new blog

src/static/data/Blogs.ts

@@ -3,6 +3,8 @@ import Blog from "../../types/Blog";
 import CSMD from "./blogs/c-sharp-c-assignment.md";
 import TAB from "./blogs/there-is-a-blog.md";
 import HID from "./blogs/hidden-blog.md";
+import NWSSSL from "./blogs/nws-how-to-do-ssl.md";
+import SP2023 from "./blogs/spring-break-projects-2023.md";
 
 const CSharpBlog: Blog = {
     title: "Doing C assignments in C#",
@@ -28,6 +30,22 @@ const PrivateBlog: Blog = {
     private: true
 }
 
+const NWSSSLBlog: Blog = {
+    title: "Implementing SSL in NWS CDS",
+    date: new Date(2023, 0, 20, 12, 0, 0),
+    image: VrboImage,
+    mdfile: NWSSSL,
+    private: false
+}
 
-export const AllBlogs: Blog[] = [CSharpBlog, PrivateBlog, TestBlog];
+const SpringBreak2023Blog: Blog = {
+    title: "Spring Break 2023",
+    date: new Date(2023, 2, 11, 12, 0, 0),
+    image: VrboImage,
+    mdfile: SP2023,
+    private: false
+}
+
+
+export const AllBlogs: Blog[] = [CSharpBlog, PrivateBlog, TestBlog, NWSSSLBlog, SpringBreak2023Blog];
 

src/static/data/blogs/hidden-blog.md

@@ -1,3 +1,3 @@
 This blog is unique because it is hidden. 
 
-Congratulations on finding it! 
+Congratulations on finding it! Did you get here by trying out a bunch of URLs or from my [There is a Blog](http://nickorlow.com/blog?id=2) Blog?

src/static/data/blogs/nws-how-to-do-ssl.md

@@ -0,0 +1,21 @@
+##### Background
+NWS has a service that is tentatively called "Container Deployment Service (CDS)" (It was previously called "Cruise"). This service allows people to deploy a docker container to our cluster of kubernetes clusters. In it's current (read: early) form, NWS will add a GitHub Actions pipeline yaml file to the repo which a user wants to deploy. This yaml file will create a dockerfile, and build it into a docker container with 2 tags: an autogenerated semver, and the name of the branch. From here, the NWS API will store metadata about the application in a database and then add the kubernetes deployment manifests to a gitrepo (this is a newish thing that I learned about called gitops). [Rancher Fleet](https://fleet.rancher.io/) periodically scans this repo, and when it sees the new yaml file, it deploys it to all kubernetes clusters on the NWS network. Then, we use DNS loadbalancing to balance the load between all of the clusters. Formerly, we used HAProxy to balance requests, we no longer do but HAProxy is still running on the servers (this detail will be important later).
+
+##### The Issue
+In order to provide a secure connection for end-users of applications hosted on NWS (and so that browsers won't spit out warning messages that the site is insecure), it is important to have [SSL](https://www.websecurity.digicert.com/security-topics/what-is-ssl-tls-https) setup.  This is rather complicated to do since we want:
+
+1. Each application to have it's own certificate
+2. Certificates to be able to auto-renew
+3. Certificates to be able to auto-generate
+
+We have 3 (main) options for enabling SSL on NWS:
+
+1. We have people who host on NWS upload their own SSL certificates. This can be a pain since SSL certificates aren't super easy to generate, and the user would have to remember to upload new certificates.
+2. (This is what applications on NWS currently do) Proxy traffic through Cloudflare, which uses it's "Flexible" SSL option to allow for the connection between the client and CF to be encrypted while the connection between CF and NWS is not. This is insecure as traffic between CF and NWS is not encrypted. This is not ideal but currently since it's just personal sites, it's not a _huge_ deal. Additionally, this would require everyone who wants to host on NWS to use Cloudflare
+3. We use a tool to autogenerate certificates. This would be very hard to do with NWS' load balancing, but ultimately may be the best option.
+
+Getting auto generated SSL certificates is easy enough to do on a traditional webserver by using a tool such as `certbot`. However, since we have many instances of a single application running *and* we have multiple clusters running them, it would be hard to properly route requests to the pod that is running certbot. Additionally, trying to have all of the pods run `certbot` at once would not work since they would all generate unique certificate requests.
+
+##### The Solution
+The way NWS will work around this will be by having HAProxy to route all requests to the path `.well-known/acme-challenge/*` to an SSL generation server running on NWS. This server will run software that at some arbitrary time during the day will check the expiry of all SSL certificates, and any expiring within the next week will be renewed by certbot. Once renewed, they will be committed to the aforementioned git repo with the k8s manifest files. In the case of new applications, they will have their certificate request made automatically after creation.
+

