fixed rebase issue

updated compose
ignoring compose now
2026-03-05 01:33:06 -06:00 · 2026-03-05 01:28:39 -06:00 · 2026-03-05 01:26:40 -06:00 · 2026-03-05 01:24:40 -06:00 · 2026-03-05 01:21:13 -06:00 · 2026-03-05 01:17:38 -06:00
18 changed files with 455 additions and 128 deletions
--- a/28
+++ b/28
@@ -0,0 +1,28 @@
 from flask import Flask
 from app import build
 from pathlib import Path
 import markdown
 import os
 from dotenv import load_dotenv
 app = Flask(__name__)
 PRIVATE_VAULT_DIR = Path("/vault")
 PUBLIC_VAULT_DIR = "/content"
 build.obsidian_vault(PRIVATE_VAULT_DIR) # initialize the private obsidian repo
 build.public_vault(PRIVATE_VAULT_DIR, PUBLIC_VAULT_DIR) # initialize the public notes from the private repo
@app.route("/")
 def index():
    md_content = "# Welcome to my blog!\nThis is rendered from **Markdown**.\n##[test](http://localhost/test)"
    html_content = markdown.markdown(md_content)
    return html_content
@app.route("/api/vault-update") #webhook for vault updated
 def update_vault():
 # TODO SECURE THIS WITH SECRETTTTT or auth header
    print(build.public_vault(PRIVATE_VAULT_DIR, PUBLIC_VAULT_DIR))# initialize the public notes from the private repo
    return "vault-rebuilt"
@app.route ("/<filename>") # renders a filename if not otherwise specified
 def render_post(filename):
    return build.html_file(filename, PUBLIC_VAULT_DIR)
--- a/.env
+++ b/.env
@@ -1,2 +1,5 @@
 obsidian_vault=/home/venus/Documents/Personal-Wiki
 obsidian_vault_url=git.riverrooks.dev/Personal-Wiki
 OBSIDIAN_VAULT_URL=git.riverrooks.dev/Personal-Wiki
 obsidian_vault_token=bd8cd9301ae2c1c5bacfb3340492acb5e862686a
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,3 @@
 app/__pychache__
 public-vault
 compose.yml
--- a/29
+++ b/29
@@ -0,0 +1,29 @@
 FROM python:3.14-slim
 #install git
 RUN apt-get update && apt-get install -y \
    git \
    && rm -rf /var/lib/apt/lists/*
 #install dependencies
 RUN mkdir /app 
 COPY app/requirements.txt /app
 RUN pip3 install -r /app/requirements.txt
 #parse from .env file
 ARG DEBUG_MODE=0
 ARG obsidian_vault=/home/venus/Documents/Personal-Wiki
 ARG OBSIDIAN_VAULT_URL=git.riverrooks.dev/venus/Personal-Wiki
 ARG obsidian_vault_token=bd8cd9301ae2c1c5bacfb3340492acb5e862686a
 ENV FLASK_DEBUG=$DEBUG_MODE
 ENV FLASK_APP=app
 # ENV OBSIDIAN_VAULT=$obsidian_vault
 ENV OBSIDIAN_VAULT_URL=$OBSIDIAN_VAULT_URL
 ENV OBSIDIAN_VAULT_TOKEN=$obsidian_vault_token
 COPY app /app
 ENTRYPOINT ["flask"]
 CMD ["run", "--host=0.0.0.0", "--port=80"]
--- a/app/Dockerfile
+++ b/app/Dockerfile
@@ -1,21 +0,0 @@
 FROM python:3.10-slim AS builder
 ARG DEBUG_MODE=0
 ENV FLASK_DEBUG=$DEBUG_MODE
 ENV FLASK_APP=app
 COPY requirements.txt
 RUN pip3 install -r requirements.txt
 COPY . .
