Created with the goal of making coding accessible for artists, designers, educators, and beginners, P5.js is based on the core principles of the original Processing software but reimagined for the web. What does this mean for someone like me? It means I can work in a medium that is inherently interactive and perfect for the web-based exhibitions that bring my art to life for viewers all around the world. One of the first things that drew me to P5.js was its simplicity. With just a few lines of code, I could create animations, interactive elements, and complex patterns that responded to user inputs. The setup is straightforward—you write a `setup()` function where you define the initial environment settings like canvas size and background color, and a `draw()` function that continuously executes the lines of code inside to create animations​​. But the real magic happens in the freedom it gives me to experiment. P5.js comes packed with functions that let you manipulate graphics, handle multimedia, and even integrate sensor data. Want to make a sketch respond to sound? There’s a function for that. What about creating visuals that change with the movement of your mouse? Absolutely doable. It’s like having a digital sketchbook where the only limit is your imagination. Beyond the technical aspects, P5.js has built a community of like-minded creators, a space where artists, coders, and technologists share ideas, tools, and inspirations. The forums and tutorials are goldmines of information, where beginners can learn the ropes and experts can dive deeper into the more complex capabilities of the library. ![P5.js website](/notes/p5js-website.png) > P5.js official website at [P5js.org](https://p5js.org). ## Peek at My Projects Want to see what I've been up to? Check out my projects on my art page at [art.hadna.space](https://art.hadna.space). Each project has its own story and experiment with different aspects of generative art. From swirling patterns to abstract landscapes, it's a visual feast that shows just how much you can do with a bit of code! Plus, each piece of artwork has three different modes: light & dark, which adapt based on the visitor's browser theme, and a unique hash-generated mode. Every hash you enter generates a unique artwork, offering endless possibilities for exploration and creativity. Dive in and see how each mode transforms the art experience! ![Swirling circle](/notes/circle-generative-art.png) > A generative art that I've created, called _"Spectrum Swirls: A Kaleidoscopic Journey"_. ## What's Next? What does the future hold for my journey into generative art? Well, I’m just warming up! The possibilities are as expansive as the canvas of the universe, and I’m all geared up to dive deeper into this fascinating intersection of art and technology. Last but not least, I want to keep sharing my journey with you all. Whether it's through blog updates, interactive galleries, or just casual chats on social media, your feedback and engagement are what keep me motivated. Feel free to [drop me a message](mailto:hi@hadna.space) for comments, questions, or collaboration, and let's keep pushing the boundaries of what art can be in this digital age! ]]> hi@hadna.space (Hadna) <![CDATA[Tutor (Open edX) MFE Development: Building for Production]]> https://hadna.space/notes/17-tutor-open-edx-production-deployment https://hadna.space/notes/17-tutor-open-edx-production-deployment Wed, 17 Apr 2024 00:00:00 GMT Missed the previous note? No worries, catch up [here](https://hadna.space/notes/16-getting-started-tutor-mfe-development) After what feels like an eternity of debugging and countless "Aha!" moments (and probably a few "Oh no!" ones too), you’re ready to show off your hard work. Sure, the method might be a bit quirky, but if it does the trick, who's complaining, right? > Heads up! I’m going to assume you're all logged into your production server via SSH (because you're awesome like that), and that you've already wrangled your domain records to point at your server. ## Deploying Your MFE for the World to See ### Step 1: Wake up Your MFE Plugin First up, let’s make sure your MFE plugin is ready to roll: ``` $ tutor plugins enable mfe ``` ### Step 2: Create Your Custom Plugin Time to get crafty with a custom plugin to patch the standard MFE setup: ``` # Create plugins root directory $ mkdir -p "$(tutor plugins printroot)" # Create