Skip to content

Instantly share code, notes, and snippets.

rufoa /
Last active Oct 12, 2022
sublime merge 2 build 2068 linux
set -o errexit
set -o nounset
set -o pipefail
check_sha() {
local sha_valid
View st4 linux build 4094
printf '\00\00\00' | dd of=sublime_text bs=1 seek=290764 count=3 conv=notrunc
View tor

De-anonymising Tor users

An incomplete history of attacks

Operation Pacifier (2015)

  • Watering hole attack against "Playpen" onion site
  • Believed to exploit a vulnerability in Firefox
  • FBI chose to drop case rather than reveal details of technique

CMU SEI (2014)


Connecting to Cloudflare WARP with WireGuard

Cloudflare's WARP VPN uses a slightly modified version of the WireGuard protocol, but it remains backwards compatible with the normal WireGuard client software. This means you can connect to it on platforms which don't yet have an official WARP client, e.g. your computer or EdgeOS-based router.

Step 1

Generate a WireGuard keypair, as usual:

wg genkey | tee private.key | wg pubkey > public.key

rufoa / Jenkinsfile
Created May 13, 2019
Jenkins [skip ci] implementation for multi-branch declarative pipeline
View Jenkinsfile
// change 'agent' lines as appropriate
pipeline {
agent none
stages {
stage('Run CI?') {
agent any
steps {
View ee bright box

The Bright Box 2 is a combined VDSL modem and wireless router supplied to customers of EE (Orange). It is manufactured by Arcadyan and uses a Broadcom bcm63xx SoC

These instructions are based on the latest firmware at the time of writing: v0.04.05.0001-OT (Fri Mar 24 17:29:32 2017)

Put it in bridge mode

  • This is for if you want to use the Bright Box as a VDSL modem only, and have a separate router act as the PPPoE client (e.g. ubiquiti edgerouter), avoiding double NAT
  • There is lot of nonsense, not least from people on EE's own forum, about how this cannot be done
  • If desired, change the Bright Box IP and subnet before doing this because the settings tab becomes inaccessible
  • Connect your router to port 4 (GigE) on your BB
rufoa /
Last active Jun 5, 2018
redis zpopmin/zpopmax in lua
# same behaviour as zpopmax/zpopmin in redis 5.0.0-RC2:
# count arg defaults to 1
# count > 0: return count many items
# count <= 0: return all items
lua_zpopmax = """
assert(#KEYS == 1)
assert(#ARGV <= 1)
local count = 1
rufoa / gist:f7901bfda28ce0ea49a8
Last active Aug 18, 2018
the correct way to use SecureRandom in clojure. automatically reseeds every ttl ms
View gist:f7901bfda28ce0ea49a8
(defn- reseeding-prng [ttl]
(let [state (atom {})]
(fn []
(let [now (.getTime (java.util.Date.))]
(when (> (- now (:last-seeded @state 0)) ttl)
(let [new-generator ( "SHA1PRNG" "SUN")]
(.nextBytes new-generator (byte-array 0))
(swap! state assoc :last-seeded now :generator new-generator)))
(:generator @state)))))