 EXPOSE 443
 ENTRYPOINT ["flask"]
 # CMD [ "run", "--host=0.0.0.0", "--port=80"]
 CMD ["--app", "app", "run", "--host=0.0.0.0", "--port=443"]
--- a/app/_init_.py
+++ b/app/_init_.py
@@ -1,35 +0,0 @@
 from flask import Flask
 import markdown
 from pathlib import Path
 app = Flask(__name__)
 CONTENT_DIR = Path(__file__).parent.parent / "content"
@app.route("/hello")
 def hello_world():
    return "<h1>Hello, World!</h1>"
@app.route("/")
 def index():
    # Write your markdown content
    md_content = "# Welcome to my blog!\nThis is rendered from **Markdown**."
    # Convert it to HTML
    html_content = markdown.markdown(md_content)
    return html_content
@app.route ("/post/<filename>")
 def render_markdown_file(filename):
    filePath = CONTENT_DIR / f"{filename}.md"
    # 3. Protect against missing files
    if not filePath.is_file():
        return f"<h1>404</h1><p>Could not find {filename}.md in {filePath}</p>", 404
    # else:
    #     return f"<h1> found</h1> <p> found {filename} in {filePath}</p>"
    # 4. Open, read, and convert the file
    with open(filePath, "r", encoding="utf-8") as f:
        textContent = f.read()
    htmlContent = markdown.markdown(textContent)
    return htmlContent
--- a/app/init.py
+++ b/app/init.py
@@ -0,0 +1,28 @@
 from flask import Flask
 from app import build
 from pathlib import Path
 import markdown
 import os
 from dotenv import load_dotenv
 app = Flask(__name__)
 PRIVATE_VAULT_DIR = Path("/vault")
 PUBLIC_VAULT_DIR = "/content"
 build.obsidian_vault(PRIVATE_VAULT_DIR) # initialize the private obsidian repo
 build.public_vault(PRIVATE_VAULT_DIR, PUBLIC_VAULT_DIR) # initialize the public notes from the private repo
@app.route("/")
 def index():
    md_content = "# Welcome to my blog!\nThis is rendered from **Markdown**.\n##[test](http://localhost/test)"
    html_content = markdown.markdown(md_content)
    return html_content
@app.route("/api/vault-update") #webhook for vault updated
 def update_vault():
 # TODO SECURE THIS WITH SECRETTTTT or auth header
    print(build.public_vault(PRIVATE_VAULT_DIR, PUBLIC_VAULT_DIR))# initialize the public notes from the private repo
    return "vault-rebuilt"
@app.route ("/<filename>") # renders a filename if not otherwise specified
 def render_post(filename):
    return build.html_file(filename, PUBLIC_VAULT_DIR)
--- a/app/build.py
+++ b/app/build.py
@@ -1,26 +1,61 @@
 from obsidian_parser import Vault
 import shutil
-from git import Repo
+import markdown
 from pathlib import Path
 import os
 def html_file(filename, contentPath): #renders markwown from filename 
    filePath = Path(f"{contentPath}/{filename}.md")
    # 3. Protect against missing files
    if not filePath.is_file():
        return f"<h1>404</h1><p>Could not find {filename}.md in {filePath}</p>", 404
    # open the file for reading
    with open(filePath, "r", encoding="utf-8") as f:
        textContent = f.read()
    # convert it to markdown
    htmlContent = markdown.markdown(textContent)
    return htmlContent
 def clone_secure_repo(url: str, token: str = "", dest: str): # clone a gittea repo using optional security token into dest dirand return a path to the directory
    return dest
-def public_notes(src: str): # return a list of notes tagged with public from an obsidian directory
+def obsidian_vault(dest = "/vault"): # makes sure there is a vault in dest
-    # build vault from source
+    from git import Repo
-    vault = Vault(src)
+    url = os.getenv("OBSIDIAN_VAULT_URL")
-    if vault:
+    token = os.getenv("OBSIDIAN_VAULT_TOKEN")
-        print ("found vault")
+    if not(token):
-    else:
+        print ("token not found, cant build vault")
        raise NameError("tokenNotFound")
        return 0
    url = f"https://{token}@{url}"
    if os.path.exists(os.path.join(dest, '.git')):
        #TODO handle merge conflictsjjj
        print (f"pulling vault from {url} in {dest}")
        repo = Repo(dest)
        origin = repo.remotes.origin
        origin.fetch()
        origin.pull(strategy_option='theirs')
        print ("vault updated")
        return 1
    print (f"building vault from {url} in {dest}")
    Repo.clone_from(url, dest)
    print("cloned vault!")