the plugin $ touch "$(tutor plugins printroot)/myplugin.py" ``` Let’s make sure it's listed in the lineup: ``` $ tutor plugins list ... myplugin (disabled) /home/yourusername/.local/share/tutor-plugins/myplugin.py ... ``` Give it some power: ``` $ tutor plugins enable myplugin Plugin myplugin enabled Configuration saved to /home/yourusername/.local/share/tutor/config.yml Environment generated in /home/yourusername/.local/share/tutor/env ``` ### Step 3: Customize Your Plugin Crack open your new plugin file (located at `/home/yourusername/.local/share/tutor-plugins/myplugin.py`) and sprinkle in this bit of magic: ``` from tutormfe.hooks import MFE_APPS @MFE_APPS.add() def _add_my_mfe(mfes): mfes["mymfe"] = { "repository": "https://github.com/{USERNAME}/frontend-app-{MFE-NAME}.git", "port": {ANY_PORT_YOU_WANT}, } return mfes ``` ### Step 4: Lock in Your Config If you’ve tweaked things, don’t forget: ``` $ tutor config save ``` ### Step 5: Build the Docker Image Here comes the heavy lifting: ``` $ tutor images build mfe ``` Grab a coffee, this could take a bit. ### Step 6: Launch Time Once it’s built: ``` $ tutor local launch ``` Follow the prompts and bam, you’re live! 🎉 Congratulations! ## When Things Go Sideways... So, you've launched, but suddenly, your server decides to take a nap—mid-session, no less. If you find your server hanging up and the only clue is a vague timeout or connection reset error during the MFE image build, don’t panic. Here’s a sneaky little workaround that might just save your bacon: ### Reduce Docker's parallel operations to keep your server from tipping over: 1. Create a `buildkit.toml` configuration to keep things chill: ``` [worker.oci] max-parallelism = 2 ``` 2. Spin up a Docker builder with this cooler setting: `$ docker buildx create --use --name=max2cpu --driver=docker-container --config=./buildkit.toml` 3. Give the build another shot: `$ tutor images build mfe` 4. Launch the Tutor: ``` $ tutor local launch ``` This time, fingers crossed, you’re actually good to go! For real, for real. Feel free to take a moment to bask in the glory of your newly deployed MFE. You’ve earned it! If you run into more hiccups or have questions, just remember, every problem is just an opportunity to learn something new (or, you know, an opportunity to debug). Happy deploying! ]]> hi@hadna.space (Hadna) <![CDATA[Tutor (Open edX) MFE Development: A Personal Experience]]> https://hadna.space/notes/16-getting-started-tutor-mfe-development https://hadna.space/notes/16-getting-started-tutor-mfe-development Wed, 10 Apr 2024 00:00:00 GMT But first, Happy Eid al-Fitr day! Hope it's a fantastic one filled with joy and yummy treats with your nearest and dearest. 🌙✨ _Disclaimer: Just a heads-up, this is me sharing my adventure in developing Micro Frontend (MFE) components for Tutor LMS (Open edX) on my Apple M1 chip. I'm rocking Tutor v17 (Quince release) for this journey. This guide might have its quirks, but hey, it worked for me!_ ## 🛠 Installation ### 📋 Requirements - Supported OS: Tutor runs on any 64-bit, UNIX-based OS. It was also reported to work on Windows (with WSL 2). - Architecture: Both AMD64 and ARM64 are supported. - Required software: - Docker: v24.0.5+ (with BuildKit 0.11+) - Docker Compose: v2.0.0+ > ⚠️ Warning > Do not attempt to simply run `apt-get install docker docker-compose` on older Ubuntu platforms, such as 16.04 (Xenial), as you will get older versions of these utilities. - Ports 80 and 443 should be open. If other web services run on these ports, check the tutorial on how to setup a web proxy. - Hardware: - Minimum configuration: 4 GB RAM, 2 CPU, 8 GB disk space - Recommended configuration: 8 GB RAM, 4 CPU, 25 GB disk space ### 🚀 Tutor Installation I totally recommend going with the Python version. Here's how to get the latest Tutor on your block, based on your OS: ``` # Let's create a cozy virtual environment for Tutor $ python3 -m venv tutorvenv # Time to step into our new virtual home $ source tutorvenv/bin/activate # And finally, let Tutor move in $ pip install "tutor[full]" ``` Boom! You've got Tutor LMS chilling on your machine. Ready to whip up some Micro Frontend magic! ## 🏃 Running Tutor Locally Got Tutor all set up? Sweet! Let's get it running locally for all your development shenanigans (don't forget to start Docker Desktop first): ``` $ tutor dev launch ``` This might take a hot