rmrfslashbin

These are some rough notes for deploying a test/dev local CA, a server key/cert, and a client key/cert. The intention is to provide a quick and dirty (don't use in production) local CA with one server and one client. HAProxy is used as an SSL terminator which forces SSL for all connections (via http redirect), then optionally accepts a client cert for authentication.

Easy-rsa

Follow the install guide for easy-rsa (https://github.com/OpenVPN/easy-rsa)

Init PKI

./easyrsa init-pki

Build CA

./easyrsa build-ca

rmrfslashbin

FoxyProxy URL pattern filters.

This recipe sets up FoxyProxy to route all traffic through a proxy EXCEPT blacklisted domain (they will go out directly).

Assumptions

This receipe assumes a fresh FoxyProxy install, one proxy for everthing, excluding defined domains.

FoxyProxy Configuration

• FoxyProxy should be set to Use proxies based on their pre-defined patterns and priorities.
• Add a new proxy and configure the Proxy Details tab as needed.

rmrfslashbin

Quick text encryption

Do not use this in production. YYMV.

]$ echo -n 'this is the plaintext' | openssl aes-256-cbc -e -salt -pbkdf2 -iter 10000 -out ciphertext.enc -p

]$ cat ciphertext.enc|openssl enc -base64

]$ openssl aes-256-cbc -d -salt -pbkdf2 -iter 10000 -in ciphertext.enc -p

rmrfslashbin

Roll-your-own CA

So you want to learn how to make a CA...

Use-Case

• This is a proof of concept. It should not be used as a production CA.
• All tasks are presumed to be executed by the same user, on the same manhine.
• A production CA would set up and leverage separation of duties.
• A production CA would not generate CSRs, create the cert, and sign on the same machine.
• As noted below, for user/client certs (ex: use a cert to provide authentication), vs service certs (https, smtps, etc) see the point related to -extensions usr_cert.

rmrfslashbin

Helpful Trino queries

... to fetch data from my aws-cf-rtl and Trino/Superset projects.

Docker

I run Trino in a local Docker container. A Trino query can be invoked from the CLI by passing the query into the --execute param.

docker exec -it trino-us-east-1 trino --output-format ALIGNED --execute "${QUERY}"

rmrfslashbin

Deploying and Updating MediaWiki on Heroku

This is a very rough guide to deploying and updating MediaWiki on Heroku. Lots of assumptions are made. Be sure to keep your MediaWiki deployment up-to-date!

Assumptions

• A GitHub account.
• A Heroku account.
• A configured app on Heroku.
• A MySQL (or compatible database. This guide assumes the use of Cleardb Heroku add-on).
• Optional add-on: Hosted Graphite.
• Optional add-on: Papertrail.

rmrfslashbin

So You Got a Mac.

First, congrats! You're more special than the people lost in Windowz land. But not as cool as the Linux kids. It's a trade-off. These are the things I did to set up my nifty new MacOS system.

ToC

• Why MacOS?
• The Dock.
• Applications.
• System Preferences.
• Install Stuff.
• FiraCode.

rmrfslashbin

How to store & access API credentials in Python projects

This gist will explore how to leverage a "dotenv" ecosystem to mange application credentials.

Github Repo

The gist follows code in the repo https://github.com/rmrfslashbin/python-dotenv-poc.

The twelve-factor app

The Twelve-Factor App concept provides numerous best-practice guidelines for applications and scipts. This gist will provide a python-based foundation, using the dotenv concept, to manage application credentials as described here: https://12factor.net/config

python-dotenv

rmrfslashbin

package main

import (
	"fmt"
	"math"
)

func main() {
	fmt.Println(NumberFormat(123))
	fmt.Println(NumberFormat(12345))

rmrfslashbin

ffmpeg -i ${INPUT} -c:v libx265 -preset veryslow -vf 'format=yuv420p' -crf 28 ${OUTPUT}.mp4