Skip to content

Instantly share code, notes, and snippets.

View danderson's full-sized avatar

Dave Anderson danderson

752 followers · 2 following
View GitHub Profile
@danderson
danderson / securify-boot.sh
Created February 4, 2020 07:46
Arch secure boot hacky script
#!/bin/bash
set -e
# Temporary directory for assembling the unified kernel image.
WORKDIR=$(mktemp -d)
trap "rm -rf ${WORKDIR}" EXIT
# Two directories on the EFI partition: Arch for the bootloaders, and
# Linux for the unified kernel images.
@danderson
danderson / analysis.txt
Last active January 14, 2020 21:45
NATprobe from hotel wifi
$ ./natprobe
NAT allocates a new ip:port for every unique 3-tuple (protocol, source ip, source port).
This is best practice for NAT devices.
This makes NAT traversal easier.
Firewall requires outbound traffic to an ip:port before allowing inbound traffic from that ip:port.
This is common practice for NAT gateways.
This makes NAT traversal more difficult.
NAT seems to try and make the public port number match the LAN port number.
NAT seems to only use one public IP for this client.
NAT seems to not block outbound UDP traffic.
@danderson
danderson / nat64.md
Created October 7, 2019 01:16
NAT64 all in kernel mode

I'm writing this up as a gist, because I'm not sure I'll pursue any of it, but it seems worth writing down.

A basic problem with IPv6-only LANs at the moment is that you still need support for legacy protocol servers, which implies you doing some kind of DNS64 and NAT64 (IPv6-to-IPv4 stateful translation).

Currently, NAT64 only exists outside the kernel, as userspace software. This is not ideal because it limits available performance (since you have to keep bouncing between user space and kernel space),

@danderson
danderson / keybase.md
Created October 3, 2019 02:39

Keybase proof

I hereby claim:

To claim this, I am signing this object:

@danderson
danderson / gist:4b91e4d8b75c042dde073db1792da5c1
Created December 14, 2018 04:36
apiVersion: kubeadm.k8s.io/v1alpha3
kind: InitConfiguration
bootstrapTokens:
- token: "000000.0000000000000000"
ttl: "24h"
apiEndpoint:
advertiseAddress: 1.2.3.4
---
apiVersion: kubeadm.k8s.io/v1alpha3
kind: ClusterConfiguration
@danderson
danderson / kubeadm.conf
Created December 14, 2018 04:36
apiVersion: kubeadm.k8s.io/v1alpha3
kind: InitConfiguration
bootstrapTokens:
- token: "000000.0000000000000000"
ttl: "24h"
apiEndpoint:
advertiseAddress: $(head -1 /host/ip)
---
apiVersion: kubeadm.k8s.io/v1alpha3
kind: ClusterConfiguration
@danderson
danderson / gist:6a1c8aed390a0a20092998610af5c0e7
Created October 7, 2018 21:16
#!/bin/bash
# Temporary directory for assembling the unified kernel image.
WORKDIR=$(mktemp -d)
trap "rm -rf ${WORKDIR}" EXIT
# Two directories on the EFI partition: Arch for the bootloaders, and
# Linux for the unified kernel images.
#
# We want a directory for the bootloaders because Redhat's shim binary
@danderson
danderson / .zshrc
Created November 27, 2011 00:49
Utility scripts to maintain 32/64 bit builds of Go, and easily switch between them.
function go-switch() {
eval `command go-switch $@`
rehash
}