minute (or several), depending on how fast your internet is and what your hardware setup looks like. Once it's done, Tutor will be hanging out at `http://localhost:8000`. Run into a `ProgrammingError: relation "django_content_type" already exists` error? No sweat, just fix it with: ``` $ tutor dev run lms python manage.py lms migrate --fake-initial ``` And give `tutor dev launch` another go. ## 🎨 MFE Development Let's play around with `frontend-app-learner-dashboard` as our guinea pig. ### 🌶 Modify The MFE Plugin Now, the spicy part. Navigating MFE development in Tutor as a newbie can be a bit like finding a needle in a haystack due to some sparse documentation. But here's the gist: 1. Skip the `tutor plugins install mfe` command. It'll just pull the default MFE instead of your custom masterpiece. You can, but you will need to create a custom plugin to patch the original MFE plugin with your customizations. 2. Time to clone the MFE repo for some prep work: ``` $ git clone https://github.com/overhangio/tutor-mfe.git ``` 3. Install the plugin by running: ``` $ pip install -e tutor-mfe ``` 4. This puts the MFE plugin in editable mode, so your tweaks are live without reinstallation. 5. Modify the `/tutor-mfe/tutormfe/plugin.py` file to introduce your custom MFE component repository (you will need to put your MFE project in a GitHub repository). For example: ``` // Original "learner-dashboard": { "repository": "https://github.com/openedx/frontend-app-learner-dashboard.git", "port": 1996, }, // Your custom MFE "learner-dashboard": { "repository": "https://github.com/{USERNAME}/frontend-app-learner-dashboard.git", "port": 1996, }, ``` > 🧐 Keep an eye on the GitHub username part. Make sure your repo name matches up. ### 🚀 MFE Development Assuming you're flying without a GitHub repo for your MFE for now, you can tether your local development code directly to the plugin: ``` $ tutor mounts add /path/to/your/frontend-app-learner-dashboard ``` Then seal the deal with: ``` $ tutor config save ``` Fire up Tutor again if you need to: ``` $ tutor dev launch ``` Now, any ninja moves you pull on your `frontend-app-learner-dashboard` code in your local dojo will show up live in Tutor, no GitHub middleman required. ## 🧠 QnA for Curious Mind | **Question** | **Answer** | | ------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Do I need to hit `npm start` every time? | Nah, `tutor dev launch` has got you covered. It'll get your MFE code up and running, no manual start required. Just give it a sec longer than usual to see your changes. | | Should I run `tutor config save` after every code change? | Nope, once is enough. | | Where do I find my shiny new MFE after tweaking it? | It depends on which MFE you're dabbling with. Check out `/tutor-mfe/tutormfe/plugin.py` (from previous MFE plugin installation step) for the details. For instance, the learner dashboard lives at `http://apps.local.edly.io:{PORT}/learner-dashboard/`, with the port customizable in your MFE's `.env.development`. | | I run into a `ProgrammingError: relation "django_content_type" already exists` error. What to do? | Squash it with the `tutor dev run lms python manage.py lms migrate --fake-initial` command. | | Which framework does MFE use? | ReactJS | | What if I want to modify the template instead of using MFE? | You can start by modifying the `indigo` theme. This note is dedicated for MFE, and not template. | | I have another question! | Head to [Open edX discussion forum](https://discuss.openedx.org/). | Happy coding, folks! 🎉 ]]> hi@hadna.space (Hadna) <![CDATA[Why Picking Up Dutch Could Be Your Next Great Move: An Indonesian Perspective]]> https://hadna.space/notes/15-learning-dutch https://hadna.space/notes/15-learning-dutch Fri, 29 Mar 2024 00:00:00 GMT Nederlands gebouw in Nol Kilometer, Yogyakarta, Indonesie. Afbeelding door @rickyansari_01 op Instagram. ## A Splash of Cultural Color Indonesia and the Netherlands? It's a cultural mash-up that's influenced everything from our food (hello, koffie and kroket!) to words that we use without even realizing their origins. Diving into Dutch not only lets you get the full experience of these cultural gems but also opens up a whole new appreciation for arts, literature, and even films from the land of tulips and windmills. ![Klappertaart](https://upload.wikimedia.org/wikipedia/commons/f/ff/Coconut_custard_klappertaart.jpg) > Klappertaart, a