    return 1
 def public_vault(privateVault = "/vault", dest = "/content"): # build the public vault in dest from an obsidian repo in src
    vault = Vault(privateVault)
    if not(vault):
        print("could not find vault")
-        return []
+        raise NameError("vaultNotFound")
        return 0
-    # return a list ofnotes
+    print(f"valid vault{vault}")
    return vault.get_notes_with_tag("public")
    publicNotes = vault.get_notes_with_tag("public")
-def buld_public_vault(src: str, dest: str): # build the public vault in dest from an obsidian repo in src
+    print(f"publicNotes: {publicNotes}")
-    for note in public_notes(src):
+    for note in publicNotes:
        print(note.title)
        shutil.copy2(f"{note.path}", dest)
--- a/app/requirements.txt
+++ b/app/requirements.txt
@@ -1,2 +1,5 @@
 flask
 markdown
 obsidianmd-parser
 GitPython
 python-dotenv
--- a/compose.yml
+++ b/compose.yml
@@ -1,15 +1,13 @@
 services:
  app:
    build: 
      context: app
      args:
        - DEBUG_MODE=1
        - obsidian_vault_url=https://git.riverrooks.dev/Personal-Wiki
        - obsidian_vault_token=bd8cd9301ae2c1c5bacfb3340492acb5e862686a
    ports:
-      - '80:80'
+      - '8188:80'
    volumes:
-      - ./content:/content
+      - ./content:/content #public
-  # public_vault_builder:
+      - ./public-vault:/vault #private
  #   build:
  #     context: public_vault_builder
  #   volumes: 
  #     - ./public_vault:/content
--- a/public_vault/Cyber-Crime.md
+++ b/public_vault/Cyber-Crime.md
--- a/content/Malware.md
+++ b/content/Malware.md
@@ -0,0 +1,296 @@
 #public 
 # Malware/malicious software
 - **Malware**: software written with intent to do HARM
 ```mermaid
 flowchart TD
    A[Data] <---> B[People]
    A <---> C[Devices]
    B <---> C
 ```
 > Greatest Vulnerability is People
 ## Malware types
 - **virus:** program to modify other programs
 - **Worm**: program that spreads itself
 > diff b/t virus and worm is method of movement
 - **Trojan**: an innocent program that hides malware inside
 - **Ransomware**: require payment to remove (often in exchange for decryption key)
 - **Phishing**: Faking identity in order to build trust to encourage specific user behavior
 - **DOS/DDOS**: (distributed) denial of service to overwhelm services and prevent legitimate activity from getting through
 # Threat Actors
 | Group            | Motivations                                              |
 | ---------------- | -------------------------------------------------------- |
 | Nation States    | Intelligence Infrastructure                              |
 | Groups of people | Intimidate, org-goals                                    |
 | Individuals      | ego, \$\$\$, etc                                         |
 | Insider Threats  | Those inside of an organization who abuse trusted access |
 >Insider Threats are the Greatest challenge in cyber-sec
 > There is an upward trend in the amount of malware and damage done in USD. 5 month avg for identifying breaches
 # CIA TRIAD
 ```mermaid
 flowchart TD
    A[Confidentiality] <---> B[Integrity]
    A <---> C[Accessibility]
    B <---> C
 ````
 True security manages all 3, our job is to find the right balance
 ## CONFIDENTIALITY
 	Ensuring that only authorized users can access data
 ### 3 Types of confidentiality
 | type            | definition                                                                 | exampe                    |     |
 | --------------- | -------------------------------------------------------------------------- | ------------------------- | --- |
 | Confidentiality | limiting access to information including the existence of such information | "What conversation"       |     |
 | Privacy         | Limit the information shared                                               | Not giving away PII       |     |
 | Secrecy         | Data not to be shared beyond small circle                                  | Restricting access to PII |     |
 - **PII**: personally identifiable information
 ## INTEGRITY
    Ensure data and system resources are trustworthy
    Trustworthy: known author, not maliciously modified
 | Catagory | definition |
 | --- | --- |
 | Data integrity | Data has not been modified or overwritten |
 | Origin Integrity | maintaining the authorship and chain of editors |
 | System  integrity | overall design of processes that work with data |
 > While confidentiality is often considered the "Traditional" focus of security, Integrity can be considred just as important
 ## AVAILABILITY
 Authorized users can access data and systems when needed.
