@@ -18,7 +18,7 @@ fmt.Println("usage: replace [old string] [new string]")
 		os.Exit(1)
 	}
 
-	oldLine, newLine := os.Args[1], os.Args[2]
+	oldStr, newStr := os.Args[1], os.Args[2]
 
 	posts, err := os.ReadDir(dir)
 	if err != nil {
@@ -33,8 +33,9 @@ }
 
 		lines := strings.Split(string(input), "\n")
 		for i, line := range lines {
-			if strings.Contains(line, oldLine) {
-				lines[i] = newLine
+			if strings.Contains(line, oldStr) {
+				line = strings.ReplaceAll(line, oldStr, newStr)
+				lines[i] = line
 			}
 		}
 		output := strings.Join(lines, "\n")

@@ -41,7 +41,7 @@ 
 I'm generally uninterested in social media and don't often post on any.
 
 If you're interested in **hiring me** -- here's my
-[résumé](https://x.icyphox.sh/resume.pdf).
+[résumé](https://cdn.icyphox.sh/resume.pdf).
 
 ## this site
 

@@ -38,7 +38,7 @@ was getting my Minecraft launcher to run. The JRE isn't fully ported to `musl`
 yet.[^1] The solution to that is fairly trivial and I plan to write about it
 soon. (hint: it involves chroots)
 
-![](https://x.icyphox.sh/LDq8W.png)
+![](https://cdn.icyphox.sh/LDq8W.png)
 
 ## Packaging for Alpine
 

@@ -56,7 +56,7 @@ 
 - [radicale](https://radicale.org): Cal/CardDAV server
 - [Pleroma](https://pleroma.social): Single-user federated social media
     instance
-- [filehost](https://x.icyphox.sh)
+- [filehost](https://cdn.icyphox.sh)
 - [gonic](https://github.com/sentriz/gonic): Music streaming server
 - [crxn](http://deavmi.assigned.network/docs/crxn/site/): Cool network
     of cool people.

@@ -28,7 +28,7 @@ below), some infosec work and the usual SRE stuff. I'll probably write
 about the observability infrastructure in detail sometime -- perhaps on
 the company blog.
 
-![deepsource observability infra](https://x.icyphox.sh/vgPL9.png)
+![deepsource observability infra](https://cdn.icyphox.sh/vgPL9.png)
 
 I even managed to break prod within the first month! But in all
 seriousness, it's pretty riveting work, with some very fun people.

@@ -41,8 +41,8 @@ cloud-native security, and some more Kubernetes.
 
 Oh, and here are a few pictures from our trip to the Maldives.[^1]
 
-![maldives 1](https://x.icyphox.sh/FX~bI.jpg)
-![maldives 2](https://x.icyphox.sh/DMHDG.jpg)
+![maldives 1](https://cdn.icyphox.sh/FX~bI.jpg)
+![maldives 2](https://cdn.icyphox.sh/DMHDG.jpg)
 
 [^1]:  If you're in Bangalore and are looking for work, definitely
     consider [applying to DeepSource](https://careers.deepsource.io)!

@@ -23,7 +23,7 @@ service that works via email. Email is the perfect tool for this
 use-case: works offline; you can organize it however you like; you own
 your data.
 
-![forlater arch](https://x.icyphox.sh/JNAn4.png)
+![forlater arch](https://cdn.icyphox.sh/JNAn4.png)
 
 Pictured above is how forlater works. Each component is explained below.
 

@@ -88,7 +88,7 @@ 
 I can't go without posting what it actually looks like in my notebook;
 so here, have a FOIA-declassified-looking picture of my bullet journal.
 
-![bullet journal](https://x.icyphox.sh/QzrdK.jpeg)
+![bullet journal](https://cdn.icyphox.sh/QzrdK.jpeg)
 
 This was when I first attempted the weekly log. Evidently, I struggled
 to compute dates accurately.  And yes, "rice acme" was a task -- one
@@ -99,7 +99,7 @@ the book with a pencil and I plan to continue with it until I finsh this
 notebook -- there's still about half of it left. I plan to cop a dotgrid
 notebook for my next one, and start using a pen.
 