Dutch-influenced Indonesian cake. Afbeelding op Wikipedia. ## Opening Doors to Opportunities Thinking about furthering your studies or maybe eyeing some career moves? The Netherlands is packed with top-tier universities and global companies. Knowing Dutch might just be the cherry on top of your resume, giving you a leg up in scholarships, academic programs, or job opportunities, not just in the Netherlands but also with Dutch companies worldwide. ![Universiteit Utrecht](/notes/universiteit-utrecht.png) > Academiegebouw van de Universiteit Utrecht. Afbeelding op Universiteit Utrecht. ## Tightening the Bonds On a bigger scale, every new Indonesian who learns Dutch is like a living bridge connecting our two countries. It's all about understanding each other better, sharing ideas, and even working together on cool projects. Language is a powerful tool for bringing people closer, and by speaking Dutch, you're helping to knit Indonesia and the Netherlands a bit tighter. ![Spreekt U Nederlands?](https://allaboutexpats.nl/wp-content/uploads/2022/07/language-dutch.jpg) > Nederlands leren spreken ## Personal Growth (With a Side of Fun) Let's not forget the personal jazz that comes with learning any new language. Dutch, with its quirky sounds and expressions, is a fun ride. It connects you to a community that spans the globe, including those of Indonesian-Dutch heritage. Plus, it's a fantastic party trick to bust out a sentence or two in Dutch, am I right? ## Why Not? So, while Dutch might not have been at the top of your language bucket list, it's got a lot going for it, especially for us Indonesians. From uncovering historical secrets to making new friends, and even boosting your career - the benefits are as diverse as they are surprising. Plus, it's a way to discover more about our own Indonesian heritage and see how it's woven into a larger global tapestry. Why not take the plunge and start saying a little more than just "Hallo" and "Dankjewel"? Who knows what doors might open when you do. Let's get adventurous with our language learning – Dutch could be your unexpected ticket to new experiences! 🌟 ]]> hi@hadna.space (Hadna) <![CDATA[Open edX: Tutor vs Native Installation]]> https://hadna.space/notes/14-Open-edX:-Tutor-vs-Native-Installation https://hadna.space/notes/14-Open-edX:-Tutor-vs-Native-Installation Fri, 22 Mar 2024 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[Festive Frost: Bringing Holiday Cheer with a Snowy Nord Theme on This Website]]> https://hadna.space/notes/13-snow-time https://hadna.space/notes/13-snow-time Wed, 29 Nov 2023 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[Monaspace by GitHub Next: An Innovative Superfamily of Fonts for Code]]> https://hadna.space/notes/12-monaspace https://hadna.space/notes/12-monaspace Thu, 16 Nov 2023 00:00:00 GMT "We are a team of researchers and engineers at GitHub, exploring things beyond the adjacent possible. We prototype tools and technologies that will change our craft. We identify new approaches to building healthy, productive software engineering teams." - [GitHub Next](https://githubnext.com) ## Introducing Monaspace 1.0 Monaspace, currently at version 1.0, redefines the landscape of code fonts. Built to provide a more expressive palette for code and the tools used to work with it, Monaspace stands out as a new type system advancing the display of code on screen. ![A picture showing some examples of Monaspace fonts](https://user-images.githubusercontent.com/22723/281846605-301020e0-f138-44af-abb1-48efa610be08.png) ## The Challenge Since the teletype machine's earliest days, code has been set in monospaced type—letters on a grid. Monaspace addresses this historical approach and introduces a new type system that pushes the boundaries of displaying code on screen. Advancements in computing technology have always paralleled improvements in code display and editing. From CRTs enabling screen editors to the rise of integrated development environments with graphical user interfaces, each era brought new possibilities. Yet, the options for layering additional meaning onto code remain limited. While syntax highlighting introduced color-coded distinctions in 1982, there's still room for improvement beyond colors, considering the graphical limitations of most editors. ## Imagining Possibilities Monospaced fonts have long suffered from incompatibility