Nic Acton tuffacton

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

Note

Hi, everyone. I've been putting in a lot of work on this over the last few ~~weeks~~ months (sob) and i'm currently underemployed! If you'd like to hire me to do CMS-based work (i focus on Craft and ExpressionEngine but i do some WordPress work as well), please reach out! Alternatively, if you'd like to chip in toward bills & groceries, that's a big help right now!

Updates (Most Recent First)

13 February 2025
8 February 2025
7 February 2025
6 February 2025
23 January 2025

PostgreSQL is Enough

Background and Cron Jobs

Anti-hype LLM reading list

Goals: Add links that are reasonable and good explanations of how stuff works. No hype and no vendor content if possible. Practical first-hand accounts of models in prod eagerly sought.

Foundational Concepts

Pre-Transformer Models

Docker with SSL and an nginx reverse proxy

Running your ASP.NET Core (or other) application in Docker using SSL should not be an overwhelming task. These steps should do the trick.

Run the following steps from a Linux terminal (I used WSL or WSL2 on Windows from the Windows Terminal).

1. Create a `conf` file with information about the cert you'll be creating

It should look something like the content below; call it my-site.conf or something like that.

Super fast, keyboard-optimized, client side Hugo search

This is a fork of and builds upon the work of Eddie Webb's search and Matthew Daly's search explorations.

It's built for the Hugo static site generator, but could be adopted to function with any json index.

To see it in action, go to craigmod.com and press CMD-/ and start typing.

CloudFormation API Gateway integration to Lambda function

Template that will create the following:

API Gateway:
- Deployed as a REGIONAL endpoint.
- Single root method, accepting POST requests only, with Lambda proxy integration to a target function.
In-line Python Lambda function echoing back requesting users IP address to API Gateway requests:
- IAM role for Lambda allowing CloudWatch logs access.
- Permissions for Lambda that allow API Gateway endpoint to successfully invoke function.

	#Many choices for an ingress controller


	#For our Ingress Controller, we're going to go with nginx, widely available and easy to use.
	#Follow this link here to find a manifest for nginx Ingress Controller for various infrastructures, Cloud, Bare Metal, EKS and more.
	#We have to choose a platform to deploy in...we can choose Cloud, Bare-metal (which we can use in our local cluster) and more.
	https://kubernetes.github.io/ingress-nginx/deploy/


	#Cloud: Azure (Same for GCE-GKE) This Ingress Controller will be exposed as a LoadBalancer service on a real public IP.

	(function () {
	"use strict";

	const MESSAGE_TYPE = {
	SDP: 'SDP',
	CANDIDATE: 'CANDIDATE',
	}

	let code;
	let peerConnection;