Skip to content

Instantly share code, notes, and snippets.

Avatar

briangordon

78 followers · 6 following
View GitHub Profile
@briangordon
briangordon / git-review-aliases.txt
Last active September 16, 2022 17:51
Aliases for code reviewing GitHub pull requests using a GitFlow/OneFlow branching model
View git-review-aliases.txt
*****************************************************************************************************************************
Introduction
The code review workflow that I prefer is to check out a feature branch, then `reset --soft` to move the branch HEAD to
just before the changes. That way I still have all of the changes in my working copy, and those exact changes are staged
for commit. My IDE will highlight the changed lines right in the editor and let me click the gutter to view a quick diff.
This is incredibly useful. But problems arise when develop has been merged into a running PR, bringing along a whole bunch
of other unrelated changes that have already been reviewed. I don't want all of those other changes to be highlighted in
my IDE, but I do want them in my working copy.
@briangordon
briangordon / markets discussion.md
Last active May 4, 2021 01:03
View markets discussion.md

Session 1: Preliminaries

  • Bid/ask spread
    • Stock quotes
    • Measure of liquidity
    • Steady state (order book, market depth, types of orders)
    • How prices move
  • Market makers
    • NYSE vs NASDAQ vs crypto
  • Advantages given in exchange for risk
@briangordon
briangordon / chrome.json
Created February 2, 2020 06:53
Jess Frazelle's Google Chrome seccomp profile combined with the default docker profile
View chrome.json
{
"defaultAction": "SCMP_ACT_ERRNO",
"syscalls": [
{
"name": "accept",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "accept4",
@briangordon
briangordon / ludi-nginx.conf
Last active March 11, 2021 04:54
My personal nginx configuration for sharing files
View ludi-nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
# Mine. Probably not necessary but why not
@briangordon
briangordon / README.md
Last active March 11, 2021 04:33
ddclient for Cloudflare DNS / DO
View README.md

This is a ddclient setup for updating Cloudflare DNS from a DO droplet.

You do get one free floating IP which makes dynamic DNS pointless, but you'll get charged if you want to turn off the droplet. Running ddclient lets you keep using Cloudflare DNS without manually updating your A records.

Debian Buster (current stable) only has ddclient 3.8.3 which has trouble with the v4 Cloudflare API, so we get ddclient from GitHub.

apt install perl libdata-validate-ip-perl libjson-any-perl
tar xzf ddclient-3.9.1.tar.gz
cp ddclient/ddclient /usr/sbin/
@briangordon
briangordon / office-privacy.reg
Created May 27, 2019 02:27
Microsoft recently introduced "required" telemetry for Office which cannot be disabled through the UI. This should shut it off.
View office-privacy.reg
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\office\common\clienttelemetry]
"sendtelemetry"=dword:00000003
@briangordon
briangordon / README.md
Last active May 15, 2020 14:04
View README.md

These are the configuration files I ended up using for setting up a Wireguard-based anonymizing VPN on Debian Buster (the current stable), formatted as a shell script. It requires the Wireguard kernel module and userland tools from backports: apt-get install -t buster-backports wireguard-tools

The idea here is to set up a network namespace containing the configuration for the wireguard interface wg0. Any program which wants to use the Wireguard interface needs to be run in that namespace. For example, ip netns exec wireguard ping google.com. All sockets opened by that program and its children will go out over the tunnel, including DNS resolution, so they won't be able to interact in any way with the local network. Conversely, other processes (which were not started with ip-netns) will continue to use the original routing tables and DNS configuration, so things like SSH, remote desktop, and NFS

@briangordon
briangordon / gist:d6014bc1b96f6d89a51ce7906cea9a03
Created November 16, 2018 00:29
Dtrace one-liner for watching readers of your chrome profile
View gist:d6014bc1b96f6d89a51ce7906cea9a03
dtrace -n 'syscall::open*:entry /strstr(copyinstr(arg0), "Chrome/Default") != NULL/ { printf("%s %s",execname,copyinstr(arg0)); }' > chrome-accessors
@briangordon
briangordon / ufw-config.sh
Created February 3, 2019 06:07
View ufw-config.sh
# UFW configuration for a home DMZ box exposed to the public internet, with only sshd reachable from the outside world.
# In addition to setting these rules you should also:
# 1. Edit /etc/ufw/before.rules to remove the default rules which permit incoming DHCP packets from the outside world.
# 2. Edit /etc/ufw/before.rules to remove the default rules which permit incoming ICMP packets from the outside world.
# 3. Edit /etc/default/ufw to turn off non-local ipv6 because I don't know enough about it to be confident.
ufw default deny incoming
ufw default allow outgoing
ufw limit log proto tcp to 0.0.0.0/0 port ssh
ufw allow proto udp from 192.168.0.0/16 to 0.0.0.0/0 port bootpc comment "required for dhclient"
@briangordon
briangordon / cisco-sg350 switch1
Last active May 2, 2020 16:05
Switch configuration
View cisco-sg350 switch1
config-file-header
switch1
v2.5.0.90 / RTESLA2.5_930_364_105
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control