issues, making it impossible to seamlessly mix different fonts. Monaspace addresses this challenge, allowing developers to mix and match fonts seamlessly. This opens the door to layering more meaning onto code with a palette that goes beyond colors and introduces bolder weights. Developers can now build interfaces for code that demand more structure and hierarchy. ## Texture Healing A significant drawback of monospaced type is its uneven texture—a consequence of fitting every letter into a uniform box. Texture Healing, a novel technique introduced by Monaspace, evens out the density of monospaced type, bringing it closer to the proportional type's traditional appearance. This technique preserves the monospace grid and seamlessly integrates with most editors without requiring new software or editor plugins. ## Code Ligature Monaspace goes beyond conventional monospaced fonts by including code ligatures for a broad variety of languages. These ligatures are organized into stylistic sets that users can enable or disable based on their preferences. Stylistic sets cater to specific languages, enhancing the visual experience. For instance, `ss01` includes ligatures for character sequences commonly seen in JavaScript, while `ss05` provides ligatures for operators in F#. In addition to eight stylistic sets, Monaspace features two utility sets: - `calt` (contextual alternates): Activates ligatures that adjust the visual positioning of character sequences without altering their shape or appearance. This feature also activates texture healing. - `dlig` (discretionary ligatures): Activates a basic set of ligatures shared by many programming languages and frameworks, mainly sequences of repeating characters. ## Download & Install To experience Monaspace in your favorite code editor, visit the [official Monaspace website](https://monaspace.githubnext.com/) or explore [the GitHub repository](https://github.com/githubnext/monaspace). ]]> hi@hadna.space (Hadna) <![CDATA[Ken Burns Effect Using FFmpeg]]> https://hadna.space/notes/11-ffmpeg-ken-burns-effect-zoom-pan https://hadna.space/notes/11-ffmpeg-ken-burns-effect-zoom-pan Mon, 13 Nov 2023 00:00:00 GMT **FFmpeg** is a powerful and open-source software that facilitates multimedia processing. It acts as a Swiss Army knife for handling audio and video files, offering a wide range of capabilities for media manipulation. If you want to add a touch of elegance to a static image, the Ken Burns effect is a classy choice. It involves a gradual zoom or pan across the image, giving it a subtle, cinematic feel. In this tutorial, we'll use FFmpeg, the Swiss Army knife of multimedia processing, to turn a still image into a captivating video with the Ken Burns effect. ### Prerequisites Before we begin, make sure you have FFmpeg installed on your system. If you don't have it yet, you can download it [here](https://ffmpeg.org/download.html). ### Steps 1. **Prepare Your Image:** - Choose the image you want to use. - Make sure the image resolution is suitable for the video output. 2. **Create a Simple Script:** - Open a text editor and create a simple script, e.g., `kenburns.sh`. 3. **Write the Script:** - In your script, use the following FFmpeg command: ```bash ffmpeg -i input.avif -vf "zoompan=z='min(zoom+0.0015,1.5)':d=125" -c:v libx264 -t 10 -s 1920x1080 -pix_fmt yuv420p output.mp4 ``` Breakdown of the command: - `-loop 1`: Loop the input image infinitely. - `-i input.jpg`: Input image file. - `-vf "zoompan=z='min(zoom+0.0015,1.5)':d=125"`: Apply the zoom and pan effect. You can adjust the values to customize the effect. - `-c:v libx264`: Use the H.264 video codec. - `-t 10`: Set the duration of the video to 10 seconds. Adjust as needed. - `-s 1920x1080`: Set the resolution of the output video. - `-pix_fmt yuv420p`: Set the pixel format. 4. **Run the Script:** - Save your script and run it in the terminal: ```bash sh kenburns.sh ``` - This will create a video file named `output.mp4` with the Ken Burns effect. 