-![notebook with sticker](https://x.icyphox.sh/0psb8.jpeg)
+![notebook with sticker](https://cdn.icyphox.sh/0psb8.jpeg)
 
 At first I was sceptical. I didn't think I'd stick to it. But hey, looks
 like I did. I've been using my bullet journal spinoff method to great

@@ -82,7 +82,7 @@ registrations happening. Expect phishing and malware campaigns using the
 virus as a theme. In the past 24 hrs, ~450 `.com` domains alone were
 registered.
 
-![](https://x.icyphox.sh/SgswL.png)
+![](https://cdn.icyphox.sh/SgswL.png)
 
 Anywho, there are bigger problems at hand -- like the fact that my uni
 still hasn't suspended classes!

@@ -142,7 +142,7 @@ Of course, if you're a nobody on Twitter (like me), this is a non-issue for you.
 
 And please, don't do this:
 
-![](https://x.icyphox.sh/gqoHr.png)
+![](https://cdn.icyphox.sh/gqoHr.png)
 
 ## Conclusion
 

@@ -21,7 +21,7 @@ [Meckeys](https://meckeys.com). They aren't particularly abundant in
 variety, but there's some decent prebuilts that you can pick up on
 there -- and I copped the Ducky One 2 SF.
 
-![Ducky One 2 SF side view](https://x.icyphox.sh/5LSG7.jpg)
+![Ducky One 2 SF side view](https://cdn.icyphox.sh/5LSG7.jpg)
 
 It's a 65% board, so unlike standard 60% boards, this comes with arrow
 keys and the `Del`, `PgUp` and `PgDn` keys. I don't _really_ need the
@@ -31,7 +31,7 @@ `~` keys are merged. I have to hit `Shift + Esc` for tilde (same action
 as usual), and `Fn + Esc` for the backtick. Takes a bit of relearning,
 but it's manageable.
 
-![Ducky One 2 SF top-down view](https://x.icyphox.sh/tRdNw.jpg)
+![Ducky One 2 SF top-down view](https://cdn.icyphox.sh/tRdNw.jpg)
 
 The key switches I went with were the Cherry MX Speed Silvers -- like
 Reds but actuate a bit faster. As it's my first ever mechanical

@@ -29,11 +29,11 @@ Android phones have the ability to capture Bluetooth (HCI) traffic
 which can be enabled under Developer Options under Settings. We made 
 around 4 "unlocks" from the Android phone, as seen in the screenshot.
 
-![](https://x.icyphox.sh/IO5G0.png)
+![](https://cdn.icyphox.sh/IO5G0.png)
 
 This is the value sent in the `Write` request:
 
-![](https://x.icyphox.sh/rJVoE.png)
+![](https://cdn.icyphox.sh/rJVoE.png)
 
 We attempted replaying these requests using `gattool` and `gattacker`,
 but that didn't pan out, since the value being written was encrypted.[^1]

@@ -141,4 +141,4 @@ trying to debug my issues.
 
 I'll now conclude with an obligatory screenshot.
 
-![scrot](https://x.icyphox.sh/R6G.png)
+![scrot](https://cdn.icyphox.sh/R6G.png)

@@ -49,7 +49,7 @@ vote each recieve extra power during the race. Yup. You read that right.
 They made a World Championship racing series a social media popularity
 contest.
 
