← Back to Home

There is no magic in Elixir!

If you're anything like me, you probably started to learn Elixir and wanted to skip to the shiny stuff right away. Sure there's some basics to sift through like the data types and specific syntax elements but after that, we can finally build a distributed, scalable, performant masterpiece of an application! - Riiigt? Granted, even if you're a bit more of a sane person, once you get to work with Supervisor, GenServer, Agent and other modules alike, you can't help but feel that things have been simplified a lot for you. That's great but sometimes, this comes at the cost of a framework doing complex magic that you have no hope of deciphering if something ever goes wrong.

I've read a few books on Elixir by now and yes, most of them will tell you that this is not the case in Elixir/OTP and things are actually really simple internally but... that's exactly what someone with lost of complex magic in their modules would say, eh! In short, You've probably read about this topic but you probably also didn't believe it. If you have not yet done your own research, this article is here to slap some code in your face to proof to you how thin of a layer a lot of the shiny stuff in Elixir is and provide some insight on why it works so nicely.

Read more →

Serving static assets on a subpath in Phoenix

If you create a new Phoenix project, without using the --no-html flag, a static plug will be added to your endpoint. Because of this, a lot of people recommend to just edit that, if you want to serve static files from a subdirectory. However, this can get a bit tricky if you have data stored in different directories - or use Phoenix purely as an API.

When someone asked about this on the elixir-lang Slack, my first response was:

Read more →

Phoenix end-to-end testing in real life


There are lots of articles on testing in Elixir, and probably ten times as many for each Javascript frontend framework. But what if we want to test all of it together? - Be advised that end-to-end tests do not replace unit and integration tests on either the backend or frontend, however, I think they do have their place in a good test suite for the following reasons:

Read more →

Implementing MQTT in Elixir: Part 1 - Intro and Setup

Library Source Code at the end of this article: Rayman git repo
Playground Source Code at the end of this article: Rayman Playground git repo


This article is the first in a series of posts about creating a Hex package in Elixir that will implement a common network protocol. In this case, the protocol in question is MQTT. We will implement the MQTT protocol based on the MQTT 3.1.1 specifications, from the ground up, leveraging Elixir's pattern matching for easily processing binary data.

Read more →

Elixir: Testing protected Phoenix controllers

A common problem

Testing protected endpoints in Phoenix controllers is a topic that sparks confusion - at best, and controversy at worst - amongst a surprising lot of people. When using Guardian or other pluggable ways of authorizing requests, this behaviour has to be taken into consideration for controller tests. Multiple pull requests in the Guardian repository were working towards a solution for this, Guardian Backdoor, which has now been moved into its own repository.

While this will certainly solve this issue for Guardian users in the future, let's explore a simple, fast approach for authorization bypassing that can be used with any kind of plug based authentication pipeline.

Read more →

Synology DSM 6.x VPN via Command Line

Synology DSM and VPN connections

Synology DSM offers you a quite simple interface for managing your VPN connections, however, aside the fact that it is missing a lot of advanced options, that are needed for certain providers, it also lacks the possibility of automation. For example, the reason I am writing this is, I am using an OpenVPN connection on my second Synology station together with multiple gateways. That's all fine and good, however, as soon as the VPN client gets into a timeout, it will try to resolve the host name in the config via the VPN gateway, which is now inaccessible. The only way I found to fix this, is simply reconnecting to the VPN server. Sadly, Synology doesn't make that simply exactly simple.

Basics of Synology VPN handling

Synology is using various scripts and flags for handling vpn connections. All of the relevant files for this are found in /usr/syno/etc/synovpnclient Also, the binary file the disk station uses for connection handling is found at /usr/syno/bin/synovpnc, aliased to synovpnc A list of the files and directories in this directory:

Read more →

Synology DSM 6.x Access any user's downloads

A little backstory

A few weeks ago, I decided to build a little tool for my Synology Download Station, since I was not quite satisfied with the features DS Download offered me for simple monitoring. However, while testing out the API as it was documented in official API docs, I stumbled upon some rather unusual behaviour, that allows you to access details of any download task, even if it does not belong to the user you're authenticated as.
While this actually is a security issue, as Synology confirmed upon my report, I do not think that users would rate their download tasks crucial information. And those who do might not even share their Download Station access with other users to begin with. So while this is obviously a bug that needs to - and according to their response will be - fixed, it is not a terrible leak but more of a reminder of an age old discussion.

The tale of incremental ID's

There have been numerous discussion about this topic in the past, and I think this little bug is a good reminder of why you should not use incremental ID's. If we break our System down to the very basic, whatever it may be, as soon as it involves access control, there are two main factors that decide whether or not a user can access a certain resource:

Read more →

Setting up a Syncplay server on Ubuntu / Debian

What is Syncplay?

Syncplay is a tool that allows you to synchronize media players between multiple clients, which allows you to watch video files, that you and your friends have, together on different machines, without shouting 3.. 2.. 1.. every time someone takes a break for a second. It works by either one of the users providing a server on their local machine for the clients to join, or everyone joining a public server.

While setting up a server for your own is not that difficult, it's quite laborious to do it every time you want to watch something. Public servers are also rather rare and sometimes not reachable all the time. Plus some people would prefer to have their own server running anyways. So here's how!

Read more →

Using a custom login style on a Synology DiskStation

Requirements and Goals

This article is aimed towards people who want to customize the login screen of their Synology Disk Station beyond the possibilities the settings UI offers. This does however require some basic knowledge of the underlying technology of both, the system and the web overview. It also requires logging in to your disk station via terminal, which, while is possible with only basic knowledge, is always a certain risk. Please be careful, when tinkering around on your device!

The scripts and examples in this article are used to manipulate the CSS and Favicon of your Disk Station's login screen. With the information given, it is technically possible to perform additional changes, such as completely altering the login screen's HTML, though I would not recommend doing this.

Read more →