 Confilicts directly with Confidentiality, this balance is our job.
 DDOS/DOS attacks affect availibility.
 > "If one person can have access, many have access"
 # What is security?
 > Just fire-walling/encrypting your system $\neq$ security
 **Security is a systems issue**, good security is a heuristic endeavor encompassing the following questions:
 1. What are we protecting?
 2. What can go wrong?
 3. What are we going to do about it?
 4. Did we do a good job?
 You need to deal with policy and procedure. E.G. talking to non-tech savvy people or encouraging more scrutiny of strange emails
 - **Forensics:** determine what was done when
 ```mermaid
 mindmap
 	id))system((
 		id(Hardware(
 		id(Software(
 		id)networking(
 ```
 # The Five As
 | [[Malware#Authentication]] | Verification of a user's Identity            | static password           |
 | ------------------------ | -------------------------------------------- | ------------------------- |
 | Access control           | control who is allowed access to something   | ACT card                  |
 | [[Malware#Accounting]]     | keeping track of activity                    | logs of command history   |
 | [[Malware#Auditing]]       | checking for suspicious behavior or failures | log analysis              |
 | Action                   | taking action on a threat                    | changing a users password |
 ## Authentication
 > How do we know who you say you are? j do we know you're authorized?
 ### 3 mechanism of authentication:
 | something you **know** | Static username and passwd                                           |
 | ---------------------- | -------------------------------------------------------------------- |
 | something you **have** | one time password (OTP) --> usually **2nd device** as authentication |
 | something you **are**  | Biometric credential                                                 |
 ## Accounting
 - cant have $\infty$ storage, so what do you keep?
 ## Auditing
 You need to know your system is compromised if you're taksed to protect it.
 "Did something happen?"
 This is looking at logs created and making policies to take action of some kind
    you also need to determine the action to take
 # measures and countermeasures
 | prevention | measures to **stop breaches**     | Gaurd at the gate, strong authentication policy |     |
 | ---------- | --------------------------------- | ----------------------------------------------- | --- |
 | detection  | measures to **detect breaches**   | beggining, ongoing, or afterwords               |     |
 | Reaction   | measures to **recover of assets** | Rebuild, Repair, Pursue                         |     |
 ```mermaid
 flowchart TB
 id1[Passwords are easy to guess] --> id2[Password policies] --> id3[Users write down passwds] --> id4[etc]
 ```
 # Insider threats
 - **Threat**: An event of condition that has the potential to cause loss or undesirable consequences
 - **Insider Threat**: threat caused by someone inside of the organization
    - Disgruntled employee
    - Careless employee
 |       |IT sabatoge| Theft of IP   | Fraud | Espionage |
 | ---   | ---       | ---           | ---   | ---       |
 | WHO   | techinal/priveleged access | scientists, programmers, engineers, sales | fincacial pros, low/mid developers, customer service | anybody |
 | WHEN | on/before termination | ~60 days b4 leaving | Long period of time |  long period of time |
 | WHY | revenge | new job, start company | Greed, financial need | dissatisfaction, greed, financial need |
 ## Identifying Insider Threats:
 - Who has the most access?
    > Don't assume sysadmin is the villan, just be aware of their access level
 - become the insider. "Think like the attacker" 
 - most employees dont join to become insiders
 ## Lifecycle of an insider
 1. Recruitment/tipping point
 2. Search/Reconnisance
 3. Acquisition/collection
 4. Exfiltration/Action
 # Threat Modeling
 > The equifax breach exploited a known vulnerability that equifax didn't patch for months. $1.4 Billion in damages 
 ## The fundamental security problem
 There are more attacks than can be reasonably stopped with limited time/money
 ## Why threat model
 - Proactive vs Reactive
 - Prioritization
 - Systematic approach
 - Find problem's you'd otherwise miss
 - Legal compliance
 ## The cost of a vulnerability
 ![[Diagram 2.svg]]