-![formula e broadcast](https://x.icyphox.sh/VOodw.png)
+![formula e broadcast](https://cdn.icyphox.sh/VOodw.png)
 
 My last gripe is with the broadcast. It's so bad! They really should
 lose the gamer graphics. The driver list on the left is not color coded

@@ -223,7 +223,7 @@ PS1='$(~/dotfiles/prompt/prompt) '
 ```
 
 And here's what it looks like, rendered:
-![go prompt](https://x.icyphox.sh/boh7u.png)
+![go prompt](https://cdn.icyphox.sh/boh7u.png)
 
 ## benchmarking
 

@@ -84,7 +84,7 @@ involves JSON parsing with [`jq`](https://stedolan.github.io/jq/).
 That's it! It's so small, but I learnt a ton. For those curious, here's
 what it looks like running:
 
-![](https://x.icyphox.sh/orGJ9.png)
+![](https://cdn.icyphox.sh/orGJ9.png)
 
 ## Update latest post on the index page
 

@@ -117,7 +117,7 @@ altogether (hint: Facebook), but that's a discussion for another day.
 
 Or be like me:
 
-![](https://x.icyphox.sh/fI7nL.jpg)
+![](https://cdn.icyphox.sh/fI7nL.jpg)
 
 
 And that pretty much wraps it up, with a neat little bow.

@@ -35,7 +35,7 @@ 
 Since my RPi is behind a CG-NAT, I'm running a Wireguard mesh that looks
 something like this:
 
-![wireguard mesh](https://x.icyphox.sh/1Xkvh.png)
+![wireguard mesh](https://cdn.icyphox.sh/1Xkvh.png)
 
 Wireguard is fairly trivial to set up, and there are tons of guides
 online, so I'll skip that bit.
@@ -124,7 +124,7 @@ In essence, it makes one of your nodes attract all the traffic,
 assigning each `LoadBalancer` service an IP from a configured address
 pool (not your node IP). In my case:
 
-![jade loadbalancer](https://x.icyphox.sh/zuy96.png)
+![jade loadbalancer](https://cdn.icyphox.sh/zuy96.png)
 
 However, this assumes that our load balancer node has a public IP. Well
 it does, but we're still within our Wireguard network. To actually

@@ -66,7 +66,7 @@ ## why should you migrate?
 
 Because Pleroma is cleaner, leaner[^3] and prettier looking[^4]. Oh, and we
 have chats.
-![screenshot of pleroma + soapbox-fe](https://x.icyphox.sh/l8g5y.png)
+![screenshot of pleroma + soapbox-fe](https://cdn.icyphox.sh/l8g5y.png)
 
 [^1]: [Erlang install guide](http://erlang.org/doc/installation_guide/INSTALL.html)
 [^2]: [Elixir install guide](https://elixir-lang.org/install.html#compiling-from-source-unix-and-mingw)

@@ -63,4 +63,4 @@ further incentivised to dispose of my Google account.
 
 And here's the screenshot y'all were waiting for:
 
-![](https://x.icyphox.sh/d03i0.png)
+![](https://cdn.icyphox.sh/d03i0.png)

@@ -72,7 +72,7 @@ container. This is convenient for many reasons, keeps your global
 namespace clean and a single command to drop into a Kali shell.
 
 I use a DigitalOcean droplet (BLR1) as a public filehost, found at
-[x.icyphox.sh](https://x.icyphox.sh). The UI is the wonderful
+[cdn.icyphox.sh](https://cdn.icyphox.sh). The UI is the wonderful
 [serve](https://github.com/zeit/serve), by [ZEIT](https://zeit.co). The
 same box also serves as my IRC bouncer and OpenVPN (TCP), which I tunnel
 via SSH running on 443. Campus firewall woes. 

@@ -97,4 +97,4 @@ Note to the Nullcon organizers: you guys did a fantastic job running the
 conference despite Corona-chan's best efforts. I'd like to suggest one
 little thing though -- please VET YOUR SPEAKERS more!
 
-![](https://x.icyphox.sh/EjO-E.jpg)
+![](https://cdn.icyphox.sh/EjO-E.jpg)

@@ -291,7 +291,7 @@ 
 vim.o.statusline = table.concat(stl)
 ```
 
