Skip to content

Instantly share code, notes, and snippets.

View gist:416e172d879304af04ad

Updating rbenv Ruby to use newer OpenSSL versions

rbenv/ruby-build don’t use Homebrew-installed versions of OpenSSL — instead, they on OS X's built-in ancient version.

This can throw OpenSSL::SSL::SSLErrors when talking to websites that enforce newer SSL/TLS protocols and ciphersuites.


1: Dependencies

View gini-1.py
from __future__ import division
def gini(population):
"""
https://en.wikipedia.org/wiki/Gini_coefficient#Calculation
see "This may be simplified to:"
"""
pop = sorted(population)
n = len(pop)
View keybase.md

Keybase proof

I hereby claim:

  • I am mtigas on github.
  • I am mtigas (https://keybase.io/mtigas) on keybase.
  • I have a public key whose fingerprint is 4034 E60A A782 7C5D F21A 89AA A993 E715 6E0E 9923

To claim this, I am signing this object:

View dnsmasq.conf
#server=127.0.0.1#9053
server=8.8.8.8
server=8.8.4.4
domain-needed
bogus-priv
listen-address=127.0.0.1
no-resolv
local-ttl=300
neg-ttl=3600
@mtigas
mtigas / nginx.conf
Last active Feb 20, 2021
Nginx configuration for securedrop.propublica.org. (Based on Ubuntu 13.10 / Nginx 1.4.1 default config.)
View nginx.conf
# This configuration file is provided on an "as is" basis,
# with no warranties or representations, and any use of it
# is at the user's own risk.
#
# You will need to edit domain name information, IP addresses for
# redirection (at the bottom), SSL certificate and key paths, and
# the "Public-Key-Pins" header. Search for any instance of "TODO".
user www-data;
worker_processes 4;
View gist:8591092
$ alias openssl="`brew --prefix openssl`/bin/openssl"
$ openssl version
OpenSSL 1.0.1h 5 Jun 2014
$ openssl ciphers -v 'kEECDH+ECDSA+AESGCM kEECDH+AESGCM kEECDH+ECDSA+AES256 kEECDH+ECDSA+AES128 kEECDH+AES256 kEECDH+AES128 kEDH+AESGCM kEDH+AES256 kEDH+AES128 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !RC4 !SEED'
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
@mtigas
mtigas / ciphertest.sh
Last active Feb 12, 2018
test what SSL ciphersuites a given server supports
View ciphertest.sh
#!/usr/bin/env bash
#
# Modified version of http://superuser.com/a/224263
#
# You should make sure you have an OpenSSL 1.0.1+ installed. (Mac OS X? Use homebrew.
# This script automatically hooks into homebrew's installation of 1.0.1e, see line 22.)
#
#######
#
# usage:
View 0.txt
-Step 1: basic HTML skeleton for a full-screen map
-Step 2: initialize a map
-Step 3: add a tile layer
-Step 4: Add a marker
-Step 5: Add a line
-Step 6: Add a polygon
-Step 7: Styling: add a polygon with different styling
-Step 8: Click/hover
-On click, re-center map
-On hover, change styling of polygon
View btsync_key.py
#!/usr/bin/env python
#coding=utf-8
"""
btsync_key.py
generates keys of abitrary size, for bittorrent sync[1].
btsync uses a 32-char key as the secret identifier for a shared folder,
but this key actually be a Base64 string of any length > 40.[2] so
this script allows you to generate stronger keys than otherwise
possible.
@mtigas
mtigas / 01.md
Last active Sep 25, 2020
HTTPS / SSL certificate config stuff
View 01.md

Normal SSL cert

export DATE=`date +"%Y%m"`
export SITENAME="mike_tig_as"
export KEYNAME="$DATE-$SITENAME"

# Generate private key, make it have no password.
# change to 2048 if you want compatibility with CDNs / aws cloudfront / load balancers, etc
openssl genrsa -aes256 -passout pass:xxxx -out "${KEYNAME}.pass.key" 4096
openssl rsa -passin pass:xxxx -in ${KEYNAME}.pass.key -out ${KEYNAME}.key