Skip to content

Instantly share code, notes, and snippets.

@xirkus
xirkus / yubikey+gpupgp+ssh_howto.md
Last active September 19, 2024 14:54
Security Adventures 1. How to get yubikey+gpg+ssh+gitbhub working on MacOS

I've spent the day trying to get this setup working with GitHub and given the number of gotcha's I encountered, it seemed like a good idea to document how I finally got this working with as few hacks as possible. There's a lot of documentation out there (some of it old and misleading) and committing here for posterity will help me remember this when I inevitably need to do this again.

Rationale

Passwords are simply not enough these days. Regardless of the company, breaches (and the associated Personally Identifiable Information harvested) are a matter of not if, but when. There are a number of things you can do to protect yourself, but being on the tin-foil-hat side of paranoia, means there are a few Commandents that I adhere to (and recommend for other folks)[Insert link to Fight Club Rules for the Secure Internet].

That being said, if you use 2-factor authentication and have committed to using a hardware token such as the Yubikey, then you're already ahead of the curve. The problem is that wh

@kjellskogsrud
kjellskogsrud / Empty commits
Created March 26, 2020 15:42
Why empty commits are good
I once read an https://bit-booster.com/doing-git-wrong/2017/01/02/git-init-empty/ , about why
you should start with an empty commit for a new repo. The page has since then dissapperard but I got
some of it out of the wayback machine and archive it here:
Always Start With An Empty Commit
Whenever you start a new git repo, pop an empty commit onto it before you do anything else!
git init new-repo
cd new-repo
git commit -m 'initial empty commit' --allow-empty
@lizthegrey
lizthegrey / attributes.rb
Last active January 16, 2025 21:58
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
@artizirk
artizirk / gnupg_scdaemon.md
Last active January 22, 2025 01:36
OpenPGP SSH access with Yubikey and GnuPG

NB: This document describles a 'Old-School' way of using Yubikey with SSH

Modern OpenSSH has native support for FIDO Authentication. Its much simpler and should also be more stable with less moving parts. OpenSSH also now has support for signing arbitary files witch can be used as replacement of gnupg. Git also supports signing commits/tags with ssh keys.

Pros of FIDO

  • Simpler stack / less moving parts
  • Works directly with ssh, ssh-add and ssh-keygen on most computers
  • Simpler
  • Private key can never leave the FIDO device

Cons of FIDO

@Zenexer
Zenexer / escapeshellrce.md
Last active January 6, 2025 14:32
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure

Paul Buonopane paul@namepros.com at NamePros
PGP: https://keybase.io/zenexer

I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.

This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.

This advisory does not yet have associated CVE identifiers.

Summary

@georgiana-gligor
georgiana-gligor / osx-pdf-from-markdown.markdown
Last active January 22, 2025 15:38
Markdown source for the "Create PDF files from Markdown sources in OSX" article

Create PDF files from Markdown sources in OSX

When [Markdown][markdown] appeared more than 10 years ago, it aimed to make it easier to express ideas in an easy-to-write plain text format. It offers a simple syntax that takes the writer focus away from the formatting, thus giving her time to focus on the actual content.

The market abunds of editors to be used for help with markdown. After a few attempts, I settled to Sublime and its browser preview plugin, which work great for me and have a small memory footprint to accomplish that. To pass the results around to other people, less technical, a markdown file and a bunch of images is not the best approach, so converting it to a more robust format like PDF seems like a much better choice.

[Pandoc][pandoc] is the swiss-army knife of converting documents between various formats. While being able to deal with heavy-weight formats like docx and epub, we will need it for the more lightweight markdown. To be able to generate PDF files, we need LaTeX. On OSX, the s

@joegoggins
joegoggins / .vimrc
Last active November 25, 2024 16:24
Mac Vim .vimrc file
" Use Vim settings, rather then Vi settings (much better!).
" This must be first, because it changes other options as a side effect.
set nocompatible
" ================ General Config ====================
set number "Line numbers are good
set backspace=indent,eol,start "Allow backspace in insert mode
set history=1000 "Store lots of :cmdline history
set showcmd "Show incomplete cmds down the bottom
@jpmx
jpmx / hack.sh
Created November 19, 2012 14:40 — forked from erikh/hack.sh
OSX For Hackers
#!/usr/bin/env sh
# 'ab' program freezes after lots of requests, why?
# http://stackoverflow.com/questions/1216267/ab-program-freezes-after-lots-of-requests-why
# Enter sudo mode
sudo -i
# net.inet.ip.portrange.first: 49152 -> 32768
sysctl -w net.inet.ip.portrange.first=32768