jsturgis

var mediaJSON = { "categories" : [ { "name" : "Movies",
        "videos" : [ 
		    { "description" : "Big Buck Bunny tells the story of a giant rabbit with a heart bigger than himself. When one sunny day three rodents rudely harass him, something snaps... and the rabbit ain't no bunny anymore! In the typical cartoon tradition he prepares the nasty rodents a comical revenge.\n\nLicensed under the Creative Commons Attribution license\nhttp://www.bigbuckbunny.org",
              "sources" : [ "http://commondatastorage.googleapis.com/gtv-videos-bucket/sample/BigBuckBunny.mp4" ],
              "subtitle" : "By Blender Foundation",
              "thumb" : "images/BigBuckBunny.jpg",
              "title" : "Big Buck Bunny"
            },
            { "description" : "The first Blender Open Movie from 2006",
              "sources" : [ "http://commondatastorage.googleapis.com/gtv-videos-bucket/sample/ElephantsDream.mp4" ],

soarez

How to setup your own CA with OpenSSL

For educational reasons I've decided to create my own CA. Here is what I learned.

First things first

Lets get some context first.

CollinChaffin

How to disable the very little-known AT&T setting that can appear to hijack your home DNS lookups and redirect to 104.239.207.44

Issue

DNS queries on home network suddenly resolving hosts to 104.239.207.44.

Symptoms

You will see SPORADIC mis-resolutions of EVERYTHING to that 104.239.207.44 address if their crappy router happens to hear your PC's DHCP request - EVEN IF ANOTHER DHCP SERVER ON THE NETWORK assigns the ultimate address.

grugq

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.

mhofman

Web Service Fronting

Multiple Web properties on a single IP address

Hosting multiple websites on a single public IP address on the standard HTTP(S) ports is relatively easy with popular web servers like Apache, Nginx and lighttpd all supporting Virtual Hosts.
For Web Services which bundle their own HTTP server, things get more complicated, unless their HTTP stack can be shared somehow. More often than not, the application's HTTP stack listens directly on a dedicated TCP port.

Hosting multiple services on a single IP then requires using a fronting server listening on the standard HTTP port, and routing to the right backend service based on the host name or the path sent by the client.
Path based routing is cumbersome, usually requiring either the service to be aware of the path prefix, or a rewrite by the HTTP fronting server of all absolute URLs in the requests and responses.
Hostname based routing is more straightforward. The fronting server can just look at the [HTTP/1.1 Host header](https://tools

weavenet

#!/bin/bash

bucket=$1

set -e

echo "Removing all versions from $bucket"

versions=`aws s3api list-object-versions --bucket $bucket |jq '.Versions'`
markers=`aws s3api list-object-versions --bucket $bucket |jq '.DeleteMarkers'`

andrewlkho

With heightening concern regarding the state of internet privacy (fuelled in part by the passing of the Investigatory Powers Act in the UK), I have set up a VPN server on the virtual server I have hosted with Mythic Beasts. This uses strongSwan and certificate-based IKEv2 authentication.

Assumptions:

• Debian Jessie server already set up and accessible via debian.example.com, a public IPv4 of 203.0.113.1 and a public IPv6 of 2001:db8::1
• Client username of me
• Clients are running the latest versions of macOS and iOS (Sierra and 10 respectively at the time of writing)
• No need to support any other operating systems (although the setup is easily translated)

For automated deployment of a similar setup, albeit Ubuntu-based and using ansible for deployment, I recommend you take a look at Algo VPN. I used that project as a basis for my configuration.

stevenhaddox

Two ways to do it, but only worked for me so I'll put it first and the second for reference:

$ openssl pkcs12 -export -in hostname.crt -inkey hostname.key -out hostname.p12
$ openssl pkcs12 -in hostname.p12 -nodes -out hostname.pem

Other options for this method in comments below:

# Note, the -certfile root.crt appends all CA certs to the export, I've never needed these so it's optional for my personal steps
$ openssl pkcs12 -export -in hostname.crt -inkey hostname.key -certfile root.crt -out hostname.p12

Note, I've always had my hostname.crt as part of my .pem, so I keep my certs but apparently you may not have to, hence the nocerts flag being an extra option in this sample

Bren2010

HearSay

The HearSay P2P File Sharer; a response to The Copyright Alert System, as well as several other internet regulation attempts. The goal of this project is to prove the viability of semi-anonymous and confidential file sharing. Consists of several proofs of concepts such as the formation of ad-hoc mix networks and routing throughout them while maintaining anonymity and semantic security.

However, lets be honest with ourselves for a second. Don't use this to fight an oppressive regime. I can not (and will not try) to 'prove' its security, and I

labrown

---
###
# Elasticsearch Rolling restart using Ansible
###

##
## Why is this needed?
##
#
# Even if you use a serial setting to limit the number of nodes processed at one