-![statusline](https://x.icyphox.sh/statusline.png)
+![statusline](https://cdn.icyphox.sh/statusline.png)
 
 ## this is what being tpope feels like
 

@@ -152,4 +152,4 @@ / -- --\
                     ~icy
 ```
 
-![openbsd rice](https://x.icyphox.sh/zDYdj.png)
+![openbsd rice](https://cdn.icyphox.sh/zDYdj.png)

@@ -83,4 +83,4 @@ 
 And oh, here's the protective case [nerd](https://peppe.rs) fashioned
 out of cardboard.
 
-![](https://x.icyphox.sh/zn2I3.jpg)
+![](https://cdn.icyphox.sh/zn2I3.jpg)

@@ -136,7 +136,7 @@ user registrations from XMPP/Jabber clients (security risk!), by setting
 `allow_registration = true`.
 
 I may have missed something important, so here's [my
-config](https://x.icyphox.sh/prosody.cfg.lua) for reference.
+config](https://cdn.icyphox.sh/prosody.cfg.lua) for reference.
 
 ## Closing notes
 

@@ -63,10 +63,10 @@ It's not much, and
 I can't be bothered to format them like a collage or whatever, so I'll
 just dump them here -- as is.
 
-![](https://x.icyphox.sh/4oTZB.jpg)
-![](https://x.icyphox.sh/EApua.jpg)
-![](https://x.icyphox.sh/40hAp.jpg)
-![](https://x.icyphox.sh/uCDR-.jpg)
+![](https://cdn.icyphox.sh/4oTZB.jpg)
+![](https://cdn.icyphox.sh/EApua.jpg)
+![](https://cdn.icyphox.sh/40hAp.jpg)
+![](https://cdn.icyphox.sh/uCDR-.jpg)
 
 ## C'est tout
 

@@ -49,7 +49,7 @@ 
 Ultimately, this bot placed 7th out of 9 contestants -- an underwhelming
 outcome. I had to fix this.
 
-![day 1](https://x.icyphox.sh/gk1i0.png)
+![day 1](https://cdn.icyphox.sh/gk1i0.png)
 
 ## day 2
 
@@ -99,7 +99,7 @@ These changes paid off, though. I placed 4th on day 2, out of 13
 contestants! This screenshot was taken on my phone as I was eating
 dinner.
 
-![day 2](https://x.icyphox.sh/5ZJfT.png)
+![day 2](https://cdn.icyphox.sh/5ZJfT.png)
 
 All wasn't well though -- I still lost 4 matches, for the reasons below:
 
@@ -159,7 +159,7 @@ submissions (and some updated submissions), and a lot of them checked
 `0x000` for existence of a bot, effectively recking me. I placed 8th out
 of 14 contestants, with 7 wins and 6 losses. Tough day.
 
-![day 3](https://x.icyphox.sh/IKqxD.png)
+![day 3](https://cdn.icyphox.sh/IKqxD.png)
 
 ## day 4: the finals
 
@@ -175,7 +175,7 @@ were all claimed by ARM, and naturally so -- they had a potential
 throughput of 64 bytes per cycle thanks to `stmia`, compared to x86's 32
 bytes. Pretty neat!
 
-![day 4](https://x.icyphox.sh/DJbEE.png)
+![day 4](https://cdn.icyphox.sh/DJbEE.png)
 
 ## links and references
 

@@ -76,16 +76,16 @@ Start by running it, and entering any arbitrary string. On entering a fairly
 large string, say, “A” × 20, we
 see a segmentation fault occur.
 
-![](https://x.icyphox.sh/qrN69.png)
+![](https://cdn.icyphox.sh/qrN69.png)
 
 Now, open it up in `gdb` and look at the functions inside it.
 
-![](https://x.icyphox.sh/3j-MJ.png)
+![](https://cdn.icyphox.sh/3j-MJ.png)
 
 There are three functions that are of importance here, `main`, `winner` and 
 `gadget`. Disassembling the `main` function:
 
-![](https://x.icyphox.sh/p2iFF.png)
+![](https://cdn.icyphox.sh/p2iFF.png)
 
 We see a buffer of 16 bytes being created (`sub	sp, sp, #16`), and some calls
 to `puts()`/`printf()` and `scanf()`. Looks like `winner` and `gadget` are 
@@ -93,7 +93,7 @@ never actually called.
 
 Disassembling the `gadget` function:
 
-![](https://x.icyphox.sh/1T8XT.png)
+![](https://cdn.icyphox.sh/1T8XT.png)
 
 This is fairly simple, the stack is being initialized by `push`ing `{r11}`,
 which is also the frame pointer (`fp`). What’s interesting is the `pop {r0, pc}`
@@ -107,7 +107,7 @@ in `pc`. Neat.
 
 Moving on to the disassembly of the `winner` function:
 
-![](https://x.icyphox.sh/BDtJr.png)
+![](https://cdn.icyphox.sh/BDtJr.png)
 
 Here, we see a calls to `puts()`, `system()` and finally, `exit()`.
 So our end goal here is to, quite obviously, execute code via the `system()`
@@ -121,7 +121,7 @@ 
 Back to `gdb`, hit `r` to run and pass in a patterned input, like in the
 screenshot.
 
-![](https://x.icyphox.sh/7IDsI.png)
+![](https://cdn.icyphox.sh/7IDsI.png)
 
 We hit a segfault because of invalid memory at address `0x46464646`. Notice
 the `pc` has been overwritten with our input.
@@ -139,7 +139,7 @@ ```shell
 $ python -c 'print("AAAABBBBCCCCDDDDEEEE\x28\x05\x01\x00")' | ./rop2
 ```
 
