For excessively paranoid client authentication.
Updated Apr 5 2019:
because this is a gist from 2011 that people stumble into and maybe you should AES instead of 3DES in the year of our lord 2019.
some other notes:
#!/usr/bin/env python | |
import pygtk | |
pygtk.require('2.0') | |
import gtk # sets app name | |
import gnomekeyring | |
def hack(): | |
for keyring in gnomekeyring.list_keyring_names_sync(): | |
for id in gnomekeyring.list_item_ids_sync(keyring): |
kristian@odd:~$ varnishlog -d -k 100000 -O -i RxHeader -I Cookie -X Set-Cookie -u | sed 's/=[^;]*\(;\|$\)//g' -u | cut -b30- | awk '{for(i=1;i<NF;i++) { foo[$i]++ } } END{for (var in foo) { print var ":" foo[var]; } }' | |
PHPSESSID:1 | |
ASPSESSIONIDSSBDDCAC:1 | |
BCSI-CS-27C15425D9E30835:20 | |
TG5H_fff8_saltkey:1 | |
__utmz:49 | |
TG5H_fff8_lastvisit:1 | |
__utma:349 | |
__utmb:238 | |
__utmc:265 |
local$ socat TCP-LISTEN:2222,bind=127.0.0.1,reuseaddr,fork TCP-LISTEN:2223,reuseaddr | |
local$ ssh -p 2222 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no localhost | |
remote$ socat TCP:10.0.2.2:2223 TCP:127.0.0.1:22 |
# Bind SSL port with PFS-enabling cipher suite | |
bind :443 ssl crt path_to_certificate no-tls-tickets ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:!MD5:!aNULL:!DH:!RC4 | |
# Distinguish between secure and insecure requests | |
acl secure dst_port eq 443 | |
# Mark all cookies as secure if sent over SSL | |
rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure | |
# Add the HSTS header with a 1 year max-age |
Magic words:
psql -U postgres
Some interesting flags (to see all, use -h
or --help
depending on your psql version):
-E
: will describe the underlaying queries of the \
commands (cool for learning!)-l
: psql will list all databases and then exit (useful if the user you connect with doesn't has a default database, like at AWS RDS)There are three easy to make mistakes in go. I present them here in the way they are often found in the wild, not in the way that is easiest to understand.
All three of these mistakes have been made in Kubernetes code, getting past code review at least once each that I know of.
What do these lines do? Make predictions and then scroll down.
func print(pi *int) { fmt.Println(*pi) }
// haversin(θ) function | |
func hsin(theta float64) float64 { | |
return math.Pow(math.Sin(theta/2), 2) | |
} | |
// Distance function returns the distance (in meters) between two points of | |
// a given longitude and latitude relatively accurately (using a spherical | |
// approximation of the Earth) through the Haversin Distance Formula for | |
// great arc distance on a sphere with accuracy for small distances | |
// |