5. **Adjust Parameters (Optional):** - Feel free to experiment with the zoom, pan, and duration parameters in the FFmpeg command to achieve the desired effect. And there you have it! You've successfully created a video with the Ken Burns effect from a static image using FFmpeg. You can now use this technique to add a dynamic touch to your presentations, slideshows, or any project where a subtle, animated image is needed. ## Example In this example, I will take this photo from [Helena Lopes](https://unsplash.com/photos/running-white-horse-lIeqGEdvex0) and apply the Ken Burns effect using FFmpeg. Original image: ![A white horse photo from Helena Lopes](https://images.unsplash.com/photo-1553284965-83fd3e82fa5a?q=80&w=3271&auto=format&fit=crop&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8fA%3D%3D) Result (click the image, link to YouTube video): [![A video of a white horse, applied Ken Burns effect, made using FFmpeg](https://img.youtube.com/vi/wagIoSbs5O0/0.jpg)](https://www.youtube.com/watch?v=wagIoSbs5O0) ]]> hi@hadna.space (Hadna) <![CDATA[Why Should You NOT Do Freelancing?]]> https://hadna.space/notes/10-why-should-you-not-do-freelancing https://hadna.space/notes/10-why-should-you-not-do-freelancing Sun, 12 Nov 2023 00:00:00 GMT 💡 Also read about [Why Should You DO Freelancing?](/notes/9-why-should-you-do-freelancing) ## Inconsistent Income Rollercoaster Freelancing doesn't come with a steady paycheck. Say goodbye to the predictability of a monthly salary. Instead, get ready for a financial rollercoaster where some months you're rolling in it, and others you're scraping by. It's not for the faint of heart, especially if you're a fan of financial stability. ## No Employee Benefits Forget about health insurance, retirement plans, or paid vacation days. As a freelancer, you're on your own. No dental plan, no 401(k), and definitely no paid time off. Your benefits package? Well, that's up to you to figure out. ## You're Your Own Boss... and Employee Sure, being your own boss sounds fantastic, but it also means being your own employee. You're responsible for finding clients, managing projects, handling the admin stuff, and oh, don't forget about marketing yourself. It's a one-person show, and sometimes you wish you had someone else to share the workload. ## The Lonely Freelancer Island Freelancing can be isolating. Say goodbye to water cooler chats and office camaraderie. It's just you, your laptop, and maybe a cat for company. Loneliness can sneak up on you, especially if you're someone who thrives on social interactions. ## Feast or Famine Workload You might find yourself drowning in work one week and twiddling your thumbs the next. The unpredictability of a freelancing workload can be stressful. Deadlines might pile up, and then suddenly, crickets. It's not always a balanced, steady flow of projects. ## Uncertain Job Security Freelancers don't have the luxury of job security. Clients come and go, and there's always the risk of projects falling through. If you're someone who likes the comfort of a stable job, freelancing might feel like standing on shaky ground. ## Self-Motivation Required Freelancers need to be self-starters. There's no boss breathing down your neck, but that also means there's no one pushing you to get things done. Procrastination can become your worst enemy, and you might find yourself binge-watching Netflix instead of working on that deadline. ## The Never-Ending Search for Clients Freelancing isn't just about doing the work; it's a constant hustle for new clients. Networking, pitching, and self-promotion become part of your daily routine. If the idea of always selling yourself gives you the heebie-jeebies, freelancing might not be your cup of tea. ## Wrapping Up! While freelancing has its perks, it's not the right fit for everyone. The lack of stability, benefits, and the constant need to hustle might not align with your career goals and lifestyle preferences. Before diving into the freelancing world, carefully consider whether the challenges outweigh the benefits for you. Remember, there's no one-size-fits-all career path, and that's perfectly okay. Freelancing might be a fantastic adventure for some but a potential headache for others. It's all about finding what works best for you and your unique professional journey. ]]> hi@hadna.space (Hadna) <![CDATA[Why Should You DO Freelancing?]]