About Me §
Projects §
malware-filter: A collection of blocklists:
urlhaus-filter: A set of blocklists to restrict malware-hosting websites. Enabled by default in uBlock Origin. Based on URLhaus.
phishing-filter: A set of blocklists to restrict phishing websites. Bundled with uBlock Origin, requires manual enablement. Curated from PhishTank, OpenPhish and IPThreat
botnet-filter: A set of blocklists to restrict malicious IPs such as botnet.
splunk-malware-filter: A Splunk add-on to update malware-filter lookups.
tracking-filter: A set of blocklists to restrict javascript links that perform browser fingerprinting. Based on DuckDuckGo Tracker Radar. Blokada version blocks more tracking links but the trade-off is more false positive; available at blokada.org.
(Inactive) vn-badsite-filter: A set of blocklists to restrict malicious websites targeting Vietnamese users; also suitable for global users. Based on Hieu Minh Ngo‘s list.
(Inactive) pup-filter: A set of blocklists to restrict websites that host potentially unwanted programs (PUP). Based on Zhouhan Chen‘s malware-discoverer.
splunk-scripts: Splunk add-ons, patches, setup scripts and threat hunting.
aws-scripts: AWS CDK templates and security audit scripts.
(Inactive) Core contributor of Hexo, a Nodejs-powered static site generator. (This site is created using Hexo)
hexo-yam: Yet Another Minifier plugin for Hexo. Minify static web assets and compress using brotli and zstd.
hexo-nofollow: A Hexo plugin that adds
rel="external nofollow noopener noreferrer"
to all external links in your blog posts.
Architecture §
mdleom.com is served from two identical VMs hosted in a cloud provider. The VMs are using NixOS and Caddy web server. The web server functions as a file server to serve static website. Each VM has cloudflared to connect the web server to Cloudflare CDN using an outbound tunnel. Each cloudflared instance acts as a replica that connects to the same tunnel to provide active-passive failover.
The web server itself is also able to failover to mirrors (Cloudflare Pages, Netlify, GitLab Pages and GitHub Pages). Blog content is deployed from a GitLab repository which hosts the source. The source is compiled to static site using Hexo. The compiled site is deployed to the web servers using ssh-secured rsync. SSH/rsync to the servers is only available via Tailscale network.
The GitLab repository also hosts images and attachments, images are resized on-the-fly using Cloudflare Images. microblog source is hosted on the microblog
branch.
More details are available in the following series of posts:
- Part 1: Install NixOS
- Part 2: Configure NixOS
- Part 3: Configure Caddy
- Part 4: Setup Tor hidden service
- Part 5: Configure I2P
- Setup Cloudflare Argo Tunnel in NixOS
- Running Tailscale in GitLab CI/CD with Alpine container
Services §
- SimplyTranslate: Provide fast and private translations to the user without wasting much overhead for extensive styling or JavaScript. Supports Google Translate engine.
- Lingva: An alternative front-end for Google Translate. Retrieves the translation without using any Google-related service.
- Wikiless: A free open source alternative Wikipedia front-end focused on privacy.
- Scribe: Alternative front-end to Medium.com
- LibMedium: Privacy-focused proxy for medium.com
- Rimgo: An alternative frontend for Imgur. Images and albums can be viewed without wasting resources from downloading and running tracking scripts.
- Quetre: A libre front-end for Quora.
- libremdb: A free & open source IMDb front-end.
- AnonymousOverflow: View StackOverflow in privacy and without the clutter.
- LibreTranslate: Free and Open Source Machine Translation API.
- Redlib: Private front-end for Reddit.
- BiblioReads: An Alternative Private Goodreads Front-End.
- Mozhi: Alternative-frontend for many translation engines.
- Dumb: Private alternative front-end for Genius.
- Intellectual: Alternate frontend for Genius focused on privacy and simplicity.
Publications §
- Leom, MD, Deegan, G, Martini, B & Boland, J 2021, ‘Information disclosure in mobile device: examining the influence of information relevance and recipient’, HICSS, pp. 4632-4640. PDF
- Leom, MD 2020, ‘User privacy preservation on mobile devices: investigating the role of contextual integrity’, PhD thesis, University of South Australia. PDF
- Leom, MD, Choo, K-KR & Hunt, R 2016, ‘Remote wiping and secure deletion on mobile devices: a review’, Journal of Forensic Sciences, pp. 1-20, doi: 10.1111/1556-4029.13203. Postprint
- Leom, MD 2015, ‘Remote wiping in Android’, MSc thesis, University of South Australia. PDF
- Leom, MD, D’orazio, CJ, Deegan, G & Choo, K-KR 2015, ‘Forensic collection and analysis of thumbnails in Android’, Trustcom/BigDataSE/ISPA, IEEE, pp. 1059-66, doi: 10.1109/Trustcom.2015.483. Postprint