Let’s consider a standard situation where you have a main work computer on which you have three different projects.
One project is on nodejs, the second is a production project on python, and the third is your personal “pet project”, also on python.
You also have personal and work email in the same system, and, say, a browser and home-banking.
And all this under your login.
Well, not under the root login, of course! ¯\_(ツ)_/¯
Everything is quite normal.

Many technically competent developers may have dozens of such projects.
And dozens of keys for SSH or GIT servers.

An example with the popular PyTorch framework

It’s quite ordinary: you write your code, commit it from time to time, and then a torchtriton update arrives in your cozy pet project.
And after that, the following data sets were transferred from your system, in accordance with the binary’s main function:

• Get system information:
  • nameservers from /etc/resolv.conf
  • hostname from gethostname()
  • current username from getlogin()
  • current working directory name from getcwd()
  • environment variables
• Read the following files:
  • /etc/hosts
  • /etc/passwd
  • The first 1,000 files in $HOME/*
  • $HOME/.gitconfig
  • $HOME/.ssh/*

The update arrived and the confidential data flew away.
It’s not just everything under your account (and possibly the system) has been compromised, but also, down the chain, everything you managed, committed to, and connected to.

Without going into detail about how exactly and why everything is organized, access is provided through the following chain:

Nginx stream ingress <> Main Nginx Frontend <> Nginx Backend inside GitLab instance.

The Main Frontend manages the gitlab subdomain, which is closed to external access via auth_basic authorization.

In this note I will not provide the full code for all components, I will only give snippets and tips on what to pay attention to when assembling a site on jekyll.

File modification time

Every page has at least three timestamp points in different files, page elements, or server responses, and they must all be the same.

• ld+json "dateModified": "2025-03-07T15:43:42+00:00"
• sitemap <lastmod>2025-03-07T15:43:42+00:00</lastmod>
• headres last-modified: Fri, 07 Mar 2025 15:43:42 GMT

Looking for whatever with low power consumption.
Found modules on mediatek, download documentation for SoM (System on Module).
You scroll through in search of how much the chip consumes.

What did the embedded system look like?

There is one small CubieBoard 2 next to the small router.
And there is no physical access to them.
A USB-UART is connected to a router controlled by LEDE, the pins of which are connected to CubieBoard2.
Both the router and CubieBoard2 are accessible via ssh.

It was the presence of UART in the assembly that allowed us to raise the fallen CubieBoard2 remotely.

How did it fail?

One day a regular update of the Debian kernel arrives
linux-image-4.9.0-8-armmp-lpae.
After the update the system stops responding.

How is this usually done?

Everything is simple here, you take out the microsd card, and then there is no need to describe it further.