> https://hadna.space/notes/9-why-should-you-do-freelancing https://hadna.space/notes/9-why-should-you-do-freelancing Sat, 11 Nov 2023 00:00:00 GMT 💡 Also read about [Why Should You NOT Do Freelancing?](/notes/10-why-should-you-not-do-freelancing) ## Doing Your Thing, Your Way The coolest thing about freelancing? You're the captain of your own ship. No more fixed schedules or bosses breathing down your neck. You decide when, where, and how you work. Want to catch some rays and work from a beach cafe? Go for it. Night owl or early bird? It's your call. Flexibility is the name of the game. ## Jack of All Trades Freelancing isn't just for tech geeks or design gurus. Whether you're a wordsmith, a coding genius, a marketing whiz, or something in between, there's a gig for you. It's like a job buffet – pick and choose what suits your skills and interests. Diversify your talents, and who knows, you might end up a master of all trades. ## The Boss of You Tired of office politics and clocking in and out? Freelancing puts you in the driver's seat. You're the boss, the head honcho, the chief decision-maker. Choose the projects you vibe with, work with clients you like, and set the direction of your own career. Independence has never looked this good. ## Pajamas All Day, Every Day Say goodbye to the stuffy office attire. One of the perks of freelancing? Your dress code is whatever you want it to be. Pajamas, sweatpants, or even a superhero cape – it's your call. Your fashion choices, your rules. Comfort is king in the freelance kingdom. ## Work from Anywhere Who needs a fixed office space when the whole world can be your office? Freelancing gives you the power to work from anywhere. Home sweet home, a cozy cafe, or a hammock in Bali – as long as there's an internet connection, you're golden. Say goodbye to the four walls; the world is your workplace. ## Show Me the Money Let's talk moolah. Freelancing isn't just about the freedom; it's about the potential for some serious cash. Set your rates, juggle multiple projects, and watch those income streams flow. It's not all sunshine and rainbows, but for those who navigate the freelance maze, the financial rewards can be pretty sweet. ## Always Be Learning Freelancing isn't a one-trick pony. It's a constant learning journey. With each project, you're picking up new skills, staying ahead of the game, and becoming a bona fide expert. It's like being in a perpetual state of education, minus the boring textbooks. ## Your Personal Brand, Your Rules Freelancing isn't just about the work; it's about building your personal brand. Showcasing your killer projects, collecting rave reviews from clients, and having a killer online presence - it all adds up. Your personal brand becomes your superpower, attracting more clients and gigs. ## Wrapping It Up So, there you have it - freelancing in a nutshell. It's like a choose-your-own-adventure for your career. The freedom, the opportunities, and the chance to be your own boss - what's not to love? So, if you're feeling a bit rebellious against the usual 9-to-5 routine, maybe freelancing is your ticket to the cool, flexible work life you've been dreaming of. Rock on, freelancers! ]]> hi@hadna.space (Hadna) <![CDATA[How To Scroll While You Are Using `screen` on Linux]]> https://hadna.space/notes/8-how-to-scroll-while-using-screen-in-linux https://hadna.space/notes/8-how-to-scroll-while-using-screen-in-linux Fri, 10 Nov 2023 00:00:00 GMT Originally posted on [@kertas@kos.ong](https://kos.ong/@kertas/111379896311703985). ]]> hi@hadna.space (Hadna) <![CDATA[Winterly Tab is Featured By Microsoft!]]> https://hadna.space/notes/0-winterly-tab-is-featured-by-microsoft https://hadna.space/notes/0-winterly-tab-is-featured-by-microsoft Wed, 01 Nov 2023 00:00:00 GMT Originally posted on [note.hadna.space](https://note.hadna.space/winterly-tab-is-featured-by-microsoft) at October 6, 2021 ]]> hi@hadna.space (Hadna) <![CDATA[How To Create a Custom 404 Page for Your Next.js Project]]> https://hadna.space/notes/7-build-a-custom-404-page-on-nextjs-app-router https://hadna.space/notes/7-build-a-custom-404-page-on-nextjs-app-router Wed, 08 Nov 2023 00:00:00 GMT { return

Customize your 404 page here