 ## What is threat modeling?
 A structured process to identify, quantify, and address security risks in a system or process
 ## Key Questions
 1. What are we protecting
 2. What can go wrong
 3. What are we going to do about it
 4. did we do a good job
 ## Steps
 ### 1. define scopes and assets
 ### 2. Create architecture diagram
    - Data flow
    - Network diagram
    - Component diagram
    - Trust breakdown diagram
 ### 3. Identify threats
 | S     | spoofing Identity         |
 | ---   | ---                       |
 | T     | Tampering with data       |
 | R     | Repudation                |
 | I     | Information disclosure    |
 | D     | Denial of servie          |
 | E     | Escalation of privelege   |
 > [[Malware#CIA Triad]]
 ### 4. Rank and prioritize threats
 #### DREAD 
 on a scale of 1 - 10
 Risk = (D+R+E+A+D)/5
 | D    | Damage potential  |
 | ---  | ---               |
 | R    | Reproducability   |
 | E    | Exploitability    |
 | A    | Affected Users    |
 | D    | Discoverability   |
 Ex: Mybama SQLI
 | D   | 10  |
 | --- | --- |
 | R   | 10  |
 | E   | 7   |
 | A   | 10  |
 | D   | 8   |
 R 9 = (10 + 10 + 7 + 10 + 8) / 5 
 9 is a **Critical threat**
 #### Impact/likelyhood table
 | likelyhood | low | med | high |
 | ---------- | --- | --- | ---- |
 | low        | 1   | 2   | 3    |
 | med        | 2   | 4   | 6    |
 | high       | 3   | 6   | 9    |
 | < 3   | < 6   | 9 |
 | ---   | ---   |---|
 | low, fix when possible | Vulnerable. Fix ASAP | HUGE PROBLEM |
 ### 5. Determine Mitigation
  1. **Eliminate**: remove the vuln --> unused admin page
  2. **Mitigate**: Reduce likelihood of attack --> Sanitize SQL inputs
  3. **Transfer**: Move to somewhere else --> send it to your SSO
  4. **Accept**: It's good enough --> password logins (using microsoft)
 ## Why it works:
 1. Systematic, not random
 2. Visual
 3. Collaborative
 4. Proactive
 5. Prioritized
 6. Documented
 # Encryption
 ## Symmetric V. Asymmetric
 - **Symmetric encryption**: Uses a single key
 - **Asymmetric encryption**: Uses two keys
 ```mermaid
 stateDiagram-v2
        state symmetric{
        plaintext
        }
        state asymmetric{
        text
        key
        }
        text --> encryption
        key --> encryption
        encryption --> cyphertext 
        plaintext --> encryption
        cyphertext --> decryption
        decryption --> Plaintext
 ```
 ### Asymmetric key encryption
 > Asymmetric has 2 keys and is more computationally expensive
 takes 2 keys, and runs the encryption algo on the combined input
 1 is the private key, one is the public
    how do you securely send the keys?
 ### Symmetric key encryption
 Cheaper, older and more common
 > Block cipher
 - **DES**: Data Encryption Standard
    - Oldest standard
    - originally labbeled by NIST
 - **AES**: Advanced Encryption Standard
    - updated DES, more computationally signifigant for modern computing
 - **3DES**: 3 Data Encryption Standard
    - does DES 3 times
 - **TLS**: Transport Layer security
    - for high level web traffic 
 - **SSL**: Secure Socket layer
    - for secure communication between machine
 ## Feistel block cipher
 Takes initial input, splits in half, encrypts left half, and switches. Repeats 
 The key is used in encryption through a reversable algorithm.
