Old website of SerHack

At the beginning, I started my website on 14th May of 2017 when the recent Wannacry malware has appeared. My first post, in fact, was to discuss and to analyze the malware in deeper, explaining technical concepts to people who do not know anything about Windows and SMB.

In my life, I meet some people who costantely marked theirself as “expert” in Computer science, but after I have asked them some basic questions, I understood that it was a lie. Windows became “the worst operating system because, you know, RAM does not work well on Windows NT”, then C++ was defined as “A nerd language.. I do not need it to program my own AI (and then it was some “if” annidated)”. In order to improve a little bit this situation and share my knowdledge – even if I can not be defined “expert” (and I won’t) – I started to think to write my own blog.

In 2016, I have tried the popular and emergent blog platforming named “Medium” which, originally, I found very interesting. The combination of features including the support of markdown post made me curious. The first post was a simple “hello world” that describes me and what I usually do.

Out of curiosity, I read their Terms of Service and I discovered the license terms of the content published using their platform. I did not expect that, but all the contents belongs to Medium, a private company located in San Francisco, not to authors. This allows them to do anything they want with your own text, including publicizing Medium with your own content. Of course, “you own the rights to the content you create and post on Medium.” but, for example, if their server go down, your content is lost. Sure, you can save the article via web.archive.org, but let me point that not everybody knows this and not everybody saves more than 100 article to Web Archive.

The second motivation could be find in competitors. On Medium, above the article text usually it is showed some articles written by other people. If it should be considered MY blog, why do these articles written by others appear? I’m also terrified that their team could delete my post in any moments “without any specifical reasons”. Once my posts are deleted, my audience is done.

The third motivation is that is not customizable and you can not apply your styles. Changing the font is not possible, having your title more spaced is not possible and you can not modify the metadata which will be used by search engines. There are more motivations, stated in part by the article “Why you shouldn’t blog on Medium”, but in general those three motivation may be applied to any third party blogging platform.

The journey: from Wordpress to static website

First, when I have bought the serhack.me domain, I had to choose one platform to host my blog. Naturally, Wordpress was my first choice to have a performant and secure blog. However, these adjectvies seem to be more “theoretical” than practice. In three month, my website reached almost 1,000 people and there were 137 tentatives of trying to log into Wordpress panel using brute force.

The first article published was “Analisi Ransomware WannaCry” (translated into English: WannaCry Ransomware analysis) and as I have mentioned before, that was my first technical analysis. After more than two years, I can confess that analysis lacks of references, and expertise. I had to go in deeper about Wannacry and it would be interesting if I had analyzed the details with more attention.

The first version of my blog published in 14th May 2017

The first version of my blog published in 14th May 2017

For almost five months, the blog was only written in Italian and I used Wordpress. Wordpress was easy to use and set up, however I was very worried about security and performance implications. It is well known how upgrading Wordpress is a tedious process and sometimes your website could be down. I can also mention all the problems and the plugin incompatibilities with a new version of Wordpress. In addition to his, each view of my blog was costing about ~0.00050% of the CPU so imagine what it could be happened if 10000 visitators simultanely visited my website.

I should clarify I do not mean that Wordpress is not secure, more you will keep software updated and set up a protection, more safier your blog will be. As probably many readers know, I do not have too much time to study, imagine for almost-daily security and performance maintenance.

After that I choose to develop the blog by manually editing HTML files. “That should be easy” I though but nowadays I would rethink about it. I have supposed to publish an article for each four months, the template would not be changed and I did not even a logo. My first serious article written in English was about Envato bug bounty and it was published two years ago. It had been a discrete success; a lot of people wondered why Envato did not pay me and this contributed to my career.

The second version of my blog published in September 2017

The second version of my blog published in September 2017

Then I did not publish anything until Telegu issue appeared on Apple devices. I worked with Mitchell P.K-Thayer, one of the best content editor I have ever met in my career. Your help was precious, Mitchell! MoneroV: the scam cryptocurrency, Hackers could exploit online compilers, MEGA Chrome Extension hack and many others contributed to spread my blog around the world.

Neverthless my static website had some disadvantages that made me crazy to improve the situation. First of all, intrinsically the template needed to be updated (e.g. to add more menu entries or to fix that grammatical error on footer) and it was so difficult to track all the changes among 3 HTML files. In one year, with more than 25 articles – written in Italian and in English – how much time I should have spent on these. In a short time, I forgot to update all the pages and then some articles were using an old template while the recent ones used to have a cooler design.

The third version of my blog published in October 2017

The third version of my blog published in October 2017

One of my numerous boring afternoon I decided to end up this thing. I looked for the best static website generator and I choose GoHugo for its flexibility and its speed (a build can take only 10 seconds – awesome!). It is a growning project and I think it will deserve more surprises in terms of features.

Many improvements were implemented while moving the blog to GoHugo without coding all the features manually.

Auto-syntax for code boxes

I was tired to add syntax manually or to use third party solution to do it. GoHugo enables “Syntax Highlighting” by default using a new and fast engine called Chroma. It can also highlight lines on the code boxes. 10/10 would choose it again.

Adding categories and tags

With a line, GoHugo supports the addition of categories and tags per each post. The moment of manually editing all the HTML pages to include manually a new tag could be forgotten. Thanks GoHugo!

New pages: Publications and Home page

During all these years, my home was mainly dedicated to articles, and their description. At this time, I wanted to changed since I thought that people would come in home page to know about myself and not to search about an article. For this, I added a biography, and a section about how to contact me privately. All the articles can be found on the blog page. I’ve also inserted a new page named “Publications” where I wrote all the articles, books, and papers written by me and not hosted in this blog.

Future of SerHack

My website is almost 2,5 years old at the time of writing, and I published an article about every three months. My commitment will be about publishing an article almost every month on the most diverse topics: from blockchain, to reverse engineering. Obviously, not neglecting theoretical parts to explain to readers less accustomed. I will also try to write an Italian translation for every article I have on my blog.

Let me know if you have any suggestions or comments! I would like to thank anyone who sent me a feedback about graphics, content and my writing style.