} export default NotFoundPage ``` Detailed instruction about `not-found.{js, tsx}` file can be read [here](https://nextjs.org/docs/app/api-reference/file-conventions/not-found). ]]> hi@hadna.space (Hadna) <![CDATA[How To Remove or Hide Desktop Icon on Your Mac]]> https://hadna.space/notes/6-hide-show-desktop-items-on-macos https://hadna.space/notes/6-hide-show-desktop-items-on-macos Tue, 07 Nov 2023 00:00:00 GMT ps: Let's talk about macOS Sonoma. I've tried it, and it works. But here's the catch: if you hide those desktop icons, you might run into a snag: it can impact the functionality of the widget feature. At least, that was the case when I jotted down this note. ]]> hi@hadna.space (Hadna) <![CDATA[How To Reset Your Mastodon Database]]> https://hadna.space/notes/5-how-to-reset-mastodon-database https://hadna.space/notes/5-how-to-reset-mastodon-database Thu, 02 Nov 2023 00:00:00 GMT Heads up: This move’s gonna wipe your entire Mastodon database clean. All users, toots, and pretty much everything will vanish. Do it at your own risk. 1. Login to your Mastodon instance server using SSH. 2. Change user to mastodon (if you're not logged in as `mastodon` user) by running: ```bash su - mastodon ``` 3. Change the directory to your Mastodon directory: ```bash cd ~/live ``` 4. Run this irreversible and destructive command: ```bash DISABLE_DATABASE_ENVIRONMENT_CHECK=1 RAILS_ENV=production bundle exec rake mastodon:setup ``` 5. Answer all the questions 6. Done! You can now login to your fresh Mastodon instance with the new credentials. ]]> hi@hadna.space (Hadna) <![CDATA[How To Install Mastodon on Debian/Ubuntu Server]]> https://hadna.space/notes/4-install-mastodon-on-debian-ubuntu-server https://hadna.space/notes/4-install-mastodon-on-debian-ubuntu-server Thu, 02 Nov 2023 00:00:00 GMT hi@hadna.space (Hadna) <![CDATA[How To Calculate Reading Time in Javascript/Typescript]]> https://hadna.space/notes/3-calculate-reading-time-javascript-typescript https://hadna.space/notes/3-calculate-reading-time-javascript-typescript Wed, 01 Nov 2023 00:00:00 GMT { // Average human reading speed (WPM) const wordsPerMinute = 200 let textLength = String(text).split(" ").length if (textLength > 0) { return Math.ceil(textLength / wordsPerMinute) } return 0 } ``` Usage example: ```ts const text = "Lorem ipsum dolor sit amet" const readingTime = calculateReadingTime(text) // 1 ``` ]]> hi@hadna.space (Hadna) <![CDATA[I am @kertas@kos.ong on Mastodon]]> https://hadna.space/notes/2-kertas-kosong https://hadna.space/notes/2-kertas-kosong Wed, 01 Nov 2023 00:00:00 GMT 'Kosong' means 'empty' in Indonesian, and 'kertas' is 'paper'. So it's 'empty paper'. With my instance, I'm the top dog (sort of, not entirely - I’m rolling with [Mastohost](https://masto.host) for service, so no code or database fiddling). But hey, I’m the admin and have full access to the dashboard. You might be thinking, “Why have a private social platform with no one to chat with?” Kind of right, but not 100%. The power of Mastodon is that **users don't need to be on the same instance to interact**. Think of it like this: you’ve got a `xxx@gmail.com` email and can shoot a message to your pal, even if they’re at `xxx@outlook.com`, right? Mastodon works in a similar way. Each Mastodon instance has its vibe and rules. `fosstodon.org` for free software, `mastodon.art` for art, and `botsin.space` for your Mastodon bots. With my instance, no strings attached, no theme. I toot as I like, about whatever I want, with the 90% control I have (the rest’s in Mastohost’s court). Oh, 'toot' is Mastodon’s 'tweet'. > I'm not saying you’ve got to use Mastodon. You do you on social media. But if you get where I'm coming from, there's a sweet alternative. If you jump in, you can follow me at [@kertas@kos.ong](https://kos.ong/@kertas). ]]> hi@hadna.space (Hadna) <![CDATA[Finally Adding the New Feature I've Longed For!]]> https://hadna.space/notes/1-initializing-new-feature https://hadna.space/notes/1-initializing-new-feature Mon, 30 Oct 2023 00:00:00 GMT Hint: From now on, I will refer it as 'Notes', and not 'Blog'. But it is the exact same meaning and purpose. I absolutely love writing. There's something special about having your dedicated space for it. While I've been using [Hashnode](https://note.hadna.space) as my main blogging platform, I found myself craving more customization options. I also don't need a bunch of fancy features to write. All I really need is a simple text editor, and my thoughts can wander freely. This note you're currently reading? It's crafted in markdown format: plain, simple, and flexible. You can use various tools for this - a basic notepad or even a more advanced IDE with a Markdown-preview feature if that suits your style. And just like that, one thing led to another, and here we are - this feature is now live! Stay tuned for more of my musings and updates coming your way soon. 🚀 _Oh, should I move the other notes here as well?_ ]]> hi@hadna.space (Hadna)