brodygov

# engine_pkcs11 came from `brew install engine_pkcs11`
require 'tty-prompt'

OpenSSL::Engine.load
pkcs11_engine = OpenSSL::Engine.by_id('dynamic') do |e|
  e.ctrl_cmd('SO_PATH', '/usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so')
  e.ctrl_cmd('ID', 'pkcs11')
  e.ctrl_cmd('LIST_ADD', '1')
  e.ctrl_cmd('LOAD')
  e.ctrl_cmd('PIN', TTY::Prompt.new.ask('PIN:', echo: false))

brodygov

package main

import (
	"bufio"
	"fmt"
	"log"
	"os"
	"path"
	"strings"
	"syscall"

brodygov

#!/bin/bash
set -eu

usage() {
    cat >&2 <<EOM
usage: $(basename "$0") CRT_FILE BASENAME
Import CRT_FILE (in PEM format) into this directory with BASENAME as the
prefix. The output file will be named in this format:
    BASENAME.<issue_year>-<exp_year>.<subj_key_id>.<sha1_fingerprint>.crt
EOM

brodygov

#!/bin/bash

set -euo pipefail

run() {
    echo >&2 "+ $*"
    "$@"
}

usage() {

brodygov

#!/usr/bin/env python

import json
import sys

import requests

def usage():
    print 'usage: repomonitor.py GITHUB_USER\n\nMonitor for public repos.'

brodygov

#!/bin/bash
set -eu

ARCHIVE_USER="${ARCHIVE_USER-my-archive-user}"
ssh_key="$HOME/.ssh/key.mirror-repo"

usage() {
    cat >&2 <<EOM
usage: $(basename "$0") [options] SOURCE_REPO DEST_NAME

brodygov

--- /usr/lib/rbenv/libexec/rbenv	2013-01-04 18:27:26.000000000 +0000
+++ /usr/lib/rbenv/libexec/rbenv	2018-05-14 20:21:59.322775897 +0000
@@ -21,7 +21,8 @@
 }
 
 if [ -z "${RBENV_ROOT}" ]; then
-  RBENV_ROOT="${HOME}/.rbenv"
+  #RBENV_ROOT="${HOME}/.rbenv"
+  RBENV_ROOT="/opt/ruby_build"
 else

brodygov

Thoughts on API Authentication Strategies

There are a number of different strategies for enabling API authentication for system-to-system authentication between two parties. All of them have some advantages and disadvantages.

Simple API key

The simplest approach is typically to pass a secret API key as a header or using HTTP basic auth. The client provides a secret value in the Authorization or Bearer header. The server matches the key against a stored value for that account. This relies on the security of HTTPS / TLS to provide confidentiality and integrity. This approach excels for websites with a lot of end-users who need to be able to manage their own keys through a web interface or API. It's so simple that clients don't need any custom code.

Pros:

• Very simple to implement for both clients and servers

brodygov

This Gist has moved to a full git repo:

https://github.com/brodygov/dmarc-analysis

brodygov

  # Create new variable $lb_if_proxied.
  #
  # With the realip module enabled, $remote_addr will be the end-user's IP
  # address, potentially from X-Forwarded-For, and $realip_remote_addr will be
  # the actual immediate client IP address.
  #
  # Return the load balancer IP address ($realip_remote_addr) if the request
  # looks like it was proxied. If the request does not look like it was proxied
  # (when $remote_addr is a private IP address), then return "-" instead.
  map $remote_addr $lb_if_proxied {