 ![[Pasted image 20260217083518.png]]
 ## Diffie Heiman Key exchange
 Symmetric means you have to pass around the key,
 Asymmetric is computationally expensive
 Diffie-Heiman is a solution
 1. Publish your public key
 2. Send hash function with any work you then publish
 3. Your public key can be used to verify integrety of any published work
    3a. verifying file downloads
    3b. git commits
 You can aslo force 1-way encryption with a block cipher so:
 data --> hash
 but not:
 hash --> data
 any slight change of input, dramatically changes output (Avalance effect)
 > since encryption methods take any size and hash it to a fixed size, collisions are possible. Furthermore, Collisions are going to be vastly different inputs
 ## Hash functions
 - Md5
 - Sha1
 - Sha3
 - Sha256
 - RSA
--- a/public_vault/Website
+++ b/public_vault/Website
--- a/content/test.md
+++ b/content/test.md
@@ -1,3 +1,11 @@
 ---
 public: "true"
 tags:
  - public
 ---
 # This is a test
 and this is p
-*italics*
+[https://localhost/test]()
 [asd](https://localhost/test)
--- a/public_vault/test.md
+++ b/public_vault/test.md
@@ -1,7 +0,0 @@
 ---
 public: "true"
 tags:
  - public
 ---
 # This is a test
 and this is p
--- a/public_vault_builder/Dockerfile
+++ b/public_vault_builder/Dockerfile
@@ -1,14 +0,0 @@
 FROM python:3.12-slim
 run mkdir /public-vault
 WORKDIR /build
 COPY requirements.txt .
 RUN pip3 install -r requirements.txt
 COPY . .
 CMD ["python", "build.py"]
--- a/public_vault_builder/build.py
+++ b/public_vault_builder/build.py
@@ -1,25 +0,0 @@
 from obsidian_parser import Vault
 import shutil
 from git import Repo
 # repo_url = "https://gitlab.com/username/my-vault.git"
 dest = "/content"
 src = "Personal-Wiki"
 # Load a vault
 vault = Vault(src)
 if vault:
    print ("found vault")
 else:
    print("could not find vault")
 # Find notes by exact name
 note = vault.get_note("test")
 # Findd all public notes
 publicNotes = vault.get_notes_with_tag("public")
 for note in publicNotes:
    print(note.title)
    shutil.copy2(f"{note.path}", dest)
--- a/public_vault_builder/requirements.txt
+++ b/public_vault_builder/requirements.txt
@@ -1,2 +0,0 @@
 obsidianmd-parser
 GitPython
Author	SHA1	Message	Date
venus	e8a0831809	fixed rebase issue	2026-03-05 01:33:06 -06:00
venus	5ed4acf7bf	updated compose	2026-03-05 01:28:39 -06:00
venus	4e35dabde7	ignoring compose now	2026-03-05 01:26:40 -06:00
venus	f6f192da26	basic webhook tested	2026-03-05 01:24:40 -06:00
venus	ebb6aa0f56	basic webhook	2026-03-05 01:21:13 -06:00
venus	cf6fc0da33	started webhook	2026-03-05 01:17:38 -06:00
venus	427c3b6427	public notes work now	2026-03-05 00:02:39 -06:00
venus	13d7676ff4	fixed names and function defs	2026-03-04 23:51:07 -06:00
venus	e9b1a95b9a	improved readability again	2026-03-04 23:33:00 -06:00
venus	48d27184be	improved readability	2026-03-04 23:32:08 -06:00
venus	c41f3a0286	implemented public vault initialization	2026-03-04 23:22:54 -06:00
venus	d6a1d30747	addded todo comment	2026-03-04 23:12:40 -06:00
venus	35f0edbc83	updated gitignore and build.py works to update vault	2026-03-04 23:10:09 -06:00
venus	f22fb410ab	updated compose	2026-03-04 19:47:56 -06:00
venus	58e972e65f	vault clones from env vars in compose	2026-03-04 19:46:37 -06:00
venus	bacbd48d30	added gitignore again	2026-03-04 18:03:05 -06:00
venus	62dcfab912	updated to render md from content dir	2026-03-04 18:00:42 -06:00
venus	6c6cccae49	added repo key	2026-03-04 16:37:17 -06:00
venus	7612837e82	updated .env	2026-03-04 16:32:39 -06:00
venus	fdbced9192	updated dockerfile and flask app name	2026-03-04 16:29:41 -06:00
venus	99a0df522e	moved dockerfile	2026-03-04 16:27:53 -06:00
venus	1b177e3d86	removed some folders	2026-03-04 16:27:30 -06:00
venus	d3c8d6e544	docker works	2026-03-04 16:23:43 -06:00