Skip to content

Instantly share code, notes, and snippets.

View lrvick's full-sized avatar

Lance R. Vick lrvick

380 followers · 118 following
View GitHub Profile
@lrvick
lrvick / genpass.go
Created November 20, 2023 19:42
go pass
func generatePassword(length int) string {
const CharSetIAMPassword = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012346789!@#$%^&*()_+-=[]{}|'"
charSetLength := len(CharSetIAMPassword)
rand.Seed(time.Now().UTC().UnixNano())
result := make([]byte, length)
for i := 0; i < length; i++ {
result[i] = CharSetIAMPassword[rand.Intn(charSetLength)]
}
return string(result)
}
@lrvick
lrvick / signal_handle.rs
Last active September 1, 2023 03:11
rust stdlib signal handling in linux
fn handle_signals() -> c_int {
let mut mask: sigset_t = unsafe {
let mut masku = MaybeUninit::<sigset_t>::uninit();
sigemptyset(masku.as_mut_ptr());
masku.assume_init()
};
unsafe { sigaddset(&mut mask, SIGINT) };
unsafe { sigaddset(&mut mask, SIGTERM) };
unsafe { sigprocmask(SIG_BLOCK, &mask, ptr::null_mut()) };
let signal = unsafe { sigwaitinfo(&mask, ptr::null_mut()) } as i32;
@lrvick
lrvick / share-recovery.md
Created July 19, 2023 16:59
Share Recovery

Share Recovery

Overview

This document outlines the creation of a "Share Recovery" (SR) system which functions as a one-way box that one can encrypt a partial secret to at any time, with decryption only possible by a share holder with access to an offline encryption key.

Such system offers high security, but low redundancy. It is suitable for

@lrvick
lrvick / disaster-recovery.md
Created July 17, 2023 18:16
Disaster Recovery

Disaster Recovery

Overview

This document outlines the creation of a "Disaster Recovery" (DR) system which functions as a one-way box that we can encrypt secrets to at any time, but only recover them with cooperation of a quorum of people with access to multiple offline HSM devices stored in a diversity of physical locations.

In short, it should be trivial to backup data, but very expensive to recover;

@lrvick
lrvick / openpgp.md
Created March 24, 2023 01:12

openpgp4fpr:6B61ECD76088748C70590D55E90A401336C8AAA9

@lrvick
lrvick / gpdwinmax2-qubes.md
Last active April 5, 2023 05:02
GPD Win Max 2 - QubesOS

GPD Win Max 2 - QubesOS 4.1

Firmware Settings

  1. Get to firmware settings by tapping "Del" while booting
  2. Alt+F5 then reboot and return to firmware settings to get secondary "Advanced" menu
  3. Advanced -> CPU Configuration -> SVM Mode -> Enabled
  4. Advanced -> PCI Subsystem Settings -> SR-IOV Support -> Enabled
  5. Advanced -> AMD CBS -> NBIO Common Options -> IOMMU -> Enabled
@lrvick
lrvick / signed-git-workflows.md
Last active January 9, 2023 23:33
Multi-party signed git workflows

Multi-party Signed Git workflows

Path 1

This path allows most devs to use the tools they are used to, but requires a second security-only review later

  1. Author submits changes for review
  2. Reviewer and author iterate on changes for style, quality, and functionality using any collaboration tool they wish
  3. Reviewer merges changes with signed merge commit
  4. Several cycles of steps 1-3 complete until it is time for a release
@lrvick
lrvick / test-postgrest.sh
Created December 24, 2022 09:56
postgrest testing
#!/bin/bash
base64_url_encode(){
data=${1?}
echo -n "${data}" \
| openssl base64 -e -A \
| sed 's/\+/-/g' \
| sed 's/\//_/g' \
| sed -E 's/=+$//'
}
@lrvick
lrvick / rand.rs
Created October 31, 2022 17:09
Seeding the Linux Kernel Entropy pool using the ioctl RNDADDENTROPY interface.
use libc::{
c_int,
};
use std::{
mem::{size_of, align_of},
fs::{read_to_string},
fmt,
io::Read,
fs::File,
};
@lrvick
lrvick / Cargo.toml
Last active October 27, 2022 00:12
Example of basic AES256 envelope encryption using ECDH via NIST p-256 in Rust.
[package]
name = "ecdh_p256"
version = "1.0.0"
[dependencies]
p256={version = "0.11.1", features = ["ecdh"]}
hex="0.4.3"
aes-gcm="0.10.1"
rand_chacha="0.3.1"
rand="0.8.5"