src/static/data/blogs/nws-site-redesign.md

@@ -0,0 +1,36 @@
+This blog is also avaliable to read on the [NWS blog]().
+
+The NWS website got a facelift recently and with it came some technical changes.
+I also figured that I would take this time to explain how some of NWS' services work
+and how I plan to expand upon them in the future.
+## Addition of new API Features
+
+With this update, the NWS API got 3 new features: Uptime Monitoring, Incident Reporting, 
+and Blogging.
+
+###Uptime Monitoring
+Uptime Monitoring has been a part of the NWS website since its creation, however
+it was achieved by calling the API of the uptime monitoring service we use directly. This
+came with issues such as rate limiting if too many people visited the NWS website and
+we exposed the API key to clients, making it so that an attack in which someone
+causes our API key to be ratelimited would be possible.
+
+In this update, Uptime Monitoring was baked into the NWS API itself. The API still calls
+out to the aforementioned uptime monitoring service however, now the NWS website
+gets all of it's information from the NWS API. This fixes both of the problems above and
+allows for us to add more data to the endpoint in the future.
+
+There were two approaches I tried for this and ultimately decided on one. The first 
+approach was to store the uptime data in a static variable in the API and whenever a 
+user requested the data and the data was stale, we would fetch new data and return that.
+This was seen as a potential solution as it prevents API calls from being made when people aren't
+visiting the NWS website a lot. 
+//TODO: FINISH
+
+### Incident reporting
+
+### Blogging
+Blogging is not yet incorporated into the NWS website, however the backend is built out.
+The Blogging part of this 
+
+## NWS Website Redesign

src/static/data/blogs/spring-break-projects-2023.md

@@ -0,0 +1,68 @@
+It's Spring Break, and that means I finally have time to spend all day working on side projects without having to worry about school.
+
+I figured I should write out the side projects I plan to work on over the break
+ 
+## RingGold 
+`Rust, Swift, PostgreSQL`
+
+Last week, me and my cousin wanted to try out Apple's fitness competition feature that works with Apple Watch. It works
+by giving you 1 point for every percent you complete of your move, exercise, and stand goals with a point cap of 600
+per day. The issue with it was that it didn't work at all, not syncing on time if at all. I want to build a clone of it
+with some additional features such as:
+
+- **Notifications:** I didn't like how it was possible to workout and gain a bunch of points and just completely blindside your opponent. Hopefully this would encourage users to workout even more.
+
+- **Widget/Watch Complication:** Similar to the above, adding a homescreen widget or a watch complication would make it easier to keep up with your competitor's progress. 
+
+- **Custom Competitions:** I think it'd be nice to have competitions with custom rules and lengths so that you're not stuck with only one setting. Settings could include custom duration and custom caps on points.
+
+I'm building the web API for it in Rust and the mobile app in Swift. I chose these languages to gain more exposure to them, also
+Swift was a good choice since the app is going to be platform specific to iOS due to its need to integrate with Apple Watch. 
+*(this is named after New Ringgold, PA)*
+
+## NWS Container Deployment Service 
+`C#, Rancher`
+
+I've created my own hosting/cloud service called [Nick Web Services](https://nws.nickorlow.com). It currently allows people to deploy
+dockerized applications on my geo-distributed k8s clusters running on Dell Poweredge servers. In order to actually deploy this, I 
+had to manually create the Kubernetes manifest files and then ssh into each individual server and apply them. I've setup 
+Rancher Fleet to automate this process by pulling the manifest from a git repo (this is something called gitops). I also
+wrote an API to generate the manifest files and then upload them to a git repo. I have a video demo of this working that 
+you can watch [here](https://youtu.be/WHdXWMFHuqA).
+
+Currently, the service works for deployment but only if you don't want to use SSL or you use Cloudflare's flexible SSL
+technology. I wrote a separate blog post [here](http://nickorlow.com/blog?id=3) about the challenges of doing this and how I plan on implementing it. 
+I'd like to complete part of this implementation during the break.
+
+## VerifiedBot 
+`JavaScript, Rust`
+
+This project isn't a personal project, as a lot of it was built by my friends [Arpan](https://arpan.one) and [Ben](https://benaubin.com/).
+A little over a year ago, we wanted to make a Discord bot to verify that people on some Discord servers we ran 
+went to the University of Texas. Initially, it worked by verifying you had a utexas.edu email address and then verifying
+some additional information via LDAP. A few months ago Ben found out that using the SaaS survey software that the university uses
+(qualtrics), we could have users verify themselves by using the university's SSO system. This works because qualtrics can send
+data to a webhook when a survey is complete, and it can also require signing in with the university's SSO before filling out a survey.
+It required that I write a [wasm wrapper for an encryption library](https://github.com/Verified-Bot/aes-gcm-siv-wasm). I wrote almost all the code for this function last year, but 
+due to a bug in qualtrics, it wasn't working properly. It seems that this bug has been fixed and we can start rolling it out.
+
+
+## Personal Website Facelift
+`Typescript, React`
+
+My personal website (this one) is a little overdue for some design updates. My main focus will be making it more mobile
+friendly. Last year, I made some improvements to make it usable on mobile but it still doesn't feel quite right. I also
+think that it has some information overload in some areas such as the projects section. I think that to mitigate this I 
+might just have a small summary of each project and then you can click into each to learn more about it, similar to my 
+friend [Raul's Website](https://raulhigareda.com). I'm also considering a move to tab-based navigation so that I can have
+more information in . Further down the line, I think I might re-write it using Svelte as I'm seeing it being used more and more
+and would like to get some exposure to it.
+
+## Mahantongo
+`Rust, PostgreSQL`
+
+I'm one of the members of the Community Team that runs some UT Computer Science community Discord servers.
+Currently, a Discord bot called Carlbot provides us a star-board, which is a specific channel where messages that 5 or more people
+react to with a star emoji get posted. It's supposed to be a collection of the funniest and best messages sent on the server.
+One of the things our server members have wanted is the addition of more '*-board' channels where you can create multiple star-board
+like channels but with custom emojis. I'm writing it in Rust and I'm just hoping to use this project to get more acquainted with the language.