Resize all images in subdirectories

For a project I was working on, I had a folder structure full of images and wanted to compress them to a specific maximum resolution in-place while retaining the aspect ratio using ImageMagick. The crucial point, as so often, were spaces and special characters in the folder names, making it really hard to use bash loops etc. to make this work. With the NULL character trick, luckily this works pretty well. The manual of xargs explains it like this: -0 Change xargs to expect NUL (``\0'') characters as separators, instead of spaces and newlines. This is expected to be used...

Sign your Git commits with PGP

In the last days I tinkered a bit with things in Git that I haven't tried yet. One was signed commits. Signed commits help other people to know that it's actually you who committed changes. So when people trust you as a person, they can also trust your code because they can verify that it's been actually done by you. It's pretty easy to set up and once configured, everything else will just happen automatically. Install GPG I'm on a Mac so I installed GPGSuite. It comes with a graphical interface as well as all necessary command-line tools. On Linux...

Download encrypted HLS content with ffmpeg

I maintain an archive of videos, especially documentaries from public media libraries from tv channels etc. on my NAS. Whilst I can use youtube-dl for the most part, it's rather difficult for sites that use HTTP live streaming (HLS) to stream their content. In the most cases this is even AES-128 encrypted, which makes it difficult to download it. But since there's players that support playback, it's obviously possible to decode the stream on the client side. ffmpeg is the swiss army knife for video/audio encoding and muxing and therefore the perfect utility for downloading encrypted HLS content. I...

Securing macOS

Even though there are like one million guides on how to secure macOS properly, I decided to throw in my 5c on this topic. In contrast to many other guides, I'd just like to provide you with the best practices that I also use. This one is about the essential things that I always do when getting a new Mac to provide better security while preserving almost all macOS features like iCloud document saving or Time Machine usage. Threat model My threat model is more tailored towards security when accessing the device physically (leaving it at the hotel or a...

Gmail DNS records for Hetzner Domain Robot

During a setup change I had to temporarily move my incoming mailserver to Gmail and while I am now back in my own mail server, I again had this major headache of configuring the my DNS (using BIND) because I always forget the dots in the end of CNAME and MX records because usually I dont create nameserver records for external domains... So anyway here is the final configuration I used in Hetzners Domain Robot: mail IN CNAME ghs.google.com. @ IN MX 1 ASPMX.L.GOOGLE.COM. @ IN MX 5 ALT2.ASPMX.L.GOOGLE.COM. @ IN MX 5 ALT1....