Skip to content

Instantly share code, notes, and snippets.

View mholt's full-sized avatar
💪
I write code with my bare hands

Matt Holt mholt

💪
I write code with my bare hands
5.3k followers · 9 following
View GitHub Profile
@mholt
mholt / main.go
Created October 16, 2018 14:25 — forked from KatelynHaworth/main.go
Example of run an interactive process on the current user from system service on windows (Golang)
package main
import (
"github.com/kardianos/service"
"log"
"flag"
)
type Service struct {}
@mholt
mholt / macapp.go
Last active April 8, 2024 17:54
Distribute your Go program (or any single binary) as a native macOS application
// Package main is a sample macOS-app-bundling program to demonstrate how to
// automate the process described in this tutorial:
//
// https://medium.com/@mattholt/packaging-a-go-application-for-macos-f7084b00f6b5
//
// Bundling the .app is the first thing it does, and creating the DMG is the
// second. Making the DMG is optional, and is only done if you provide
// the template DMG file, which you have to create beforehand.
//
// Example use:
@mholt
mholt / keypairs.js
Created June 25, 2021 20:07
Generate key pairs and PEM-encode them using vanilla JS and browser Crypto API
//
// Convert an ArrayBuffer into a string.
// From https://developers.google.com/web/updates/2012/06/How-to-convert-ArrayBuffer-to-and-from-String
function arrayBufToString(buf) {
return String.fromCharCode.apply(null, new Uint8Array(buf));
}
function pemEncode(label, data) {
const base64encoded = window.btoa(data);
@mholt
mholt / transcript
Created February 26, 2016 18:42
Is it necessary to consume response body before closing it (net/http client code)?
mholt [9:10 AM]
When using http.Get(), is it really necessary to read the full response body just to close it later?
[9:10]
The docs keep saying `Caller should close resp.Body when done reading from it.` and I keep seeing code like this:
```
io.Copy(ioutil.Discard, resp.Body)
resp.Body.Close()
```
@mholt
mholt / stringscontext.go
Last active December 15, 2021 08:48
Functions from the 'strings' package as template actions. Feel free to copy+paste into your project as a starting point.
// Functions from Go's strings package usable as template actions
// with text/template.
//
// This approach assumes you have some context type as a receiver,
// but if you just need the functions check out the FuncMap variant
// below.
//
// Commented functions are not deemed useful in template actions.
// Haven't actually used this, but this is one possible way of doing it.
// Another option is to fill a FuncMap with most of the strings package.
@mholt
mholt / interface_spider.go
Created August 4, 2014 23:04
Crawls golang.org/pkg for interfaces and writes them to a file.
package main
import (
"log"
"os"
"strings"
gq "github.com/PuerkitoBio/goquery"
)
@mholt
mholt / caddy-migrate-assets.go
Created February 22, 2021 22:37
Unsupported, ad-hoc program that migrates assets from Caddy v1 to Caddy v2
// Copyright 2021 Matthew Holt and The Caddy Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
@mholt
mholt / ocsp_stapling_robustness.md
Created August 9, 2016 21:32 — forked from AGWA/ocsp_stapling_robustness.md
OCSP Stapling Robustness in Apache and nginx

Date: Mon, 5 Oct 2015 16:34:03 -0700

Apache caches an OCSP response for one hour by default. Unfortunately, once the hour is up, the response is purged from the cache, and Apache doesn't attempt to retrieve a new one until the next TLS handshake takes place. That means that if there's a problem contacting the OCSP responder at that moment, Apache is left without an OCSP response to staple. Furthermore, it caches the non-response for 10 minutes (by default), so for the next 10 minutes, no OCSP response will be stapled to your

@mholt
mholt / everything.go
Last active April 14, 2020 13:53
Implements 103 of the 114 Go 1.3 standard library interfaces
package interfaces
import (
"bufio"
"crypto/elliptic"
"crypto/tls"
"database/sql/driver"
"debug/dwarf"
"encoding/xml"
"fmt"
@mholt
mholt / for-servers.md
Created October 18, 2019 02:50 — forked from sleevi/for-servers.md
CT Best Practices (April 2017)

CT For Server (Developers)

Intro

Similar to my advice regarding OCSP Stapling for servers/server developers, based on questions I've received about "CT best practices," I wanted to write something similar for those writing server software. That is, this isn't targeted at server operators, but for those writing software like Apache, nginx, Caddy, etc.

At the most basic level, the deployment of Certificate Transparency to date has largely tried to focus the burden on CAs, rather than on server developers. If the CA is doing everything right,