Greg Molnar

How I fixed an electricity issue in my car

Tue, 17 Mar 2026 00:00:00 -0100

Not the usual content on this blog, bnut this is an interesting story to tell I believe. I own a 2015 Chrysler Town and Country minivan. It is a really good car and filled with electric components. The side doors, the booth, there are 2 screens a DVD player and a bunch of other stuff. Awesome when all is good, not so much when something breaks.

You are (probably) validating passwords wrong

Tue, 10 Mar 2026 00:00:00 -0100

You are a security concious developer and you follow the advice given by security folks to have strong password requirements, and you set a rule of having at least 10 characters, containing one uppercase, one lowercase letter, at least one digit and special character. Surely, this will result in strong passwords, right?

Blocking bots with fail2ban

Sat, 07 Mar 2026 00:00:00 -0100

If you run your own servers, you will surely get a lot of weird hackbot requests, searching for accidentally accessible .env files and such. While these bots are generally harmful, unless you have an issue, I prefer to block them so they don’t spam my logs. If it is a Rails app, I use rack-attack, but I also have some jekyll and other stuff and for those, fail2ban is a great tool to solve this issue. Fail2ban is an intrusion prevention tool, that scans your log files and based on rules, blocks clients on the firewall. It is available on most Linux distributions, and you can install it with your package manager, you can check the installation instructions on the projects documentation. Once installed and configured(you need setup the init service), we can add a “jail”, to block these bots to the /etc/fail2ban/jail.local config file:

Ruby proxy for SQLMap and Websockets

Mon, 23 Feb 2026 00:00:00 -0100

I was testing for SQL Injection on a target the other day, and after a little fuzzing indicated that there might be a vulnerability, I wanted to use SQLMap to make data exfiltration easier. But this vulnerability was part of a websocket request, and unfortunately, SQLMap doesn’t support websockets. One solution to this problem is to introduce a little proxy between the websocket endpoint and SQLMap and convert HTTP requests into websocket ones.

Customizing Omarchy with Ruby

Tue, 16 Dec 2025 00:00:00 -0100

Typecraft made a really good video about how he customizes Omarchy with a set of bash scripts, so he can replicate his setup easily on new machines. While his approach is good, I chose a different one to achieve the same goal. Bash is fine, but let’s be honest, Ruby is a much better language to work with, and since Ruby is installed on Omarchy anyways, I decided to script my setup with Ruby.

Ore, a Bundler-compatible gem manager

Fri, 31 Oct 2025 00:00:00 -0100

Since the Ruby Central drama, there are new tools popping up to manage Ruby versions and to install gems. Ore is one of these tools, but it is more of a bundler companion than replacement. It does one thing: downloading gems and installing them. It doesn’t manage rubies, it doesn’t even need Ruby to be installed. It is written in go and can be installed as a binary, let’s see what Ore does:

Ruby Triathlon 2025

Mon, 22 Sep 2025 00:00:00 +0000

September is conferencing season for me, and this year, I decided to do the Ruby Triathlon, so I attended Rails World in Amsterdam, FriendlyRb in Bucharest, and EuRuKo in Viana do Castelo.

On RubyCentral and Rubygems

Sun, 21 Sep 2025 00:00:00 +0000

I finally had a little time to look more into the Rubygems drama. I don’t know anything else than what you can publicly read and it looks like that information is also hard to trust.

Rails CVE-2025-55193 and CVE-2025-24293

Tue, 19 Aug 2025 00:00:00 +0000

We had two news Rails CVE published recently and both of them looks interesting from an exploitation stand point so I wanted to explore what could be achieved with them.

Exploiting LLM chatbots

Mon, 16 Jun 2025 00:00:00 +0000

It is becoming more and more common to use LLM chatbots for customer support and it is pretty easy to introduce security issues while implementing them. Here is a little story about such thing.