Infra Magician Logo
harshit.cloud Senior SRE
The lab

Things I'm probably not supposed to be building.

If the lair is the hardware, this is the software it ends up running. Mostly experiments that work right up until someone asks how. If you reached this page with curl, you didn't — that's the joke, scroll down for it.

currently
Currently building

  • Middle-out compression

    weissman score: climbing

    a lossless codec that does the impossible thing in the obvious order. legally distinct from anything that aired on HBO.

  • TOR relays + signal-TLS-proxy

    3 relays / 1 proxy

    a handful of relays and a proxy that makes my TLS look aggressively boring to anyone watching the wire.

  • Captive-portal bypass

    dns tunnel / 53 over everything

    hotel wifi has opinions about my MAC address. I have a DNS tunnel and no patience.

  • Scaling systems with k8s magic

    yaml / prayer / a little hpa

    the magic is mostly indentation. the scaling is mostly waiting for the node pool to feel like it.

Poke at the stack

The site has opinions you can interrogate from a terminal. Status is honest: live works today, wiring is a flipped switch away, planned is a weekend I haven't spent yet.

  • curl -s harshit.cloudlive

    403s you on sight. the only request this site refuses by user-agent. you've met it already.

  • dig AAAA harshit.cloudlive

    IPv6, dual-stack, answering now. orange-clouded through Cloudflare so the AAAA finally resolves; the 6 in v6 stopped meaning 'soon'.

  • ssh proxy.harshit.cloudlive

    a banner greets you before the password prompt does. no shell unless the box knows your key, but you do get a poem.

  • dig NS harshit.cloudplanned

    today it answers cloudflare. the plan is my own nameservers on my own metal. (that one's its own blog post.)

  • zufs5srx4x4xaukduvn3dbfhjesee3hy7bdtjsuiq7c4w35npyszfsyd.onionlive

    a v3 hidden-service mirror of this site, served off the tor relay in the closet. open it in tor browser. v2 is dead; this one isn't. (tor browser also auto-suggests it via the Onion-Location header.)

  • b6k54gstib5fmn4rage34vpwo2qhm4phu2hulmpid4u52nxof3opvvid.onionlive

    the web proxy, on its own v3 onion. reach the blocked web from inside tor, no exit node in the path. it lives on the same relay as the site mirror.

  • nus4hjq4rk7yesz6pxvmu32yxzt6ibelbloemmx33nxedyyuj5gnmiad.onionlive

    the paywall remover (ladder), on its own v3 onion. read the walled web from inside tor, where nobody's counting your free articles.

$ ssh proxy.harshit.cloud

  harshit.cloud  --  the box

  you found the ssh port. respect.
  this machine runs a tor relay (pewpew), a couple of
  proxies, and exactly zero shells for keys it doesn't know.

  got a key?  welcome back.
  don't?      the logs already said hello.   -> harshit.cloud/lab
What sshd hands you before the password prompt. The box logs every attempt; the banner is the only part it shares back.
Where the boxes live

The stack isn't in one place. I'm in Bengaluru, the box that runs the relay and the onion sits in New York, and the Hetzner box runs out of Helsinki. The arcs are the traffic that bounces between them, so the wire stays boring.

Dotted world map showing the relay node locations.bengalurunew yorkhelsinki
Commit messages, live and honest

Pulled fresh from whatthecommit.com on every refresh. Statistically indistinguishable from my actual git history.

harshit@lab — git log

$ git log --oneline -1

a1b2c3d

The relevant code

the curl gate

typescript
// middleware.ts — the gate you just (probably) didn't trip
const ua = request.headers.get('user-agent') || '';
if (/\bcurl\//i.test(ua)) {
  return new NextResponse("403 — nice try.", { status: 403 });
}
// feeds stay exempt via the matcher, so RSS readers live on.

middle-out, abridged

python
def middle_out(data: bytes) -> bytes:
    """Compress from the middle outward. Don't ask which middle."""
    mid = len(data) // 2
    left, right = data[:mid], data[mid:]
    # the trick is doing both halves at once and pretending
    # the seam was never there. weissman score does the rest.
    return interleave(deflate(left[::-1]), deflate(right))

what the 403 wanted

bash
# what the 403 wants you to do instead
curl -x https://proxy.sachin.cool:8443 \
     --tlsv1.3 --ciphers TLS_AES_256_GCM_SHA384 \
     https://harshit.cloud/lab
# now your handshake looks like everyone else's. that's the point.
Tools & sites
  • paywall.harshit.cloud

    reader / archive

    the paywall remover. ironic, given how few of my own posts have one.

  • meet.harshit.cloud/book

    self-hosted cal.com / 15 min

    grab 15 minutes on my calendar. self-hosted cal.com, so the only thing booking the slot is you, not a sales tool counting leads.

  • proxy.sachin.cool

    signal-tls-proxy front end

    the proxy the homepage keeps telling curl to use. pipe your requests through here and the wire stops being interesting.

Scan, if you must
Rust QR code with the ツ mark in the center, linking back to harshit.cloud/lab
The ツ in the middle is the site shrugging at you. It points back to this page anyway; the recursion is intentional, the disappointment is yours to manage.
← Back to home
The Lab | Harshit Luthra