More than five years have passed since my last blog series on Gitea.1 In the meantime, Gitea has gained a more powerful fork in Forgejo,2 which has long been part of my daily workflow. Having recently shut down my Gitea instance running as a jail on TrueNAS,3 I will outline how I have adapted a Forgejo instance to my specific needs. A brief note for context: For simplicity I refer only to Forgejo. I am well aware that many aspects of Forgejo and Gitea remain identical (for now). Yet it should be clear that since Forgejo version 10, it has ceased to be a soft fork.4 In the long run the two projects will diverge. Read more

Some time ago, in my post “From Mistrel to Heretic”,1 I wrote about my journey to digital independence. I received several questions about my tech stack afterwards. A fair question I’m happy and willing to answer: I rely on free solutions with GNU/Linux Debian2 as foundation. Stable3 runs on servers and critical systems, while unstable or “sid” powers my daily drivers. For me, the ideal balance between robustness and up-to-date software. Read more

The Portable Document Format (PDF)1 is a great example of how an originally brilliant concept for displaying print documents has been ruined over decades. Initially conceived as successor to PostScript,2 it has degenerated into a universal container format. Text, images, vectors, scripts, fonts, form data, even complete 3D models there’s hardly anything, that can’t end up in a PDF, including Doom.3 The PDF Pseudo-Standard In practice this means: Hardly any two PDFs are alike. A single piece of information can be packaged in a dozen different ways, depending on which program was used to create it.4 And we haven’t even gotten to the topic of signatures yet.5 Read more

Today on public holiday (in Germany) I polished my Nautilus script collection and uploaded it to Codeberg.1 For everyone who enjoys automating recurring tasks such as OCR on PDFs, creating animated WebP images from a selection of pictures, or encoding videos in h.265. The script collection will be updated from time to time. I already have some nice ideas in mind, like posting a graphic directly to Mastodon, more to come. Read more

Next Friday and Saturday (September, 19th + 20th 2025) you find me at the Kiel Open Source and Linux Days, also known as Kielux.1 As guest, I’ll be attending a few talks and workshops. Looking forward, Yours, Tomas Jakobs https://www.kielux.de/ ↩︎

A Bash script I’ve used for many years got some love recently and I’ve uploaded it to Codeberg.1 The HTTP Limiter is my answer to the bots, scrapers, and pentest tools that constantly hammer on my public facing hosts. Though “hammer” might actually be an understatement. What once seemed like constant background noise has now become the norm with noticeable consequences: Log files grow faster and make you blind to relevant entries. Processing meaningless requests consumes more CPU, RAM, and bandwidth. REST APIs in particular, often implemented in slow frameworks and programming languages with sluggish database connections, are highly vulnerable to DDOS2 attacks. Read more

It was the early 2000s and I was sitting there with a massive brick from Microsoft Press.1 The proud price back then: 129 Deutsche Mark. I flipped through it and felt a déjà vu: I knew these pages! Not in terms of content, but the layout, the structure, the examples, even the icons in the side notes: These were the lost manuals of the 1990s! Okay, for the younger generation, I’ll have to explain: Once software used to come in boxes. Big ones with printed books inside. At first, thick ring binders. Later, massive volumes printed on thin and razor-sharp bible-like paper. Overnight, these vanished. First to CD-ROMs, then into the still young internet. Read more

Security through obscurity1 is not working. This is not an allegation, it is a proven fact. Today’s proof has a particularly large impact on worldwide Microsoft Windows installations. The Windows Security Centre (WSC) API2 has been made to accept any program as an anti-virus solution. The WSC works as follows: If a manufacturer of an AV security solution wants to install his snakeoil, he/she first has to be able to switch off the anti-tempering mechanisms so that it is not identified as malware. Hence the extremely strict non-disclosure of this API until now. Read more

Yes, I have a passion for exotic languages. This time I experimented with Purebasic1 and wanted to see how quickly a robust, multi-threaded HTTP REST API could be created. Cross-platform for Linux, Windows and OS X, free of additional dependencies as a single-file binary behind a reverse proxy that takes care of everything with TLS and load balancing. The result is a complete skeleton framework that can be quickly customized for your own purposes. With only 100 KB, it is ridiculously small and extremely fast, with its own config file and logging. I even found time to integrate Swagger. The project is available on Codeberg, have fun!2 Read more

A few years ago, I introduced Enroute1 and was immediately excited.2 For the first time, there is an ‘uncluttered’ app for both (Linux) desktop and mobile devices for VFR navigation and planning. And it’s free and open source and covers all of Europe. A lot of progress has been made since then and I have been able to thoroughly test the operational capability of Enroute on various trips. I would like to share one of these trips here. Read more