-![](https://x.icyphox.sh/A~RaT.png)
+![](https://cdn.icyphox.sh/A~RaT.png)
 
 The reason we don’t jump to the first instruction is because we want to control the stack
 ourselves. If we allow `push {rll, lr}` (first instruction) to occur, the program will `pop`
@@ -182,7 +182,7 @@ 
 ```
 (gdb) find &system, +9999999, "/bin/sh"
 ```
-![](https://x.icyphox.sh/SiNzl.png)
+![](https://cdn.icyphox.sh/SiNzl.png)
 
 One hit at `0xb6f85588`. The addresses of `gadget` and `system()` can be
 found from the disassmblies from earlier. Here’s the final exploit code:
@@ -201,7 +201,7 @@ Honestly, not too far off from our pseudo-code :)
 
 Let’s see it in action:
 
-![](https://x.icyphox.sh/9ob4r.png)
+![](https://cdn.icyphox.sh/9ob4r.png)
 
 Notice that it doesn’t work the first time, and this is because `/bin/sh` terminates
 when the pipe closes, since there’s no input coming in from STDIN.

@@ -102,7 +102,7 @@ 
 ssh -Y pantwo signal-desktop &> /dev/null
 ```
 
-![signal desktop](https://x.icyphox.sh/HwF45.png)
+![signal desktop](https://cdn.icyphox.sh/HwF45.png)
 
 ## caveats
 

@@ -14,7 +14,7 @@ **Asus ROG Flow X13 (2021)**: 13.4" 4K, Ryzen 9 5900HS, 32GB RAM, 1TB
 SSD, Nvidia GTX 1650 Max-Q. Even more future proof than the Envy --
 evidently. Runs Linux quite well; not sure about BSD.
 
-![lotus58 keyboard](https://x.icyphox.sh/wsHGX.jpg)
+![lotus58 keyboard](https://cdn.icyphox.sh/wsHGX.jpg)
 **Lotus58**: Split-ortho mechanical keyboard, Gazzew Boba LT switches.
 
 **Logitech M221**: An el cheapo wireless mouse that mouses just enough.