Ian Foster

When the defaults just aren’t enough

TRMNL Plugins

A collection of custom plugins for TRMNL e-ink displays. The repository provides a Docker-based development environment for creating and testing plugins that extend TRMNL functionality.

October 6, 2025 · 1 min

Software Supply Chain Security: The Case for Minimal Dependencies

In 2016, removing an 11-line npm package called left-pad broke thousands of projects worldwide. Nine years later, attackers compromised packages with 2.6 billion weekly downloads using phishing and self-propagating malware. The Problem: A Decade of Escalating Supply Chain Attacks Timeline March 2016: Left-pad incident - removing an 11-line dependency broke thousands of projects including Babel and React. October 2021: ua-parser-js compromise - library with 7M+ weekly downloads hijacked multiple times, injecting cryptocurrency miners and password stealers. ...

September 23, 2025 · 4 min

Drouter

Drouter provides dynamic route injection for Docker containers through label-based configuration. The systemd service monitors Docker containers and automatically configures static routes in their network namespaces without requiring elevated privileges within the containers themselves. The system uses Docker labels to specify routing rules and applies them automatically when containers start or stop. This enables complex networking setups where containers need custom routing tables while maintaining security by avoiding privileged container execution for network configuration tasks.

September 21, 2025 · 1 min

Drouter: Dynamic Route Injection for Docker Containers

When working with Docker containers on complex networks, you often need to add static routes so containers can reach networks that aren’t directly connected to their default gateway. This becomes especially important when using macvlan network drivers where containers get their own IP addresses on your physical network. I’ve just released drouter, a lightweight systemd service that solves this problem by automatically injecting routes into Docker containers based on simple labels. The Problem Consider this scenario: you’re using a macvlan network driver so your containers get real IP addresses on your network (say 192.168.1.0/24). Your router is at 192.168.1.1, but you have additional internal subnets like 10.0.0.0/8 that are reachable through a different gateway at 192.168.1.254. ...

September 20, 2025 · 3 min

ARIN IPv4 Waitlist Tracking

ARIN IPv4 Wait-list Tracking analyzes ARIN’s IPv4 address wait-list and provides statistical insights into wait times and allocation patterns. The Python-based system tracks historical data on IPv4 block requests and clearances to estimate processing times for different network block sizes. The web dashboard displays real-time analytics including current wait-list sizes, estimated wait times for /22, /23, and /24 blocks, and historical trends in IPv4 address allocation. This tool helps network administrators understand IPv4 scarcity patterns and plan address allocation strategies as IPv4 exhaustion continues.

September 20, 2025 · 1 min

ESPHome ESP32 Coredump Debugging

When developing with ESPHome on ESP32 devices, crashes can be frustrating to debug without proper stack traces. Enabling coredumps provides detailed crash information to help identify the root cause of issues. Configuration To enable coredump functionality, you’ll need to modify your ESPHome configuration and create a custom partition table. This setup is for the Arduino framework - ESP-IDF configurations will differ slightly. ESPHome Configuration Add the following to your ESPHome YAML configuration: ...

August 22, 2025 · 2 min

Adtran Fiber ISP Hacking

Adtran 411 Security Audit Adtran produces equipment for fiber ISPs. I was provided an Adtran 411 by my current ISP for Internet access and decided to take a deep look into it. Hardware The Adtran 411 is a small GPON fiber ONT (Optical Network Terminal) designed to give symmetrical gigabit fiber Internet to SOHO users. It connects to the ISP via a GPON uplink and provides the user a normal ethernet RJ-45 connector to plug their router into and a RJ-11 port for a landline to be tunneled over VOIP. ...

August 15, 2025 · 8 min

Day Night Map

A real-time visualization of day and night regions across the world using accurate solar and lunar positioning calculations. The project renders day/night terminator lines, solar and lunar positions, and smooth twilight gradients on an interactive world map using HTML5 Canvas. The visualization integrates the SunCalc library for astronomical calculations and features optimized pixel-level rendering with support for multiple map projections (Equirectangular and Mercator). Additional features include moon phase visualization, responsive design, timezone customization, and a grayscale mode optimized for e-ink displays. The map updates every minute to reflect current celestial conditions.

July 27, 2025 · 1 min

VLAN Scout

VLAN Scout discovers active VLANs and their configurations through passive monitoring and active probing. The tool identifies VLAN segments by analyzing network traffic and attempting connections across different VLAN IDs. The implementation supports multiple discovery protocols including DHCP, IPv6 neighbor discovery, LLDP, and CDP. VLAN Scout can operate in both passive monitoring mode to observe existing traffic and active probing mode to test VLAN accessibility and configuration.

July 22, 2025 · 1 min

Bambu P1s Hacking

Bambu P1S Hacking contains firmware dumps, PCB analysis, and X-ray scans of the Bambu Labs P1S 3D printer’s ESP32-S3 controller board. The repository documents reverse engineering efforts to understand the printer’s firmware architecture and hardware implementation. The collection includes multiple firmware dumps processed through bin-voter to generate corrected flash images, detailed PCB trace analysis, and hardware documentation. This research provides insights into the printer’s embedded systems and potential modification opportunities.

July 13, 2025 · 1 min