Skip to content

Instantly share code, notes, and snippets.

View rdev5's full-sized avatar
💭
Note: This account has been moved to @mattborja

Matt Borja rdev5

💭
Note: This account has been moved to @mattborja
View GitHub Profile
// Returns 32 bytes of cryptographically strong random sequence, Base64-encoded
var data = (function(size){return btoa([].slice.call((window.crypto||window.msCrypto).getRandomValues(new Uint8Array(size))).map(b => String.fromCharCode(b)).join(''))})(32);
#!/bin/bash
# Usage: ./generate-csr.sh ./names.dat "$(cat ./subject.dat)" 4096
#
# Notes:
# - This script prefers AES256 over 3DES for password protecting private keys (https://stackoverflow.com/a/3938726)
# - This script may be used to renew certificates if a copy of the private key is made locally available in the format name_domain_ext.key
FILENAME="$1"
SUBJ="$2"
KEYSIZE="$3"
@rdev5
rdev5 / CryptoRandom.cs
Created March 29, 2018 15:07 — forked from niik/CryptoRandom.cs
Buffered CryptoRandom implementation based on Stephen Toub and Shawn Farkas' CryptoRandom
/*
* Original version by Stephen Toub and Shawn Farkas.
* Random pool and thread safety added by Markus Olsson (freakcode.com).
*
* Original source: http://msdn.microsoft.com/en-us/magazine/cc163367.aspx
*
* Some benchmarks (2009-03-18):
*
* Results produced by calling Next() 1 000 000 times on my machine (dual core 3Ghz)
*
@rdev5
rdev5 / simple-self-modifying-program.js
Last active November 8, 2017 18:30
Basic example of self-modifying function in JS (https://en.wikipedia.org/wiki/Self-modifying_code)
window.fx_update = 'window.fx = function() { setTimeout(function() { window.fx_modified = false; window.fx = window.fx_source; }, 5000); return "Modified state of fx() 5s later"; };';
window.fx_source = function() {
if (!window.fx_modified) {
setTimeout(function() {
eval(window.fx_update);
}, 5000);
window.fx_modified = true;
}

Creating UDP load balancers in Snapt

As of 9/21/17, Snapt Balancer may not be used to create UDP load balancers as it is built on HAProxy. However, Snapt Accelerator is based on NGINX which has recently added support for UDP load balancing via upstream groups.

A brief inspection of the NGINX configuration on a Snapt server also reveals that these stream groups are written to /etc/nginx/udp_upstreams and /etc/nginx/udp_servers.

Using the Snapt UI

To effectively "load balance" UDP services:

  1. Verify Snapt server is running at least NGINX version 1.9.13 (/usr/sbin/nginx -v)
  2. Ensure Snapt Accelerator has been installed (Modules & Plugins -> Add Plugins -> Snaptins)
  3. Define upstreams for each UDP port (Accelerator -> UDP Upstreams)
# Couchbase Node-to-Node
netsh advfirewall firewall add rule name="Couchbase Node-to-Node" protocol=tcp dir=in action=allow remoteip= localport=11207,11209-11210,18093,21100,4369,8091-8094,9100-9105,9999
# Couchbase Node-to-Client
netsh advfirewall firewall add rule name="Couchbase Node-to-Client" protocol=tcp dir=in action=allow remoteip=127.0.0.1 localport=11207,11210-11211,18091-18093,8091-8094
# Shibboleth IdP AES Secret Key Rotator (DataSealer) by Matt Borja
# Reference: https://wiki.shibboleth.net/confluence/display/IDP30/SecretKeyManagement
# Caution: Target $nodes should be placed in maintenance mode before committing to minimize service disruption.
param(
[String]$idp_home = "C:/Program Files (x86)/Shibboleth/IdP",
[String]$alias = "secret",
[String[]]$nodes = ("shib-node02.example.com", "shib-node03.example.com"),
)
# Shibboleth IdP Configuration Replicator (SICR) by Matt Borja
# Note: Specify the $validNodeRegex suitable for your deployment
# Caution: Target $nodes should be placed in maintenance mode before committing to minimize service disruption.
param (
[Boolean]$commit = $false,
[String]$master = "shib-node01.example.com",
[String[]]$nodes = ("shib-node02.example.com", "shib-node03.example.com"),
[String]$validNodeRegex = '^shib\-node\d+(\.example\.com)?$'
@rdev5
rdev5 / tiny_IRremote.cpp
Created December 14, 2016 07:15 — forked from SeeJayDee/tiny_IRremote.cpp
tiny_IRremote - Arduino IRremote ported to the ATtiny
/*
* tiny_IRremote
* Version 0.2 July, 2016
* Christian D'Abrera
* Fixed what was originally rather broken code from http://www.gammon.com.au/Arduino/
* ...itself based on work by Ken Shirriff.
*
* This code was tested for both sending and receiving IR on an ATtiny85 DIP-8 chip.
* IMPORTANT: IRsend only works from PB4 ("pin 4" according to Arduino). You will need to
* determine which physical pin this corresponds to for your chip, and connect your transmitter
@rdev5
rdev5 / NetworkAdapterHelpers.cs
Last active October 6, 2016 21:13
Windows Service for disabling network adapters on screen lock, and re-enabling on screen unlock. Must be installed under Local System account to have write access to Event Log and managing network adapters (netsh).
using System;
using System.Diagnostics;
using System.Linq;
using System.Net.NetworkInformation;
namespace WorkstationLockdown
{
public static class NetworkAdapterHelpers
{
/// <summary>