Skip to content

2025

The msvcrt.zip MkDocs Setup

The way this blog is set up, we've actually got two blog domains set up, each being published to automatically by a workflow on Tangled. One of these domains hosts the public site you're probably reading this on (https://blog.msvcrt.zip) and the other, more secret domain hosts the same site, but with drafts enabled.

That's the most interesting part of the setup, and it's most of what this post will be about, though there's a couple other things I'd like to document here for anyone else trying to do something similar.

The msvcrt.zip Tangled Setup

For a long time, I've signed all my git commits with my GPG key. There's some problems with this, and it doesn't provide as much verification as it seems like it should, but I've done it.

Recently (well, recently enough) I started contributing to Gentoo GURU, which requires not only signed commits, but signed pushes. It has a custom gitlite setup that requires signed pushes and transparently logs the push certificates.

And I do the same thing now, on Tangled.

Copy-Robust: A script for copying large files from endpoints on the moon

Imagine, for a minute, that you're an incident response analyst and you've just finished a memory dump on a machine you suspect was infected with malware. This is a laptop that's assigned to someone who works remotely from (you have to assume) the goddamn moon, because their network connection is both incredibly slow and even more unreliable. You've tried to copy the memory dump off using your EDR solution. It keeps failing because of the awful network connection.

That's the situation I found myself in when I wrote this script.